From 499b0d5fa57dafe47b260aaf0cea6c6b0286e656 Mon Sep 17 00:00:00 2001 From: Yi Li Date: Tue, 10 May 2022 15:19:05 +0800 Subject: [PATCH] CryptoPkg: Update process_files.pl to automatically add PCD config option Recommend from Gerd: (2) Keep the EC config option, but update process_files.pl to automatically add the PcdEcEnabled config option handling to the files it generates. When remove 'no-ec' from openssl configure list, will automatically remove 'OPENSSL_NO_EC', 'OPENSSL_NO_ECDH', 'OPENSSL_NO_ECDSA', 'OPENSSL_NO_TLS1_3', form header, and add '/ec/.', '/sm2/.' files to INF files. Signed-off-by: Yi Li Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Gerd Hoffmann Reviewed-by: Jiewen Yao --- CryptoPkg/Library/OpensslLib/process_files.pl | 77 ++++++++++++++++++- 1 file changed, 74 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl index 2ebfbbbca0..545f218284 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -81,6 +81,19 @@ my $uefi_config; my $extension; my $arch; my @inf; +# +# Use PCD to conditionally enable certain openssl features. +# $conditional_feature contains pcd_name:fetures_names pairs +# of conditional features. +# @conditional_feature_dir contains relative_path:pcd_name pairs +# of conditional features in openssl, MUST correspond to the content +# in $conditional_feature. +# +# Configure list [openssl_configuration : new_define_list : new_file_list : pcd] +# 1. no-ec : {NO_EC, NO_ECDH, NO_ECDSA, NO_TLS1_3, NO_SM2} : {/ec/, /sm2/} : PcdOpensslEcEnabled +# +my %conditional_feature = ("PcdOpensslEcEnabled"=>["EC", "ECDH", "ECDSA", "TLS1_3", "SM2"]); +my %conditional_feature_dir = ("/ec/"=>"PcdOpensslEcEnabled", "/sm2/"=>"PcdOpensslEcEnabled"); BEGIN { $inf_file = "OpensslLib.inf"; @@ -282,7 +295,13 @@ foreach my $product ((@{$unified_info{libraries}}, push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n"; next; } - push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n"; + push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s; + foreach (keys(%conditional_feature_dir)) { + if ($s =~ $_) { + push @cryptofilelist, ' |*|*|*|gEfiCryptoPkgTokenSpaceGuid.' . $conditional_feature_dir{$_}; + } + } + push @cryptofilelist, "\r\n"; } } } @@ -311,7 +330,13 @@ foreach (@headers){ push @sslfilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n"; next; } - push @cryptofilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n"; + push @cryptofilelist, ' $(OPENSSL_PATH)/' . $_; + foreach my $conditional_key (keys(%conditional_feature_dir)) { + if ($_ =~ $conditional_key) { + push @cryptofilelist, ' |*|*|*|gEfiCryptoPkgTokenSpaceGuid.' . $conditional_feature_dir{$conditional_key}; + } + } + push @cryptofilelist, "\r\n"; } @@ -416,7 +441,7 @@ print "\n--> Duplicating opensslconf.h into Include/openssl ... "; system( "perl -pe 's/\\n/\\r\\n/' " . "< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " . - "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h" + "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf_generated.h" ) == 0 || die "Cannot copy opensslconf.h!"; print "Done!"; @@ -428,6 +453,52 @@ system( "> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h" ) == 0 || die "Cannot copy dso_conf.h!"; +print "Done!"; + +# +# Add conditional feature to opensslconf.h +# +my $conf_file = "../Include/openssl/opensslconf.h"; +my @conf_raw = (); +my @conditional_define = (); +print "\n--> Updating conditional feature in $conf_file ... "; + +foreach my $pcd_name (keys(%conditional_feature)) { + push @conditional_define, "#if !FixedPcdGetBool ($pcd_name)\r\n"; + foreach (@{$conditional_feature{$pcd_name}}) { + push @conditional_define, "# ifndef OPENSSL_NO_$_\r\n"; + push @conditional_define, "# define OPENSSL_NO_$_\r\n"; + push @conditional_define, "# endif\r\n"; + } + push @conditional_define, "#endif\r\n"; +} + +open( FD, "<" . $conf_file ) || + die $conf_file; +foreach () { + # Insert conditional define to the begin of opensslconf.h + if ($_ =~ "Autogenerated conditional openssl feature list starts here") { + push @conf_raw, $_, @conditional_define; + $subbing = 1; + next; + } + if ($_ =~ "Autogenerated conditional openssl feature list ends here") { + push @conf_raw, $_; + $subbing = 0; + next; + } + push @conf_raw, $_ + unless ($subbing); +} +close(FD) || + die $conf_file; + +open( FD, ">" . $conf_file ) || + die $conf_file; +print( FD @conf_raw ) || + die $conf_file; +close(FD) || + die $conf_file; print "Done!\n"; print "\nProcessing Files Done!\n";