Re: [openssl-dev] [openssl.org #3969] [PATCH] Add OPENSSL_SYS_UEFI

David Woodhouse Fri, 07 Aug 2015 07:41:51 -0700

Updated patch. I had hoped to cope with the setting of SIXTY_FOUR_BIT
vs. THIRTY_TWO_BIT with nasty tricks, but those didn't work.


For the EDKII build we can't configure OpenSSL separately for the
specific architecture and toolchain we're using. People might be
building on Windows and not even have perl available; it looks like
we'll ship a prepackaged opensslconf.h with instructions to "download
the OpenSSL tarball and drop this in place".

So in our own headers on the EDKII side, we define SIXTY_FOUR_BIT or
THIRTY_TWO_BIT as appropriate for the target. And we need opensslconf.h
*not* to set it at all.

I had attempted the horrid trick of *also* setting CONFIG_HEADER_BN_H
in our own headers, to nastily bypass that part of opensslconf.h
entirely. But that doesn't work if opensslconf.h gets included *first*.
Which does actually happen when building with MSVC for some reason,
although not with GCC.

This version also reduces the false matches on Windows caused by using
the MSVC toolchain (which defines _WIN32) to build EDK II. We do still
explicitly undefine _WIN32 on our command line, but it would be useful
to fix remaining instances of _WIN32 to depend on OPENSSL_SYS_WIN32
instead and reduce the need for that. I might do that later, but in the
meantime let's at least not make the problem *worse* with my original
placement of OPENSSL_SYS_UEFI in e_os.h.

Also tidy up the definition of the standard integer types to make it
work cleanly in the MSVC build.

-- 
David Woodhouse                            Open Source Technology Centre
david.woodho...@intel.com                              Intel Corporation

From 51452b8badcfb200a118c65953a9f7219c6d681f Mon Sep 17 00:00:00 2001
From: David Woodhouse <david.woodho...@intel.com>
Date: Mon, 27 Jul 2015 11:05:14 +0100
Subject: [PATCH] RT3969: Add OPENSSL_SYS_UEFI

This provides support for building in the EDK II reference implementation
of UEFI. Most UEFI firmware in existence uses OpenSSL for implementing
the core cryptographic functionality needed for Secure Boot.

This has always previously been handled with external patches to OpenSSL
but we are now making a concerted effort to eliminate those.

In this mode, we don't actually use the OpenSSL makefiles; we process
the MINFO file generated by 'make files' and incorporate it into the
EDK2 build system.

Since EDK II builds for various targets with varying word size and we
need to have a single prepackaged configuration, we deliberately don't
hard-code the setting of SIXTY_FOUR_BIT vs. THIRTY_TWO_BIT in
opensslconf.h. We bypass that for OPENSSL_SYS_UEFI and allow EDK II
itself to set those, depending on the architecture.

For x86_64, EDK II sets SIXTY_FOUR_BIT and thus uses 'long long' for the
64-bit type, even when building with GCC where 'long' is also 64-bit. We
do this because the Microsoft toolchain has 32-bit 'long'.
---
 Configurations/10-main.conf |  7 +++++++
 crypto/opensslconf.h.in     |  2 +-
 crypto/rand/rand_egd.c      |  2 +-
 crypto/rand/rand_unix.c     |  4 ++--
 e_os.h                      |  2 +-
 include/openssl/e_os2.h     | 17 ++++++++++++++++-
 6 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 15af87e..3230d86 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -1207,6 +1207,13 @@
         shared_extension => ".dll.a",
     },
 
+#### UEFI
+    "UEFI" => {
+        cc               => "cc",
+        cflags           => "-DL_ENDIAN -O",
+        sys_id           => "UEFI",
+    },
+
 #### UWIN
     "UWIN" => {
         cc               => "cc",
diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
index 3cabcb4..1ef5d24 100644
--- a/crypto/opensslconf.h.in
+++ b/crypto/opensslconf.h.in
@@ -83,7 +83,7 @@
 #endif
 #endif
 
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYS_UEFI)
 #define CONFIG_HEADER_BN_H
 #undef BN_LLONG
 
diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
index 44ed4bb..d062dd6 100644
--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
@@ -95,7 +95,7 @@
  *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
  */
 
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 {
     return (-1);
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 72f8617..bb70a5b 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -116,7 +116,7 @@
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
 
 # include <sys/types.h>
 # include <sys/time.h>
@@ -419,7 +419,7 @@ int RAND_poll(void)
                                  * defined(OPENSSL_SYS_VXWORKS) ||
                                  * defined(OPENSSL_SYS_NETWARE)) */
 
-#if defined(OPENSSL_SYS_VXWORKS)
+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
 int RAND_poll(void)
 {
     return 0;
diff --git a/e_os.h b/e_os.h
index 4c1b4aa..b3a3338 100644
--- a/e_os.h
+++ b/e_os.h
@@ -112,7 +112,7 @@ extern "C" {
 #  define MSDOS
 # endif
 
-# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
+# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)
 #  define GETPID_IS_MEANINGLESS
 # endif
 
diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h
index 177b098..126b799 100644
--- a/include/openssl/e_os2.h
+++ b/include/openssl/e_os2.h
@@ -90,7 +90,13 @@ extern "C" {
  * For 32 bit environment, there seems to be the CygWin environment and then
  * all the others that try to do the same thing Microsoft does...
  */
-# if defined(OPENSSL_SYS_UWIN)
+/*
+ * UEFI lives here because it might be built with a Microsoft toolchain and
+ * we need to avoid the false positive match on Windows.
+ */
+# if defined(OPENSSL_SYS_UEFI)
+#  undef OPENSSL_SYS_UNIX
+# elif defined(OPENSSL_SYS_UWIN)
 #  undef OPENSSL_SYS_UNIX
 #  define OPENSSL_SYS_WIN32_UWIN
 # else
@@ -277,6 +283,15 @@ extern "C" {
 /* Standard integer types */
 # if defined(__osf__) || defined(__sgi) || defined(__hpux) || defined(OPENSSL_SYS_VMS)
 #  include <inttypes.h>
+# elif defined(OPENSSL_SYS_UEFI)
+typedef INT8 int8_t;
+typedef UINT8 uint8_t;
+typedef INT16 int16_t;
+typedef UINT16 uint16_t;
+typedef INT32 int32_t;
+typedef UINT32 uint32_t;
+typedef INT64 int64_t;
+typedef UINT64 uint64_t;
 # elif defined(_MSC_VER) && _MSC_VER<=1500
 /*
  * minimally required typdefs for systems not supporting inttypes.h or
-- 
2.4.3

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3969] [PATCH] Add OPENSSL_SYS_UEFI

Reply via email to