From: "Xiaoyu lu" <xiaoyux.lu@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"lersek@redhat.com" <lersek@redhat.com>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>, "Ye, Ting" <ting.ye@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Date: Fri, 10 May 2019 08:51:11 +0000 [thread overview]
Message-ID: <BFD21A70FD4B3446B866B6088E3259E50B95D398@SHSMSX101.ccr.corp.intel.com> (raw)
In-Reply-To: <fd1bcabc-9709-90b1-5f3a-d4b5053b9d3b@redhat.com>
Thank you. Lersek.
This is a big mistake. I haven't test it.
-----Original Message-----
From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Laszlo Ersek
Sent: Friday, May 10, 2019 4:58 AM
To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu@intel.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Hi Xiaoyu,
On 05/09/19 07:23, Xiaoyu lu wrote:
> From: Xiaoyu Lu <xiaoyux.lu@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089
>
> Update OpenSSL submodule to OpenSSL_1_1_1b
> OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687)
I found another issue, while trying to cross-build this series for AARCH64.
I ran the commands below:
> export GCC5_AARCH64_PREFIX=aarch64-linux-gnu-
> build \
> -a AARCH64 \
> -b NOOPT \
> -p CryptoPkg/CryptoPkg.dsc \
> -t GCC5 \
> --cmd-len=65536 \
> -m CryptoPkg/Library/OpensslLib/OpensslLib.inf
The following cross-compilation command failed:
> "aarch64-linux-gnu-gcc" \
> -g \
> -fshort-wchar \
> -fno-builtin \
> -fno-strict-aliasing \
> -Wall \
> -Werror \
> -Wno-array-bounds \
> -ffunction-sections \
> -fdata-sections \
> -include AutoGen.h \
> -fno-common \
> -DSTRING_ARRAY_NAME=OpensslLibStrings \
> -g \
> -Os \
> -fshort-wchar \
> -fno-builtin \
> -fno-strict-aliasing \
> -Wall \
> -Werror \
> -Wno-array-bounds \
> -include AutoGen.h \
> -fno-common \
> -mlittle-endian \
> -fno-short-enums \
> -fverbose-asm \
> -funsigned-char \
> -ffunction-sections \
> -fdata-sections \
> -Wno-address \
> -fno-asynchronous-unwind-tables \
> -fno-unwind-tables \
> -fno-pic \
> -fno-pie \
> -ffixed-x18 \
> -mcmodel=small \
> -O0 \
> -DL_ENDIAN \
> -DOPENSSL_SMALL_FOOTPRINT \
> -D_CRT_SECURE_NO_DEPRECATE \
> -D_CRT_NONSTDC_NO_DEPRECATE \
> -Wno-error=maybe-uninitialized \
> -Wno-format \
> -Wno-error=unused-but-set-variable \
> -D DISABLE_NEW_DEPRECATED_INTERFACES \
> -c \
> -o $WORKSPACE/Build/CryptoPkg/NOOPT_GCC5/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/OUTPUT/openssl/crypto/rand/rand_unix.obj \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/ssl/statem \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/ssl/record \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/ssl \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/x509 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/ui \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/txt_db \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/stack \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/sm4 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/sm3 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/siphash \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/sha \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rsa \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rc4 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rand \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/pem \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/ocsp \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/objects \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/modes \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/md5 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/md4 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/lhash \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/kdf \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/hmac \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/evp \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/err \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/dso \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/dh \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/des \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/conf \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/comp \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/cmac \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/buffer \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/bn \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/bio \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/async \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/async/arch \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1 \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/aria \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/aes \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib \
> -I$WORKSPACE/Build/CryptoPkg/NOOPT_GCC5/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/DEBUG \
> -I$WORKSPACE/MdePkg \
> -I$WORKSPACE/MdePkg/Include \
> -I$WORKSPACE/MdePkg/Include/AArch64 \
> -I$WORKSPACE/CryptoPkg \
> -I$WORKSPACE/CryptoPkg/Include \
> -I$WORKSPACE/CryptoPkg/Library/Include \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/include \
> -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/include \
>
> $WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rand/rand_unix.
> c
The error message was:
> $WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rand/rand_unix.c:22:26:
> fatal error: sys/syscall.h: No such file or directory # include
> <sys/syscall.h>
> ^
> compilation terminated.
The "rand_unix.c" source file contains:
21 #if defined(__linux)
22 # include <sys/syscall.h>
23 #endif
This code originates from OpenSSL commit 148796291e47 ("Add support for
getrandom() or equivalent system calls and use them by default", 2018-04-22).
This is a problem because the aarch64 cross-compiler in Fedora only supports "freestanding" programs (such as the Linux kernel, and edk2); it does not support userspace (hosted) programs. The cross-compiler's description says,
> Cross-build GNU C compiler.
>
> Only building kernels is currently supported. Support for
> cross-building user space programs is not currently provided as that
> would massively multiply the number of packages.
(This is the case as of
gcc-aarch64-linux-gnu-8.2.1-1.fc30.2.aarch64.rpm, from
<https://koji.fedoraproject.org/koji/buildinfo?buildID=1185346>.)
And, <sys/syscall.h> is a header that only userspace programs may include.
Now, I see that we already have the following files in CryptoPkg:
CryptoPkg/Library/Include/sys/types.h
CryptoPkg/Library/Include/sys/time.h
The following patch allows the build to complete:
> diff --git a/CryptoPkg/Library/Include/sys/syscall.h
> b/CryptoPkg/Library/Include/sys/syscall.h
> new file mode 100644
> index 000000000000..bfe1c7ff1473
> --- /dev/null
> +++ b/CryptoPkg/Library/Include/sys/syscall.h
> @@ -0,0 +1,10 @@
> +/** @file
> + Include file to support building the third-party cryptographic library.
> +
> +Copyright (c) 2010 - 2017, Intel Corporation. All rights
> +reserved.<BR> Copyright (c) 2019, Red Hat, Inc.
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <CrtLibSupport.h>
This file is sufficient for the following reason. In "rand_unix.c", at tag OpenSSL_1_1_1b, we have:
80 #if defined(OPENSSL_RAND_SEED_NONE)
81 /* none means none. this simplifies the following logic */
82 # undef OPENSSL_RAND_SEED_OS
83 # undef OPENSSL_RAND_SEED_GETRANDOM
84 # undef OPENSSL_RAND_SEED_LIBRANDOM
85 # undef OPENSSL_RAND_SEED_DEVRANDOM
86 # undef OPENSSL_RAND_SEED_RDTSC
87 # undef OPENSSL_RAND_SEED_RDCPU
88 # undef OPENSSL_RAND_SEED_EGD
89 #endif
Due to your patch v2 1/6, the macro OPENSSL_RAND_SEED_NONE will be defined, as a consequence of "--with-rand-seed=none".
And the following "naked" Linux syscall in "rand_unix.c":
326 /* Linux supports this since version 3.17 */
327 # if defined(__linux) && defined(SYS_getrandom)
328 return syscall(SYS_getrandom, buf, buflen, 0);
is located in the function syscall_random() -- which entirely depends on OPENSSL_RAND_SEED_GETRANDOM.
In other words, due to "--with-rand-seed=none" from patch v2 1/6, the actual contents of "sys/syscall.h" will never be necessary. We just need to provide a placeholder header file.
So please include a patch in the v3 series that adds "CryptoPkg/Library/Include/sys/syscall.h" like suggested above.
Thanks
Laszlo
next prev parent reply other threads:[~2019-05-10 8:51 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-09 5:23 [PATCH v2 1/6] CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL Xiaoyu lu
2019-05-09 5:23 ` [PATCH v2 2/6] CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl Xiaoyu lu
2019-05-09 13:42 ` [edk2-devel] " Laszlo Ersek
2019-05-10 8:51 ` Xiaoyu lu
2019-05-13 15:12 ` Laszlo Ersek
2019-05-14 12:41 ` Xiaoyu lu
2019-05-14 15:11 ` Laszlo Ersek
2019-05-09 5:23 ` [PATCH v2 3/6] CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue Xiaoyu lu
2019-05-09 17:16 ` [edk2-devel] " Laszlo Ersek
2019-05-09 5:23 ` [PATCH v2 4/6] CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL Xiaoyu lu
2019-05-09 13:48 ` [edk2-devel] " Laszlo Ersek
2019-05-09 5:23 ` [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b Xiaoyu lu
2019-05-09 17:15 ` [edk2-devel] " Laszlo Ersek
2019-05-09 17:30 ` Laszlo Ersek
2019-05-10 10:26 ` Wang, Jian J
2019-05-13 16:14 ` Laszlo Ersek
2019-05-14 7:03 ` Wang, Jian J
2019-05-14 10:58 ` Laszlo Ersek
2019-05-14 13:25 ` Wang, Jian J
2019-05-14 15:08 ` Laszlo Ersek
2019-05-09 20:58 ` Laszlo Ersek
2019-05-10 8:51 ` Xiaoyu lu [this message]
2019-05-09 5:23 ` [PATCH v2 6/6] CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible Xiaoyu lu
2019-05-09 14:01 ` [edk2-devel] " Laszlo Ersek
2019-05-09 14:20 ` Wang, Jian J
2019-05-09 21:34 ` Laszlo Ersek
2019-05-09 11:32 ` [edk2-devel] [PATCH v2 1/6] CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BFD21A70FD4B3446B866B6088E3259E50B95D398@SHSMSX101.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox