From 991515a0583f65a64b3a6fa354409c64e670a762 Mon Sep 17 00:00:00 2001 From: Yi Li Date: Thu, 3 Aug 2023 12:37:47 +0800 Subject: CryptoPkg: remove BN and EC accel for size optimization BN and EC have not been fully tested, and will greatly increase the size of the Crypto driver(>150KB). Signed-off-by: Yi Li Cc: Jiewen Yao Cc: Xiaoyu Lu Cc: Guomin Jiang Reviewed-by: Jiewen Yao Acked-by: Ard Biesheuvel Tested-by: Ard Biesheuvel Tested-by: Brian J. Johnson Tested-by: Kenneth Lautner --- CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf | 26 ++--------------- .../Library/OpensslLib/OpensslLibFullAccel.inf | 34 ++-------------------- CryptoPkg/Library/OpensslLib/configure.py | 21 +++++++++++++ 3 files changed, 27 insertions(+), 54 deletions(-) (limited to 'CryptoPkg') diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf index 1d4b6bb6c7..a37347fbbf 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf @@ -22,8 +22,8 @@ DEFINE OPENSSL_PATH = openssl DEFINE OPENSSL_GEN_PATH = OpensslGen DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DEDK2_OPENSSL_NOEC=1 - DEFINE OPENSSL_FLAGS_IA32 = -DAES_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM - DEFINE OPENSSL_FLAGS_X64 = -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM + DEFINE OPENSSL_FLAGS_IA32 = -DAES_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM + DEFINE OPENSSL_FLAGS_X64 = -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM # # VALID_ARCHITECTURES = IA32 X64 @@ -33,6 +33,7 @@ OpensslLibConstructor.c $(OPENSSL_PATH)/e_os.h $(OPENSSL_PATH)/ms/uplink.h + $(OPENSSL_PATH)/crypto/bn/bn_asm.c # Autogenerated files list starts here # Autogenerated files list ends here buildinf.h @@ -660,10 +661,6 @@ $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aes-586.nasm | MSFT $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aesni-x86.nasm | MSFT $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/vpaes-x86.nasm | MSFT - $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/bn-586.nasm | MSFT - $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/co-586.nasm | MSFT - $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-gf2m.nasm | MSFT - $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-mont.nasm | MSFT $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/x86cpuid.nasm | MSFT $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/md5/md5-586.nasm | MSFT $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/modes/ghash-x86.nasm | MSFT @@ -673,10 +670,6 @@ $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aes-586.S | GCC $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aesni-x86.S | GCC $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/vpaes-x86.S | GCC - $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/bn-586.S | GCC - $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/co-586.S | GCC - $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-gf2m.S | GCC - $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-mont.S | GCC $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/x86cpuid.S | GCC $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/md5/md5-586.S | GCC $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/modes/ghash-x86.S | GCC @@ -790,7 +783,6 @@ $(OPENSSL_PATH)/crypto/bio/bss_null.c $(OPENSSL_PATH)/crypto/bio/bss_sock.c $(OPENSSL_PATH)/crypto/bio/ossl_core_bio.c - $(OPENSSL_PATH)/crypto/bn/asm/x86_64-gcc.c $(OPENSSL_PATH)/crypto/bn/bn_add.c $(OPENSSL_PATH)/crypto/bn/bn_blind.c $(OPENSSL_PATH)/crypto/bn/bn_const.c @@ -1305,12 +1297,6 @@ $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/aesni-x86_64.nasm | MSFT $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/bsaes-x86_64.nasm | MSFT $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/vpaes-x86_64.nasm | MSFT - $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx2.nasm | MSFT - $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx512.nasm | MSFT - $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-x86_64.nasm | MSFT - $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-gf2m.nasm | MSFT - $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont.nasm | MSFT - $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont5.nasm | MSFT $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/x86_64cpuid.nasm | MSFT $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/md5/md5-x86_64.nasm | MSFT $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/modes/aesni-gcm-x86_64.nasm | MSFT @@ -1328,12 +1314,6 @@ $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/aesni-x86_64.s | GCC $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/bsaes-x86_64.s | GCC $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/vpaes-x86_64.s | GCC - $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx2.s | GCC - $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx512.s | GCC - $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-x86_64.s | GCC - $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-gf2m.s | GCC - $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont.s | GCC - $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont5.s | GCC $(OPENSSL_GEN_PATH)/X64-GCC/crypto/x86_64cpuid.s | GCC $(OPENSSL_GEN_PATH)/X64-GCC/crypto/md5/md5-x86_64.s | GCC $(OPENSSL_GEN_PATH)/X64-GCC/crypto/modes/aesni-gcm-x86_64.s | GCC diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf index 3d251ea46c..780d5febd7 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf @@ -27,8 +27,8 @@ DEFINE OPENSSL_PATH = openssl DEFINE OPENSSL_GEN_PATH = OpensslGen DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE - DEFINE OPENSSL_FLAGS_IA32 = -DAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM - DEFINE OPENSSL_FLAGS_X64 = -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DX25519_ASM + DEFINE OPENSSL_FLAGS_IA32 = -DAES_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM + DEFINE OPENSSL_FLAGS_X64 = -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM # # VALID_ARCHITECTURES = IA32 X64 @@ -38,6 +38,7 @@ OpensslLibConstructor.c $(OPENSSL_PATH)/e_os.h $(OPENSSL_PATH)/ms/uplink.h + $(OPENSSL_PATH)/crypto/bn/bn_asm.c # Autogenerated files list starts here # Autogenerated files list ends here buildinf.h @@ -254,7 +255,6 @@ $(OPENSSL_PATH)/crypto/ec/eck_prn.c $(OPENSSL_PATH)/crypto/ec/ecp_mont.c $(OPENSSL_PATH)/crypto/ec/ecp_nist.c - $(OPENSSL_PATH)/crypto/ec/ecp_nistz256.c $(OPENSSL_PATH)/crypto/ec/ecp_oct.c $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c $(OPENSSL_PATH)/crypto/ec/ecx_backend.c @@ -715,11 +715,6 @@ $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aes-586.nasm | MSFT $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aesni-x86.nasm | MSFT $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/vpaes-x86.nasm | MSFT - $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/bn-586.nasm | MSFT - $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/co-586.nasm | MSFT - $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-gf2m.nasm | MSFT - $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-mont.nasm | MSFT - $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/ec/ecp_nistz256-x86.nasm | MSFT $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/x86cpuid.nasm | MSFT $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/md5/md5-586.nasm | MSFT $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/modes/ghash-x86.nasm | MSFT @@ -729,11 +724,6 @@ $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aes-586.S | GCC $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aesni-x86.S | GCC $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/vpaes-x86.S | GCC - $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/bn-586.S | GCC - $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/co-586.S | GCC - $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-gf2m.S | GCC - $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-mont.S | GCC - $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/ec/ecp_nistz256-x86.S | GCC $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/x86cpuid.S | GCC $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/md5/md5-586.S | GCC $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/modes/ghash-x86.S | GCC @@ -847,7 +837,6 @@ $(OPENSSL_PATH)/crypto/bio/bss_null.c $(OPENSSL_PATH)/crypto/bio/bss_sock.c $(OPENSSL_PATH)/crypto/bio/ossl_core_bio.c - $(OPENSSL_PATH)/crypto/bn/asm/x86_64-gcc.c $(OPENSSL_PATH)/crypto/bn/bn_add.c $(OPENSSL_PATH)/crypto/bn/bn_blind.c $(OPENSSL_PATH)/crypto/bn/bn_const.c @@ -948,7 +937,6 @@ $(OPENSSL_PATH)/crypto/ec/eck_prn.c $(OPENSSL_PATH)/crypto/ec/ecp_mont.c $(OPENSSL_PATH)/crypto/ec/ecp_nist.c - $(OPENSSL_PATH)/crypto/ec/ecp_nistz256.c $(OPENSSL_PATH)/crypto/ec/ecp_oct.c $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c $(OPENSSL_PATH)/crypto/ec/ecx_backend.c @@ -1412,14 +1400,6 @@ $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/aesni-x86_64.nasm | MSFT $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/bsaes-x86_64.nasm | MSFT $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/vpaes-x86_64.nasm | MSFT - $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx2.nasm | MSFT - $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx512.nasm | MSFT - $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-x86_64.nasm | MSFT - $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-gf2m.nasm | MSFT - $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont.nasm | MSFT - $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont5.nasm | MSFT - $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/ec/ecp_nistz256-x86_64.nasm | MSFT - $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/ec/x25519-x86_64.nasm | MSFT $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/x86_64cpuid.nasm | MSFT $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/md5/md5-x86_64.nasm | MSFT $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/modes/aesni-gcm-x86_64.nasm | MSFT @@ -1437,14 +1417,6 @@ $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/aesni-x86_64.s | GCC $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/bsaes-x86_64.s | GCC $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/vpaes-x86_64.s | GCC - $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx2.s | GCC - $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx512.s | GCC - $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-x86_64.s | GCC - $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-gf2m.s | GCC - $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont.s | GCC - $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont5.s | GCC - $(OPENSSL_GEN_PATH)/X64-GCC/crypto/ec/ecp_nistz256-x86_64.s | GCC - $(OPENSSL_GEN_PATH)/X64-GCC/crypto/ec/x25519-x86_64.s | GCC $(OPENSSL_GEN_PATH)/X64-GCC/crypto/x86_64cpuid.s | GCC $(OPENSSL_GEN_PATH)/X64-GCC/crypto/md5/md5-x86_64.s | GCC $(OPENSSL_GEN_PATH)/X64-GCC/crypto/modes/aesni-gcm-x86_64.s | GCC diff --git a/CryptoPkg/Library/OpensslLib/configure.py b/CryptoPkg/Library/OpensslLib/configure.py index fc7f16ddb9..4243ca4c25 100755 --- a/CryptoPkg/Library/OpensslLib/configure.py +++ b/CryptoPkg/Library/OpensslLib/configure.py @@ -210,6 +210,23 @@ def get_source_list(cfg, obj, gen): srclist += [ obj, ] return srclist +def asm_filter_fn(filename): + """ + Filter asm source and define lists. Drops files we don't want include. + """ + exclude = [ + '/bn/', + 'OPENSSL_BN_ASM', + 'OPENSSL_IA32_SSE2', + '/ec/', + 'ECP_NISTZ256_ASM', + 'X25519_ASM', + ] + for item in exclude: + if item in filename: + return False + return True + def get_sources(cfg, obj, asm): """ Get the list of all sources files. Will fetch both generated @@ -224,6 +241,7 @@ def get_sources(cfg, obj, asm): filter(lambda x: not is_asm(x), genlist))) asm_list = list(map(lambda x: f'$(OPENSSL_GEN_PATH)/{asm}/{x}', filter(is_asm, genlist))) + asm_list = list(filter(asm_filter_fn, asm_list)) return srclist + c_list + asm_list def sources_filter_fn(filename): @@ -242,6 +260,8 @@ def sources_filter_fn(filename): 'defltprov.c', 'baseprov.c', 'provider_predefined.c', + 'ecp_nistz256.c', + 'x86_64-gcc.c', ] for item in exclude: if item in filename: @@ -349,6 +369,7 @@ def main(): update_MSFT_asm_format(archcc, sources[archcc]) sources[arch] = list(filter(lambda x: not is_asm(x), srclist)) defines[arch] = cfg['unified_info']['defines']['libcrypto'] + defines[arch] = list(filter(asm_filter_fn, defines[arch])) ia32accel = sources['IA32'] + sources['IA32-MSFT'] + sources['IA32-GCC'] x64accel = sources['X64'] + sources['X64-MSFT'] + sources['X64-GCC'] -- cgit v1.2.3