From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web12.27952.1652066373876196199 for ; Sun, 08 May 2022 20:19:39 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=GLjDJpdF; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: yi1.li@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1652066377; x=1683602377; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=QVx2SGX1zpPLAL+qIgCaQiRQoEp5gcwOwfZF+mGbpDk=; b=GLjDJpdFvHW5tA3KyoLXUleCkuCz+JI4LBWcajBSiWIhFpOXZUlUlZdJ rEc/9TroaQ/tRWowec98/tDMvVZatoAZzdGpuQrCSWy2/sUqiUMFqNPMU e0vv8FDn2cuxrvw++tVKeIYuU+Z10L6sLFDlRrvIk+24jIZdxcbvz2+Lz 6LYkUXISmJXqEeudxzvwQJOxcib37W2R+3yyjqiOgmZf+dXJ9If0gybRX 8nPieP1ZI5yEXeQqnZSSkYNQ9/cEDjKDKtB7uLwuzitA+IreDSJrh7XTd 5WhsnTBqvY6VNWceOXIjetZp12n+iw+xcYCMH1+cVl5lhpnOehsunhEeH w==; X-IronPort-AV: E=McAfee;i="6400,9594,10341"; a="329512086" X-IronPort-AV: E=Sophos;i="5.91,210,1647327600"; d="scan'208";a="329512086" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2022 20:19:37 -0700 X-IronPort-AV: E=Sophos;i="5.91,210,1647327600"; d="scan'208";a="591052631" Received: from shwdejointd178.ccr.corp.intel.com ([10.239.153.103]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2022 20:19:35 -0700 From: "yi1 li" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Gerd Hoffmann Subject: [PATCH 1/3] CryptoPkg: Update process_files.pl to automatically add PCD config option Date: Mon, 9 May 2022 11:19:16 +0800 Message-Id: X-Mailer: git-send-email 2.31.1.windows.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Recommend from Gerd: (2) Keep the EC config option, but update process_files.pl to automatically add the PcdEcEnabled config option handling to the files it generates. When remove 'no-ec' from openssl configure list, will automatically remove 'OPENSSL_NO_EC', 'OPENSSL_NO_ECDH', 'OPENSSL_NO_ECDSA', 'OPENSSL_NO_TLS1_3', form header, and add '/ec/.', '/sm2/.' files to INF files. Signed-off-by: Yi Li Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Gerd Hoffmann --- CryptoPkg/Library/OpensslLib/process_files.pl | 67 ++++++++++++++++++- 1 file changed, 65 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl index 2ebfbbbca0de..2849f5d9aed0 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -81,6 +81,19 @@ my $uefi_config; my $extension; my $arch; my @inf; +# +# Use PCD to conditionally enable certain openssl features. +# $conditional_feature contains fetures_names:pcd_name pairs +# of conditional features. +# @conditional_feature_dir contains relative_path:pcd_name pairs +# of conditional features in openssl, MUST correspond to the content +# in $conditional_feature. +# +# Configure list [openssl_configuratio : new_define_list : new_file_list : pcd] +# 1. no-ec : {NO_EC, NO_ECDH, NO_ECDSA, NO_TLS1_3, NO_SM2} : {/ec/, /sm2/} : PcdEcEnabled +# +my %conditional_feature = ("EC"=>"PcdEcEnabled", "ECDH"=>"PcdEcEnabled", "ECDSA"=>"PcdEcEnabled", "TLS1_3"=>"PcdEcEnabled", "SM2"=>"PcdEcEnabled"); +my %conditional_feature_dir = ("/ec/"=>"PcdEcEnabled", "/sm2/"=>"PcdEcEnabled"); BEGIN { $inf_file = "OpensslLib.inf"; @@ -282,7 +295,13 @@ foreach my $product ((@{$unified_info{libraries}}, push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n"; next; } - push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n"; + push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s; + foreach (keys(%conditional_feature_dir)) { + if ($s =~ $_) { + push @cryptofilelist, ' |*|*|*|gEfiCryptoPkgTokenSpaceGuid.' . $conditional_feature_dir{$_}; + } + } + push @cryptofilelist, "\r\n"; } } } @@ -311,7 +330,13 @@ foreach (@headers){ push @sslfilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n"; next; } - push @cryptofilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n"; + push @cryptofilelist, ' $(OPENSSL_PATH)/' . $_; + foreach my $conditional_key (keys(%conditional_feature_dir)) { + if ($_ =~ $conditional_key) { + push @cryptofilelist, ' |*|*|*|gEfiCryptoPkgTokenSpaceGuid.' . $conditional_feature_dir{$conditional_key}; + } + } + push @cryptofilelist, "\r\n"; } @@ -430,6 +455,44 @@ system( die "Cannot copy dso_conf.h!"; print "Done!\n"; +# +# Add conditional feature to opensslconf.h +# +my $conf_file = "../Include/openssl/opensslconf.h"; +my @conf_raw = (); +my @conditional_define = (); +print "\n--> Updating $conf_file ... "; + +foreach my $feature_name (keys(%conditional_feature)) { + push @conditional_define, "#if !FixedPcdGetBool ($conditional_feature{$feature_name})\r\n"; + push @conditional_define, "# ifndef OPENSSL_NO_$feature_name\r\n"; + push @conditional_define, "# define OPENSSL_NO_$feature_name\r\n"; + push @conditional_define, "# endif\r\n#endif\r\n"; +} + +open( FD, "<" . $conf_file ) || + die $conf_file; +foreach () { + # Insert conditional define to the begin of opensslconf.h + if ($_ =~ "#ifdef OPENSSL_ALGORITHM_DEFINES") { + push @conf_raw, @conditional_define; + } + push @conf_raw, $_; + if ($_ =~ "") { + push @conf_raw, "#include \r\n"; + } +} +close(FD) || + die $conf_file; + +open( FD, ">" . $conf_file ) || + die $conf_file; +print( FD @conf_raw ) || + die $conf_file; +close(FD) || + die $conf_file; +print "Done!\n"; + print "\nProcessing Files Done!\n"; exit(0); -- 2.31.1.windows.1