Thank you Mike. 1) I like the idea to combine multiple OpensslLibIA32/X64.inf into one OpensslLibAccel.inf. Also the cleanup looks good to me.
2) I also like the summary in readme in https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_MergeOptimizedOpensslLibs/CryptoPkg I notice some algorithms are listed Y(Deprecated) but N(Don't Use), such as Tdes, Arc4, Aes.Ecb*. But I don't see the use case for those algorithms and I suggest a Y(Deprecated) have Y(Don't Use). 3) About PcdOpensslEcEnabled I notice it is used in existing code - https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_MergeOptimizedOpensslLibs/CryptoPkg/Library/TlsLib/TlsConfig.c#L1139 Is this right way? Thank you Yao, Jiewen > -----Original Message----- > From: Kinney, Michael D <michael.d.kin...@intel.com> > Sent: Tuesday, October 11, 2022 11:04 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen <jiewen....@intel.com>; Wang, Jian J > <jian.j.w...@intel.com>; Lu, Xiaoyu1 <xiaoyu1...@intel.com>; Jiang, > Guomin <guomin.ji...@intel.com>; Zurcher, Christopher > <christopher.zurc...@microsoft.com>; Rebecca Cran > <quic_rc...@quicinc.com>; Ard Biesheuvel <a...@kernel.org> > Subject: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt > OpensslLibs > > The recent addition of the Ecliptic Curve (EC) feature and the performance > optimization features increased the complexity for platforms to integrate > and enable these features. This series simplifies the platform configuration > as much as possible and improves the ability to manage the the size impact > of cryptographic services in each FW phase. A Readme.md is also added > that > provides an overview of the CryptoPkg design and features along with > platform > integration recommendations. > > This series also addresses private library class declarations missing from > CryptoPkg.dec and library instances not producing all the APIs defined > by the library classes. A review of the CryptoPkg EDK II meta data files > identified > a number of additional cleanups. The CryptoPkg.dsc file was also updated to > improve CI coverage for future CryptoPkg changes and identified some > unit test bug fixes. > > PR: https://github.com/tianocore/edk2/pull/3443 > Branch: > https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge > OptimizedOpensslLibs > Readme: > https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge > OptimizedOpensslLibs/CryptoPkg/Readme.md > > Change Summary > ============== > * Document disabled/deprecated cryptographic services > * Add missing UNI files in BaseCryptLib > * Update BaseCryptLib internal functions to be STATIC and remove EFIAPI > * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global > variables > * Fix BaseCryptLib unit tests > * Cleanup BaseCryptLib and TlsLib INF files and > * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it. > * Merge 4 performance optimized INFs into OpensslLib*Accel.inf > * Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf instead > * Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private library classes > * Update all OpensslLib instances to always produce all APIs in OpensslLib > class > * Move PrintLib dependency from OpensslLib INF files to BaseCryptLib INF > files > * Update CryptoPkg.dsc files to provide full CI test coverage across all the > supported combinations of OpensslLib, BaseCryptLib, and TlsLib instances. > * Remove PACKAGE profile from CryptoPkg.dsc and add > TARGET_UNIT_TESTS > profile. Adding TARGET_UNIT_TESTS profile is required to prevent a few > unit > test artifacts being included in non unit test builds of components. > * Add CryptoPkg Readme.md with overview and platform integration > details. > * Update host-based unit tests to always use OpensslLibFull.inf and add > unit > test coverage for OpensslLibFullAccel.inf. > * Add Readme.md with CryptoPkg overview and platform integration > documentation > > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Xiaoyu Lu <xiaoyu1...@intel.com> > Cc: Guomin Jiang <guomin.ji...@intel.com> > Cc: Christopher Zurcher <christopher.zurc...@microsoft.com> > Cc: Rebecca Cran <quic_rc...@quicinc.com> > Cc: Ard Biesheuvel <a...@kernel.org> > Signed-off-by: Michael D Kinney <michael.d.kin...@intel.com> > > Michael D Kinney (12): > CryptoPkg: Document and disable deprecated crypto services > CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format > CryptoPkg/Library/BaseCryptLib: Update internal functions/variables > CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes > CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib > CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs > CryptoPkg/Library/OpensslLib: Produce consistent set of APIs > CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files > CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec > CryptoPkg: Update DSC to improve CI test coverage > CryptoPkg: Fixed host-based unit tests > CryptoPkg: Add Readme.md > > CryptoPkg/CryptoPkg.ci.yaml | 11 +- > CryptoPkg/CryptoPkg.dec | 42 +- > CryptoPkg/CryptoPkg.dsc | 460 +++++++++--- > .../Pcd/PcdCryptoServiceFamilyEnable.h | 122 +-- > .../Library/BaseCryptLib/BaseCryptLib.inf | 10 +- > .../Library/BaseCryptLib/BaseCryptLib.uni | 2 - > .../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 + > .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 +- > .../Library/BaseCryptLib/PeiCryptLib.inf | 8 +- > .../Library/BaseCryptLib/PeiCryptLib.uni | 2 - > .../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +- > .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +- > .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 + > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +- > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 9 +- > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 2 - > .../Library/BaseCryptLib/SecCryptLib.inf | 13 +- > .../{SmmCryptLib.uni => SecCryptLib.uni} | 11 +- > .../Library/BaseCryptLib/SmmCryptLib.inf | 12 - > .../Library/BaseCryptLib/SmmCryptLib.uni | 2 - > .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 +- > .../Library/Include/openssl/opensslconf.h | 328 +++++++- > .../Include/openssl/opensslconf_generated.h | 333 --------- > CryptoPkg/Library/OpensslLib/EcSm2Null.c | 291 ++++++++ > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 133 ++-- > CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +- > ...nsslLibIa32Gcc.inf => OpensslLibAccel.inf} | 189 +++-- > .../Library/OpensslLib/OpensslLibAccel.uni | 14 + > .../OpensslLib/OpensslLibConstructor.c | 6 +- > .../Library/OpensslLib/OpensslLibCrypto.inf | 185 +++-- > .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +- > .../{OpensslLib.inf => OpensslLibFull.inf} | 143 ++-- > .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +- > ...sslLibIa32.inf => OpensslLibFullAccel.inf} | 192 +++-- > .../OpensslLib/OpensslLibFullAccel.uni | 14 + > .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------ > .../Library/OpensslLib/OpensslLibX64Gcc.inf | 706 ------------------ > CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++ > .../SysCall/inet_pton.c | 0 > CryptoPkg/Library/TlsLib/TlsConfig.c | 2 +- > CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +- > CryptoPkg/Private/Library/IntrinsicLib.h | 16 + > CryptoPkg/Private/Library/OpensslLib.h | 14 + > CryptoPkg/Readme.md | 498 ++++++++++++ > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 +- > .../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 +- > .../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +- > .../TestBaseCryptLibHostAccel.inf | 55 ++ > 48 files changed, 2667 insertions(+), 2434 deletions(-) > copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni => > SecCryptLib.uni} (74%) > delete mode 100644 > CryptoPkg/Library/Include/openssl/opensslconf_generated.h > create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf => > OpensslLibAccel.inf} (79%) > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni > copy CryptoPkg/Library/OpensslLib/{OpensslLib.inf => OpensslLibFull.inf} > (80%) > copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni} > (56%) > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf => > OpensslLibFullAccel.inf} (79%) > create mode 100644 > CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni > delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf > delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf > create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c > rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c > (100%) > create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h > create mode 100644 CryptoPkg/Private/Library/OpensslLib.h > create mode 100644 CryptoPkg/Readme.md > create mode 100644 > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i > nf > > -- > 2.37.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95025): https://edk2.groups.io/g/devel/message/95025 Mute This Topic: https://groups.io/mt/94260718/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
