CryptoPkg: remove BN and EC accel for size optimization

BN and EC have not been fully tested, and will greatly increase the size of the Crypto driver(>150KB). Signed-off-by: Yi Li <yi1.li@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Brian J. Johnson <brian.johnson@hpe.com> Tested-by: Kenneth Lautner <klautner@microsoft.com>
author: Yi Li <yi1.li@intel.com> 2023-08-03 12:37:47 +0800
committer: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> 2023-08-09 07:10:31 +0000
commit: 991515a0583f65a64b3a6fa354409c64e670a762 (patch)
tree: 02ab31fd1569a39b6731e17bbdb5ce967b18947a /CryptoPkg
parent: e91bfffd4f180fc7e62bd38fbc8ffa567f5a7e34 (diff)
download: edk2-991515a0583f65a64b3a6fa354409c64e670a762.tar.gz
edk2-991515a0583f65a64b3a6fa354409c64e670a762.tar.bz2
edk2-991515a0583f65a64b3a6fa354409c64e670a762.zip
3 files changed, 27 insertions, 54 deletions
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index 1d4b6bb6c7..a37347fbbf 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -22,8 +22,8 @@
   DEFINE OPENSSL_PATH            = openssl
   DEFINE OPENSSL_GEN_PATH        = OpensslGen
   DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DEDK2_OPENSSL_NOEC=1
-  DEFINE OPENSSL_FLAGS_IA32      = -DAES_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
-  DEFINE OPENSSL_FLAGS_X64       = -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
+  DEFINE OPENSSL_FLAGS_IA32      = -DAES_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
+  DEFINE OPENSSL_FLAGS_X64       = -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
 
 #
 #  VALID_ARCHITECTURES           = IA32 X64
@@ -33,6 +33,7 @@
   OpensslLibConstructor.c
   $(OPENSSL_PATH)/e_os.h
   $(OPENSSL_PATH)/ms/uplink.h
+  $(OPENSSL_PATH)/crypto/bn/bn_asm.c
 # Autogenerated files list starts here
 # Autogenerated files list ends here
   buildinf.h
@@ -660,10 +661,6 @@
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aes-586.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aesni-x86.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/vpaes-x86.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/bn-586.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/co-586.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-gf2m.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-mont.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/x86cpuid.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/md5/md5-586.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/modes/ghash-x86.nasm | MSFT
@@ -673,10 +670,6 @@
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aes-586.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aesni-x86.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/vpaes-x86.S | GCC
-  $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/bn-586.S | GCC
-  $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/co-586.S | GCC
-  $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-gf2m.S | GCC
-  $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-mont.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/x86cpuid.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/md5/md5-586.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/modes/ghash-x86.S | GCC
@@ -790,7 +783,6 @@
   $(OPENSSL_PATH)/crypto/bio/bss_null.c
   $(OPENSSL_PATH)/crypto/bio/bss_sock.c
   $(OPENSSL_PATH)/crypto/bio/ossl_core_bio.c
-  $(OPENSSL_PATH)/crypto/bn/asm/x86_64-gcc.c
   $(OPENSSL_PATH)/crypto/bn/bn_add.c
   $(OPENSSL_PATH)/crypto/bn/bn_blind.c
   $(OPENSSL_PATH)/crypto/bn/bn_const.c
@@ -1305,12 +1297,6 @@
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/aesni-x86_64.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/bsaes-x86_64.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/vpaes-x86_64.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx2.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx512.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-x86_64.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-gf2m.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont5.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/x86_64cpuid.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/md5/md5-x86_64.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
@@ -1328,12 +1314,6 @@
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/aesni-x86_64.s | GCC
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/bsaes-x86_64.s | GCC
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/vpaes-x86_64.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx2.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx512.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-x86_64.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-gf2m.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont5.s | GCC
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/x86_64cpuid.s | GCC
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/md5/md5-x86_64.s | GCC
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/modes/aesni-gcm-x86_64.s | GCC
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
index 3d251ea46c..780d5febd7 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
@@ -27,8 +27,8 @@
   DEFINE OPENSSL_PATH            = openssl
   DEFINE OPENSSL_GEN_PATH        = OpensslGen
   DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
-  DEFINE OPENSSL_FLAGS_IA32      = -DAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
-  DEFINE OPENSSL_FLAGS_X64       = -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DX25519_ASM
+  DEFINE OPENSSL_FLAGS_IA32      = -DAES_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
+  DEFINE OPENSSL_FLAGS_X64       = -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
 
 #
 #  VALID_ARCHITECTURES           = IA32 X64
@@ -38,6 +38,7 @@
   OpensslLibConstructor.c
   $(OPENSSL_PATH)/e_os.h
   $(OPENSSL_PATH)/ms/uplink.h
+  $(OPENSSL_PATH)/crypto/bn/bn_asm.c
 # Autogenerated files list starts here
 # Autogenerated files list ends here
   buildinf.h
@@ -254,7 +255,6 @@
   $(OPENSSL_PATH)/crypto/ec/eck_prn.c
   $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
   $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
-  $(OPENSSL_PATH)/crypto/ec/ecp_nistz256.c
   $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
   $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
   $(OPENSSL_PATH)/crypto/ec/ecx_backend.c
@@ -715,11 +715,6 @@
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aes-586.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aesni-x86.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/vpaes-x86.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/bn-586.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/co-586.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-gf2m.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-mont.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/ec/ecp_nistz256-x86.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/x86cpuid.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/md5/md5-586.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/modes/ghash-x86.nasm | MSFT
@@ -729,11 +724,6 @@
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aes-586.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aesni-x86.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/vpaes-x86.S | GCC
-  $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/bn-586.S | GCC
-  $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/co-586.S | GCC
-  $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-gf2m.S | GCC
-  $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-mont.S | GCC
-  $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/ec/ecp_nistz256-x86.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/x86cpuid.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/md5/md5-586.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/modes/ghash-x86.S | GCC
@@ -847,7 +837,6 @@
   $(OPENSSL_PATH)/crypto/bio/bss_null.c
   $(OPENSSL_PATH)/crypto/bio/bss_sock.c
   $(OPENSSL_PATH)/crypto/bio/ossl_core_bio.c
-  $(OPENSSL_PATH)/crypto/bn/asm/x86_64-gcc.c
   $(OPENSSL_PATH)/crypto/bn/bn_add.c
   $(OPENSSL_PATH)/crypto/bn/bn_blind.c
   $(OPENSSL_PATH)/crypto/bn/bn_const.c
@@ -948,7 +937,6 @@
   $(OPENSSL_PATH)/crypto/ec/eck_prn.c
   $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
   $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
-  $(OPENSSL_PATH)/crypto/ec/ecp_nistz256.c
   $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
   $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
   $(OPENSSL_PATH)/crypto/ec/ecx_backend.c
@@ -1412,14 +1400,6 @@
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/aesni-x86_64.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/bsaes-x86_64.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/vpaes-x86_64.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx2.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx512.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-x86_64.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-gf2m.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont5.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/ec/ecp_nistz256-x86_64.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/ec/x25519-x86_64.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/x86_64cpuid.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/md5/md5-x86_64.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
@@ -1437,14 +1417,6 @@
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/aesni-x86_64.s | GCC
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/bsaes-x86_64.s | GCC
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/vpaes-x86_64.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx2.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx512.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-x86_64.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-gf2m.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont5.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/ec/ecp_nistz256-x86_64.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/ec/x25519-x86_64.s | GCC
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/x86_64cpuid.s | GCC
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/md5/md5-x86_64.s | GCC
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/modes/aesni-gcm-x86_64.s | GCC
diff --git a/CryptoPkg/Library/OpensslLib/configure.py b/CryptoPkg/Library/OpensslLib/configure.py
index fc7f16ddb9..4243ca4c25 100755
--- a/CryptoPkg/Library/OpensslLib/configure.py
+++ b/CryptoPkg/Library/OpensslLib/configure.py
@@ -210,6 +210,23 @@ def get_source_list(cfg, obj, gen):
             srclist += [ obj, ]
     return srclist
 
+def asm_filter_fn(filename):
+    """
+    Filter asm source and define lists.  Drops files we don't want include.
+    """
+    exclude = [
+        '/bn/',
+        'OPENSSL_BN_ASM',
+        'OPENSSL_IA32_SSE2',
+        '/ec/',
+        'ECP_NISTZ256_ASM',
+        'X25519_ASM',
+    ]
+    for item in exclude:
+        if item in filename:
+            return False
+    return True
+
 def get_sources(cfg, obj, asm):
     """
     Get the list of all sources files.  Will fetch both generated
@@ -224,6 +241,7 @@ def get_sources(cfg, obj, asm):
                       filter(lambda x: not is_asm(x), genlist)))
     asm_list = list(map(lambda x: f'$(OPENSSL_GEN_PATH)/{asm}/{x}',
                         filter(is_asm, genlist)))
+    asm_list = list(filter(asm_filter_fn, asm_list))
     return srclist + c_list + asm_list
 
 def sources_filter_fn(filename):
@@ -242,6 +260,8 @@ def sources_filter_fn(filename):
         'defltprov.c',
         'baseprov.c',
         'provider_predefined.c',
+        'ecp_nistz256.c',
+        'x86_64-gcc.c',
     ]
     for item in exclude:
         if item in filename:
@@ -349,6 +369,7 @@ def main():
             update_MSFT_asm_format(archcc, sources[archcc])
             sources[arch] = list(filter(lambda x: not is_asm(x), srclist))
             defines[arch] = cfg['unified_info']['defines']['libcrypto']
+            defines[arch] = list(filter(asm_filter_fn, defines[arch]))
 
         ia32accel = sources['IA32'] + sources['IA32-MSFT'] + sources['IA32-GCC']
         x64accel = sources['X64'] + sources['X64-MSFT'] + sources['X64-GCC']
author	Yi Li <yi1.li@intel.com>	2023-08-03 12:37:47 +0800
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2023-08-09 07:10:31 +0000
commit	991515a0583f65a64b3a6fa354409c64e670a762 (patch)
tree	02ab31fd1569a39b6731e17bbdb5ce967b18947a /CryptoPkg
parent	e91bfffd4f180fc7e62bd38fbc8ffa567f5a7e34 (diff)
download	edk2-991515a0583f65a64b3a6fa354409c64e670a762.tar.gz edk2-991515a0583f65a64b3a6fa354409c64e670a762.tar.bz2 edk2-991515a0583f65a64b3a6fa354409c64e670a762.zip