[edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Xiaoyu lu
xiaoyux.lu at intel.com
Fri May 10 08:51:11 UTC 2019
Thank you. Lersek.
This is a big mistake. I haven't test it.
-----Original Message-----
From: devel at edk2.groups.io [mailto:devel at edk2.groups.io] On Behalf Of Laszlo Ersek
Sent: Friday, May 10, 2019 4:58 AM
To: devel at edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu at intel.com>
Cc: Wang, Jian J <jian.j.wang at intel.com>; Ye, Ting <ting.ye at intel.com>
Subject: Re: [edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Hi Xiaoyu,
On 05/09/19 07:23, Xiaoyu lu wrote:
> From: Xiaoyu Lu <xiaoyux.lu at intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089
>
> Update OpenSSL submodule to OpenSSL_1_1_1b
> OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687)
I found another issue, while trying to cross-build this series for AARCH64.
I ran the commands below:
> export GCC5_AARCH64_PREFIX=aarch64-linux-gnu-
> build \
> -a AARCH64 \
> -b NOOPT \
> -p CryptoPkg/CryptoPkg.dsc \
> -t GCC5 \
> --cmd-len=65536 \
> -m CryptoPkg/Library/OpensslLib/OpensslLib.inf
The following cross-compilation command failed:
> "aarch64-linux-gnu-gcc" \
> -g \
> -fshort-wchar \
> -fno-builtin \
> -fno-strict-aliasing \
> -Wall \
> -Werror \
> -Wno-array-bounds \
> -ffunction-sections \
> -fdata-sections \
> -include AutoGen.h \
> -fno-common \
> -DSTRING_ARRAY_NAME=OpensslLibStrings \
> -g \
> -Os \
> -fshort-wchar \
> -fno-builtin \
> -fno-strict-aliasing \
> -Wall \
> -Werror \
> -Wno-array-bounds \
> -include AutoGen.h \
> -fno-common \
> -mlittle-endian \
> -fno-short-enums \
> -fverbose-asm \
> -funsigned-char \
> -ffunction-sections \
> -fdata-sections \
> -Wno-address \
> -fno-asynchronous-unwind-tables \
> -fno-unwind-tables \
> -fno-pic \
> -fno-pie \
> -ffixed-x18 \
> -mcmodel=small \
> -O0 \
> -DL_ENDIAN \
> -DOPENSSL_SMALL_FOOTPRINT \
> -D_CRT_SECURE_NO_DEPRECATE \
> -D_CRT_NONSTDC_NO_DEPRECATE \
> -Wno-error=maybe-uninitialized \
> -Wno-format \
> -Wno-error=unused-but-set-variable \
> -D DISABLE_NEW_DEPRECATED_INTERFACES \
> -c \
> -o $WORKSPACE/Build/CryptoPkg/NOOPT_GCC5/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/OUTPUT/openssl/crypto/rand/rand_unix.obj \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/ssl/statem \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/ssl/record \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/ssl \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/x509 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/ui \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/txt_db \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/stack \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/sm4 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/sm3 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/siphash \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/sha \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rsa \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rc4 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rand \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/pem \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/ocsp \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/objects \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/modes \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/md5 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/md4 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/lhash \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/kdf \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/hmac \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/evp \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/err \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/dso \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/dh \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/des \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/conf \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/comp \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/cmac \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/buffer \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/bn \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/bio \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/async \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/async/arch \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/aria \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/aes \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib \
> -I$WORKSPACE/Build/CryptoPkg/NOOPT_GCC5/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/DEBUG \
> -I$WORKSPACE/MdePkg \
> -I$WORKSPACE/MdePkg/Include \
> -I$WORKSPACE/MdePkg/Include/AArch64 \
> -I$WORKSPACE/CryptoPkg \
> -I$WORKSPACE/CryptoPkg/Include \
> -I$WORKSPACE/CryptoPkg/Library/Include \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/include \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/include \
>
> $WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rand/rand_unix.
> c
The error message was:
> $WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rand/rand_unix.c:22:26:
> fatal error: sys/syscall.h: No such file or directory # include
> <sys/syscall.h>
> ^
> compilation terminated.
The "rand_unix.c" source file contains:
21 #if defined(__linux)
22 # include <sys/syscall.h>
23 #endif
This code originates from OpenSSL commit 148796291e47 ("Add support for
getrandom() or equivalent system calls and use them by default", 2018-04-22).
This is a problem because the aarch64 cross-compiler in Fedora only supports "freestanding" programs (such as the Linux kernel, and edk2); it does not support userspace (hosted) programs. The cross-compiler's description says,
> Cross-build GNU C compiler.
>
> Only building kernels is currently supported. Support for
> cross-building user space programs is not currently provided as that
> would massively multiply the number of packages.
(This is the case as of
gcc-aarch64-linux-gnu-8.2.1-1.fc30.2.aarch64.rpm, from
<https://koji.fedoraproject.org/koji/buildinfo?buildID=1185346>.)
And, <sys/syscall.h> is a header that only userspace programs may include.
Now, I see that we already have the following files in CryptoPkg:
CryptoPkg/Library/Include/sys/types.h
CryptoPkg/Library/Include/sys/time.h
The following patch allows the build to complete:
> diff --git a/CryptoPkg/Library/Include/sys/syscall.h
> b/CryptoPkg/Library/Include/sys/syscall.h
> new file mode 100644
> index 000000000000..bfe1c7ff1473
> --- /dev/null
> +++ b/CryptoPkg/Library/Include/sys/syscall.h
> @@ -0,0 +1,10 @@
> +/** @file
> + Include file to support building the third-party cryptographic library.
> +
> +Copyright (c) 2010 - 2017, Intel Corporation. All rights
> +reserved.<BR> Copyright (c) 2019, Red Hat, Inc.
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <CrtLibSupport.h>
This file is sufficient for the following reason. In "rand_unix.c", at tag OpenSSL_1_1_1b, we have:
80 #if defined(OPENSSL_RAND_SEED_NONE)
81 /* none means none. this simplifies the following logic */
82 # undef OPENSSL_RAND_SEED_OS
83 # undef OPENSSL_RAND_SEED_GETRANDOM
84 # undef OPENSSL_RAND_SEED_LIBRANDOM
85 # undef OPENSSL_RAND_SEED_DEVRANDOM
86 # undef OPENSSL_RAND_SEED_RDTSC
87 # undef OPENSSL_RAND_SEED_RDCPU
88 # undef OPENSSL_RAND_SEED_EGD
89 #endif
Due to your patch v2 1/6, the macro OPENSSL_RAND_SEED_NONE will be defined, as a consequence of "--with-rand-seed=none".
And the following "naked" Linux syscall in "rand_unix.c":
326 /* Linux supports this since version 3.17 */
327 # if defined(__linux) && defined(SYS_getrandom)
328 return syscall(SYS_getrandom, buf, buflen, 0);
is located in the function syscall_random() -- which entirely depends on OPENSSL_RAND_SEED_GETRANDOM.
In other words, due to "--with-rand-seed=none" from patch v2 1/6, the actual contents of "sys/syscall.h" will never be necessary. We just need to provide a placeholder header file.
So please include a patch in the v3 series that adds "CryptoPkg/Library/Include/sys/syscall.h" like suggested above.
Thanks
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#40420): https://edk2.groups.io/g/devel/message/40420
Mute This Topic: https://groups.io/mt/31552212/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list