devel@edk2.groups.io | [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs

Michael D Kinney

#95434

The recent addition of the Ecliptic Curve (EC) feature and the performance
optimization feature increased the complexity for platforms to integrate
and enable these features.  This series simplifies the platform configuration
as much as possible and improves the ability to manage the the size impact
of cryptographic services in each FW phase.  A Readme.md is also added that
provides an overview of the CryptoPkg design and features along with platform
integration recommendations. 

This series also addresses private library class declarations missing from 
CryptoPkg.dec and library instances not producing all the APIs defined
by the library classes. A review of the CryptoPkg EDK II meta data files identified
a number of additional cleanups. The CryptoPkg.dsc file was also updated to
improve CI coverage for future CryptoPkg changes and identified some 
unit test bug fixes.

Change Summary
============
* Document disabled/deprecated cryptographic services
* Add missing UNI files in BaseCryptLib
* Update BaseCryptLib internal functions to be STATIC and remove EFIAPI
* Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global variables
* Fix BaseCryptLib unit tests
* Cleanup BaseCryptLib and TlsLib INF files and
* Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
* Merge 4 performance optimized INFs into OpensslLib*Accel.inf
* Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf instead
* Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private library classes
* Update all OpensslLib instances to always produce all APIs in OpensslLib class
* Move PrintLib dependency from OpensslLib INF files to BaseCryptLib INF files
* Update CryptoPkg.dsc files to provide full CI test coverage across all the 
   supported combinations of OpensslLib, BaseCryptLib, and TlsLib instances.
* Remove PACKAGE profile from CryptoPkg.dsc and add TARGET_UNIT_TESTS
  profile.  Adding TARGET_UNIT_TESTS profile is required to prevent a few unit
  test artifacts being included in non unit test builds of components. 
* Add CryptoPkg Readme.md with overview and platform integration details.
* Update host-based unit tests to always use OpensslLibFull.inf and add unit
  test coverage for OpensslLibFullAccel.inf.
* Add Readme.md with CryptoPkg overview and platform integration
  documentation

New in V2
=========
* Fix service table in Readme.md
* Fix VS2015x86 RELEASE builds by disabling warning 4718
* Rebase to latest and add missing EC functions in EcSm2Null.c
* Update perl scripts to auto-generate all OpensslLib INF files
* Update OpensslLib INF files to match auto-generated format

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Xiaoyu Lu <xiaoyu1.lu@...>
Cc: Guomin Jiang <guomin.jiang@...>
Cc: Christopher Zurcher <christopher.zurcher@...>
Cc: Rebecca Cran <quic_rcran@...>
Cc: Ard Biesheuvel <ardb@...>
Cc: Yi Li <yi1.li@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>

Michael D Kinney (12):
  CryptoPkg: Document and disable deprecated crypto services
  CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
  CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
  CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
  CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
  CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
  CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
  CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
  CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
  CryptoPkg: Update DSC to improve CI test coverage
  CryptoPkg: Fixed host-based unit tests
  CryptoPkg: Add Readme.md

Yi Li (4):
  Revert "CryptoPkg: Update process_files.pl to auto add PCD config
    option"
  CryptoPkg/Library/OpensslLib: Update process_files.pl INF generation
  CryptoPkg/Library/OpensslLib: Add generated flag to Accel INF
  CryptoPkg/Library/OpensslLib: update auto-generated files

 CryptoPkg/CryptoPkg.ci.yaml                   |  11 +-
 CryptoPkg/CryptoPkg.dec                       |  42 +-
 CryptoPkg/CryptoPkg.dsc                       | 438 ++++++++---
 .../Pcd/PcdCryptoServiceFamilyEnable.h        | 122 +--
 .../Library/BaseCryptLib/BaseCryptLib.inf     |  10 +-
 .../Library/BaseCryptLib/BaseCryptLib.uni     |   2 -
 .../Library/BaseCryptLib/Hmac/CryptHmac.c     |   7 +
 .../Library/BaseCryptLib/Kdf/CryptHkdf.c      |   5 +-
 .../Library/BaseCryptLib/PeiCryptLib.inf      |   8 +-
 .../Library/BaseCryptLib/PeiCryptLib.uni      |   2 -
 CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c |   4 -
 .../BaseCryptLib/Pk/CryptAuthenticode.c       |   2 +-
 .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c  |   3 +-
 .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c     |   3 +
 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c   |  44 +-
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c |   4 -
 .../Library/BaseCryptLib/RuntimeCryptLib.inf  |   9 +-
 .../Library/BaseCryptLib/RuntimeCryptLib.uni  |   2 -
 .../Library/BaseCryptLib/SecCryptLib.inf      |  13 +-
 .../{SmmCryptLib.uni => SecCryptLib.uni}      |  11 +-
 .../Library/BaseCryptLib/SmmCryptLib.inf      |  12 -
 .../Library/BaseCryptLib/SmmCryptLib.uni      |   2 -
 .../BaseCryptLib/UnitTestHostBaseCryptLib.inf |  22 +-
 .../Library/Include/openssl/opensslconf.h     | 328 +++++++-
 .../Include/openssl/opensslconf_generated.h   | 333 ---------
 CryptoPkg/Library/OpensslLib/EcSm2Null.c      | 383 ++++++++++
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   |  91 +--
 CryptoPkg/Library/OpensslLib/OpensslLib.uni   |  10 +-
 ...OpensslLibIa32.inf => OpensslLibAccel.inf} | 154 ++--
 .../Library/OpensslLib/OpensslLibAccel.uni    |  14 +
 .../OpensslLib/OpensslLibConstructor.c        |   6 +-
 .../Library/OpensslLib/OpensslLibCrypto.inf   |  92 +--
 .../Library/OpensslLib/OpensslLibCrypto.uni   |  11 +-
 ...ensslLibIa32Gcc.inf => OpensslLibFull.inf} | 172 +++--
 .../{OpensslLib.uni => OpensslLibFull.uni}    |  10 +-
 ...lLibX64Gcc.inf => OpensslLibFullAccel.inf} | 212 ++++--
 .../OpensslLib/OpensslLibFullAccel.uni        |  14 +
 .../Library/OpensslLib/OpensslLibX64.inf      | 706 ------------------
 CryptoPkg/Library/OpensslLib/SslNull.c        | 405 ++++++++++
 CryptoPkg/Library/OpensslLib/process_files.pl | 168 +++--
 .../SysCall/inet_pton.c                       |   0
 CryptoPkg/Library/TlsLib/TlsConfig.c          |  12 +-
 CryptoPkg/Library/TlsLib/TlsLib.inf           |  12 +-
 CryptoPkg/Private/Library/IntrinsicLib.h      |  16 +
 CryptoPkg/Private/Library/OpensslLib.h        |  14 +
 CryptoPkg/Readme.md                           | 498 ++++++++++++
 CryptoPkg/Test/CryptoPkgHostUnitTest.dsc      |  17 +-
 .../UnitTest/Library/BaseCryptLib/HmacTests.c |  17 +-
 .../UnitTest/Library/BaseCryptLib/TSTests.c   |   2 +-
 .../TestBaseCryptLibHostAccel.inf             |  56 ++
 50 files changed, 2711 insertions(+), 1820 deletions(-)
 copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni => SecCryptLib.uni} (74%)
 delete mode 100644 CryptoPkg/Library/Include/openssl/opensslconf_generated.h
 create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
 rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf => OpensslLibAccel.inf} (79%)
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
 rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf => OpensslLibFull.inf} (79%)
 copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni} (56%)
 rename CryptoPkg/Library/OpensslLib/{OpensslLibX64Gcc.inf => OpensslLibFullAccel.inf} (78%)
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
 delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
 create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
 rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c (100%)
 create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
 create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
 create mode 100644 CryptoPkg/Readme.md
 create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.inf

-- 
2.37.1.windows.1

Yao, Jiewen

#95487

Thanks Mike
The update looks good to me. Reviewed-by: Jiewen Yao <Jiewen.yao@...>

Do you have any data of size difference before and after? Please share with us.

I am more interested in the old configuration with ECC.

Thank you
Yao, Jiewen

Show quoted text

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@...>
Sent: Friday, October 21, 2022 2:35 AM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@...>; Wang, Jian J
<jian.j.wang@...>; Lu, Xiaoyu1 <xiaoyu1.lu@...>; Jiang,
Guomin <guomin.jiang@...>; Zurcher, Christopher
<christopher.zurcher@...>; Rebecca Cran
<quic_rcran@...>; Ard Biesheuvel <ardb@...>; Li, Yi1
<yi1.li@...>
Subject: [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt
OpensslLibs

The recent addition of the Ecliptic Curve (EC) feature and the performance
optimization feature increased the complexity for platforms to integrate
and enable these features.  This series simplifies the platform configuration
as much as possible and improves the ability to manage the the size impact
of cryptographic services in each FW phase.  A Readme.md is also added
that
provides an overview of the CryptoPkg design and features along with
platform
integration recommendations.

This series also addresses private library class declarations missing from
CryptoPkg.dec and library instances not producing all the APIs defined
by the library classes. A review of the CryptoPkg EDK II meta data files
identified
a number of additional cleanups. The CryptoPkg.dsc file was also updated to
improve CI coverage for future CryptoPkg changes and identified some
unit test bug fixes.

Change Summary
============
* Document disabled/deprecated cryptographic services
* Add missing UNI files in BaseCryptLib
* Update BaseCryptLib internal functions to be STATIC and remove EFIAPI
* Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global
variables
* Fix BaseCryptLib unit tests
* Cleanup BaseCryptLib and TlsLib INF files and
* Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
* Merge 4 performance optimized INFs into OpensslLib*Accel.inf
* Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf instead
* Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private library classes
* Update all OpensslLib instances to always produce all APIs in OpensslLib
class
* Move PrintLib dependency from OpensslLib INF files to BaseCryptLib INF
files
* Update CryptoPkg.dsc files to provide full CI test coverage across all the
   supported combinations of OpensslLib, BaseCryptLib, and TlsLib instances.
* Remove PACKAGE profile from CryptoPkg.dsc and add
TARGET_UNIT_TESTS
  profile.  Adding TARGET_UNIT_TESTS profile is required to prevent a few
unit
  test artifacts being included in non unit test builds of components.
* Add CryptoPkg Readme.md with overview and platform integration
details.
* Update host-based unit tests to always use OpensslLibFull.inf and add
unit
  test coverage for OpensslLibFullAccel.inf.
* Add Readme.md with CryptoPkg overview and platform integration
  documentation

New in V2
=========
* Fix service table in Readme.md
* Fix VS2015x86 RELEASE builds by disabling warning 4718
* Rebase to latest and add missing EC functions in EcSm2Null.c
* Update perl scripts to auto-generate all OpensslLib INF files
* Update OpensslLib INF files to match auto-generated format

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Xiaoyu Lu <xiaoyu1.lu@...>
Cc: Guomin Jiang <guomin.jiang@...>
Cc: Christopher Zurcher <christopher.zurcher@...>
Cc: Rebecca Cran <quic_rcran@...>
Cc: Ard Biesheuvel <ardb@...>
Cc: Yi Li <yi1.li@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>

Michael D Kinney (12):
  CryptoPkg: Document and disable deprecated crypto services
  CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
  CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
  CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
  CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
  CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
  CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
  CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
  CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
  CryptoPkg: Update DSC to improve CI test coverage
  CryptoPkg: Fixed host-based unit tests
  CryptoPkg: Add Readme.md

Yi Li (4):
  Revert "CryptoPkg: Update process_files.pl to auto add PCD config
    option"
  CryptoPkg/Library/OpensslLib: Update process_files.pl INF generation
  CryptoPkg/Library/OpensslLib: Add generated flag to Accel INF
  CryptoPkg/Library/OpensslLib: update auto-generated files

 CryptoPkg/CryptoPkg.ci.yaml                   |  11 +-
 CryptoPkg/CryptoPkg.dec                       |  42 +-
 CryptoPkg/CryptoPkg.dsc                       | 438 ++++++++---
 .../Pcd/PcdCryptoServiceFamilyEnable.h        | 122 +--
 .../Library/BaseCryptLib/BaseCryptLib.inf     |  10 +-
 .../Library/BaseCryptLib/BaseCryptLib.uni     |   2 -
 .../Library/BaseCryptLib/Hmac/CryptHmac.c     |   7 +
 .../Library/BaseCryptLib/Kdf/CryptHkdf.c      |   5 +-
 .../Library/BaseCryptLib/PeiCryptLib.inf      |   8 +-
 .../Library/BaseCryptLib/PeiCryptLib.uni      |   2 -
 CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c |   4 -
 .../BaseCryptLib/Pk/CryptAuthenticode.c       |   2 +-
 .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c  |   3 +-
 .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c     |   3 +
 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c   |  44 +-
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c |   4 -
 .../Library/BaseCryptLib/RuntimeCryptLib.inf  |   9 +-
 .../Library/BaseCryptLib/RuntimeCryptLib.uni  |   2 -
 .../Library/BaseCryptLib/SecCryptLib.inf      |  13 +-
 .../{SmmCryptLib.uni => SecCryptLib.uni}      |  11 +-
 .../Library/BaseCryptLib/SmmCryptLib.inf      |  12 -
 .../Library/BaseCryptLib/SmmCryptLib.uni      |   2 -
 .../BaseCryptLib/UnitTestHostBaseCryptLib.inf |  22 +-
 .../Library/Include/openssl/opensslconf.h     | 328 +++++++-
 .../Include/openssl/opensslconf_generated.h   | 333 ---------
 CryptoPkg/Library/OpensslLib/EcSm2Null.c      | 383 ++++++++++
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   |  91 +--
 CryptoPkg/Library/OpensslLib/OpensslLib.uni   |  10 +-
 ...OpensslLibIa32.inf => OpensslLibAccel.inf} | 154 ++--
 .../Library/OpensslLib/OpensslLibAccel.uni    |  14 +
 .../OpensslLib/OpensslLibConstructor.c        |   6 +-
 .../Library/OpensslLib/OpensslLibCrypto.inf   |  92 +--
 .../Library/OpensslLib/OpensslLibCrypto.uni   |  11 +-
 ...ensslLibIa32Gcc.inf => OpensslLibFull.inf} | 172 +++--
 .../{OpensslLib.uni => OpensslLibFull.uni}    |  10 +-
 ...lLibX64Gcc.inf => OpensslLibFullAccel.inf} | 212 ++++--
 .../OpensslLib/OpensslLibFullAccel.uni        |  14 +
 .../Library/OpensslLib/OpensslLibX64.inf      | 706 ------------------
 CryptoPkg/Library/OpensslLib/SslNull.c        | 405 ++++++++++
 CryptoPkg/Library/OpensslLib/process_files.pl | 168 +++--
 .../SysCall/inet_pton.c                       |   0
 CryptoPkg/Library/TlsLib/TlsConfig.c          |  12 +-
 CryptoPkg/Library/TlsLib/TlsLib.inf           |  12 +-
 CryptoPkg/Private/Library/IntrinsicLib.h      |  16 +
 CryptoPkg/Private/Library/OpensslLib.h        |  14 +
 CryptoPkg/Readme.md                           | 498 ++++++++++++
 CryptoPkg/Test/CryptoPkgHostUnitTest.dsc      |  17 +-
 .../UnitTest/Library/BaseCryptLib/HmacTests.c |  17 +-
 .../UnitTest/Library/BaseCryptLib/TSTests.c   |   2 +-
 .../TestBaseCryptLibHostAccel.inf             |  56 ++
 50 files changed, 2711 insertions(+), 1820 deletions(-)
 copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
SecCryptLib.uni} (74%)
 delete mode 100644
CryptoPkg/Library/Include/openssl/opensslconf_generated.h
 create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
 rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
OpensslLibAccel.inf} (79%)
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
 rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
OpensslLibFull.inf} (79%)
 copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni}
(56%)
 rename CryptoPkg/Library/OpensslLib/{OpensslLibX64Gcc.inf =>
OpensslLibFullAccel.inf} (78%)
 create mode 100644
CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
 delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
 create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
 rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c
(100%)
 create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
 create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
 create mode 100644 CryptoPkg/Readme.md
 create mode 100644
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
nf

--
2.37.1.windows.1

Yao, Jiewen

#95488

Sorry: I mean old configuration without ECC.

Show quoted text

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
Jiewen
Sent: Monday, October 24, 2022 11:53 AM
To: Kinney, Michael D <michael.d.kinney@...>;
devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@...>; Lu, Xiaoyu1
<xiaoyu1.lu@...>; Jiang, Guomin <guomin.jiang@...>;
Zurcher, Christopher <christopher.zurcher@...>; Rebecca Cran
<quic_rcran@...>; Ard Biesheuvel <ardb@...>; Li, Yi1
<yi1.li@...>
Subject: Re: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCD and
merge perf opt OpensslLibs

Thanks Mike
The update looks good to me. Reviewed-by: Jiewen Yao
<Jiewen.yao@...>

Do you have any data of size difference before and after? Please share with
us.

I am more interested in the old configuration with ECC.

Thank you
Yao, Jiewen

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@...>
Sent: Friday, October 21, 2022 2:35 AM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@...>; Wang, Jian J
<jian.j.wang@...>; Lu, Xiaoyu1 <xiaoyu1.lu@...>; Jiang,
Guomin <guomin.jiang@...>; Zurcher, Christopher
<christopher.zurcher@...>; Rebecca Cran
<quic_rcran@...>; Ard Biesheuvel <ardb@...>; Li, Yi1
<yi1.li@...>
Subject: [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt
OpensslLibs

The recent addition of the Ecliptic Curve (EC) feature and the performance
optimization feature increased the complexity for platforms to integrate
and enable these features.  This series simplifies the platformconfiguration
as much as possible and improves the ability to manage the the sizeimpact
of cryptographic services in each FW phase.  A Readme.md is also added
that
provides an overview of the CryptoPkg design and features along with
platform
integration recommendations.

This series also addresses private library class declarations missing from
CryptoPkg.dec and library instances not producing all the APIs defined
by the library classes. A review of the CryptoPkg EDK II meta data files
identified
a number of additional cleanups. The CryptoPkg.dsc file was also updatedto
improve CI coverage for future CryptoPkg changes and identified some
unit test bug fixes.

Change Summary
============
* Document disabled/deprecated cryptographic services
* Add missing UNI files in BaseCryptLib
* Update BaseCryptLib internal functions to be STATIC and remove EFIAPI
* Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global
variables
* Fix BaseCryptLib unit tests
* Cleanup BaseCryptLib and TlsLib INF files and
* Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
* Merge 4 performance optimized INFs into OpensslLib*Accel.inf
* Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.infinstead
* Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private libraryclasses
* Update all OpensslLib instances to always produce all APIs in OpensslLib
class
* Move PrintLib dependency from OpensslLib INF files to BaseCryptLib INF
files
* Update CryptoPkg.dsc files to provide full CI test coverage across all the
   supported combinations of OpensslLib, BaseCryptLib, and TlsLibinstances.
* Remove PACKAGE profile from CryptoPkg.dsc and add
TARGET_UNIT_TESTS
  profile.  Adding TARGET_UNIT_TESTS profile is required to prevent a few
unit
  test artifacts being included in non unit test builds of components.
* Add CryptoPkg Readme.md with overview and platform integration
details.
* Update host-based unit tests to always use OpensslLibFull.inf and add
unit
  test coverage for OpensslLibFullAccel.inf.
* Add Readme.md with CryptoPkg overview and platform integration
  documentation

New in V2
=========
* Fix service table in Readme.md
* Fix VS2015x86 RELEASE builds by disabling warning 4718
* Rebase to latest and add missing EC functions in EcSm2Null.c
* Update perl scripts to auto-generate all OpensslLib INF files
* Update OpensslLib INF files to match auto-generated format

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Xiaoyu Lu <xiaoyu1.lu@...>
Cc: Guomin Jiang <guomin.jiang@...>
Cc: Christopher Zurcher <christopher.zurcher@...>
Cc: Rebecca Cran <quic_rcran@...>
Cc: Ard Biesheuvel <ardb@...>
Cc: Yi Li <yi1.li@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>

Michael D Kinney (12):
  CryptoPkg: Document and disable deprecated crypto services
  CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
  CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
  CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
  CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
  CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
  CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
  CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
  CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
  CryptoPkg: Update DSC to improve CI test coverage
  CryptoPkg: Fixed host-based unit tests
  CryptoPkg: Add Readme.md

Yi Li (4):
  Revert "CryptoPkg: Update process_files.pl to auto add PCD config
    option"
  CryptoPkg/Library/OpensslLib: Update process_files.pl INF generation
  CryptoPkg/Library/OpensslLib: Add generated flag to Accel INF
  CryptoPkg/Library/OpensslLib: update auto-generated files

 CryptoPkg/CryptoPkg.ci.yaml                   |  11 +-
 CryptoPkg/CryptoPkg.dec                       |  42 +-
 CryptoPkg/CryptoPkg.dsc                       | 438 ++++++++---
 .../Pcd/PcdCryptoServiceFamilyEnable.h        | 122 +--
 .../Library/BaseCryptLib/BaseCryptLib.inf     |  10 +-
 .../Library/BaseCryptLib/BaseCryptLib.uni     |   2 -
 .../Library/BaseCryptLib/Hmac/CryptHmac.c     |   7 +
 .../Library/BaseCryptLib/Kdf/CryptHkdf.c      |   5 +-
 .../Library/BaseCryptLib/PeiCryptLib.inf      |   8 +-
 .../Library/BaseCryptLib/PeiCryptLib.uni      |   2 -
 CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c |   4 -
 .../BaseCryptLib/Pk/CryptAuthenticode.c       |   2 +-
 .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c  |   3 +-
 .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c     |   3 +
 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c   |  44 +-
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c |   4 -
 .../Library/BaseCryptLib/RuntimeCryptLib.inf  |   9 +-
 .../Library/BaseCryptLib/RuntimeCryptLib.uni  |   2 -
 .../Library/BaseCryptLib/SecCryptLib.inf      |  13 +-
 .../{SmmCryptLib.uni => SecCryptLib.uni}      |  11 +-
 .../Library/BaseCryptLib/SmmCryptLib.inf      |  12 -
 .../Library/BaseCryptLib/SmmCryptLib.uni      |   2 -
 .../BaseCryptLib/UnitTestHostBaseCryptLib.inf |  22 +-
 .../Library/Include/openssl/opensslconf.h     | 328 +++++++-
 .../Include/openssl/opensslconf_generated.h   | 333 ---------
 CryptoPkg/Library/OpensslLib/EcSm2Null.c      | 383 ++++++++++
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   |  91 +--
 CryptoPkg/Library/OpensslLib/OpensslLib.uni   |  10 +-
 ...OpensslLibIa32.inf => OpensslLibAccel.inf} | 154 ++--
 .../Library/OpensslLib/OpensslLibAccel.uni    |  14 +
 .../OpensslLib/OpensslLibConstructor.c        |   6 +-
 .../Library/OpensslLib/OpensslLibCrypto.inf   |  92 +--
 .../Library/OpensslLib/OpensslLibCrypto.uni   |  11 +-
 ...ensslLibIa32Gcc.inf => OpensslLibFull.inf} | 172 +++--
 .../{OpensslLib.uni => OpensslLibFull.uni}    |  10 +-
 ...lLibX64Gcc.inf => OpensslLibFullAccel.inf} | 212 ++++--
 .../OpensslLib/OpensslLibFullAccel.uni        |  14 +
 .../Library/OpensslLib/OpensslLibX64.inf      | 706 ------------------
 CryptoPkg/Library/OpensslLib/SslNull.c        | 405 ++++++++++
 CryptoPkg/Library/OpensslLib/process_files.pl | 168 +++--
 .../SysCall/inet_pton.c                       |   0
 CryptoPkg/Library/TlsLib/TlsConfig.c          |  12 +-
 CryptoPkg/Library/TlsLib/TlsLib.inf           |  12 +-
 CryptoPkg/Private/Library/IntrinsicLib.h      |  16 +
 CryptoPkg/Private/Library/OpensslLib.h        |  14 +
 CryptoPkg/Readme.md                           | 498 ++++++++++++
 CryptoPkg/Test/CryptoPkgHostUnitTest.dsc      |  17 +-
 .../UnitTest/Library/BaseCryptLib/HmacTests.c |  17 +-
 .../UnitTest/Library/BaseCryptLib/TSTests.c   |   2 +-
 .../TestBaseCryptLibHostAccel.inf             |  56 ++
 50 files changed, 2711 insertions(+), 1820 deletions(-)
 copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
SecCryptLib.uni} (74%)
 delete mode 100644
CryptoPkg/Library/Include/openssl/opensslconf_generated.h
 create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
 rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
OpensslLibAccel.inf} (79%)
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
 rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
OpensslLibFull.inf} (79%)
 copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni}
(56%)
 rename CryptoPkg/Library/OpensslLib/{OpensslLibX64Gcc.inf =>
OpensslLibFullAccel.inf} (78%)
 create mode 100644
CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
 delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
 create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
 rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c
(100%)
 create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
 create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
 create mode 100644 CryptoPkg/Readme.md
 create mode 100644
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
nf

--
2.37.1.windows.1

Michael D Kinney

#95491

Hi Jiewen,

I compared the builds of the CryptoPei, CryptoDxe, CryptoSmm using the
same OpensslLib instance with EC disabled.

I used an IA32 build of the MIN_PEI profile and an X64 build of the
MIN_DXE_MIN_SMM profile for the comparison.

Arch Profile          Driver        Old    Old-LZMA    New    New-LZMA
==== ===============  =========   =======  ========  =======  ========
IA32 MIN_PEI          CryptoPei   252,192   102,109  244,160    98,571
X64  MIN_DXE_MIN_SMM  CryptoDxe   812,288   313,340  811,008   312,913
X64  MIN_DXE_MIN_SMM  CryptoSmm   549,088   205,613  548,096   205,079


These results show that this patch series provide a very small reduction
in both the uncompressed and LZMA compressed sizes of these drivers.  This 
is the expected result because no functional changes were introduced.

The small decrease is likely due to the removal of the UnitTest overhead
that was included in all CryptoPkg.dsc build before this series.  This
series only links in the UnitTest related libs and hook of the ASSERT()
macros when building unit tests.

Best regards,

Mike

Show quoted text

-----Original Message-----
From: Yao, Jiewen <jiewen.yao@...>
Sent: Sunday, October 23, 2022 8:54 PM
To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@...>; Kinney, Michael D <michael.d.kinney@...>
Cc: Wang, Jian J <jian.j.wang@...>; Lu, Xiaoyu1 <xiaoyu1.lu@...>; Jiang, Guomin <guomin.jiang@...>; Zurcher,
Christopher <christopher.zurcher@...>; Rebecca Cran <quic_rcran@...>; Ard Biesheuvel <ardb@...>; Li,
Yi1 <yi1.li@...>
Subject: RE: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs

Sorry: I mean old configuration without ECC.

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
Jiewen
Sent: Monday, October 24, 2022 11:53 AM
To: Kinney, Michael D <michael.d.kinney@...>;
devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@...>; Lu, Xiaoyu1
<xiaoyu1.lu@...>; Jiang, Guomin <guomin.jiang@...>;
Zurcher, Christopher <christopher.zurcher@...>; Rebecca Cran
<quic_rcran@...>; Ard Biesheuvel <ardb@...>; Li, Yi1
<yi1.li@...>
Subject: Re: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCD and
merge perf opt OpensslLibs

Thanks Mike
The update looks good to me. Reviewed-by: Jiewen Yao
<Jiewen.yao@...>

Do you have any data of size difference before and after? Please share with
us.

I am more interested in the old configuration with ECC.

Thank you
Yao, Jiewen

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@...>
Sent: Friday, October 21, 2022 2:35 AM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@...>; Wang, Jian J
<jian.j.wang@...>; Lu, Xiaoyu1 <xiaoyu1.lu@...>; Jiang,
Guomin <guomin.jiang@...>; Zurcher, Christopher
<christopher.zurcher@...>; Rebecca Cran
<quic_rcran@...>; Ard Biesheuvel <ardb@...>; Li, Yi1
<yi1.li@...>
Subject: [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt
OpensslLibs

The recent addition of the Ecliptic Curve (EC) feature and the performance
optimization feature increased the complexity for platforms to integrate
and enable these features.  This series simplifies the platformconfiguration
as much as possible and improves the ability to manage the the sizeimpact
of cryptographic services in each FW phase.  A Readme.md is also added
that
provides an overview of the CryptoPkg design and features along with
platform
integration recommendations.

This series also addresses private library class declarations missing from
CryptoPkg.dec and library instances not producing all the APIs defined
by the library classes. A review of the CryptoPkg EDK II meta data files
identified
a number of additional cleanups. The CryptoPkg.dsc file was also updatedto
improve CI coverage for future CryptoPkg changes and identified some
unit test bug fixes.

Change Summary
============
* Document disabled/deprecated cryptographic services
* Add missing UNI files in BaseCryptLib
* Update BaseCryptLib internal functions to be STATIC and remove EFIAPI
* Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global
variables
* Fix BaseCryptLib unit tests
* Cleanup BaseCryptLib and TlsLib INF files and
* Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
* Merge 4 performance optimized INFs into OpensslLib*Accel.inf
* Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.infinstead
* Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private libraryclasses
* Update all OpensslLib instances to always produce all APIs in OpensslLib
class
* Move PrintLib dependency from OpensslLib INF files to BaseCryptLib INF
files
* Update CryptoPkg.dsc files to provide full CI test coverage across all the
   supported combinations of OpensslLib, BaseCryptLib, and TlsLibinstances.
* Remove PACKAGE profile from CryptoPkg.dsc and add
TARGET_UNIT_TESTS
  profile.  Adding TARGET_UNIT_TESTS profile is required to prevent a few
unit
  test artifacts being included in non unit test builds of components.
* Add CryptoPkg Readme.md with overview and platform integration
details.
* Update host-based unit tests to always use OpensslLibFull.inf and add
unit
  test coverage for OpensslLibFullAccel.inf.
* Add Readme.md with CryptoPkg overview and platform integration
  documentation

New in V2
=========
* Fix service table in Readme.md
* Fix VS2015x86 RELEASE builds by disabling warning 4718
* Rebase to latest and add missing EC functions in EcSm2Null.c
* Update perl scripts to auto-generate all OpensslLib INF files
* Update OpensslLib INF files to match auto-generated format

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Xiaoyu Lu <xiaoyu1.lu@...>
Cc: Guomin Jiang <guomin.jiang@...>
Cc: Christopher Zurcher <christopher.zurcher@...>
Cc: Rebecca Cran <quic_rcran@...>
Cc: Ard Biesheuvel <ardb@...>
Cc: Yi Li <yi1.li@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>

Michael D Kinney (12):
  CryptoPkg: Document and disable deprecated crypto services
  CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
  CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
  CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
  CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
  CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
  CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
  CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
  CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
  CryptoPkg: Update DSC to improve CI test coverage
  CryptoPkg: Fixed host-based unit tests
  CryptoPkg: Add Readme.md

Yi Li (4):
  Revert "CryptoPkg: Update process_files.pl to auto add PCD config
    option"
  CryptoPkg/Library/OpensslLib: Update process_files.pl INF generation
  CryptoPkg/Library/OpensslLib: Add generated flag to Accel INF
  CryptoPkg/Library/OpensslLib: update auto-generated files

 CryptoPkg/CryptoPkg.ci.yaml                   |  11 +-
 CryptoPkg/CryptoPkg.dec                       |  42 +-
 CryptoPkg/CryptoPkg.dsc                       | 438 ++++++++---
 .../Pcd/PcdCryptoServiceFamilyEnable.h        | 122 +--
 .../Library/BaseCryptLib/BaseCryptLib.inf     |  10 +-
 .../Library/BaseCryptLib/BaseCryptLib.uni     |   2 -
 .../Library/BaseCryptLib/Hmac/CryptHmac.c     |   7 +
 .../Library/BaseCryptLib/Kdf/CryptHkdf.c      |   5 +-
 .../Library/BaseCryptLib/PeiCryptLib.inf      |   8 +-
 .../Library/BaseCryptLib/PeiCryptLib.uni      |   2 -
 CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c |   4 -
 .../BaseCryptLib/Pk/CryptAuthenticode.c       |   2 +-
 .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c  |   3 +-
 .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c     |   3 +
 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c   |  44 +-
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c |   4 -
 .../Library/BaseCryptLib/RuntimeCryptLib.inf  |   9 +-
 .../Library/BaseCryptLib/RuntimeCryptLib.uni  |   2 -
 .../Library/BaseCryptLib/SecCryptLib.inf      |  13 +-
 .../{SmmCryptLib.uni => SecCryptLib.uni}      |  11 +-
 .../Library/BaseCryptLib/SmmCryptLib.inf      |  12 -
 .../Library/BaseCryptLib/SmmCryptLib.uni      |   2 -
 .../BaseCryptLib/UnitTestHostBaseCryptLib.inf |  22 +-
 .../Library/Include/openssl/opensslconf.h     | 328 +++++++-
 .../Include/openssl/opensslconf_generated.h   | 333 ---------
 CryptoPkg/Library/OpensslLib/EcSm2Null.c      | 383 ++++++++++
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   |  91 +--
 CryptoPkg/Library/OpensslLib/OpensslLib.uni   |  10 +-
 ...OpensslLibIa32.inf => OpensslLibAccel.inf} | 154 ++--
 .../Library/OpensslLib/OpensslLibAccel.uni    |  14 +
 .../OpensslLib/OpensslLibConstructor.c        |   6 +-
 .../Library/OpensslLib/OpensslLibCrypto.inf   |  92 +--
 .../Library/OpensslLib/OpensslLibCrypto.uni   |  11 +-
 ...ensslLibIa32Gcc.inf => OpensslLibFull.inf} | 172 +++--
 .../{OpensslLib.uni => OpensslLibFull.uni}    |  10 +-
 ...lLibX64Gcc.inf => OpensslLibFullAccel.inf} | 212 ++++--
 .../OpensslLib/OpensslLibFullAccel.uni        |  14 +
 .../Library/OpensslLib/OpensslLibX64.inf      | 706 ------------------
 CryptoPkg/Library/OpensslLib/SslNull.c        | 405 ++++++++++
 CryptoPkg/Library/OpensslLib/process_files.pl | 168 +++--
 .../SysCall/inet_pton.c                       |   0
 CryptoPkg/Library/TlsLib/TlsConfig.c          |  12 +-
 CryptoPkg/Library/TlsLib/TlsLib.inf           |  12 +-
 CryptoPkg/Private/Library/IntrinsicLib.h      |  16 +
 CryptoPkg/Private/Library/OpensslLib.h        |  14 +
 CryptoPkg/Readme.md                           | 498 ++++++++++++
 CryptoPkg/Test/CryptoPkgHostUnitTest.dsc      |  17 +-
 .../UnitTest/Library/BaseCryptLib/HmacTests.c |  17 +-
 .../UnitTest/Library/BaseCryptLib/TSTests.c   |   2 +-
 .../TestBaseCryptLibHostAccel.inf             |  56 ++
 50 files changed, 2711 insertions(+), 1820 deletions(-)
 copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
SecCryptLib.uni} (74%)
 delete mode 100644
CryptoPkg/Library/Include/openssl/opensslconf_generated.h
 create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
 rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
OpensslLibAccel.inf} (79%)
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
 rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
OpensslLibFull.inf} (79%)
 copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni}
(56%)
 rename CryptoPkg/Library/OpensslLib/{OpensslLibX64Gcc.inf =>
OpensslLibFullAccel.inf} (78%)
 create mode 100644
CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
 delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
 create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
 rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c
(100%)
 create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
 create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
 create mode 100644 CryptoPkg/Readme.md
 create mode 100644
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
nf

--
2.37.1.windows.1

Yao, Jiewen

#95493

Sounds great!

Show quoted text

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@...>
Sent: Monday, October 24, 2022 1:44 PM
To: Yao, Jiewen <jiewen.yao@...>; devel@edk2.groups.io; Kinney,
Michael D <michael.d.kinney@...>
Cc: Wang, Jian J <jian.j.wang@...>; Lu, Xiaoyu1
<xiaoyu1.lu@...>; Jiang, Guomin <guomin.jiang@...>;
Zurcher, Christopher <christopher.zurcher@...>; Rebecca Cran
<quic_rcran@...>; Ard Biesheuvel <ardb@...>; Li, Yi1
<yi1.li@...>
Subject: RE: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCD and
merge perf opt OpensslLibs

Hi Jiewen,

I compared the builds of the CryptoPei, CryptoDxe, CryptoSmm using the
same OpensslLib instance with EC disabled.

I used an IA32 build of the MIN_PEI profile and an X64 build of the
MIN_DXE_MIN_SMM profile for the comparison.

Arch Profile          Driver        Old    Old-LZMA    New    New-LZMA
==== ===============  =========   =======  ========  =======
========
IA32 MIN_PEI          CryptoPei   252,192   102,109  244,160    98,571
X64  MIN_DXE_MIN_SMM  CryptoDxe   812,288   313,340  811,008
312,913
X64  MIN_DXE_MIN_SMM  CryptoSmm   549,088   205,613  548,096
205,079


These results show that this patch series provide a very small reduction
in both the uncompressed and LZMA compressed sizes of these drivers.
This
is the expected result because no functional changes were introduced.

The small decrease is likely due to the removal of the UnitTest overhead
that was included in all CryptoPkg.dsc build before this series.  This
series only links in the UnitTest related libs and hook of the ASSERT()
macros when building unit tests.

Best regards,

Mike

-----Original Message-----
From: Yao, Jiewen <jiewen.yao@...>
Sent: Sunday, October 23, 2022 8:54 PM
To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@...>; Kinney,Michael D <michael.d.kinney@...>
Cc: Wang, Jian J <jian.j.wang@...>; Lu, Xiaoyu1<xiaoyu1.lu@...>; Jiang, Guomin <guomin.jiang@...>;
Zurcher,
Christopher <christopher.zurcher@...>; Rebecca Cran<quic_rcran@...>; Ard Biesheuvel <ardb@...>; Li,
Yi1 <yi1.li@...>
Subject: RE: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCDand merge perf opt OpensslLibs

Sorry: I mean old configuration without ECC.

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
Jiewen
Sent: Monday, October 24, 2022 11:53 AM
To: Kinney, Michael D <michael.d.kinney@...>;
devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@...>; Lu, Xiaoyu1
<xiaoyu1.lu@...>; Jiang, Guomin <guomin.jiang@...>;
Zurcher, Christopher <christopher.zurcher@...>; RebeccaCran
<quic_rcran@...>; Ard Biesheuvel <ardb@...>; Li, Yi1
<yi1.li@...>
Subject: Re: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCDand
merge perf opt OpensslLibs

Thanks Mike
The update looks good to me. Reviewed-by: Jiewen Yao
<Jiewen.yao@...>

Do you have any data of size difference before and after? Please sharewith
us.

I am more interested in the old configuration with ECC.

Thank you
Yao, Jiewen

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@...>
Sent: Friday, October 21, 2022 2:35 AM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@...>; Wang, Jian J
<jian.j.wang@...>; Lu, Xiaoyu1 <xiaoyu1.lu@...>; Jiang,
Guomin <guomin.jiang@...>; Zurcher, Christopher
<christopher.zurcher@...>; Rebecca Cran
<quic_rcran@...>; Ard Biesheuvel <ardb@...>; Li, Yi1
<yi1.li@...>
Subject: [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perfopt
OpensslLibs

The recent addition of the Ecliptic Curve (EC) feature and theperformance
optimization feature increased the complexity for platforms tointegrate
and enable these features.  This series simplifies the platformconfiguration
as much as possible and improves the ability to manage the the sizeimpact
of cryptographic services in each FW phase.  A Readme.md is alsoadded
that
provides an overview of the CryptoPkg design and features along with
platform
integration recommendations.

This series also addresses private library class declarations missingfrom
CryptoPkg.dec and library instances not producing all the APIs defined
by the library classes. A review of the CryptoPkg EDK II meta data files
identified
a number of additional cleanups. The CryptoPkg.dsc file was alsoupdated
to
improve CI coverage for future CryptoPkg changes and identified some
unit test bug fixes.

Change Summary
============
* Document disabled/deprecated cryptographic services
* Add missing UNI files in BaseCryptLib
* Update BaseCryptLib internal functions to be STATIC and removeEFIAPI
* Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global
variables
* Fix BaseCryptLib unit tests
* Cleanup BaseCryptLib and TlsLib INF files and
* Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
* Merge 4 performance optimized INFs into OpensslLib*Accel.inf
* Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.infinstead
* Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private libraryclasses
* Update all OpensslLib instances to always produce all APIs inOpensslLib
class
* Move PrintLib dependency from OpensslLib INF files to BaseCryptLibINF
files
* Update CryptoPkg.dsc files to provide full CI test coverage across allthe
   supported combinations of OpensslLib, BaseCryptLib, and TlsLibinstances.
* Remove PACKAGE profile from CryptoPkg.dsc and add
TARGET_UNIT_TESTS
  profile.  Adding TARGET_UNIT_TESTS profile is required to prevent afew
unit
  test artifacts being included in non unit test builds of components.
* Add CryptoPkg Readme.md with overview and platform integration
details.
* Update host-based unit tests to always use OpensslLibFull.inf andadd
unit
  test coverage for OpensslLibFullAccel.inf.
* Add Readme.md with CryptoPkg overview and platform integration
  documentation

New in V2
=========
* Fix service table in Readme.md
* Fix VS2015x86 RELEASE builds by disabling warning 4718
* Rebase to latest and add missing EC functions in EcSm2Null.c
* Update perl scripts to auto-generate all OpensslLib INF files
* Update OpensslLib INF files to match auto-generated format

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Xiaoyu Lu <xiaoyu1.lu@...>
Cc: Guomin Jiang <guomin.jiang@...>
Cc: Christopher Zurcher <christopher.zurcher@...>
Cc: Rebecca Cran <quic_rcran@...>
Cc: Ard Biesheuvel <ardb@...>
Cc: Yi Li <yi1.li@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>

Michael D Kinney (12):
  CryptoPkg: Document and disable deprecated crypto services
  CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
  CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
  CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
  CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
  CryptoPkg/Library/OpensslLib: Combine all performance optimizedINFs
  CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
  CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
  CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
  CryptoPkg: Update DSC to improve CI test coverage
  CryptoPkg: Fixed host-based unit tests
  CryptoPkg: Add Readme.md

Yi Li (4):
  Revert "CryptoPkg: Update process_files.pl to auto add PCD config
    option"
  CryptoPkg/Library/OpensslLib: Update process_files.pl INFgeneration
  CryptoPkg/Library/OpensslLib: Add generated flag to Accel INF
  CryptoPkg/Library/OpensslLib: update auto-generated files

 CryptoPkg/CryptoPkg.ci.yaml                   |  11 +-
 CryptoPkg/CryptoPkg.dec                       |  42 +-
 CryptoPkg/CryptoPkg.dsc                       | 438 ++++++++---
 .../Pcd/PcdCryptoServiceFamilyEnable.h        | 122 +--
 .../Library/BaseCryptLib/BaseCryptLib.inf     |  10 +-
 .../Library/BaseCryptLib/BaseCryptLib.uni     |   2 -
 .../Library/BaseCryptLib/Hmac/CryptHmac.c     |   7 +
 .../Library/BaseCryptLib/Kdf/CryptHkdf.c      |   5 +-
 .../Library/BaseCryptLib/PeiCryptLib.inf      |   8 +-
 .../Library/BaseCryptLib/PeiCryptLib.uni      |   2 -
 CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c |   4 -
 .../BaseCryptLib/Pk/CryptAuthenticode.c       |   2 +-
 .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c  |   3 +-
 .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c     |   3 +
 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c   |  44 +-
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c |   4 -
 .../Library/BaseCryptLib/RuntimeCryptLib.inf  |   9 +-
 .../Library/BaseCryptLib/RuntimeCryptLib.uni  |   2 -
 .../Library/BaseCryptLib/SecCryptLib.inf      |  13 +-
 .../{SmmCryptLib.uni => SecCryptLib.uni}      |  11 +-
 .../Library/BaseCryptLib/SmmCryptLib.inf      |  12 -
 .../Library/BaseCryptLib/SmmCryptLib.uni      |   2 -
 .../BaseCryptLib/UnitTestHostBaseCryptLib.inf |  22 +-
 .../Library/Include/openssl/opensslconf.h     | 328 +++++++-
 .../Include/openssl/opensslconf_generated.h   | 333 ---------
 CryptoPkg/Library/OpensslLib/EcSm2Null.c      | 383 ++++++++++
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   |  91 +--
 CryptoPkg/Library/OpensslLib/OpensslLib.uni   |  10 +-
 ...OpensslLibIa32.inf => OpensslLibAccel.inf} | 154 ++--
 .../Library/OpensslLib/OpensslLibAccel.uni    |  14 +
 .../OpensslLib/OpensslLibConstructor.c        |   6 +-
 .../Library/OpensslLib/OpensslLibCrypto.inf   |  92 +--
 .../Library/OpensslLib/OpensslLibCrypto.uni   |  11 +-
 ...ensslLibIa32Gcc.inf => OpensslLibFull.inf} | 172 +++--
 .../{OpensslLib.uni => OpensslLibFull.uni}    |  10 +-
 ...lLibX64Gcc.inf => OpensslLibFullAccel.inf} | 212 ++++--
 .../OpensslLib/OpensslLibFullAccel.uni        |  14 +
 .../Library/OpensslLib/OpensslLibX64.inf      | 706 ------------------
 CryptoPkg/Library/OpensslLib/SslNull.c        | 405 ++++++++++
 CryptoPkg/Library/OpensslLib/process_files.pl | 168 +++--
 .../SysCall/inet_pton.c                       |   0
 CryptoPkg/Library/TlsLib/TlsConfig.c          |  12 +-
 CryptoPkg/Library/TlsLib/TlsLib.inf           |  12 +-
 CryptoPkg/Private/Library/IntrinsicLib.h      |  16 +
 CryptoPkg/Private/Library/OpensslLib.h        |  14 +
 CryptoPkg/Readme.md                           | 498 ++++++++++++
 CryptoPkg/Test/CryptoPkgHostUnitTest.dsc      |  17 +-
 .../UnitTest/Library/BaseCryptLib/HmacTests.c |  17 +-
 .../UnitTest/Library/BaseCryptLib/TSTests.c   |   2 +-
 .../TestBaseCryptLibHostAccel.inf             |  56 ++
 50 files changed, 2711 insertions(+), 1820 deletions(-)
 copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
SecCryptLib.uni} (74%)
 delete mode 100644
CryptoPkg/Library/Include/openssl/opensslconf_generated.h
 create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
 rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
OpensslLibAccel.inf} (79%)
 create mode 100644CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
 rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
OpensslLibFull.inf} (79%)
 copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni =>OpensslLibFull.uni}
(56%)
 rename CryptoPkg/Library/OpensslLib/{OpensslLibX64Gcc.inf =>
OpensslLibFullAccel.inf} (78%)
 create mode 100644
CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
 delete mode 100644CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
 create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
 rename CryptoPkg/Library/{BaseCryptLib =>TlsLib}/SysCall/inet_pton.c
(100%)
 create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
 create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
 create mode 100644 CryptoPkg/Readme.md
 create mode 100644
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
nf

--
2.37.1.windows.1