From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: xiaoyux.lu@intel.com)
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
 by groups.io with SMTP; Wed, 19 Jun 2019 22:57:42 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Jun 2019 22:57:41 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.63,395,1557212400"; 
   d="scan'208";a="358842697"
Received: from xiaoyu-dev.sh.intel.com ([10.239.47.11])
  by fmsmga006.fm.intel.com with ESMTP; 19 Jun 2019 22:57:40 -0700
From: "Xiaoyu Lu" <xiaoyux.lu@intel.com>
To: devel@edk2.groups.io,
	Laszlo Ersek <lersek@redhat.com>,
	Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Subject: [PATCH v2 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL
Date: Thu, 20 Jun 2019 01:55:13 -0400
Message-Id: <1561010113-19564-1-git-send-email-xiaoyux.lu@intel.com>
X-Mailer: git-send-email 2.7.4

Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1926

This problem was found by Rebecca Cran <rebecca@bluestop.org>.
REF: https://edk2.groups.io/g/devel/topic/32100684

OpenSSL will automatically load a system config file which configures
default ssl options. In UEFI, It will cause TlsInitialize failed
without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature,
So disable it.

Re-run process_files.py to generate OpensslLib[Crypto].inf files.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Rebecca Cran <rebecca@bluestop.org>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
---
 CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++
 CryptoPkg/Library/OpensslLib/process_files.pl   | 1 +
 2 files changed, 4 insertions(+)

diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 07fa2d3ce280..2b4d538e92d2 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -115,6 +115,9 @@ extern "C" {
 #ifndef OPENSSL_NO_AUTOERRINIT
 # define OPENSSL_NO_AUTOERRINIT
 #endif
+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
+# define OPENSSL_NO_AUTOLOAD_CONFIG
+#endif
 #ifndef OPENSSL_NO_CAPIENG
 # define OPENSSL_NO_CAPIENG
 #endif
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index 2783ff54f95a..3e8669e30fd7 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -53,6 +53,7 @@ BEGIN {
                 "no-async",
                 "no-autoalginit",
                 "no-autoerrinit",
+                "no-autoload-config",
                 "no-bf",
                 "no-blake2",
                 "no-camellia",
-- 
2.7.4