CryptoPkg: remove BN and EC accel for size optimization
BN and EC have not been fully tested, and will greatly increase
the size of the Crypto driver(>150KB).
Signed-off-by: Yi Li <yi1.li@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Brian J. Johnson <brian.johnson@hpe.com>
Tested-by: Kenneth Lautner <klautner@microsoft.com>
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index 1d4b6bb..a37347f 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -22,8 +22,8 @@
DEFINE OPENSSL_PATH = openssl
DEFINE OPENSSL_GEN_PATH = OpensslGen
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DEDK2_OPENSSL_NOEC=1
- DEFINE OPENSSL_FLAGS_IA32 = -DAES_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
- DEFINE OPENSSL_FLAGS_X64 = -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
+ DEFINE OPENSSL_FLAGS_IA32 = -DAES_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
+ DEFINE OPENSSL_FLAGS_X64 = -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
#
# VALID_ARCHITECTURES = IA32 X64
@@ -33,6 +33,7 @@
OpensslLibConstructor.c
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/ms/uplink.h
+ $(OPENSSL_PATH)/crypto/bn/bn_asm.c
# Autogenerated files list starts here
# Autogenerated files list ends here
buildinf.h
@@ -660,10 +661,6 @@
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aes-586.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aesni-x86.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/vpaes-x86.nasm | MSFT
- $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/bn-586.nasm | MSFT
- $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/co-586.nasm | MSFT
- $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-gf2m.nasm | MSFT
- $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-mont.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/x86cpuid.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/md5/md5-586.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/modes/ghash-x86.nasm | MSFT
@@ -673,10 +670,6 @@
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aes-586.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aesni-x86.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/vpaes-x86.S | GCC
- $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/bn-586.S | GCC
- $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/co-586.S | GCC
- $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-gf2m.S | GCC
- $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-mont.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/x86cpuid.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/md5/md5-586.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/modes/ghash-x86.S | GCC
@@ -790,7 +783,6 @@
$(OPENSSL_PATH)/crypto/bio/bss_null.c
$(OPENSSL_PATH)/crypto/bio/bss_sock.c
$(OPENSSL_PATH)/crypto/bio/ossl_core_bio.c
- $(OPENSSL_PATH)/crypto/bn/asm/x86_64-gcc.c
$(OPENSSL_PATH)/crypto/bn/bn_add.c
$(OPENSSL_PATH)/crypto/bn/bn_blind.c
$(OPENSSL_PATH)/crypto/bn/bn_const.c
@@ -1305,12 +1297,6 @@
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/aesni-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/bsaes-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/vpaes-x86_64.nasm | MSFT
- $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx2.nasm | MSFT
- $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx512.nasm | MSFT
- $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-x86_64.nasm | MSFT
- $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-gf2m.nasm | MSFT
- $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont.nasm | MSFT
- $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont5.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/x86_64cpuid.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/md5/md5-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
@@ -1328,12 +1314,6 @@
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/aesni-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/bsaes-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/vpaes-x86_64.s | GCC
- $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx2.s | GCC
- $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx512.s | GCC
- $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-x86_64.s | GCC
- $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-gf2m.s | GCC
- $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont.s | GCC
- $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont5.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/x86_64cpuid.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/md5/md5-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/modes/aesni-gcm-x86_64.s | GCC
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
index 3d251ea..780d5fe 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
@@ -27,8 +27,8 @@
DEFINE OPENSSL_PATH = openssl
DEFINE OPENSSL_GEN_PATH = OpensslGen
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
- DEFINE OPENSSL_FLAGS_IA32 = -DAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
- DEFINE OPENSSL_FLAGS_X64 = -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DX25519_ASM
+ DEFINE OPENSSL_FLAGS_IA32 = -DAES_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
+ DEFINE OPENSSL_FLAGS_X64 = -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
#
# VALID_ARCHITECTURES = IA32 X64
@@ -38,6 +38,7 @@
OpensslLibConstructor.c
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/ms/uplink.h
+ $(OPENSSL_PATH)/crypto/bn/bn_asm.c
# Autogenerated files list starts here
# Autogenerated files list ends here
buildinf.h
@@ -254,7 +255,6 @@
$(OPENSSL_PATH)/crypto/ec/eck_prn.c
$(OPENSSL_PATH)/crypto/ec/ecp_mont.c
$(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistz256.c
$(OPENSSL_PATH)/crypto/ec/ecp_oct.c
$(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
$(OPENSSL_PATH)/crypto/ec/ecx_backend.c
@@ -715,11 +715,6 @@
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aes-586.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aesni-x86.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/vpaes-x86.nasm | MSFT
- $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/bn-586.nasm | MSFT
- $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/co-586.nasm | MSFT
- $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-gf2m.nasm | MSFT
- $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-mont.nasm | MSFT
- $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/ec/ecp_nistz256-x86.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/x86cpuid.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/md5/md5-586.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/modes/ghash-x86.nasm | MSFT
@@ -729,11 +724,6 @@
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aes-586.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aesni-x86.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/vpaes-x86.S | GCC
- $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/bn-586.S | GCC
- $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/co-586.S | GCC
- $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-gf2m.S | GCC
- $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-mont.S | GCC
- $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/ec/ecp_nistz256-x86.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/x86cpuid.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/md5/md5-586.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/modes/ghash-x86.S | GCC
@@ -847,7 +837,6 @@
$(OPENSSL_PATH)/crypto/bio/bss_null.c
$(OPENSSL_PATH)/crypto/bio/bss_sock.c
$(OPENSSL_PATH)/crypto/bio/ossl_core_bio.c
- $(OPENSSL_PATH)/crypto/bn/asm/x86_64-gcc.c
$(OPENSSL_PATH)/crypto/bn/bn_add.c
$(OPENSSL_PATH)/crypto/bn/bn_blind.c
$(OPENSSL_PATH)/crypto/bn/bn_const.c
@@ -948,7 +937,6 @@
$(OPENSSL_PATH)/crypto/ec/eck_prn.c
$(OPENSSL_PATH)/crypto/ec/ecp_mont.c
$(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistz256.c
$(OPENSSL_PATH)/crypto/ec/ecp_oct.c
$(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
$(OPENSSL_PATH)/crypto/ec/ecx_backend.c
@@ -1412,14 +1400,6 @@
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/aesni-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/bsaes-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/vpaes-x86_64.nasm | MSFT
- $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx2.nasm | MSFT
- $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx512.nasm | MSFT
- $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-x86_64.nasm | MSFT
- $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-gf2m.nasm | MSFT
- $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont.nasm | MSFT
- $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont5.nasm | MSFT
- $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/ec/ecp_nistz256-x86_64.nasm | MSFT
- $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/ec/x25519-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/x86_64cpuid.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/md5/md5-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
@@ -1437,14 +1417,6 @@
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/aesni-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/bsaes-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/vpaes-x86_64.s | GCC
- $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx2.s | GCC
- $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx512.s | GCC
- $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-x86_64.s | GCC
- $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-gf2m.s | GCC
- $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont.s | GCC
- $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont5.s | GCC
- $(OPENSSL_GEN_PATH)/X64-GCC/crypto/ec/ecp_nistz256-x86_64.s | GCC
- $(OPENSSL_GEN_PATH)/X64-GCC/crypto/ec/x25519-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/x86_64cpuid.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/md5/md5-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/modes/aesni-gcm-x86_64.s | GCC
diff --git a/CryptoPkg/Library/OpensslLib/configure.py b/CryptoPkg/Library/OpensslLib/configure.py
index fc7f16d..4243ca4 100755
--- a/CryptoPkg/Library/OpensslLib/configure.py
+++ b/CryptoPkg/Library/OpensslLib/configure.py
@@ -210,6 +210,23 @@
srclist += [ obj, ]
return srclist
+def asm_filter_fn(filename):
+ """
+ Filter asm source and define lists. Drops files we don't want include.
+ """
+ exclude = [
+ '/bn/',
+ 'OPENSSL_BN_ASM',
+ 'OPENSSL_IA32_SSE2',
+ '/ec/',
+ 'ECP_NISTZ256_ASM',
+ 'X25519_ASM',
+ ]
+ for item in exclude:
+ if item in filename:
+ return False
+ return True
+
def get_sources(cfg, obj, asm):
"""
Get the list of all sources files. Will fetch both generated
@@ -224,6 +241,7 @@
filter(lambda x: not is_asm(x), genlist)))
asm_list = list(map(lambda x: f'$(OPENSSL_GEN_PATH)/{asm}/{x}',
filter(is_asm, genlist)))
+ asm_list = list(filter(asm_filter_fn, asm_list))
return srclist + c_list + asm_list
def sources_filter_fn(filename):
@@ -242,6 +260,8 @@
'defltprov.c',
'baseprov.c',
'provider_predefined.c',
+ 'ecp_nistz256.c',
+ 'x86_64-gcc.c',
]
for item in exclude:
if item in filename:
@@ -349,6 +369,7 @@
update_MSFT_asm_format(archcc, sources[archcc])
sources[arch] = list(filter(lambda x: not is_asm(x), srclist))
defines[arch] = cfg['unified_info']['defines']['libcrypto']
+ defines[arch] = list(filter(asm_filter_fn, defines[arch]))
ia32accel = sources['IA32'] + sources['IA32-MSFT'] + sources['IA32-GCC']
x64accel = sources['X64'] + sources['X64-MSFT'] + sources['X64-GCC']
