From 3b21958bf2a3eca22a0e3af4001df441a317f24a Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Thu, 29 Oct 2015 14:17:15 +0000
Subject: [PATCH] CryptoPkg: Fix OpenSSL BN wordsize and OPENSSL_SYS_UEFI
 handling

We were manually setting -DSIXTY_FOUR_BIT_LONG or -DTHIRTY_TWO_BIT on
the compiler command line when building OpensslLib itself, but not when
building BaseCryptLib.

But when building BaseCryptLib, we weren't setting OPENSSL_SYS_UEFI
*either*. This meant that *that* build was picking up the definition
from <openssl/opensslconf.h>, and was thus *different* to the version
the library was built with, in some cases.

So set OPENSSL_SYS_UEFI consistently in OpensslSupport.h and *also*
define either SIXTY_FOUR_BIT or THIRTY_TWO_BIT there too.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18706 6f19259b-4bc3-4df7-8a09-765794883524
---
 CryptoPkg/Include/OpenSslSupport.h            | 25 +++++++++++
 .../Library/BaseCryptLib/InternalCryptLib.h   |  7 ---
 .../InternalCryptLib.h                        | 10 +----
 .../OpensslLib/EDKII_openssl-1.0.2d.patch     | 45 ++++++++++++++-----
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 31 +++++++------
 5 files changed, 76 insertions(+), 42 deletions(-)

diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h
index 2c6e23cee3..64bef42d05 100644
--- a/CryptoPkg/Include/OpenSslSupport.h
+++ b/CryptoPkg/Include/OpenSslSupport.h
@@ -23,6 +23,31 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 #define MAX_STRING_SIZE  0x1000
 
+//
+// OpenSSL relies on explicit configuration for word size in crypto/bn,
+// but we want it to be automatically inferred from the target. So we
+// bypass what's in <openssl/opensslconf.h> for OPENSSL_SYS_UEFI, and
+// define our own here.
+//
+#ifdef CONFIG_HEADER_BN_H
+#error CONFIG_HEADER_BN_H already defined
+#endif
+
+#define CONFIG_HEADER_BN_H
+
+#if defined(MDE_CPU_X64) || defined(MDE_CPU_AARCH64) || defined(MDE_CPU_IA64)
+//
+// With GCC we would normally use SIXTY_FOUR_BIT_LONG, but MSVC needs
+// SIXTY_FOUR_BIT, because 'long' is 32-bit and only 'long long' is
+// 64-bit. Since using 'long long' works fine on GCC too, just do that.
+//
+#define SIXTY_FOUR_BIT
+#elif defined(MDE_CPU_IA32) || defined(MDE_CPU_ARM) || defined(MDE_CPU_EBC)
+#define THIRTY_TWO_BIT
+#else
+#error Unknown target architecture
+#endif
+
 //
 // File operations are not required for building Open SSL, 
 // so FILE is mapped to VOID * to pass build
diff --git a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
index 0ce2591bb4..92cc963038 100644
--- a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
+++ b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
@@ -30,12 +30,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #define OBJ_length(o) ((o)->length)
 #endif
 
-//
-// Environment Setting for OpenSSL-based UEFI Crypto Library.
-//
-#ifndef OPENSSL_SYSNAME_UWIN
-#define OPENSSL_SYSNAME_UWIN
-#endif
-
 #endif
 
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h
index 959ad0a0f5..24c767ced6 100644
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h
@@ -1,7 +1,7 @@
 /** @file  
   Internal include file for BaseCryptLibRuntimeCryptProtocol.
 
-Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -19,13 +19,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/DebugLib.h>
 #include <Library/BaseCryptLib.h>
 
-//
-// Environment Setting for OpenSSL-based UEFI Crypto Library.
-//
-#ifndef OPENSSL_SYSNAME_UWIN
-#define OPENSSL_SYSNAME_UWIN
-#endif
-
-
 #endif
 
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
index 497233947d..fb16e877ec 100644
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
@@ -342,16 +342,41 @@ diff U3 crypto/crypto.h crypto/crypto.h
 diff U3 crypto/opensslconf.h crypto/opensslconf.h
 --- crypto/opensslconf.h	Thu Jun 11 21:55:38 2015
 +++ crypto/opensslconf.h	Fri Jun 12 10:28:27 2015
-@@ -159,9 +159,12 @@
- /* Should we define BN_DIV2W here? */
- 
- /* Only one for the following should be defined */
-+/* Bypass the following definitions for UEFI version. */
-+#if !defined(OPENSSL_SYS_UEFI)
- #undef SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
- #define THIRTY_TWO_BIT
+@@ -5,6 +5,9 @@
+ extern "C" {
+ #endif
+ /* OpenSSL was configured with the following options: */
++#ifndef OPENSSL_SYSNAME_UEFI
++# define OPENSSL_SYSNAME_UEFI
 +#endif
+ #ifndef OPENSSL_DOING_MAKEDEPEND
+ 
+ 
+@@ -152,7 +155,7 @@
+ #endif
  #endif
  
- #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
++#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI)
+ #define CONFIG_HEADER_BN_H
+ #undef BN_LLONG
+ 
+diff U3 e_os2.h e_os2.h
+--- e_os2.h	Thu Jul 09 19:57:16 2015
++++ e_os2.h	Thu Oct 29 15:08:19 2015
+@@ -97,7 +97,14 @@
+  * For 32 bit environment, there seems to be the CygWin environment and then
+  * all the others that try to do the same thing Microsoft does...
+  */
+-# if defined(OPENSSL_SYSNAME_UWIN)
++/*
++ * UEFI lives here because it might be built with a Microsoft toolchain and
++ * we need to avoid the false positive match on Windows.
++ */
++# if defined(OPENSSL_SYSNAME_UEFI)
++#  undef OPENSSL_SYS_UNIX
++#  define OPENSSL_SYS_UEFI
++# elif defined(OPENSSL_SYSNAME_UWIN)
+ #  undef OPENSSL_SYS_UNIX
+ #  define OPENSSL_SYS_WIN32_UWIN
+ # else
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 5e79f46221..03f6c4f699 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -21,14 +21,13 @@
   VERSION_STRING                 = 1.0
   LIBRARY_CLASS                  = OpensslLib
   DEFINE OPENSSL_PATH            = openssl-1.0.2d
-  DEFINE OPENSSL_FLAGS           = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
+  DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
   DEFINE OPENSSL_EXFLAGS         = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP -DOPENSSL_NO_ENGINE
 
 #
 # OPENSSL_FLAGS is set to define the following flags to be compatible with
 # EDK II build system and UEFI executiuon environment
 #
-#   OPENSSL_SYSNAME_UWIN
 #   OPENSSL_SYS_UEFI
 #   L_ENDIAN
 #   _CRT_SECURE_NO_DEPRECATE
@@ -892,19 +891,19 @@
   # C4306: conversion from type1 to type2 of greater size
   # C4702: Potentially uninitialized local variable name used
   #
-  MSFT:*_*_IA32_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DTHIRTY_TWO_BIT /wd4244 /wd4701 /wd4702 /wd4706
-  MSFT:*_*_X64_CC_FLAGS     = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706
-  MSFT:*_*_IPF_CC_FLAGS     = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706
+  MSFT:*_*_IA32_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /wd4244 /wd4701 /wd4702 /wd4706
+  MSFT:*_*_X64_CC_FLAGS     = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706
+  MSFT:*_*_IPF_CC_FLAGS     = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706
 
-  INTEL:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
-  INTEL:*_*_X64_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
-  INTEL:*_*_IPF_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+  INTEL:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w
+  INTEL:*_*_X64_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w
+  INTEL:*_*_IPF_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w
 
-  GCC:*_*_IA32_CC_FLAGS     = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
-  GCC:*_*_X64_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG -UNO_BUILTIN_VA_FUNCS
-  GCC:*_*_IPF_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
-  GCC:*_*_ARM_CC_FLAGS      = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
-  GCC:*_*_AARCH64_CC_FLAGS  = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+  GCC:*_*_IA32_CC_FLAGS     = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w
+  GCC:*_*_X64_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -UNO_BUILTIN_VA_FUNCS
+  GCC:*_*_IPF_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w
+  GCC:*_*_ARM_CC_FLAGS      = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w
+  GCC:*_*_AARCH64_CC_FLAGS  = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w
 
   # suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
   # 1295: Deprecated declaration <entity> - give arg types
@@ -918,6 +917,6 @@
   #  513: a value of type <type> cannot be assigned to an entity of type <type>
   #  188: enumerated type mixed with another type (i.e. passing an integer as an enum without a cast)
   # 1296: Extended constant initialiser used
-  RVCT:*_*_ARM_CC_FLAGS     = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188
-  XCODE:*_*_IA32_CC_FLAGS   = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
-  XCODE:*_*_X64_CC_FLAGS    = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+  RVCT:*_*_ARM_CC_FLAGS     = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188
+  XCODE:*_*_IA32_CC_FLAGS   = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w
+  XCODE:*_*_X64_CC_FLAGS    = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w
-- 
2.39.2