* [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL @ 2019-06-19 7:22 Xiaoyu Lu 2019-06-19 13:39 ` rebecca 2019-06-19 22:20 ` [edk2-devel] " Laszlo Ersek 0 siblings, 2 replies; 4+ messages in thread From: Xiaoyu Lu @ 2019-06-19 7:22 UTC (permalink / raw) To: devel, Rebecca Cran; +Cc: Xiaoyu Lu, Jian J Wang This problem was found by Rebecca Cran <rebecca@bluestop.org>. REF: https://edk2.groups.io/g/devel/topic/32100684 OpenSSL will automatically load a system config file which configures default ssl options. In UEFI, It will cause TlsInitialize failed without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature, So disable it. Re-run process_files.py to generate OpensslLib[Crypto].inf files. Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com> --- CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++ CryptoPkg/Library/OpensslLib/process_files.pl | 1 + 2 files changed, 4 insertions(+) diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h index 07fa2d3ce280..2b4d538e92d2 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -115,6 +115,9 @@ extern "C" { #ifndef OPENSSL_NO_AUTOERRINIT # define OPENSSL_NO_AUTOERRINIT #endif +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG +# define OPENSSL_NO_AUTOLOAD_CONFIG +#endif #ifndef OPENSSL_NO_CAPIENG # define OPENSSL_NO_CAPIENG #endif diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl index 2783ff54f95a..3e8669e30fd7 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -53,6 +53,7 @@ BEGIN { "no-async", "no-autoalginit", "no-autoerrinit", + "no-autoload-config", "no-bf", "no-blake2", "no-camellia", -- 2.7.4 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL 2019-06-19 7:22 [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL Xiaoyu Lu @ 2019-06-19 13:39 ` rebecca 2019-06-19 22:20 ` [edk2-devel] " Laszlo Ersek 1 sibling, 0 replies; 4+ messages in thread From: rebecca @ 2019-06-19 13:39 UTC (permalink / raw) To: Xiaoyu Lu, devel; +Cc: Jian J Wang On 2019-06-19 01:22, Xiaoyu Lu wrote: > This problem was found by Rebecca Cran <rebecca@bluestop.org>. > REF: https://edk2.groups.io/g/devel/topic/32100684 > > OpenSSL will automatically load a system config file which configures > default ssl options. In UEFI, It will cause TlsInitialize failed > without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature, > So disable it. > > Re-run process_files.py to generate OpensslLib[Crypto].inf files. Reviewed-by: Rebecca Cran <rebecca@bluestop.org> ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL 2019-06-19 7:22 [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL Xiaoyu Lu 2019-06-19 13:39 ` rebecca @ 2019-06-19 22:20 ` Laszlo Ersek 2019-06-20 0:59 ` Wang, Jian J 1 sibling, 1 reply; 4+ messages in thread From: Laszlo Ersek @ 2019-06-19 22:20 UTC (permalink / raw) To: devel, xiaoyux.lu, Rebecca Cran; +Cc: Jian J Wang Hi, On 06/19/19 09:22, Xiaoyu Lu wrote: > This problem was found by Rebecca Cran <rebecca@bluestop.org>. > REF: https://edk2.groups.io/g/devel/topic/32100684 > > OpenSSL will automatically load a system config file which configures > default ssl options. In UEFI, It will cause TlsInitialize failed > without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature, > So disable it. > > Re-run process_files.py to generate OpensslLib[Crypto].inf files. > > Cc: Jian J Wang <jian.j.wang@intel.com> > Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com> > --- > CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++ > CryptoPkg/Library/OpensslLib/process_files.pl | 1 + > 2 files changed, 4 insertions(+) I think -- also from the discussion in the other thread, linked above -- that this qualifies as a regression from the OpenSSL update in edk2-stable201905. I suggest that we please file a TianoCore BZ for this issue, and cross-reference the BZ with the patch (the patch should be reposted with a BZ reference, and the BZ should reference the posting / final commit hash). In addition, the BZ should get the "Regression" keyword (in the "keywords" field), and it should include a pointer to the OpenSSL upgrade BZ (1089) in the See Also field. These metadata make it easier for consumers of edk2 to track this fix. Thanks Laszlo > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h > index 07fa2d3ce280..2b4d538e92d2 100644 > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > @@ -115,6 +115,9 @@ extern "C" { > #ifndef OPENSSL_NO_AUTOERRINIT > # define OPENSSL_NO_AUTOERRINIT > #endif > +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG > +# define OPENSSL_NO_AUTOLOAD_CONFIG > +#endif > #ifndef OPENSSL_NO_CAPIENG > # define OPENSSL_NO_CAPIENG > #endif > diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl > index 2783ff54f95a..3e8669e30fd7 100755 > --- a/CryptoPkg/Library/OpensslLib/process_files.pl > +++ b/CryptoPkg/Library/OpensslLib/process_files.pl > @@ -53,6 +53,7 @@ BEGIN { > "no-async", > "no-autoalginit", > "no-autoerrinit", > + "no-autoload-config", > "no-bf", > "no-blake2", > "no-camellia", > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL 2019-06-19 22:20 ` [edk2-devel] " Laszlo Ersek @ 2019-06-20 0:59 ` Wang, Jian J 0 siblings, 0 replies; 4+ messages in thread From: Wang, Jian J @ 2019-06-20 0:59 UTC (permalink / raw) To: devel@edk2.groups.io, lersek@redhat.com, Lu, XiaoyuX, Rebecca Cran Agree with Laszlo's comment. With it's addressed, Reviewed-by: Jian J Wang <jian.j.wang@intel.com> > -----Original Message----- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Laszlo Ersek > Sent: Thursday, June 20, 2019 6:20 AM > To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Rebecca Cran > <rebecca@bluestop.org> > Cc: Wang, Jian J <jian.j.wang@intel.com> > Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload- > config for OpenSSL > > Hi, > > On 06/19/19 09:22, Xiaoyu Lu wrote: > > This problem was found by Rebecca Cran <rebecca@bluestop.org>. > > REF: https://edk2.groups.io/g/devel/topic/32100684 > > > > OpenSSL will automatically load a system config file which configures > > default ssl options. In UEFI, It will cause TlsInitialize failed > > without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature, > > So disable it. > > > > Re-run process_files.py to generate OpensslLib[Crypto].inf files. > > > > Cc: Jian J Wang <jian.j.wang@intel.com> > > Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com> > > --- > > CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++ > > CryptoPkg/Library/OpensslLib/process_files.pl | 1 + > > 2 files changed, 4 insertions(+) > > I think -- also from the discussion in the other thread, linked above -- > that this qualifies as a regression from the OpenSSL update in > edk2-stable201905. > > I suggest that we please file a TianoCore BZ for this issue, and > cross-reference the BZ with the patch (the patch should be reposted with > a BZ reference, and the BZ should reference the posting / final commit > hash). > > In addition, the BZ should get the "Regression" keyword (in the > "keywords" field), and it should include a pointer to the OpenSSL > upgrade BZ (1089) in the See Also field. > > These metadata make it easier for consumers of edk2 to track this fix. > > Thanks > Laszlo > > > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h > b/CryptoPkg/Library/Include/openssl/opensslconf.h > > index 07fa2d3ce280..2b4d538e92d2 100644 > > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > > @@ -115,6 +115,9 @@ extern "C" { > > #ifndef OPENSSL_NO_AUTOERRINIT > > # define OPENSSL_NO_AUTOERRINIT > > #endif > > +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG > > +# define OPENSSL_NO_AUTOLOAD_CONFIG > > +#endif > > #ifndef OPENSSL_NO_CAPIENG > > # define OPENSSL_NO_CAPIENG > > #endif > > diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl > b/CryptoPkg/Library/OpensslLib/process_files.pl > > index 2783ff54f95a..3e8669e30fd7 100755 > > --- a/CryptoPkg/Library/OpensslLib/process_files.pl > > +++ b/CryptoPkg/Library/OpensslLib/process_files.pl > > @@ -53,6 +53,7 @@ BEGIN { > > "no-async", > > "no-autoalginit", > > "no-autoerrinit", > > + "no-autoload-config", > > "no-bf", > > "no-blake2", > > "no-camellia", > > > > > ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-06-20 0:59 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-06-19 7:22 [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL Xiaoyu Lu 2019-06-19 13:39 ` rebecca 2019-06-19 22:20 ` [edk2-devel] " Laszlo Ersek 2019-06-20 0:59 ` Wang, Jian J
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox