From nobody Sat May 4 16:33:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+40499+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+40499+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1557753969; cv=none; d=zoho.com; s=zohoarc; b=TbEKglxeboGYBG6SSuv1Gb9uNHHKt2YIc4WOYDHAwstsv9y20M1nhb2WMcy6QccqU9VjcMIAJCMpt5jiRzufVVSag/NLohP7m2y2px/E2OaSm2PnuWU8/DVk6zXOmZ8Ix1PxI1zheZ96MhLI/IAEj9cb1NX3OIvYeXGkN2nBmUk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1557753969; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=j811L2myJ5V5oTpZLdH1a4b0fc6zOK20hSDUOyi7CZo=; b=i3Qr3+DuRh6Ox5Woina/EQP7laeEhw9bEe3dKR6q+3PEBcKdm07smhwhD55gGkp+N+OcUf2gUi39YobymJntPHe/d2MJS7jIu6uLe7vmOKII9cQTikodz89AxNTXiGMHXa54476lfcJu2UaxMoQFZdBN9IN/UCTnes/m85ssal4= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+40499+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1557753969274125.99770586661305; Mon, 13 May 2019 06:26:09 -0700 (PDT) Return-Path: X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by groups.io with SMTP; Mon, 13 May 2019 06:26:08 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 May 2019 06:26:07 -0700 X-ExtLoop1: 1 X-Received: from xiaoyu-dev.sh.intel.com ([10.239.47.11]) by fmsmga004.fm.intel.com with ESMTP; 13 May 2019 06:26:06 -0700 From: "Xiaoyu lu" To: devel@edk2.groups.io Cc: lersek@redhat.com, xiaoyux.lu@intel.com, Jian J Wang , Ting Ye Subject: [edk2-devel] [PATCH v3 1/6] CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL Date: Mon, 13 May 2019 09:25:07 -0400 Message-Id: <1557753912-30122-2-git-send-email-xiaoyux.lu@intel.com> In-Reply-To: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com> References: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,xiaoyux.lu@intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1557753968; bh=odXeC60CxzP2WljsgqeBQou1n7Rk7n4YRkOed4rgFiI=; h=Cc:Date:From:Reply-To:Subject:To; b=wlhBFfl4xWxWnaMO6vZPzc4TlqetMUtU3pp67vSfhfNHj3x4BzU33gOAk+heYKebMw9 mEh0bTFZD/mIRfV17ZsEKCc89VtZDvUaVfg94aDPQhnUAU1V6NL/kaOm8bVJjGvZfn40b eGkjrmnwNHOtiHvgbfzXU2lmWJdvGZ7AED4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1089 OpenSSL configure mechanism use --with-rand-seed=3Dxxx option to configure random number generation. OpenSSL_1_1_0j(74f2d9c1ec5f5510e1d3da5a9f03c28df0977762) we use default --with-rand-seed=3Dos option to for building it. But OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687) only support seeding NONE for UEFI(rand_unix.c line 93). This OpenSSL change was introduced in commit 8389ec4b4950 ("Add --with-rand-seed", 2017-07-22). So add --with-rand-seed=3Dnone to process_files.pl. Cc: Jian J Wang Cc: Ting Ye Signed-off-by: Xiaoyu Lu --- CryptoPkg/Library/OpensslLib/process_files.pl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Libr= ary/OpensslLib/process_files.pl index f6e1f43..6c136cc 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -90,7 +90,10 @@ BEGIN { "no-threads", "no-ts", "no-ui", - "no-whirlpool" + "no-whirlpool", + # OpenSSL1_1_1b doesn't support default rand-seed-os for U= EFI + # UEFI only support --with-rand-seed=3Dnone + "--with-rand-seed=3Dnone" ) =3D=3D 0 || die "OpenSSL Configure failed!\n"; =20 --=20 2.7.4 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#40499): https://edk2.groups.io/g/devel/message/40499 Mute This Topic: https://groups.io/mt/31606971/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 4 16:33:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+40501+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+40501+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1557753969; cv=none; d=zoho.com; s=zohoarc; b=RBNrauKhGHD6qYYdEfVrKCz/loE2Ze6u+4a5hpRi5JqF2BMPiG+Igs4TCBqPDfBsQONOkQ4Kjtoz3LFKr3b8XX4U3Tx0Qdj5yacEbpfQMGRaJWoMg+RsgbOt4DzJxhm4dPNpnoGI1ojo0I9+bEO4PijM3c/gbEFKF4crTRpkoQY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1557753969; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=mvr7OgeackC3I7JwZYQVnpx9gw4CoT10Q+vn20GV/Io=; b=IbPPemi33Q/ePN2W+nW4kvnYIOcVuvm+4+FQ/zjvVSGYHMyZA5TFBO6fk4lE9rFdRGLeEfxpCEmnAYMk/uKoM6YNdzYgyfQBMo6NT7VMbgsbCO4vosMDjRT2q46ovdTRlMVomvswHlkQJiww6OPfjlHOHxJ7090fbsu0pP7AQHg= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+40501+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1557753969653372.55533327096214; Mon, 13 May 2019 06:26:09 -0700 (PDT) Return-Path: X-Received: from mga17.intel.com (mga17.intel.com []) by groups.io with SMTP; Mon, 13 May 2019 06:26:08 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 May 2019 06:26:08 -0700 X-ExtLoop1: 1 X-Received: from xiaoyu-dev.sh.intel.com ([10.239.47.11]) by fmsmga004.fm.intel.com with ESMTP; 13 May 2019 06:26:07 -0700 From: "Xiaoyu lu" To: devel@edk2.groups.io Cc: lersek@redhat.com, xiaoyux.lu@intel.com, Jian J Wang , Ting Ye Subject: [edk2-devel] [PATCH v3 2/6] CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl Date: Mon, 13 May 2019 09:25:08 -0400 Message-Id: <1557753912-30122-3-git-send-email-xiaoyux.lu@intel.com> In-Reply-To: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com> References: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,xiaoyux.lu@intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1557753969; bh=9d5gUxyduMJ1S4J4gT6Fz5wDIVmO2VsPilYOwyYOCak=; h=Cc:Date:From:Reply-To:Subject:To; b=nAyM+vRMSuWQuqifIT8T1XeDEXoGqi3MK4/O/Q3SnqeZjW3fIsaT68irnxSmMLMLq1/ vRWKMvprf3YSFaxDaXrpJPvHYyH90Ibd7oP1hur+oAngrDsnsoN4IOTCNGla/1Mm+oEpb HASQh54lWUGBWKkRtAKZ594zr/zC700ICPU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1089 When running process_files.py to configure OpenSSL, we can exclude some unnecessary files. This can reduce porting time, compiling time and library size. Upstream OpenSSL commit 71a5516dcc8a which was as part of OpenSSL_1_1_1b, Add the STORE module(crypto/store/*). But UEFI don't use them. So exclude these files. Functions in crypto/rand/randfile.c OpenSSL and edk2 don't call them. And it requires more crt runtime support. So exclude it. Cc: Jian J Wang Cc: Ting Ye Signed-off-by: Xiaoyu Lu --- CryptoPkg/Library/OpensslLib/process_files.pl | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Libr= ary/OpensslLib/process_files.pl index 6c136cc..e277108 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -127,6 +127,12 @@ foreach my $product ((@{$unified_info{libraries}}, foreach my $s (@{$unified_info{sources}->{$o}}) { next if ($unified_info{generate}->{$s}); next if $s =3D~ "crypto/bio/b_print.c"; + + # No need to add unused files in UEFI. + # So it can reduce porting time, compile time, library size. + next if $s =3D~ "crypto/rand/randfile.c"; + next if $s =3D~ "crypto/store/"; + if ($product =3D~ "libssl") { push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n"; next; --=20 2.7.4 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#40501): https://edk2.groups.io/g/devel/message/40501 Mute This Topic: https://groups.io/mt/31606973/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 4 16:33:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+40502+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+40502+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1557753970; cv=none; d=zoho.com; s=zohoarc; b=i6GQQi42aVmnnVCBNLMqgrQGBR0WQoXlFSEBBHXBoC2bjCoxoSXYvLVQ2OjD5aOof63Q+8iHT+k6XRrWD9DrOheBfobG8zYQIN/eHLsj0lJfUBw1tbRMKX/rEfPQ1NA2bqcaaVT47jyABpPdxDEiP5vYDME+SWtKXqa7h3bOIeA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1557753970; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=BmrOeSG4+ENG6Or3qwnvjYOdpw9kbWXdMm9Nh6KCY/E=; b=DZA85ZMTy19rtkTl0DaX0f7J70dpis4tDqNQ3Bc0alNjWQhivsEwAmDumjJxyEjoH6f/xsKzwcPKtHnbchzXn+WSGDmyp6j1FZSjYnBs0rIxK6qYJDhOi9RY+5koGs5pkYW43YTaohAKftl9y6HN6Ixn3RzCxG2tDwd+bQH03qI= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+40502+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 15577539707001002.8979530874497; Mon, 13 May 2019 06:26:10 -0700 (PDT) Return-Path: X-Received: from mga17.intel.com (mga17.intel.com []) by groups.io with SMTP; Mon, 13 May 2019 06:26:09 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 May 2019 06:26:09 -0700 X-ExtLoop1: 1 X-Received: from xiaoyu-dev.sh.intel.com ([10.239.47.11]) by fmsmga004.fm.intel.com with ESMTP; 13 May 2019 06:26:08 -0700 From: "Xiaoyu lu" To: devel@edk2.groups.io Cc: lersek@redhat.com, xiaoyux.lu@intel.com, Jian J Wang , Ting Ye Subject: [edk2-devel] [PATCH v3 3/6] CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue Date: Mon, 13 May 2019 09:25:09 -0400 Message-Id: <1557753912-30122-4-git-send-email-xiaoyux.lu@intel.com> In-Reply-To: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com> References: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,xiaoyux.lu@intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1557753969; bh=xhGwPgDniHL/lhGUMfrPzPeg1PTQvnCq/0DM1eKeqZ0=; h=Cc:Date:From:Reply-To:Subject:To; b=BMWgPb/XyoSni3s9zFxdJHn4l86yaDT6489vwP9deZ3FSK7aQDu8qh0WW/eWETldoXd w0MquHfQnZg9wlFGB5IaEs+nEvQz5Uz+HtCEZzvevE5TpmU2igOXX6z2A+oqiE/HnBOAC 4qrbMYoCQwPp5cqXRJg2+SsMCrnv3xgGyuM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Xiaoyu Lu REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1089 This is for the upcoming upgrade to OpenSSL_1_1_1b Compiler optimization(Visual Studio) may automatically use _ftol2 instead of some type conversion. For example: OpensslLib.lib(drbg_lib.obj) : error LNK2001: unresolved external symbol __ftol2 This patch add _ftol2 function for the compiler intrinsic. Cc: Jian J Wang Cc: Ting Ye Signed-off-by: Xiaoyu Lu --- CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c | 22 ++++++++++++++++++++++ CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf | 4 +++- 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c diff --git a/CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c b/CryptoPkg/Lib= rary/IntrinsicLib/Ia32/MathFtol.c new file mode 100644 index 0000000..147a19a --- /dev/null +++ b/CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c @@ -0,0 +1,22 @@ +/** @file + 64-bit Math Worker Function. + The 32-bit versions of C compiler generate calls to library routines + to handle 64-bit math. These functions use non-standard calling conventi= ons. + +Copyright (c) 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +/* + * Floating point to integer conversion. + */ +__declspec(naked) void _ftol2 (void) +{ + _asm { + fistp qword ptr [esp-8] + mov edx, [esp-4] + mov eax, [esp-8] + ret + } +} diff --git a/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf b/CryptoPkg/Li= brary/IntrinsicLib/IntrinsicLib.inf index 5a20967..fcbb933 100644 --- a/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf +++ b/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf @@ -1,7 +1,7 @@ ## @file # Intrinsic Routines Wrapper Library Instance. # -# Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -29,9 +29,11 @@ =20 Ia32/MathLShiftS64.c | MSFT Ia32/MathRShiftU64.c | MSFT + Ia32/MathFtol.c | MSFT =20 Ia32/MathLShiftS64.c | INTEL Ia32/MathRShiftU64.c | INTEL + Ia32/MathFtol.c | INTEL =20 Ia32/MathLShiftS64.nasm | GCC Ia32/MathRShiftU64.nasm | GCC --=20 2.7.4 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#40502): https://edk2.groups.io/g/devel/message/40502 Mute This Topic: https://groups.io/mt/31606974/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 4 16:33:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+40503+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+40503+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1557753972; cv=none; d=zoho.com; s=zohoarc; b=NXCytiUqrcMj7jobdCoEhvNWHC5aFpOWbgGaRgENwLUOor9tmkhBkvb5tgGwKOBCG/+x8W0I5wYWk1dXDIBGCEtk6yuPEU83mLX9ThWz7CjhwoK58ky7L99sqZRtxAKXZhqkhaMblWCilGNxe0kE0BjDb2o+lDy14qlvP+rwYfg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1557753972; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=pB8guiSzqVxADkynGsqUZOwAzKbvZ6xfuWNfy9apTuQ=; b=W1K/iMtsMQj0oRkyd1aOrEQB7XY9ohR3WsbzYEcGSLDUrnDn89tI2Lxeh8Uy+C9Ixm+kb80H1k6tfqA7gWIOoy+wGgQm3UsjtG2JlZgv1Vv53BIPbeR1/IGvptZqGenJj/v8vwNiNSERAc3NmFvXTlYDI7SsEK2WK0AX8u6f3AU= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+40503+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 15577539722871019.3036126031661; Mon, 13 May 2019 06:26:12 -0700 (PDT) Return-Path: X-Received: from mga17.intel.com (mga17.intel.com []) by groups.io with SMTP; Mon, 13 May 2019 06:26:11 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 May 2019 06:26:10 -0700 X-ExtLoop1: 1 X-Received: from xiaoyu-dev.sh.intel.com ([10.239.47.11]) by fmsmga004.fm.intel.com with ESMTP; 13 May 2019 06:26:09 -0700 From: "Xiaoyu lu" To: devel@edk2.groups.io Cc: lersek@redhat.com, xiaoyux.lu@intel.com, Jian J Wang , Ting Ye Subject: [edk2-devel] [PATCH v3 4/6] CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL Date: Mon, 13 May 2019 09:25:10 -0400 Message-Id: <1557753912-30122-5-git-send-email-xiaoyux.lu@intel.com> In-Reply-To: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com> References: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,xiaoyux.lu@intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1557753971; bh=9zZifW59aPN54KALEopdajCOCOgTGTg0CB4rrNy9vDs=; h=Cc:Date:From:Reply-To:Subject:To; b=QGMER6SftVQgYlxMQY0ej50U4/vU+QVNAGN0V2/tuHOMFQEGZF5WUVMDkgIXJEvsk5x qpE5lQLNSGmXz5/j8oHLlBw1nDEdZtO+ecSO8g3ya8ValEnGiUs3MMJDLGV/tNZjYwv/O 61UQ9dnNaBiAISXYQTyXszWUUUDftksqapU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1089 Disable warning for building OpenSSL_1_1_1b add /wd4132 /wd4700 /wd4310 for Visual Studio in OpensslLib[Crypto].inf add -Wno-error=3Dunused-but-set-variable for GCC in OpensslLib[Crypto].inf Although this option is set in some build environments by default. But this is only for OpenSSL compilation, no matter how the default options change. Due to --with-rand-seed=3Dnone, We need to provide a placeholder header file CryptoPkg/Library/Include/sys/syscall.h. Cc: Jian J Wang Cc: Ting Ye Signed-off-by: Xiaoyu Lu --- CryptoPkg/Library/Include/sys/syscall.h | 9 +++++++++ CryptoPkg/Library/OpensslLib/OpensslLib.inf | 16 ++++++++++------ CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 16 ++++++++++------ 3 files changed, 29 insertions(+), 12 deletions(-) create mode 100644 CryptoPkg/Library/Include/sys/syscall.h diff --git a/CryptoPkg/Library/Include/sys/syscall.h b/CryptoPkg/Library/In= clude/sys/syscall.h new file mode 100644 index 0000000..bd212b0 --- /dev/null +++ b/CryptoPkg/Library/Include/sys/syscall.h @@ -0,0 +1,9 @@ +/** @file + Include file to support building the third-party cryptographic library. + +Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index 530ac5f..f4d7772 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -530,17 +530,20 @@ # Disables the following Visual Studio compiler warnings brought by open= ssl source, # so we do not break the build with /WX option: # C4090: 'function' : different 'const' qualifiers + # C4132: 'object' : const object should be initialized (tls13_enc.c) # C4244: conversion from type1 to type2, possible loss of data # C4245: conversion from type1 to type2, signed/unsigned mismatch # C4267: conversion from size_t to type, possible loss of data # C4306: 'identifier' : conversion from 'type1' to 'type2' of greater = size + # C4310: cast truncates constant value # C4389: 'operator' : signed/unsigned mismatch (xxxx) + # C4700: uninitialized local variable 'name' used. (conf_sap.c(71)) # C4702: unreachable code # C4706: assignment within conditional expression # C4819: The file contains a character that cannot be represented in t= he current code page # - MSFT:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) /wd4090 /wd4244 /wd4245 /wd4267 /wd4389 /wd4702 /wd4706 /wd4819 - MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) /wd4090 /wd4244 /wd4245 /wd4267 /wd4306 /wd4389 /wd4702 /wd4706 /wd4819 + MSFT:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 = /wd4706 /wd4819 + MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 = /wd4702 /wd4706 /wd4819 =20 INTEL:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) /w INTEL:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) /w @@ -550,11 +553,12 @@ # -Werror=3Dmaybe-uninitialized: there exist some other paths for whic= h the variable is not initialized. # -Werror=3Dformat: Check calls to printf and scanf, etc., to make sur= e that the arguments supplied have # types appropriate to the format string specified. + # -Werror=3Dunused-but-set-variable: Warn whenever a local variable is= assigned to, but otherwise unused (aside from its declaration). # - GCC:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-err= or=3Dmaybe-uninitialized - GCC:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-err= or=3Dmaybe-uninitialized -Wno-error=3Dformat -Wno-format -DNO_MSABI_VA_FUNCS - GCC:*_*_ARM_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized - GCC:*_*_AARCH64_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-format + GCC:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-err= or=3Dmaybe-uninitialized -Wno-error=3Dunused-but-set-variable + GCC:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-err= or=3Dmaybe-uninitialized -Wno-error=3Dformat -Wno-format -Wno-error=3Dunuse= d-but-set-variable -DNO_MSABI_VA_FUNCS + GCC:*_*_ARM_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-error=3Dunused-but-set-variable + GCC:*_*_AARCH64_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-format -Wno-error=3Dunused-but-set-variable =20 # suppress the following warnings in openssl so we don't break the build= with warnings-as-errors: # 1295: Deprecated declaration - give arg types diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index 2310100..fd12d11 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -491,17 +491,20 @@ # Disables the following Visual Studio compiler warnings brought by open= ssl source, # so we do not break the build with /WX option: # C4090: 'function' : different 'const' qualifiers + # C4132: 'object' : const object should be initialized (tls13_enc.c) # C4244: conversion from type1 to type2, possible loss of data # C4245: conversion from type1 to type2, signed/unsigned mismatch # C4267: conversion from size_t to type, possible loss of data # C4306: 'identifier' : conversion from 'type1' to 'type2' of greater = size + # C4310: cast truncates constant value # C4389: 'operator' : signed/unsigned mismatch (xxxx) + # C4700: uninitialized local variable 'name' used. (conf_sap.c(71)) # C4702: unreachable code # C4706: assignment within conditional expression # C4819: The file contains a character that cannot be represented in t= he current code page # - MSFT:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) /wd4090 /wd4244 /wd4245 /wd4267 /wd4389 /wd4702 /wd4706 /wd4819 - MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) /wd4090 /wd4244 /wd4245 /wd4267 /wd4306 /wd4389 /wd4702 /wd4706 /wd4819 + MSFT:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 = /wd4706 /wd4819 + MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAG= S) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 = /wd4702 /wd4706 /wd4819 =20 INTEL:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) /w INTEL:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPEN= SSL_FLAGS) /w @@ -511,11 +514,12 @@ # -Werror=3Dmaybe-uninitialized: there exist some other paths for whic= h the variable is not initialized. # -Werror=3Dformat: Check calls to printf and scanf, etc., to make sur= e that the arguments supplied have # types appropriate to the format string specified. + # -Werror=3Dunused-but-set-variable: Warn whenever a local variable is= assigned to, but otherwise unused (aside from its declaration). # - GCC:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-err= or=3Dmaybe-uninitialized - GCC:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-err= or=3Dmaybe-uninitialized -Wno-error=3Dformat -Wno-format -DNO_MSABI_VA_FUNCS - GCC:*_*_ARM_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized - GCC:*_*_AARCH64_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-format + GCC:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-err= or=3Dmaybe-uninitialized -Wno-error=3Dunused-but-set-variable + GCC:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-err= or=3Dmaybe-uninitialized -Wno-error=3Dformat -Wno-format -Wno-error=3Dunuse= d-but-set-variable -DNO_MSABI_VA_FUNCS + GCC:*_*_ARM_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-error=3Dunused-but-set-variable + GCC:*_*_AARCH64_CC_FLAGS =3D $(OPENSSL_FLAGS) -Wno-error=3Dmaybe-uniniti= alized -Wno-format -Wno-error=3Dunused-but-set-variable =20 # suppress the following warnings in openssl so we don't break the build= with warnings-as-errors: # 1295: Deprecated declaration - give arg types --=20 2.7.4 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#40503): https://edk2.groups.io/g/devel/message/40503 Mute This Topic: https://groups.io/mt/31606975/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 4 16:33:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+40504+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+40504+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1557753973; cv=none; d=zoho.com; s=zohoarc; b=IUqp2kljvNrt1Cz/S5sJ+dfGu9qFg/3qc2hgBBAKTnyAVa2Q4BDmOZZF+qWj5i4ySVSW+J7n2OV63K4MA0VFSAlE/RmIF4wzQXvfvforsjIPa/q6fGZqcngWRtU+tnlchkYGr/dUWfwehz3G9Bsmza9otm4metjiVaRIcFv2RN8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1557753973; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=jC+DO0ZCK9ah3G+yaxBxGriospg5mtoE07DL+S2oWIY=; b=Keq9sTRg0e9Xk9hfol5Qk1mUejGIpmhFtGv/Rj/MSbpmLyY7GZj0Gi8Hu+HPfl1edxgoWx7WIEygXtNEqMDTvcAVeC/r7NuXuW8EAjXGLbCuxjneln6Fp0ia3M+2WDDGXPEObEQEwZ7tLEWTYXlEMjMhWOfgzkN5iEeMG7J+/qQ= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+40504+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1557753973845512.4327486425742; Mon, 13 May 2019 06:26:13 -0700 (PDT) Return-Path: X-Received: from mga17.intel.com (mga17.intel.com []) by groups.io with SMTP; Mon, 13 May 2019 06:26:12 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 May 2019 06:26:12 -0700 X-ExtLoop1: 1 X-Received: from xiaoyu-dev.sh.intel.com ([10.239.47.11]) by fmsmga004.fm.intel.com with ESMTP; 13 May 2019 06:26:11 -0700 From: "Xiaoyu lu" To: devel@edk2.groups.io Cc: lersek@redhat.com, xiaoyux.lu@intel.com, Jian J Wang , Ting Ye Subject: [edk2-devel] [PATCH v3 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b Date: Mon, 13 May 2019 09:25:11 -0400 Message-Id: <1557753912-30122-6-git-send-email-xiaoyux.lu@intel.com> In-Reply-To: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com> References: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,xiaoyux.lu@intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1557753972; bh=gRFbt/U4s/jB2g9Ssx9AhfndViEyi2Hd8PvNVeK1Fpc=; h=Cc:Date:From:Reply-To:Subject:To; b=TrbBMt2o+3bumjnMtyLEK6dB2bwOHCwk/HTlok+ImWLtvEsf/ZFCeEf8vYsBeclLdv3 q7tWnWQBp+Gv4x+nj5KdFcRE2ttu+rRXlZgtKU5AQbazL+G6cqfPyFNzl647KDC6s8Oo9 VbHIztmm4rVDKNhw9I2T0CPqPoTBF5wLVx4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Xiaoyu Lu REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1089 Update OpenSSL submodule to OpenSSL_1_1_1b OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687) Run process_files.pl script to regenerate OpensslLib[Crypto].inf and opensslconf.h Remove -DNO_SYSLOG from OPENSSL_FLAGS in OpensslLib[Crypto].inf, due to upstream OpenSSL commit cff55b90e95e("Cleaning UEFI Build with additional OPENSSL_SYS_UEFI flags", 2017-03-29), which was first released as part of OpenSSL_1_1_1. Starting with OpenSSL commit 8a8d9e1905(first release in OpenSSL_1_1_1), the OpenSSL_version() function can no longer return a pointer to the string literal "compiler: information not available", in the case CFLAGS macro is not defined. Instead, the function now has a hard dependency on the global variable 'compiler_flags'. This variable is normally placed by "util/mkbuildinf.pl" into "buildinf.h". In edk2 we don't run that script whenever we build OpenSSL, therefor we must provide our own dummy 'compiler_flags'. Since OpenSSL_1_1_1b doesn't fully implement rand pool functions for UEFI. So add a file(rand_pool.c) and implement them. * rand_pool_acquire_entropy * rand_pool_add_nonce_data * rand_pool_add_additional_data * rand_pool_init * rand_pool_cleanup * rand_pool_keep_random_devices_open We use EFI_RNG_PROTOCOL to generate random outputs for seeding entropy. And if EFI_RNG_PROTOCOL not provide by a platform, we fall back to performance counter. We don't need ossl_store functions. We exclude relative files through process_files.pl. And ossl_store_cleanup_int was first added in crypto/init.c OpenSSL_1_1_1(71a5516d). So add a new file(ossl_store.c) to implement ossl_store_cleanup_int function. BUFSIZ is used by crypto/evp/evp_key.c(OpenSSL_1_1_1b) And it is declared in stdio.h. So add it to CrtLibSupport.h. Ref: https://github.com/openssl/openssl/issues/8904 Cc: Jian J Wang Cc: Ting Ye Signed-off-by: Xiaoyu Lu --- CryptoPkg/Library/Include/CrtLibSupport.h | 11 + CryptoPkg/Library/Include/openssl/opensslconf.h | 54 +++- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 47 ++- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 38 ++- CryptoPkg/Library/OpensslLib/buildinf.h | 2 + CryptoPkg/Library/OpensslLib/openssl | 2 +- CryptoPkg/Library/OpensslLib/ossl_store.c | 17 ++ CryptoPkg/Library/OpensslLib/rand_pool.c | 339 ++++++++++++++++++= ++++ 8 files changed, 481 insertions(+), 29 deletions(-) create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/= Include/CrtLibSupport.h index b05c5d9..467f8c8 100644 --- a/CryptoPkg/Library/Include/CrtLibSupport.h +++ b/CryptoPkg/Library/Include/CrtLibSupport.h @@ -21,6 +21,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define MAX_STRING_SIZE 0x1000 =20 // +// We already have "no-ui" in out Configure invocation. +// but the code still fails to compile. +// Ref: https://github.com/openssl/openssl/issues/8904 +// +// This is defined in CRT library(stdio.h). +// +#ifndef BUFSIZ +#define BUFSIZ 8192 +#endif + +// // OpenSSL relies on explicit configuration for word size in crypto/bn, // but we want it to be automatically inferred from the target. So we // bypass what's in for OPENSSL_SYS_UEFI, and diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Li= brary/Include/openssl/opensslconf.h index 28dd9ab..07fa2d3 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -10,6 +10,8 @@ * https://www.openssl.org/source/license.html */ =20 +#include + #ifdef __cplusplus extern "C" { #endif @@ -77,18 +79,21 @@ extern "C" { #ifndef OPENSSL_NO_SEED # define OPENSSL_NO_SEED #endif +#ifndef OPENSSL_NO_SM2 +# define OPENSSL_NO_SM2 +#endif #ifndef OPENSSL_NO_SRP # define OPENSSL_NO_SRP #endif #ifndef OPENSSL_NO_TS # define OPENSSL_NO_TS #endif -#ifndef OPENSSL_NO_UI -# define OPENSSL_NO_UI -#endif #ifndef OPENSSL_NO_WHIRLPOOL # define OPENSSL_NO_WHIRLPOOL #endif +#ifndef OPENSSL_RAND_SEED_NONE +# define OPENSSL_RAND_SEED_NONE +#endif #ifndef OPENSSL_NO_AFALGENG # define OPENSSL_NO_AFALGENG #endif @@ -122,6 +127,9 @@ extern "C" { #ifndef OPENSSL_NO_DEPRECATED # define OPENSSL_NO_DEPRECATED #endif +#ifndef OPENSSL_NO_DEVCRYPTOENG +# define OPENSSL_NO_DEVCRYPTOENG +#endif #ifndef OPENSSL_NO_DGRAM # define OPENSSL_NO_DGRAM #endif @@ -155,6 +163,9 @@ extern "C" { #ifndef OPENSSL_NO_ERR # define OPENSSL_NO_ERR #endif +#ifndef OPENSSL_NO_EXTERNAL_TESTS +# define OPENSSL_NO_EXTERNAL_TESTS +#endif #ifndef OPENSSL_NO_FILENAMES # define OPENSSL_NO_FILENAMES #endif @@ -209,15 +220,24 @@ extern "C" { #ifndef OPENSSL_NO_TESTS # define OPENSSL_NO_TESTS #endif +#ifndef OPENSSL_NO_TLS1_3 +# define OPENSSL_NO_TLS1_3 +#endif #ifndef OPENSSL_NO_UBSAN # define OPENSSL_NO_UBSAN #endif +#ifndef OPENSSL_NO_UI_CONSOLE +# define OPENSSL_NO_UI_CONSOLE +#endif #ifndef OPENSSL_NO_UNIT_TEST # define OPENSSL_NO_UNIT_TEST #endif #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS # define OPENSSL_NO_WEAK_SSL_CIPHERS #endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif #ifndef OPENSSL_NO_AFALGENG # define OPENSSL_NO_AFALGENG #endif @@ -236,15 +256,11 @@ extern "C" { * functions. */ #ifndef DECLARE_DEPRECATED -# if defined(OPENSSL_NO_DEPRECATED) -# define DECLARE_DEPRECATED(f) -# else -# define DECLARE_DEPRECATED(f) f; -# ifdef __GNUC__ -# if __GNUC__ > 3 || (__GNUC__ =3D=3D 3 && __GNUC_MINOR__ > 0) -# undef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -# endif +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ =3D=3D 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); # endif # endif #endif @@ -268,6 +284,18 @@ extern "C" { # define OPENSSL_API_COMPAT OPENSSL_MIN_API #endif =20 +/* + * Do not deprecate things to be deprecated in version 1.2.0 before the + * OpenSSL version number matches. + */ +#if OPENSSL_VERSION_NUMBER < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) f; +#elif OPENSSL_API_COMPAT < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_2_0(f) +#endif + #if OPENSSL_API_COMPAT < 0x10100000L # define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) #else @@ -286,8 +314,6 @@ extern "C" { # define DEPRECATEDIN_0_9_8(f) #endif =20 - - /* Generate 80386 code? */ #undef I386_ONLY =20 diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index f4d7772..72f0a67 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -15,13 +15,15 @@ VERSION_STRING =3D 1.0 LIBRARY_CLASS =3D OpensslLib DEFINE OPENSSL_PATH =3D openssl - DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DNO_SYSLOG + DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE =20 # # VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 # =20 [Sources] + ossl_store.c + rand_pool.c $(OPENSSL_PATH)/e_os.h # Autogenerated files list starts here $(OPENSSL_PATH)/crypto/aes/aes_cbc.c @@ -32,6 +34,7 @@ $(OPENSSL_PATH)/crypto/aes/aes_misc.c $(OPENSSL_PATH)/crypto/aes/aes_ofb.c $(OPENSSL_PATH)/crypto/aes/aes_wrap.c + $(OPENSSL_PATH)/crypto/aria/aria.c $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c $(OPENSSL_PATH)/crypto/asn1/a_digest.c @@ -54,6 +57,7 @@ $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c $(OPENSSL_PATH)/crypto/asn1/asn1_err.c $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c + $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c $(OPENSSL_PATH)/crypto/asn1/asn1_par.c $(OPENSSL_PATH)/crypto/asn1/asn_mime.c @@ -172,6 +176,7 @@ $(OPENSSL_PATH)/crypto/conf/conf_ssl.c $(OPENSSL_PATH)/crypto/cpt_err.c $(OPENSSL_PATH)/crypto/cryptlib.c + $(OPENSSL_PATH)/crypto/ctype.c $(OPENSSL_PATH)/crypto/cversion.c $(OPENSSL_PATH)/crypto/des/cbc_cksm.c $(OPENSSL_PATH)/crypto/des/cbc_enc.c @@ -189,7 +194,6 @@ $(OPENSSL_PATH)/crypto/des/pcbc_enc.c $(OPENSSL_PATH)/crypto/des/qud_cksm.c $(OPENSSL_PATH)/crypto/des/rand_key.c - $(OPENSSL_PATH)/crypto/des/rpc_enc.c $(OPENSSL_PATH)/crypto/des/set_key.c $(OPENSSL_PATH)/crypto/des/str2key.c $(OPENSSL_PATH)/crypto/des/xcbc_enc.c @@ -206,6 +210,7 @@ $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c $(OPENSSL_PATH)/crypto/dh/dh_prn.c $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c + $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c $(OPENSSL_PATH)/crypto/dso/dso_dl.c $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c $(OPENSSL_PATH)/crypto/dso/dso_err.c @@ -228,6 +233,7 @@ $(OPENSSL_PATH)/crypto/evp/e_aes.c $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c + $(OPENSSL_PATH)/crypto/evp/e_aria.c $(OPENSSL_PATH)/crypto/evp/e_bf.c $(OPENSSL_PATH)/crypto/evp/e_camellia.c $(OPENSSL_PATH)/crypto/evp/e_cast.c @@ -242,6 +248,7 @@ $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c $(OPENSSL_PATH)/crypto/evp/e_rc5.c $(OPENSSL_PATH)/crypto/evp/e_seed.c + $(OPENSSL_PATH)/crypto/evp/e_sm4.c $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c $(OPENSSL_PATH)/crypto/evp/encode.c $(OPENSSL_PATH)/crypto/evp/evp_cnf.c @@ -259,6 +266,7 @@ $(OPENSSL_PATH)/crypto/evp/m_null.c $(OPENSSL_PATH)/crypto/evp/m_ripemd.c $(OPENSSL_PATH)/crypto/evp/m_sha1.c + $(OPENSSL_PATH)/crypto/evp/m_sha3.c $(OPENSSL_PATH)/crypto/evp/m_sigver.c $(OPENSSL_PATH)/crypto/evp/m_wp.c $(OPENSSL_PATH)/crypto/evp/names.c @@ -271,10 +279,10 @@ $(OPENSSL_PATH)/crypto/evp/p_seal.c $(OPENSSL_PATH)/crypto/evp/p_sign.c $(OPENSSL_PATH)/crypto/evp/p_verify.c + $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c - $(OPENSSL_PATH)/crypto/evp/scrypt.c $(OPENSSL_PATH)/crypto/ex_data.c $(OPENSSL_PATH)/crypto/getenv.c $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c @@ -283,6 +291,7 @@ $(OPENSSL_PATH)/crypto/init.c $(OPENSSL_PATH)/crypto/kdf/hkdf.c $(OPENSSL_PATH)/crypto/kdf/kdf_err.c + $(OPENSSL_PATH)/crypto/kdf/scrypt.c $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c $(OPENSSL_PATH)/crypto/lhash/lh_stats.c $(OPENSSL_PATH)/crypto/lhash/lhash.c @@ -360,14 +369,14 @@ $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c - $(OPENSSL_PATH)/crypto/rand/md_rand.c + $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c + $(OPENSSL_PATH)/crypto/rand/drbg_lib.c $(OPENSSL_PATH)/crypto/rand/rand_egd.c $(OPENSSL_PATH)/crypto/rand/rand_err.c $(OPENSSL_PATH)/crypto/rand/rand_lib.c $(OPENSSL_PATH)/crypto/rand/rand_unix.c $(OPENSSL_PATH)/crypto/rand/rand_vms.c $(OPENSSL_PATH)/crypto/rand/rand_win.c - $(OPENSSL_PATH)/crypto/rand/randfile.c $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c @@ -379,8 +388,8 @@ $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c + $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c $(OPENSSL_PATH)/crypto/rsa/rsa_none.c - $(OPENSSL_PATH)/crypto/rsa/rsa_null.c $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c @@ -392,15 +401,27 @@ $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c + $(OPENSSL_PATH)/crypto/sha/keccak1600.c $(OPENSSL_PATH)/crypto/sha/sha1_one.c $(OPENSSL_PATH)/crypto/sha/sha1dgst.c $(OPENSSL_PATH)/crypto/sha/sha256.c $(OPENSSL_PATH)/crypto/sha/sha512.c + $(OPENSSL_PATH)/crypto/siphash/siphash.c + $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c + $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c + $(OPENSSL_PATH)/crypto/sm3/m_sm3.c + $(OPENSSL_PATH)/crypto/sm3/sm3.c + $(OPENSSL_PATH)/crypto/sm4/sm4.c $(OPENSSL_PATH)/crypto/stack/stack.c $(OPENSSL_PATH)/crypto/threads_none.c $(OPENSSL_PATH)/crypto/threads_pthread.c $(OPENSSL_PATH)/crypto/threads_win.c $(OPENSSL_PATH)/crypto/txt_db/txt_db.c + $(OPENSSL_PATH)/crypto/ui/ui_err.c + $(OPENSSL_PATH)/crypto/ui/ui_lib.c + $(OPENSSL_PATH)/crypto/ui/ui_null.c + $(OPENSSL_PATH)/crypto/ui/ui_openssl.c + $(OPENSSL_PATH)/crypto/ui/ui_util.c $(OPENSSL_PATH)/crypto/uid.c $(OPENSSL_PATH)/crypto/x509/by_dir.c $(OPENSSL_PATH)/crypto/x509/by_file.c @@ -445,6 +466,7 @@ $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c + $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c @@ -479,12 +501,14 @@ $(OPENSSL_PATH)/ssl/d1_msg.c $(OPENSSL_PATH)/ssl/d1_srtp.c $(OPENSSL_PATH)/ssl/methods.c + $(OPENSSL_PATH)/ssl/packet.c $(OPENSSL_PATH)/ssl/pqueue.c $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c $(OPENSSL_PATH)/ssl/record/ssl3_record.c + $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c $(OPENSSL_PATH)/ssl/s3_cbc.c $(OPENSSL_PATH)/ssl/s3_enc.c $(OPENSSL_PATH)/ssl/s3_lib.c @@ -502,16 +526,19 @@ $(OPENSSL_PATH)/ssl/ssl_stat.c $(OPENSSL_PATH)/ssl/ssl_txt.c $(OPENSSL_PATH)/ssl/ssl_utst.c + $(OPENSSL_PATH)/ssl/statem/extensions.c + $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c + $(OPENSSL_PATH)/ssl/statem/extensions_cust.c + $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c $(OPENSSL_PATH)/ssl/statem/statem.c $(OPENSSL_PATH)/ssl/statem/statem_clnt.c $(OPENSSL_PATH)/ssl/statem/statem_dtls.c $(OPENSSL_PATH)/ssl/statem/statem_lib.c $(OPENSSL_PATH)/ssl/statem/statem_srvr.c $(OPENSSL_PATH)/ssl/t1_enc.c - $(OPENSSL_PATH)/ssl/t1_ext.c $(OPENSSL_PATH)/ssl/t1_lib.c - $(OPENSSL_PATH)/ssl/t1_reneg.c $(OPENSSL_PATH)/ssl/t1_trce.c + $(OPENSSL_PATH)/ssl/tls13_enc.c $(OPENSSL_PATH)/ssl/tls_srp.c # Autogenerated files list ends here =20 @@ -521,10 +548,14 @@ =20 [LibraryClasses] DebugLib + TimerLib =20 [LibraryClasses.ARM] ArmSoftFloatLib =20 +[Protocols] + gEfiRngProtocolGuid + [BuildOptions] # # Disables the following Visual Studio compiler warnings brought by open= ssl source, diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index fd12d11..4484143 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -15,13 +15,15 @@ VERSION_STRING =3D 1.0 LIBRARY_CLASS =3D OpensslLib DEFINE OPENSSL_PATH =3D openssl - DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DNO_SYSLOG + DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE =20 # # VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 # =20 [Sources] + ossl_store.c + rand_pool.c $(OPENSSL_PATH)/e_os.h # Autogenerated files list starts here $(OPENSSL_PATH)/crypto/aes/aes_cbc.c @@ -32,6 +34,7 @@ $(OPENSSL_PATH)/crypto/aes/aes_misc.c $(OPENSSL_PATH)/crypto/aes/aes_ofb.c $(OPENSSL_PATH)/crypto/aes/aes_wrap.c + $(OPENSSL_PATH)/crypto/aria/aria.c $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c $(OPENSSL_PATH)/crypto/asn1/a_digest.c @@ -54,6 +57,7 @@ $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c $(OPENSSL_PATH)/crypto/asn1/asn1_err.c $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c + $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c $(OPENSSL_PATH)/crypto/asn1/asn1_par.c $(OPENSSL_PATH)/crypto/asn1/asn_mime.c @@ -172,6 +176,7 @@ $(OPENSSL_PATH)/crypto/conf/conf_ssl.c $(OPENSSL_PATH)/crypto/cpt_err.c $(OPENSSL_PATH)/crypto/cryptlib.c + $(OPENSSL_PATH)/crypto/ctype.c $(OPENSSL_PATH)/crypto/cversion.c $(OPENSSL_PATH)/crypto/des/cbc_cksm.c $(OPENSSL_PATH)/crypto/des/cbc_enc.c @@ -189,7 +194,6 @@ $(OPENSSL_PATH)/crypto/des/pcbc_enc.c $(OPENSSL_PATH)/crypto/des/qud_cksm.c $(OPENSSL_PATH)/crypto/des/rand_key.c - $(OPENSSL_PATH)/crypto/des/rpc_enc.c $(OPENSSL_PATH)/crypto/des/set_key.c $(OPENSSL_PATH)/crypto/des/str2key.c $(OPENSSL_PATH)/crypto/des/xcbc_enc.c @@ -206,6 +210,7 @@ $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c $(OPENSSL_PATH)/crypto/dh/dh_prn.c $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c + $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c $(OPENSSL_PATH)/crypto/dso/dso_dl.c $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c $(OPENSSL_PATH)/crypto/dso/dso_err.c @@ -228,6 +233,7 @@ $(OPENSSL_PATH)/crypto/evp/e_aes.c $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c + $(OPENSSL_PATH)/crypto/evp/e_aria.c $(OPENSSL_PATH)/crypto/evp/e_bf.c $(OPENSSL_PATH)/crypto/evp/e_camellia.c $(OPENSSL_PATH)/crypto/evp/e_cast.c @@ -242,6 +248,7 @@ $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c $(OPENSSL_PATH)/crypto/evp/e_rc5.c $(OPENSSL_PATH)/crypto/evp/e_seed.c + $(OPENSSL_PATH)/crypto/evp/e_sm4.c $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c $(OPENSSL_PATH)/crypto/evp/encode.c $(OPENSSL_PATH)/crypto/evp/evp_cnf.c @@ -259,6 +266,7 @@ $(OPENSSL_PATH)/crypto/evp/m_null.c $(OPENSSL_PATH)/crypto/evp/m_ripemd.c $(OPENSSL_PATH)/crypto/evp/m_sha1.c + $(OPENSSL_PATH)/crypto/evp/m_sha3.c $(OPENSSL_PATH)/crypto/evp/m_sigver.c $(OPENSSL_PATH)/crypto/evp/m_wp.c $(OPENSSL_PATH)/crypto/evp/names.c @@ -271,10 +279,10 @@ $(OPENSSL_PATH)/crypto/evp/p_seal.c $(OPENSSL_PATH)/crypto/evp/p_sign.c $(OPENSSL_PATH)/crypto/evp/p_verify.c + $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c - $(OPENSSL_PATH)/crypto/evp/scrypt.c $(OPENSSL_PATH)/crypto/ex_data.c $(OPENSSL_PATH)/crypto/getenv.c $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c @@ -283,6 +291,7 @@ $(OPENSSL_PATH)/crypto/init.c $(OPENSSL_PATH)/crypto/kdf/hkdf.c $(OPENSSL_PATH)/crypto/kdf/kdf_err.c + $(OPENSSL_PATH)/crypto/kdf/scrypt.c $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c $(OPENSSL_PATH)/crypto/lhash/lh_stats.c $(OPENSSL_PATH)/crypto/lhash/lhash.c @@ -360,14 +369,14 @@ $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c - $(OPENSSL_PATH)/crypto/rand/md_rand.c + $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c + $(OPENSSL_PATH)/crypto/rand/drbg_lib.c $(OPENSSL_PATH)/crypto/rand/rand_egd.c $(OPENSSL_PATH)/crypto/rand/rand_err.c $(OPENSSL_PATH)/crypto/rand/rand_lib.c $(OPENSSL_PATH)/crypto/rand/rand_unix.c $(OPENSSL_PATH)/crypto/rand/rand_vms.c $(OPENSSL_PATH)/crypto/rand/rand_win.c - $(OPENSSL_PATH)/crypto/rand/randfile.c $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c @@ -379,8 +388,8 @@ $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c + $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c $(OPENSSL_PATH)/crypto/rsa/rsa_none.c - $(OPENSSL_PATH)/crypto/rsa/rsa_null.c $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c @@ -392,15 +401,27 @@ $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c + $(OPENSSL_PATH)/crypto/sha/keccak1600.c $(OPENSSL_PATH)/crypto/sha/sha1_one.c $(OPENSSL_PATH)/crypto/sha/sha1dgst.c $(OPENSSL_PATH)/crypto/sha/sha256.c $(OPENSSL_PATH)/crypto/sha/sha512.c + $(OPENSSL_PATH)/crypto/siphash/siphash.c + $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c + $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c + $(OPENSSL_PATH)/crypto/sm3/m_sm3.c + $(OPENSSL_PATH)/crypto/sm3/sm3.c + $(OPENSSL_PATH)/crypto/sm4/sm4.c $(OPENSSL_PATH)/crypto/stack/stack.c $(OPENSSL_PATH)/crypto/threads_none.c $(OPENSSL_PATH)/crypto/threads_pthread.c $(OPENSSL_PATH)/crypto/threads_win.c $(OPENSSL_PATH)/crypto/txt_db/txt_db.c + $(OPENSSL_PATH)/crypto/ui/ui_err.c + $(OPENSSL_PATH)/crypto/ui/ui_lib.c + $(OPENSSL_PATH)/crypto/ui/ui_null.c + $(OPENSSL_PATH)/crypto/ui/ui_openssl.c + $(OPENSSL_PATH)/crypto/ui/ui_util.c $(OPENSSL_PATH)/crypto/uid.c $(OPENSSL_PATH)/crypto/x509/by_dir.c $(OPENSSL_PATH)/crypto/x509/by_file.c @@ -445,6 +466,7 @@ $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c + $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c @@ -482,10 +504,14 @@ =20 [LibraryClasses] DebugLib + TimerLib =20 [LibraryClasses.ARM] ArmSoftFloatLib =20 +[Protocols] + gEfiRngProtocolGuid + [BuildOptions] # # Disables the following Visual Studio compiler warnings brought by open= ssl source, diff --git a/CryptoPkg/Library/OpensslLib/buildinf.h b/CryptoPkg/Library/Op= ensslLib/buildinf.h index c5ca293..b840c86 100644 --- a/CryptoPkg/Library/OpensslLib/buildinf.h +++ b/CryptoPkg/Library/OpensslLib/buildinf.h @@ -1,2 +1,4 @@ #define PLATFORM "UEFI" #define DATE "Fri Dec 22 01:23:45 PDT 2017" + +const char * compiler_flags =3D "compiler: information not available from = edk2"; diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/Opens= slLib/openssl index 74f2d9c..50eaac9 160000 --- a/CryptoPkg/Library/OpensslLib/openssl +++ b/CryptoPkg/Library/OpensslLib/openssl @@ -1 +1 @@ -Subproject commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762 +Subproject commit 50eaac9f3337667259de725451f201e784599687 diff --git a/CryptoPkg/Library/OpensslLib/ossl_store.c b/CryptoPkg/Library/= OpensslLib/ossl_store.c new file mode 100644 index 0000000..29e1506 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/ossl_store.c @@ -0,0 +1,17 @@ +/** @file + Dummy implement ossl_store(Store retrieval functions) for UEFI. + +Copyright (c) 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +/* + * This function is cleanup ossl store. + * + * Dummy Implement for UEFI + */ +void ossl_store_cleanup_int(void) +{ +} + diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/O= pensslLib/rand_pool.c new file mode 100644 index 0000000..a88ad8b --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/rand_pool.c @@ -0,0 +1,339 @@ +/** @file + OpenSSL_1_1_1b doesn't implement rand_pool_* functions for UEFI. + The file implement these functions. + +Copyright (c) 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "internal/rand_int.h" +#include +#include +#include +#include +#include + +/** + Get some randomness from low-order bits of GetPerformanceCounter results. + And combine them to the 64-bit value + + @param[out] Rand Buffer pointer to store the 64-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate. +**/ +STATIC +BOOLEAN +EFIAPI +RandNumber64FromPerformanceCounter( + OUT UINT64 *Rand + ) +{ + UINT32 Index; + UINT32 *RandPtr; + RandPtr =3D (UINT32 *)Rand; + + ASSERT (Rand !=3D NULL); + + for (Index =3D 0; Index < 2; Index ++) { + *RandPtr =3D (UINT32)(GetPerformanceCounter() & 0xFF); + MicroSecondDelay(10); + RandPtr++; + } + + return TRUE; +} + + +/** + Generates a 64-bit random number. + if Rand is NULL, then ASSERT(). + @param[out] Rand Buffer pointer to store the 64-bit random value. + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. +**/ +STATIC +BOOLEAN +EFIAPI +RandomNumber64 ( + OUT UINT64 *Rand + ) +{ + EFI_RNG_PROTOCOL *Rng; + UINTN Number =3D 8; + EFI_STATUS Status; + BOOLEAN Ret; + + ASSERT (Rand !=3D NULL); + + Ret =3D FALSE; + + Status =3D gBS->LocateProtocol(&gEfiRngProtocolGuid, NULL, (VOID **)&Rng= ); + if (Status =3D=3D EFI_NOT_FOUND) { + // + // Fall back to use PerformanceCounter to generate rand nubmer. + // We are not sure about the amount of randomness it provides. + // If you really care about the security. please provide a EFI_RNG_PRO= TOCOL + // + Ret =3D RandNumber64FromPerformanceCounter(Rand); + return Ret; + } + + if (Status =3D=3D EFI_SUCCESS) { + Status =3D Rng->GetRNG (Rng, NULL, Number, (UINT8 *)Rand); + } + + if (Status =3D=3D EFI_SUCCESS) { + Ret =3D TRUE; + } + + return Ret; +} + +/** + Calls RandomNumber64 to fill + a buffer of arbitrary size with random bytes. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] RandBuffer Pointer to the buffer to store the random res= ult. + + @retval EFI_SUCCESS Random bytes generation succeeded. + @retval EFI_NOT_READY Failed to request random bytes. + +**/ +STATIC +BOOLEAN +EFIAPI +RandGetBytes ( + IN UINTN Length, + OUT UINT8 *RandBuffer + ) +{ + BOOLEAN Ret; + UINT64 TempRand; + + Ret =3D FALSE; + + while (Length > 0) { + Ret =3D RandomNumber64 (&TempRand); + if (!Ret) { + return Ret; + } + if (Length >=3D sizeof (TempRand)) { + *((UINT64*)RandBuffer) =3D TempRand; + RandBuffer +=3D sizeof (UINT64); + Length -=3D sizeof (TempRand); + } else { + CopyMem (RandBuffer, &TempRand, Length); + Length =3D 0; + } + } + + return Ret; +} + +/** + Creates a 128bit random value that is fully forward and backward predict= ion resistant, + suitable for seeding a NIST SP800-90 Compliant. + This function takes multiple random numbers from PerformanceCounter to e= nsure reseeding + and performs AES-CBC-MAC over the data to compute the seed value. + + @param[out] SeedBuffer Pointer to a 128bit buffer to store the rando= m seed. + + @retval TRUE Random seed generation succeeded. + @retval FALSE Failed to request random bytes. + +**/ +STATIC +BOOLEAN +EFIAPI +RandGetSeed128 ( + OUT UINT8 *SeedBuffer + ) +{ + BOOLEAN Ret; + UINT8 RandByte[16]; + UINT8 Key[16]; + UINT8 Ffv[16]; + UINT8 Xored[16]; + UINT32 Index; + UINT32 Index2; + AES_KEY AESKey; + + // + // Chose an arbitary key and zero the feed_forward_value (FFV) + // + for (Index =3D 0; Index < 16; Index++) { + Key[Index] =3D (UINT8) Index; + Ffv[Index] =3D 0; + } + + AES_set_encrypt_key(Key, 16 * 8, &AESKey); + + // + // Perform CBC_MAC over 32 * 128 bit values, with 10us gaps between 128 = bit value + // The 10us gaps will ensure multiple reseeds within the system time wit= h a large + // design margin. + // + for (Index =3D 0; Index < 32; Index++) { + MicroSecondDelay (10); + Ret =3D RandGetBytes (16, RandByte); + if (!Ret) { + return Ret; + } + + // + // Perform XOR operations on two 128-bit value. + // + for (Index2 =3D 0; Index2 < 16; Index2++) { + Xored[Index2] =3D RandByte[Index2] ^ Ffv[Index2]; + } + + AES_encrypt(Xored, Ffv, &AESKey); + } + + for (Index =3D 0; Index < 16; Index++) { + SeedBuffer[Index] =3D Ffv[Index]; + } + + return Ret; +} + +/** + Generate high-quality entropy source. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] Entropy Pointer to the buffer to store the entropy da= ta. + + @retval EFI_SUCCESS Entropy generation succeeded. + @retval EFI_NOT_READY Failed to request random data. + +**/ +STATIC +BOOLEAN +EFIAPI +RandGenerateEntropy ( + IN UINTN Length, + OUT UINT8 *Entropy + ) +{ + BOOLEAN Ret; + UINTN BlockCount; + UINT8 Seed[16]; + UINT8 *Ptr; + + BlockCount =3D Length / 16; + Ptr =3D (UINT8 *)Entropy; + + // + // Generate high-quality seed for DRBG Entropy + // + while (BlockCount > 0) { + Ret =3D RandGetSeed128 (Seed); + if (!Ret) { + return Ret; + } + CopyMem (Ptr, Seed, 16); + + BlockCount--; + Ptr =3D Ptr + 16; + } + + // + // Populate the remained data as request. + // + Ret =3D RandGetSeed128 (Seed); + if (!Ret) { + return Ret; + } + CopyMem (Ptr, Seed, (Length % 16)); + + return Ret; +} + +/* + * Add random bytes to the pool to acquire requested amount of entropy + * + * This function is platform specific and tries to acquire the requested + * amount of entropy by polling platform specific entropy sources. + */ +size_t rand_pool_acquire_entropy(RAND_POOL *pool) +{ + BOOLEAN Ret; + size_t bytes_needed; + unsigned char * buffer; + + bytes_needed =3D rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + if (bytes_needed > 0) { + buffer =3D rand_pool_add_begin(pool, bytes_needed); + + if (buffer !=3D NULL) { + Ret =3D RandGenerateEntropy(bytes_needed, buffer); + if (FALSE =3D=3D Ret) { + rand_pool_add_end(pool, 0, 0); + } else { + rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed); + } + } + } + + return rand_pool_entropy_available(pool); +} + +/* + * Implementation for UEFI + */ +int rand_pool_add_nonce_data(RAND_POOL *pool) +{ + struct { + UINT64 MonotonicCount; + UINT64 Rand; + UINT64 TimerValue; + } data =3D { 0 }; + + gBS->GetNextMonotonicCount(&(data.MonotonicCount)); + RandGetBytes(8, (UINT8 *)&(data.Rand)); + data.TimerValue =3D GetPerformanceCounter(); + + return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0); +} + +/* + * Implementation for UEFI + */ +int rand_pool_add_additional_data(RAND_POOL *pool) +{ + struct { + UINT64 Rand; + UINT64 TimerValue; + } data =3D { 0 }; + + RandGetBytes(8, (UINT8 *)&(data.Rand)); + data.TimerValue =3D GetPerformanceCounter(); + + return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0); +} + +/* + * Dummy Implememtation for UEFI + */ +int rand_pool_init(void) +{ + return 1; +} + +/* + * Dummy Implememtation for UEFI + */ +void rand_pool_cleanup(void) +{ +} + +/* + * Dummy Implememtation for UEFI + */ +void rand_pool_keep_random_devices_open(int keep) +{ +} + --=20 2.7.4 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#40504): https://edk2.groups.io/g/devel/message/40504 Mute This Topic: https://groups.io/mt/31606976/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 4 16:33:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+40505+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+40505+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1557753974; cv=none; d=zoho.com; s=zohoarc; b=aD3B7CH+ET9rSjoh204YE2XE+wrBQMT5ObMgzw9+B9FRTZuCKoA0RVwsqi4TrVd3J704LQcqueFx1dWJhU3vUlfK2B7ZxaS84GG++D//d9d79upT73WUGZPWNIlBfrN3CaQOLrOD74vmaJxxC/1SKM6kdRASgMrbgLTL6Ui+PAA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1557753974; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=F8NQ09HK5v1FmFl5hUvzy4P2sHAolxVuA/RBkh1R+gU=; b=FCP+MXuKT9skbbYJzn73eXAtSFMgpmAWWZhLMxtcuKvjspvdIm85xKRZJ6+rObtpoSqktjVgUWdBpaEYLqgOq70dktiMkGutnMHtfwyWsjirateftcyv5wWZ53dMuycNzc+8hSj2hVe1wdaN07uYbQnyMaA/NgrmxLl5U/BunZY= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+40505+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1557753974423971.4415821935418; Mon, 13 May 2019 06:26:14 -0700 (PDT) Return-Path: X-Received: from mga17.intel.com (mga17.intel.com []) by groups.io with SMTP; Mon, 13 May 2019 06:26:13 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 May 2019 06:26:13 -0700 X-ExtLoop1: 1 X-Received: from xiaoyu-dev.sh.intel.com ([10.239.47.11]) by fmsmga004.fm.intel.com with ESMTP; 13 May 2019 06:26:12 -0700 From: "Xiaoyu lu" To: devel@edk2.groups.io Cc: lersek@redhat.com, xiaoyux.lu@intel.com, Jian J Wang , Ting Ye Subject: [edk2-devel] [PATCH v3 6/6] CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible Date: Mon, 13 May 2019 09:25:12 -0400 Message-Id: <1557753912-30122-7-git-send-email-xiaoyux.lu@intel.com> In-Reply-To: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com> References: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,xiaoyux.lu@intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1557753974; bh=XxYzPu+A8egVHh6JnpYVkG1dGxSaz2HGOmHKkD1LuXs=; h=Cc:Date:From:Reply-To:Subject:To; b=Ueqe4UJBC9cLDPgwjFpxfwrBSWWE0Twh53OjLjROgnCNEzkMUf/OB4mCBMKpUnpqta6 BXLtjoJ+ZbfHBfUmwxHzeHSmBrtS1Aj5ZM9YdH/fqdsaKe4vglfSUqd5GuwQlDycNWHeE knVDxq+QQ8nWuQO+ond/++3xh0SoODym8Jc= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Xiaoyu Lu Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1089 OpenSSL internally redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h(OpenSSL commit e0810e35). Ref: https://github.com/openssl/openssl/pull/4338 We should not use it directly and should remove relevant functions(Hmac*GetContextSize). Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1792 But for compatiblility, temporarily change these definition of HMAC_*_CTX_SIZE. Cc: Jian J Wang Cc: Ting Ye Signed-off-by: Xiaoyu Lu --- CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 8 ++++++-- CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 9 +++++++-- CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 8 ++++++-- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg= /Library/BaseCryptLib/Hmac/CryptHmacMd5.c index 3134806..19e9fbe 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c @@ -9,8 +9,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "InternalCryptLib.h" #include =20 -#define HMAC_MD5_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \ - sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK +// +// NOTE: OpenSSL redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h +// #define HMAC_MAX_MD_CBLOCK_SIZE 144 +// +#define HMAC_MD5_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned int) + \ + sizeof(unsigned char) * 144) =20 /** Retrieves the size, in bytes, of the context buffer required for HMAC-MD= 5 operations. diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPk= g/Library/BaseCryptLib/Hmac/CryptHmacSha1.c index bbe3df4..7d7df96 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c @@ -9,8 +9,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "InternalCryptLib.h" #include =20 -#define HMAC_SHA1_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \ - sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK +// +// NOTE: OpenSSL redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h +// #define HMAC_MAX_MD_CBLOCK_SIZE 144 +// +// +#define HMAC_SHA1_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned int) += \ + sizeof(unsigned char) * 144) =20 /** Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A1 operations. diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c b/Crypto= Pkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c index ac9084f..f24443e 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c @@ -9,8 +9,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "InternalCryptLib.h" #include =20 -#define HMAC_SHA256_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) += \ - sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK +// +// NOTE: OpenSSL redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h +// #define HMAC_MAX_MD_CBLOCK_SIZE 144 +// +#define HMAC_SHA256_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned int)= + \ + sizeof(unsigned char) * 144) =20 /** Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A256 operations. --=20 2.7.4 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#40505): https://edk2.groups.io/g/devel/message/40505 Mute This Topic: https://groups.io/mt/31606978/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-