From: David Woodhouse <david.woodho...@intel.com>

We were manually setting -DSIXTY_FOUR_BIT_LONG or -DTHIRTY_TWO_BIT on
the compiler command line when building OpensslLib itself, but not when
building BaseCryptLib.

But when building BaseCryptLib, we weren't setting OPENSSL_SYS_UEFI
*either*. This meant that *that* build was picking up the definition
from <openssl/opensslconf.h>, and was thus *different* to the version
the library was built with, in some cases.

So set OPENSSL_SYS_UEFI consistently in OpensslSupport.h and *also*
define either SIXTY_FOUR_BIT or THIRTY_TWO_BIT there too.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <david.woodho...@intel.com>
Tested-by: Laszlo Ersek <ler...@redhat.com>
---
 CryptoPkg/Include/OpenSslSupport.h                 | 23 ++++++++++
 CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h  |  7 ----
 .../InternalCryptLib.h                             |  8 ----
 .../Library/OpensslLib/EDKII_openssl-1.0.2d.patch  | 49 ++++++++++++++++------
 CryptoPkg/Library/OpensslLib/OpensslLib.inf        | 31 +++++++-------
 5 files changed, 74 insertions(+), 44 deletions(-)

diff --git a/CryptoPkg/Include/OpenSslSupport.h 
b/CryptoPkg/Include/OpenSslSupport.h
index b5a8b58..746e4bb 100644
--- a/CryptoPkg/Include/OpenSslSupport.h
+++ b/CryptoPkg/Include/OpenSslSupport.h
@@ -22,6 +22,29 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
EXPRESS OR IMPLIED.
 #include <Library/DebugLib.h>
 
 //
+// OpenSSL relies on explicit configuration for word size in crypto/bn,
+// but we want it to be automatically inferred from the target. So we
+// bypass what's in <openssl/opensslconf.h> for OPENSSL_SYS_UEFI, and
+// define our own here.
+//
+#ifdef CONFIG_HEADER_BN_H
+#error CONFIG_HEADER_BN_H already defined
+#endif
+
+#define CONFIG_HEADER_BN_H
+
+#if defined(MDE_CPU_X64) || defined(MDE_CPU_AARCH64) || defined(MDE_CPU_IA64)
+// With GCC we would normally use SIXTY_FOUR_BIT_LONG, but MSVC needs
+// SIXTY_FOUR_BIT, because 'long' is 32-bit and only 'long long' is
+// 64-bit. Since using 'long long' works fine on GCC too, just do that.
+#define SIXTY_FOUR_BIT
+#elif defined(MDE_CPU_IA32) || defined(MDE_CPU_ARM) || defined(MDE_CPU_EBC)
+#define THIRTY_TWO_BIT
+#else
+#error Unknown target architecture
+#endif
+
+//
 // File operations are not required for building Open SSL, 
 // so FILE is mapped to VOID * to pass build
 //
diff --git a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h 
b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
index b8d84b3..6edd5f6 100644
--- a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
+++ b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
@@ -30,12 +30,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
EXPRESS OR IMPLIED.
 #define OBJ_length(o) ((o)->length)
 #endif
 
-//
-// Environment Setting for OpenSSL-based UEFI Crypto Library.
-//
-#ifndef OPENSSL_SYSNAME_UWIN
-#define OPENSSL_SYSNAME_UWIN
-#endif
-
 #endif
 
diff --git 
a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h 
b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h
index 959ad0a..4c2ae15 100644
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h
@@ -19,13 +19,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
EXPRESS OR IMPLIED.
 #include <Library/DebugLib.h>
 #include <Library/BaseCryptLib.h>
 
-//
-// Environment Setting for OpenSSL-based UEFI Crypto Library.
-//
-#ifndef OPENSSL_SYSNAME_UWIN
-#define OPENSSL_SYSNAME_UWIN
-#endif
-
-
 #endif
 
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch 
b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
index 9fb5516..951ea62 100644
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
@@ -341,19 +341,42 @@ diff U3 crypto/crypto.h crypto/crypto.h
                  "Low level API call to cipher " #alg " forbidden in FIPS 
mode!")
  
  # else
-diff U3 crypto/opensslconf.h crypto/opensslconf.h
---- crypto/opensslconf.h       Thu Jun 11 21:55:38 2015
-+++ crypto/opensslconf.h       Fri Jun 12 10:28:27 2015
-@@ -159,9 +159,12 @@
- /* Should we define BN_DIV2W here? */
- 
- /* Only one for the following should be defined */
-+/* Bypass the following definitions for UEFI version. */
-+#if !defined(OPENSSL_SYS_UEFI)
- #undef SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
- #define THIRTY_TWO_BIT
+--- crypto/opensslconf.h       2015-07-09 13:03:09.000000000 +0100
++++ crypto/opensslconf.h       2015-08-12 09:26:52.660909861 +0100
+@@ -5,6 +5,9 @@
+ extern "C" {
+ #endif
+ /* OpenSSL was configured with the following options: */
++#ifndef OPENSSL_SYSNAME_UEFI
++# define OPENSSL_SYSNAME_UEFI
 +#endif
+ #ifndef OPENSSL_DOING_MAKEDEPEND
+ 
+ 
+@@ -152,7 +155,7 @@ extern "C" {
+ #endif
  #endif
  
- #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
++#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && 
!defined(OPENSSL_SYSNAME_UEFI)
+ #define CONFIG_HEADER_BN_H
+ #undef BN_LLONG
+ 
+--- e_os2.h    2015-07-09 12:57:15.000000000 +0100
++++ e_os2.h    2015-08-12 09:27:56.044693680 +0100
+@@ -97,7 +97,14 @@ extern "C" {
+  * For 32 bit environment, there seems to be the CygWin environment and then
+  * all the others that try to do the same thing Microsoft does...
+  */
+-# if defined(OPENSSL_SYSNAME_UWIN)
++/*
++ * UEFI lives here because it might be built with a Microsoft toolchain and
++ * we need to avoid the false positive match on Windows.
++ */
++# if defined(OPENSSL_SYSNAME_UEFI)
++#  undef OPENSSL_SYS_UNIX
++#  define OPENSSL_SYS_UEFI
++# elif defined(OPENSSL_SYSNAME_UWIN)
+ #  undef OPENSSL_SYS_UNIX
+ #  define OPENSSL_SYS_WIN32_UWIN
+ # else
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index fb63f92..03f6c4f 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -21,14 +21,13 @@
   VERSION_STRING                 = 1.0
   LIBRARY_CLASS                  = OpensslLib
   DEFINE OPENSSL_PATH            = openssl-1.0.2d
-  DEFINE OPENSSL_FLAGS           = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI 
-DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE 
-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 
-DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG 
-DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE 
-DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO 
-DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
+  DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE 
-D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED 
-DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS 
-DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 
-DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO 
-DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
   DEFINE OPENSSL_EXFLAGS         = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 
-DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING 
-DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA 
-DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA 
-DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP 
-DOPENSSL_NO_ENGINE
 
 #
 # OPENSSL_FLAGS is set to define the following flags to be compatible with
 # EDK II build system and UEFI executiuon environment
 #
-#   OPENSSL_SYSNAME_UWIN
 #   OPENSSL_SYS_UEFI
 #   L_ENDIAN
 #   _CRT_SECURE_NO_DEPRECATE
@@ -892,19 +891,19 @@
   # C4306: conversion from type1 to type2 of greater size
   # C4702: Potentially uninitialized local variable name used
   #
-  MSFT:*_*_IA32_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) -DTHIRTY_TWO_BIT /wd4244 /wd4701 /wd4702 /wd4706
-  MSFT:*_*_X64_CC_FLAGS     = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 
/wd4305 /wd4306 /wd4702 /wd4706
-  MSFT:*_*_IPF_CC_FLAGS     = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 
/wd4305 /wd4306 /wd4702 /wd4706
+  MSFT:*_*_IA32_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) /wd4244 /wd4701 /wd4702 /wd4706
+  MSFT:*_*_X64_CC_FLAGS     = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 
/wd4702 /wd4706
+  MSFT:*_*_IPF_CC_FLAGS     = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 
/wd4702 /wd4706
 
-  INTEL:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC 
$(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
-  INTEL:*_*_X64_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC 
$(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
-  INTEL:*_*_IPF_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC 
$(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+  INTEL:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC 
$(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w
+  INTEL:*_*_X64_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC 
$(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w
+  INTEL:*_*_IPF_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC 
$(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w
 
-  GCC:*_*_IA32_CC_FLAGS     = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
-  GCC:*_*_X64_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG -UNO_BUILTIN_VA_FLAGS
-  GCC:*_*_IPF_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
-  GCC:*_*_ARM_CC_FLAGS      = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w 
-DTHIRTY_TWO_BIT
-  GCC:*_*_AARCH64_CC_FLAGS  = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w 
-DSIXTY_FOUR_BIT_LONG
+  GCC:*_*_IA32_CC_FLAGS     = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) -w
+  GCC:*_*_X64_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) -w -UNO_BUILTIN_VA_FUNCS
+  GCC:*_*_IPF_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) -w
+  GCC:*_*_ARM_CC_FLAGS      = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w
+  GCC:*_*_AARCH64_CC_FLAGS  = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w
 
   # suppress the following warnings in openssl so we don't break the build 
with warnings-as-errors:
   # 1295: Deprecated declaration <entity> - give arg types
@@ -918,6 +917,6 @@
   #  513: a value of type <type> cannot be assigned to an entity of type <type>
   #  188: enumerated type mixed with another type (i.e. passing an integer as 
an enum without a cast)
   # 1296: Extended constant initialiser used
-  RVCT:*_*_ARM_CC_FLAGS     = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) 
--library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT 
--diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188
-  XCODE:*_*_IA32_CC_FLAGS   = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
-  XCODE:*_*_X64_CC_FLAGS    = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+  RVCT:*_*_ARM_CC_FLAGS     = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) 
--library_interface=aeabi_clib99 --fpu=vfpv3 
--diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188
+  XCODE:*_*_IA32_CC_FLAGS   = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) -w
+  XCODE:*_*_X64_CC_FLAGS    = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) 
$(OPENSSL_EXFLAGS) -w
-- 
2.4.3

-- 
David Woodhouse                            Open Source Technology Centre
david.woodho...@intel.com                              Intel Corporation

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to