Skip to content

Commit

Permalink
CryptoPkg: remove BN and EC accel for size optimization
Browse files Browse the repository at this point in the history 
BN and EC have not been fully tested, and will greatly increase
the size of the Crypto driver(>150KB).

Signed-off-by: Yi Li <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Xiaoyu Lu <[email protected]>
Cc: Guomin Jiang <[email protected]>
Reviewed-by: Jiewen Yao <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Tested-by: Ard Biesheuvel <[email protected]>
Tested-by: Brian J. Johnson <[email protected]>
Tested-by: Kenneth Lautner <[email protected]>
  • Loading branch information
@liyi77 @mergify
liyi77 authored and mergify[bot] committed Aug 9, 2023
1 parent e91bfff commit 991515a
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 54 deletions.
26 changes: 3 additions & 23 deletions CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@
DEFINE OPENSSL_PATH = openssl
DEFINE OPENSSL_GEN_PATH = OpensslGen
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DEDK2_OPENSSL_NOEC=1
DEFINE OPENSSL_FLAGS_IA32 = -DAES_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
DEFINE OPENSSL_FLAGS_X64 = -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
DEFINE OPENSSL_FLAGS_IA32 = -DAES_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
DEFINE OPENSSL_FLAGS_X64 = -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM

#
# VALID_ARCHITECTURES = IA32 X64
Expand All @@ -33,6 +33,7 @@
OpensslLibConstructor.c
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/ms/uplink.h
$(OPENSSL_PATH)/crypto/bn/bn_asm.c
# Autogenerated files list starts here
# Autogenerated files list ends here
buildinf.h
Expand Down Expand Up @@ -660,10 +661,6 @@
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aes-586.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aesni-x86.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/vpaes-x86.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/bn-586.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/co-586.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-gf2m.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-mont.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/x86cpuid.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/md5/md5-586.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/modes/ghash-x86.nasm | MSFT
Expand All @@ -673,10 +670,6 @@
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aes-586.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aesni-x86.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/vpaes-x86.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/bn-586.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/co-586.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-gf2m.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-mont.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/x86cpuid.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/md5/md5-586.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/modes/ghash-x86.S | GCC
Expand Down Expand Up @@ -790,7 +783,6 @@
$(OPENSSL_PATH)/crypto/bio/bss_null.c
$(OPENSSL_PATH)/crypto/bio/bss_sock.c
$(OPENSSL_PATH)/crypto/bio/ossl_core_bio.c
$(OPENSSL_PATH)/crypto/bn/asm/x86_64-gcc.c
$(OPENSSL_PATH)/crypto/bn/bn_add.c
$(OPENSSL_PATH)/crypto/bn/bn_blind.c
$(OPENSSL_PATH)/crypto/bn/bn_const.c
Expand Down Expand Up @@ -1305,12 +1297,6 @@
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/aesni-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/bsaes-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/vpaes-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx2.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx512.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-gf2m.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont5.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/x86_64cpuid.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/md5/md5-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
Expand All @@ -1328,12 +1314,6 @@
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/aesni-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/bsaes-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/vpaes-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx2.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx512.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-gf2m.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont5.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/x86_64cpuid.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/md5/md5-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/modes/aesni-gcm-x86_64.s | GCC
Expand Down
34 changes: 3 additions & 31 deletions CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@
DEFINE OPENSSL_PATH = openssl
DEFINE OPENSSL_GEN_PATH = OpensslGen
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
DEFINE OPENSSL_FLAGS_IA32 = -DAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
DEFINE OPENSSL_FLAGS_X64 = -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DX25519_ASM
DEFINE OPENSSL_FLAGS_IA32 = -DAES_ASM -DGHASH_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
DEFINE OPENSSL_FLAGS_X64 = -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM

#
# VALID_ARCHITECTURES = IA32 X64
Expand All @@ -38,6 +38,7 @@
OpensslLibConstructor.c
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/ms/uplink.h
$(OPENSSL_PATH)/crypto/bn/bn_asm.c
# Autogenerated files list starts here
# Autogenerated files list ends here
buildinf.h
Expand Down Expand Up @@ -254,7 +255,6 @@
$(OPENSSL_PATH)/crypto/ec/eck_prn.c
$(OPENSSL_PATH)/crypto/ec/ecp_mont.c
$(OPENSSL_PATH)/crypto/ec/ecp_nist.c
$(OPENSSL_PATH)/crypto/ec/ecp_nistz256.c
$(OPENSSL_PATH)/crypto/ec/ecp_oct.c
$(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
$(OPENSSL_PATH)/crypto/ec/ecx_backend.c
Expand Down Expand Up @@ -715,11 +715,6 @@
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aes-586.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aesni-x86.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/vpaes-x86.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/bn-586.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/co-586.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-gf2m.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-mont.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/ec/ecp_nistz256-x86.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/x86cpuid.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/md5/md5-586.nasm | MSFT
$(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/modes/ghash-x86.nasm | MSFT
Expand All @@ -729,11 +724,6 @@
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aes-586.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aesni-x86.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/vpaes-x86.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/bn-586.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/co-586.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-gf2m.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-mont.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/ec/ecp_nistz256-x86.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/x86cpuid.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/md5/md5-586.S | GCC
$(OPENSSL_GEN_PATH)/IA32-GCC/crypto/modes/ghash-x86.S | GCC
Expand Down Expand Up @@ -847,7 +837,6 @@
$(OPENSSL_PATH)/crypto/bio/bss_null.c
$(OPENSSL_PATH)/crypto/bio/bss_sock.c
$(OPENSSL_PATH)/crypto/bio/ossl_core_bio.c
$(OPENSSL_PATH)/crypto/bn/asm/x86_64-gcc.c
$(OPENSSL_PATH)/crypto/bn/bn_add.c
$(OPENSSL_PATH)/crypto/bn/bn_blind.c
$(OPENSSL_PATH)/crypto/bn/bn_const.c
Expand Down Expand Up @@ -948,7 +937,6 @@
$(OPENSSL_PATH)/crypto/ec/eck_prn.c
$(OPENSSL_PATH)/crypto/ec/ecp_mont.c
$(OPENSSL_PATH)/crypto/ec/ecp_nist.c
$(OPENSSL_PATH)/crypto/ec/ecp_nistz256.c
$(OPENSSL_PATH)/crypto/ec/ecp_oct.c
$(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
$(OPENSSL_PATH)/crypto/ec/ecx_backend.c
Expand Down Expand Up @@ -1412,14 +1400,6 @@
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/aesni-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/bsaes-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/vpaes-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx2.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx512.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-gf2m.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont5.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/ec/ecp_nistz256-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/ec/x25519-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/x86_64cpuid.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/md5/md5-x86_64.nasm | MSFT
$(OPENSSL_GEN_PATH)/X64-MSFT/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
Expand All @@ -1437,14 +1417,6 @@
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/aesni-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/bsaes-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/vpaes-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx2.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx512.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-gf2m.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont5.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/ec/ecp_nistz256-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/ec/x25519-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/x86_64cpuid.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/md5/md5-x86_64.s | GCC
$(OPENSSL_GEN_PATH)/X64-GCC/crypto/modes/aesni-gcm-x86_64.s | GCC
Expand Down
21 changes: 21 additions & 0 deletions CryptoPkg/Library/OpensslLib/configure.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,23 @@ def get_source_list(cfg, obj, gen):
srclist += [ obj, ]
return srclist

def asm_filter_fn(filename):
"""
Filter asm source and define lists. Drops files we don't want include.
"""
exclude = [
'/bn/',
'OPENSSL_BN_ASM',
'OPENSSL_IA32_SSE2',
'/ec/',
'ECP_NISTZ256_ASM',
'X25519_ASM',
]
for item in exclude:
if item in filename:
return False
return True

def get_sources(cfg, obj, asm):
"""
Get the list of all sources files. Will fetch both generated
Expand All @@ -224,6 +241,7 @@ def get_sources(cfg, obj, asm):
filter(lambda x: not is_asm(x), genlist)))
asm_list = list(map(lambda x: f'$(OPENSSL_GEN_PATH)/{asm}/{x}',
filter(is_asm, genlist)))
asm_list = list(filter(asm_filter_fn, asm_list))
return srclist + c_list + asm_list

def sources_filter_fn(filename):
Expand All @@ -242,6 +260,8 @@ def sources_filter_fn(filename):
'defltprov.c',
'baseprov.c',
'provider_predefined.c',
'ecp_nistz256.c',
'x86_64-gcc.c',
]
for item in exclude:
if item in filename:
Expand Down Expand Up @@ -349,6 +369,7 @@ def main():
update_MSFT_asm_format(archcc, sources[archcc])
sources[arch] = list(filter(lambda x: not is_asm(x), srclist))
defines[arch] = cfg['unified_info']['defines']['libcrypto']
defines[arch] = list(filter(asm_filter_fn, defines[arch]))

ia32accel = sources['IA32'] + sources['IA32-MSFT'] + sources['IA32-GCC']
x64accel = sources['X64'] + sources['X64-MSFT'] + sources['X64-GCC']
Expand Down

0 comments on commit 991515a

Please sign in to comment.