From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Wed, 19 Jun 2019 15:20:37 -0700 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4EEDD5946F; Wed, 19 Jun 2019 22:20:29 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-91.ams2.redhat.com [10.36.116.91]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2A00C5D9D2; Wed, 19 Jun 2019 22:20:25 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL To: devel@edk2.groups.io, xiaoyux.lu@intel.com, Rebecca Cran Cc: Jian J Wang References: <1560928962-2028-1-git-send-email-xiaoyux.lu@intel.com> From: "Laszlo Ersek" Message-ID: Date: Thu, 20 Jun 2019 00:20:25 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <1560928962-2028-1-git-send-email-xiaoyux.lu@intel.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 19 Jun 2019 22:20:37 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Hi, On 06/19/19 09:22, Xiaoyu Lu wrote: > This problem was found by Rebecca Cran . > REF: https://edk2.groups.io/g/devel/topic/32100684 > > OpenSSL will automatically load a system config file which configures > default ssl options. In UEFI, It will cause TlsInitialize failed > without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature, > So disable it. > > Re-run process_files.py to generate OpensslLib[Crypto].inf files. > > Cc: Jian J Wang > Signed-off-by: Xiaoyu Lu > --- > CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++ > CryptoPkg/Library/OpensslLib/process_files.pl | 1 + > 2 files changed, 4 insertions(+) I think -- also from the discussion in the other thread, linked above -- that this qualifies as a regression from the OpenSSL update in edk2-stable201905. I suggest that we please file a TianoCore BZ for this issue, and cross-reference the BZ with the patch (the patch should be reposted with a BZ reference, and the BZ should reference the posting / final commit hash). In addition, the BZ should get the "Regression" keyword (in the "keywords" field), and it should include a pointer to the OpenSSL upgrade BZ (1089) in the See Also field. These metadata make it easier for consumers of edk2 to track this fix. Thanks Laszlo > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h > index 07fa2d3ce280..2b4d538e92d2 100644 > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > @@ -115,6 +115,9 @@ extern "C" { > #ifndef OPENSSL_NO_AUTOERRINIT > # define OPENSSL_NO_AUTOERRINIT > #endif > +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG > +# define OPENSSL_NO_AUTOLOAD_CONFIG > +#endif > #ifndef OPENSSL_NO_CAPIENG > # define OPENSSL_NO_CAPIENG > #endif > diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl > index 2783ff54f95a..3e8669e30fd7 100755 > --- a/CryptoPkg/Library/OpensslLib/process_files.pl > +++ b/CryptoPkg/Library/OpensslLib/process_files.pl > @@ -53,6 +53,7 @@ BEGIN { > "no-async", > "no-autoalginit", > "no-autoerrinit", > + "no-autoload-config", > "no-bf", > "no-blake2", > "no-camellia", >