[PATCH 3/4] CryptoPkg: Make EC source file config-able


Li, Yi
 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3679
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3828

Use PCD gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled to config-able
source files list in OpensslLib.inf and OpensslLibCrypto.inf.
If PcdEcEnabled equals to FALSE, this file will not be compiled.

Signed-off-by: yi1 li <yi1.li@...>
---
CryptoPkg/CryptoPkg.dec | 4 +
.../Library/Include/openssl/opensslconf.h | 7 +-
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 95 ++++++++++---------
.../Library/OpensslLib/OpensslLibCrypto.inf | 95 ++++++++++---------
4 files changed, 108 insertions(+), 93 deletions(-)

diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index 5888941bab4c..ebec64050b71 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -81,5 +81,9 @@
# @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010
gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x00000002|UINT32|0x00000001

+ ## Enable/Disable the ECC feature in openssl library. The default is disabled.
+ # If ECC feature is disabled, all related source files will not be compiled.
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled|FALSE|BOOLEAN|0x0000003
+
[UserExtensions.TianoCore."ExtraFiles"]
CryptoPkgExtra.uni
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 7ea976b2252e..1485b8c9f108 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -9,7 +9,7 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
-
+#include <Library/PcdLib.h>
#include <openssl/opensslv.h>

#ifdef __cplusplus
@@ -55,6 +55,11 @@ extern "C" {
#ifndef OPENSSL_NO_DSA
#define OPENSSL_NO_DSA
#endif
+#if !FixedPcdGetBool (PcdEcEnabled)
+ #ifndef OPENSSL_NO_EC
+#define OPENSSL_NO_EC
+ #endif
+#endif
#ifndef OPENSSL_NO_IDEA
#define OPENSSL_NO_IDEA
#endif
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 1d67ed55e1b1..459ac4864a4e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -199,43 +199,43 @@
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -533,15 +533,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -633,6 +633,9 @@
[LibraryClasses.ARM]
ArmSoftFloatLib

+[Pcd]
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled ## CONSUMES
+
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 66ca5b1250c1..c9d69a368e3c 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -199,43 +199,43 @@
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -533,15 +533,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -582,6 +582,9 @@
[LibraryClasses.ARM]
ArmSoftFloatLib

+[Pcd]
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled ## CONSUMES
+
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,
--
2.33.0.windows.2


Michael D Kinney
 

A new top level PCD should not be added.

There is already a structured PCD to enable/disable crypto features.

We take advantage of compiler optimizations to remove unused functions,
so filtering the source files using a PCD should not be required.

I want to make sure we use a consistent method to configure all
crypto related services.


Mike

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of yi1 li
Sent: Monday, April 18, 2022 6:03 AM
To: devel@edk2.groups.io
Cc: Li, Yi1 <yi1.li@...>
Subject: [edk2-devel] [PATCH 3/4] CryptoPkg: Make EC source file config-able

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3679
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3828

Use PCD gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled to config-able
source files list in OpensslLib.inf and OpensslLibCrypto.inf.
If PcdEcEnabled equals to FALSE, this file will not be compiled.

Signed-off-by: yi1 li <yi1.li@...>
---
CryptoPkg/CryptoPkg.dec | 4 +
.../Library/Include/openssl/opensslconf.h | 7 +-
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 95 ++++++++++---------
.../Library/OpensslLib/OpensslLibCrypto.inf | 95 ++++++++++---------
4 files changed, 108 insertions(+), 93 deletions(-)

diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index 5888941bab4c..ebec64050b71 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -81,5 +81,9 @@
# @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010
gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x00000002|UINT32|0x00000001

+ ## Enable/Disable the ECC feature in openssl library. The default is disabled.
+ # If ECC feature is disabled, all related source files will not be compiled.
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled|FALSE|BOOLEAN|0x0000003
+
[UserExtensions.TianoCore."ExtraFiles"]
CryptoPkgExtra.uni
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 7ea976b2252e..1485b8c9f108 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -9,7 +9,7 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
-
+#include <Library/PcdLib.h>
#include <openssl/opensslv.h>

#ifdef __cplusplus
@@ -55,6 +55,11 @@ extern "C" {
#ifndef OPENSSL_NO_DSA
#define OPENSSL_NO_DSA
#endif
+#if !FixedPcdGetBool (PcdEcEnabled)
+ #ifndef OPENSSL_NO_EC
+#define OPENSSL_NO_EC
+ #endif
+#endif
#ifndef OPENSSL_NO_IDEA
#define OPENSSL_NO_IDEA
#endif
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 1d67ed55e1b1..459ac4864a4e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -199,43 +199,43 @@
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -533,15 +533,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -633,6 +633,9 @@
[LibraryClasses.ARM]
ArmSoftFloatLib

+[Pcd]
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled ## CONSUMES
+
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 66ca5b1250c1..c9d69a368e3c 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -199,43 +199,43 @@
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -533,15 +533,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -582,6 +582,9 @@
[LibraryClasses.ARM]
ArmSoftFloatLib

+[Pcd]
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled ## CONSUMES
+
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,
--
2.33.0.windows.2





PierreGondois
 

Hello Yi1, Jiewen, and Bob,

As you mentioned in the cover letter, this patch relies on the following patch
bf9230a9f3dd ("BaseTools: Add the FeatureFlagExpression usage to the Source Section")
https://github.com/tianocore/edk2/commit/bf9230a9f3dde065c3c8b4175ccd32e44e8f0362

I just wanted to signal that this patch is currently not in
https://github.com/tianocore/edk2-basetools
It is thus not in any edk2basetools python module: the latest version of the edk2-basetools python module won't support the new build feature (cf pip-requirements.txt).
Thus someone who:
-relies on the edk2basetools python module
-tries to build an edk2 module relying on OpenSSL
will have a build break.

For instance, I get the following error when building:
build -a AARCH64 -t GCC5 -p SecurityPkg/SecurityPkg.dsc
...
"[some_path]/edk2/BaseTools/Bin/gcc_aarch64_linux_extdep/bin/aarch64-none-linux-gnu-gcc" @[some_path]/Build/SbsaQemu/DEBUG_GCC5/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/OUTPUT/cc_resp.txt -c -o [some_path]/Build/SbsaQemu/DEBUG_GCC5/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/OUTPUT/openssl/crypto/ec/curve25519.obj [some_path]/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/curve25519.c
In file included from [some_path]/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/curve25519.c:11:
[some_path]/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_local.h:48:24: error: unknown type name ‘EC_GROUP’
48 | int (*group_init) (EC_GROUP *);

This is due to the build system trying to build a file in $(OPENSSL_PATH)/crypto/ec/* even though gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled is set to FALSE by default. The new Pcd feature to build files conditionally on a Pcd value is not handled yet.
The edk2 CI doesn't seem to build modules relying on OpenSSL due to the CONTINUOUS_INTEGRATION flag, explaining why the patch passed the CI I think.

I added Bob as I think he knows more about BaseTools.

Regards,
Pierre

On 4/18/22 15:03, yi1 li via groups.io wrote:
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3679
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3828
Use PCD gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled to config-able
source files list in OpensslLib.inf and OpensslLibCrypto.inf.
If PcdEcEnabled equals to FALSE, this file will not be compiled.
Signed-off-by: yi1 li <yi1.li@...>
---
CryptoPkg/CryptoPkg.dec | 4 +
.../Library/Include/openssl/opensslconf.h | 7 +-
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 95 ++++++++++---------
.../Library/OpensslLib/OpensslLibCrypto.inf | 95 ++++++++++---------
4 files changed, 108 insertions(+), 93 deletions(-)
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index 5888941bab4c..ebec64050b71 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -81,5 +81,9 @@
# @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010
gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x00000002|UINT32|0x00000001
+ ## Enable/Disable the ECC feature in openssl library. The default is disabled.
+ # If ECC feature is disabled, all related source files will not be compiled.
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled|FALSE|BOOLEAN|0x0000003
+
[UserExtensions.TianoCore."ExtraFiles"]
CryptoPkgExtra.uni
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 7ea976b2252e..1485b8c9f108 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -9,7 +9,7 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
-
+#include <Library/PcdLib.h>
#include <openssl/opensslv.h>
#ifdef __cplusplus
@@ -55,6 +55,11 @@ extern "C" {
#ifndef OPENSSL_NO_DSA
#define OPENSSL_NO_DSA
#endif
+#if !FixedPcdGetBool (PcdEcEnabled)
+ #ifndef OPENSSL_NO_EC
+#define OPENSSL_NO_EC
+ #endif
+#endif
#ifndef OPENSSL_NO_IDEA
#define OPENSSL_NO_IDEA
#endif
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 1d67ed55e1b1..459ac4864a4e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -199,43 +199,43 @@
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -533,15 +533,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -633,6 +633,9 @@
[LibraryClasses.ARM]
ArmSoftFloatLib
+[Pcd]
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled ## CONSUMES
+
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 66ca5b1250c1..c9d69a368e3c 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -199,43 +199,43 @@
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -533,15 +533,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -582,6 +582,9 @@
[LibraryClasses.ARM]
ArmSoftFloatLib
+[Pcd]
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled ## CONSUMES
+
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,


Li, Yi
 

Hi Pierre,

Python Basetools module has enabled this feature recently, and this modules has updated to 0.17, just as pip-requirements.txt:
https://github.com/tianocore/edk2-basetools/commit/74460f5e33ef3e3790797e069095fc12003f0d00
https://github.com/tianocore/edk2/commit/c411566fad3d6d61a97edfa6e97a91688b175201

Please make sure your code is latest, and the python pip module is updated.

Regards,
Yi

-----Original Message-----
From: Pierre Gondois <pierre.gondois@...>
Sent: Monday, April 25, 2022 11:53 PM
To: devel@edk2.groups.io; Li, Yi1 <yi1.li@...>; Yao, Jiewen <jiewen.yao@...>; Feng, Bob C <bob.c.feng@...>; Sami Mujawar <Sami.mujawar@...>
Subject: Re: [edk2-devel] [PATCH 3/4] CryptoPkg: Make EC source file config-able

Hello Yi1, Jiewen, and Bob,

As you mentioned in the cover letter, this patch relies on the following patch bf9230a9f3dd ("BaseTools: Add the FeatureFlagExpression usage to the Source Section")
https://github.com/tianocore/edk2/commit/bf9230a9f3dde065c3c8b4175ccd32e44e8f0362

I just wanted to signal that this patch is currently not in https://github.com/tianocore/edk2-basetools
It is thus not in any edk2basetools python module: the latest version of the edk2-basetools python module won't support the new build feature (cf pip-requirements.txt).
Thus someone who:
-relies on the edk2basetools python module -tries to build an edk2 module relying on OpenSSL will have a build break.

For instance, I get the following error when building:
build -a AARCH64 -t GCC5 -p SecurityPkg/SecurityPkg.dsc ...
"[some_path]/edk2/BaseTools/Bin/gcc_aarch64_linux_extdep/bin/aarch64-none-linux-gnu-gcc" @[some_path]/Build/SbsaQemu/DEBUG_GCC5/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/OUTPUT/cc_resp.txt -c -o [some_path]/Build/SbsaQemu/DEBUG_GCC5/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/OUTPUT/openssl/crypto/ec/curve25519.obj [some_path]/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/curve25519.c
In file included from [some_path]/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/curve25519.c:11:
[some_path]/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_local.h:48:24: error: unknown type name ‘EC_GROUP’
48 | int (*group_init) (EC_GROUP *);

This is due to the build system trying to build a file in $(OPENSSL_PATH)/crypto/ec/* even though gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled is set to FALSE by default. The new Pcd feature to build files conditionally on a Pcd value is not handled yet.
The edk2 CI doesn't seem to build modules relying on OpenSSL due to the CONTINUOUS_INTEGRATION flag, explaining why the patch passed the CI I think.

I added Bob as I think he knows more about BaseTools.

Regards,
Pierre

On 4/18/22 15:03, yi1 li via groups.io wrote:
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3679
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3828

Use PCD gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled to config-able source
files list in OpensslLib.inf and OpensslLibCrypto.inf.
If PcdEcEnabled equals to FALSE, this file will not be compiled.

Signed-off-by: yi1 li <yi1.li@...>
---
CryptoPkg/CryptoPkg.dec | 4 +
.../Library/Include/openssl/opensslconf.h | 7 +-
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 95 ++++++++++---------
.../Library/OpensslLib/OpensslLibCrypto.inf | 95 ++++++++++---------
4 files changed, 108 insertions(+), 93 deletions(-)

diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index
5888941bab4c..ebec64050b71 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -81,5 +81,9 @@
# @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010

gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x00000002|UINT32|0x00
000001

+ ## Enable/Disable the ECC feature in openssl library. The default is disabled.
+ # If ECC feature is disabled, all related source files will not be compiled.
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled|FALSE|BOOLEAN|0x0000003
+
[UserExtensions.TianoCore."ExtraFiles"]
CryptoPkgExtra.uni
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 7ea976b2252e..1485b8c9f108 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -9,7 +9,7 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
-
+#include <Library/PcdLib.h>
#include <openssl/opensslv.h>

#ifdef __cplusplus
@@ -55,6 +55,11 @@ extern "C" {
#ifndef OPENSSL_NO_DSA
#define OPENSSL_NO_DSA
#endif
+#if !FixedPcdGetBool (PcdEcEnabled)
+ #ifndef OPENSSL_NO_EC
+#define OPENSSL_NO_EC
+ #endif
+#endif
#ifndef OPENSSL_NO_IDEA
#define OPENSSL_NO_IDEA
#endif
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 1d67ed55e1b1..459ac4864a4e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -199,43 +199,43 @@
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -533,15 +533,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -633,6 +633,9 @@
[LibraryClasses.ARM]
ArmSoftFloatLib

+[Pcd]
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled ## CONSUMES
+
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought
by openssl source, diff --git
a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 66ca5b1250c1..c9d69a368e3c 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -199,43 +199,43 @@
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -533,15 +533,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -582,6 +582,9 @@
[LibraryClasses.ARM]
ArmSoftFloatLib

+[Pcd]
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled ## CONSUMES
+
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought
by openssl source,


PierreGondois
 

Hi Yi1,
you are effectively correct, this was an issue in my setup.
The latest ekd2basetools package contains the FeatureFlagExpression
feature and everything works,

Regards,
Pierre

On 4/26/22 04:01, Li, Yi1 wrote:
Hi Pierre,
Python Basetools module has enabled this feature recently, and this modules has updated to 0.17, just as pip-requirements.txt:
https://github.com/tianocore/edk2-basetools/commit/74460f5e33ef3e3790797e069095fc12003f0d00
https://github.com/tianocore/edk2/commit/c411566fad3d6d61a97edfa6e97a91688b175201
Please make sure your code is latest, and the python pip module is updated.
Regards,
Yi
-----Original Message-----
From: Pierre Gondois <pierre.gondois@...>
Sent: Monday, April 25, 2022 11:53 PM
To: devel@edk2.groups.io; Li, Yi1 <yi1.li@...>; Yao, Jiewen <jiewen.yao@...>; Feng, Bob C <bob.c.feng@...>; Sami Mujawar <Sami.mujawar@...>
Subject: Re: [edk2-devel] [PATCH 3/4] CryptoPkg: Make EC source file config-able
Hello Yi1, Jiewen, and Bob,
As you mentioned in the cover letter, this patch relies on the following patch bf9230a9f3dd ("BaseTools: Add the FeatureFlagExpression usage to the Source Section")
https://github.com/tianocore/edk2/commit/bf9230a9f3dde065c3c8b4175ccd32e44e8f0362
I just wanted to signal that this patch is currently not in https://github.com/tianocore/edk2-basetools
It is thus not in any edk2basetools python module: the latest version of the edk2-basetools python module won't support the new build feature (cf pip-requirements.txt).
Thus someone who:
-relies on the edk2basetools python module -tries to build an edk2 module relying on OpenSSL will have a build break.
For instance, I get the following error when building:
build -a AARCH64 -t GCC5 -p SecurityPkg/SecurityPkg.dsc ...
"[some_path]/edk2/BaseTools/Bin/gcc_aarch64_linux_extdep/bin/aarch64-none-linux-gnu-gcc" @[some_path]/Build/SbsaQemu/DEBUG_GCC5/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/OUTPUT/cc_resp.txt -c -o [some_path]/Build/SbsaQemu/DEBUG_GCC5/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/OUTPUT/openssl/crypto/ec/curve25519.obj [some_path]/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/curve25519.c
In file included from [some_path]/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/curve25519.c:11:
[some_path]/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_local.h:48:24: error: unknown type name ‘EC_GROUP’
48 | int (*group_init) (EC_GROUP *);
This is due to the build system trying to build a file in $(OPENSSL_PATH)/crypto/ec/* even though gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled is set to FALSE by default. The new Pcd feature to build files conditionally on a Pcd value is not handled yet.
The edk2 CI doesn't seem to build modules relying on OpenSSL due to the CONTINUOUS_INTEGRATION flag, explaining why the patch passed the CI I think.
I added Bob as I think he knows more about BaseTools.
Regards,
Pierre
On 4/18/22 15:03, yi1 li via groups.io wrote:
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3679
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3828

Use PCD gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled to config-able source
files list in OpensslLib.inf and OpensslLibCrypto.inf.
If PcdEcEnabled equals to FALSE, this file will not be compiled.

Signed-off-by: yi1 li <yi1.li@...>
---
CryptoPkg/CryptoPkg.dec | 4 +
.../Library/Include/openssl/opensslconf.h | 7 +-
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 95 ++++++++++---------
.../Library/OpensslLib/OpensslLibCrypto.inf | 95 ++++++++++---------
4 files changed, 108 insertions(+), 93 deletions(-)

diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index
5888941bab4c..ebec64050b71 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -81,5 +81,9 @@
# @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010
gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x00000002|UINT32|0x00
000001
+ ## Enable/Disable the ECC feature in openssl library. The default is disabled.
+ # If ECC feature is disabled, all related source files will not be compiled.
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled|FALSE|BOOLEAN|0x0000003
+
[UserExtensions.TianoCore."ExtraFiles"]
CryptoPkgExtra.uni
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 7ea976b2252e..1485b8c9f108 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -9,7 +9,7 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
-
+#include <Library/PcdLib.h>
#include <openssl/opensslv.h>
#ifdef __cplusplus
@@ -55,6 +55,11 @@ extern "C" {
#ifndef OPENSSL_NO_DSA
#define OPENSSL_NO_DSA
#endif
+#if !FixedPcdGetBool (PcdEcEnabled)
+ #ifndef OPENSSL_NO_EC
+#define OPENSSL_NO_EC
+ #endif
+#endif
#ifndef OPENSSL_NO_IDEA
#define OPENSSL_NO_IDEA
#endif
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 1d67ed55e1b1..459ac4864a4e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -199,43 +199,43 @@
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -533,15 +533,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -633,6 +633,9 @@
[LibraryClasses.ARM]
ArmSoftFloatLib
+[Pcd]
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled ## CONSUMES
+
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought
by openssl source, diff --git
a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 66ca5b1250c1..c9d69a368e3c 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -199,43 +199,43 @@
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -533,15 +533,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -582,6 +582,9 @@
[LibraryClasses.ARM]
ArmSoftFloatLib
+[Pcd]
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled ## CONSUMES
+
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought
by openssl source,


Bob Feng
 

I just the synced the Yi's recent commit f4dfec6ca1 from edk2 to edk2-basetools repo. And the edk2-basetools 0.18 was created, you can use it.

Thanks,
Bob

-----Original Message-----
From: Pierre Gondois <pierre.gondois@...>
Sent: Tuesday, April 26, 2022 4:14 PM
To: Li, Yi1 <yi1.li@...>
Cc: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@...>; Feng, Bob C <bob.c.feng@...>; Sami Mujawar <Sami.mujawar@...>
Subject: Re: [edk2-devel] [PATCH 3/4] CryptoPkg: Make EC source file config-able

Hi Yi1,
you are effectively correct, this was an issue in my setup.
The latest ekd2basetools package contains the FeatureFlagExpression feature and everything works,

Regards,
Pierre

On 4/26/22 04:01, Li, Yi1 wrote:
Hi Pierre,

Python Basetools module has enabled this feature recently, and this modules has updated to 0.17, just as pip-requirements.txt:
https://github.com/tianocore/edk2-basetools/commit/74460f5e33ef3e37907
97e069095fc12003f0d00
https://github.com/tianocore/edk2/commit/c411566fad3d6d61a97edfa6e97a9
1688b175201

Please make sure your code is latest, and the python pip module is updated.

Regards,
Yi

-----Original Message-----
From: Pierre Gondois <pierre.gondois@...>
Sent: Monday, April 25, 2022 11:53 PM
To: devel@edk2.groups.io; Li, Yi1 <yi1.li@...>; Yao, Jiewen
<jiewen.yao@...>; Feng, Bob C <bob.c.feng@...>; Sami
Mujawar <Sami.mujawar@...>
Subject: Re: [edk2-devel] [PATCH 3/4] CryptoPkg: Make EC source file
config-able

Hello Yi1, Jiewen, and Bob,

As you mentioned in the cover letter, this patch relies on the
following patch bf9230a9f3dd ("BaseTools: Add the
FeatureFlagExpression usage to the Source Section")
https://github.com/tianocore/edk2/commit/bf9230a9f3dde065c3c8b4175ccd3
2e44e8f0362

I just wanted to signal that this patch is currently not in
https://github.com/tianocore/edk2-basetools
It is thus not in any edk2basetools python module: the latest version of the edk2-basetools python module won't support the new build feature (cf pip-requirements.txt).
Thus someone who:
-relies on the edk2basetools python module -tries to build an edk2 module relying on OpenSSL will have a build break.

For instance, I get the following error when building:
build -a AARCH64 -t GCC5 -p SecurityPkg/SecurityPkg.dsc ...
"[some_path]/edk2/BaseTools/Bin/gcc_aarch64_linux_extdep/bin/aarch64-n
one-linux-gnu-gcc"
@[some_path]/Build/SbsaQemu/DEBUG_GCC5/AARCH64/CryptoPkg/Library/Opens
slLib/OpensslLib/OUTPUT/cc_resp.txt -c -o
[some_path]/Build/SbsaQemu/DEBUG_GCC5/AARCH64/CryptoPkg/Library/Openss
lLib/OpensslLib/OUTPUT/openssl/crypto/ec/curve25519.obj
[some_path]/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/curve2
5519.c In file included from
[some_path]/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/curve25519.c:11:
[some_path]/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_local.h:48:24: error: unknown type name ‘EC_GROUP’
48 | int (*group_init) (EC_GROUP *);

This is due to the build system trying to build a file in $(OPENSSL_PATH)/crypto/ec/* even though gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled is set to FALSE by default. The new Pcd feature to build files conditionally on a Pcd value is not handled yet.
The edk2 CI doesn't seem to build modules relying on OpenSSL due to the CONTINUOUS_INTEGRATION flag, explaining why the patch passed the CI I think.

I added Bob as I think he knows more about BaseTools.

Regards,
Pierre

On 4/18/22 15:03, yi1 li via groups.io wrote:
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3679
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3828

Use PCD gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled to config-able
source files list in OpensslLib.inf and OpensslLibCrypto.inf.
If PcdEcEnabled equals to FALSE, this file will not be compiled.

Signed-off-by: yi1 li <yi1.li@...>
---
CryptoPkg/CryptoPkg.dec | 4 +
.../Library/Include/openssl/opensslconf.h | 7 +-
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 95 ++++++++++---------
.../Library/OpensslLib/OpensslLibCrypto.inf | 95 ++++++++++---------
4 files changed, 108 insertions(+), 93 deletions(-)

diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index
5888941bab4c..ebec64050b71 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -81,5 +81,9 @@
# @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004,
0x00000008, 0x00000010

gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x00000002|UINT32|0x0
0
000001

+ ## Enable/Disable the ECC feature in openssl library. The default is disabled.
+ # If ECC feature is disabled, all related source files will not be compiled.
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled|FALSE|BOOLEAN|0x0000003
+
[UserExtensions.TianoCore."ExtraFiles"]
CryptoPkgExtra.uni
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 7ea976b2252e..1485b8c9f108 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -9,7 +9,7 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
-
+#include <Library/PcdLib.h>
#include <openssl/opensslv.h>

#ifdef __cplusplus
@@ -55,6 +55,11 @@ extern "C" {
#ifndef OPENSSL_NO_DSA
#define OPENSSL_NO_DSA
#endif
+#if !FixedPcdGetBool (PcdEcEnabled)
+ #ifndef OPENSSL_NO_EC
+#define OPENSSL_NO_EC
+ #endif
+#endif
#ifndef OPENSSL_NO_IDEA
#define OPENSSL_NO_IDEA
#endif
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 1d67ed55e1b1..459ac4864a4e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -199,43 +199,43 @@
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -533,15 +533,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -633,6 +633,9 @@
[LibraryClasses.ARM]
ArmSoftFloatLib

+[Pcd]
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled ## CONSUMES
+
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought
by openssl source, diff --git
a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 66ca5b1250c1..c9d69a368e3c 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -199,43 +199,43 @@
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -533,15 +533,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -582,6 +582,9 @@
[LibraryClasses.ARM]
ArmSoftFloatLib

+[Pcd]
+ gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled ## CONSUMES
+
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought
by openssl source,