From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: xiaoyux.lu@intel.com)
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 by groups.io with SMTP; Wed, 19 Jun 2019 00:25:12 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Jun 2019 00:25:11 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.63,392,1557212400"; 
   d="scan'208";a="186368440"
Received: from xiaoyu-dev.sh.intel.com ([10.239.47.11])
  by fmsmga002.fm.intel.com with ESMTP; 19 Jun 2019 00:25:10 -0700
From: "Xiaoyu Lu" <xiaoyux.lu@intel.com>
To: devel@edk2.groups.io,
	Rebecca Cran <rebecca@bluestop.org>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>
Subject: [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL
Date: Wed, 19 Jun 2019 03:22:42 -0400
Message-Id: <1560928962-2028-1-git-send-email-xiaoyux.lu@intel.com>
X-Mailer: git-send-email 2.7.4

This problem was found by Rebecca Cran <rebecca@bluestop.org>.
REF: https://edk2.groups.io/g/devel/topic/32100684

OpenSSL will automatically load a system config file which configures
default ssl options. In UEFI, It will cause TlsInitialize failed
without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature,
So disable it.

Re-run process_files.py to generate OpensslLib[Crypto].inf files.

Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
---
 CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++
 CryptoPkg/Library/OpensslLib/process_files.pl   | 1 +
 2 files changed, 4 insertions(+)

diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 07fa2d3ce280..2b4d538e92d2 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -115,6 +115,9 @@ extern "C" {
 #ifndef OPENSSL_NO_AUTOERRINIT
 # define OPENSSL_NO_AUTOERRINIT
 #endif
+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
+# define OPENSSL_NO_AUTOLOAD_CONFIG
+#endif
 #ifndef OPENSSL_NO_CAPIENG
 # define OPENSSL_NO_CAPIENG
 #endif
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index 2783ff54f95a..3e8669e30fd7 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -53,6 +53,7 @@ BEGIN {
                 "no-async",
                 "no-autoalginit",
                 "no-autoerrinit",
+                "no-autoload-config",
                 "no-bf",
                 "no-blake2",
                 "no-camellia",
-- 
2.7.4