From nobody Sat May 18 21:45:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94994+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94994+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665500674; cv=none; d=zohomail.com; s=zohoarc; b=mTiDhDead/EwoeHyi7Xxxyl5xuHPyIM65/QcU0ixxyLBue9Ap95pGW/f7AcGwrtP8HAryeMh4+LbA4L17i6YJR4Xd4kwQY7SyaanSjWSxfAYzhhCBTlMswt7hQG6O/E0RyAkWUxCBN0eC6Cg5xIwNjIGP7nj5pXKog35kjploIA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665500674; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=FaPPuJgx/me0KGBrrdb8J+zfbS9ON1Yh6G6723yKUBM=; b=jbS6rytz2uSIF7Hl2HxVJqMoPLKGEvD95A+faJT3yHmCPJlxdEYup2L8Zlmu9y0mb8dZN1GWVkZ8t3taMEghQTNN1Wx5PsZi9FXruTeL2kBG9rQGeX9FF2GqKYUdeUlbFVfTtkfphruqtakR9R/eaIEMd4A2tLrI6ynsJ5l4YAQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94994+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665500674170396.26401378751245; Tue, 11 Oct 2022 08:04:34 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id kREzYY1788612xYOK5ZDQ3YO; Tue, 11 Oct 2022 08:04:30 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.8589.1665500668772364869 for ; Tue, 11 Oct 2022 08:04:29 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="331008779" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="331008779" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:06 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="604172803" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="604172803" X-Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.79.249]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:05 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Christopher Zurcher Subject: [edk2-devel] [Patch 01/12] CryptoPkg: Document and disable deprecated crypto services Date: Tue, 11 Oct 2022 08:03:47 -0700 Message-Id: <20221011150358.1332-2-michael.d.kinney@intel.com> In-Reply-To: <20221011150358.1332-1-michael.d.kinney@intel.com> References: <20221011150358.1332-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com X-Gm-Message-State: A3I3lo3er9wERTCJg8Y6yho5x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665500670; bh=HvuPCGKr6Z0Mic/aMnzhO71KLiHz8ZAwocNdwK2jaWE=; h=Cc:Date:From:Reply-To:Subject:To; b=LF4mXdGbBXrat0ZDke4zYgJqZCrFass+UxQZ7yzKFMilkF5oFsWK3If9Q0fFeQICbfr Acyshi3e8me+dSf6OGuG3aKEj/vbhKQZAojUq+FCwsDmk8BY7/AsAKeNW4Oe7H8Bfd0Zy oaFYWm8/lUwU9MreXynhLmuRhql/a8z1PYw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665500676806100001 Content-Type: text/plain; charset="utf-8" Also note services that are recommended to be disabled and update CryptoPkg.dsc PcdCryptoServiceFamilyEnable settings disable all deprecated services. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Christopher Zurcher Signed-off-by: Michael D Kinney --- CryptoPkg/CryptoPkg.dsc | 10 +- .../Pcd/PcdCryptoServiceFamilyEnable.h | 122 ++++++++++-------- 2 files changed, 77 insertions(+), 55 deletions(-) diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index e4e7bc0dbfae..ab28d8861f10 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -150,7 +150,6 @@ [PcdsFixedAtBuild] !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY @@ -160,8 +159,10 @@ [PcdsFixedAtBuild] gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Ge= tContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.In= it | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cEncrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cDecrypt | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY @@ -172,7 +173,7 @@ [PcdsFixedAtBuild] gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Fa= mily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family = | 0 + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY !endif =20 !if $(CRYPTO_SERVICES) =3D=3D MIN_PEI @@ -216,6 +217,7 @@ [PcdsFixedAtBuild] gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Ge= tContextSize | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.In= it | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cEncrypt | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cDecrypt | TRUE diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoP= kg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 47405894176c..da533543172f 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -1,6 +1,26 @@ /** @file Defines the PCD_CRYPTO_SERVICE_FAMILY_ENABLE structure associated with - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable. + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable that is used + to enable/disable crypto services at either the family scope or the + individual service scope. Platforms can minimize the number of enabled + services to reduce size. + + The following services have been deprecated and must never be enabled. + The associated fields in this data structure are never removed or replac= ed + to preseve the binary layout of the data structure. New services are + always added to the end of the data structure. + * HmacMd5 family + * HmacSha1 family + * Md4 family + * Md5 family + * Tdes family + * Arc4 family + * Aes.Services.EcbEncrypt service + * Aes.Services.EcbDecrypt service + + Is is recommended that the following services always be disabled and may + be deprecated in the future. + * Sha1 family =20 Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent @@ -25,25 +45,25 @@ typedef struct { union { struct { - UINT8 New : 1; - UINT8 Free : 1; - UINT8 SetKey : 1; - UINT8 Duplicate : 1; - UINT8 Update : 1; - UINT8 Final : 1; + UINT8 New : 1; // Deprecated + UINT8 Free : 1; // Deprecated + UINT8 SetKey : 1; // Deprecated + UINT8 Duplicate : 1; // Deprecated + UINT8 Update : 1; // Deprecated + UINT8 Final : 1; // Deprecated } Services; - UINT32 Family; + UINT32 Family; // Deprecated } HmacMd5; union { struct { - UINT8 New : 1; - UINT8 Free : 1; - UINT8 SetKey : 1; - UINT8 Duplicate : 1; - UINT8 Update : 1; - UINT8 Final : 1; + UINT8 New : 1; // Deprecated + UINT8 Free : 1; // Deprecated + UINT8 SetKey : 1; // Deprecated + UINT8 Duplicate : 1; // Deprecated + UINT8 Update : 1; // Deprecated + UINT8 Final : 1; // Deprecated } Services; - UINT32 Family; + UINT32 Family; // Deprecated } HmacSha1; union { struct { @@ -71,26 +91,26 @@ typedef struct { } HmacSha384; union { struct { - UINT8 GetContextSize : 1; - UINT8 Init : 1; - UINT8 Duplicate : 1; - UINT8 Update : 1; - UINT8 Final : 1; - UINT8 HashAll : 1; + UINT8 GetContextSize : 1; // Deprecated + UINT8 Init : 1; // Deprecated + UINT8 Duplicate : 1; // Deprecated + UINT8 Update : 1; // Deprecated + UINT8 Final : 1; // Deprecated + UINT8 HashAll : 1; // Deprecated } Services; - UINT32 Family; + UINT32 Family; // Deprecated } Md4; union { struct { - UINT8 GetContextSize : 1; - UINT8 Init : 1; - UINT8 Duplicate : 1; - UINT8 Update : 1; - UINT8 Final : 1; - UINT8 HashAll : 1; + UINT8 GetContextSize : 1; // Deprecated + UINT8 Init : 1; // Deprecated + UINT8 Duplicate : 1; // Deprecated + UINT8 Update : 1; // Deprecated + UINT8 Final : 1; // Deprecated + UINT8 HashAll : 1; // Deprecated } Services; UINT32 Family; - } Md5; + } Md5; // Deprecated union { struct { UINT8 Pkcs1v2Encrypt : 1; @@ -143,14 +163,14 @@ typedef struct { } Rsa; union { struct { - UINT8 GetContextSize : 1; - UINT8 Init : 1; - UINT8 Duplicate : 1; - UINT8 Update : 1; - UINT8 Final : 1; - UINT8 HashAll : 1; + UINT8 GetContextSize : 1; // Recommend disable + UINT8 Init : 1; // Recommend disable + UINT8 Duplicate : 1; // Recommend disable + UINT8 Update : 1; // Recommend disable + UINT8 Final : 1; // Recommend disable + UINT8 HashAll : 1; // Recommend disable } Services; - UINT32 Family; + UINT32 Family; // Recommend disable } Sha1; union { struct { @@ -202,21 +222,21 @@ typedef struct { } X509; union { struct { - UINT8 GetContextSize : 1; - UINT8 Init : 1; - UINT8 EcbEncrypt : 1; - UINT8 EcbDecrypt : 1; - UINT8 CbcEncrypt : 1; - UINT8 CbcDecrypt : 1; + UINT8 GetContextSize : 1; // Deprecated + UINT8 Init : 1; // Deprecated + UINT8 EcbEncrypt : 1; // Deprecated + UINT8 EcbDecrypt : 1; // Deprecated + UINT8 CbcEncrypt : 1; // Deprecated + UINT8 CbcDecrypt : 1; // Deprecated } Services; - UINT32 Family; + UINT32 Family; // Deprecated } Tdes; union { struct { UINT8 GetContextSize : 1; UINT8 Init : 1; - UINT8 EcbEncrypt : 1; - UINT8 EcbDecrypt : 1; + UINT8 EcbEncrypt : 1; // Deprecated + UINT8 EcbDecrypt : 1; // Deprecated UINT8 CbcEncrypt : 1; UINT8 CbcDecrypt : 1; } Services; @@ -224,13 +244,13 @@ typedef struct { } Aes; union { struct { - UINT8 GetContextSize : 1; - UINT8 Init : 1; - UINT8 Encrypt : 1; - UINT8 Decrypt : 1; - UINT8 Reset : 1; + UINT8 GetContextSize : 1; // Deprecated + UINT8 Init : 1; // Deprecated + UINT8 Encrypt : 1; // Deprecated + UINT8 Decrypt : 1; // Deprecated + UINT8 Reset : 1; // Deprecated } Services; - UINT32 Family; + UINT32 Family; // Deprecated } Arc4; union { struct { --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94994): https://edk2.groups.io/g/devel/message/94994 Mute This Topic: https://groups.io/mt/94260719/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 21:45:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94995+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94995+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665500683; cv=none; d=zohomail.com; s=zohoarc; b=YhN0/mrhUOe+upHtFnrnOlVvHLyQZjQpmf/RwrVmUT//0tVFkMGDELXoPNH55Ss9tPzhB60G1ofBmDk/ZgppOUjziwLHt75gnmZNc0gXVaOKMUiCo+i9pO+RU3PY5Cl9ntNePP1Xg09SeIaoVUFP9OM/iQb2/Gd3ADT5sPXPN64= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665500683; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=R84hRRPhOLzI7QJCdMM6goE7zQ0kj3Mu4bisQzsKuN0=; b=PEVaYzEETj9P2fMh6E+SnosU2yba7FVKHZ6BZ56fLnXNS4GnIOepEQCqALfNLk0zsa4u4AIdgmyztpyGOxIhZ7AlaEgWD0MxoQi6Qrl/0kK8s5jwIjnMVMLMWh9e76FKOFHFH8G4pncE6NkksSkLt5bkFoFtaP1vKE7+DEUp2L0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94995+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665500683326414.5197393270598; Tue, 11 Oct 2022 08:04:43 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id bUYHYY1788612x5sVHWWWq6T; Tue, 11 Oct 2022 08:04:43 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.8590.1665500682014028134 for ; Tue, 11 Oct 2022 08:04:42 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="305581043" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="305581043" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:07 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="604172809" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="604172809" X-Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.79.249]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:06 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Christopher Zurcher Subject: [edk2-devel] [Patch 02/12] CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format Date: Tue, 11 Oct 2022 08:03:48 -0700 Message-Id: <20221011150358.1332-3-michael.d.kinney@intel.com> In-Reply-To: <20221011150358.1332-1-michael.d.kinney@intel.com> References: <20221011150358.1332-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com X-Gm-Message-State: wiKLyV4AOl1mjNfpbb3hCwk8x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665500683; bh=wIVbZcLct4eU4Pgj4B+bPHFyoX4a52cPWqFGp9BrB9I=; h=Cc:Date:From:Reply-To:Subject:To; b=v6VbOVQGRNDufA+48J2KKBqOHB11M4fCzUH8G1hQ9FATTwhZrmno1t6W2evSUII3W53 EOaKG81DpTxjk0aUm/PPfRxt46knqXD58MXjEm6GNDc+kMTvj/53Ivksc7cAcHcvPxocj Mr2cH7OcbtTqNwcg+4nVsxzGaoPmiUeUK30= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665500684795100003 Content-Type: text/plain; charset="utf-8" Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Christopher Zurcher Signed-off-by: Michael D Kinney --- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.uni | 2 -- CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni | 2 -- CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni | 2 -- CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf | 1 + .../BaseCryptLib/{SmmCryptLib.uni =3D> SecCryptLib.uni} | 11 ++--------- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni | 2 -- 6 files changed, 3 insertions(+), 17 deletions(-) copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =3D> SecCryptLib.uni}= (74%) diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.uni b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.uni index ed1852efbe04..d9d53d099c4e 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.uni @@ -12,8 +12,6 @@ // // **/ =20 - #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_DRIVER" =20 #string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow." - diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.uni index 20ae64e8bf1a..8cffc00daf5d 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -18,8 +18,6 @@ // // **/ =20 - #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM" =20 #string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, X.509 certificate handler functions, authenticode signa= ture verification functions, PEM handler functions, and pseudorandom number= generator functions are not supported in this instance." - diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.uni index 0cf378c5ab84..786738a99d73 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -17,8 +17,6 @@ // // **/ =20 - #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER" =20 #string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, and authenticode signature verification functions are n= ot supported in this instance." - diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SecCryptLib.inf index 0b1dd31c411c..4f652be46a82 100644 --- a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf @@ -14,6 +14,7 @@ [Defines] INF_VERSION =3D 0x00010005 BASE_NAME =3D SecCryptLib + MODULE_UNI_FILE =3D SecCryptLib.uni FILE_GUID =3D 3689D343-0D32-4284-8053-BF10537990E8 MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/SecCryptLib.uni similarity index 74% copy from CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni copy to CryptoPkg/Library/BaseCryptLib/SecCryptLib.uni index f0c33abbcf22..c0dd1eb0f351 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.uni @@ -1,24 +1,17 @@ // /** @file -// Cryptographic Library Instance for SMM driver. +// Cryptographic Library Instance for SEC driver. // // Caution: This module requires additional review when modified. // This library will have external input - signature. // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: AES -// functions, RSA external functions, PKCS#7 SignedData sign functions, -// Diffie-Hellman functions, and authenticode signature verification funct= ions are -// not supported in this instance. -// // Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
// // SPDX-License-Identifier: BSD-2-Clause-Patent // // **/ =20 - -#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" +#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SEC driver" =20 #string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, and authenticode signature verification functions are n= ot supported in this instance." - diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.uni index f0c33abbcf22..7e0f55f792e1 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -17,8 +17,6 @@ // // **/ =20 - #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" =20 #string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, and authenticode signature verification functions are n= ot supported in this instance." - --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94995): https://edk2.groups.io/g/devel/message/94995 Mute This Topic: https://groups.io/mt/94260734/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 21:45:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94996+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94996+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665500684; cv=none; d=zohomail.com; s=zohoarc; b=neVq8y/HIfsRLP0Dz3jaIC1k6OVDvmY5PCrrDZLY4GRSgiU49Uahh4lnP5OOlNDfUKf/+clv5jd/YcSHYkC+b8SQABIyfL9pCNMNCRUkw/BKFIkbv5hyNfMg6nWWTGcDkTc++/vHI/rtmbwuAt7DxIdI9PscANzlowWO3GGXC0U= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665500684; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=IgpwdmAc5GQDps8YBaZfUT8z7g7lhNpxL6xYReQFdiA=; b=W6GlfM+qgPKaIM29fi5zrcpobiQfSmJum6tjAfjAb4SXEvfDKXg8dp30mX2oXou7d+D/c/MojMEILr/l6UAxNCUY0+t8fP911U5mB3yQFSyYZrHkaz54ivOWbAUEm0lKBXpWkvoTdMjV9F5004zsp4xzNj06tPV0ALc/a7GSYEw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94996+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665500684048344.9033014346427; Tue, 11 Oct 2022 08:04:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id hbNbYY1788612xn98ucAf7ZX; Tue, 11 Oct 2022 08:04:43 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.8590.1665500682014028134 for ; Tue, 11 Oct 2022 08:04:42 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="305581044" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="305581044" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:07 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="604172813" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="604172813" X-Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.79.249]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:06 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Christopher Zurcher Subject: [edk2-devel] [Patch 03/12] CryptoPkg/Library/BaseCryptLib: Update internal functions/variables Date: Tue, 11 Oct 2022 08:03:49 -0700 Message-Id: <20221011150358.1332-4-michael.d.kinney@intel.com> In-Reply-To: <20221011150358.1332-1-michael.d.kinney@intel.com> References: <20221011150358.1332-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com X-Gm-Message-State: QqFtfAd9ekWdGKr7t0r610MRx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665500683; bh=h463Req98lM3SPkc+ZUDAomfl0F+Pt9Fcy9g5MGNHdE=; h=Cc:Date:From:Reply-To:Subject:To; b=TJVkcdHnDYPzDsIrGoYQ5sZ35Xw+5GTiRhaZdGJ29c9symeRv29iPVMB76nFLvSr1H4 4cFtRw3SpFV6tLtZZiDWDFmo3RfsVgpDI9SU7Oa1JCIHspVo9SEdF7EqoY6fbwkLccQ9h LJDPASKn+plxXvRgGSvq2wo2m8/cLbAKUXc= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665500684821100005 Content-Type: text/plain; charset="utf-8" * Update BaseCryptLib internal worker functions to be 'STATIC' * Update BaseCryptLib internal working functions to not use EFIAPI * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global variables Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Christopher Zurcher Signed-off-by: Michael D Kinney --- CryptoPkg/CryptoPkg.ci.yaml | 3 +- .../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +++ .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 ++- .../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +- .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +- .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 ++ CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +++++++++++++------ 7 files changed, 50 insertions(+), 17 deletions(-) diff --git a/CryptoPkg/CryptoPkg.ci.yaml b/CryptoPkg/CryptoPkg.ci.yaml index 2fa3a3d5ee05..ca129d6ae56c 100644 --- a/CryptoPkg/CryptoPkg.ci.yaml +++ b/CryptoPkg/CryptoPkg.ci.yaml @@ -24,7 +24,8 @@ "ExceptionList": [ "8001", "IsLeap", "8001", "OBJ_get0_data", - "8001", "OBJ_length" + "8001", "OBJ_length", + "5005", "X509PopCertificate" ], ## Both file path and directory path are accepted. "IgnoreFiles": [ diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c b/CryptoPkg/Li= brary/BaseCryptLib/Hmac/CryptHmac.c index 2786267a0be1..1ae33b6709cb 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent If the allocations fails, HmacMdNew() returns NULL. =20 **/ +STATIC VOID * HmacMdNew ( VOID @@ -33,6 +34,7 @@ HmacMdNew ( @param[in] HmacMdCtx Pointer to the HMAC_CTX context to be released. =20 **/ +STATIC VOID HmacMdFree ( IN VOID *HmacMdCtx @@ -59,6 +61,7 @@ HmacMdFree ( @retval FALSE The Key is set unsuccessfully. =20 **/ +STATIC BOOLEAN HmacMdSetKey ( IN CONST EVP_MD *Md, @@ -94,6 +97,7 @@ HmacMdSetKey ( @retval FALSE HMAC-MD context copy failed. =20 **/ +STATIC BOOLEAN HmacMdDuplicate ( IN CONST VOID *HmacMdContext, @@ -132,6 +136,7 @@ HmacMdDuplicate ( @retval FALSE HMAC-MD data digest failed. =20 **/ +STATIC BOOLEAN HmacMdUpdate ( IN OUT VOID *HmacMdContext, @@ -183,6 +188,7 @@ HmacMdUpdate ( @retval FALSE HMAC-MD digest computation failed. =20 **/ +STATIC BOOLEAN HmacMdFinal ( IN OUT VOID *HmacMdContext, @@ -233,6 +239,7 @@ HmacMdFinal ( @retval FALSE This interface is not supported. =20 **/ +STATIC BOOLEAN HmacMdAll ( IN CONST EVP_MD *Md, diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c b/CryptoPkg/Lib= rary/BaseCryptLib/Kdf/CryptHkdf.c index ffaf5fb131ac..34e81246ed0d 100644 --- a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c @@ -6,7 +6,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 -#include +#include "InternalCryptLib.h" #include #include =20 @@ -27,6 +27,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent @retval FALSE Hkdf generation failed. =20 **/ +STATIC BOOLEAN HkdfMdExtractAndExpand ( IN CONST EVP_MD *Md, @@ -95,6 +96,7 @@ HkdfMdExtractAndExpand ( @retval false Hkdf generation failed. =20 **/ +STATIC BOOLEAN HkdfMdExtract ( IN CONST EVP_MD *Md, @@ -174,6 +176,7 @@ HkdfMdExtract ( @retval FALSE Hkdf generation failed. =20 **/ +STATIC BOOLEAN HkdfMdExpand ( IN CONST EVP_MD *Md, diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c b/Crypto= Pkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c index aa4a33364d92..6b0dddd4af55 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c @@ -23,7 +23,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // OID ASN.1 Value for SPC_INDIRECT_DATA_OBJID // -UINT8 mSpcIndirectOidValue[] =3D { +GLOBAL_REMOVE_IF_UNREFERENCED const UINT8 mSpcIndirectOidValue[] =3D { 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04 }; =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c b/C= ryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c index f8028181e47f..4e5a14e35210 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c @@ -22,7 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include =20 -UINT8 mOidValue[9] =3D { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, = 0x02 }; +GLOBAL_REMOVE_IF_UNREFERENCED const UINT8 mOidValue[9] =3D { 0x2A, 0x86, = 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 }; =20 /** Check input P7Data is a wrapped ContentInfo structure or not. If not con= struct @@ -145,6 +145,7 @@ WrapPkcs7Data ( @retval FALSE The pop operation failed. =20 **/ +STATIC BOOLEAN X509PopCertificate ( IN VOID *X509Stack, diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/Cryp= toPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c index 833b29ae9755..63cd49434e71 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c @@ -62,6 +62,7 @@ @retval EFI_NOT_FOUND The number of signers found was not 1. =20 **/ +STATIC EFI_STATUS GetSignerCertificate ( IN CONST PKCS7 *CertChain, @@ -132,6 +133,7 @@ GetSignerCertificate ( @retval EFI_NOT_FOUND One or more EKU's were not found in th= e signature. =20 **/ +STATIC EFI_STATUS IsEkuInCertificate ( IN CONST X509 *Cert, @@ -255,6 +257,7 @@ IsEkuInCertificate ( @retval EFI_INVALID_PARAMETER A parameter was invalid. @retval EFI_NOT_FOUND One or more EKU's were not found in th= e signature. **/ +STATIC EFI_STATUS CheckEKUs ( IN CONST X509 *SignerCert, diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c b/CryptoPkg/Librar= y/BaseCryptLib/Pk/CryptTs.c index f118f2e9d6aa..027dbb6842dc 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c @@ -21,7 +21,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // OID ASN.1 Value for SPC_RFC3161_OBJID ("1.3.6.1.4.1.311.3.3.1") // -UINT8 mSpcRFC3161OidValue[] =3D { +GLOBAL_REMOVE_IF_UNREFERENCED const UINT8 mSpcRFC3161OidValue[] =3D { 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x03, 0x03, 0x01 }; =20 @@ -43,11 +43,17 @@ typedef struct { // // ASN.1 Functions for TS_MESSAGE_IMPRINT // -DECLARE_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT) -ASN1_SEQUENCE (TS_MESSAGE_IMPRINT) =3D { +GLOBAL_REMOVE_IF_UNREFERENCED +DECLARE_ASN1_FUNCTIONS ( + TS_MESSAGE_IMPRINT + ) +ASN1_SEQUENCE (TS_MESSAGE_IMPRINT) =3D +{ ASN1_SIMPLE (TS_MESSAGE_IMPRINT, HashAlgorithm, X509_ALGOR), ASN1_SIMPLE (TS_MESSAGE_IMPRINT, HashedMessage, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END (TS_MESSAGE_IMPRINT) +} + +ASN1_SEQUENCE_END (TS_MESSAGE_IMPRINT) IMPLEMENT_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT) =20 /// @@ -68,12 +74,18 @@ typedef struct { // // ASN.1 Functions for TS_ACCURACY // -DECLARE_ASN1_FUNCTIONS (TS_ACCURACY) -ASN1_SEQUENCE (TS_ACCURACY) =3D { +GLOBAL_REMOVE_IF_UNREFERENCED +DECLARE_ASN1_FUNCTIONS ( + TS_ACCURACY + ) +ASN1_SEQUENCE (TS_ACCURACY) =3D +{ ASN1_OPT (TS_ACCURACY, Seconds, ASN1_INTEGER), ASN1_IMP_OPT (TS_ACCURACY, Millis, ASN1_INTEGER, 0), ASN1_IMP_OPT (TS_ACCURACY, Micros, ASN1_INTEGER, 1) -} ASN1_SEQUENCE_END (TS_ACCURACY) +} + +ASN1_SEQUENCE_END (TS_ACCURACY) IMPLEMENT_ASN1_FUNCTIONS (TS_ACCURACY) =20 /// @@ -114,8 +126,12 @@ typedef struct { // // ASN.1 Functions for TS_TST_INFO // -DECLARE_ASN1_FUNCTIONS (TS_TST_INFO) -ASN1_SEQUENCE (TS_TST_INFO) =3D { +GLOBAL_REMOVE_IF_UNREFERENCED +DECLARE_ASN1_FUNCTIONS ( + TS_TST_INFO + ) +ASN1_SEQUENCE (TS_TST_INFO) =3D +{ ASN1_SIMPLE (TS_TST_INFO, Version, ASN1_INTEGER), ASN1_SIMPLE (TS_TST_INFO, Policy, ASN1_OBJECT), ASN1_SIMPLE (TS_TST_INFO, MessageImprint, TS_MESSAGE_IMPRIN= T), @@ -126,7 +142,9 @@ ASN1_SEQUENCE (TS_TST_INFO) =3D { ASN1_OPT (TS_TST_INFO, Nonce, ASN1_INTEGER), ASN1_EXP_OPT (TS_TST_INFO, Tsa, GENERAL_NAME, = 0), ASN1_IMP_SEQUENCE_OF_OPT (TS_TST_INFO, Extensions, X509_EXTENSION, = 1) -} ASN1_SEQUENCE_END (TS_TST_INFO) +} + +ASN1_SEQUENCE_END (TS_TST_INFO) IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO) =20 /** @@ -139,8 +157,8 @@ IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO) @retval FALSE Invalid parameters. =20 **/ +STATIC BOOLEAN -EFIAPI ConvertAsn1TimeToEfiTime ( IN ASN1_TIME *Asn1Time, OUT EFI_TIME *EfiTime @@ -222,8 +240,8 @@ ConvertAsn1TimeToEfiTime ( @retval FALSE Invalid TimeStamp Token Information. =20 **/ +STATIC BOOLEAN -EFIAPI CheckTSTInfo ( IN CONST TS_TST_INFO *TstInfo, IN CONST UINT8 *TimestampedData, @@ -352,8 +370,8 @@ CheckTSTInfo ( @retval FALSE Invalid timestamp token. =20 **/ +STATIC BOOLEAN -EFIAPI TimestampTokenVerify ( IN CONST UINT8 *TSToken, IN UINTN TokenSize, --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94996): https://edk2.groups.io/g/devel/message/94996 Mute This Topic: https://groups.io/mt/94260735/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 21:45:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94997+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94997+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665500687; cv=none; d=zohomail.com; s=zohoarc; b=g+it1zpryv3UaF2j0rNJtNGvGJ/261n9GzB0XemXAoULtGt1CBVjxHveB7WTmR8QGU3/P2iSAvdXNE7hWic9UPVHPzxtBmeoGZUN4G2PN7V8y8ooDa8cPobw7snu40mURC6z/DwN5EGa1H2huQZCGAXyJjNSaIj0HC+FMjur0V4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665500687; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=MtvAMFD56dY6a7AO0FbXjTZDTdgW+DljWLWTuRCQDf0=; b=lksLM3y3VwZydV+S5d0aWnHa/zlAPxNN5C7qcs0x0mXHIcr5d6MYMh4P6OEzKvkdfBtkKlzOapbJFabPhNq7J3GIviwy3tu7ba/ZpkL3i4Ij98K2QkA01BX29JWOCbZVfK2tGeaBDYqRkUEwUe22zTg/AAc+69+RNiHZfjKcyZk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94997+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665500687630808.1530321710123; Tue, 11 Oct 2022 08:04:47 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id XRs8YY1788612xZ7G4MJ6s6t; Tue, 11 Oct 2022 08:04:44 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web08.8432.1665500682958145987 for ; Tue, 11 Oct 2022 08:04:43 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="305581045" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="305581045" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:07 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="604172817" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="604172817" X-Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.79.249]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:07 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Christopher Zurcher Subject: [edk2-devel] [Patch 04/12] CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes Date: Tue, 11 Oct 2022 08:03:50 -0700 Message-Id: <20221011150358.1332-5-michael.d.kinney@intel.com> In-Reply-To: <20221011150358.1332-1-michael.d.kinney@intel.com> References: <20221011150358.1332-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com X-Gm-Message-State: 1uCdUjhzdHj3KMw29wJy7SAkx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665500684; bh=hpbXlVcC5XtcccXKMWBGjYIE4L8w8sW0IpiGtAb3kRk=; h=Cc:Date:From:Reply-To:Subject:To; b=EX0yGHUWqqzzMnDJN9VhCaYWn0Kq/SCUrp3PJokMUzxk+qoy0waJTSIeXGLfvLZpMV+ ERjGcPO1rHGqCnt4D7625NNxCOt7kPurpVT4Qt9v/doBBPrpE6RNzbN39JmKWzf+O7hi7 8RRyidGSvRhm6dy7yuqAD9mZLU0W4wWiz5k= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665500690960100001 Content-Type: text/plain; charset="utf-8" * Update ImageTimeStampTest to return UNIT_TEST_PASSED instead of Status. On success Status is TRUE(1), which was returning a unit test status of UNIT_TEST_ERROR_PREREQUISITE_NOT_MET. * Update HmacTests to use the *Free() service from the HMAC family instead of FreePool(). Using FreePool() generates ASSERT() because the context being freed was not allocated using AllocatePool(). Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Christopher Zurcher Signed-off-by: Michael D Kinney --- .../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 ++++++++++++----- .../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c b/Cry= ptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c index 9c5b39410d0f..b347cb4cb4f8 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c @@ -87,6 +87,12 @@ VOID * VOID ); =20 +typedef +VOID +(EFIAPI *EFI_HMAC_FREE)( + IN VOID *HashContext + ); + typedef BOOLEAN (EFIAPI *EFI_HMAC_INIT)( @@ -113,6 +119,7 @@ BOOLEAN typedef struct { UINT32 DigestSize; EFI_HMAC_NEW HmacNew; + EFI_HMAC_FREE HmacFree; EFI_HMAC_INIT HmacInit; EFI_HMAC_UPDATE HmacUpdate; EFI_HMAC_FINAL HmacFinal; @@ -123,10 +130,10 @@ typedef struct { } HMAC_TEST_CONTEXT; =20 // These functions have been deprecated but they've been left commented ou= t for future reference -// HMAC_TEST_CONTEXT mHmacMd5TestCtx =3D {MD5_DIGEST_SIZE, Hma= cMd5New, HmacMd5SetKey, HmacMd5Update, HmacMd5Final, HmacMd5Key= , sizeof(HmacMd5Key), HmacMd5Digest}; -// HMAC_TEST_CONTEXT mHmacSha1TestCtx =3D {SHA1_DIGEST_SIZE, Hma= cSha1New, HmacSha1SetKey, HmacSha1Update, HmacSha1Final, HmacSha1Ke= y, sizeof(HmacSha1Key), HmacSha1Digest}; -HMAC_TEST_CONTEXT mHmacSha256TestCtx =3D { SHA256_DIGEST_SIZE, HmacSha256= New, HmacSha256SetKey, HmacSha256Update, HmacSha256Final, HmacSha256Key, si= zeof (HmacSha256Key), HmacSha256Digest }; -HMAC_TEST_CONTEXT mHmacSha384TestCtx =3D { SHA384_DIGEST_SIZE, HmacSha384= New, HmacSha384SetKey, HmacSha384Update, HmacSha384Final, HmacSha384Key, si= zeof (HmacSha384Key), HmacSha384Digest }; +// HMAC_TEST_CONTEXT mHmacMd5TestCtx =3D {MD5_DIGEST_SIZE, Hma= cMd5New, HmacMd5Free, HmacMd5SetKey, HmacMd5Update, HmacMd5Final,= HmacMd5Key, sizeof(HmacMd5Key), HmacMd5Digest}; +// HMAC_TEST_CONTEXT mHmacSha1TestCtx =3D {SHA1_DIGEST_SIZE, Hma= cSha1New, HmacSha1Free, HmacSha1SetKey, HmacSha1Update, HmacSha1Final= , HmacSha1Key, sizeof(HmacSha1Key), HmacSha1Digest}; +HMAC_TEST_CONTEXT mHmacSha256TestCtx =3D { SHA256_DIGEST_SIZE, HmacSha256= New, HmacSha256Free, HmacSha256SetKey, HmacSha256Update, HmacSha256Final, H= macSha256Key, sizeof (HmacSha256Key), HmacSha256Digest }; +HMAC_TEST_CONTEXT mHmacSha384TestCtx =3D { SHA384_DIGEST_SIZE, HmacSha384= New, HmacSha384Free, HmacSha384SetKey, HmacSha384Update, HmacSha384Final, H= macSha384Key, sizeof (HmacSha384Key), HmacSha384Digest }; =20 UNIT_TEST_STATUS EFIAPI @@ -155,7 +162,7 @@ TestVerifyHmacCleanUp ( =20 HmacTestContext =3D Context; if (HmacTestContext->HmacCtx !=3D NULL) { - FreePool (HmacTestContext->HmacCtx); + HmacTestContext->HmacFree (HmacTestContext->HmacCtx); } } =20 diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TSTests.c b/Crypt= oPkg/Test/UnitTest/Library/BaseCryptLib/TSTests.c index 225ec3e59746..226e57e66f04 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TSTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TSTests.c @@ -322,7 +322,7 @@ TestVerifyImageTimestampVerify ( UT_ASSERT_EQUAL (SigningTime.Minute, 50); UT_ASSERT_EQUAL (SigningTime.Second, 3); =20 - return Status; + return UNIT_TEST_PASSED; } =20 TEST_DESC mImageTimestampTest[] =3D { --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94997): https://edk2.groups.io/g/devel/message/94997 Mute This Topic: https://groups.io/mt/94260736/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 21:45:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94998+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94998+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665500716; cv=none; d=zohomail.com; s=zohoarc; b=aiKnkB+UZNwgFyM//osqLrRL7DuAXAldeAeBYVac1ngnDFjnKhmuMplb/r1Jo2ap1wWujaFyZrXlqq0RusuwTxzcl2bS4GAZMrxgsU73/aRk4PvGxkhkvOkRQuquDvJ0y0fagkVW88JdffLJVqeEE57lNqY0AyNw7HlLbBWdeHY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665500716; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=VYbYFb0mR1IQXWXcGQ+UrLIJuhIboRAgRrto8d28gv0=; b=dNinuyjQDHK2R5SRqAe/95KULrQmtzDgE3DAeKmNIvYWyZuRxzsjpCv9BdUwDPP9Orc723mprkCMWy16Mjby8Mhzw4ZSwQYP87IEUr2TfNaO48uLdfO+spsVnEB2LpraTz0GiThBso2tvrFVoyEtKy1DcfBoWHO+M9+0LGxoI8k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94998+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665500716517333.98211251978523; Tue, 11 Oct 2022 08:05:16 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id rd2qYY1788612xwmrcJgRMxB; Tue, 11 Oct 2022 08:05:16 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web08.8439.1665500715117670141 for ; Tue, 11 Oct 2022 08:05:15 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="366518327" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="366518327" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:07 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="604172822" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="604172822" X-Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.79.249]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:07 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Christopher Zurcher , Rebecca Cran , Ard Biesheuvel Subject: [edk2-devel] [Patch 05/12] CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib Date: Tue, 11 Oct 2022 08:03:51 -0700 Message-Id: <20221011150358.1332-6-michael.d.kinney@intel.com> In-Reply-To: <20221011150358.1332-1-michael.d.kinney@intel.com> References: <20221011150358.1332-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com X-Gm-Message-State: J1Y9acrlGQ4ptTodaVZ8sMMIx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665500716; bh=7wkB6pUbq9vfGl+nTSpN4huwNJswkVX78lDNVne2jVU=; h=Cc:Date:From:Reply-To:Subject:To; b=RxxF6YV3m+VZSMUVK0UZR2/qlfKKaXd97SeFNtHBnlKQODX+xwjMFMokBs7TG/p6aPq p+ZLyuwmivtP9G+ZWv5JxUTMbi1VJIjfCFyBcfPNQUCOuBwITJBhxaHI83YCZ67TqWP6D fVC674yWPBGGm6IluOVo1Ra9c/8x9PL33Ds= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665500716923100001 Content-Type: text/plain; charset="utf-8" * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib. The functions in this file are only used by TlsLib instances and not any CryptLib instances. * Fix type mismatch in call to FreePool() in TlsConfig.c * Remove use of gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled from TslLib and CryptLib instances * Add missing *Null.c files to SecCryptLib.inf and RuntimeCryptLib.inf. * Remove ARM and AARCH64 sections from SmmCryptLib.inf that does not support those architectures. * Add missing PrintLib dependencies to [LibraryClasses] sections of CryptLib INF files * Remove extra library classes from [LibraryClasses] sections of CryptLib INF files * Remove unnecessary warning disables from [BuildOptions] sections of TlsLib and CryptLib INF files * Remove RVCT support from SecCryptLib.inf Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Christopher Zurcher Cc: Rebecca Cran Cc: Ard Biesheuvel Signed-off-by: Michael D Kinney --- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 10 +--------- CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 8 +------- CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 9 ++------- CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf | 12 ++++-------- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 12 ------------ .../{BaseCryptLib =3D> TlsLib}/SysCall/inet_pton.c | 0 CryptoPkg/Library/TlsLib/TlsConfig.c | 2 +- CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +----------- 8 files changed, 10 insertions(+), 55 deletions(-) rename CryptoPkg/Library/{BaseCryptLib =3D> TlsLib}/SysCall/inet_pton.c (1= 00%) diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 9634bd5fea25..5eaa6e5a2242 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -53,15 +53,13 @@ [Sources] Pk/CryptTs.c Pk/CryptRsaPss.c Pk/CryptRsaPssSign.c - Pk/CryptEcNull.c |*|*|*|!gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnab= led - Pk/CryptEc.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled + Pk/CryptEc.c Pem/CryptPem.c Bn/CryptBn.c =20 SysCall/CrtWrapper.c SysCall/TimerWrapper.c SysCall/BaseMemAllocation.c - SysCall/inet_pton.c =20 [Sources.Ia32] Rand/CryptRandTsc.c @@ -92,19 +90,13 @@ [LibraryClasses] IntrinsicLib PrintLib =20 -[FixedPcd] - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - # # Remove these [BuildOptions] after this library is cleaned up # [BuildOptions] # # suppress the following warnings so we do not break the build with warn= ings-as-errors: - # C4090: 'function' : different 'const' qualifiers # - MSFT:*_*_*_CC_FLAGS =3D /wd4090 - GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99 GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99 GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Dincompatible-point= er-types diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index 3799780c9f52..b1629647f9c6 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -79,9 +79,7 @@ [LibraryClasses] DebugLib OpensslLib IntrinsicLib - -[FixedPcd] - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled + PrintLib =20 # # Remove these [BuildOptions] after this library is cleaned up @@ -89,11 +87,7 @@ [FixedPcd] [BuildOptions] # # suppress the following warnings so we do not break the build with warn= ings-as-errors: - # C4090: 'function' : different 'const' qualifiers - # C4718: 'function call' : recursive call has no side effects, deleting # - MSFT:*_*_*_CC_FLAGS =3D /wd4090 /wd4718 - GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99 GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99 GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Dincompatible-point= er-types diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 845708bf1a1b..19039685a500 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -59,7 +59,9 @@ [Sources] Pk/CryptTsNull.c Pk/CryptRsaPssNull.c Pk/CryptRsaPssSignNull.c + Pk/CryptEcNull.c Pem/CryptPem.c + Bn/CryptBnNull.c =20 SysCall/CrtWrapper.c SysCall/TimerWrapper.c @@ -87,26 +89,19 @@ [Packages] [LibraryClasses] BaseLib BaseMemoryLib - UefiBootServicesTableLib UefiRuntimeServicesTableLib DebugLib OpensslLib IntrinsicLib PrintLib =20 -[FixedPcd] - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - # # Remove these [BuildOptions] after this library is cleaned up # [BuildOptions] # # suppress the following warnings so we do not break the build with warn= ings-as-errors: - # C4090: 'function' : different 'const' qualifiers # - MSFT:*_*_*_CC_FLAGS =3D /wd4090 - GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99 GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99 GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Dincompatible-point= er-types diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SecCryptLib.inf index 4f652be46a82..4ad59b7bbc59 100644 --- a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf @@ -38,6 +38,7 @@ [Sources] Hmac/CryptHmacNull.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c + Cipher/CryptAeadAesGcmNull.c Pk/CryptRsaBasicNull.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c @@ -53,6 +54,8 @@ [Sources] Rand/CryptRandNull.c Pk/CryptRsaPssNull.c Pk/CryptRsaPssSignNull.c + Pk/CryptEcNull.c + Bn/CryptBnNull.c =20 SysCall/CrtWrapper.c SysCall/ConstantTimeClock.c @@ -69,6 +72,7 @@ [LibraryClasses] DebugLib OpensslLib IntrinsicLib + PrintLib =20 # # Remove these [BuildOptions] after this library is cleaned up @@ -76,15 +80,7 @@ [LibraryClasses] [BuildOptions] # # suppress the following warnings so we do not break the build with warn= ings-as-errors: - # C4090: 'function' : different 'const' qualifiers - # C4718: 'function call' : recursive call has no side effects, deleting # - MSFT:*_*_*_CC_FLAGS =3D /wd4090 /wd4718 - - # -JCryptoPkg/Include : To disable the use of the system includes provid= ed by RVCT - # --diag_remark=3D1 : Reduce severity of "#1-D: last line of file en= ds without a newline" - RVCT:*_*_ARM_CC_FLAGS =3D -JCryptoPkg/Include --diag_remark=3D1 - GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99 GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99 GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Dincompatible-point= er-types diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 9318052a51c5..0af7a3f96e8f 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -74,19 +74,12 @@ [Sources.Ia32] [Sources.X64] Rand/CryptRandTsc.c =20 -[Sources.ARM] - Rand/CryptRand.c - -[Sources.AARCH64] - Rand/CryptRand.c - [Packages] MdePkg/MdePkg.dec CryptoPkg/CryptoPkg.dec =20 [LibraryClasses] BaseLib - IoLib BaseMemoryLib MemoryAllocationLib OpensslLib @@ -95,18 +88,13 @@ [LibraryClasses] MmServicesTableLib SynchronizationLib =20 -[FixedPcd] - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - # # Remove these [BuildOptions] after this library is cleaned up # [BuildOptions] # # suppress the following warnings so we do not break the build with warn= ings-as-errors: - # C4090: 'function' : different 'const' qualifiers # - MSFT:*_*_*_CC_FLAGS =3D /wd4090 =20 XCODE:*_*_*_CC_FLAGS =3D -mmmx -msse -std=3Dc99 =20 diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c b/CryptoPkg= /Library/TlsLib/SysCall/inet_pton.c similarity index 100% rename from CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c rename to CryptoPkg/Library/TlsLib/SysCall/inet_pton.c diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLi= b/TlsConfig.c index dbe1f0652996..f13ae0ab7e5a 100644 --- a/CryptoPkg/Library/TlsLib/TlsConfig.c +++ b/CryptoPkg/Library/TlsLib/TlsConfig.c @@ -478,7 +478,7 @@ TlsSetCipherList ( FreePool (CipherString); =20 FreeMappedCipher: - FreePool (MappedCipher); + FreePool ((VOID *)MappedCipher); =20 return Status; } diff --git a/CryptoPkg/Library/TlsLib/TlsLib.inf b/CryptoPkg/Library/TlsLib= /TlsLib.inf index bc61cda74556..e3500b9c2548 100644 --- a/CryptoPkg/Library/TlsLib/TlsLib.inf +++ b/CryptoPkg/Library/TlsLib/TlsLib.inf @@ -27,6 +27,7 @@ [Sources] TlsInit.c TlsConfig.c TlsProcess.c + SysCall/inet_pton.c =20 [Packages] MdePkg/MdePkg.dec @@ -40,14 +41,3 @@ [LibraryClasses] MemoryAllocationLib OpensslLib SafeIntLib - -[FixedPcd] - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - -[BuildOptions] - # - # suppress the following warnings so we do not break the build with warn= ings-as-errors: - # C4090: 'function' : different 'const' qualifiers - # - MSFT:*_*_*_CC_FLAGS =3D /wd4090 - --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94998): https://edk2.groups.io/g/devel/message/94998 Mute This Topic: https://groups.io/mt/94260745/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 21:45:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94999+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94999+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665500717; cv=none; d=zohomail.com; s=zohoarc; b=bGz4e9JzK5Kc/LWwd3AlAqXnV5h6ivSi94WZ6SFuQsSZko+IpHNKdo0Zq+RUC1teK4juh/zpVp8CBBk26bY0nsFJ3UUrdc+sLlcl5apE4ruVB7fEuH/HYsRGAEzXuTHvR5bteJMJtW4cveQAkA2b5zi7suImK+sb9JOq3tFmRKQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665500717; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=tU7It2iHiE5kOqX/2wFJDhNJN5qWVH8ijbgRcexxFIM=; b=meJ52Inl5Z3JotNr2SlOc5X/mBACBwn36o1WxkqRKyDTlVENzaQUxqzdSTkl7EV+pBdcF6/CJufLl+pAThruL/tQLoOfx5ioVIlBJIXByf65HqR10ARJRcBK1h5IfqXpRSjjlFJaoYIe7lCoCJg6tJFdiQks3E5wLnoQrfOtPuk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94999+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665500717047316.20827564221963; Tue, 11 Oct 2022 08:05:17 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id HNsVYY1788612xxuDkcuSq1X; Tue, 11 Oct 2022 08:05:16 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web08.8439.1665500715117670141 for ; Tue, 11 Oct 2022 08:05:15 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="366518331" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="366518331" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:08 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="604172828" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="604172828" X-Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.79.249]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:07 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Christopher Zurcher Subject: [edk2-devel] [Patch 06/12] CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs Date: Tue, 11 Oct 2022 08:03:52 -0700 Message-Id: <20221011150358.1332-7-michael.d.kinney@intel.com> In-Reply-To: <20221011150358.1332-1-michael.d.kinney@intel.com> References: <20221011150358.1332-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com X-Gm-Message-State: 1Ykg0wATy5QX4uobrBIRpEzKx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665500716; bh=FnLkk6MHk+0XTDM8ZBP3FTLqWOheLtihc0S5uwH9Mg4=; h=Cc:Date:From:Reply-To:Subject:To; b=rTC2/xZW51qnyLnrAEzF9R7lpFGvBBronhfCLbiiBp0QVMrU4dxA0sIp7EJx7MNPJap phnk/1eCKldMWPpT7fHrDiuwtJWU/V/g88yED4Xfvt7btioR3Mhyh7EsaHUPkPc3LYihd Vpk1DMGFQibUa1CLPVQXEV8g4f1laHeGbsY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665500719069100008 Content-Type: text/plain; charset="utf-8" * Remove IA32/X64 specific INF files for performance optimized OpensslLib and combine into OpensslLibAccel.inf and OpensslLibFullAccel.inf. * Remove use of PcdOpensslEcEnabled and let the platform select the EC feature by using either OpensslLibFull.inf or OpensslLibFullAccel.inf. * With PcdOpensslEcEnabled removed, roll back style of opensslconf.h and remove opensslconf_generated.h. Move the choice to disable EC/SM2 into OpensslLib INF files using OPENSSL_FLAGS define. * Update OpensslLibContructor() API to be compatible with all FW phases by using types from Base.h and using RETURN_STATUS type and values instead of EFI_STATUS type and values. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Christopher Zurcher Signed-off-by: Michael D Kinney --- CryptoPkg/CryptoPkg.ci.yaml | 8 +- .../Library/Include/openssl/opensslconf.h | 328 +++++++- .../Include/openssl/opensslconf_generated.h | 333 --------- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 130 ++-- CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +- ...OpensslLibIa32.inf =3D> OpensslLibAccel.inf} | 186 +++-- .../Library/OpensslLib/OpensslLibAccel.uni | 14 + .../OpensslLib/OpensslLibConstructor.c | 6 +- .../Library/OpensslLib/OpensslLibCrypto.inf | 182 +++-- .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +- .../{OpensslLib.inf =3D> OpensslLibFull.inf} | 140 ++-- .../{OpensslLib.uni =3D> OpensslLibFull.uni} | 10 +- ...LibIa32Gcc.inf =3D> OpensslLibFullAccel.inf} | 189 +++-- .../OpensslLib/OpensslLibFullAccel.uni | 14 + .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------ .../Library/OpensslLib/OpensslLibX64Gcc.inf | 706 ------------------ 16 files changed, 848 insertions(+), 2125 deletions(-) delete mode 100644 CryptoPkg/Library/Include/openssl/opensslconf_generated= .h rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =3D> OpensslLibAcc= el.inf} (79%) create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni copy CryptoPkg/Library/OpensslLib/{OpensslLib.inf =3D> OpensslLibFull.inf}= (80%) copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni =3D> OpensslLibFull.uni}= (56%) rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =3D> OpensslLib= FullAccel.inf} (79%) create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf diff --git a/CryptoPkg/CryptoPkg.ci.yaml b/CryptoPkg/CryptoPkg.ci.yaml index ca129d6ae56c..47f29759676d 100644 --- a/CryptoPkg/CryptoPkg.ci.yaml +++ b/CryptoPkg/CryptoPkg.ci.yaml @@ -73,13 +73,7 @@ }, "DscCompleteCheck": { "DscPath": "CryptoPkg.dsc", - "IgnoreInf": [ - # These are alternatives to OpensslLib.inf - "CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf", - "CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf", - "CryptoPkg/Library/OpensslLib/OpensslLibX64.inf", - "CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf" - ] + "IgnoreInf": [] }, "GuidCheck": { "IgnoreGuidName": [], diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Li= brary/Include/openssl/opensslconf.h index 53dd8c3efbe6..b98b068b3d3b 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -9,32 +9,324 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -#include -#include + +#include =20 #ifdef __cplusplus extern "C" { #endif =20 -/* Autogenerated conditional openssl feature list starts here */ -#if !FixedPcdGetBool (PcdOpensslEcEnabled) -# ifndef OPENSSL_NO_EC -# define OPENSSL_NO_EC -# endif -# ifndef OPENSSL_NO_ECDH -# define OPENSSL_NO_ECDH -# endif -# ifndef OPENSSL_NO_ECDSA -# define OPENSSL_NO_ECDSA -# endif -# ifndef OPENSSL_NO_TLS1_3 -# define OPENSSL_NO_TLS1_3 +#ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +#endif + +/* + * OpenSSL was configured with the following options: + */ + +#ifndef OPENSSL_SYS_UEFI +# define OPENSSL_SYS_UEFI 1 +#endif +#define OPENSSL_MIN_API 0x10100000L +#ifndef OPENSSL_NO_BF +# define OPENSSL_NO_BF +#endif +#ifndef OPENSSL_NO_BLAKE2 +# define OPENSSL_NO_BLAKE2 +#endif +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CAST +# define OPENSSL_NO_CAST +#endif +#ifndef OPENSSL_NO_CHACHA +# define OPENSSL_NO_CHACHA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_CT +# define OPENSSL_NO_CT +#endif +#ifndef OPENSSL_NO_DES +# define OPENSSL_NO_DES +#endif +#ifndef OPENSSL_NO_DSA +# define OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_IDEA +# define OPENSSL_NO_IDEA +#endif +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +#endif +#ifndef OPENSSL_NO_MD4 +# define OPENSSL_NO_MD4 +#endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_POLY1305 +# define OPENSSL_NO_POLY1305 +#endif +#ifndef OPENSSL_NO_RC2 +# define OPENSSL_NO_RC2 +#endif +#ifndef OPENSSL_NO_RC4 +# define OPENSSL_NO_RC4 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RMD160 +# define OPENSSL_NO_RMD160 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_SRP +# define OPENSSL_NO_SRP +#endif +#ifndef OPENSSL_NO_TS +# define OPENSSL_NO_TS +#endif +#ifndef OPENSSL_NO_WHIRLPOOL +# define OPENSSL_NO_WHIRLPOOL +#endif +#ifndef OPENSSL_RAND_SEED_NONE +# define OPENSSL_RAND_SEED_NONE +#endif +#ifndef OPENSSL_NO_AFALGENG +# define OPENSSL_NO_AFALGENG +#endif +#ifndef OPENSSL_NO_APPS +# define OPENSSL_NO_APPS +#endif +#ifndef OPENSSL_NO_ASAN +# define OPENSSL_NO_ASAN +#endif +#ifndef OPENSSL_NO_ASYNC +# define OPENSSL_NO_ASYNC +#endif +#ifndef OPENSSL_NO_AUTOERRINIT +# define OPENSSL_NO_AUTOERRINIT +#endif +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG +# define OPENSSL_NO_AUTOLOAD_CONFIG +#endif +#ifndef OPENSSL_NO_CAPIENG +# define OPENSSL_NO_CAPIENG +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_NO_CRYPTO_MDEBUG +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +#endif +#ifndef OPENSSL_NO_DEPRECATED +# define OPENSSL_NO_DEPRECATED +#endif +#ifndef OPENSSL_NO_DEVCRYPTOENG +# define OPENSSL_NO_DEVCRYPTOENG +#endif +#ifndef OPENSSL_NO_DGRAM +# define OPENSSL_NO_DGRAM +#endif +#ifndef OPENSSL_NO_DTLS +# define OPENSSL_NO_DTLS +#endif +#ifndef OPENSSL_NO_DTLS1 +# define OPENSSL_NO_DTLS1 +#endif +#ifndef OPENSSL_NO_DTLS1_2 +# define OPENSSL_NO_DTLS1_2 +#endif +#ifndef OPENSSL_NO_EC2M +# define OPENSSL_NO_EC2M +#endif +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +#endif +#ifndef OPENSSL_NO_EGD +# define OPENSSL_NO_EGD +#endif +#ifndef OPENSSL_NO_ENGINE +# define OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ERR +# define OPENSSL_NO_ERR +#endif +#ifndef OPENSSL_NO_EXTERNAL_TESTS +# define OPENSSL_NO_EXTERNAL_TESTS +#endif +#ifndef OPENSSL_NO_FILENAMES +# define OPENSSL_NO_FILENAMES +#endif +#ifndef OPENSSL_NO_FUZZ_AFL +# define OPENSSL_NO_FUZZ_AFL +#endif +#ifndef OPENSSL_NO_FUZZ_LIBFUZZER +# define OPENSSL_NO_FUZZ_LIBFUZZER +#endif +#ifndef OPENSSL_NO_GOST +# define OPENSSL_NO_GOST +#endif +#ifndef OPENSSL_NO_HEARTBEATS +# define OPENSSL_NO_HEARTBEATS +#endif +#ifndef OPENSSL_NO_HW +# define OPENSSL_NO_HW +#endif +#ifndef OPENSSL_NO_MSAN +# define OPENSSL_NO_MSAN +#endif +#ifndef OPENSSL_NO_OCB +# define OPENSSL_NO_OCB +#endif +#ifndef OPENSSL_NO_POSIX_IO +# define OPENSSL_NO_POSIX_IO +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SCRYPT +# define OPENSSL_NO_SCRYPT +#endif +#ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +#endif +#ifndef OPENSSL_NO_SOCK +# define OPENSSL_NO_SOCK +#endif +#ifndef OPENSSL_NO_SSL_TRACE +# define OPENSSL_NO_SSL_TRACE +#endif +#ifndef OPENSSL_NO_SSL3 +# define OPENSSL_NO_SSL3 +#endif +#ifndef OPENSSL_NO_SSL3_METHOD +# define OPENSSL_NO_SSL3_METHOD +#endif +#ifndef OPENSSL_NO_STDIO +# define OPENSSL_NO_STDIO +#endif +#ifndef OPENSSL_NO_TESTS +# define OPENSSL_NO_TESTS +#endif +#ifndef OPENSSL_NO_UBSAN +# define OPENSSL_NO_UBSAN +#endif +#ifndef OPENSSL_NO_UI_CONSOLE +# define OPENSSL_NO_UI_CONSOLE +#endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif + + +/* + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy =3D &dummy; + +/* + * Applications should use -DOPENSSL_API_COMPAT=3D to suppress the + * declarations of functions deprecated in or before . Otherwise,= they + * still won't see them if the library has been built to disable deprecated + * functions. + */ +#ifndef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ =3D=3D 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +#elif defined(__SUNPRO_C) +#if (__SUNPRO_C >=3D 0x5130) +#undef DECLARE_DEPRECATED +#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +#endif # endif -# ifndef OPENSSL_NO_SM2 -# define OPENSSL_NO_SM2 +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ # endif #endif -/* Autogenerated conditional openssl feature list ends here */ + +#ifndef OPENSSL_MIN_API +# define OPENSSL_MIN_API 0 +#endif + +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API +# undef OPENSSL_API_COMPAT +# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#endif + +/* + * Do not deprecate things to be deprecated in version 1.2.0 before the + * OpenSSL version number matches. + */ +#if OPENSSL_VERSION_NUMBER < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) f; +#elif OPENSSL_API_COMPAT < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_2_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10100000L +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_1_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10000000L +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_0_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x00908000L +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_0_9_8(f) +#endif + +/* Generate 80386 code? */ +#undef I386_ONLY + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* + * The following are cipher-specific, but are part of the public API. + */ +#if !defined(OPENSSL_SYS_UEFI) +# undef BN_LLONG +/* Only one for the following should be defined */ +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# define THIRTY_TWO_BIT +#endif + +#define RC4_INT unsigned int =20 #ifdef __cplusplus } diff --git a/CryptoPkg/Library/Include/openssl/opensslconf_generated.h b/Cr= yptoPkg/Library/Include/openssl/opensslconf_generated.h deleted file mode 100644 index 09a6641ffcf9..000000000000 --- a/CryptoPkg/Library/Include/openssl/opensslconf_generated.h +++ /dev/null @@ -1,333 +0,0 @@ -/* - * WARNING: do not edit! - * Generated from include/openssl/opensslconf.h.in - * - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef OPENSSL_ALGORITHM_DEFINES -# error OPENSSL_ALGORITHM_DEFINES no longer supported -#endif - -/* - * OpenSSL was configured with the following options: - */ - -#ifndef OPENSSL_SYS_UEFI -# define OPENSSL_SYS_UEFI 1 -#endif -#define OPENSSL_MIN_API 0x10100000L -#ifndef OPENSSL_NO_BF -# define OPENSSL_NO_BF -#endif -#ifndef OPENSSL_NO_BLAKE2 -# define OPENSSL_NO_BLAKE2 -#endif -#ifndef OPENSSL_NO_CAMELLIA -# define OPENSSL_NO_CAMELLIA -#endif -#ifndef OPENSSL_NO_CAST -# define OPENSSL_NO_CAST -#endif -#ifndef OPENSSL_NO_CHACHA -# define OPENSSL_NO_CHACHA -#endif -#ifndef OPENSSL_NO_CMS -# define OPENSSL_NO_CMS -#endif -#ifndef OPENSSL_NO_CT -# define OPENSSL_NO_CT -#endif -#ifndef OPENSSL_NO_DES -# define OPENSSL_NO_DES -#endif -#ifndef OPENSSL_NO_DSA -# define OPENSSL_NO_DSA -#endif -#ifndef OPENSSL_NO_IDEA -# define OPENSSL_NO_IDEA -#endif -#ifndef OPENSSL_NO_MD2 -# define OPENSSL_NO_MD2 -#endif -#ifndef OPENSSL_NO_MD4 -# define OPENSSL_NO_MD4 -#endif -#ifndef OPENSSL_NO_MDC2 -# define OPENSSL_NO_MDC2 -#endif -#ifndef OPENSSL_NO_POLY1305 -# define OPENSSL_NO_POLY1305 -#endif -#ifndef OPENSSL_NO_RC2 -# define OPENSSL_NO_RC2 -#endif -#ifndef OPENSSL_NO_RC4 -# define OPENSSL_NO_RC4 -#endif -#ifndef OPENSSL_NO_RC5 -# define OPENSSL_NO_RC5 -#endif -#ifndef OPENSSL_NO_RMD160 -# define OPENSSL_NO_RMD160 -#endif -#ifndef OPENSSL_NO_SEED -# define OPENSSL_NO_SEED -#endif -#ifndef OPENSSL_NO_SRP -# define OPENSSL_NO_SRP -#endif -#ifndef OPENSSL_NO_TS -# define OPENSSL_NO_TS -#endif -#ifndef OPENSSL_NO_WHIRLPOOL -# define OPENSSL_NO_WHIRLPOOL -#endif -#ifndef OPENSSL_RAND_SEED_NONE -# define OPENSSL_RAND_SEED_NONE -#endif -#ifndef OPENSSL_NO_AFALGENG -# define OPENSSL_NO_AFALGENG -#endif -#ifndef OPENSSL_NO_APPS -# define OPENSSL_NO_APPS -#endif -#ifndef OPENSSL_NO_ASAN -# define OPENSSL_NO_ASAN -#endif -#ifndef OPENSSL_NO_ASYNC -# define OPENSSL_NO_ASYNC -#endif -#ifndef OPENSSL_NO_AUTOERRINIT -# define OPENSSL_NO_AUTOERRINIT -#endif -#ifndef OPENSSL_NO_AUTOLOAD_CONFIG -# define OPENSSL_NO_AUTOLOAD_CONFIG -#endif -#ifndef OPENSSL_NO_CAPIENG -# define OPENSSL_NO_CAPIENG -#endif -#ifndef OPENSSL_NO_CRYPTO_MDEBUG -# define OPENSSL_NO_CRYPTO_MDEBUG -#endif -#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE -# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE -#endif -#ifndef OPENSSL_NO_DEPRECATED -# define OPENSSL_NO_DEPRECATED -#endif -#ifndef OPENSSL_NO_DEVCRYPTOENG -# define OPENSSL_NO_DEVCRYPTOENG -#endif -#ifndef OPENSSL_NO_DGRAM -# define OPENSSL_NO_DGRAM -#endif -#ifndef OPENSSL_NO_DTLS -# define OPENSSL_NO_DTLS -#endif -#ifndef OPENSSL_NO_DTLS1 -# define OPENSSL_NO_DTLS1 -#endif -#ifndef OPENSSL_NO_DTLS1_2 -# define OPENSSL_NO_DTLS1_2 -#endif -#ifndef OPENSSL_NO_EC2M -# define OPENSSL_NO_EC2M -#endif -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -# define OPENSSL_NO_EC_NISTP_64_GCC_128 -#endif -#ifndef OPENSSL_NO_EGD -# define OPENSSL_NO_EGD -#endif -#ifndef OPENSSL_NO_ENGINE -# define OPENSSL_NO_ENGINE -#endif -#ifndef OPENSSL_NO_ERR -# define OPENSSL_NO_ERR -#endif -#ifndef OPENSSL_NO_EXTERNAL_TESTS -# define OPENSSL_NO_EXTERNAL_TESTS -#endif -#ifndef OPENSSL_NO_FILENAMES -# define OPENSSL_NO_FILENAMES -#endif -#ifndef OPENSSL_NO_FUZZ_AFL -# define OPENSSL_NO_FUZZ_AFL -#endif -#ifndef OPENSSL_NO_FUZZ_LIBFUZZER -# define OPENSSL_NO_FUZZ_LIBFUZZER -#endif -#ifndef OPENSSL_NO_GOST -# define OPENSSL_NO_GOST -#endif -#ifndef OPENSSL_NO_HEARTBEATS -# define OPENSSL_NO_HEARTBEATS -#endif -#ifndef OPENSSL_NO_HW -# define OPENSSL_NO_HW -#endif -#ifndef OPENSSL_NO_MSAN -# define OPENSSL_NO_MSAN -#endif -#ifndef OPENSSL_NO_OCB -# define OPENSSL_NO_OCB -#endif -#ifndef OPENSSL_NO_POSIX_IO -# define OPENSSL_NO_POSIX_IO -#endif -#ifndef OPENSSL_NO_RFC3779 -# define OPENSSL_NO_RFC3779 -#endif -#ifndef OPENSSL_NO_SCRYPT -# define OPENSSL_NO_SCRYPT -#endif -#ifndef OPENSSL_NO_SCTP -# define OPENSSL_NO_SCTP -#endif -#ifndef OPENSSL_NO_SOCK -# define OPENSSL_NO_SOCK -#endif -#ifndef OPENSSL_NO_SSL_TRACE -# define OPENSSL_NO_SSL_TRACE -#endif -#ifndef OPENSSL_NO_SSL3 -# define OPENSSL_NO_SSL3 -#endif -#ifndef OPENSSL_NO_SSL3_METHOD -# define OPENSSL_NO_SSL3_METHOD -#endif -#ifndef OPENSSL_NO_STDIO -# define OPENSSL_NO_STDIO -#endif -#ifndef OPENSSL_NO_TESTS -# define OPENSSL_NO_TESTS -#endif -#ifndef OPENSSL_NO_UBSAN -# define OPENSSL_NO_UBSAN -#endif -#ifndef OPENSSL_NO_UI_CONSOLE -# define OPENSSL_NO_UI_CONSOLE -#endif -#ifndef OPENSSL_NO_UNIT_TEST -# define OPENSSL_NO_UNIT_TEST -#endif -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS -# define OPENSSL_NO_WEAK_SSL_CIPHERS -#endif -#ifndef OPENSSL_NO_DYNAMIC_ENGINE -# define OPENSSL_NO_DYNAMIC_ENGINE -#endif - - -/* - * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers - * don't like that. This will hopefully silence them. - */ -#define NON_EMPTY_TRANSLATION_UNIT static void *dummy =3D &dummy; - -/* - * Applications should use -DOPENSSL_API_COMPAT=3D to suppress the - * declarations of functions deprecated in or before . Otherwise,= they - * still won't see them if the library has been built to disable deprecated - * functions. - */ -#ifndef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f; -# ifdef __GNUC__ -# if __GNUC__ > 3 || (__GNUC__ =3D=3D 3 && __GNUC_MINOR__ > 0) -# undef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -# endif -# elif defined(__SUNPRO_C) -# if (__SUNPRO_C >=3D 0x5130) -# undef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -# endif -# endif -#endif - -#ifndef OPENSSL_FILE -# ifdef OPENSSL_NO_FILENAMES -# define OPENSSL_FILE "" -# define OPENSSL_LINE 0 -# else -# define OPENSSL_FILE __FILE__ -# define OPENSSL_LINE __LINE__ -# endif -#endif - -#ifndef OPENSSL_MIN_API -# define OPENSSL_MIN_API 0 -#endif - -#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API -# undef OPENSSL_API_COMPAT -# define OPENSSL_API_COMPAT OPENSSL_MIN_API -#endif - -/* - * Do not deprecate things to be deprecated in version 1.2.0 before the - * OpenSSL version number matches. - */ -#if OPENSSL_VERSION_NUMBER < 0x10200000L -# define DEPRECATEDIN_1_2_0(f) f; -#elif OPENSSL_API_COMPAT < 0x10200000L -# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_1_2_0(f) -#endif - -#if OPENSSL_API_COMPAT < 0x10100000L -# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_1_1_0(f) -#endif - -#if OPENSSL_API_COMPAT < 0x10000000L -# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_1_0_0(f) -#endif - -#if OPENSSL_API_COMPAT < 0x00908000L -# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_0_9_8(f) -#endif - -/* Generate 80386 code? */ -#undef I386_ONLY - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -/* - * The following are cipher-specific, but are part of the public API. - */ -#if !defined(OPENSSL_SYS_UEFI) -# undef BN_LLONG -/* Only one for the following should be defined */ -# undef SIXTY_FOUR_BIT_LONG -# undef SIXTY_FOUR_BIT -# define THIRTY_TWO_BIT -#endif - -#define RC4_INT unsigned int - -#ifdef __cplusplus -} -#endif diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index c899b811b149..7d4b729bf7c7 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -1,5 +1,5 @@ ## @file -# This module provides OpenSSL Library implementation. +# This module provides OpenSSL Library implementation with TLS features. # # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP
@@ -15,14 +15,18 @@ [Defines] MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 LIBRARY_CLASS =3D OpensslLib + CONSTRUCTOR =3D OpensslLibConstructor + DEFINE OPENSSL_PATH =3D openssl - DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM + DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -DOP= ENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2 -DOPE= NSSL_NO_ASM + DEFINE OPENSSL_FLAGS_CONFIG =3D =20 # # VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 # =20 [Sources] + OpensslLibConstructor.c $(OPENSSL_PATH)/e_os.h $(OPENSSL_PATH)/ms/uplink.h # Autogenerated files list starts here @@ -199,43 +203,43 @@ [Sources] $(OPENSSL_PATH)/crypto/dso/dso_vms.c $(OPENSSL_PATH)/crypto/dso/dso_win32.c $(OPENSSL_PATH)/crypto/ebcdic.c - $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgT= okenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCry= ptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkg= TokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTok= enSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgToken= SpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled +# $(OPENSSL_PATH)/crypto/ec/curve25519.c +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c +# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c +# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c +# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c +# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c +# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c +# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c +# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c +# $(OPENSSL_PATH)/crypto/ec/ec_check.c +# $(OPENSSL_PATH)/crypto/ec/ec_curve.c +# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c +# $(OPENSSL_PATH)/crypto/ec/ec_err.c +# $(OPENSSL_PATH)/crypto/ec/ec_key.c +# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c +# $(OPENSSL_PATH)/crypto/ec/ec_lib.c +# $(OPENSSL_PATH)/crypto/ec/ec_mult.c +# $(OPENSSL_PATH)/crypto/ec/ec_oct.c +# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c +# $(OPENSSL_PATH)/crypto/ec/ec_print.c +# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c +# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c +# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c +# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c +# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c +# $(OPENSSL_PATH)/crypto/ec/eck_prn.c +# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c +# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c +# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c +# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c $(OPENSSL_PATH)/crypto/err/err.c $(OPENSSL_PATH)/crypto/err/err_prn.c $(OPENSSL_PATH)/crypto/evp/bio_b64.c @@ -421,10 +425,10 @@ [Sources] $(OPENSSL_PATH)/crypto/siphash/siphash.c $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled +# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c +# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c +# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c +# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c $(OPENSSL_PATH)/crypto/sm3/m_sm3.c $(OPENSSL_PATH)/crypto/sm3/sm3.c $(OPENSSL_PATH)/crypto/sm4/sm4.c @@ -537,15 +541,15 @@ [Sources] $(OPENSSL_PATH)/crypto/conf/conf_local.h $(OPENSSL_PATH)/crypto/dh/dh_local.h $(OPENSSL_PATH)/crypto/dso/dso_local.h - $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCrypt= oPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkg= TokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgToken= SpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*= |gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled +# $(OPENSSL_PATH)/crypto/ec/ec_local.h +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h +# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h +# $(OPENSSL_PATH)/crypto/ec/curve448/field.h +# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h +# $(OPENSSL_PATH)/crypto/ec/curve448/word.h +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h $(OPENSSL_PATH)/crypto/evp/evp_local.h $(OPENSSL_PATH)/crypto/hmac/hmac_local.h $(OPENSSL_PATH)/crypto/lhash/lhash_local.h @@ -637,15 +641,13 @@ [LibraryClasses] [LibraryClasses.ARM] ArmSoftFloatLib =20 -[FixedPcd] - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES - [BuildOptions] # # Disables the following Visual Studio compiler warnings brought by open= ssl source, # so we do not break the build with /WX option: # C4090: 'function' : different 'const' qualifiers # C4132: 'object' : const object should be initialized (tls13_enc.c) + # C4210: nonstandard extension used: function given file scope # C4244: conversion from type1 to type2, possible loss of data # C4245: conversion from type1 to type2, signed/unsigned mismatch # C4267: conversion from size_t to type, possible loss of data @@ -657,11 +659,11 @@ [BuildOptions] # C4706: assignment within conditional expression # C4819: The file contains a character that cannot be represented in t= he current code page # - MSFT:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 = /wd4706 /wd4819 - MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 = /wd4702 /wd4706 /wd4819 + MSFT:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 = /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819 + MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 = /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819 =20 - INTEL:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) /w - INTEL:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) /w + INTEL:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w + INTEL:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w =20 # # Suppress the following build warnings in openssl so we don't break the= build with -Werror @@ -670,10 +672,10 @@ [BuildOptions] # types appropriate to the format string specified. # -Werror=3Dunused-but-set-variable: Warn whenever a local variable is= assigned to, but otherwise unused (aside from its declaration). # - GCC:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-err= or=3Dmaybe-uninitialized -Wno-error=3Dunused-but-set-variable - GCC:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-err= or=3Dmaybe-uninitialized -Wno-error=3Dformat -Wno-format -Wno-error=3Dunuse= d-but-set-variable -DNO_MSABI_VA_FUNCS + GCC:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSS= L_FLAGS_CONFIG) -Wno-error=3Dmaybe-uninitialized -Wno-error=3Dunused-but-se= t-variable + GCC:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSS= L_FLAGS_CONFIG) -Wno-error=3Dmaybe-uninitialized -Wno-error=3Dformat -Wno-f= ormat -Wno-error=3Dunused-but-set-variable -DNO_MSABI_VA_FUNCS GCC:*_*_ARM_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-error=3Dunused-but-set-variable - GCC:*_*_AARCH64_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-format -Wno-error=3Dunused-but-set-variable + GCC:*_*_AARCH64_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-format -Wno-error=3Dunused-but-set-variable -Wno-error=3Dformat GCC:*_*_RISCV64_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-format -Wno-error=3Dunused-but-set-variable GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Duninitialized GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Duninitialized @@ -698,8 +700,8 @@ [BuildOptions] # 1: ignore "#1-D: last line of file ends without a newline" # 3017: may be used before being set (NOTE: This was fixed in O= penSSL 1.1 HEAD with # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be drop= ped then.) - XCODE:*_*_IA32_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) -w -std=3Dc99 -Wno-error=3Duninitialized - XCODE:*_*_X64_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) -w -std=3Dc99 -Wno-error=3Duninitialized + XCODE:*_*_IA32_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) $(OPENSSL_FLAGS_CONFIG) -w -std=3Dc99 -Wno-error=3Duninitialized + XCODE:*_*_X64_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) $(OPENSSL_FLAGS_CONFIG) -w -std=3Dc99 -Wno-error=3Duninitialized =20 # # AARCH64 uses strict alignment and avoids SIMD registers for code that = may execute diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.uni b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.uni index abaff8a3c37f..6b62c46040f9 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.uni +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.uni @@ -1,7 +1,5 @@ // /** @file -// This module provides openSSL Library implementation. -// -// This module provides OpenSSL Library implementation. +// This module provides OpenSSL Library implementation with TLS features. // // Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
// @@ -9,8 +7,6 @@ // // **/ =20 +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library i= mplementation with TLS features." =20 -#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library i= mplementation" - -#string STR_MODULE_DESCRIPTION #language en-US "This module provi= des OpenSSL Library implementation." - +#string STR_MODULE_DESCRIPTION #language en-US "This module provi= des OpenSSL Library implementation with TLS features." diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf b/CryptoPkg/Li= brary/OpensslLib/OpensslLibAccel.inf similarity index 79% rename from CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf rename to CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf index b6ee718edeff..b552b011e2bf 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf @@ -1,5 +1,7 @@ ## @file -# This module provides OpenSSL Library implementation. +# This module provides OpenSSL Library implementation with TLS features +# along with performance optimized implementations of SHA1, SHA256, SHA51= 2, +# AESNI, VPAED, and GHASH for IA32 and X64. # # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP
@@ -9,33 +11,27 @@ =20 [Defines] INF_VERSION =3D 0x00010005 - BASE_NAME =3D OpensslLibIa32 - MODULE_UNI_FILE =3D OpensslLib.uni - FILE_GUID =3D 5805D1D4-F8EE-4FBA-BDD8-74465F16A534 + BASE_NAME =3D OpensslLibAccel + MODULE_UNI_FILE =3D OpensslLibAccel.uni + FILE_GUID =3D 96A34760-B04A-44EB-9680-AC7606E9776B MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 LIBRARY_CLASS =3D OpensslLib + CONSTRUCTOR =3D OpensslLibConstructor + DEFINE OPENSSL_PATH =3D openssl - DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE + DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -DOP= ENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2 DEFINE OPENSSL_FLAGS_CONFIG =3D -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA2= 56_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM - CONSTRUCTOR =3D OpensslLibConstructor =20 # -# VALID_ARCHITECTURES =3D IA32 +# VALID_ARCHITECTURES =3D IA32 X64 # =20 -[Sources.IA32] +[Sources] OpensslLibConstructor.c $(OPENSSL_PATH)/e_os.h $(OPENSSL_PATH)/ms/uplink.h # Autogenerated files list starts here - IA32/crypto/aes/aesni-x86.nasm - IA32/crypto/aes/vpaes-x86.nasm - IA32/crypto/modes/ghash-x86.nasm - IA32/crypto/sha/sha1-586.nasm - IA32/crypto/sha/sha256-586.nasm - IA32/crypto/sha/sha512-586.nasm - IA32/crypto/x86cpuid.nasm $(OPENSSL_PATH)/crypto/aes/aes_cbc.c $(OPENSSL_PATH)/crypto/aes/aes_cfb.c $(OPENSSL_PATH)/crypto/aes/aes_core.c @@ -209,43 +205,43 @@ [Sources.IA32] $(OPENSSL_PATH)/crypto/dso/dso_vms.c $(OPENSSL_PATH)/crypto/dso/dso_win32.c $(OPENSSL_PATH)/crypto/ebcdic.c - $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgT= okenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCry= ptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkg= TokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTok= enSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgToken= SpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled +# $(OPENSSL_PATH)/crypto/ec/curve25519.c +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c +# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c +# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c +# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c +# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c +# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c +# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c +# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c +# $(OPENSSL_PATH)/crypto/ec/ec_check.c +# $(OPENSSL_PATH)/crypto/ec/ec_curve.c +# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c +# $(OPENSSL_PATH)/crypto/ec/ec_err.c +# $(OPENSSL_PATH)/crypto/ec/ec_key.c +# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c +# $(OPENSSL_PATH)/crypto/ec/ec_lib.c +# $(OPENSSL_PATH)/crypto/ec/ec_mult.c +# $(OPENSSL_PATH)/crypto/ec/ec_oct.c +# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c +# $(OPENSSL_PATH)/crypto/ec/ec_print.c +# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c +# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c +# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c +# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c +# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c +# $(OPENSSL_PATH)/crypto/ec/eck_prn.c +# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c +# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c +# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c +# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c $(OPENSSL_PATH)/crypto/err/err.c $(OPENSSL_PATH)/crypto/err/err_prn.c $(OPENSSL_PATH)/crypto/evp/bio_b64.c @@ -324,6 +320,7 @@ [Sources.IA32] $(OPENSSL_PATH)/crypto/md5/md5_dgst.c $(OPENSSL_PATH)/crypto/md5/md5_one.c $(OPENSSL_PATH)/crypto/mem.c +# $(OPENSSL_PATH)/crypto/mem_clr.c # Replaced by assembly optimized NAS= M/S files $(OPENSSL_PATH)/crypto/mem_dbg.c $(OPENSSL_PATH)/crypto/mem_sec.c $(OPENSSL_PATH)/crypto/modes/cbc128.c @@ -430,10 +427,10 @@ [Sources.IA32] $(OPENSSL_PATH)/crypto/siphash/siphash.c $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled +# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c +# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c +# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c +# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c $(OPENSSL_PATH)/crypto/sm3/m_sm3.c $(OPENSSL_PATH)/crypto/sm3/sm3.c $(OPENSSL_PATH)/crypto/sm4/sm4.c @@ -546,15 +543,15 @@ [Sources.IA32] $(OPENSSL_PATH)/crypto/conf/conf_local.h $(OPENSSL_PATH)/crypto/dh/dh_local.h $(OPENSSL_PATH)/crypto/dso/dso_local.h - $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCrypt= oPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkg= TokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgToken= SpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*= |gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled +# $(OPENSSL_PATH)/crypto/ec/ec_local.h +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h +# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h +# $(OPENSSL_PATH)/crypto/ec/curve448/field.h +# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h +# $(OPENSSL_PATH)/crypto/ec/curve448/word.h +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h $(OPENSSL_PATH)/crypto/evp/evp_local.h $(OPENSSL_PATH)/crypto/hmac/hmac_local.h $(OPENSSL_PATH)/crypto/lhash/lhash_local.h @@ -633,6 +630,53 @@ [Sources.IA32] ossl_store.c rand_pool.c =20 +[Sources.IA32] + IA32/crypto/aes/aesni-x86.nasm | MSFT + IA32/crypto/aes/vpaes-x86.nasm | MSFT + IA32/crypto/modes/ghash-x86.nasm | MSFT + IA32/crypto/sha/sha1-586.nasm | MSFT + IA32/crypto/sha/sha256-586.nasm | MSFT + IA32/crypto/sha/sha512-586.nasm | MSFT + IA32/crypto/x86cpuid.nasm | MSFT + + IA32Gcc/crypto/aes/aesni-x86.S | GCC + IA32Gcc/crypto/aes/vpaes-x86.S | GCC + IA32Gcc/crypto/modes/ghash-x86.S | GCC + IA32Gcc/crypto/sha/sha1-586.S | GCC + IA32Gcc/crypto/sha/sha256-586.S | GCC + IA32Gcc/crypto/sha/sha512-586.S | GCC + IA32Gcc/crypto/x86cpuid.S | GCC + +[Sources.X64] + X64/ApiHooks.c + X64/crypto/aes/aesni-mb-x86_64.nasm | MSFT + X64/crypto/aes/aesni-sha1-x86_64.nasm | MSFT + X64/crypto/aes/aesni-sha256-x86_64.nasm | MSFT + X64/crypto/aes/aesni-x86_64.nasm | MSFT + X64/crypto/aes/vpaes-x86_64.nasm | MSFT + X64/crypto/modes/aesni-gcm-x86_64.nasm | MSFT + X64/crypto/modes/ghash-x86_64.nasm | MSFT + X64/crypto/sha/sha1-mb-x86_64.nasm | MSFT + X64/crypto/sha/sha1-x86_64.nasm | MSFT + X64/crypto/sha/sha256-mb-x86_64.nasm | MSFT + X64/crypto/sha/sha256-x86_64.nasm | MSFT + X64/crypto/sha/sha512-x86_64.nasm | MSFT + X64/crypto/x86_64cpuid.nasm | MSFT + + X64Gcc/crypto/aes/aesni-mb-x86_64.S | GCC + X64Gcc/crypto/aes/aesni-sha1-x86_64.S | GCC + X64Gcc/crypto/aes/aesni-sha256-x86_64.S | GCC + X64Gcc/crypto/aes/aesni-x86_64.S | GCC + X64Gcc/crypto/aes/vpaes-x86_64.S | GCC + X64Gcc/crypto/modes/aesni-gcm-x86_64.S | GCC + X64Gcc/crypto/modes/ghash-x86_64.S | GCC + X64Gcc/crypto/sha/sha1-mb-x86_64.S | GCC + X64Gcc/crypto/sha/sha1-x86_64.S | GCC + X64Gcc/crypto/sha/sha256-mb-x86_64.S | GCC + X64Gcc/crypto/sha/sha256-x86_64.S | GCC + X64Gcc/crypto/sha/sha512-x86_64.S | GCC + X64Gcc/crypto/x86_64cpuid.S | GCC + [Packages] MdePkg/MdePkg.dec CryptoPkg/CryptoPkg.dec @@ -643,9 +687,6 @@ [LibraryClasses] RngLib PrintLib =20 -[FixedPcd] - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES - [BuildOptions] # # Disables the following Visual Studio compiler warnings brought by open= ssl source, @@ -665,8 +706,10 @@ [BuildOptions] # C4819: The file contains a character that cannot be represented in t= he current code page # MSFT:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 = /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819 + MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 = /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819 =20 INTEL:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w + INTEL:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w =20 # # Suppress the following build warnings in openssl so we don't break the= build with -Werror @@ -675,7 +718,11 @@ [BuildOptions] # types appropriate to the format string specified. # -Werror=3Dunused-but-set-variable: Warn whenever a local variable is= assigned to, but otherwise unused (aside from its declaration). # - GCC:*_*_IA32_CC_FLAGS =3D -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) = $(OPENSSL_FLAGS_CONFIG) -Wno-error=3Dmaybe-uninitialized -Wno-error=3Dunuse= d-but-set-variable + GCC:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSS= L_FLAGS_CONFIG) -Wno-error=3Dmaybe-uninitialized -Wno-error=3Dunused-but-se= t-variable + GCC:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSS= L_FLAGS_CONFIG) -Wno-error=3Dmaybe-uninitialized -Wno-error=3Dformat -Wno-f= ormat -Wno-error=3Dunused-but-set-variable -DNO_MSABI_VA_FUNCS + GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Duninitialized + GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Duninitialized + GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Duninitialized -Wno= -error=3Dincompatible-pointer-types -Wno-error=3Dpointer-sign -Wno-error=3D= implicit-function-declaration -Wno-error=3Dignored-pragma-optimize =20 # suppress the following warnings in openssl so we don't break the build= with warnings-as-errors: # 1295: Deprecated declaration - give arg types @@ -697,3 +744,4 @@ [BuildOptions] # 3017: may be used before being set (NOTE: This was fixed in O= penSSL 1.1 HEAD with # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be drop= ped then.) XCODE:*_*_IA32_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) $(OPENSSL_FLAGS_CONFIG) -w -std=3Dc99 -Wno-error=3Duninitialized + XCODE:*_*_X64_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) $(OPENSSL_FLAGS_CONFIG) -w -std=3Dc99 -Wno-error=3Duninitialized diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni b/CryptoPkg/L= ibrary/OpensslLib/OpensslLibAccel.uni new file mode 100644 index 000000000000..e547a0c1e816 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni @@ -0,0 +1,14 @@ +// /** @file +// This module provides OpenSSL Library implementation with TLS features +// along with performance optimized implementations of SHA1, SHA256, SHA51= 2, +// AESNI, VPAED, and GHASH for IA32 and X64. +// +// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library i= mplementation with TLS features and performance optimizations" + +#string STR_MODULE_DESCRIPTION #language en-US "This module provi= des OpenSSL Library implementation with TLS features along with performance= optimized implementations of SHA1, SHA256, SHA512, AESNI, VPAED, and GHASH= for IA32 and X64." diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c b/CryptoP= kg/Library/OpensslLib/OpensslLibConstructor.c index 18d8a5612808..5daf73a54710 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c +++ b/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c @@ -6,7 +6,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 -#include +#include =20 /** An internal OpenSSL function which fetches a local copy of the hardware @@ -30,7 +30,7 @@ OPENSSL_cpuid_setup ( @retval EFI_SUCCESS The construction succeeded. =20 **/ -EFI_STATUS +RETURN_STATUS EFIAPI OpensslLibConstructor ( VOID @@ -38,5 +38,5 @@ OpensslLibConstructor ( { OPENSSL_cpuid_setup (); =20 - return EFI_SUCCESS; + return RETURN_SUCCESS; } diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index 0ec372454119..5492865ddb2d 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -1,5 +1,6 @@ ## @file -# This module provides OpenSSL Library implementation. +# This module provides OpenSSL Library implementation with ECC and TLS +# features removed and features have performance optimizations enabled. # # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP
@@ -15,14 +16,18 @@ [Defines] MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 LIBRARY_CLASS =3D OpensslLib + CONSTRUCTOR =3D OpensslLibConstructor + DEFINE OPENSSL_PATH =3D openssl - DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM + DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -DOP= ENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2 -DOPE= NSSL_NO_ASM + DEFINE OPENSSL_FLAGS_CONFIG =3D =20 # # VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 # =20 [Sources] + OpensslLibConstructor.c $(OPENSSL_PATH)/e_os.h $(OPENSSL_PATH)/ms/uplink.h # Autogenerated files list starts here @@ -199,43 +204,43 @@ [Sources] $(OPENSSL_PATH)/crypto/dso/dso_vms.c $(OPENSSL_PATH)/crypto/dso/dso_win32.c $(OPENSSL_PATH)/crypto/ebcdic.c - $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgT= okenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCry= ptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkg= TokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTok= enSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgToken= SpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled +# $(OPENSSL_PATH)/crypto/ec/curve25519.c +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c +# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c +# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c +# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c +# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c +# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c +# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c +# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c +# $(OPENSSL_PATH)/crypto/ec/ec_check.c +# $(OPENSSL_PATH)/crypto/ec/ec_curve.c +# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c +# $(OPENSSL_PATH)/crypto/ec/ec_err.c +# $(OPENSSL_PATH)/crypto/ec/ec_key.c +# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c +# $(OPENSSL_PATH)/crypto/ec/ec_lib.c +# $(OPENSSL_PATH)/crypto/ec/ec_mult.c +# $(OPENSSL_PATH)/crypto/ec/ec_oct.c +# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c +# $(OPENSSL_PATH)/crypto/ec/ec_print.c +# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c +# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c +# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c +# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c +# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c +# $(OPENSSL_PATH)/crypto/ec/eck_prn.c +# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c +# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c +# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c +# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c +# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c $(OPENSSL_PATH)/crypto/err/err.c $(OPENSSL_PATH)/crypto/err/err_prn.c $(OPENSSL_PATH)/crypto/evp/bio_b64.c @@ -421,10 +426,10 @@ [Sources] $(OPENSSL_PATH)/crypto/siphash/siphash.c $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled +# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c +# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c +# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c +# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c $(OPENSSL_PATH)/crypto/sm3/m_sm3.c $(OPENSSL_PATH)/crypto/sm3/sm3.c $(OPENSSL_PATH)/crypto/sm4/sm4.c @@ -537,15 +542,15 @@ [Sources] $(OPENSSL_PATH)/crypto/conf/conf_local.h $(OPENSSL_PATH)/crypto/dh/dh_local.h $(OPENSSL_PATH)/crypto/dso/dso_local.h - $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCrypt= oPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkg= TokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgToken= SpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*= |gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled +# $(OPENSSL_PATH)/crypto/ec/ec_local.h +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h +# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h +# $(OPENSSL_PATH)/crypto/ec/curve448/field.h +# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h +# $(OPENSSL_PATH)/crypto/ec/curve448/word.h +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h $(OPENSSL_PATH)/crypto/evp/evp_local.h $(OPENSSL_PATH)/crypto/hmac/hmac_local.h $(OPENSSL_PATH)/crypto/lhash/lhash_local.h @@ -568,6 +573,57 @@ [Sources] $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h +# $(OPENSSL_PATH)/ssl/bio_ssl.c +# $(OPENSSL_PATH)/ssl/d1_lib.c +# $(OPENSSL_PATH)/ssl/d1_msg.c +# $(OPENSSL_PATH)/ssl/d1_srtp.c +# $(OPENSSL_PATH)/ssl/methods.c +# $(OPENSSL_PATH)/ssl/packet.c +# $(OPENSSL_PATH)/ssl/pqueue.c +# $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c +# $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c +# $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c +# $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c +# $(OPENSSL_PATH)/ssl/record/ssl3_record.c +# $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c +# $(OPENSSL_PATH)/ssl/s3_cbc.c +# $(OPENSSL_PATH)/ssl/s3_enc.c +# $(OPENSSL_PATH)/ssl/s3_lib.c +# $(OPENSSL_PATH)/ssl/s3_msg.c +# $(OPENSSL_PATH)/ssl/ssl_asn1.c +# $(OPENSSL_PATH)/ssl/ssl_cert.c +# $(OPENSSL_PATH)/ssl/ssl_ciph.c +# $(OPENSSL_PATH)/ssl/ssl_conf.c +# $(OPENSSL_PATH)/ssl/ssl_err.c +# $(OPENSSL_PATH)/ssl/ssl_init.c +# $(OPENSSL_PATH)/ssl/ssl_lib.c +# $(OPENSSL_PATH)/ssl/ssl_mcnf.c +# $(OPENSSL_PATH)/ssl/ssl_rsa.c +# $(OPENSSL_PATH)/ssl/ssl_sess.c +# $(OPENSSL_PATH)/ssl/ssl_stat.c +# $(OPENSSL_PATH)/ssl/ssl_txt.c +# $(OPENSSL_PATH)/ssl/ssl_utst.c +# $(OPENSSL_PATH)/ssl/statem/extensions.c +# $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c +# $(OPENSSL_PATH)/ssl/statem/extensions_cust.c +# $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c +# $(OPENSSL_PATH)/ssl/statem/statem.c +# $(OPENSSL_PATH)/ssl/statem/statem_clnt.c +# $(OPENSSL_PATH)/ssl/statem/statem_dtls.c +# $(OPENSSL_PATH)/ssl/statem/statem_lib.c +# $(OPENSSL_PATH)/ssl/statem/statem_srvr.c +# $(OPENSSL_PATH)/ssl/t1_enc.c +# $(OPENSSL_PATH)/ssl/t1_lib.c +# $(OPENSSL_PATH)/ssl/t1_trce.c +# $(OPENSSL_PATH)/ssl/tls13_enc.c +# $(OPENSSL_PATH)/ssl/tls_srp.c +# $(OPENSSL_PATH)/ssl/packet_local.h +# $(OPENSSL_PATH)/ssl/ssl_cert_table.h +# $(OPENSSL_PATH)/ssl/ssl_local.h +# $(OPENSSL_PATH)/ssl/record/record.h +# $(OPENSSL_PATH)/ssl/record/record_local.h +# $(OPENSSL_PATH)/ssl/statem/statem.h +# $(OPENSSL_PATH)/ssl/statem/statem_local.h # Autogenerated files list ends here buildinf.h ossl_store.c @@ -586,15 +642,13 @@ [LibraryClasses] [LibraryClasses.ARM] ArmSoftFloatLib =20 -[FixedPcd] - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES - [BuildOptions] # # Disables the following Visual Studio compiler warnings brought by open= ssl source, # so we do not break the build with /WX option: # C4090: 'function' : different 'const' qualifiers # C4132: 'object' : const object should be initialized (tls13_enc.c) + # C4210: nonstandard extension used: function given file scope # C4244: conversion from type1 to type2, possible loss of data # C4245: conversion from type1 to type2, signed/unsigned mismatch # C4267: conversion from size_t to type, possible loss of data @@ -606,11 +660,11 @@ [BuildOptions] # C4706: assignment within conditional expression # C4819: The file contains a character that cannot be represented in t= he current code page # - MSFT:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 = /wd4706 /wd4819 - MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 = /wd4702 /wd4706 /wd4819 + MSFT:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 = /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819 + MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 = /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819 =20 - INTEL:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) /w - INTEL:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) /w + INTEL:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w + INTEL:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w =20 # # Suppress the following build warnings in openssl so we don't break the= build with -Werror @@ -619,10 +673,10 @@ [BuildOptions] # types appropriate to the format string specified. # -Werror=3Dunused-but-set-variable: Warn whenever a local variable is= assigned to, but otherwise unused (aside from its declaration). # - GCC:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-err= or=3Dmaybe-uninitialized -Wno-error=3Dunused-but-set-variable - GCC:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-err= or=3Dmaybe-uninitialized -Wno-error=3Dformat -Wno-format -Wno-error=3Dunuse= d-but-set-variable -DNO_MSABI_VA_FUNCS + GCC:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSS= L_FLAGS_CONFIG) -Wno-error=3Dmaybe-uninitialized -Wno-error=3Dunused-but-se= t-variable + GCC:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSS= L_FLAGS_CONFIG) -Wno-error=3Dmaybe-uninitialized -Wno-error=3Dformat -Wno-f= ormat -Wno-error=3Dunused-but-set-variable -DNO_MSABI_VA_FUNCS GCC:*_*_ARM_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-error=3Dunused-but-set-variable - GCC:*_*_AARCH64_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-format -Wno-error=3Dunused-but-set-variable + GCC:*_*_AARCH64_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-format -Wno-error=3Dunused-but-set-variable -Wno-error=3Dformat GCC:*_*_RISCV64_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-format -Wno-error=3Dunused-but-set-variable GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Duninitialized GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Duninitialized @@ -647,8 +701,8 @@ [BuildOptions] # 1: ignore "#1-D: last line of file ends without a newline" # 3017: may be used before being set (NOTE: This was fixed in O= penSSL 1.1 HEAD with # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be drop= ped then.) - XCODE:*_*_IA32_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) -w -std=3Dc99 -Wno-error=3Duninitialized - XCODE:*_*_X64_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) -w -std=3Dc99 -Wno-error=3Duninitialized + XCODE:*_*_IA32_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) $(OPENSSL_FLAGS_CONFIG) -w -std=3Dc99 -Wno-error=3Duninitialized + XCODE:*_*_X64_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) $(OPENSSL_FLAGS_CONFIG) -w -std=3Dc99 -Wno-error=3Duninitialized =20 # # AARCH64 uses strict alignment and avoids SIMD registers for code that = may execute diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.uni index d3f12e178cae..462ccf4355f7 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni @@ -1,7 +1,6 @@ // /** @file -// This module provides openSSL Library implementation (libcrypto only, no= libssl). -// -// This module provides OpenSSL Library implementation (libcrypto only, no= libssl). +// This module provides OpenSSL Library implementation (libcrypto only, no +// libssl or ecc). // // Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
// @@ -9,8 +8,6 @@ // // **/ =20 +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library i= mplementation (libcrypto only, no libssl or ecc)" =20 -#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library i= mplementation (libcrypto only, no libssl)" - -#string STR_MODULE_DESCRIPTION #language en-US "This module provi= des OpenSSL Library implementation (libcrypto only, no libssl)." - +#string STR_MODULE_DESCRIPTION #language en-US "This module provi= des OpenSSL Library implementation (libcrypto only, no libssl or ecc)." diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLibFull.inf similarity index 80% copy from CryptoPkg/Library/OpensslLib/OpensslLib.inf copy to CryptoPkg/Library/OpensslLib/OpensslLibFull.inf index c899b811b149..1b5d9fa42405 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf @@ -1,5 +1,11 @@ ## @file -# This module provides OpenSSL Library implementation. +# This module provides OpenSSL Library implementation with ECC and TLS +# features. +# +# This library should be used if a module module needs ECC in TLS, or +# asymmetric cryptography services such as X509 certificate or PEM format +# data processing. This library increases the size overhead up to ~115 KB +# compared to OpensslLib.inf library instance. # # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP
@@ -9,20 +15,24 @@ =20 [Defines] INF_VERSION =3D 0x00010005 - BASE_NAME =3D OpensslLib - MODULE_UNI_FILE =3D OpensslLib.uni - FILE_GUID =3D C873A7D0-9824-409f-9B42-2C158B992E69 + BASE_NAME =3D OpensslLibFull + MODULE_UNI_FILE =3D OpensslLibFull.uni + FILE_GUID =3D AB9E2231-D8FC-433F-9F27-FA293B64FB2C MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 LIBRARY_CLASS =3D OpensslLib + CONSTRUCTOR =3D OpensslLibConstructor + DEFINE OPENSSL_PATH =3D openssl DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM + DEFINE OPENSSL_FLAGS_CONFIG =3D =20 # # VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 # =20 [Sources] + OpensslLibConstructor.c $(OPENSSL_PATH)/e_os.h $(OPENSSL_PATH)/ms/uplink.h # Autogenerated files list starts here @@ -199,43 +209,43 @@ [Sources] $(OPENSSL_PATH)/crypto/dso/dso_vms.c $(OPENSSL_PATH)/crypto/dso/dso_win32.c $(OPENSSL_PATH)/crypto/ebcdic.c - $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgT= okenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCry= ptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkg= TokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTok= enSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgToken= SpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled + $(OPENSSL_PATH)/crypto/ec/curve25519.c + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c + $(OPENSSL_PATH)/crypto/ec/ec_check.c + $(OPENSSL_PATH)/crypto/ec/ec_curve.c + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c + $(OPENSSL_PATH)/crypto/ec/ec_err.c + $(OPENSSL_PATH)/crypto/ec/ec_key.c + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c + $(OPENSSL_PATH)/crypto/ec/ec_lib.c + $(OPENSSL_PATH)/crypto/ec/ec_mult.c + $(OPENSSL_PATH)/crypto/ec/ec_oct.c + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c + $(OPENSSL_PATH)/crypto/ec/ec_print.c + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c + $(OPENSSL_PATH)/crypto/ec/eck_prn.c + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c $(OPENSSL_PATH)/crypto/err/err.c $(OPENSSL_PATH)/crypto/err/err_prn.c $(OPENSSL_PATH)/crypto/evp/bio_b64.c @@ -421,10 +431,10 @@ [Sources] $(OPENSSL_PATH)/crypto/siphash/siphash.c $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c $(OPENSSL_PATH)/crypto/sm3/m_sm3.c $(OPENSSL_PATH)/crypto/sm3/sm3.c $(OPENSSL_PATH)/crypto/sm4/sm4.c @@ -537,15 +547,15 @@ [Sources] $(OPENSSL_PATH)/crypto/conf/conf_local.h $(OPENSSL_PATH)/crypto/dh/dh_local.h $(OPENSSL_PATH)/crypto/dso/dso_local.h - $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCrypt= oPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkg= TokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgToken= SpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*= |gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled + $(OPENSSL_PATH)/crypto/ec/ec_local.h + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h + $(OPENSSL_PATH)/crypto/ec/curve448/field.h + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h + $(OPENSSL_PATH)/crypto/ec/curve448/word.h + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h $(OPENSSL_PATH)/crypto/evp/evp_local.h $(OPENSSL_PATH)/crypto/hmac/hmac_local.h $(OPENSSL_PATH)/crypto/lhash/lhash_local.h @@ -637,15 +647,13 @@ [LibraryClasses] [LibraryClasses.ARM] ArmSoftFloatLib =20 -[FixedPcd] - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES - [BuildOptions] # # Disables the following Visual Studio compiler warnings brought by open= ssl source, # so we do not break the build with /WX option: # C4090: 'function' : different 'const' qualifiers # C4132: 'object' : const object should be initialized (tls13_enc.c) + # C4210: nonstandard extension used: function given file scope # C4244: conversion from type1 to type2, possible loss of data # C4245: conversion from type1 to type2, signed/unsigned mismatch # C4267: conversion from size_t to type, possible loss of data @@ -657,11 +665,11 @@ [BuildOptions] # C4706: assignment within conditional expression # C4819: The file contains a character that cannot be represented in t= he current code page # - MSFT:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 = /wd4706 /wd4819 - MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 = /wd4702 /wd4706 /wd4819 + MSFT:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 = /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819 + MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 = /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819 =20 - INTEL:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) /w - INTEL:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) /w + INTEL:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w + INTEL:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w =20 # # Suppress the following build warnings in openssl so we don't break the= build with -Werror @@ -670,10 +678,10 @@ [BuildOptions] # types appropriate to the format string specified. # -Werror=3Dunused-but-set-variable: Warn whenever a local variable is= assigned to, but otherwise unused (aside from its declaration). # - GCC:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-err= or=3Dmaybe-uninitialized -Wno-error=3Dunused-but-set-variable - GCC:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-err= or=3Dmaybe-uninitialized -Wno-error=3Dformat -Wno-format -Wno-error=3Dunuse= d-but-set-variable -DNO_MSABI_VA_FUNCS + GCC:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSS= L_FLAGS_CONFIG) -Wno-error=3Dmaybe-uninitialized -Wno-error=3Dunused-but-se= t-variable + GCC:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSS= L_FLAGS_CONFIG) -Wno-error=3Dmaybe-uninitialized -Wno-error=3Dformat -Wno-f= ormat -Wno-error=3Dunused-but-set-variable -DNO_MSABI_VA_FUNCS GCC:*_*_ARM_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-error=3Dunused-but-set-variable - GCC:*_*_AARCH64_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-format -Wno-error=3Dunused-but-set-variable + GCC:*_*_AARCH64_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-format -Wno-error=3Dunused-but-set-variable -Wno-error=3Dformat GCC:*_*_RISCV64_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-format -Wno-error=3Dunused-but-set-variable GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Duninitialized GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Duninitialized @@ -698,8 +706,8 @@ [BuildOptions] # 1: ignore "#1-D: last line of file ends without a newline" # 3017: may be used before being set (NOTE: This was fixed in O= penSSL 1.1 HEAD with # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be drop= ped then.) - XCODE:*_*_IA32_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) -w -std=3Dc99 -Wno-error=3Duninitialized - XCODE:*_*_X64_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) -w -std=3Dc99 -Wno-error=3Duninitialized + XCODE:*_*_IA32_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) $(OPENSSL_FLAGS_CONFIG) -w -std=3Dc99 -Wno-error=3Duninitialized + XCODE:*_*_X64_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) $(OPENSSL_FLAGS_CONFIG) -w -std=3Dc99 -Wno-error=3Duninitialized =20 # # AARCH64 uses strict alignment and avoids SIMD registers for code that = may execute diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.uni b/CryptoPkg/Librar= y/OpensslLib/OpensslLibFull.uni similarity index 56% copy from CryptoPkg/Library/OpensslLib/OpensslLib.uni copy to CryptoPkg/Library/OpensslLib/OpensslLibFull.uni index abaff8a3c37f..ec50adba9f83 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.uni +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.uni @@ -1,7 +1,5 @@ // /** @file -// This module provides openSSL Library implementation. -// -// This module provides OpenSSL Library implementation. +// This module provides OpenSSL Library implementation with TLS and ECC fe= atures. // // Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
// @@ -9,8 +7,6 @@ // // **/ =20 +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library i= mplementation with TLS and ECC features" =20 -#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library i= mplementation" - -#string STR_MODULE_DESCRIPTION #language en-US "This module provi= des OpenSSL Library implementation." - +#string STR_MODULE_DESCRIPTION #language en-US "This module provi= des OpenSSL Library implementation with TLS and ECC features." diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf b/CryptoPkg= /Library/OpensslLib/OpensslLibFullAccel.inf similarity index 79% rename from CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf rename to CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf index 150a82ec7af1..3c7b33f1e512 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf @@ -1,5 +1,12 @@ ## @file -# This module provides OpenSSL Library implementation. +# This module provides OpenSSL Library implementation with ECC and TLS +# features along with performance optimized implementations of SHA1, +# SHA256, SHA512 AESNI, VPAED, and GHASH for IA32 and X64. +# +# This library should be used if a module module needs ECC in TLS, or +# asymmetric cryptography services such as X509 certificate or PEM format +# data processing. This library increases the size overhead up to ~115 KB +# compared to OpensslLibAccel.inf library instance. # # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP
@@ -9,33 +16,27 @@ =20 [Defines] INF_VERSION =3D 0x00010005 - BASE_NAME =3D OpensslLibIa32Gcc - MODULE_UNI_FILE =3D OpensslLib.uni - FILE_GUID =3D B1B32F26-A4E1-4D38-9E34-53A148B8EB11 + BASE_NAME =3D OpensslLibFullAccel + MODULE_UNI_FILE =3D OpensslLibFullAccel.uni + FILE_GUID =3D AC649FB2-ADCF-450A-9C61-ED3CAFF12864 MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 LIBRARY_CLASS =3D OpensslLib + CONSTRUCTOR =3D OpensslLibConstructor + DEFINE OPENSSL_PATH =3D openssl DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE DEFINE OPENSSL_FLAGS_CONFIG =3D -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA2= 56_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM - CONSTRUCTOR =3D OpensslLibConstructor =20 # -# VALID_ARCHITECTURES =3D IA32 +# VALID_ARCHITECTURES =3D IA32 X64 # =20 -[Sources.IA32] +[Sources] OpensslLibConstructor.c $(OPENSSL_PATH)/e_os.h $(OPENSSL_PATH)/ms/uplink.h # Autogenerated files list starts here - IA32Gcc/crypto/aes/aesni-x86.S - IA32Gcc/crypto/aes/vpaes-x86.S - IA32Gcc/crypto/modes/ghash-x86.S - IA32Gcc/crypto/sha/sha1-586.S - IA32Gcc/crypto/sha/sha256-586.S - IA32Gcc/crypto/sha/sha512-586.S - IA32Gcc/crypto/x86cpuid.S $(OPENSSL_PATH)/crypto/aes/aes_cbc.c $(OPENSSL_PATH)/crypto/aes/aes_cfb.c $(OPENSSL_PATH)/crypto/aes/aes_core.c @@ -209,43 +210,43 @@ [Sources.IA32] $(OPENSSL_PATH)/crypto/dso/dso_vms.c $(OPENSSL_PATH)/crypto/dso/dso_win32.c $(OPENSSL_PATH)/crypto/ebcdic.c - $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgT= okenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCry= ptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkg= TokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTok= enSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgToken= SpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled + $(OPENSSL_PATH)/crypto/ec/curve25519.c + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c + $(OPENSSL_PATH)/crypto/ec/ec_check.c + $(OPENSSL_PATH)/crypto/ec/ec_curve.c + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c + $(OPENSSL_PATH)/crypto/ec/ec_err.c + $(OPENSSL_PATH)/crypto/ec/ec_key.c + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c + $(OPENSSL_PATH)/crypto/ec/ec_lib.c + $(OPENSSL_PATH)/crypto/ec/ec_mult.c + $(OPENSSL_PATH)/crypto/ec/ec_oct.c + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c + $(OPENSSL_PATH)/crypto/ec/ec_print.c + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c + $(OPENSSL_PATH)/crypto/ec/eck_prn.c + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c $(OPENSSL_PATH)/crypto/err/err.c $(OPENSSL_PATH)/crypto/err/err_prn.c $(OPENSSL_PATH)/crypto/evp/bio_b64.c @@ -324,6 +325,7 @@ [Sources.IA32] $(OPENSSL_PATH)/crypto/md5/md5_dgst.c $(OPENSSL_PATH)/crypto/md5/md5_one.c $(OPENSSL_PATH)/crypto/mem.c +# $(OPENSSL_PATH)/crypto/mem_clr.c # Replaced by assembly optimized NAS= M/S files $(OPENSSL_PATH)/crypto/mem_dbg.c $(OPENSSL_PATH)/crypto/mem_sec.c $(OPENSSL_PATH)/crypto/modes/cbc128.c @@ -430,10 +432,10 @@ [Sources.IA32] $(OPENSSL_PATH)/crypto/siphash/siphash.c $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c $(OPENSSL_PATH)/crypto/sm3/m_sm3.c $(OPENSSL_PATH)/crypto/sm3/sm3.c $(OPENSSL_PATH)/crypto/sm4/sm4.c @@ -546,15 +548,15 @@ [Sources.IA32] $(OPENSSL_PATH)/crypto/conf/conf_local.h $(OPENSSL_PATH)/crypto/dh/dh_local.h $(OPENSSL_PATH)/crypto/dso/dso_local.h - $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCrypt= oPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkg= TokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgToken= SpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*= |gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled + $(OPENSSL_PATH)/crypto/ec/ec_local.h + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h + $(OPENSSL_PATH)/crypto/ec/curve448/field.h + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h + $(OPENSSL_PATH)/crypto/ec/curve448/word.h + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h $(OPENSSL_PATH)/crypto/evp/evp_local.h $(OPENSSL_PATH)/crypto/hmac/hmac_local.h $(OPENSSL_PATH)/crypto/lhash/lhash_local.h @@ -633,6 +635,53 @@ [Sources.IA32] ossl_store.c rand_pool.c =20 +[Sources.IA32] + IA32/crypto/aes/aesni-x86.nasm | MSFT + IA32/crypto/aes/vpaes-x86.nasm | MSFT + IA32/crypto/modes/ghash-x86.nasm | MSFT + IA32/crypto/sha/sha1-586.nasm | MSFT + IA32/crypto/sha/sha256-586.nasm | MSFT + IA32/crypto/sha/sha512-586.nasm | MSFT + IA32/crypto/x86cpuid.nasm | MSFT + + IA32Gcc/crypto/aes/aesni-x86.S | GCC + IA32Gcc/crypto/aes/vpaes-x86.S | GCC + IA32Gcc/crypto/modes/ghash-x86.S | GCC + IA32Gcc/crypto/sha/sha1-586.S | GCC + IA32Gcc/crypto/sha/sha256-586.S | GCC + IA32Gcc/crypto/sha/sha512-586.S | GCC + IA32Gcc/crypto/x86cpuid.S | GCC + +[Sources.X64] + X64/ApiHooks.c + X64/crypto/aes/aesni-mb-x86_64.nasm | MSFT + X64/crypto/aes/aesni-sha1-x86_64.nasm | MSFT + X64/crypto/aes/aesni-sha256-x86_64.nasm | MSFT + X64/crypto/aes/aesni-x86_64.nasm | MSFT + X64/crypto/aes/vpaes-x86_64.nasm | MSFT + X64/crypto/modes/aesni-gcm-x86_64.nasm | MSFT + X64/crypto/modes/ghash-x86_64.nasm | MSFT + X64/crypto/sha/sha1-mb-x86_64.nasm | MSFT + X64/crypto/sha/sha1-x86_64.nasm | MSFT + X64/crypto/sha/sha256-mb-x86_64.nasm | MSFT + X64/crypto/sha/sha256-x86_64.nasm | MSFT + X64/crypto/sha/sha512-x86_64.nasm | MSFT + X64/crypto/x86_64cpuid.nasm | MSFT + + X64Gcc/crypto/aes/aesni-mb-x86_64.S | GCC + X64Gcc/crypto/aes/aesni-sha1-x86_64.S | GCC + X64Gcc/crypto/aes/aesni-sha256-x86_64.S | GCC + X64Gcc/crypto/aes/aesni-x86_64.S | GCC + X64Gcc/crypto/aes/vpaes-x86_64.S | GCC + X64Gcc/crypto/modes/aesni-gcm-x86_64.S | GCC + X64Gcc/crypto/modes/ghash-x86_64.S | GCC + X64Gcc/crypto/sha/sha1-mb-x86_64.S | GCC + X64Gcc/crypto/sha/sha1-x86_64.S | GCC + X64Gcc/crypto/sha/sha256-mb-x86_64.S | GCC + X64Gcc/crypto/sha/sha256-x86_64.S | GCC + X64Gcc/crypto/sha/sha512-x86_64.S | GCC + X64Gcc/crypto/x86_64cpuid.S | GCC + [Packages] MdePkg/MdePkg.dec CryptoPkg/CryptoPkg.dec @@ -643,9 +692,6 @@ [LibraryClasses] RngLib PrintLib =20 -[FixedPcd] - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES - [BuildOptions] # # Disables the following Visual Studio compiler warnings brought by open= ssl source, @@ -665,8 +711,10 @@ [BuildOptions] # C4819: The file contains a character that cannot be represented in t= he current code page # MSFT:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 = /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819 + MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 = /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819 =20 INTEL:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w + INTEL:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w =20 # # Suppress the following build warnings in openssl so we don't break the= build with -Werror @@ -675,7 +723,11 @@ [BuildOptions] # types appropriate to the format string specified. # -Werror=3Dunused-but-set-variable: Warn whenever a local variable is= assigned to, but otherwise unused (aside from its declaration). # - GCC:*_*_IA32_CC_FLAGS =3D -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) = $(OPENSSL_FLAGS_CONFIG) -Wno-error=3Dmaybe-uninitialized -Wno-error=3Dunuse= d-but-set-variable + GCC:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSS= L_FLAGS_CONFIG) -Wno-error=3Dmaybe-uninitialized -Wno-error=3Dunused-but-se= t-variable + GCC:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSS= L_FLAGS_CONFIG) -Wno-error=3Dmaybe-uninitialized -Wno-error=3Dformat -Wno-f= ormat -Wno-error=3Dunused-but-set-variable -DNO_MSABI_VA_FUNCS + GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Duninitialized + GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Duninitialized + GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Duninitialized -Wno= -error=3Dincompatible-pointer-types -Wno-error=3Dpointer-sign -Wno-error=3D= implicit-function-declaration -Wno-error=3Dignored-pragma-optimize =20 # suppress the following warnings in openssl so we don't break the build= with warnings-as-errors: # 1295: Deprecated declaration - give arg types @@ -697,3 +749,4 @@ [BuildOptions] # 3017: may be used before being set (NOTE: This was fixed in O= penSSL 1.1 HEAD with # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be drop= ped then.) XCODE:*_*_IA32_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) $(OPENSSL_FLAGS_CONFIG) -w -std=3Dc99 -Wno-error=3Duninitialized + XCODE:*_*_X64_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) $(OPENSSL_FLAGS_CONFIG) -w -std=3Dc99 -Wno-error=3Duninitialized diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni b/CryptoP= kg/Library/OpensslLib/OpensslLibFullAccel.uni new file mode 100644 index 000000000000..b8453b6c902e --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni @@ -0,0 +1,14 @@ +// /** @file +// This module provides openSSL Library implementation with ECC and TLS +// features along with performance optimized implementations of SHA1, +// SHA256, SHA512 AESNI, VPAED, and GHASH for IA32 and X64. +// +// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library i= mplementation with TLS and ECC features and performance optimizations" + +#string STR_MODULE_DESCRIPTION #language en-US "This module provi= des OpenSSL Library implementation with TLS and ECC features and performanc= e optimizations." diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf b/CryptoPkg/Lib= rary/OpensslLib/OpensslLibX64.inf deleted file mode 100644 index 5e92ba0844d5..000000000000 --- a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf +++ /dev/null @@ -1,706 +0,0 @@ -## @file -# This module provides OpenSSL Library implementation. -# -# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
-# (C) Copyright 2020 Hewlett Packard Enterprise Development LP
-# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION =3D 0x00010005 - BASE_NAME =3D OpensslLibX64 - MODULE_UNI_FILE =3D OpensslLib.uni - FILE_GUID =3D 18125E50-0117-4DD0-BE54-4784AD995FEF - MODULE_TYPE =3D BASE - VERSION_STRING =3D 1.0 - LIBRARY_CLASS =3D OpensslLib - DEFINE OPENSSL_PATH =3D openssl - DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE - DEFINE OPENSSL_FLAGS_CONFIG =3D -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA2= 56_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM - CONSTRUCTOR =3D OpensslLibConstructor - -# -# VALID_ARCHITECTURES =3D X64 -# - -[Sources.X64] - OpensslLibConstructor.c - $(OPENSSL_PATH)/e_os.h - $(OPENSSL_PATH)/ms/uplink.h -# Autogenerated files list starts here - X64/crypto/aes/aesni-mb-x86_64.nasm - X64/crypto/aes/aesni-sha1-x86_64.nasm - X64/crypto/aes/aesni-sha256-x86_64.nasm - X64/crypto/aes/aesni-x86_64.nasm - X64/crypto/aes/vpaes-x86_64.nasm - X64/crypto/modes/aesni-gcm-x86_64.nasm - X64/crypto/modes/ghash-x86_64.nasm - X64/crypto/sha/sha1-mb-x86_64.nasm - X64/crypto/sha/sha1-x86_64.nasm - X64/crypto/sha/sha256-mb-x86_64.nasm - X64/crypto/sha/sha256-x86_64.nasm - X64/crypto/sha/sha512-x86_64.nasm - X64/crypto/x86_64cpuid.nasm - $(OPENSSL_PATH)/crypto/aes/aes_cbc.c - $(OPENSSL_PATH)/crypto/aes/aes_cfb.c - $(OPENSSL_PATH)/crypto/aes/aes_core.c - $(OPENSSL_PATH)/crypto/aes/aes_ige.c - $(OPENSSL_PATH)/crypto/aes/aes_misc.c - $(OPENSSL_PATH)/crypto/aes/aes_ofb.c - $(OPENSSL_PATH)/crypto/aes/aes_wrap.c - $(OPENSSL_PATH)/crypto/aria/aria.c - $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c - $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c - $(OPENSSL_PATH)/crypto/asn1/a_digest.c - $(OPENSSL_PATH)/crypto/asn1/a_dup.c - $(OPENSSL_PATH)/crypto/asn1/a_gentm.c - $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c - $(OPENSSL_PATH)/crypto/asn1/a_int.c - $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c - $(OPENSSL_PATH)/crypto/asn1/a_object.c - $(OPENSSL_PATH)/crypto/asn1/a_octet.c - $(OPENSSL_PATH)/crypto/asn1/a_print.c - $(OPENSSL_PATH)/crypto/asn1/a_sign.c - $(OPENSSL_PATH)/crypto/asn1/a_strex.c - $(OPENSSL_PATH)/crypto/asn1/a_strnid.c - $(OPENSSL_PATH)/crypto/asn1/a_time.c - $(OPENSSL_PATH)/crypto/asn1/a_type.c - $(OPENSSL_PATH)/crypto/asn1/a_utctm.c - $(OPENSSL_PATH)/crypto/asn1/a_utf8.c - $(OPENSSL_PATH)/crypto/asn1/a_verify.c - $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c - $(OPENSSL_PATH)/crypto/asn1/asn1_err.c - $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c - $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c - $(OPENSSL_PATH)/crypto/asn1/asn1_par.c - $(OPENSSL_PATH)/crypto/asn1/asn_mime.c - $(OPENSSL_PATH)/crypto/asn1/asn_moid.c - $(OPENSSL_PATH)/crypto/asn1/asn_mstbl.c - $(OPENSSL_PATH)/crypto/asn1/asn_pack.c - $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c - $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c - $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c - $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c - $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c - $(OPENSSL_PATH)/crypto/asn1/f_int.c - $(OPENSSL_PATH)/crypto/asn1/f_string.c - $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c - $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c - $(OPENSSL_PATH)/crypto/asn1/n_pkey.c - $(OPENSSL_PATH)/crypto/asn1/nsseq.c - $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c - $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c - $(OPENSSL_PATH)/crypto/asn1/p5_scrypt.c - $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c - $(OPENSSL_PATH)/crypto/asn1/t_bitst.c - $(OPENSSL_PATH)/crypto/asn1/t_pkey.c - $(OPENSSL_PATH)/crypto/asn1/t_spki.c - $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c - $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c - $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c - $(OPENSSL_PATH)/crypto/asn1/tasn_new.c - $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c - $(OPENSSL_PATH)/crypto/asn1/tasn_scn.c - $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c - $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c - $(OPENSSL_PATH)/crypto/asn1/x_algor.c - $(OPENSSL_PATH)/crypto/asn1/x_bignum.c - $(OPENSSL_PATH)/crypto/asn1/x_info.c - $(OPENSSL_PATH)/crypto/asn1/x_int64.c - $(OPENSSL_PATH)/crypto/asn1/x_long.c - $(OPENSSL_PATH)/crypto/asn1/x_pkey.c - $(OPENSSL_PATH)/crypto/asn1/x_sig.c - $(OPENSSL_PATH)/crypto/asn1/x_spki.c - $(OPENSSL_PATH)/crypto/asn1/x_val.c - $(OPENSSL_PATH)/crypto/async/arch/async_null.c - $(OPENSSL_PATH)/crypto/async/arch/async_posix.c - $(OPENSSL_PATH)/crypto/async/arch/async_win.c - $(OPENSSL_PATH)/crypto/async/async.c - $(OPENSSL_PATH)/crypto/async/async_err.c - $(OPENSSL_PATH)/crypto/async/async_wait.c - $(OPENSSL_PATH)/crypto/bio/b_addr.c - $(OPENSSL_PATH)/crypto/bio/b_dump.c - $(OPENSSL_PATH)/crypto/bio/b_sock.c - $(OPENSSL_PATH)/crypto/bio/b_sock2.c - $(OPENSSL_PATH)/crypto/bio/bf_buff.c - $(OPENSSL_PATH)/crypto/bio/bf_lbuf.c - $(OPENSSL_PATH)/crypto/bio/bf_nbio.c - $(OPENSSL_PATH)/crypto/bio/bf_null.c - $(OPENSSL_PATH)/crypto/bio/bio_cb.c - $(OPENSSL_PATH)/crypto/bio/bio_err.c - $(OPENSSL_PATH)/crypto/bio/bio_lib.c - $(OPENSSL_PATH)/crypto/bio/bio_meth.c - $(OPENSSL_PATH)/crypto/bio/bss_acpt.c - $(OPENSSL_PATH)/crypto/bio/bss_bio.c - $(OPENSSL_PATH)/crypto/bio/bss_conn.c - $(OPENSSL_PATH)/crypto/bio/bss_dgram.c - $(OPENSSL_PATH)/crypto/bio/bss_fd.c - $(OPENSSL_PATH)/crypto/bio/bss_file.c - $(OPENSSL_PATH)/crypto/bio/bss_log.c - $(OPENSSL_PATH)/crypto/bio/bss_mem.c - $(OPENSSL_PATH)/crypto/bio/bss_null.c - $(OPENSSL_PATH)/crypto/bio/bss_sock.c - $(OPENSSL_PATH)/crypto/bn/bn_add.c - $(OPENSSL_PATH)/crypto/bn/bn_asm.c - $(OPENSSL_PATH)/crypto/bn/bn_blind.c - $(OPENSSL_PATH)/crypto/bn/bn_const.c - $(OPENSSL_PATH)/crypto/bn/bn_ctx.c - $(OPENSSL_PATH)/crypto/bn/bn_depr.c - $(OPENSSL_PATH)/crypto/bn/bn_dh.c - $(OPENSSL_PATH)/crypto/bn/bn_div.c - $(OPENSSL_PATH)/crypto/bn/bn_err.c - $(OPENSSL_PATH)/crypto/bn/bn_exp.c - $(OPENSSL_PATH)/crypto/bn/bn_exp2.c - $(OPENSSL_PATH)/crypto/bn/bn_gcd.c - $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c - $(OPENSSL_PATH)/crypto/bn/bn_intern.c - $(OPENSSL_PATH)/crypto/bn/bn_kron.c - $(OPENSSL_PATH)/crypto/bn/bn_lib.c - $(OPENSSL_PATH)/crypto/bn/bn_mod.c - $(OPENSSL_PATH)/crypto/bn/bn_mont.c - $(OPENSSL_PATH)/crypto/bn/bn_mpi.c - $(OPENSSL_PATH)/crypto/bn/bn_mul.c - $(OPENSSL_PATH)/crypto/bn/bn_nist.c - $(OPENSSL_PATH)/crypto/bn/bn_prime.c - $(OPENSSL_PATH)/crypto/bn/bn_print.c - $(OPENSSL_PATH)/crypto/bn/bn_rand.c - $(OPENSSL_PATH)/crypto/bn/bn_recp.c - $(OPENSSL_PATH)/crypto/bn/bn_shift.c - $(OPENSSL_PATH)/crypto/bn/bn_sqr.c - $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c - $(OPENSSL_PATH)/crypto/bn/bn_srp.c - $(OPENSSL_PATH)/crypto/bn/bn_word.c - $(OPENSSL_PATH)/crypto/bn/bn_x931p.c - $(OPENSSL_PATH)/crypto/buffer/buf_err.c - $(OPENSSL_PATH)/crypto/buffer/buffer.c - $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c - $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c - $(OPENSSL_PATH)/crypto/cmac/cmac.c - $(OPENSSL_PATH)/crypto/comp/c_zlib.c - $(OPENSSL_PATH)/crypto/comp/comp_err.c - $(OPENSSL_PATH)/crypto/comp/comp_lib.c - $(OPENSSL_PATH)/crypto/conf/conf_api.c - $(OPENSSL_PATH)/crypto/conf/conf_def.c - $(OPENSSL_PATH)/crypto/conf/conf_err.c - $(OPENSSL_PATH)/crypto/conf/conf_lib.c - $(OPENSSL_PATH)/crypto/conf/conf_mall.c - $(OPENSSL_PATH)/crypto/conf/conf_mod.c - $(OPENSSL_PATH)/crypto/conf/conf_sap.c - $(OPENSSL_PATH)/crypto/conf/conf_ssl.c - $(OPENSSL_PATH)/crypto/cpt_err.c - $(OPENSSL_PATH)/crypto/cryptlib.c - $(OPENSSL_PATH)/crypto/ctype.c - $(OPENSSL_PATH)/crypto/cversion.c - $(OPENSSL_PATH)/crypto/dh/dh_ameth.c - $(OPENSSL_PATH)/crypto/dh/dh_asn1.c - $(OPENSSL_PATH)/crypto/dh/dh_check.c - $(OPENSSL_PATH)/crypto/dh/dh_depr.c - $(OPENSSL_PATH)/crypto/dh/dh_err.c - $(OPENSSL_PATH)/crypto/dh/dh_gen.c - $(OPENSSL_PATH)/crypto/dh/dh_kdf.c - $(OPENSSL_PATH)/crypto/dh/dh_key.c - $(OPENSSL_PATH)/crypto/dh/dh_lib.c - $(OPENSSL_PATH)/crypto/dh/dh_meth.c - $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c - $(OPENSSL_PATH)/crypto/dh/dh_prn.c - $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c - $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c - $(OPENSSL_PATH)/crypto/dso/dso_dl.c - $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c - $(OPENSSL_PATH)/crypto/dso/dso_err.c - $(OPENSSL_PATH)/crypto/dso/dso_lib.c - $(OPENSSL_PATH)/crypto/dso/dso_openssl.c - $(OPENSSL_PATH)/crypto/dso/dso_vms.c - $(OPENSSL_PATH)/crypto/dso/dso_win32.c - $(OPENSSL_PATH)/crypto/ebcdic.c - $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgT= okenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCry= ptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkg= TokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTok= enSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgToken= SpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/err/err.c - $(OPENSSL_PATH)/crypto/err/err_prn.c - $(OPENSSL_PATH)/crypto/evp/bio_b64.c - $(OPENSSL_PATH)/crypto/evp/bio_enc.c - $(OPENSSL_PATH)/crypto/evp/bio_md.c - $(OPENSSL_PATH)/crypto/evp/bio_ok.c - $(OPENSSL_PATH)/crypto/evp/c_allc.c - $(OPENSSL_PATH)/crypto/evp/c_alld.c - $(OPENSSL_PATH)/crypto/evp/cmeth_lib.c - $(OPENSSL_PATH)/crypto/evp/digest.c - $(OPENSSL_PATH)/crypto/evp/e_aes.c - $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c - $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c - $(OPENSSL_PATH)/crypto/evp/e_aria.c - $(OPENSSL_PATH)/crypto/evp/e_bf.c - $(OPENSSL_PATH)/crypto/evp/e_camellia.c - $(OPENSSL_PATH)/crypto/evp/e_cast.c - $(OPENSSL_PATH)/crypto/evp/e_chacha20_poly1305.c - $(OPENSSL_PATH)/crypto/evp/e_des.c - $(OPENSSL_PATH)/crypto/evp/e_des3.c - $(OPENSSL_PATH)/crypto/evp/e_idea.c - $(OPENSSL_PATH)/crypto/evp/e_null.c - $(OPENSSL_PATH)/crypto/evp/e_old.c - $(OPENSSL_PATH)/crypto/evp/e_rc2.c - $(OPENSSL_PATH)/crypto/evp/e_rc4.c - $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c - $(OPENSSL_PATH)/crypto/evp/e_rc5.c - $(OPENSSL_PATH)/crypto/evp/e_seed.c - $(OPENSSL_PATH)/crypto/evp/e_sm4.c - $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c - $(OPENSSL_PATH)/crypto/evp/encode.c - $(OPENSSL_PATH)/crypto/evp/evp_cnf.c - $(OPENSSL_PATH)/crypto/evp/evp_enc.c - $(OPENSSL_PATH)/crypto/evp/evp_err.c - $(OPENSSL_PATH)/crypto/evp/evp_key.c - $(OPENSSL_PATH)/crypto/evp/evp_lib.c - $(OPENSSL_PATH)/crypto/evp/evp_pbe.c - $(OPENSSL_PATH)/crypto/evp/evp_pkey.c - $(OPENSSL_PATH)/crypto/evp/m_md2.c - $(OPENSSL_PATH)/crypto/evp/m_md4.c - $(OPENSSL_PATH)/crypto/evp/m_md5.c - $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c - $(OPENSSL_PATH)/crypto/evp/m_mdc2.c - $(OPENSSL_PATH)/crypto/evp/m_null.c - $(OPENSSL_PATH)/crypto/evp/m_ripemd.c - $(OPENSSL_PATH)/crypto/evp/m_sha1.c - $(OPENSSL_PATH)/crypto/evp/m_sha3.c - $(OPENSSL_PATH)/crypto/evp/m_sigver.c - $(OPENSSL_PATH)/crypto/evp/m_wp.c - $(OPENSSL_PATH)/crypto/evp/names.c - $(OPENSSL_PATH)/crypto/evp/p5_crpt.c - $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c - $(OPENSSL_PATH)/crypto/evp/p_dec.c - $(OPENSSL_PATH)/crypto/evp/p_enc.c - $(OPENSSL_PATH)/crypto/evp/p_lib.c - $(OPENSSL_PATH)/crypto/evp/p_open.c - $(OPENSSL_PATH)/crypto/evp/p_seal.c - $(OPENSSL_PATH)/crypto/evp/p_sign.c - $(OPENSSL_PATH)/crypto/evp/p_verify.c - $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c - $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c - $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c - $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c - $(OPENSSL_PATH)/crypto/ex_data.c - $(OPENSSL_PATH)/crypto/getenv.c - $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c - $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c - $(OPENSSL_PATH)/crypto/hmac/hmac.c - $(OPENSSL_PATH)/crypto/init.c - $(OPENSSL_PATH)/crypto/kdf/hkdf.c - $(OPENSSL_PATH)/crypto/kdf/kdf_err.c - $(OPENSSL_PATH)/crypto/kdf/scrypt.c - $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c - $(OPENSSL_PATH)/crypto/lhash/lh_stats.c - $(OPENSSL_PATH)/crypto/lhash/lhash.c - $(OPENSSL_PATH)/crypto/md5/md5_dgst.c - $(OPENSSL_PATH)/crypto/md5/md5_one.c - $(OPENSSL_PATH)/crypto/mem.c - $(OPENSSL_PATH)/crypto/mem_dbg.c - $(OPENSSL_PATH)/crypto/mem_sec.c - $(OPENSSL_PATH)/crypto/modes/cbc128.c - $(OPENSSL_PATH)/crypto/modes/ccm128.c - $(OPENSSL_PATH)/crypto/modes/cfb128.c - $(OPENSSL_PATH)/crypto/modes/ctr128.c - $(OPENSSL_PATH)/crypto/modes/cts128.c - $(OPENSSL_PATH)/crypto/modes/gcm128.c - $(OPENSSL_PATH)/crypto/modes/ocb128.c - $(OPENSSL_PATH)/crypto/modes/ofb128.c - $(OPENSSL_PATH)/crypto/modes/wrap128.c - $(OPENSSL_PATH)/crypto/modes/xts128.c - $(OPENSSL_PATH)/crypto/o_dir.c - $(OPENSSL_PATH)/crypto/o_fips.c - $(OPENSSL_PATH)/crypto/o_fopen.c - $(OPENSSL_PATH)/crypto/o_init.c - $(OPENSSL_PATH)/crypto/o_str.c - $(OPENSSL_PATH)/crypto/o_time.c - $(OPENSSL_PATH)/crypto/objects/o_names.c - $(OPENSSL_PATH)/crypto/objects/obj_dat.c - $(OPENSSL_PATH)/crypto/objects/obj_err.c - $(OPENSSL_PATH)/crypto/objects/obj_lib.c - $(OPENSSL_PATH)/crypto/objects/obj_xref.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c - $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c - $(OPENSSL_PATH)/crypto/pem/pem_all.c - $(OPENSSL_PATH)/crypto/pem/pem_err.c - $(OPENSSL_PATH)/crypto/pem/pem_info.c - $(OPENSSL_PATH)/crypto/pem/pem_lib.c - $(OPENSSL_PATH)/crypto/pem/pem_oth.c - $(OPENSSL_PATH)/crypto/pem/pem_pk8.c - $(OPENSSL_PATH)/crypto/pem/pem_pkey.c - $(OPENSSL_PATH)/crypto/pem/pem_sign.c - $(OPENSSL_PATH)/crypto/pem/pem_x509.c - $(OPENSSL_PATH)/crypto/pem/pem_xaux.c - $(OPENSSL_PATH)/crypto/pem/pvkfmt.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c - $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c - $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c - $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c - $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c - $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c - $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c - $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c - $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c - $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c - $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c - $(OPENSSL_PATH)/crypto/rand/drbg_lib.c - $(OPENSSL_PATH)/crypto/rand/rand_egd.c - $(OPENSSL_PATH)/crypto/rand/rand_err.c - $(OPENSSL_PATH)/crypto/rand/rand_lib.c - $(OPENSSL_PATH)/crypto/rand/rand_unix.c - $(OPENSSL_PATH)/crypto/rand/rand_vms.c - $(OPENSSL_PATH)/crypto/rand/rand_win.c - $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c - $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c - $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c - $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c - $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c - $(OPENSSL_PATH)/crypto/rsa/rsa_err.c - $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c - $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c - $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c - $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c - $(OPENSSL_PATH)/crypto/rsa/rsa_none.c - $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c - $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c - $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c - $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c - $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c - $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c - $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c - $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c - $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c - $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c - $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c - $(OPENSSL_PATH)/crypto/sha/keccak1600.c - $(OPENSSL_PATH)/crypto/sha/sha1_one.c - $(OPENSSL_PATH)/crypto/sha/sha1dgst.c - $(OPENSSL_PATH)/crypto/sha/sha256.c - $(OPENSSL_PATH)/crypto/sha/sha512.c - $(OPENSSL_PATH)/crypto/siphash/siphash.c - $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c - $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm3/m_sm3.c - $(OPENSSL_PATH)/crypto/sm3/sm3.c - $(OPENSSL_PATH)/crypto/sm4/sm4.c - $(OPENSSL_PATH)/crypto/stack/stack.c - $(OPENSSL_PATH)/crypto/threads_none.c - $(OPENSSL_PATH)/crypto/threads_pthread.c - $(OPENSSL_PATH)/crypto/threads_win.c - $(OPENSSL_PATH)/crypto/txt_db/txt_db.c - $(OPENSSL_PATH)/crypto/ui/ui_err.c - $(OPENSSL_PATH)/crypto/ui/ui_lib.c - $(OPENSSL_PATH)/crypto/ui/ui_null.c - $(OPENSSL_PATH)/crypto/ui/ui_openssl.c - $(OPENSSL_PATH)/crypto/ui/ui_util.c - $(OPENSSL_PATH)/crypto/uid.c - $(OPENSSL_PATH)/crypto/x509/by_dir.c - $(OPENSSL_PATH)/crypto/x509/by_file.c - $(OPENSSL_PATH)/crypto/x509/t_crl.c - $(OPENSSL_PATH)/crypto/x509/t_req.c - $(OPENSSL_PATH)/crypto/x509/t_x509.c - $(OPENSSL_PATH)/crypto/x509/x509_att.c - $(OPENSSL_PATH)/crypto/x509/x509_cmp.c - $(OPENSSL_PATH)/crypto/x509/x509_d2.c - $(OPENSSL_PATH)/crypto/x509/x509_def.c - $(OPENSSL_PATH)/crypto/x509/x509_err.c - $(OPENSSL_PATH)/crypto/x509/x509_ext.c - $(OPENSSL_PATH)/crypto/x509/x509_lu.c - $(OPENSSL_PATH)/crypto/x509/x509_meth.c - $(OPENSSL_PATH)/crypto/x509/x509_obj.c - $(OPENSSL_PATH)/crypto/x509/x509_r2x.c - $(OPENSSL_PATH)/crypto/x509/x509_req.c - $(OPENSSL_PATH)/crypto/x509/x509_set.c - $(OPENSSL_PATH)/crypto/x509/x509_trs.c - $(OPENSSL_PATH)/crypto/x509/x509_txt.c - $(OPENSSL_PATH)/crypto/x509/x509_v3.c - $(OPENSSL_PATH)/crypto/x509/x509_vfy.c - $(OPENSSL_PATH)/crypto/x509/x509_vpm.c - $(OPENSSL_PATH)/crypto/x509/x509cset.c - $(OPENSSL_PATH)/crypto/x509/x509name.c - $(OPENSSL_PATH)/crypto/x509/x509rset.c - $(OPENSSL_PATH)/crypto/x509/x509spki.c - $(OPENSSL_PATH)/crypto/x509/x509type.c - $(OPENSSL_PATH)/crypto/x509/x_all.c - $(OPENSSL_PATH)/crypto/x509/x_attrib.c - $(OPENSSL_PATH)/crypto/x509/x_crl.c - $(OPENSSL_PATH)/crypto/x509/x_exten.c - $(OPENSSL_PATH)/crypto/x509/x_name.c - $(OPENSSL_PATH)/crypto/x509/x_pubkey.c - $(OPENSSL_PATH)/crypto/x509/x_req.c - $(OPENSSL_PATH)/crypto/x509/x_x509.c - $(OPENSSL_PATH)/crypto/x509/x_x509a.c - $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c - $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c - $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c - $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c - $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c - $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c - $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c - $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c - $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c - $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c - $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c - $(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c - $(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c - $(OPENSSL_PATH)/crypto/x509v3/v3_conf.c - $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c - $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c - $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c - $(OPENSSL_PATH)/crypto/x509v3/v3_extku.c - $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c - $(OPENSSL_PATH)/crypto/x509v3/v3_ia5.c - $(OPENSSL_PATH)/crypto/x509v3/v3_info.c - $(OPENSSL_PATH)/crypto/x509v3/v3_int.c - $(OPENSSL_PATH)/crypto/x509v3/v3_lib.c - $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c - $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c - $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c - $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c - $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c - $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c - $(OPENSSL_PATH)/crypto/x509v3/v3_prn.c - $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c - $(OPENSSL_PATH)/crypto/x509v3/v3_skey.c - $(OPENSSL_PATH)/crypto/x509v3/v3_sxnet.c - $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c - $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c - $(OPENSSL_PATH)/crypto/x509v3/v3err.c - $(OPENSSL_PATH)/crypto/arm_arch.h - $(OPENSSL_PATH)/crypto/mips_arch.h - $(OPENSSL_PATH)/crypto/ppc_arch.h - $(OPENSSL_PATH)/crypto/s390x_arch.h - $(OPENSSL_PATH)/crypto/sparc_arch.h - $(OPENSSL_PATH)/crypto/vms_rms.h - $(OPENSSL_PATH)/crypto/aes/aes_local.h - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h - $(OPENSSL_PATH)/crypto/asn1/asn1_local.h - $(OPENSSL_PATH)/crypto/asn1/charmap.h - $(OPENSSL_PATH)/crypto/asn1/standard_methods.h - $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h - $(OPENSSL_PATH)/crypto/async/async_local.h - $(OPENSSL_PATH)/crypto/async/arch/async_null.h - $(OPENSSL_PATH)/crypto/async/arch/async_posix.h - $(OPENSSL_PATH)/crypto/async/arch/async_win.h - $(OPENSSL_PATH)/crypto/bio/bio_local.h - $(OPENSSL_PATH)/crypto/bn/bn_local.h - $(OPENSSL_PATH)/crypto/bn/bn_prime.h - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h - $(OPENSSL_PATH)/crypto/comp/comp_local.h - $(OPENSSL_PATH)/crypto/conf/conf_def.h - $(OPENSSL_PATH)/crypto/conf/conf_local.h - $(OPENSSL_PATH)/crypto/dh/dh_local.h - $(OPENSSL_PATH)/crypto/dso/dso_local.h - $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCrypt= oPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkg= TokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgToken= SpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*= |gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/evp/evp_local.h - $(OPENSSL_PATH)/crypto/hmac/hmac_local.h - $(OPENSSL_PATH)/crypto/lhash/lhash_local.h - $(OPENSSL_PATH)/crypto/md5/md5_local.h - $(OPENSSL_PATH)/crypto/modes/modes_local.h - $(OPENSSL_PATH)/crypto/objects/obj_dat.h - $(OPENSSL_PATH)/crypto/objects/obj_local.h - $(OPENSSL_PATH)/crypto/objects/obj_xref.h - $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h - $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h - $(OPENSSL_PATH)/crypto/rand/rand_local.h - $(OPENSSL_PATH)/crypto/rsa/rsa_local.h - $(OPENSSL_PATH)/crypto/sha/sha_local.h - $(OPENSSL_PATH)/crypto/siphash/siphash_local.h - $(OPENSSL_PATH)/crypto/sm3/sm3_local.h - $(OPENSSL_PATH)/crypto/store/store_local.h - $(OPENSSL_PATH)/crypto/ui/ui_local.h - $(OPENSSL_PATH)/crypto/x509/x509_local.h - $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h - $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h - $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h - $(OPENSSL_PATH)/ssl/bio_ssl.c - $(OPENSSL_PATH)/ssl/d1_lib.c - $(OPENSSL_PATH)/ssl/d1_msg.c - $(OPENSSL_PATH)/ssl/d1_srtp.c - $(OPENSSL_PATH)/ssl/methods.c - $(OPENSSL_PATH)/ssl/packet.c - $(OPENSSL_PATH)/ssl/pqueue.c - $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c - $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c - $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c - $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c - $(OPENSSL_PATH)/ssl/record/ssl3_record.c - $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c - $(OPENSSL_PATH)/ssl/s3_cbc.c - $(OPENSSL_PATH)/ssl/s3_enc.c - $(OPENSSL_PATH)/ssl/s3_lib.c - $(OPENSSL_PATH)/ssl/s3_msg.c - $(OPENSSL_PATH)/ssl/ssl_asn1.c - $(OPENSSL_PATH)/ssl/ssl_cert.c - $(OPENSSL_PATH)/ssl/ssl_ciph.c - $(OPENSSL_PATH)/ssl/ssl_conf.c - $(OPENSSL_PATH)/ssl/ssl_err.c - $(OPENSSL_PATH)/ssl/ssl_init.c - $(OPENSSL_PATH)/ssl/ssl_lib.c - $(OPENSSL_PATH)/ssl/ssl_mcnf.c - $(OPENSSL_PATH)/ssl/ssl_rsa.c - $(OPENSSL_PATH)/ssl/ssl_sess.c - $(OPENSSL_PATH)/ssl/ssl_stat.c - $(OPENSSL_PATH)/ssl/ssl_txt.c - $(OPENSSL_PATH)/ssl/ssl_utst.c - $(OPENSSL_PATH)/ssl/statem/extensions.c - $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c - $(OPENSSL_PATH)/ssl/statem/extensions_cust.c - $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c - $(OPENSSL_PATH)/ssl/statem/statem.c - $(OPENSSL_PATH)/ssl/statem/statem_clnt.c - $(OPENSSL_PATH)/ssl/statem/statem_dtls.c - $(OPENSSL_PATH)/ssl/statem/statem_lib.c - $(OPENSSL_PATH)/ssl/statem/statem_srvr.c - $(OPENSSL_PATH)/ssl/t1_enc.c - $(OPENSSL_PATH)/ssl/t1_lib.c - $(OPENSSL_PATH)/ssl/t1_trce.c - $(OPENSSL_PATH)/ssl/tls13_enc.c - $(OPENSSL_PATH)/ssl/tls_srp.c - $(OPENSSL_PATH)/ssl/packet_local.h - $(OPENSSL_PATH)/ssl/ssl_cert_table.h - $(OPENSSL_PATH)/ssl/ssl_local.h - $(OPENSSL_PATH)/ssl/record/record.h - $(OPENSSL_PATH)/ssl/record/record_local.h - $(OPENSSL_PATH)/ssl/statem/statem.h - $(OPENSSL_PATH)/ssl/statem/statem_local.h -# Autogenerated files list ends here - buildinf.h - ossl_store.c - rand_pool.c - X64/ApiHooks.c - -[Packages] - MdePkg/MdePkg.dec - CryptoPkg/CryptoPkg.dec - -[LibraryClasses] - BaseLib - DebugLib - RngLib - PrintLib - -[FixedPcd] - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES - -[BuildOptions] - # - # Disables the following Visual Studio compiler warnings brought by open= ssl source, - # so we do not break the build with /WX option: - # C4090: 'function' : different 'const' qualifiers - # C4132: 'object' : const object should be initialized (tls13_enc.c) - # C4210: nonstandard extension used: function given file scope - # C4244: conversion from type1 to type2, possible loss of data - # C4245: conversion from type1 to type2, signed/unsigned mismatch - # C4267: conversion from size_t to type, possible loss of data - # C4306: 'identifier' : conversion from 'type1' to 'type2' of greater = size - # C4310: cast truncates constant value - # C4389: 'operator' : signed/unsigned mismatch (xxxx) - # C4700: uninitialized local variable 'name' used. (conf_sap.c(71)) - # C4702: unreachable code - # C4706: assignment within conditional expression - # C4819: The file contains a character that cannot be represented in t= he current code page - # - MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 = /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819 - - INTEL:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w - - # - # Suppress the following build warnings in openssl so we don't break the= build with -Werror - # -Werror=3Dmaybe-uninitialized: there exist some other paths for whic= h the variable is not initialized. - # -Werror=3Dformat: Check calls to printf and scanf, etc., to make sur= e that the arguments supplied have - # types appropriate to the format string specified. - # -Werror=3Dunused-but-set-variable: Warn whenever a local variable is= assigned to, but otherwise unused (aside from its declaration). - # - GCC:*_*_X64_CC_FLAGS =3D -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) = $(OPENSSL_FLAGS_CONFIG) -Wno-error=3Dmaybe-uninitialized -Wno-error=3Dforma= t -Wno-format -Wno-error=3Dunused-but-set-variable -DNO_MSABI_VA_FUNCS - - # suppress the following warnings in openssl so we don't break the build= with warnings-as-errors: - # 1295: Deprecated declaration - give arg types - # 550: was set but never used - # 1293: assignment in condition - # 111: statement is unreachable (invariably "break;" after "return X;" = in case statement) - # 68: integer conversion resulted in a change of sign ("if (Status =3D= =3D -1)") - # 177: was declared but never referenced - # 223: function declared implicitly - # 144: a value of type cannot be used to initialize an entity of= type - # 513: a value of type cannot be assigned to an entity of type <= type> - # 188: enumerated type mixed with another type (i.e. passing an integer= as an enum without a cast) - # 1296: Extended constant initialiser used - # 128: loop is not reachable - may be emitted inappropriately if code f= ollows a conditional return - # from the function that evaluates to true at compile time - # 546: transfer of control bypasses initialization - may be emitted ina= ppropriately if the uninitialized - # variable is never referenced after the jump - # 1: ignore "#1-D: last line of file ends without a newline" - # 3017: may be used before being set (NOTE: This was fixed in O= penSSL 1.1 HEAD with - # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be drop= ped then.) - XCODE:*_*_X64_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) $(OPENSSL_FLAGS_CONFIG) -w -std=3Dc99 -Wno-error=3Duninitialized diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibX64Gcc.inf deleted file mode 100644 index 0f1b4b16f8b1..000000000000 --- a/CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf +++ /dev/null @@ -1,706 +0,0 @@ -## @file -# This module provides OpenSSL Library implementation. -# -# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
-# (C) Copyright 2020 Hewlett Packard Enterprise Development LP
-# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION =3D 0x00010005 - BASE_NAME =3D OpensslLibX64Gcc - MODULE_UNI_FILE =3D OpensslLib.uni - FILE_GUID =3D DD90DB9D-6A3F-4F2B-87BF-A8F2BBEF982F - MODULE_TYPE =3D BASE - VERSION_STRING =3D 1.0 - LIBRARY_CLASS =3D OpensslLib - DEFINE OPENSSL_PATH =3D openssl - DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE - DEFINE OPENSSL_FLAGS_CONFIG =3D -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA2= 56_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM - CONSTRUCTOR =3D OpensslLibConstructor - -# -# VALID_ARCHITECTURES =3D X64 -# - -[Sources.X64] - OpensslLibConstructor.c - $(OPENSSL_PATH)/e_os.h - $(OPENSSL_PATH)/ms/uplink.h -# Autogenerated files list starts here - X64Gcc/crypto/aes/aesni-mb-x86_64.S - X64Gcc/crypto/aes/aesni-sha1-x86_64.S - X64Gcc/crypto/aes/aesni-sha256-x86_64.S - X64Gcc/crypto/aes/aesni-x86_64.S - X64Gcc/crypto/aes/vpaes-x86_64.S - X64Gcc/crypto/modes/aesni-gcm-x86_64.S - X64Gcc/crypto/modes/ghash-x86_64.S - X64Gcc/crypto/sha/sha1-mb-x86_64.S - X64Gcc/crypto/sha/sha1-x86_64.S - X64Gcc/crypto/sha/sha256-mb-x86_64.S - X64Gcc/crypto/sha/sha256-x86_64.S - X64Gcc/crypto/sha/sha512-x86_64.S - X64Gcc/crypto/x86_64cpuid.S - $(OPENSSL_PATH)/crypto/aes/aes_cbc.c - $(OPENSSL_PATH)/crypto/aes/aes_cfb.c - $(OPENSSL_PATH)/crypto/aes/aes_core.c - $(OPENSSL_PATH)/crypto/aes/aes_ige.c - $(OPENSSL_PATH)/crypto/aes/aes_misc.c - $(OPENSSL_PATH)/crypto/aes/aes_ofb.c - $(OPENSSL_PATH)/crypto/aes/aes_wrap.c - $(OPENSSL_PATH)/crypto/aria/aria.c - $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c - $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c - $(OPENSSL_PATH)/crypto/asn1/a_digest.c - $(OPENSSL_PATH)/crypto/asn1/a_dup.c - $(OPENSSL_PATH)/crypto/asn1/a_gentm.c - $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c - $(OPENSSL_PATH)/crypto/asn1/a_int.c - $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c - $(OPENSSL_PATH)/crypto/asn1/a_object.c - $(OPENSSL_PATH)/crypto/asn1/a_octet.c - $(OPENSSL_PATH)/crypto/asn1/a_print.c - $(OPENSSL_PATH)/crypto/asn1/a_sign.c - $(OPENSSL_PATH)/crypto/asn1/a_strex.c - $(OPENSSL_PATH)/crypto/asn1/a_strnid.c - $(OPENSSL_PATH)/crypto/asn1/a_time.c - $(OPENSSL_PATH)/crypto/asn1/a_type.c - $(OPENSSL_PATH)/crypto/asn1/a_utctm.c - $(OPENSSL_PATH)/crypto/asn1/a_utf8.c - $(OPENSSL_PATH)/crypto/asn1/a_verify.c - $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c - $(OPENSSL_PATH)/crypto/asn1/asn1_err.c - $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c - $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c - $(OPENSSL_PATH)/crypto/asn1/asn1_par.c - $(OPENSSL_PATH)/crypto/asn1/asn_mime.c - $(OPENSSL_PATH)/crypto/asn1/asn_moid.c - $(OPENSSL_PATH)/crypto/asn1/asn_mstbl.c - $(OPENSSL_PATH)/crypto/asn1/asn_pack.c - $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c - $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c - $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c - $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c - $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c - $(OPENSSL_PATH)/crypto/asn1/f_int.c - $(OPENSSL_PATH)/crypto/asn1/f_string.c - $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c - $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c - $(OPENSSL_PATH)/crypto/asn1/n_pkey.c - $(OPENSSL_PATH)/crypto/asn1/nsseq.c - $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c - $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c - $(OPENSSL_PATH)/crypto/asn1/p5_scrypt.c - $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c - $(OPENSSL_PATH)/crypto/asn1/t_bitst.c - $(OPENSSL_PATH)/crypto/asn1/t_pkey.c - $(OPENSSL_PATH)/crypto/asn1/t_spki.c - $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c - $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c - $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c - $(OPENSSL_PATH)/crypto/asn1/tasn_new.c - $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c - $(OPENSSL_PATH)/crypto/asn1/tasn_scn.c - $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c - $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c - $(OPENSSL_PATH)/crypto/asn1/x_algor.c - $(OPENSSL_PATH)/crypto/asn1/x_bignum.c - $(OPENSSL_PATH)/crypto/asn1/x_info.c - $(OPENSSL_PATH)/crypto/asn1/x_int64.c - $(OPENSSL_PATH)/crypto/asn1/x_long.c - $(OPENSSL_PATH)/crypto/asn1/x_pkey.c - $(OPENSSL_PATH)/crypto/asn1/x_sig.c - $(OPENSSL_PATH)/crypto/asn1/x_spki.c - $(OPENSSL_PATH)/crypto/asn1/x_val.c - $(OPENSSL_PATH)/crypto/async/arch/async_null.c - $(OPENSSL_PATH)/crypto/async/arch/async_posix.c - $(OPENSSL_PATH)/crypto/async/arch/async_win.c - $(OPENSSL_PATH)/crypto/async/async.c - $(OPENSSL_PATH)/crypto/async/async_err.c - $(OPENSSL_PATH)/crypto/async/async_wait.c - $(OPENSSL_PATH)/crypto/bio/b_addr.c - $(OPENSSL_PATH)/crypto/bio/b_dump.c - $(OPENSSL_PATH)/crypto/bio/b_sock.c - $(OPENSSL_PATH)/crypto/bio/b_sock2.c - $(OPENSSL_PATH)/crypto/bio/bf_buff.c - $(OPENSSL_PATH)/crypto/bio/bf_lbuf.c - $(OPENSSL_PATH)/crypto/bio/bf_nbio.c - $(OPENSSL_PATH)/crypto/bio/bf_null.c - $(OPENSSL_PATH)/crypto/bio/bio_cb.c - $(OPENSSL_PATH)/crypto/bio/bio_err.c - $(OPENSSL_PATH)/crypto/bio/bio_lib.c - $(OPENSSL_PATH)/crypto/bio/bio_meth.c - $(OPENSSL_PATH)/crypto/bio/bss_acpt.c - $(OPENSSL_PATH)/crypto/bio/bss_bio.c - $(OPENSSL_PATH)/crypto/bio/bss_conn.c - $(OPENSSL_PATH)/crypto/bio/bss_dgram.c - $(OPENSSL_PATH)/crypto/bio/bss_fd.c - $(OPENSSL_PATH)/crypto/bio/bss_file.c - $(OPENSSL_PATH)/crypto/bio/bss_log.c - $(OPENSSL_PATH)/crypto/bio/bss_mem.c - $(OPENSSL_PATH)/crypto/bio/bss_null.c - $(OPENSSL_PATH)/crypto/bio/bss_sock.c - $(OPENSSL_PATH)/crypto/bn/bn_add.c - $(OPENSSL_PATH)/crypto/bn/bn_asm.c - $(OPENSSL_PATH)/crypto/bn/bn_blind.c - $(OPENSSL_PATH)/crypto/bn/bn_const.c - $(OPENSSL_PATH)/crypto/bn/bn_ctx.c - $(OPENSSL_PATH)/crypto/bn/bn_depr.c - $(OPENSSL_PATH)/crypto/bn/bn_dh.c - $(OPENSSL_PATH)/crypto/bn/bn_div.c - $(OPENSSL_PATH)/crypto/bn/bn_err.c - $(OPENSSL_PATH)/crypto/bn/bn_exp.c - $(OPENSSL_PATH)/crypto/bn/bn_exp2.c - $(OPENSSL_PATH)/crypto/bn/bn_gcd.c - $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c - $(OPENSSL_PATH)/crypto/bn/bn_intern.c - $(OPENSSL_PATH)/crypto/bn/bn_kron.c - $(OPENSSL_PATH)/crypto/bn/bn_lib.c - $(OPENSSL_PATH)/crypto/bn/bn_mod.c - $(OPENSSL_PATH)/crypto/bn/bn_mont.c - $(OPENSSL_PATH)/crypto/bn/bn_mpi.c - $(OPENSSL_PATH)/crypto/bn/bn_mul.c - $(OPENSSL_PATH)/crypto/bn/bn_nist.c - $(OPENSSL_PATH)/crypto/bn/bn_prime.c - $(OPENSSL_PATH)/crypto/bn/bn_print.c - $(OPENSSL_PATH)/crypto/bn/bn_rand.c - $(OPENSSL_PATH)/crypto/bn/bn_recp.c - $(OPENSSL_PATH)/crypto/bn/bn_shift.c - $(OPENSSL_PATH)/crypto/bn/bn_sqr.c - $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c - $(OPENSSL_PATH)/crypto/bn/bn_srp.c - $(OPENSSL_PATH)/crypto/bn/bn_word.c - $(OPENSSL_PATH)/crypto/bn/bn_x931p.c - $(OPENSSL_PATH)/crypto/buffer/buf_err.c - $(OPENSSL_PATH)/crypto/buffer/buffer.c - $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c - $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c - $(OPENSSL_PATH)/crypto/cmac/cmac.c - $(OPENSSL_PATH)/crypto/comp/c_zlib.c - $(OPENSSL_PATH)/crypto/comp/comp_err.c - $(OPENSSL_PATH)/crypto/comp/comp_lib.c - $(OPENSSL_PATH)/crypto/conf/conf_api.c - $(OPENSSL_PATH)/crypto/conf/conf_def.c - $(OPENSSL_PATH)/crypto/conf/conf_err.c - $(OPENSSL_PATH)/crypto/conf/conf_lib.c - $(OPENSSL_PATH)/crypto/conf/conf_mall.c - $(OPENSSL_PATH)/crypto/conf/conf_mod.c - $(OPENSSL_PATH)/crypto/conf/conf_sap.c - $(OPENSSL_PATH)/crypto/conf/conf_ssl.c - $(OPENSSL_PATH)/crypto/cpt_err.c - $(OPENSSL_PATH)/crypto/cryptlib.c - $(OPENSSL_PATH)/crypto/ctype.c - $(OPENSSL_PATH)/crypto/cversion.c - $(OPENSSL_PATH)/crypto/dh/dh_ameth.c - $(OPENSSL_PATH)/crypto/dh/dh_asn1.c - $(OPENSSL_PATH)/crypto/dh/dh_check.c - $(OPENSSL_PATH)/crypto/dh/dh_depr.c - $(OPENSSL_PATH)/crypto/dh/dh_err.c - $(OPENSSL_PATH)/crypto/dh/dh_gen.c - $(OPENSSL_PATH)/crypto/dh/dh_kdf.c - $(OPENSSL_PATH)/crypto/dh/dh_key.c - $(OPENSSL_PATH)/crypto/dh/dh_lib.c - $(OPENSSL_PATH)/crypto/dh/dh_meth.c - $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c - $(OPENSSL_PATH)/crypto/dh/dh_prn.c - $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c - $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c - $(OPENSSL_PATH)/crypto/dso/dso_dl.c - $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c - $(OPENSSL_PATH)/crypto/dso/dso_err.c - $(OPENSSL_PATH)/crypto/dso/dso_lib.c - $(OPENSSL_PATH)/crypto/dso/dso_openssl.c - $(OPENSSL_PATH)/crypto/dso/dso_vms.c - $(OPENSSL_PATH)/crypto/dso/dso_win32.c - $(OPENSSL_PATH)/crypto/ebcdic.c - $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgT= okenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCry= ptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkg= TokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTok= enSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGu= id.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenS= paceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgToken= SpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceG= uid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/err/err.c - $(OPENSSL_PATH)/crypto/err/err_prn.c - $(OPENSSL_PATH)/crypto/evp/bio_b64.c - $(OPENSSL_PATH)/crypto/evp/bio_enc.c - $(OPENSSL_PATH)/crypto/evp/bio_md.c - $(OPENSSL_PATH)/crypto/evp/bio_ok.c - $(OPENSSL_PATH)/crypto/evp/c_allc.c - $(OPENSSL_PATH)/crypto/evp/c_alld.c - $(OPENSSL_PATH)/crypto/evp/cmeth_lib.c - $(OPENSSL_PATH)/crypto/evp/digest.c - $(OPENSSL_PATH)/crypto/evp/e_aes.c - $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c - $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c - $(OPENSSL_PATH)/crypto/evp/e_aria.c - $(OPENSSL_PATH)/crypto/evp/e_bf.c - $(OPENSSL_PATH)/crypto/evp/e_camellia.c - $(OPENSSL_PATH)/crypto/evp/e_cast.c - $(OPENSSL_PATH)/crypto/evp/e_chacha20_poly1305.c - $(OPENSSL_PATH)/crypto/evp/e_des.c - $(OPENSSL_PATH)/crypto/evp/e_des3.c - $(OPENSSL_PATH)/crypto/evp/e_idea.c - $(OPENSSL_PATH)/crypto/evp/e_null.c - $(OPENSSL_PATH)/crypto/evp/e_old.c - $(OPENSSL_PATH)/crypto/evp/e_rc2.c - $(OPENSSL_PATH)/crypto/evp/e_rc4.c - $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c - $(OPENSSL_PATH)/crypto/evp/e_rc5.c - $(OPENSSL_PATH)/crypto/evp/e_seed.c - $(OPENSSL_PATH)/crypto/evp/e_sm4.c - $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c - $(OPENSSL_PATH)/crypto/evp/encode.c - $(OPENSSL_PATH)/crypto/evp/evp_cnf.c - $(OPENSSL_PATH)/crypto/evp/evp_enc.c - $(OPENSSL_PATH)/crypto/evp/evp_err.c - $(OPENSSL_PATH)/crypto/evp/evp_key.c - $(OPENSSL_PATH)/crypto/evp/evp_lib.c - $(OPENSSL_PATH)/crypto/evp/evp_pbe.c - $(OPENSSL_PATH)/crypto/evp/evp_pkey.c - $(OPENSSL_PATH)/crypto/evp/m_md2.c - $(OPENSSL_PATH)/crypto/evp/m_md4.c - $(OPENSSL_PATH)/crypto/evp/m_md5.c - $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c - $(OPENSSL_PATH)/crypto/evp/m_mdc2.c - $(OPENSSL_PATH)/crypto/evp/m_null.c - $(OPENSSL_PATH)/crypto/evp/m_ripemd.c - $(OPENSSL_PATH)/crypto/evp/m_sha1.c - $(OPENSSL_PATH)/crypto/evp/m_sha3.c - $(OPENSSL_PATH)/crypto/evp/m_sigver.c - $(OPENSSL_PATH)/crypto/evp/m_wp.c - $(OPENSSL_PATH)/crypto/evp/names.c - $(OPENSSL_PATH)/crypto/evp/p5_crpt.c - $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c - $(OPENSSL_PATH)/crypto/evp/p_dec.c - $(OPENSSL_PATH)/crypto/evp/p_enc.c - $(OPENSSL_PATH)/crypto/evp/p_lib.c - $(OPENSSL_PATH)/crypto/evp/p_open.c - $(OPENSSL_PATH)/crypto/evp/p_seal.c - $(OPENSSL_PATH)/crypto/evp/p_sign.c - $(OPENSSL_PATH)/crypto/evp/p_verify.c - $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c - $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c - $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c - $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c - $(OPENSSL_PATH)/crypto/ex_data.c - $(OPENSSL_PATH)/crypto/getenv.c - $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c - $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c - $(OPENSSL_PATH)/crypto/hmac/hmac.c - $(OPENSSL_PATH)/crypto/init.c - $(OPENSSL_PATH)/crypto/kdf/hkdf.c - $(OPENSSL_PATH)/crypto/kdf/kdf_err.c - $(OPENSSL_PATH)/crypto/kdf/scrypt.c - $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c - $(OPENSSL_PATH)/crypto/lhash/lh_stats.c - $(OPENSSL_PATH)/crypto/lhash/lhash.c - $(OPENSSL_PATH)/crypto/md5/md5_dgst.c - $(OPENSSL_PATH)/crypto/md5/md5_one.c - $(OPENSSL_PATH)/crypto/mem.c - $(OPENSSL_PATH)/crypto/mem_dbg.c - $(OPENSSL_PATH)/crypto/mem_sec.c - $(OPENSSL_PATH)/crypto/modes/cbc128.c - $(OPENSSL_PATH)/crypto/modes/ccm128.c - $(OPENSSL_PATH)/crypto/modes/cfb128.c - $(OPENSSL_PATH)/crypto/modes/ctr128.c - $(OPENSSL_PATH)/crypto/modes/cts128.c - $(OPENSSL_PATH)/crypto/modes/gcm128.c - $(OPENSSL_PATH)/crypto/modes/ocb128.c - $(OPENSSL_PATH)/crypto/modes/ofb128.c - $(OPENSSL_PATH)/crypto/modes/wrap128.c - $(OPENSSL_PATH)/crypto/modes/xts128.c - $(OPENSSL_PATH)/crypto/o_dir.c - $(OPENSSL_PATH)/crypto/o_fips.c - $(OPENSSL_PATH)/crypto/o_fopen.c - $(OPENSSL_PATH)/crypto/o_init.c - $(OPENSSL_PATH)/crypto/o_str.c - $(OPENSSL_PATH)/crypto/o_time.c - $(OPENSSL_PATH)/crypto/objects/o_names.c - $(OPENSSL_PATH)/crypto/objects/obj_dat.c - $(OPENSSL_PATH)/crypto/objects/obj_err.c - $(OPENSSL_PATH)/crypto/objects/obj_lib.c - $(OPENSSL_PATH)/crypto/objects/obj_xref.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c - $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c - $(OPENSSL_PATH)/crypto/pem/pem_all.c - $(OPENSSL_PATH)/crypto/pem/pem_err.c - $(OPENSSL_PATH)/crypto/pem/pem_info.c - $(OPENSSL_PATH)/crypto/pem/pem_lib.c - $(OPENSSL_PATH)/crypto/pem/pem_oth.c - $(OPENSSL_PATH)/crypto/pem/pem_pk8.c - $(OPENSSL_PATH)/crypto/pem/pem_pkey.c - $(OPENSSL_PATH)/crypto/pem/pem_sign.c - $(OPENSSL_PATH)/crypto/pem/pem_x509.c - $(OPENSSL_PATH)/crypto/pem/pem_xaux.c - $(OPENSSL_PATH)/crypto/pem/pvkfmt.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c - $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c - $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c - $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c - $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c - $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c - $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c - $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c - $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c - $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c - $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c - $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c - $(OPENSSL_PATH)/crypto/rand/drbg_lib.c - $(OPENSSL_PATH)/crypto/rand/rand_egd.c - $(OPENSSL_PATH)/crypto/rand/rand_err.c - $(OPENSSL_PATH)/crypto/rand/rand_lib.c - $(OPENSSL_PATH)/crypto/rand/rand_unix.c - $(OPENSSL_PATH)/crypto/rand/rand_vms.c - $(OPENSSL_PATH)/crypto/rand/rand_win.c - $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c - $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c - $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c - $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c - $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c - $(OPENSSL_PATH)/crypto/rsa/rsa_err.c - $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c - $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c - $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c - $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c - $(OPENSSL_PATH)/crypto/rsa/rsa_none.c - $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c - $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c - $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c - $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c - $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c - $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c - $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c - $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c - $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c - $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c - $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c - $(OPENSSL_PATH)/crypto/sha/keccak1600.c - $(OPENSSL_PATH)/crypto/sha/sha1_one.c - $(OPENSSL_PATH)/crypto/sha/sha1dgst.c - $(OPENSSL_PATH)/crypto/sha/sha256.c - $(OPENSSL_PATH)/crypto/sha/sha512.c - $(OPENSSL_PATH)/crypto/siphash/siphash.c - $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c - $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpa= ceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpac= eGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/sm3/m_sm3.c - $(OPENSSL_PATH)/crypto/sm3/sm3.c - $(OPENSSL_PATH)/crypto/sm4/sm4.c - $(OPENSSL_PATH)/crypto/stack/stack.c - $(OPENSSL_PATH)/crypto/threads_none.c - $(OPENSSL_PATH)/crypto/threads_pthread.c - $(OPENSSL_PATH)/crypto/threads_win.c - $(OPENSSL_PATH)/crypto/txt_db/txt_db.c - $(OPENSSL_PATH)/crypto/ui/ui_err.c - $(OPENSSL_PATH)/crypto/ui/ui_lib.c - $(OPENSSL_PATH)/crypto/ui/ui_null.c - $(OPENSSL_PATH)/crypto/ui/ui_openssl.c - $(OPENSSL_PATH)/crypto/ui/ui_util.c - $(OPENSSL_PATH)/crypto/uid.c - $(OPENSSL_PATH)/crypto/x509/by_dir.c - $(OPENSSL_PATH)/crypto/x509/by_file.c - $(OPENSSL_PATH)/crypto/x509/t_crl.c - $(OPENSSL_PATH)/crypto/x509/t_req.c - $(OPENSSL_PATH)/crypto/x509/t_x509.c - $(OPENSSL_PATH)/crypto/x509/x509_att.c - $(OPENSSL_PATH)/crypto/x509/x509_cmp.c - $(OPENSSL_PATH)/crypto/x509/x509_d2.c - $(OPENSSL_PATH)/crypto/x509/x509_def.c - $(OPENSSL_PATH)/crypto/x509/x509_err.c - $(OPENSSL_PATH)/crypto/x509/x509_ext.c - $(OPENSSL_PATH)/crypto/x509/x509_lu.c - $(OPENSSL_PATH)/crypto/x509/x509_meth.c - $(OPENSSL_PATH)/crypto/x509/x509_obj.c - $(OPENSSL_PATH)/crypto/x509/x509_r2x.c - $(OPENSSL_PATH)/crypto/x509/x509_req.c - $(OPENSSL_PATH)/crypto/x509/x509_set.c - $(OPENSSL_PATH)/crypto/x509/x509_trs.c - $(OPENSSL_PATH)/crypto/x509/x509_txt.c - $(OPENSSL_PATH)/crypto/x509/x509_v3.c - $(OPENSSL_PATH)/crypto/x509/x509_vfy.c - $(OPENSSL_PATH)/crypto/x509/x509_vpm.c - $(OPENSSL_PATH)/crypto/x509/x509cset.c - $(OPENSSL_PATH)/crypto/x509/x509name.c - $(OPENSSL_PATH)/crypto/x509/x509rset.c - $(OPENSSL_PATH)/crypto/x509/x509spki.c - $(OPENSSL_PATH)/crypto/x509/x509type.c - $(OPENSSL_PATH)/crypto/x509/x_all.c - $(OPENSSL_PATH)/crypto/x509/x_attrib.c - $(OPENSSL_PATH)/crypto/x509/x_crl.c - $(OPENSSL_PATH)/crypto/x509/x_exten.c - $(OPENSSL_PATH)/crypto/x509/x_name.c - $(OPENSSL_PATH)/crypto/x509/x_pubkey.c - $(OPENSSL_PATH)/crypto/x509/x_req.c - $(OPENSSL_PATH)/crypto/x509/x_x509.c - $(OPENSSL_PATH)/crypto/x509/x_x509a.c - $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c - $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c - $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c - $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c - $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c - $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c - $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c - $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c - $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c - $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c - $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c - $(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c - $(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c - $(OPENSSL_PATH)/crypto/x509v3/v3_conf.c - $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c - $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c - $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c - $(OPENSSL_PATH)/crypto/x509v3/v3_extku.c - $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c - $(OPENSSL_PATH)/crypto/x509v3/v3_ia5.c - $(OPENSSL_PATH)/crypto/x509v3/v3_info.c - $(OPENSSL_PATH)/crypto/x509v3/v3_int.c - $(OPENSSL_PATH)/crypto/x509v3/v3_lib.c - $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c - $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c - $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c - $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c - $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c - $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c - $(OPENSSL_PATH)/crypto/x509v3/v3_prn.c - $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c - $(OPENSSL_PATH)/crypto/x509v3/v3_skey.c - $(OPENSSL_PATH)/crypto/x509v3/v3_sxnet.c - $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c - $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c - $(OPENSSL_PATH)/crypto/x509v3/v3err.c - $(OPENSSL_PATH)/crypto/arm_arch.h - $(OPENSSL_PATH)/crypto/mips_arch.h - $(OPENSSL_PATH)/crypto/ppc_arch.h - $(OPENSSL_PATH)/crypto/s390x_arch.h - $(OPENSSL_PATH)/crypto/sparc_arch.h - $(OPENSSL_PATH)/crypto/vms_rms.h - $(OPENSSL_PATH)/crypto/aes/aes_local.h - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h - $(OPENSSL_PATH)/crypto/asn1/asn1_local.h - $(OPENSSL_PATH)/crypto/asn1/charmap.h - $(OPENSSL_PATH)/crypto/asn1/standard_methods.h - $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h - $(OPENSSL_PATH)/crypto/async/async_local.h - $(OPENSSL_PATH)/crypto/async/arch/async_null.h - $(OPENSSL_PATH)/crypto/async/arch/async_posix.h - $(OPENSSL_PATH)/crypto/async/arch/async_win.h - $(OPENSSL_PATH)/crypto/bio/bio_local.h - $(OPENSSL_PATH)/crypto/bn/bn_local.h - $(OPENSSL_PATH)/crypto/bn/bn_prime.h - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h - $(OPENSSL_PATH)/crypto/comp/comp_local.h - $(OPENSSL_PATH)/crypto/conf/conf_def.h - $(OPENSSL_PATH)/crypto/conf/conf_local.h - $(OPENSSL_PATH)/crypto/dh/dh_local.h - $(OPENSSL_PATH)/crypto/dso/dso_local.h - $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpace= Guid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCrypt= oPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgToke= nSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkg= TokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgToken= SpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*= |gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryp= toPkgTokenSpaceGuid.PcdOpensslEcEnabled - $(OPENSSL_PATH)/crypto/evp/evp_local.h - $(OPENSSL_PATH)/crypto/hmac/hmac_local.h - $(OPENSSL_PATH)/crypto/lhash/lhash_local.h - $(OPENSSL_PATH)/crypto/md5/md5_local.h - $(OPENSSL_PATH)/crypto/modes/modes_local.h - $(OPENSSL_PATH)/crypto/objects/obj_dat.h - $(OPENSSL_PATH)/crypto/objects/obj_local.h - $(OPENSSL_PATH)/crypto/objects/obj_xref.h - $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h - $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h - $(OPENSSL_PATH)/crypto/rand/rand_local.h - $(OPENSSL_PATH)/crypto/rsa/rsa_local.h - $(OPENSSL_PATH)/crypto/sha/sha_local.h - $(OPENSSL_PATH)/crypto/siphash/siphash_local.h - $(OPENSSL_PATH)/crypto/sm3/sm3_local.h - $(OPENSSL_PATH)/crypto/store/store_local.h - $(OPENSSL_PATH)/crypto/ui/ui_local.h - $(OPENSSL_PATH)/crypto/x509/x509_local.h - $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h - $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h - $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h - $(OPENSSL_PATH)/ssl/bio_ssl.c - $(OPENSSL_PATH)/ssl/d1_lib.c - $(OPENSSL_PATH)/ssl/d1_msg.c - $(OPENSSL_PATH)/ssl/d1_srtp.c - $(OPENSSL_PATH)/ssl/methods.c - $(OPENSSL_PATH)/ssl/packet.c - $(OPENSSL_PATH)/ssl/pqueue.c - $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c - $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c - $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c - $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c - $(OPENSSL_PATH)/ssl/record/ssl3_record.c - $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c - $(OPENSSL_PATH)/ssl/s3_cbc.c - $(OPENSSL_PATH)/ssl/s3_enc.c - $(OPENSSL_PATH)/ssl/s3_lib.c - $(OPENSSL_PATH)/ssl/s3_msg.c - $(OPENSSL_PATH)/ssl/ssl_asn1.c - $(OPENSSL_PATH)/ssl/ssl_cert.c - $(OPENSSL_PATH)/ssl/ssl_ciph.c - $(OPENSSL_PATH)/ssl/ssl_conf.c - $(OPENSSL_PATH)/ssl/ssl_err.c - $(OPENSSL_PATH)/ssl/ssl_init.c - $(OPENSSL_PATH)/ssl/ssl_lib.c - $(OPENSSL_PATH)/ssl/ssl_mcnf.c - $(OPENSSL_PATH)/ssl/ssl_rsa.c - $(OPENSSL_PATH)/ssl/ssl_sess.c - $(OPENSSL_PATH)/ssl/ssl_stat.c - $(OPENSSL_PATH)/ssl/ssl_txt.c - $(OPENSSL_PATH)/ssl/ssl_utst.c - $(OPENSSL_PATH)/ssl/statem/extensions.c - $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c - $(OPENSSL_PATH)/ssl/statem/extensions_cust.c - $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c - $(OPENSSL_PATH)/ssl/statem/statem.c - $(OPENSSL_PATH)/ssl/statem/statem_clnt.c - $(OPENSSL_PATH)/ssl/statem/statem_dtls.c - $(OPENSSL_PATH)/ssl/statem/statem_lib.c - $(OPENSSL_PATH)/ssl/statem/statem_srvr.c - $(OPENSSL_PATH)/ssl/t1_enc.c - $(OPENSSL_PATH)/ssl/t1_lib.c - $(OPENSSL_PATH)/ssl/t1_trce.c - $(OPENSSL_PATH)/ssl/tls13_enc.c - $(OPENSSL_PATH)/ssl/tls_srp.c - $(OPENSSL_PATH)/ssl/packet_local.h - $(OPENSSL_PATH)/ssl/ssl_cert_table.h - $(OPENSSL_PATH)/ssl/ssl_local.h - $(OPENSSL_PATH)/ssl/record/record.h - $(OPENSSL_PATH)/ssl/record/record_local.h - $(OPENSSL_PATH)/ssl/statem/statem.h - $(OPENSSL_PATH)/ssl/statem/statem_local.h -# Autogenerated files list ends here - buildinf.h - ossl_store.c - rand_pool.c - X64/ApiHooks.c - -[Packages] - MdePkg/MdePkg.dec - CryptoPkg/CryptoPkg.dec - -[LibraryClasses] - BaseLib - DebugLib - RngLib - PrintLib - -[FixedPcd] - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES - -[BuildOptions] - # - # Disables the following Visual Studio compiler warnings brought by open= ssl source, - # so we do not break the build with /WX option: - # C4090: 'function' : different 'const' qualifiers - # C4132: 'object' : const object should be initialized (tls13_enc.c) - # C4210: nonstandard extension used: function given file scope - # C4244: conversion from type1 to type2, possible loss of data - # C4245: conversion from type1 to type2, signed/unsigned mismatch - # C4267: conversion from size_t to type, possible loss of data - # C4306: 'identifier' : conversion from 'type1' to 'type2' of greater = size - # C4310: cast truncates constant value - # C4389: 'operator' : signed/unsigned mismatch (xxxx) - # C4700: uninitialized local variable 'name' used. (conf_sap.c(71)) - # C4702: unreachable code - # C4706: assignment within conditional expression - # C4819: The file contains a character that cannot be represented in t= he current code page - # - MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 = /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819 - - INTEL:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w - - # - # Suppress the following build warnings in openssl so we don't break the= build with -Werror - # -Werror=3Dmaybe-uninitialized: there exist some other paths for whic= h the variable is not initialized. - # -Werror=3Dformat: Check calls to printf and scanf, etc., to make sur= e that the arguments supplied have - # types appropriate to the format string specified. - # -Werror=3Dunused-but-set-variable: Warn whenever a local variable is= assigned to, but otherwise unused (aside from its declaration). - # - GCC:*_*_X64_CC_FLAGS =3D -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) = $(OPENSSL_FLAGS_CONFIG) -Wno-error=3Dmaybe-uninitialized -Wno-error=3Dforma= t -Wno-format -Wno-error=3Dunused-but-set-variable -DNO_MSABI_VA_FUNCS - - # suppress the following warnings in openssl so we don't break the build= with warnings-as-errors: - # 1295: Deprecated declaration - give arg types - # 550: was set but never used - # 1293: assignment in condition - # 111: statement is unreachable (invariably "break;" after "return X;" = in case statement) - # 68: integer conversion resulted in a change of sign ("if (Status =3D= =3D -1)") - # 177: was declared but never referenced - # 223: function declared implicitly - # 144: a value of type cannot be used to initialize an entity of= type - # 513: a value of type cannot be assigned to an entity of type <= type> - # 188: enumerated type mixed with another type (i.e. passing an integer= as an enum without a cast) - # 1296: Extended constant initialiser used - # 128: loop is not reachable - may be emitted inappropriately if code f= ollows a conditional return - # from the function that evaluates to true at compile time - # 546: transfer of control bypasses initialization - may be emitted ina= ppropriately if the uninitialized - # variable is never referenced after the jump - # 1: ignore "#1-D: last line of file ends without a newline" - # 3017: may be used before being set (NOTE: This was fixed in O= penSSL 1.1 HEAD with - # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be drop= ped then.) - XCODE:*_*_X64_CC_FLAGS =3D -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FL= AGS) $(OPENSSL_FLAGS_CONFIG) -w -std=3Dc99 -Wno-error=3Duninitialized --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94999): https://edk2.groups.io/g/devel/message/94999 Mute This Topic: https://groups.io/mt/94260746/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 21:45:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95000+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95000+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665500717; cv=none; d=zohomail.com; s=zohoarc; b=hVwzeNVNkXu9eN4AnLVGUFOOupIs4W+UNbtzLvapqb6YCPbjg54p8jo3YYI/OocrP7+XqlMN8GY4sL2EBhrFq0JTj4yx6Gh81zrlLUoKjBPCw6Nh8pm5CI4o5HKcTnuLX0LMZH1Lo0JeIjm7ksFUaaF3ZiNhXoWD4C8rJCCruNY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665500717; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=FnBW+5wPA07ujXbphH9oFg3wFsjoScGxQqKDHLni+d0=; b=ejXNFxAj9e84O11I50h1XR9CKzZXwjmVQU9KxKIRseIKO6lQO7zfH9224a3wBE3E8/w3aXyvsU304QlGY9/I/uMkcyovJ+4n5NgV61tavh7E+KwV0DPzClNXr+yYQCYeH9+c7L2JsBqj+gVY9dSJahhbjujOnJkycVm6lKsRJ7U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95000+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665500717599925.3927912909195; Tue, 11 Oct 2022 08:05:17 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id MOKtYY1788612xKqCsp4PTVm; Tue, 11 Oct 2022 08:05:17 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web08.8439.1665500715117670141 for ; Tue, 11 Oct 2022 08:05:16 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="366518334" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="366518334" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:08 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="604172831" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="604172831" X-Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.79.249]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:08 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Christopher Zurcher Subject: [edk2-devel] [Patch 07/12] CryptoPkg/Library/OpensslLib: Produce consistent set of APIs Date: Tue, 11 Oct 2022 08:03:53 -0700 Message-Id: <20221011150358.1332-8-michael.d.kinney@intel.com> In-Reply-To: <20221011150358.1332-1-michael.d.kinney@intel.com> References: <20221011150358.1332-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com X-Gm-Message-State: Xvhw9MvaZODKlh7xMMbN4qhQx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665500717; bh=rYYlOV2So/k9hoGe7Cx6q2j0YSwAn+nqqpGwvzsrh4E=; h=Cc:Date:From:Reply-To:Subject:To; b=mvZUOTgp29u3+NggVXIr0qFJY6IOBP8Icst+9EjtlZa/3JveLepr4eo628t9P432pKm 79xw1MsolQKuue3ETIp5JqY4zK1hLktI9gf/P498Y7d7kK8R9tEeX9apcxVr2K1sGIByY phawsgqxi/nHakzApZTGp3RzEoUtVa8WdZM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665500718952100006 Content-Type: text/plain; charset="utf-8" Update all OpensslLib instances so they all produce all the APIs used by the BaseCryptLib instances. Not producing the same set of APIs for a library class does not follow the EDK II library class rules and breaks the assumptions that consumers of the OpensslLib may make about which services are present. * Add missing declaration of the private library class OpensslLib to CryptoPkg.dec. * Add SslNull.c with NULL implementations of SSL functions * Add EcSm2Null.c with NULL implementations of EC/SM2 functions. * Update OpensslLibCrypto.inf to include both SslNull.c and EcSm2Null.c so this library instance produces all the opensll APIs used by the BaseCryptLib instances. * Update OpensslLib.inf and OpensslLibAccel.inf to include EcSm2Null.c so these library instances produce all the opensll APIs used by the BaseCryptLib instances. * Add missing declaration of the private library class IntrinsicLib to CryptoPkg.dec Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Christopher Zurcher Signed-off-by: Michael D Kinney --- CryptoPkg/CryptoPkg.dec | 9 + CryptoPkg/Library/OpensslLib/EcSm2Null.c | 291 +++++++++++++ CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 + .../Library/OpensslLib/OpensslLibAccel.inf | 2 + .../Library/OpensslLib/OpensslLibCrypto.inf | 2 + .../Library/OpensslLib/OpensslLibFull.inf | 2 + .../OpensslLib/OpensslLibFullAccel.inf | 2 + CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++++++++++ CryptoPkg/Private/Library/IntrinsicLib.h | 16 + CryptoPkg/Private/Library/OpensslLib.h | 14 + 10 files changed, 745 insertions(+) create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h create mode 100644 CryptoPkg/Private/Library/OpensslLib.h diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index 217e73c3bcd2..f326c6324013 100644 --- a/CryptoPkg/CryptoPkg.dec +++ b/CryptoPkg/CryptoPkg.dec @@ -37,6 +37,15 @@ [LibraryClasses] # HashApiLib|Include/Library/HashApiLib.h =20 +[LibraryClasses.common.Private] + ## @libraryclass Provides library functions from the openssl project. + # + OpensslLib|Private/Library/OpensslLib.h + + ## @libraryclass Provides compiler intrinsic functions required to lin= k openssl project. + # + InstrinsicLib|Private/Library/IntrinsicLib.h + [Protocols] ## EDK II Crypto DXE protocol # 2C2275C9-3A7B-426F-BE54-2D22BD9D1092 diff --git a/CryptoPkg/Library/OpensslLib/EcSm2Null.c b/CryptoPkg/Library/O= pensslLib/EcSm2Null.c new file mode 100644 index 000000000000..8c52626ab29d --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/EcSm2Null.c @@ -0,0 +1,291 @@ +/** @file + Null implementation of EC and SM2 functions called by BaseCryptLib. + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +#undef OPENSSL_NO_EC + +#include +#include +#include + +void +EC_GROUP_free ( + EC_GROUP *group + ) +{ + ASSERT (FALSE); +} + +int +EC_GROUP_get_order ( + const EC_GROUP *group, + BIGNUM *order, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_GROUP_get_curve_name ( + const EC_GROUP *group + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_GROUP_get_curve ( + const EC_GROUP *group, + BIGNUM *p, + BIGNUM *a, + BIGNUM *b, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_GROUP_get_degree ( + const EC_GROUP *group + ) +{ + ASSERT (FALSE); + return 0; +} + +EC_GROUP * +EC_GROUP_new_by_curve_name ( + int nid + ) +{ + ASSERT (FALSE); + return NULL; +} + +EC_POINT * +EC_POINT_new ( + const EC_GROUP *group + ) +{ + ASSERT (FALSE); + return NULL; +} + +void +EC_POINT_free ( + EC_POINT *point + ) +{ + ASSERT (FALSE); +} + +void +EC_POINT_clear_free ( + EC_POINT *point + ) +{ + ASSERT (FALSE); +} + +int +EC_POINT_set_affine_coordinates ( + const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_POINT_get_affine_coordinates ( + const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_POINT_set_compressed_coordinates ( + const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_POINT_add ( + const EC_GROUP *group, + EC_POINT *r, + const EC_POINT *a, + const EC_POINT *b, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_POINT_invert ( + const EC_GROUP *group, + EC_POINT *a, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_POINT_is_at_infinity ( + const EC_GROUP *group, + const EC_POINT *p + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_POINT_is_on_curve ( + const EC_GROUP *group, + const EC_POINT *point, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return -1; +} + +int +EC_POINT_cmp ( + const EC_GROUP *group, + const EC_POINT *a, + const EC_POINT *b, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return -1; +} + +int +EC_POINT_mul ( + const EC_GROUP *group, + EC_POINT *r, + const BIGNUM *n, + const EC_POINT *q, + const BIGNUM *m, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return -0; +} + +EC_KEY * +EC_KEY_new_by_curve_name ( + int nid + ) +{ + ASSERT (FALSE); + return NULL; +} + +void +EC_KEY_free ( + EC_KEY *key + ) +{ + ASSERT (FALSE); +} + +const EC_GROUP * +EC_KEY_get0_group ( + const EC_KEY *key + ) +{ + ASSERT (FALSE); + return NULL; +} + +const EC_POINT * +EC_KEY_get0_public_key ( + const EC_KEY *key + ) +{ + ASSERT (FALSE); + return NULL; +} + +int +EC_KEY_set_public_key ( + EC_KEY *key, + const EC_POINT *pub + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_KEY_generate_key ( + EC_KEY *key + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_KEY_check_key ( + const EC_KEY *key + ) +{ + ASSERT (FALSE); + return 0; +} + +int +ECDH_compute_key ( + void *out, + size_t outlen, + const EC_POINT *pub_key, + const EC_KEY *ecdh, + void *(*KDF)( + const void *in, + size_t inlen, + void *out, + size_t *outlen + ) + ) +{ + ASSERT (FALSE); + return 0; +} diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index 7d4b729bf7c7..9dc1dd23cf5a 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -627,6 +627,8 @@ [Sources] buildinf.h ossl_store.c rand_pool.c +# SslNull.c + EcSm2Null.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf b/CryptoPkg/L= ibrary/OpensslLib/OpensslLibAccel.inf index b552b011e2bf..256400bcc1b0 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf @@ -629,6 +629,8 @@ [Sources] buildinf.h ossl_store.c rand_pool.c +# SslNull.c + EcSm2Null.c =20 [Sources.IA32] IA32/crypto/aes/aesni-x86.nasm | MSFT diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index 5492865ddb2d..543487d53642 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -628,6 +628,8 @@ [Sources] buildinf.h ossl_store.c rand_pool.c + SslNull.c + EcSm2Null.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf b/CryptoPkg/Li= brary/OpensslLib/OpensslLibFull.inf index 1b5d9fa42405..c563ab13e4dc 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf @@ -633,6 +633,8 @@ [Sources] buildinf.h ossl_store.c rand_pool.c +# SslNull.c +# EcSm2Null.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf b/CryptoP= kg/Library/OpensslLib/OpensslLibFullAccel.inf index 3c7b33f1e512..6ba05f23187c 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf @@ -634,6 +634,8 @@ [Sources] buildinf.h ossl_store.c rand_pool.c +# SslNull.c +# EcSm2Null.c =20 [Sources.IA32] IA32/crypto/aes/aesni-x86.nasm | MSFT diff --git a/CryptoPkg/Library/OpensslLib/SslNull.c b/CryptoPkg/Library/Ope= nsslLib/SslNull.c new file mode 100644 index 000000000000..49f1405bc0f1 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/SslNull.c @@ -0,0 +1,405 @@ +/** @file + Null implementation of SSL functions called by BaseCryptLib. + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include + +int +OPENSSL_init_ssl ( + uint64_t opts, + const OPENSSL_INIT_SETTINGS *settings + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur uint32_t +SSL_CIPHER_get_id ( + const SSL_CIPHER *c + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_COMP_add_compression_method ( + int id, + COMP_METHOD *cm + ) +{ + ASSERT (FALSE); + return 0; +} + +long +SSL_CTX_ctrl ( + SSL_CTX *ctx, + int cmd, + long larg, + void *parg + ) +{ + ASSERT (FALSE); + return 0; +} + +void +SSL_CTX_free ( + SSL_CTX *x + ) +{ + ASSERT (FALSE); + return; +} + +__owur X509_STORE * +SSL_CTX_get_cert_store ( + const SSL_CTX *x + ) +{ + ASSERT (FALSE); + return NULL; +} + +__owur SSL_CTX * +SSL_CTX_new ( + const SSL_METHOD *meth + ) +{ + ASSERT (FALSE); + return NULL; +} + +unsigned long +SSL_CTX_set_options ( + SSL_CTX *ctx, + unsigned long op + ) +{ + ASSERT (FALSE); + return 0; +} + +const unsigned char * +SSL_SESSION_get_id ( + const SSL_SESSION *s, + unsigned int *len + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur size_t +SSL_SESSION_get_master_key ( + const SSL_SESSION *sess, + unsigned char *out, + size_t outlen + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_SESSION_set1_id ( + SSL_SESSION *s, + const unsigned char *sid, + unsigned int sid_len + ) +{ + ASSERT (FALSE); + return 0; +} + +long +SSL_ctrl ( + SSL *ssl, + int cmd, + long larg, + void *parg + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_do_handshake ( + SSL *s + ) +{ + ASSERT (FALSE); + return 0; +} + +void +SSL_free ( + SSL *ssl + ) +{ + ASSERT (FALSE); + return; +} + +__owur X509 * +SSL_get_certificate ( + const SSL *ssl + ) +{ + ASSERT (FALSE); + return NULL; +} + +__owur size_t +SSL_get_client_random ( + const SSL *ssl, + unsigned char *out, + size_t outlen + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur const SSL_CIPHER * +SSL_get_current_cipher ( + const SSL *s + ) +{ + ASSERT (FALSE); + return NULL; +} + +__owur int +SSL_get_error ( + const SSL *s, + int ret_code + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur size_t +SSL_get_server_random ( + const SSL *ssl, + unsigned char *out, + size_t outlen + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur SSL_SESSION * +SSL_get_session ( + const SSL *ssl + ) +{ + ASSERT (FALSE); + return NULL; +} + +__owur SSL_CTX * +SSL_get_SSL_CTX ( + const SSL *ssl + ) +{ + ASSERT (FALSE); + return NULL; +} + +__owur OSSL_HANDSHAKE_STATE +SSL_get_state ( + const SSL *ssl + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_get_verify_mode ( + const SSL *s + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur X509_VERIFY_PARAM * +SSL_get0_param ( + SSL *ssl + ) +{ + ASSERT (FALSE); + return NULL; +} + +int +SSL_is_init_finished ( + const SSL *s + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_is_server ( + const SSL *s + ) +{ + ASSERT (FALSE); + return 0; +} + +SSL * +SSL_new ( + SSL_CTX *ctx + ) +{ + ASSERT (FALSE); + return NULL; +} + +__owur int +SSL_read ( + SSL *ssl, + void *buf, + int num + ) +{ + ASSERT (FALSE); + return 0; +} + +void +SSL_set_bio ( + SSL *s, + BIO *rbio, + BIO *wbio + ) +{ + ASSERT (FALSE); + return; +} + +__owur int +SSL_set_cipher_list ( + SSL *s, + const char *str + ) +{ + ASSERT (FALSE); + return 0; +} + +void +SSL_set_connect_state ( + SSL *s + ) +{ + ASSERT (FALSE); + return; +} + +void +SSL_set_hostflags ( + SSL *s, + unsigned int flags + ) +{ + ASSERT (FALSE); + return; +} + +void +SSL_set_info_callback ( + SSL *ssl, + void ( *cb )(const SSL *ssl, int type, int val) + ) +{ + ASSERT (FALSE); + return; +} + +void +SSL_set_security_level ( + SSL *s, + int level + ) +{ + ASSERT (FALSE); + return; +} + +void +SSL_set_verify ( + SSL *s, + int mode, + SSL_verify_cb callback + ) +{ + ASSERT (FALSE); + return; +} + +int +SSL_shutdown ( + SSL *s + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_use_certificate ( + SSL *ssl, + X509 *x + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_version ( + const SSL *ssl + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_write ( + SSL *ssl, + const void *buf, + int num + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur const SSL_METHOD * +TLS_client_method ( + void + ) +{ + ASSERT (FALSE); + return NULL; +} diff --git a/CryptoPkg/Private/Library/IntrinsicLib.h b/CryptoPkg/Private/L= ibrary/IntrinsicLib.h new file mode 100644 index 000000000000..69172a041949 --- /dev/null +++ b/CryptoPkg/Private/Library/IntrinsicLib.h @@ -0,0 +1,16 @@ +/** @file + InstrinsicLib class with intrinsic APIs generated by compilers. + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef INTRINSTIC_LIB_H_ +#define INTRINSTIC_LIB_H_ + +// +// Compiler dependent intrinsic APIs. +// + +#endif diff --git a/CryptoPkg/Private/Library/OpensslLib.h b/CryptoPkg/Private/Lib= rary/OpensslLib.h new file mode 100644 index 000000000000..005eb848724e --- /dev/null +++ b/CryptoPkg/Private/Library/OpensslLib.h @@ -0,0 +1,14 @@ +/** @file + OpensslLib class with APIs from the openssl project + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef OPENSSL_LIB_H_ +#define OPENSSL_LIB_H_ + +#include + +#endif --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95000): https://edk2.groups.io/g/devel/message/95000 Mute This Topic: https://groups.io/mt/94260747/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 21:45:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95002+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95002+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665500897; cv=none; d=zohomail.com; s=zohoarc; b=iSM/ziEOKsa1aa/8B77iol4Evj13FTIZ1X8KEKMSApqpthhLhcf50V4p3FLbZ11mjLdplO7FXVTGyNTX9Rll26dg7ayLMkkSsooBknCORbZwtIHP6Y3j+YB4Z0ig3M1h1LRb9yfXxVYeM/FAvcAhy+WzrqaRWuLFmpIkLHXmi/4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665500897; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=DxRSGmkRksrVJKgk3oGRYOZ/7Go3dsVcO1MAXaanel4=; b=PVgM/oofQb4Wfdru8Cdr33uTliDFGucAcG+R0pID/Ty3lObcJr8Z6WDaD4n9P39wAz+VzJX0bC/rbSAspSMnOdAthpvvcCg6+KH0XG7ay55P0Y7IjQGMr2wkbyj6mzgN7hdZ3gwh5rMTJ2xdc0zZpEyS7EQf3Nl+xbTKgt6ysWk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95002+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665500897470455.9201764400252; Tue, 11 Oct 2022 08:08:17 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id q1VuYY1788612xZ8nt5VwNyQ; Tue, 11 Oct 2022 08:08:17 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web09.8668.1665500716182547303 for ; Tue, 11 Oct 2022 08:05:16 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="366518338" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="366518338" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:08 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="604172836" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="604172836" X-Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.79.249]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:08 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Christopher Zurcher Subject: [edk2-devel] [Patch 08/12] CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files Date: Tue, 11 Oct 2022 08:03:54 -0700 Message-Id: <20221011150358.1332-9-michael.d.kinney@intel.com> In-Reply-To: <20221011150358.1332-1-michael.d.kinney@intel.com> References: <20221011150358.1332-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com X-Gm-Message-State: j2qkkKUfrc4Uok1Q7B9KXvSRx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665500897; bh=uPxeLLj6QKZ3MhS0Z22IBARflfUEOdogL8XrYwQ8Ic4=; h=Cc:Date:From:Reply-To:Subject:To; b=nuSlWNxiQDh4H//lKcwyIOXKMe0v6o3ks1LovHz13o2XhxwCK/O3l0ZOP0I26m7W9Vz z1T1+5xqmJt4Uc/EzlaiVeHAaAzxC1NqXMJulopgYbq4Nwv8hencZlVKZIOmQZ6zdm4sX 7nctQzWBauS2X7AHBdMdG00gchLxXsJ0Ne0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665500898413100001 Content-Type: text/plain; charset="utf-8" The OpensslLib instances do not directly use any PrintLib services. Remove PrintLib from [LibraryClasses] sections of all OpensslLib INF files. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Christopher Zurcher Signed-off-by: Michael D Kinney --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 - CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf | 1 - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 - CryptoPkg/Library/OpensslLib/OpensslLibFull.inf | 1 - CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf | 1 - 5 files changed, 5 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index 9dc1dd23cf5a..a12b52bc0c72 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -638,7 +638,6 @@ [LibraryClasses] BaseLib DebugLib RngLib - PrintLib =20 [LibraryClasses.ARM] ArmSoftFloatLib diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf b/CryptoPkg/L= ibrary/OpensslLib/OpensslLibAccel.inf index 256400bcc1b0..c6e28a7ce0e7 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf @@ -687,7 +687,6 @@ [LibraryClasses] BaseLib DebugLib RngLib - PrintLib =20 [BuildOptions] # diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index 543487d53642..4aade29bb852 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -639,7 +639,6 @@ [LibraryClasses] BaseLib DebugLib RngLib - PrintLib =20 [LibraryClasses.ARM] ArmSoftFloatLib diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf b/CryptoPkg/Li= brary/OpensslLib/OpensslLibFull.inf index c563ab13e4dc..35f6259d8f89 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf @@ -644,7 +644,6 @@ [LibraryClasses] BaseLib DebugLib RngLib - PrintLib =20 [LibraryClasses.ARM] ArmSoftFloatLib diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf b/CryptoP= kg/Library/OpensslLib/OpensslLibFullAccel.inf index 6ba05f23187c..c4bd8c683e96 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf @@ -692,7 +692,6 @@ [LibraryClasses] BaseLib DebugLib RngLib - PrintLib =20 [BuildOptions] # --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95002): https://edk2.groups.io/g/devel/message/95002 Mute This Topic: https://groups.io/mt/94260749/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 21:45:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95001+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95001+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665500718; cv=none; d=zohomail.com; s=zohoarc; b=lUymof3q2Q1V0F/rhSWV+8zWKl7uBaJwDuCPbmhuTZelEgJ797OIQT8OusL0lFTb7Vxyi/uAFDFT3sFkK7jQljxyaWrQ9u12jVUXsfvEBbCaWhBZLnHROqiwE7aH6QvqgziQT2uugZ3RBzXRv4RYiF/gvT6gytvgPWEHs1x24vk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665500718; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=NQJtvMMTC08z8wqx3npL4xSgKHRx6HxXDLmDsaagMTI=; b=GjDlYAHdGnnrgMKfi6YdyP/YmBgNXHfEG59v1GNf0NsjpHkLCTNyMmNrPQXKS9IyJD/cuEq9Dkps2Cnq2S+PEUbGNukBxB5AWMoWbFxXyKqmgg8X71KxI/qBWo90YiMzemVVkFJ/hhDToIEPUzuhStvgz/CJl0Yr35ojmXhCUvM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95001+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665500718009892.0291531350092; Tue, 11 Oct 2022 08:05:18 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id GAP3YY1788612xyqX9gAh1NL; Tue, 11 Oct 2022 08:05:17 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web09.8668.1665500716182547303 for ; Tue, 11 Oct 2022 08:05:16 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="366518342" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="366518342" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:09 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="604172839" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="604172839" X-Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.79.249]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:08 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Christopher Zurcher Subject: [edk2-devel] [Patch 09/12] CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec Date: Tue, 11 Oct 2022 08:03:55 -0700 Message-Id: <20221011150358.1332-10-michael.d.kinney@intel.com> In-Reply-To: <20221011150358.1332-1-michael.d.kinney@intel.com> References: <20221011150358.1332-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com X-Gm-Message-State: 9p6raPPDWKS3OkcazYtxN2xux1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665500717; bh=rze1W941bgGbSw2VN9yO8R1VAAspjhlZgdj0Og2aZSk=; h=Cc:Date:From:Reply-To:Subject:To; b=SvICBjnyVy5PC4tSnP77hUOsrLOKBvSfNALAn9IrDWAAUqGuTKlU1phTYavBonbnUgU VOGQxGZDqt3oKCNCUcwj3Ty/RS+eGb4YFteh/YXrvcfW+iKNF32ftqH32JOFJIQ0VibMi +4OedEu1nDILNIRtv4pQQM//SUUbwK0WBrc= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665500718923100004 Content-Type: text/plain; charset="utf-8" Remove the PcdOpensslEcEnabled PCD that is no longer used. The EC feature is selected by using one of the OpensslLib instances that includes the EC features which are either OpensslLibFull.inf or OpensslLibFullAccel.inf. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Christopher Zurcher Signed-off-by: Michael D Kinney --- CryptoPkg/CryptoPkg.dec | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index f326c6324013..e20a5e9c38e3 100644 --- a/CryptoPkg/CryptoPkg.dec +++ b/CryptoPkg/CryptoPkg.dec @@ -90,38 +90,5 @@ [PcdsFixedAtBuild] # @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004, 0x00000008= , 0x00000010 gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x00000002|UINT32|0x0000= 0001 =20 - ## Enable/Disable the ECC feature in openssl library. The default is dis= abled. - # If ECC feature is disabled, all related source files will not be comp= iled. - # @Prompt Enable/Disable ECC feature in openssl library - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled|FALSE|BOOLEAN|0x0000003 - # Set it to TRUE if: - # 1) Platform needs ECC in TLS, or asymmetric cryptography services such= as - # X509 certificate or PEM format data processing. - # 2) Platform needs to enable PcdCryptoServiceFamilyEnable.Ec service. - # Please note: - # ECC feature will cause a significant memory increase, approximate memo= ry impact - # in below table for reference by platform developers with FW size limit= ations. - # Uncompressed LZMA Compressed - # CPU CRYPTO_SERVICES Module EC=3DFALSE EC=3DTRUE EC=3DFALSE EC= =3DTRUE Increase - # =3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D= =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D= =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D - # IA32 NONE CryptoPei 21536 21568 = 0 KB - # IA32 NONE CryptoDxe 21632 21696 = 0 KB - # IA32 NONE CryptoSmm 22976 23072 = 0 KB - # IA32 MIN_PEI CryptoPei 248992 249120 = 0 KB - # IA32 MIN_DXE_MIN_SMM CryptoDxe 636672 829568 288520 401034 = 113 KB - # IA32 MIN_DXE_MIN_SMM CryptoSmm 426048 601472 191517 296022 = 105 KB - # IA32 ALL CryptoPei 423840 598976 189047 293759 = 104 KB - # IA32 ALL CryptoDxe 645280 838144 292955 405277 = 113 KB - # IA32 ALL CryptoSmm 441888 617184 198779 303628 = 105 KB - # X64 NONE CryptoPei 29632 29664 = 0 KB - # X64 NONE CryptoDxe 29792 29792 = 0 KB - # X64 NONE CryptoSmm 31296 31296 = 0 KB - # X64 MIN_PEI CryptoPei 310784 310848 = 0 KB - # X64 MIN_DXE_MIN_SMM CryptoDxe 804288 1016256 311436 426596 = 115 KB - # X64 MIN_DXE_MIN_SMM CryptoSmm 543776 733920 204483 310775 = 106 KB - # X64 ALL CryptoPei 540384 730240 202494 308467 = 106 KB - # X64 ALL CryptoDxe 815392 1027296 316228 431321 = 115 KB - # X64 ALL CryptoSmm 563648 753696 213488 319644 = 106 KB - [UserExtensions.TianoCore."ExtraFiles"] CryptoPkgExtra.uni --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95001): https://edk2.groups.io/g/devel/message/95001 Mute This Topic: https://groups.io/mt/94260748/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 21:45:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95003+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95003+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665501079; cv=none; d=zohomail.com; s=zohoarc; b=NiVOQQlLE5ujmwgYUMU2iaHQHBeiTAzqgAPZ+3Jdxgmiold4jUXXK1mzeceBbMgpiYykkB9nug47TghU5PTrTTHb5wxnKMF8IM8TaklAuCMoqJ4wzd2u/K1mBJMyKjY+DKkQUf3/ykMGMl3IMO8av4MrvGVmivcQqiuCVYKFEu4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665501079; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=lxy1kVlFqF4AUj6lj882oVoOpkr3CzPgL1eEyyw9+bA=; b=GGJliz3EC7+eXWk/4VtofuJhzoOb3eYNoGwlGZYCpFn2VyxELppUczeqfItJdw4RiysT3PbwuiZD+woVqQJbuz0c+UR9fcmqJoATFjK8y3sh4lzN9opy1lpVHNZu7Sj6d9TZ/Pzc69ISU8sgUcAQ3jJ4KDY+PtCOoFqwMPxotKM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95003+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665501079272195.44909908341208; Tue, 11 Oct 2022 08:11:19 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 6gd2YY1788612xv3VsTboUrO; Tue, 11 Oct 2022 08:11:18 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web08.8439.1665500715117670141 for ; Tue, 11 Oct 2022 08:05:16 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="366518349" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="366518349" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:09 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="604172842" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="604172842" X-Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.79.249]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:09 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Christopher Zurcher Subject: [edk2-devel] [Patch 10/12] CryptoPkg: Update DSC to improve CI test coverage Date: Tue, 11 Oct 2022 08:03:56 -0700 Message-Id: <20221011150358.1332-11-michael.d.kinney@intel.com> In-Reply-To: <20221011150358.1332-1-michael.d.kinney@intel.com> References: <20221011150358.1332-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com X-Gm-Message-State: 4EQZ0mSNIVdJYY2olCfUzGeGx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665501078; bh=OQvO0U3JAiHe+d8+x64OWjFHcLU/Oe3SL6WVxCpyWxo=; h=Cc:Date:From:Reply-To:Subject:To; b=STzZlePZBufVtbSO4aewq78NemRqEyNOLlrMyIloW5WyAuiTT/BmfXVy4Du+mgt1YWh qpCug0FhPN5uaprbdixjN+q7xcMGpUK0Ub0bccAQ5MdWcICXPfTcGOsRL/WhOeaicKvSX SKAR/cJtsvZVb8kgleSgoTP6+euGIpEJIR0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665501080696100001 Content-Type: text/plain; charset="utf-8" With the addition of EC services and performance optimized versions of the OpensslLib for IA32/X64, the CryptoPkg.dsc file is updated to make sure all combinations are covered in CI builds. * Use different output directory for each CRYPTO_SERVICES profile. * Add FILE_GUID define names for CryptoPei, CryptoDxe, and CryptoSmm when they are linked with different OpensslLib instances. * Update CryptoPei, CryptoDxe, CryptoSmm builds to include all combinations of OpensslLib library instances supported by each CPU architecture. * Add TARGET_UINT_TESTS profile to CryptoPkg.dsc to build only the target-based unit tests. This reduces the size of CryptoPkg components not related to unit testing by removing unit test specific assert handlers. Build target-based unit tests using OpensslLibFull.inf and OpensslLibFullAccel.inf. * Remove the PACKAGE profile and instead make the ALL profile the default for CI testing that enables all services for all modules. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Christopher Zurcher Signed-off-by: Michael D Kinney --- CryptoPkg/CryptoPkg.dsc | 450 +++++++++++++++++++++++++++++++--------- 1 file changed, 356 insertions(+), 94 deletions(-) diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index ab28d8861f10..34abf63f2a1d 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -18,34 +18,73 @@ [Defines] PLATFORM_GUID =3D E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6 PLATFORM_VERSION =3D 0.98 DSC_SPECIFICATION =3D 0x00010005 - OUTPUT_DIRECTORY =3D Build/CryptoPkg SUPPORTED_ARCHITECTURES =3D IA32|X64|ARM|AARCH64|RISCV64 BUILD_TARGETS =3D DEBUG|RELEASE|NOOPT SKUID_IDENTIFIER =3D DEFAULT =20 # # Flavor of PEI, DXE, SMM modules to build. - # Must be one of ALL, NONE, MIN_PEI, MIN_DXE_MIN_SMM. + # Must be one of ALL, NONE, MIN_PEI, MIN_DXE_MIN_SMM, TARGET_UINT_TESTS. # Default is ALL that is used for package build verification. - # PACKAGE - Package verification build of all components. Null - # versions of libraries are used to minimize build t= imes. - # ALL - Build PEIM, DXE, and SMM drivers. Protocols and P= PIs - # publish all services. - # NONE - Build PEIM, DXE, and SMM drivers. Protocols and P= PIs - # publish no services. Used to verify compiler/link= er - # optimizations are working correctly. - # MIN_PEI - Build PEIM with PPI that publishes minimum required - # services. - # MIN_DXE_MIN_SMM - Build DXE and SMM drivers with Protocols that publ= ish - # minimum required services. + # ALL - Build PEIM, DXE, and SMM drivers. Protocols and= PPIs + # publish all services. + # NONE - Build PEIM, DXE, and SMM drivers. Protocols and= PPIs + # publish no services. Used to verify compiler/li= nker + # optimizations are working correctly. + # MIN_PEI - Build PEIM with PPI that publishes minimum requi= red + # services. + # MIN_DXE_MIN_SMM - Build DXE and SMM drivers with Protocols that pu= blish + # minimum required services. + # TARGET_UNIT_TESTS - Build target-based unit tests # - DEFINE CRYPTO_SERVICES =3D PACKAGE -!if $(CRYPTO_SERVICES) IN "PACKAGE ALL NONE MIN_PEI MIN_DXE_MIN_SMM" + DEFINE CRYPTO_SERVICES =3D ALL +!if $(CRYPTO_SERVICES) IN "ALL NONE MIN_PEI MIN_DXE_MIN_SMM TARGET_UNIT_TE= STS" !else - !error CRYPTO_SERVICES must be set to one of PACKAGE ALL NONE MIN_PEI MI= N_DXE_MIN_SMM. + !error CRYPTO_SERVICES must be set to one of ALL NONE MIN_PEI MIN_DXE_MI= N_SMM TARGET_UNIT_TESTS. !endif =20 -!include UnitTestFrameworkPkg/UnitTestFrameworkPkgTarget.dsc.inc +# +# Define different OUTPUT_DIRECTORY for each CRYPTO_SERVICES profile +# +!if $(CRYPTO_SERVICES) =3D=3D ALL + OUTPUT_DIRECTORY =3D Build/CryptoPkg/All +!endif +!if $(CRYPTO_SERVICES) =3D=3D NONE + OUTPUT_DIRECTORY =3D Build/CryptoPkg/None +!endif +!if $(CRYPTO_SERVICES) =3D=3D MIN_PEI + OUTPUT_DIRECTORY =3D Build/CryptoPkg/MinPei +!endif +!if $(CRYPTO_SERVICES) =3D=3D MIN_DXE_MIN_SMM + OUTPUT_DIRECTORY =3D Build/CryptoPkg/MinDxeMinSmm +!endif +!if $(CRYPTO_SERVICES) =3D=3D TARGET_UNIT_TESTS + OUTPUT_DIRECTORY =3D Build/CryptoPkg/TagetUnitTests +!endif + +# +# Define FILE_GUID names/values for CryptoPei, CryptopDxe, and CryptoSmm +# drivers that are linked with different OpensslLib instances +# + DEFINE PEI_CRYPTO_GUID =3D C693A250-6B36-49B9-B7F3-7283F8136A72 + DEFINE PEI_STD_GUID =3D EBD49F5C-6D8B-40D1-A56D-9AFA485A8661 + DEFINE PEI_FULL_GUID =3D D51FCE59-6860-49C0-9B35-984470735D17 + DEFINE PEI_STD_ACCEL_GUID =3D DCC9CB49-7BE2-47C6-864E-6DCC932360F9 + DEFINE PEI_FULL_ACCEL_GUID =3D A10827AD-7598-4955-B661-52EE2B62B057 + DEFINE DXE_CRYPTO_GUID =3D 31C17C54-325D-47D5-8622-888098F10E44 + DEFINE DXE_STD_GUID =3D ADD6D05A-52A2-437B-98E7-DBFDA89352CD + DEFINE DXE_FULL_GUID =3D AA83B296-F6EA-447F-B013-E80E98629CF8 + DEFINE DXE_STD_ACCEL_GUID =3D 9FBDAD27-910C-4229-9EFF-A93BB5FE18C6 + DEFINE DXE_FULL_ACCEL_GUID =3D 41A491D1-A972-468B-A299-DABF415A43B7 + DEFINE SMM_CRYPTO_GUID =3D 1A1C9E13-5722-4636-AB73-31328EDE8BAF + DEFINE SMM_STD_GUID =3D E4D7D1E3-E886-4412-A442-EFD6F2502DD3 + DEFINE SMM_FULL_GUID =3D 1930CE7E-6598-48ED-8AB1-EBE7E85EC254 + DEFINE SMM_STD_ACCEL_GUID =3D 828959D3-CEA6-4B79-B1FC-5AFA0D7F2144 + DEFINE SMM_FULL_ACCEL_GUID =3D C1760694-AB3A-4532-8C6D-52D8F86EB1AA + +!if $(CRYPTO_SERVICES) =3D=3D TARGET_UNIT_TESTS + !include UnitTestFrameworkPkg/UnitTestFrameworkPkgTarget.dsc.inc +!endif =20 ##########################################################################= ###### # @@ -58,17 +97,24 @@ [Defines] [LibraryClasses] BaseLib|MdePkg/Library/BaseLib/BaseLib.inf BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf - PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf - DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf - UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBoo= tServicesTableLib.inf - UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry= Point.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf - TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf - HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf - RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchroniza= tionLib.inf + TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat= e.inf + RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf + DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebug= LibReportStatusCode.inf + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseD= ebugPrintErrorLevelLib.inf + OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHo= okStatusCodeLibNull.inf + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + +[LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64] + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf =20 [LibraryClasses.ARM, LibraryClasses.AARCH64] + ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf # # It is not possible to prevent the ARM compiler for generic intrinsic f= unctions. # This library provides the instrinsic functions generate by a given com= piler. @@ -80,41 +126,19 @@ [LibraryClasses.ARM, LibraryClasses.AARCH64] # Add support for stack protector NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf =20 -[LibraryClasses.common.PEIM] - PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf - MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAlloc= ationLib.inf - PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/Pei= ServicesTablePointerLib.inf - PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf - HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf - -[LibraryClasses.common.DXE_SMM_DRIVER] - SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableL= ib.inf - MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAlloc= ationLib.inf - MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.= inf - -!if $(CRYPTO_SERVICES) IN "ALL NONE MIN_PEI MIN_DXE_MIN_SMM" -[LibraryClasses] - MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf - DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebug= LibReportStatusCode.inf - DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseD= ebugPrintErrorLevelLib.inf - OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHo= okStatusCodeLibNull.inf - PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf - DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf - PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf - TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat= e.inf - UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/U= efiRuntimeServicesTableLib.inf #??? - IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf = #??? - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf - SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf - [LibraryClasses.ARM] ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf =20 [LibraryClasses.common.SEC] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf =20 [LibraryClasses.common.PEIM] + PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf + PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/Pei= ServicesTablePointerLib.inf + PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf + MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAlloc= ationLib.inf + HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiRepor= tStatusCodeLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -123,19 +147,34 @@ [LibraryClasses.common.PEIM] [LibraryClasses.IA32.PEIM, LibraryClasses.X64.PEIM] PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/= PeiServicesTablePointerLibIdt.inf =20 -[LibraryClasses.ARM.PEIM, LibraryClasses.AARCH64.PEIM] - PeiServicesTablePointerLib|ArmPkg/Library/PeiServicesTablePointerLib/Pei= ServicesTablePointerLib.inf - [LibraryClasses.common.DXE_DRIVER] + UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry= Point.inf + UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBoo= tServicesTableLib.inf + UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/U= efiRuntimeServicesTableLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf =20 [LibraryClasses.common.DXE_SMM_DRIVER] + UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry= Point.inf + UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBoo= tServicesTableLib.inf + SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableL= ib.inf + MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.= inf + MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAlloc= ationLib.inf ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmRepor= tStatusCodeLib.inf + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf -!endif + +[LibraryClasses.common.UEFI_APPLICATION] + UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiA= pplicationEntryPoint.inf + UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBoo= tServicesTableLib.inf + UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/U= efiRuntimeServicesTableLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf + ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseRepor= tStatusCodeLibNull.inf + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf =20 ##########################################################################= ###### # @@ -147,7 +186,12 @@ [PcdsFixedAtBuild] gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000000 gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 =20 -!if $(CRYPTO_SERVICES) IN "PACKAGE ALL" +# +# For ALL and TARGET_UINT_TESTS profiles, enable all non-deprecated famili= es +# and services in PcdCryptoServiceFamilyEnable. +# +!if $(CRYPTO_SERVICES) IN "ALL TARGET_UINT_TESTS" +[PcdsFixedAtBuild] gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY @@ -176,7 +220,12 @@ [PcdsFixedAtBuild] gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY !endif =20 +# +# Enable minimum set of families/services in PcdCryptoServiceFamilyEnable +# required by typical PEI phase. +# !if $(CRYPTO_SERVICES) =3D=3D MIN_PEI +[PcdsFixedAtBuild] gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY @@ -191,7 +240,12 @@ [PcdsFixedAtBuild] gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P= kcs5HashPassword | TRUE !endif =20 +# +# Enable minimum set of families/services in PcdCryptoServiceFamilyEnable +# required by typical DXE and SMM phases. +# !if $(CRYPTO_SERVICES) =3D=3D MIN_DXE_MIN_SMM +[PcdsFixedAtBuild] gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P= kcs1v2Encrypt | TRUE @@ -243,12 +297,61 @@ [PcdsFixedAtBuild] # generated for it, but the binary will not be put into any firmware= volume. # ##########################################################################= ######################### -[Components] - CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf - CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf =20 -!if $(CRYPTO_SERVICES) =3D=3D PACKAGE +# +# If profile is TARGET_UNIT_TESTS, then build target-based unit tests +# using the OpensslLib, BaseCryptLib, and TlsLib with the largest set of +# available services. +# +!if $(CRYPTO_SERVICES) =3D=3D TARGET_UNIT_TESTS +[Components.IA32, Components.X64, Components.ARM, Components.AARCH64] + # + # Target based unit tests + # + CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf { + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf + + MSFT:*_*_*_DLINK_FLAGS =3D /ALIGN:4096 /FILEALIGN:4096 /SUBSYSTE= M:CONSOLE + MSFT:DEBUG_*_*_DLINK_FLAGS =3D /EXPORT:InitializeDriver=3D$(IMAGE_EN= TRY_POINT) /BASE:0x10000 + MSFT:DEBUG_*_*_DLINK_FLAGS =3D /EXPORT:InitializeDriver=3D$(IMAGE_EN= TRY_POINT) /BASE:0x10000 + MSFT:NOOPT_*_*_DLINK_FLAGS =3D /EXPORT:InitializeDriver=3D$(IMAGE_EN= TRY_POINT) /BASE:0x10000 + } + +[Components.IA32, Components.X64] + CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf { + + FILE_GUID =3D B91B9A95-4D52-4501-A98F-A1711C14ED93 + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf + + MSFT:*_*_*_DLINK_FLAGS =3D /ALIGN:4096 /FILEALIGN:4096 /SUBSYSTE= M:CONSOLE + MSFT:DEBUG_*_*_DLINK_FLAGS =3D /EXPORT:InitializeDriver=3D$(IMAGE_EN= TRY_POINT) /BASE:0x10000 + MSFT:DEBUG_*_*_DLINK_FLAGS =3D /EXPORT:InitializeDriver=3D$(IMAGE_EN= TRY_POINT) /BASE:0x10000 + MSFT:NOOPT_*_*_DLINK_FLAGS =3D /EXPORT:InitializeDriver=3D$(IMAGE_EN= TRY_POINT) /BASE:0x10000 + } + +[Components.RISCV64] + CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf { + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf + } +!endif + +# +# If profile is ALL, then do verification build of all library instances. +# +!if $(CRYPTO_SERVICES) =3D=3D ALL [Components] + # + # Build verification of all library instances + # CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -258,59 +361,218 @@ [Components] CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf CryptoPkg/Library/TlsLib/TlsLib.inf CryptoPkg/Library/TlsLibNull/TlsLibNull.inf - CryptoPkg/Library/OpensslLib/OpensslLib.inf CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + CryptoPkg/Library/OpensslLib/OpensslLib.inf + CryptoPkg/Library/OpensslLib/OpensslLibFull.inf CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf - CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf + # + # Build verification of target-based unit tests + # + CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf { + + UnitTestLib|UnitTestFrameworkPkg/Library/UnitTestLib/UnitTestLib.inf + UnitTestPersistenceLib|UnitTestFrameworkPkg/Library/UnitTestPersiste= nceLibNull/UnitTestPersistenceLibNull.inf + UnitTestResultReportLib|UnitTestFrameworkPkg/Library/UnitTestResultR= eportLib/UnitTestResultReportLibConOut.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf + } + +[Components.IA32, Components.X64] + # + # Build verification of IA32/X64 specific libraries + # + CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf + CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf !endif =20 -!if $(CRYPTO_SERVICES) IN "PACKAGE ALL NONE MIN_PEI" +# +# If profile is ALL or NONE or MIN_PEI, then build CryptoPei with all supp= orted +# OpensslLib instances. +# +!if $(CRYPTO_SERVICES) in "ALL NONE MIN_PEI" +[Components] + # + # CryptoPei with OpensslLib instance without SSL or EC services + # + CryptoPkg/Driver/CryptoPei.inf { + + FILE_GUID =3D $(PEI_CRYPTO_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + } + # + # CryptoPei with OpensslLib instance without EC services + # + CryptoPkg/Driver/CryptoPei.inf { + + FILE_GUID =3D $(PEI_STD_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + } [Components.IA32, Components.X64, Components.ARM, Components.AARCH64] + # + # CryptoPei with OpensslLib instance with all services + # + CryptoPkg/Driver/CryptoPei.inf { + + FILE_GUID =3D $(PEI_FULL_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf + } + +[Components.IA32, Components.X64] + # + # CryptoPei with IA32/X64 performance optimized OpensslLib instance with= out EC services + # IA32/X64 assembly optimizations required larger alignments + # CryptoPkg/Driver/CryptoPei.inf { - !if $(CRYPTO_SERVICES) =3D=3D ALL - FILE_GUID =3D 8DF53C2E-3380-495F-A8B7-370CFE28E1C6 - !elseif $(CRYPTO_SERVICES) =3D=3D NONE - FILE_GUID =3D E5A97EE3-71CC-407F-9DA9-6BE0C8A6C7DF - !elseif $(CRYPTO_SERVICES) =3D=3D MIN_PEI - FILE_GUID =3D 0F5827A9-35FD-4F41-8D38-9BAFCE594D31 - !endif + FILE_GUID =3D $(PEI_STD_ACCEL_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf + + MSFT:*_*_IA32_DLINK_FLAGS =3D /ALIGN:64 + MSFT:*_*_X64_DLINK_FLAGS =3D /ALIGN:256 + } + + # + # CryptoPei with IA32/X64 performance optimized OpensslLib instance all = services + # IA32/X64 assembly optimizations required larger alignments + # + CryptoPkg/Driver/CryptoPei.inf { + + FILE_GUID =3D $(PEI_FULL_ACCEL_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf + + MSFT:*_*_IA32_DLINK_FLAGS =3D /ALIGN:64 + MSFT:*_*_X64_DLINK_FLAGS =3D /ALIGN:256 } !endif =20 -!if $(CRYPTO_SERVICES) IN "PACKAGE ALL NONE MIN_DXE_MIN_SMM" -[Components.IA32, Components.X64, Components.AARCH64] +# +# If profile is ALL or NONE or MIN_DXE_MIN_SMM, then build CryptoDxe and +# CryptoSmm using all supported OpensslLib instances. +# +!if $(CRYPTO_SERVICES) in "ALL NONE MIN_DXE_MIN_SMM" +[Components] + # + # CryptoDxe with OpensslLib instance with no SSL or EC services + # CryptoPkg/Driver/CryptoDxe.inf { - !if $(CRYPTO_SERVICES) =3D=3D ALL - FILE_GUID =3D D9444B06-060D-42C5-9344-F04707BE0169 - !elseif $(CRYPTO_SERVICES) =3D=3D NONE - FILE_GUID =3D C7A340F4-A6CC-4F95-A2DA-42BEA4C3944A - !elseif $(CRYPTO_SERVICES) =3D=3D MIN_DXE_MIN_SMM - FILE_GUID =3D DDF5BE9E-159A-4B77-B6D7-82B84B5763A2 - !endif + FILE_GUID =3D $(DXE_CRYPTO_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + } + # + # CryptoDxe with OpensslLib instance with no EC services + # + CryptoPkg/Driver/CryptoDxe.inf { + + FILE_GUID =3D $(DXE_STD_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + } +[Components.IA32, Components.X64, Components.ARM, Components.AARCH64] + # + # CryptoDxe with OpensslLib instance with all services + # + CryptoPkg/Driver/CryptoDxe.inf { + + FILE_GUID =3D $(DXE_FULL_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf } =20 [Components.IA32, Components.X64] + # + # CryptoDxe with IA32/X64 performance optimized OpensslLib instance with= no EC services + # with TLS feature enabled. + # IA32/X64 assembly optimizations required larger alignments + # + CryptoPkg/Driver/CryptoDxe.inf { + + FILE_GUID =3D $(DXE_STD_ACCEL_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf + + MSFT:*_*_IA32_DLINK_FLAGS =3D /ALIGN:64 + MSFT:*_*_X64_DLINK_FLAGS =3D /ALIGN:256 + } + # + # CryptoDxe with IA32/X64 performance optimized OpensslLib instance with= all services. + # IA32/X64 assembly optimizations required larger alignments + # + CryptoPkg/Driver/CryptoDxe.inf { + + FILE_GUID =3D $(DXE_FULL_ACCEL_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf + + MSFT:*_*_IA32_DLINK_FLAGS =3D /ALIGN:64 + MSFT:*_*_X64_DLINK_FLAGS =3D /ALIGN:256 + } + # + # CryptoSmm with OpensslLib instance with no SSL or EC services + # + CryptoPkg/Driver/CryptoSmm.inf { + + FILE_GUID =3D $(SMM_CRYPTO_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + } + # + # CryptoSmm with OpensslLib instance with no SSL services + # + CryptoPkg/Driver/CryptoSmm.inf { + + FILE_GUID =3D $(SMM_STD_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + } + # + # CryptoSmm with OpensslLib instance with no all services + # + CryptoPkg/Driver/CryptoSmm.inf { + + FILE_GUID =3D $(SMM_FULL_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf + } + # + # CryptoSmm with IA32/X64 performance optimized OpensslLib instance with= no EC services + # IA32/X64 assembly optimizations required larger alignments + # + CryptoPkg/Driver/CryptoSmm.inf { + + FILE_GUID =3D $(SMM_STD_ACCEL_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf + + MSFT:*_*_IA32_DLINK_FLAGS =3D /ALIGN:64 + MSFT:*_*_X64_DLINK_FLAGS =3D /ALIGN:256 + } + # + # CryptoSmm with IA32/X64 performance optimized OpensslLib instance with= all services + # IA32/X64 assembly optimizations required larger alignments + # CryptoPkg/Driver/CryptoSmm.inf { - !if $(CRYPTO_SERVICES) =3D=3D ALL - FILE_GUID =3D A3542CE8-77F7-49DC-A834-45D37D2EC1FA - !elseif $(CRYPTO_SERVICES) =3D=3D NONE - FILE_GUID =3D 6DCB3127-01E7-4131-A487-DC77A965A541 - !elseif $(CRYPTO_SERVICES) =3D=3D MIN_DXE_MIN_SMM - FILE_GUID =3D 85F7EA15-3A2B-474A-8875-180542CD6BF3 - !endif + FILE_GUID =3D $(SMM_FULL_ACCEL_GUID) + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf + + MSFT:*_*_IA32_DLINK_FLAGS =3D /ALIGN:64 + MSFT:*_*_X64_DLINK_FLAGS =3D /ALIGN:256 } !endif =20 [BuildOptions] - *_*_*_CC_FLAGS =3D -D DISABLE_NEW_DEPRECATED_INTERFACES -!if $(CRYPTO_SERVICES) IN "PACKAGE ALL" - MSFT:*_*_*_CC_FLAGS =3D /D ENABLE_MD5_DEPRECATED_INTERFACES - INTEL:*_*_*_CC_FLAGS =3D /D ENABLE_MD5_DEPRECATED_INTERFACES - GCC:*_*_*_CC_FLAGS =3D -D ENABLE_MD5_DEPRECATED_INTERFACES -!endif + RELEASE_*_*_CC_FLAGS =3D -DMDEPKG_NDEBUG + *_*_*_CC_FLAGS =3D -D DISABLE_NEW_DEPRECATED_INTERFACES --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95003): https://edk2.groups.io/g/devel/message/95003 Mute This Topic: https://groups.io/mt/94260750/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 21:45:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95004+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95004+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665500719; cv=none; d=zohomail.com; s=zohoarc; b=PAWa8qzGY4I7GFvu1tmc7GYL4v16j1H02FKAgF4F9OSlYFzHwczwAHiL2fl8HQSS91i99qd39zqxTxi+wv8cy/0blXzAjkqkvPk5RWFEOIJQQ01vn977JguOSm9tYN3enL7yyn6H9tTWvkW22ALjx/ARzeRyU15syni/XDx0Nrw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665500719; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=0iPwqfplV3eTeGdT1lXHBaBbogbvw+Fw2IaI0jMKZ0o=; b=A2J3hYVHQvkOKu3SJhCZMsirutZ161wmfAsbmH+bdWWD+0NqmXKoDGtFwneFFVUIA26JltZ79tl98lVjuabMqcxBK7MfFASXMxp2PyVLHws6325l7ISMRHfzJNr3rVv1MHBbGiKaFt5kVfDExFqy39hxZCvg0RGOjcn3ktK3n18= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95004+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665500719753402.3425545151806; Tue, 11 Oct 2022 08:05:19 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id oB0jYY1788612xykgPhHXv81; Tue, 11 Oct 2022 08:05:18 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.8598.1665500716960407715 for ; Tue, 11 Oct 2022 08:05:17 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="366518352" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="366518352" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:09 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="604172845" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="604172845" X-Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.79.249]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:09 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Christopher Zurcher Subject: [edk2-devel] [Patch 11/12] CryptoPkg: Fixed host-based unit tests Date: Tue, 11 Oct 2022 08:03:57 -0700 Message-Id: <20221011150358.1332-12-michael.d.kinney@intel.com> In-Reply-To: <20221011150358.1332-1-michael.d.kinney@intel.com> References: <20221011150358.1332-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com X-Gm-Message-State: vcLrqSGRY9a7rVYR3OJM2zVox1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665500718; bh=mws2WFz9uqcHAHxbbdWTEYWxk3/bDDBGJsh2Lsb+XmE=; h=Cc:Date:From:Reply-To:Subject:To; b=KJN38vkyeavT5hqo5IoY17/mglicwK3wjh3FyfKgcybhSFPttkTz0JBVAufCwD/06IW VpW4jsmD2zKgxoFn/MSGzGsxm+qiycQWNnn1Za7Eih4pyHvG9KQu7+KweqcbdCrcuPFEH z/qoSfu5EMRBHLPC3xgMGrWSBpDdD4jZyGY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665500720956100018 Content-Type: text/plain; charset="utf-8" * Build host-based tests using OpensslLib instance with all services enabled. * Build host-based tests using performance optimized OpensslLib instance with all services enabled. * Remove unused PCD gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled * Remove redundant and unnecessary [BuildOptions] * Limit host-based unit tests to only IA32/X64 Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Christopher Zurcher Signed-off-by: Michael D Kinney --- .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 ++------ CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 ++---- .../TestBaseCryptLibHostAccel.inf | 55 +++++++++++++++++++ 3 files changed, 67 insertions(+), 27 deletions(-) create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCr= yptLibHostAccel.inf diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf b/= CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf index 168e24e4c041..80261794470f 100644 --- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf @@ -18,7 +18,7 @@ [Defines] # # The following information is for reference only and not required by the = build tools. # -# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 +# VALID_ARCHITECTURES =3D IA32 X64 # =20 [Sources] @@ -28,6 +28,7 @@ [Sources] Hash/CryptSha256.c Hash/CryptSha512.c Hash/CryptSm3.c + Hash/CryptParallelHashNull.c Hmac/CryptHmac.c Kdf/CryptHkdf.c Cipher/CryptAes.c @@ -48,8 +49,7 @@ [Sources] Pk/CryptRsaPss.c Pk/CryptRsaPssSign.c Bn/CryptBn.c - Pk/CryptEcNull.c |*|*|*|!gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnab= led - Pk/CryptEc.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled + Pk/CryptEc.c =20 SysCall/UnitTestHostCrtWrapper.c =20 @@ -59,12 +59,6 @@ [Sources.Ia32] [Sources.X64] Rand/CryptRandTsc.c =20 -[Sources.ARM] - Rand/CryptRand.c - -[Sources.AARCH64] - Rand/CryptRand.c - [Packages] MdePkg/MdePkg.dec CryptoPkg/CryptoPkg.dec @@ -75,9 +69,7 @@ [LibraryClasses] MemoryAllocationLib DebugLib OpensslLib - -[FixedPcd] - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled + PrintLib =20 # # Remove these [BuildOptions] after this library is cleaned up @@ -85,11 +77,9 @@ [FixedPcd] [BuildOptions] # # suppress the following warnings so we do not break the build with warn= ings-as-errors: - # C4090: 'function' : different 'const' qualifiers - # C4018: '>': signed/unsigned mismatch - MSFT:*_*_*_CC_FLAGS =3D /wd4090 /wd4018 - + # GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99 GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99 + GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Dincompatible-point= er-types =20 XCODE:*_*_*_CC_FLAGS =3D -std=3Dc99 diff --git a/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc b/CryptoPkg/Test/Cryp= toPkgHostUnitTest.dsc index b6e1a6619844..369a1cb69939 100644 --- a/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc +++ b/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc @@ -19,19 +19,13 @@ [Defines] =20 !include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc =20 -[PcdsFixedAtBuild] - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled|TRUE - [LibraryClasses] - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.= inf SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchroniza= tionLib.inf TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat= e.inf =20 -[LibraryClasses.AARCH64, LibraryClasses.ARM] - RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf - [LibraryClasses.X64, LibraryClasses.IA32] RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf =20 @@ -40,9 +34,10 @@ [Components] # Build HOST_APPLICATION that tests the SampleUnitTest # CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf + CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i= nf { + + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf + } =20 [BuildOptions] - *_*_*_CC_FLAGS =3D -D DISABLE_NEW_DEPRECATED_INTERFACES - MSFT:*_*_*_CC_FLAGS =3D /D ENABLE_MD5_DEPRECATED_INTERFACES - INTEL:*_*_*_CC_FLAGS =3D /D ENABLE_MD5_DEPRECATED_INTERFACES - GCC:*_*_*_CC_FLAGS =3D -D ENABLE_MD5_DEPRECATED_INTERFACES + *_*_*_CC_FLAGS =3D -D DISABLE_NEW_DEPRECATED_INTERFACES diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibH= ostAccel.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLi= bHostAccel.inf new file mode 100644 index 000000000000..1157542c2a14 --- /dev/null +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAcce= l.inf @@ -0,0 +1,55 @@ +## @file +# Host-based UnitTest for BaseCryptLib +# +# Copyright (c) Microsoft Corporation.
+# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D BaseCryptLibUnitTestHostAccel + FILE_GUID =3D B1AED64E-B53A-4D69-B0BA-60EEDAC47A6B + MODULE_TYPE =3D HOST_APPLICATION + VERSION_STRING =3D 1.0 + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + UnitTestMain.c + BaseCryptLibUnitTests.c + TestBaseCryptLib.h + HashTests.c + HmacTests.c + BlockCipherTests.c + RsaTests.c + RsaPkcs7Tests.c + Pkcs5Pbkdf2Tests.c + AuthenticodeTests.c + TSTests.c + DhTests.c + RandTests.c + Pkcs7EkuTests.c + OaepEncryptTests.c + RsaPssTests.c + ParallelhashTests.c + HkdfTests.c + AeadAesGcmTests.c + BnTests.c + EcTests.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + BaseCryptLib + UnitTestLib + MmServicesTableLib + SynchronizationLib --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95004): https://edk2.groups.io/g/devel/message/95004 Mute This Topic: https://groups.io/mt/94260751/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 21:45:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95005+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95005+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665500726; cv=none; d=zohomail.com; s=zohoarc; b=brmeorhTN9Sr8ICFEftuYNCn+zFyNBcpluenK4ITz1wVVtvD6rCEzh1K3bF19sGdvQ3sTWAOJrwQwG9Z1/EgOR+IGkMLKPdcZOzFDRnPIONSPG1yLYf6/K+mfoNPJodypTO7SCZX5WgjHe2YOboh8I+XIspqexUCH9OtvrTivNc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665500726; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=lj06q6EPlDW/S6wxY+7f0HTklvzQS3hCANj8zipSNcI=; b=GcGCphElWUZd5bX+/AiQKGtiQPE7IC+I35j2hNViWv8Vmb9jDPqbM/p/EUjTdbyImfTMmz8N/lh6gwnpJnrBiAMFeg57jFLk57WtOUlOsN4JfkYIOrWOSc8W6qu1KZKesAf4rYxxVXGm6L+at9VnNqrL2TQqKnCghFTvNpwCsos= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95005+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 166550072664570.60940917981827; Tue, 11 Oct 2022 08:05:26 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ztkbYY1788612xRX0NTylr38; Tue, 11 Oct 2022 08:05:25 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web09.8668.1665500716182547303 for ; Tue, 11 Oct 2022 08:05:17 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="366518359" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="366518359" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:10 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="604172848" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="604172848" X-Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.79.249]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:09 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Christopher Zurcher Subject: [edk2-devel] [Patch 12/12] CryptoPkg: Add Readme.md Date: Tue, 11 Oct 2022 08:03:58 -0700 Message-Id: <20221011150358.1332-13-michael.d.kinney@intel.com> In-Reply-To: <20221011150358.1332-1-michael.d.kinney@intel.com> References: <20221011150358.1332-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com X-Gm-Message-State: xAzNm0ZVTG5Bvy99YtoxeMX2x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665500725; bh=RO4pZJHZgRYSJWhNwHZB95v8RXYXaTAlKf6yqG17sHM=; h=Cc:Date:From:Reply-To:Subject:To; b=o848PdTKorsMJRLT4VqP5THCI9EXNpVytvKDpbe+vA5Pbb5Qhm7fsp08okgGbiw7Muy bZm14dD+1vYTnHxdz70DJcYZvbM9WnacTF/RincEPdO8UMkb/LkZ/ASeDgO+lUeFmeMnz YCx9gC7aYpMBiiUjHvrN92mopjpXRpvyGnw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665500727241100002 Content-Type: text/plain; charset="utf-8" Add Readme.md that provides an overview of the CryptoPkg and how to configure the use of cryptographic services in a platform. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Christopher Zurcher Signed-off-by: Michael D Kinney --- CryptoPkg/Readme.md | 498 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 498 insertions(+) create mode 100644 CryptoPkg/Readme.md diff --git a/CryptoPkg/Readme.md b/CryptoPkg/Readme.md new file mode 100644 index 000000000000..a6f7531170ef --- /dev/null +++ b/CryptoPkg/Readme.md @@ -0,0 +1,498 @@ +# Crypto Package + +This package provides cryptographic services that are used to implement fi= rmware +features such as UEFI Secure Boot, Measured Boot, firmware image authentic= ation, +and network boot. The cryptographic service implementation in this package= uses +services from the [OpenSSL](https://www.openssl.org/) project. + +EDK II firmware modules/libraries that requires the use of cryptographic +services can either statically link all the required services, or the EDK = II +firmware module/library can use a dynamic Protocol/PPI service to call +cryptographic services. The dynamic Protocol/PPI services are only availab= le to +PEIMs, DXE Drivers, UEFI Drivers, and SMM Drivers, and only if the cryptog= raphic +modules are included in the platform firmware image. + +There may be firmware image size differences between the static and dynamic +options. Some experimentation may be required to find the solution that +provides the smallest overall firmware overhead. + +# Public Library Classes + +* **BaseCryptLib** - Provides library functions for cryptographic primitiv= es. +* **TlsLib** - Provides TLS library functions for EFI TLS protocol. +* **HashApiLib** - Provides Unified API for different hash implementatio= ns. + +# Private Library Classes + +* **OpensslLib** - Provides library functions from the openssl project. +* **IntrinsicLib** - Provides C runtime library (CRT) required by openssl. + +# Private Protocols and PPIs + +* **EDK II Crypto PPI** - PPI that provides all the services from + the BaseCryptLib and TlsLib library cla= sses. +* **EDK II Crypto Protocol** - Protocol that provides all the services= from + the BaseCryptLib and TlsLib library cla= sses. +* **EDK II SMM Crypto Protocol** - SMM Protocol that provides all the serv= ices + from the BaseCryptLib and TlsLib library + classes. + +## Statically Linking Cryptographic Services + +The figure below shows an example of a firmware modules that requires the = use of +cryptographic services. The cryptographic services are provided by three l= ibrary +classes called BaseCryptLib, TlsLib, and HashApiLib. These library classes= are +implemented using APIs from the OpenSSL project that are abstracted by the +private library class called OpensslLib. The OpenSSL project implementation +depends on C runtime library services. The EDK II project does not provide= a +full C runtime library for firmware components. Instead, the CryptoPkg inc= ludes +the smallest subset of services required to build the OpenSSL project in t= he +private library class called IntrinsicLib. + +The CryptoPkg provides several instances if the BaseCryptLib and OpensslLi= b with +different cryptographic service features and performance optimizations. The +platform developer must select the correct instances based on cryptographic +service requirements in each UEFI/PI firmware phase (SEC, PEI, DXE, UEFI, +UEFI RT, and SMM), firmware image size requirements, and firmware boot +performance requirements. + +``` ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D+ +| EDK II Firmware Module/Library | ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D+ + ^ ^ ^ + | | | + | | v + | | +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ + | | | HashApiLib | + | | +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ + | | ^ + | | | + v v v ++=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D+ +| TlsLib | | BaseCryptLib | ++=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D+ + ^ ^ + | | + v v ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D+ +| OpensslLib (Private) | ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D+ + ^ + | + v ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D+ +| IntrinsicLib (Private) | ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D+ +``` + +## Dynamically Linking Cryptographic Services + +The figure below shows the entire stack when dynamic linking is used with +cryptographic services produced by the CryptoPei, CryptoDxe, or CryptoSmm = module +through a PPI/Protocol. This solution requires the CryptoPei, CryptoDxe, a= nd +CryptoSmm modules to be configured with the set of cryptographic services +required by all the PEIMs, DXE Drivers, UEFI Drivers, and SMM Drivers. Dyn= amic +linking is not available for SEC or UEFI RT modules. + +The EDK II modules/libraries that require cryptographic services use the s= ame +BaseCryptLib/TlsLib/HashApiLib APIs. This means no source changes are requ= ired +to use static linking or dynamic linking. It is a platform configuration o= ptions +to select static linking or dynamic linking. This choice can be make globa= lly, +per firmware module type, or individual modules. + +``` ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +| EDK II PEI | | EDK II DXE/UEFI | | EDK II SMM | +| Module/Library | | Module/Library | | Module/Library | ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ + ^ ^ ^ ^ ^ ^ ^ ^ ^ + | | | | | | | | | + | | v | | v | | v + | | +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ | | +=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D+ | | +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ + | | |HashApiLib| | | |HashApiLib| | | |HashApiLib| + | | +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ | | +=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D+ | | +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ + | | ^ | | ^ | | ^ + | | | | | | | | | + v v v v v v v v v ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +|TlsLib|BaseCryptLib| |TlsLib|BaseCryptLib| |TlsLib|BaseCryptLib| ++-------------------+ +-------------------+ +-------------------+ +| BaseCryptLib | | BaseCryptLib | | BaseCryptLib | +| OnPpiProtocol/ | | OnPpiProtocol/ | | OnPpiProtocol/ | +| PeiCryptLib.inf | | DxeCryptLib.inf | | SmmCryptLib.inf | ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ + ^ ^ ^ + ||| (Dynamic) ||| (Dynamic) ||| (Dynamic) + v v v ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +| Crypto PPI | | Crypto Protocol | | Crypto SMM Protocol | ++-------------------| |-------------------| |---------------------| +| CryptoPei | | CryptoDxe | | CryptoSmm | ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ + ^ ^ ^ ^ ^ ^ + | | | | | | + v | v | v | ++=3D=3D=3D=3D=3D=3D=3D=3D+ | +=3D=3D=3D=3D=3D=3D=3D=3D+ | = +=3D=3D=3D=3D=3D=3D=3D=3D+ | +| TlsLib | | | TlsLib | | | TlsLib | | ++=3D=3D=3D=3D=3D=3D=3D=3D+ v +=3D=3D=3D=3D=3D=3D=3D=3D+ v = +=3D=3D=3D=3D=3D=3D=3D=3D+ v + ^ +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ ^ +=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D+ ^ +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D+ + | | BaseCryptLib | | | BaseCryptLib | | | BaseCryptLib | + | +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ | +=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D+ | +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D+ + | ^ | ^ | ^ + | | | | | | + v v v v v v ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +| OpensslLib | | OpensslLib | | OpensslLib | ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ + ^ ^ ^ + | | | + v v v ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +| IntrinsicLib | | IntrinsicLib | | IntrinsicLib | ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +``` + +## Supported Cryptographic Families and Services + +The table below provides a summary of the supported cryptographic services= . It +indicates if the family or service is deprecated or recommended to not be = used. +It also shows which *CryptLib library instances support the family or serv= ice. +If a cell is blank then the service or family is always disabled and the +`PcdCryptoServiceFamilyEnable` settings for that family or service is igno= red. +If the cell is not blank, then the service or family is configurable using +`PcdCryptoServiceFamilyEnable` as long as the correct OpensslLib or TlsLib= is +also configured. + +|Key | Description = | +|---------|---------------------------------------------------------------= -----------------| +| | Family or service is always disabled. = | +| C | Configurable using PcdCryptoServiceFamilyEnable. = | +| C-Tls | Configurable using PcdCryptoServiceFamilyEnable. Requires TlsL= ib.inf. | +| C-Full | Configurable using PcdCryptoServiceFamilyEnable. Requires Open= sslLibFull*.inf. | + +|Family/Service | Deprecated | Don't Use | SecCryptLib |= PeiCryptLib | BaseCryptLib | SmmCryptLib | RuntimeCryptLib | +|:--------------------------------|:----------:|:---------:|:-----------:|= :-----------:|:------------:|:-----------:|:---------------:| +| HmacMd5 | Y | Y | |= | | | | +| HmacSha1 | Y | Y | |= | | | | +| HmacSha256 | N | N | |= C | C | C | C | +| HmacSha384 | N | N | |= C | C | C | C | +| Md4 | Y | Y | |= | | | | +| Md5 | Y | Y | |= C | C | C | C | +| Pkcs.Pkcs1v2Encrypt | N | N | |= | C | C | | +| Pkcs.Pkcs5HashPassword | N | N | |= | C | C | | +| Pkcs.Pkcs7Verify | N | N | |= C | C | C | C | +| Pkcs.VerifyEKUsInPkcs7Signature | N | N | |= C | C | C | | +| Pkcs.Pkcs7GetSigners | N | N | |= C | C | C | C | +| Pkcs.Pkcs7FreeSigners | N | N | |= C | C | C | C | +| Pkcs.Pkcs7Sign | N | N | |= | C | | | +| Pkcs.Pkcs7GetAttachedContent | N | N | |= C | C | C | | +| Pkcs.Pkcs7GetCertificatesList | N | N | |= C | C | C | C | +| Pkcs.AuthenticodeVerify | N | N | |= | C | | | +| Pkcs.ImageTimestampVerify | N | N | |= | C | | | +| Dh | N | N | |= | C | | | +| Random | N | N | |= | C | C | C | +| Rsa.VerifyPkcs1 | Y | Y | |= | | | | +| Rsa.New | N | N | |= C | C | C | C | +| Rsa.Free | N | N | |= C | C | C | C | +| Rsa.SetKey | N | N | |= C | C | C | C | +| Rsa.GetKey | N | N | |= | C | | | +| Rsa.GenerateKey | N | N | |= | C | | | +| Rsa.CheckKey | N | N | |= | C | | | +| Rsa.Pkcs1Sign | N | N | |= | C | | | +| Rsa.Pkcs1Verify | N | N | |= C | C | C | C | +| Sha1 | N | Y | |= C | C | C | C | +| Sha256 | N | N | |= C | C | C | C | +| Sha384 | N | N | C |= C | C | C | C | +| Sha512 | N | N | C |= C | C | C | C | +| X509 | N | N | |= | C | C | C | +| Tdes | Y | N | |= | | | | +| Aes.GetContextSize | N | N | |= | C | C | C | +| Aes.Init | N | N | |= | C | C | C | +| Aes.EcbEncrypt | Y | N | |= | | | | +| Aes.EcbDecrypt | Y | N | |= | | | | +| Aes.CbcEncrypt | N | N | |= | C | C | C | +| Aes.CbcDecrypt | N | N | |= | C | C | C | +| Arc4 | Y | N | |= | | | | +| Sm3 | N | N | |= C | C | C | C | +| Hkdf | N | N | |= C | C | | C | +| Tls | N | N | |= | C-Tls | | | +| TlsSet | N | N | |= | C-Tls | | | +| TlsGet | N | N | |= | C-Tls | | | +| RsaPss.Sign | N | N | |= | C | | | +| RsaPss.Verify | N | N | |= C | C | C | | +| ParallelHash | N | N | |= | | C | | +| AeadAesGcm | N | N | |= | C | | | +| Bn | N | N | |= | C | | | +| Ec | N | N | |= | C-Full | | | + +## Platform Configuration of Cryptographic Services + +Configuring the cryptographic services requires library mappings and PCD +settings in a platform DSC file. This must be done for each of the firmware +phases (SEC, PEI, DXE, UEFI, SMM, UEFI RT). + +The following table can be used to help select the best OpensslLib instanc= e for +each phase. The Size column only shows the estimated size increase for a +compressed IA32/X64 modules that uses the cryptographic services with +`OpensslLib.inf` as the baseline size. The actual size increase depends on= the +specific set of enabled cryptographic services. If ECC services are not +required, then size can be reduced by using OpensslLib.inf instead of +`OpensslLibFull.inf`. Performance optimization requires a size increase. + +| OpensslLib Instance | SSL | ECC | Perf Opt | CPU Arch | Size | +|:------------------------|:---:|:---:|:--------:|:--------:|:-----:| +| OpensslLibCrypto.inf | N | N | N | All | +0K | +| OpensslLib.inf | Y | N | N | All | +0K | +| OpensslLibAccel.inf | Y | N | Y | IA32/X64 | +20K | +| OpensslLibFull.inf | Y | Y | N | All | +115K | +| OpensslLibFullAccel.inf | Y | Y | Y | IA32/X64 | +135K | + +### SEC Phase Library Mappings + +The SEC Phase only supports static linking of cryptographic services. The +following library mappings are recommended for the SEC Phase. It uses the = SEC +specific version of the BaseCryptLib and the null version of the TlsLib be= cause +TLS services are not typically used in SEC. + +``` +[LibraryClasses.common.SEC] + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf +``` + +### PEI Phase Library Mappings + +The PEI Phase supports either static or dynamic linking of cryptographic +services. The following library mappings are recommended for the PEI Phase= . It +uses the PEI specific version of the BaseCryptLib and the null version of = the +TlsLib because TLS services are not typically used in PEI. + +``` +[LibraryClasses.common.PEIM] + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf +``` + +If dynamic linking is used, then all PEIMs except CryptoPei use the follow= ing +library mappings. The CryptoPei module uses the static linking settings. + +``` +[LibraryClasses.common.PEIM] + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf + +[Components] + CryptoPkg/Driver/CryptoPei.inf { + + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + } +``` + +### DXE Phase, UEFI Driver, UEFI Application Library Mappings + +The DXE/UEFI Phase supports either static or dynamic linking of cryptograp= hic +services. The following library mappings are recommended for the DXE/UEFI = Phase. +It uses the DXE specific version of the BaseCryptLib and the full version = of the +OpensslLib and TlsLib. If ECC services are not required then a smaller +OpensslLib instance can be used. + +``` +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, Libr= aryClasses.common.UEFI_APPLICATION] + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf +``` + +If dynamic linking is used, then all DXE Drivers except CryptoDxe use the +following library mappings. The CryptoDxe module uses the static linking +settings. + +``` +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, Libr= aryClasses.common.UEFI_APPLICATION] + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf + +[Components] + CryptoPkg/Driver/CryptoDxe.inf { + + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + } +``` + +### SMM Phase Library Mappings + +The SMM Phase supports either static or dynamic linking of cryptographic +services. The following library mappings are recommended for the SMM Phase= . It +uses the SMM specific version of the BaseCryptLib and the null version of = the +TlsLib. + +``` +[LibraryClasses.common.DXE_SMM_DRIVER] + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf +``` + +If dynamic linking is used, then all SMM Drivers except CryptoSmm use the +following library mappings. The CryptoDxe module uses the static linking +settings. + +``` +[LibraryClasses.common.DXE_SMM_DRIVER] + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf + +[Components] + CryptoPkg/Driver/CryptoSmm.inf { + + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + } +``` + +### UEFI Runtime Driver Library Mappings + +UEFI Runtime Drivers only supports static linking of cryptographic service= s. +The following library mappings are recommended for UEFI Runtime Drivers. I= t uses +the runtime specific version of the BaseCryptLib and the null version of t= he +TlsLib because TLS services are not typically used in runtime. + +``` +[LibraryClasses.common.DXE_RUNTIME_DRIVER] + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf +``` + +### PCD Configuration Settings + +There are 2 PCD settings that are used to configure cryptographic services. +`PcdHashApiLibPolicy` is used to configure the hash algorithm provided by = the +BaseHashApiLib library instance. `PcdCryptoServiceFamilyEnable` is used to +configure the cryptographic services supported by the CryptoPei, CryptoDxe, +and CryptoSmm modules. + +* `gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy` - This PCD indicates t= he + HASH algorithm to to use in the BaseHashApiLib to calculate hash of data= . The + default hashing algorithm for BaseHashApiLib is set to HASH_ALG_SHA256. + | Setting | Algorithm | + |------------|------------------| + | 0x00000001 | HASH_ALG_SHA1 | + | 0x00000002 | HASH_ALG_SHA256 | + | 0x00000004 | HASH_ALG_SHA384 | + | 0x00000008 | HASH_ALG_SHA512 | + | 0x00000010 | HASH_ALG_SM3_256 | + +* `gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable` - Enable/Disa= ble + the families and individual services produced by the EDK II Crypto + Protocols/PPIs. The default is all services disabled. This Structured P= CD is + associated with `PCD_CRYPTO_SERVICE_FAMILY_ENABLE` structure that defin= ed in + `Include/Pcd/PcdCryptoServiceFamilyEnable.h`. + + There are three layers of priority that determine if a specific family = or + individual cryptographic service is actually enabled in the CryptoPei, + CryptoDxe, and CryptoSmm modules. + + 1) OpensslLib instance selection. When the CryptoPei, CryptoDxe, or Cry= ptoSmm + drivers are built, they are statically linked to an OpensslLib libra= ry + instance. If the required cryptographic service is not enabled in the + OpensslLib instance linked, then the service is always disabled. + 2) BaseCryptLib instance selection. + * CryptoPei is always linked with the PeiCryptLib instance of the + BaseCryptLib library class. The table above have a column for the + PeiCryptLib. If the family or service is blank, then that family or + service is always disabled. + * CryptoDxe is always linked with the BaseCryptLib instance of the + BaseCryptLib library class. The table above have a column for the + BaseCryptLib. If the family or service is blank, then that family = or + service is always disabled. + * CryptoSmm is always linked with the SmmCryptLib instance of the + BaseCryptLib library class. The table above have a column for the + SmmCryptLib. If the family or service is blank, then that family or + service is always disabled. + 3) If a family or service is enabled in the OpensslLib instance and it = is + enabled in the BaseCryptLib instance, then it can be enabled/disabled + using `PcdCryptoServiceFamilyEnable`. This structured PCD is associa= ted + with the `PCD_CRYPTO_SERVICE_FAMILY_ENABLE` data structure that cont= ains + bit fields for each family of services. All of the families are disa= bled + by default. An entire family of services can be enabled by setting t= he + family field to the value `PCD_CRYPTO_SERVICE_ENABLE_FAMILY`. Indivi= dual + services can be enabled by setting a single service name to `TRUE`. + Settings listed later in the DSC file have priority over settings ea= rlier + in the DSC file, so it is legal for an entire family to be enabled f= irst + and then a few individual services disabled by setting the service n= ame to + `FALSE`. + +#### Common PEI PcdCryptoServiceFamilyEnable Settings + +``` + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pk= cs1Verify | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Ne= w | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Fr= ee | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Se= tKey | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P= kcs5HashPassword | TRUE +``` + +#### Common DXE and SMM PcdCryptoServiceFamilyEnable Settings + +``` + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P= kcs1v2Encrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P= kcs5HashPassword | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P= kcs7Verify | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.V= erifyEKUsInPkcs7Signature | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P= kcs7GetSigners | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P= kcs7FreeSigners | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.A= uthenticodeVerify | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pk= cs1Verify | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Ne= w | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Fr= ee | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Se= tKey | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Ge= tPublicKeyFromX509 | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .HashAll | FALSE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.G= etSubjectName | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.G= etCommonName | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.G= etOrganizationName | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.G= etTBSCert | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Ge= tContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.In= it | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cEncrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cDecrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Serv= ices.Encrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Serv= ices.Decrypt | TRUE +``` --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95005): https://edk2.groups.io/g/devel/message/95005 Mute This Topic: https://groups.io/mt/94260752/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-