From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Thu, 09 May 2019 13:58:13 -0700 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 715CEC0495BF; Thu, 9 May 2019 20:58:11 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-234.rdu2.redhat.com [10.10.120.234]) by smtp.corp.redhat.com (Postfix) with ESMTP id 208B860C62; Thu, 9 May 2019 20:58:09 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b To: devel@edk2.groups.io, xiaoyux.lu@intel.com Cc: Jian J Wang , Ting Ye References: <1557379429-7527-1-git-send-email-xiaoyux.lu@intel.com> <1557379429-7527-5-git-send-email-xiaoyux.lu@intel.com> From: "Laszlo Ersek" Message-ID: Date: Thu, 9 May 2019 22:58:09 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <1557379429-7527-5-git-send-email-xiaoyux.lu@intel.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Thu, 09 May 2019 20:58:11 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Hi Xiaoyu, On 05/09/19 07:23, Xiaoyu lu wrote: > From: Xiaoyu Lu > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089 > > Update OpenSSL submodule to OpenSSL_1_1_1b > OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687) I found another issue, while trying to cross-build this series for AARCH64. I ran the commands below: > export GCC5_AARCH64_PREFIX=aarch64-linux-gnu- > build \ > -a AARCH64 \ > -b NOOPT \ > -p CryptoPkg/CryptoPkg.dsc \ > -t GCC5 \ > --cmd-len=65536 \ > -m CryptoPkg/Library/OpensslLib/OpensslLib.inf The following cross-compilation command failed: > "aarch64-linux-gnu-gcc" \ > -g \ > -fshort-wchar \ > -fno-builtin \ > -fno-strict-aliasing \ > -Wall \ > -Werror \ > -Wno-array-bounds \ > -ffunction-sections \ > -fdata-sections \ > -include AutoGen.h \ > -fno-common \ > -DSTRING_ARRAY_NAME=OpensslLibStrings \ > -g \ > -Os \ > -fshort-wchar \ > -fno-builtin \ > -fno-strict-aliasing \ > -Wall \ > -Werror \ > -Wno-array-bounds \ > -include AutoGen.h \ > -fno-common \ > -mlittle-endian \ > -fno-short-enums \ > -fverbose-asm \ > -funsigned-char \ > -ffunction-sections \ > -fdata-sections \ > -Wno-address \ > -fno-asynchronous-unwind-tables \ > -fno-unwind-tables \ > -fno-pic \ > -fno-pie \ > -ffixed-x18 \ > -mcmodel=small \ > -O0 \ > -DL_ENDIAN \ > -DOPENSSL_SMALL_FOOTPRINT \ > -D_CRT_SECURE_NO_DEPRECATE \ > -D_CRT_NONSTDC_NO_DEPRECATE \ > -Wno-error=maybe-uninitialized \ > -Wno-format \ > -Wno-error=unused-but-set-variable \ > -D DISABLE_NEW_DEPRECATED_INTERFACES \ > -c \ > -o $WORKSPACE/Build/CryptoPkg/NOOPT_GCC5/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/OUTPUT/openssl/crypto/rand/rand_unix.obj \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/ssl/statem \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/ssl/record \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/ssl \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/x509 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/ui \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/txt_db \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/stack \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/sm4 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/sm3 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/siphash \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/sha \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rsa \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rc4 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rand \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/pem \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/ocsp \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/objects \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/modes \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/md5 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/md4 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/lhash \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/kdf \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/hmac \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/evp \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/err \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/dso \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/dh \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/des \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/conf \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/comp \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/cmac \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/buffer \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/bn \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/bio \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/async \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/async/arch \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1 \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/aria \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/aes \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib \ > -I$WORKSPACE/Build/CryptoPkg/NOOPT_GCC5/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/DEBUG \ > -I$WORKSPACE/MdePkg \ > -I$WORKSPACE/MdePkg/Include \ > -I$WORKSPACE/MdePkg/Include/AArch64 \ > -I$WORKSPACE/CryptoPkg \ > -I$WORKSPACE/CryptoPkg/Include \ > -I$WORKSPACE/CryptoPkg/Library/Include \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/include \ > -I$WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/include \ > $WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rand/rand_unix.c The error message was: > $WORKSPACE/CryptoPkg/Library/OpensslLib/openssl/crypto/rand/rand_unix.c:22:26: > fatal error: sys/syscall.h: No such file or directory > # include > ^ > compilation terminated. The "rand_unix.c" source file contains: 21 #if defined(__linux) 22 # include 23 #endif This code originates from OpenSSL commit 148796291e47 ("Add support for getrandom() or equivalent system calls and use them by default", 2018-04-22). This is a problem because the aarch64 cross-compiler in Fedora only supports "freestanding" programs (such as the Linux kernel, and edk2); it does not support userspace (hosted) programs. The cross-compiler's description says, > Cross-build GNU C compiler. > > Only building kernels is currently supported. Support for cross-building > user space programs is not currently provided as that would massively multiply > the number of packages. (This is the case as of gcc-aarch64-linux-gnu-8.2.1-1.fc30.2.aarch64.rpm, from .) And, is a header that only userspace programs may include. Now, I see that we already have the following files in CryptoPkg: CryptoPkg/Library/Include/sys/types.h CryptoPkg/Library/Include/sys/time.h The following patch allows the build to complete: > diff --git a/CryptoPkg/Library/Include/sys/syscall.h b/CryptoPkg/Library/Include/sys/syscall.h > new file mode 100644 > index 000000000000..bfe1c7ff1473 > --- /dev/null > +++ b/CryptoPkg/Library/Include/sys/syscall.h > @@ -0,0 +1,10 @@ > +/** @file > + Include file to support building the third-party cryptographic library. > + > +Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
> +Copyright (c) 2019, Red Hat, Inc. > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include This file is sufficient for the following reason. In "rand_unix.c", at tag OpenSSL_1_1_1b, we have: 80 #if defined(OPENSSL_RAND_SEED_NONE) 81 /* none means none. this simplifies the following logic */ 82 # undef OPENSSL_RAND_SEED_OS 83 # undef OPENSSL_RAND_SEED_GETRANDOM 84 # undef OPENSSL_RAND_SEED_LIBRANDOM 85 # undef OPENSSL_RAND_SEED_DEVRANDOM 86 # undef OPENSSL_RAND_SEED_RDTSC 87 # undef OPENSSL_RAND_SEED_RDCPU 88 # undef OPENSSL_RAND_SEED_EGD 89 #endif Due to your patch v2 1/6, the macro OPENSSL_RAND_SEED_NONE will be defined, as a consequence of "--with-rand-seed=none". And the following "naked" Linux syscall in "rand_unix.c": 326 /* Linux supports this since version 3.17 */ 327 # if defined(__linux) && defined(SYS_getrandom) 328 return syscall(SYS_getrandom, buf, buflen, 0); is located in the function syscall_random() -- which entirely depends on OPENSSL_RAND_SEED_GETRANDOM. In other words, due to "--with-rand-seed=none" from patch v2 1/6, the actual contents of "sys/syscall.h" will never be necessary. We just need to provide a placeholder header file. So please include a patch in the v3 series that adds "CryptoPkg/Library/Include/sys/syscall.h" like suggested above. Thanks Laszlo