From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.6777.1652167156561604354 for ; Tue, 10 May 2022 00:19:24 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=A4lSNzOH; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: yi1.li@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1652167164; x=1683703164; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=R5/HUkJ+zjt7t25Oa5PXaCJD0mXNc0gzogMhR+Fzv+U=; b=A4lSNzOHSdeTCSJin82icg62VbpTjLIgV/LgRCUFm4Po5qbDPmeuwU7n ZfOJicKIg59RiD9M5lZY40cQ3d6PO4xnHVeWsuBFRiXBDPznUUa6+4Wny bgcmAPyxqpXzkScVEUZoeQePl0rLHcfK5mO/ZxXRYbfmE9G3I+rgvJ8fo GP2N45b7wpCafb+4B5Wa2Rw1jT3lefJ/icDRGq5vOeJhnSHL2jSLiKbl0 XGghyUvN1T6pE/pyklnt4AepWgN2GArXjqQT4iHTu8qySCKO+X9c9nL2d KWQJDMFjq942+yQnUjZ5OQcjAH8pi1OKBaCH6u5SkiqTktb1WV/IfZF1g A==; X-IronPort-AV: E=McAfee;i="6400,9594,10342"; a="294517590" X-IronPort-AV: E=Sophos;i="5.91,213,1647327600"; d="scan'208";a="294517590" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 May 2022 00:19:24 -0700 X-IronPort-AV: E=Sophos;i="5.91,213,1647327600"; d="scan'208";a="593355347" Received: from shwdejointd178.ccr.corp.intel.com ([10.239.153.103]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 May 2022 00:19:22 -0700 From: "yi1 li" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Gerd Hoffmann Subject: [PATCH V4 3/5] CryptoPkg: Update process_files.pl to automatically add PCD config option Date: Tue, 10 May 2022 15:19:05 +0800 Message-Id: <9d0a6d2ec8f543909e8d1c59a8ae62b71b6d9a35.1652166965.git.yi1.li@intel.com> X-Mailer: git-send-email 2.31.1.windows.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Recommend from Gerd: (2) Keep the EC config option, but update process_files.pl to automatically add the PcdEcEnabled config option handling to the files it generates. When remove 'no-ec' from openssl configure list, will automatically remove 'OPENSSL_NO_EC', 'OPENSSL_NO_ECDH', 'OPENSSL_NO_ECDSA', 'OPENSSL_NO_TLS1_3', form header, and add '/ec/.', '/sm2/.' files to INF files. Signed-off-by: Yi Li Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Gerd Hoffmann --- CryptoPkg/Library/OpensslLib/process_files.pl | 77 ++++++++++++++++++- 1 file changed, 74 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl index 2ebfbbbca0de..545f2182842b 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -81,6 +81,19 @@ my $uefi_config; my $extension; my $arch; my @inf; +# +# Use PCD to conditionally enable certain openssl features. +# $conditional_feature contains pcd_name:fetures_names pairs +# of conditional features. +# @conditional_feature_dir contains relative_path:pcd_name pairs +# of conditional features in openssl, MUST correspond to the content +# in $conditional_feature. +# +# Configure list [openssl_configuration : new_define_list : new_file_list : pcd] +# 1. no-ec : {NO_EC, NO_ECDH, NO_ECDSA, NO_TLS1_3, NO_SM2} : {/ec/, /sm2/} : PcdOpensslEcEnabled +# +my %conditional_feature = ("PcdOpensslEcEnabled"=>["EC", "ECDH", "ECDSA", "TLS1_3", "SM2"]); +my %conditional_feature_dir = ("/ec/"=>"PcdOpensslEcEnabled", "/sm2/"=>"PcdOpensslEcEnabled"); BEGIN { $inf_file = "OpensslLib.inf"; @@ -282,7 +295,13 @@ foreach my $product ((@{$unified_info{libraries}}, push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n"; next; } - push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n"; + push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s; + foreach (keys(%conditional_feature_dir)) { + if ($s =~ $_) { + push @cryptofilelist, ' |*|*|*|gEfiCryptoPkgTokenSpaceGuid.' . $conditional_feature_dir{$_}; + } + } + push @cryptofilelist, "\r\n"; } } } @@ -311,7 +330,13 @@ foreach (@headers){ push @sslfilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n"; next; } - push @cryptofilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n"; + push @cryptofilelist, ' $(OPENSSL_PATH)/' . $_; + foreach my $conditional_key (keys(%conditional_feature_dir)) { + if ($_ =~ $conditional_key) { + push @cryptofilelist, ' |*|*|*|gEfiCryptoPkgTokenSpaceGuid.' . $conditional_feature_dir{$conditional_key}; + } + } + push @cryptofilelist, "\r\n"; } @@ -416,7 +441,7 @@ print "\n--> Duplicating opensslconf.h into Include/openssl ... "; system( "perl -pe 's/\\n/\\r\\n/' " . "< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " . - "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h" + "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf_generated.h" ) == 0 || die "Cannot copy opensslconf.h!"; print "Done!"; @@ -428,6 +453,52 @@ system( "> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h" ) == 0 || die "Cannot copy dso_conf.h!"; +print "Done!"; + +# +# Add conditional feature to opensslconf.h +# +my $conf_file = "../Include/openssl/opensslconf.h"; +my @conf_raw = (); +my @conditional_define = (); +print "\n--> Updating conditional feature in $conf_file ... "; + +foreach my $pcd_name (keys(%conditional_feature)) { + push @conditional_define, "#if !FixedPcdGetBool ($pcd_name)\r\n"; + foreach (@{$conditional_feature{$pcd_name}}) { + push @conditional_define, "# ifndef OPENSSL_NO_$_\r\n"; + push @conditional_define, "# define OPENSSL_NO_$_\r\n"; + push @conditional_define, "# endif\r\n"; + } + push @conditional_define, "#endif\r\n"; +} + +open( FD, "<" . $conf_file ) || + die $conf_file; +foreach () { + # Insert conditional define to the begin of opensslconf.h + if ($_ =~ "Autogenerated conditional openssl feature list starts here") { + push @conf_raw, $_, @conditional_define; + $subbing = 1; + next; + } + if ($_ =~ "Autogenerated conditional openssl feature list ends here") { + push @conf_raw, $_; + $subbing = 0; + next; + } + push @conf_raw, $_ + unless ($subbing); +} +close(FD) || + die $conf_file; + +open( FD, ">" . $conf_file ) || + die $conf_file; +print( FD @conf_raw ) || + die $conf_file; +close(FD) || + die $conf_file; print "Done!\n"; print "\nProcessing Files Done!\n"; -- 2.31.1.windows.1