CryptoPkg: Fix OpenSSL BN wordsize and OPENSSL_SYS_UEFI handling

We were manually setting -DSIXTY_FOUR_BIT_LONG or -DTHIRTY_TWO_BIT on
the compiler command line when building OpensslLib itself, but not when
building BaseCryptLib.

But when building BaseCryptLib, we weren't setting OPENSSL_SYS_UEFI
*either*. This meant that *that* build was picking up the definition
from <openssl/opensslconf.h>, and was thus *different* to the version
the library was built with, in some cases.

So set OPENSSL_SYS_UEFI consistently in OpensslSupport.h and *also*
define either SIXTY_FOUR_BIT or THIRTY_TWO_BIT there too.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18706 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h
index 2c6e23cee3fed473839fc488d39778fb07fcf4ca..64bef42d0595c33f281834d6f9489116cc9c68d1 100644 (file)
--- a/CryptoPkg/Include/OpenSslSupport.h
+++ b/CryptoPkg/Include/OpenSslSupport.h
@@ -23,6 +23,31 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 \r
 #define MAX_STRING_SIZE  0x1000\r
 \r
+//\r
+// OpenSSL relies on explicit configuration for word size in crypto/bn,\r
+// but we want it to be automatically inferred from the target. So we\r
+// bypass what's in <openssl/opensslconf.h> for OPENSSL_SYS_UEFI, and\r
+// define our own here.\r
+//\r
+#ifdef CONFIG_HEADER_BN_H\r
+#error CONFIG_HEADER_BN_H already defined\r
+#endif\r
+\r
+#define CONFIG_HEADER_BN_H\r
+\r
+#if defined(MDE_CPU_X64) || defined(MDE_CPU_AARCH64) || defined(MDE_CPU_IA64)\r
+//\r
+// With GCC we would normally use SIXTY_FOUR_BIT_LONG, but MSVC needs\r
+// SIXTY_FOUR_BIT, because 'long' is 32-bit and only 'long long' is\r
+// 64-bit. Since using 'long long' works fine on GCC too, just do that.\r
+//\r
+#define SIXTY_FOUR_BIT\r
+#elif defined(MDE_CPU_IA32) || defined(MDE_CPU_ARM) || defined(MDE_CPU_EBC)\r
+#define THIRTY_TWO_BIT\r
+#else\r
+#error Unknown target architecture\r
+#endif\r
+\r
 //\r
 // File operations are not required for building Open SSL, \r
 // so FILE is mapped to VOID * to pass build\r

diff --git a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
index 0ce2591bb41d27ed5547393e3affb6c0f6e227b6..92cc96303869c1d3bc7f5af98b05accfad6712bb 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
+++ b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
@@ -30,12 +30,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #define OBJ_length(o) ((o)->length)\r
 #endif\r
 \r
-//\r
-// Environment Setting for OpenSSL-based UEFI Crypto Library.\r
-//\r
-#ifndef OPENSSL_SYSNAME_UWIN\r
-#define OPENSSL_SYSNAME_UWIN\r
-#endif\r
-\r
 #endif\r
 \r

diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h
index 959ad0a0f542dd09717e76e05d789e54dfe6fd5d..24c767ced65a7a2364fcde05fc8d098e9b974f56 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h
@@ -1,7 +1,7 @@
 /** @file  \r
   Internal include file for BaseCryptLibRuntimeCryptProtocol.\r
 \r
-Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
 which accompanies this distribution.  The full text of the license may be found at\r
@@ -19,13 +19,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/DebugLib.h>\r
 #include <Library/BaseCryptLib.h>\r
 \r
-//\r
-// Environment Setting for OpenSSL-based UEFI Crypto Library.\r
-//\r
-#ifndef OPENSSL_SYSNAME_UWIN\r
-#define OPENSSL_SYSNAME_UWIN\r
-#endif\r
-\r
-\r
 #endif\r
 \r

diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
index 497233947d68fb6d7904bdfe2b7ab7e47f3dbe99..fb16e877ecd66c5f682ec602e09386a94770a9bc 100644 (file)
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
@@ -342,16 +342,41 @@ diff U3 crypto/crypto.h crypto/crypto.h
 diff U3 crypto/opensslconf.h crypto/opensslconf.h\r
 --- crypto/opensslconf.h       Thu Jun 11 21:55:38 2015\r
 +++ crypto/opensslconf.h       Fri Jun 12 10:28:27 2015\r
-@@ -159,9 +159,12 @@\r
- /* Should we define BN_DIV2W here? */\r
- \r
- /* Only one for the following should be defined */\r
-+/* Bypass the following definitions for UEFI version. */\r
-+#if !defined(OPENSSL_SYS_UEFI)\r
- #undef SIXTY_FOUR_BIT_LONG\r
- #undef SIXTY_FOUR_BIT\r
- #define THIRTY_TWO_BIT\r
+@@ -5,6 +5,9 @@\r
+ extern "C" {\r
+ #endif\r
+ /* OpenSSL was configured with the following options: */\r
++#ifndef OPENSSL_SYSNAME_UEFI\r
++# define OPENSSL_SYSNAME_UEFI\r
 +#endif\r
+ #ifndef OPENSSL_DOING_MAKEDEPEND\r
+ \r
+ \r
+@@ -152,7 +155,7 @@\r
+ #endif\r
  #endif\r
  \r
- #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)\r
+-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)\r
++#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI)\r
+ #define CONFIG_HEADER_BN_H\r
+ #undef BN_LLONG\r
+ \r
+diff U3 e_os2.h e_os2.h\r
+--- e_os2.h    Thu Jul 09 19:57:16 2015\r
++++ e_os2.h    Thu Oct 29 15:08:19 2015\r
+@@ -97,7 +97,14 @@\r
+  * For 32 bit environment, there seems to be the CygWin environment and then\r
+  * all the others that try to do the same thing Microsoft does...\r
+  */\r
+-# if defined(OPENSSL_SYSNAME_UWIN)\r
++/*\r
++ * UEFI lives here because it might be built with a Microsoft toolchain and\r
++ * we need to avoid the false positive match on Windows.\r
++ */\r
++# if defined(OPENSSL_SYSNAME_UEFI)\r
++#  undef OPENSSL_SYS_UNIX\r
++#  define OPENSSL_SYS_UEFI\r
++# elif defined(OPENSSL_SYSNAME_UWIN)\r
+ #  undef OPENSSL_SYS_UNIX\r
+ #  define OPENSSL_SYS_WIN32_UWIN\r
+ # else\r

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 5e79f4622175166485f47605fd5d11df26926db9..03f6c4f699a046726d0baccfbedb828d402cb7e3 100644 (file)
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -21,14 +21,13 @@
   VERSION_STRING                 = 1.0\r
   LIBRARY_CLASS                  = OpensslLib\r
   DEFINE OPENSSL_PATH            = openssl-1.0.2d\r
-  DEFINE OPENSSL_FLAGS           = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM\r
+  DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM\r
   DEFINE OPENSSL_EXFLAGS         = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP -DOPENSSL_NO_ENGINE\r
 \r
 #\r
 # OPENSSL_FLAGS is set to define the following flags to be compatible with\r
 # EDK II build system and UEFI executiuon environment\r
 #\r
-#   OPENSSL_SYSNAME_UWIN\r
 #   OPENSSL_SYS_UEFI\r
 #   L_ENDIAN\r
 #   _CRT_SECURE_NO_DEPRECATE\r
@@ -892,19 +891,19 @@
   # C4306: conversion from type1 to type2 of greater size\r
   # C4702: Potentially uninitialized local variable name used\r
   #\r
-  MSFT:*_*_IA32_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DTHIRTY_TWO_BIT /wd4244 /wd4701 /wd4702 /wd4706\r
-  MSFT:*_*_X64_CC_FLAGS     = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706\r
-  MSFT:*_*_IPF_CC_FLAGS     = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706\r
+  MSFT:*_*_IA32_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /wd4244 /wd4701 /wd4702 /wd4706\r
+  MSFT:*_*_X64_CC_FLAGS     = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706\r
+  MSFT:*_*_IPF_CC_FLAGS     = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706\r
 \r
-  INTEL:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT\r
-  INTEL:*_*_X64_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT\r
-  INTEL:*_*_IPF_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT\r
+  INTEL:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w\r
+  INTEL:*_*_X64_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w\r
+  INTEL:*_*_IPF_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w\r
 \r
-  GCC:*_*_IA32_CC_FLAGS     = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT\r
-  GCC:*_*_X64_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG -UNO_BUILTIN_VA_FUNCS\r
-  GCC:*_*_IPF_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG\r
-  GCC:*_*_ARM_CC_FLAGS      = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT\r
-  GCC:*_*_AARCH64_CC_FLAGS  = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG\r
+  GCC:*_*_IA32_CC_FLAGS     = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w\r
+  GCC:*_*_X64_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -UNO_BUILTIN_VA_FUNCS\r
+  GCC:*_*_IPF_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w\r
+  GCC:*_*_ARM_CC_FLAGS      = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w\r
+  GCC:*_*_AARCH64_CC_FLAGS  = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w\r
 \r
   # suppress the following warnings in openssl so we don't break the build with warnings-as-errors:\r
   # 1295: Deprecated declaration <entity> - give arg types\r
@@ -918,6 +917,6 @@
   #  513: a value of type <type> cannot be assigned to an entity of type <type>\r
   #  188: enumerated type mixed with another type (i.e. passing an integer as an enum without a cast)\r
   # 1296: Extended constant initialiser used\r
-  RVCT:*_*_ARM_CC_FLAGS     = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188\r
-  XCODE:*_*_IA32_CC_FLAGS   = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT\r
-  XCODE:*_*_X64_CC_FLAGS    = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG\r
+  RVCT:*_*_ARM_CC_FLAGS     = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188\r
+  XCODE:*_*_IA32_CC_FLAGS   = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w\r
+  XCODE:*_*_X64_CC_FLAGS    = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w\r