Re: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms


Vineel Kovvuri <vineel.kovvuri@...>
 

Hi Jiewen, 

Thanks for checking. One of the issue is, ecc change required additional vsinstrincs to be included. If not, IA32 build will fail with __allmul undefined. So I have to include below in OVMFPKGIA32.dsc from Project Mu

[LibraryClasses.IA32]
  NULL|MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.inf

but then I am hitting a new failure when building "stuart_build -c OvmfPkg/PlatformCI/PlatformBuild.py TOOL_CHAIN_TAG=VS2019 TARGET=DEBUG -a IA32"

ERROR - Linker #2001 from LINK :   unresolved external symbol __ModuleEntryPoint
ERROR - Linker #1120 from d:\repos\edk2\Build\OvmfIa32\DEBUG_VS2019\IA32\OvmfPkg\ResetVector\ResetVector\DEBUG\ResetVector.dll : fatal   1 unresolved externals
ERROR - Compiler #1077 from NMAKE : fatal   '"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29910\bin\Hostx86\x86\link.exe"' : return code '0x460'
ERROR - Compiler #7000 from :   Failed to execute command
ERROR - EDK2 #002 from :   Failed to build module

Probably I am missing something.

The other issue is the increased size of the OVMF firmware after enabling ec ciphers. We need some guidance in handling this as OVMF is being used by other open source projects like QEMU etc.

Thanks,
Vineel


On Tue, Nov 2, 2021 at 5:37 PM Yao, Jiewen <jiewen.yao@...> wrote:
Hello Vineel
May I know if you have send out v2?

> -----Original Message-----
> From: Vineel Kovvuri <vineelko@...>
> Sent: Tuesday, October 19, 2021 4:06 AM
> To: Yao, Jiewen <jiewen.yao@...>; Vineel Kovvuri
> <vineel.kovvuri@...>; devel@edk2.groups.io; Sean Brogan
> <sean.brogan@...>; Bret Barkelew
> <Bret.Barkelew@...>; Mike Turner
> <Michael.Turner@...>
> Cc: Jancarlo Perez <jpere@...>
> Subject: RE: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher
> algorithms
>
> Hi Jiewen,
>
> Sorry for the build break. I will fix this locally and send you the patch.
>
> Thanks,
> Vineel
>
> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@...>
> Sent: Saturday, October 16, 2021 7:49 PM
> To: Vineel Kovvuri <vineel.kovvuri@...>; devel@edk2.groups.io; Sean
> Brogan <sean.brogan@...>; Bret Barkelew
> <Bret.Barkelew@...>; Mike Turner
> <Michael.Turner@...>
> Cc: Vineel Kovvuri <vineelko@...>
> Subject: [EXTERNAL] RE: [PATCH 1/2] Reconfigure OpensslLib to add elliptic
> curve chipher algorithms
>
> Hi
> This patch fails in the P-R -
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.c
> om%2Ftianocore%2Fedk2%2Fpull%2F2073&amp;data=04%7C01%7Cvineelko%4
> 0microsoft.com%7C5d3643d0f0ec4bb48ba608d99118b6e7%7C72f988bf86f141
> af91ab2d7cd011db47%7C1%7C0%7C637700357621360496%7CUnknown%7CT
> WFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV
> CI6Mn0%3D%7C1000&amp;sdata=NbiiW6sHXAfHEkkL7aBbnGlZoYXbAzmkgzeqb
> biuJ6Q%3D&amp;reserved=0. Please double check.
>
> You are encourage to try P-R by yourself before submit the patch.
>
> Thank you
> Yao Jiewen
>
> > -----Original Message-----
> > From: Vineel Kovvuri <vineel.kovvuri@...>
> > Sent: Tuesday, October 12, 2021 1:38 PM
> > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@...>;
> > sean.brogan@...; bret.barkelew@...;
> > Michael.Turner@...
> > Cc: Vineel Kovvuri <vineelko@...>
> > Subject: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve
> > chipher algorithms
> >
> > This commit is a cherry pick of project mu's commit
> > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith
> >
> ub.com%2Fmicrosoft%2Fmu_tiano_plus%2Fcommit%2F1f3b135ddc821718a78c
> 3&am
> >
> p;data=04%7C01%7Cvineelko%40microsoft.com%7C5d3643d0f0ec4bb48ba608
> d991
> >
> 18b6e7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637700357621
> 360496
> > %7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> JBTiI6I
> >
> k1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=OFSVeefYJN%2Bq1BgGMKAJ0
> H%2B2wfX
> > %2Bbn%2B4rmppat62i1o%3D&amp;reserved=0
> > 52316197889c5d3e0c2
> >
> > Reconfigure OpensslLib to add elliptic curve chipher algorithms.
> > The only file manually changed is process_files.pl.
> > Running the script changes the other three files.
> >
> > BugZilla:
> > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugz
> >
> illa.tianocore.org%2Fshow_bug.cgi%3Fid%3D3679&amp;data=04%7C01%7Cvin
> ee
> >
> lko%40microsoft.com%7C5d3643d0f0ec4bb48ba608d99118b6e7%7C72f988bf8
> 6f14
> >
> 1af91ab2d7cd011db47%7C1%7C0%7C637700357621360496%7CUnknown%7CT
> WFpbGZsb
> >
> 3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%
> 3D%
> >
> 7C1000&amp;sdata=hUoZ%2F%2BTHW4aIvzk2N%2BCgtSqQ9igntGGt2vtlOgPTE
> KY%3D&
> > amp;reserved=0
> >
> > Signed-off-by: Vineel Kovvuri <vineelko@...>
> > ---
> >  .../Library/Include/openssl/opensslconf.h     | 25 ++--------
> >  CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 50 +++++++++++++++++++
> >  .../Library/OpensslLib/OpensslLibCrypto.inf   | 50 +++++++++++++++++++
> >  CryptoPkg/Library/OpensslLib/process_files.pl |  1 -
> >  4 files changed, 105 insertions(+), 21 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> > b/CryptoPkg/Library/Include/openssl/opensslconf.h
> > index b8d59aebe8..09a6641ffc 100644
> > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> > @@ -55,9 +55,6 @@ extern "C" {
> >  #ifndef OPENSSL_NO_DSA
> >  # define OPENSSL_NO_DSA
> >  #endif
> > -#ifndef OPENSSL_NO_EC
> > -# define OPENSSL_NO_EC
> > -#endif
> >  #ifndef OPENSSL_NO_IDEA
> >  # define OPENSSL_NO_IDEA
> >  #endif
> > @@ -88,9 +85,6 @@ extern "C" {
> >  #ifndef OPENSSL_NO_SEED
> >  # define OPENSSL_NO_SEED
> >  #endif
> > -#ifndef OPENSSL_NO_SM2
> > -# define OPENSSL_NO_SM2
> > -#endif
> >  #ifndef OPENSSL_NO_SRP
> >  # define OPENSSL_NO_SRP
> >  #endif
> > @@ -154,12 +148,6 @@ extern "C" {
> >  #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128  # define
> > OPENSSL_NO_EC_NISTP_64_GCC_128  #endif -#ifndef OPENSSL_NO_ECDH -#
> > define OPENSSL_NO_ECDH -#endif -#ifndef OPENSSL_NO_ECDSA -# define
> > OPENSSL_NO_ECDSA -#endif  #ifndef OPENSSL_NO_EGD  # define
> > OPENSSL_NO_EGD  #endif @@ -226,9 +214,6 @@ extern "C" {  #ifndef
> > OPENSSL_NO_TESTS  # define OPENSSL_NO_TESTS  #endif -#ifndef
> > OPENSSL_NO_TLS1_3 -# define OPENSSL_NO_TLS1_3 -#endif  #ifndef
> > OPENSSL_NO_UBSAN  # define OPENSSL_NO_UBSAN  #endif @@ -265,11
> +250,11
> > @@ extern "C" {
> >  #   undef DECLARE_DEPRECATED
> >  #   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> >  #  endif
> > -#elif defined(__SUNPRO_C)
> > -#if (__SUNPRO_C >= 0x5130)
> > -#undef DECLARE_DEPRECATED
> > -#define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> > -#endif
> > +# elif defined(__SUNPRO_C)
> > +#  if (__SUNPRO_C >= 0x5130)
> > +#   undef DECLARE_DEPRECATED
> > +#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> > +#  endif
> >  # endif
> >  #endif
> >
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > index d84bde056a..bd3d9cc90f 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > @@ -199,6 +199,43 @@
> >    $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> >    $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> >    $(OPENSSL_PATH)/crypto/ebcdic.c
> > +  $(OPENSSL_PATH)/crypto/ec/curve25519.c
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_check.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_err.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_key.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_print.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> > +  $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> >    $(OPENSSL_PATH)/crypto/err/err.c
> >    $(OPENSSL_PATH)/crypto/err/err_prn.c
> >    $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> > @@ -384,6 +421,10 @@
> >    $(OPENSSL_PATH)/crypto/siphash/siphash.c
> >    $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> >    $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> > +  $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> > +  $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> > +  $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> > +  $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> >    $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> >    $(OPENSSL_PATH)/crypto/sm3/sm3.c
> >    $(OPENSSL_PATH)/crypto/sm4/sm4.c
> > @@ -496,6 +537,15 @@
> >    $(OPENSSL_PATH)/crypto/conf/conf_local.h
> >    $(OPENSSL_PATH)/crypto/dh/dh_local.h
> >    $(OPENSSL_PATH)/crypto/dso/dso_local.h
> > +  $(OPENSSL_PATH)/crypto/ec/ec_local.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> >    $(OPENSSL_PATH)/crypto/evp/evp_local.h
> >    $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> >    $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > index cdeed0d073..38ccf1a5b6 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > @@ -199,6 +199,43 @@
> >    $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> >    $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> >    $(OPENSSL_PATH)/crypto/ebcdic.c
> > +  $(OPENSSL_PATH)/crypto/ec/curve25519.c
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_check.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_err.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_key.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> > +  $(OPENSSL_PATH)/crypto/ec/ec_print.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> > +  $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> > +  $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> >    $(OPENSSL_PATH)/crypto/err/err.c
> >    $(OPENSSL_PATH)/crypto/err/err_prn.c
> >    $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> > @@ -384,6 +421,10 @@
> >    $(OPENSSL_PATH)/crypto/siphash/siphash.c
> >    $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> >    $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> > +  $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> > +  $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> > +  $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> > +  $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> >    $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> >    $(OPENSSL_PATH)/crypto/sm3/sm3.c
> >    $(OPENSSL_PATH)/crypto/sm4/sm4.c
> > @@ -496,6 +537,15 @@
> >    $(OPENSSL_PATH)/crypto/conf/conf_local.h
> >    $(OPENSSL_PATH)/crypto/dh/dh_local.h
> >    $(OPENSSL_PATH)/crypto/dso/dso_local.h
> > +  $(OPENSSL_PATH)/crypto/ec/ec_local.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> > +  $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> >    $(OPENSSL_PATH)/crypto/evp/evp_local.h
> >    $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> >    $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> > diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl
> > b/CryptoPkg/Library/OpensslLib/process_files.pl
> > index 42bff05fa6..2ebfbbbca0 100755
> > --- a/CryptoPkg/Library/OpensslLib/process_files.pl
> > +++ b/CryptoPkg/Library/OpensslLib/process_files.pl
> > @@ -169,7 +169,6 @@ BEGIN {
> >                  "no-dgram",
> >                  "no-dsa",
> >                  "no-dynamic-engine",
> > -                "no-ec",
> >                  "no-ec2m",
> >                  "no-engine",
> >                  "no-err",
> > --
> > 2.17.1

Join devel@edk2.groups.io to automatically receive all group messages.