Thank you. Lersek. This is a big mistake. I haven't test it. -----Original Message----- From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Laszlo Ersek Sent: Friday, May 10, 2019 4:58 AM To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux...@intel.com> Cc: Wang, Jian J <jian.j.w...@intel.com>; Ye, Ting <ting...@intel.com> Subject: Re: [edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Hi Xiaoyu, On 05/09/19 07:23, Xiaoyu lu wrote: > From: Xiaoyu Lu <xiaoyux...@intel.com> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089 > > Update OpenSSL submodule to OpenSSL_1_1_1b > OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687) I found another issue, while trying to cross-build this series for AARCH64. I ran the commands below: > export GCC5_AARCH64_PREFIX=aarch64-linux-gnu- > build \ > -a AARCH64 \ > -b NOOPT \ > -p CryptoPkg/CryptoPkg.dsc \ > -t GCC5 \ > --cmd-len=65536 \ > -m CryptoPkg/Library/OpensslLib/OpensslLib.inf The following cross-compilation command failed: > "aarch64-linux-gnu-gcc" \ > -g \ > -fshort-wchar \ > -fno-builtin \ > -fno-strict-aliasing \ > -Wall \ > -Werror \ > -Wno-array-bounds \ > -ffunction-sections \ > -fdata-sections \ > -include AutoGen.h \ > -fno-common \ > -DSTRING_ARRAY_NAME=OpensslLibStrings \ > -g \ > -Os \ > -fshort-wchar \ > -fno-builtin \ > -fno-strict-aliasing \ > -Wall \ > -Werror \ > -Wno-array-bounds \ > -include AutoGen.h \ > -fno-common \ > -mlittle-endian \ > -fno-short-enums \ > -fverbose-asm \ > -funsigned-char \ > -ffunction-sections \ > -fdata-sections \ > -Wno-address \ > -fno-asynchronous-unwind-tables \ > -fno-unwind-tables \ > -fno-pic \ > -fno-pie \ > -ffixed-x18 \ > -mcmodel=small \ > -O0 \ > -DL_ENDIAN \ > -DOPENSSL_SMALL_FOOTPRINT \ > -D_CRT_SECURE_NO_DEPRECATE \ > -D_CRT_NONSTDC_NO_DEPRECATE \ > -Wno-error=maybe-uninitialized \ > -Wno-format \ > -Wno-error=unused-but-set-variable \ > -D DISABLE_NEW_DEPRECATED_INTERFACES \ > -c \ > -o > $WORKSPACE/Build/CryptoPkg/NOOPT_GCC5/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/OUTPUT/openssl/crypto/rand/rand_unix.obj > \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/ssl/statem \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/ssl/record \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/ssl \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/x509 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/ui \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/txt_db \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/stack \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/sm4 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/sm3 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/siphash \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/sha \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rsa \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rc4 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rand \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/pem \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/ocsp \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/objects \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/modes \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/md5 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/md4 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/lhash \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/kdf \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/hmac \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/evp \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/err \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/dso \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/dh \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/des \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/conf \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/comp \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/cmac \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/buffer \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/bn \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/bio \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/async \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/async/arch \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/aria \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/aes \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib \ > > -I$WORKSPACE/Build/CryptoPkg/NOOPT_GCC5/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/DEBUG > \ > -I$WORKSPACE/MdePkg \ > -I$WORKSPACE/MdePkg/Include \ > -I$WORKSPACE/MdePkg/Include/AArch64 \ > -I$WORKSPACE/CryptoPkg \ > -I$WORKSPACE/CryptoPkg/Include \ > -I$WORKSPACE/CryptoPkg/Library/Include \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/include \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/include \ > > $WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rand/rand_unix. > c The error message was: > $WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rand/rand_unix.c:22:26: > fatal error: sys/syscall.h: No such file or directory # include > <sys/syscall.h> > ^ > compilation terminated. The "rand_unix.c" source file contains: 21 #if defined(__linux) 22 # include <sys/syscall.h> 23 #endif This code originates from OpenSSL commit 148796291e47 ("Add support for getrandom() or equivalent system calls and use them by default", 2018-04-22). This is a problem because the aarch64 cross-compiler in Fedora only supports "freestanding" programs (such as the Linux kernel, and edk2); it does not support userspace (hosted) programs. The cross-compiler's description says, > Cross-build GNU C compiler. > > Only building kernels is currently supported. Support for > cross-building user space programs is not currently provided as that > would massively multiply the number of packages. (This is the case as of gcc-aarch64-linux-gnu-8.2.1-1.fc30.2.aarch64.rpm, from <https://koji.fedoraproject.org/koji/buildinfo?buildID=1185346>.) And, <sys/syscall.h> is a header that only userspace programs may include. Now, I see that we already have the following files in CryptoPkg: CryptoPkg/Library/Include/sys/types.h CryptoPkg/Library/Include/sys/time.h The following patch allows the build to complete: > diff --git a/CryptoPkg/Library/Include/sys/syscall.h > b/CryptoPkg/Library/Include/sys/syscall.h > new file mode 100644 > index 000000000000..bfe1c7ff1473 > --- /dev/null > +++ b/CryptoPkg/Library/Include/sys/syscall.h > @@ -0,0 +1,10 @@ > +/** @file > + Include file to support building the third-party cryptographic library. > + > +Copyright (c) 2010 - 2017, Intel Corporation. All rights > +reserved.<BR> Copyright (c) 2019, Red Hat, Inc. > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include <CrtLibSupport.h> This file is sufficient for the following reason. In "rand_unix.c", at tag OpenSSL_1_1_1b, we have: 80 #if defined(OPENSSL_RAND_SEED_NONE) 81 /* none means none. this simplifies the following logic */ 82 # undef OPENSSL_RAND_SEED_OS 83 # undef OPENSSL_RAND_SEED_GETRANDOM 84 # undef OPENSSL_RAND_SEED_LIBRANDOM 85 # undef OPENSSL_RAND_SEED_DEVRANDOM 86 # undef OPENSSL_RAND_SEED_RDTSC 87 # undef OPENSSL_RAND_SEED_RDCPU 88 # undef OPENSSL_RAND_SEED_EGD 89 #endif Due to your patch v2 1/6, the macro OPENSSL_RAND_SEED_NONE will be defined, as a consequence of "--with-rand-seed=none". And the following "naked" Linux syscall in "rand_unix.c": 326 /* Linux supports this since version 3.17 */ 327 # if defined(__linux) && defined(SYS_getrandom) 328 return syscall(SYS_getrandom, buf, buflen, 0); is located in the function syscall_random() -- which entirely depends on OPENSSL_RAND_SEED_GETRANDOM. In other words, due to "--with-rand-seed=none" from patch v2 1/6, the actual contents of "sys/syscall.h" will never be necessary. We just need to provide a placeholder header file. So please include a patch in the v3 series that adds "CryptoPkg/Library/Include/sys/syscall.h" like suggested above. Thanks Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#40420): https://edk2.groups.io/g/devel/message/40420 Mute This Topic: https://groups.io/mt/31552212/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-