From: David Woodhouse <david.woodho...@intel.com> We were manually setting -DSIXTY_FOUR_BIT_LONG or -DTHIRTY_TWO_BIT on the compiler command line when building OpensslLib itself, but not when building BaseCryptLib.
But when building BaseCryptLib, we weren't setting OPENSSL_SYS_UEFI *either*. This meant that *that* build was picking up the definition from <openssl/opensslconf.h>, and was thus *different* to the version the library was built with, in some cases. So set OPENSSL_SYS_UEFI consistently in OpensslSupport.h and *also* define either SIXTY_FOUR_BIT or THIRTY_TWO_BIT there too. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <david.woodho...@intel.com> Tested-by: Laszlo Ersek <ler...@redhat.com> --- CryptoPkg/Include/OpenSslSupport.h | 23 ++++++++++ CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h | 7 ---- .../InternalCryptLib.h | 8 ---- .../Library/OpensslLib/EDKII_openssl-1.0.2d.patch | 49 ++++++++++++++++------ CryptoPkg/Library/OpensslLib/OpensslLib.inf | 31 +++++++------- 5 files changed, 74 insertions(+), 44 deletions(-) diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h index b5a8b58..746e4bb 100644 --- a/CryptoPkg/Include/OpenSslSupport.h +++ b/CryptoPkg/Include/OpenSslSupport.h @@ -22,6 +22,29 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Library/DebugLib.h> // +// OpenSSL relies on explicit configuration for word size in crypto/bn, +// but we want it to be automatically inferred from the target. So we +// bypass what's in <openssl/opensslconf.h> for OPENSSL_SYS_UEFI, and +// define our own here. +// +#ifdef CONFIG_HEADER_BN_H +#error CONFIG_HEADER_BN_H already defined +#endif + +#define CONFIG_HEADER_BN_H + +#if defined(MDE_CPU_X64) || defined(MDE_CPU_AARCH64) || defined(MDE_CPU_IA64) +// With GCC we would normally use SIXTY_FOUR_BIT_LONG, but MSVC needs +// SIXTY_FOUR_BIT, because 'long' is 32-bit and only 'long long' is +// 64-bit. Since using 'long long' works fine on GCC too, just do that. +#define SIXTY_FOUR_BIT +#elif defined(MDE_CPU_IA32) || defined(MDE_CPU_ARM) || defined(MDE_CPU_EBC) +#define THIRTY_TWO_BIT +#else +#error Unknown target architecture +#endif + +// // File operations are not required for building Open SSL, // so FILE is mapped to VOID * to pass build // diff --git a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h index b8d84b3..6edd5f6 100644 --- a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h +++ b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h @@ -30,12 +30,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define OBJ_length(o) ((o)->length) #endif -// -// Environment Setting for OpenSSL-based UEFI Crypto Library. -// -#ifndef OPENSSL_SYSNAME_UWIN -#define OPENSSL_SYSNAME_UWIN -#endif - #endif diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h index 959ad0a..4c2ae15 100644 --- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h @@ -19,13 +19,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Library/DebugLib.h> #include <Library/BaseCryptLib.h> -// -// Environment Setting for OpenSSL-based UEFI Crypto Library. -// -#ifndef OPENSSL_SYSNAME_UWIN -#define OPENSSL_SYSNAME_UWIN -#endif - - #endif diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch index 9fb5516..951ea62 100644 --- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch @@ -341,19 +341,42 @@ diff U3 crypto/crypto.h crypto/crypto.h "Low level API call to cipher " #alg " forbidden in FIPS mode!") # else -diff U3 crypto/opensslconf.h crypto/opensslconf.h ---- crypto/opensslconf.h Thu Jun 11 21:55:38 2015 -+++ crypto/opensslconf.h Fri Jun 12 10:28:27 2015 -@@ -159,9 +159,12 @@ - /* Should we define BN_DIV2W here? */ - - /* Only one for the following should be defined */ -+/* Bypass the following definitions for UEFI version. */ -+#if !defined(OPENSSL_SYS_UEFI) - #undef SIXTY_FOUR_BIT_LONG - #undef SIXTY_FOUR_BIT - #define THIRTY_TWO_BIT +--- crypto/opensslconf.h 2015-07-09 13:03:09.000000000 +0100 ++++ crypto/opensslconf.h 2015-08-12 09:26:52.660909861 +0100 +@@ -5,6 +5,9 @@ + extern "C" { + #endif + /* OpenSSL was configured with the following options: */ ++#ifndef OPENSSL_SYSNAME_UEFI ++# define OPENSSL_SYSNAME_UEFI +#endif + #ifndef OPENSSL_DOING_MAKEDEPEND + + +@@ -152,7 +155,7 @@ extern "C" { + #endif #endif - #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) ++#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI) + #define CONFIG_HEADER_BN_H + #undef BN_LLONG + +--- e_os2.h 2015-07-09 12:57:15.000000000 +0100 ++++ e_os2.h 2015-08-12 09:27:56.044693680 +0100 +@@ -97,7 +97,14 @@ extern "C" { + * For 32 bit environment, there seems to be the CygWin environment and then + * all the others that try to do the same thing Microsoft does... + */ +-# if defined(OPENSSL_SYSNAME_UWIN) ++/* ++ * UEFI lives here because it might be built with a Microsoft toolchain and ++ * we need to avoid the false positive match on Windows. ++ */ ++# if defined(OPENSSL_SYSNAME_UEFI) ++# undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_UEFI ++# elif defined(OPENSSL_SYSNAME_UWIN) + # undef OPENSSL_SYS_UNIX + # define OPENSSL_SYS_WIN32_UWIN + # else diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index fb63f92..03f6c4f 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -21,14 +21,13 @@ VERSION_STRING = 1.0 LIBRARY_CLASS = OpensslLib DEFINE OPENSSL_PATH = openssl-1.0.2d - DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM + DEFINE OPENSSL_FLAGS = -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP -DOPENSSL_NO_ENGINE # # OPENSSL_FLAGS is set to define the following flags to be compatible with # EDK II build system and UEFI executiuon environment # -# OPENSSL_SYSNAME_UWIN # OPENSSL_SYS_UEFI # L_ENDIAN # _CRT_SECURE_NO_DEPRECATE @@ -892,19 +891,19 @@ # C4306: conversion from type1 to type2 of greater size # C4702: Potentially uninitialized local variable name used # - MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DTHIRTY_TWO_BIT /wd4244 /wd4701 /wd4702 /wd4706 - MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706 - MSFT:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706 + MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /wd4244 /wd4701 /wd4702 /wd4706 + MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706 + MSFT:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706 - INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT - INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT - INTEL:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT + INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w + INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w + INTEL:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w - GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT - GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG -UNO_BUILTIN_VA_FLAGS - GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG - GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT - GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG + GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -UNO_BUILTIN_VA_FUNCS + GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w + GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w + GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w # suppress the following warnings in openssl so we don't break the build with warnings-as-errors: # 1295: Deprecated declaration <entity> - give arg types @@ -918,6 +917,6 @@ # 513: a value of type <type> cannot be assigned to an entity of type <type> # 188: enumerated type mixed with another type (i.e. passing an integer as an enum without a cast) # 1296: Extended constant initialiser used - RVCT:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188 - XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT - XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG + RVCT:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188 + XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w + XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -- 2.4.3 -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel