From dddeaf3f7dc8d30640119e999bbfabf4ce068a68 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 5 Mar 2021 17:44:23 -0500 Subject: Re-organize a bunch of CFLAGS-related makefile bits Some of our makefile bits are a mess, as you may have noticed, making changes to them difficult to review. This patch attempts to make some parts of them vaguely less of a mess, in order to facilitate review of follow-up changes. To so it: - coalesces feature flags, optimizations, -W{no-,}, -W{no-}error, include directives, and define/undefine directives into (mostly) separate groups. - exports them as appropriate so the sub-makes can use them - Makes sure we have -Wextra -Werror everywhere, but adds -Wno-foo and -Wno-error=foo directives at the appropriate places to keep the net warnings the same. - makes the arch defines in Cryptlib and Cryptlib/OpenSSL use the appropriate ones, with no attempt to make them less stupid, without changing the overall order. - coalesces the various includes, with no attempt to make them less stupid, without changing the overall order. - One giant glaring whitespace fix in Cryptlib/OpenSSL/Makefile Signed-off-by: Peter Jones --- Cryptlib/OpenSSL/Makefile | 860 +++++++++++++++++++++++----------------------- 1 file changed, 439 insertions(+), 421 deletions(-) (limited to 'Cryptlib/OpenSSL') diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 9a7697cc..6a58dbaa 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -1,440 +1,458 @@ -EFI_INCLUDES = -I$(TOPDIR)/../Include \ - -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol \ - -I$(TOPDIR)/crypto/asn1 -I$(TOPDIR)/crypto/evp -I$(TOPDIR)/crypto/modes -I$(TOPDIR)/crypto/include +DEFINES = -DL_ENDIAN \ + -D_CRT_SECURE_NO_DEPRECATE \ + -D_CRT_NONSTDC_NO_DEPRECATE \ + -DOPENSSL_SMALL_FOOTPRINT \ + -DPEDANTIC -CFLAGS = -ggdb $(OPTIMIZATIONS) -I$(TOPDIR) -I$(TOPDIR)/.. -I$(TOPDIR)/../Include/ -I$(TOPDIR)/crypto \ - -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \ - -ffreestanding -std=gnu89 -I$(shell $(CC) -print-file-name=include) \ - -Wall $(EFI_INCLUDES) -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC +INCLUDES = -I$(TOPDIR) -I$(TOPDIR)/.. -I$(TOPDIR)/../Include/ -I$(TOPDIR)/crypto \ + -I$(shell $(CC) -print-file-name=include) \ + -I$(TOPDIR)/../Include $(EFI_INCLUDES) \ + -I$(TOPDIR)/crypto/asn1 -I$(TOPDIR)/crypto/evp \ + -I$(TOPDIR)/crypto/modes -I$(TOPDIR)/crypto/include + +WERRFLAGS += -Wno-error=discarded-qualifiers \ + -Wno-error=maybe-uninitialized \ + -Wno-error=unused-function \ + -Wno-error=unused-but-set-variable + +CFLAGS = $(FEATUREFLAGS) \ + $(OPTIMIZATIONS) \ + $(WARNFLAGS) \ + $(WERRFLAGS) \ + $(INCLUDES) \ + $(DEFINES) CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) ifeq ($(ARCH),x86_64) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) \ - -m64 -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 +FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) +DEFINES += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ + -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 endif ifeq ($(ARCH),ia32) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \ - $(CLANG_BUGS) -m32 -DMDE_CPU_IA32 +FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) +DEFINES += -DMDE_CPU_IA32 endif ifeq ($(ARCH),aarch64) - CFLAGS += -O2 -DMDE_CPU_AARCH64 +OPTIMIZATIONS += -O2 +DEFINES += -DMDE_CPU_AARCH64 endif ifeq ($(ARCH),arm) - CFLAGS += -O2 -DMDE_CPU_ARM +OPTIMIZATIONS += -O2 +DEFINES += -DMDE_CPU_ARM endif + LDFLAGS = -nostdlib -znocombreloc TARGET = libopenssl.a -OBJS = crypto/cryptlib.o \ - crypto/mem.o \ - crypto/mem_clr.o \ - crypto/mem_dbg.o \ - crypto/cversion.o \ - crypto/ex_data.o \ - crypto/cpt_err.o \ - crypto/ebcdic.o \ - crypto/uid.o \ - crypto/o_time.o \ - crypto/o_str.o \ - crypto/o_dir.o \ - crypto/o_fips.o \ - crypto/o_init.o \ - crypto/fips_ers.o \ - crypto/md5/md5_dgst.o \ - crypto/md5/md5_one.o \ - crypto/sha/sha_dgst.o \ - crypto/sha/sha1dgst.o \ - crypto/sha/sha_one.o \ - crypto/sha/sha1_one.o \ - crypto/sha/sha256.o \ - crypto/sha/sha512.o \ - crypto/hmac/hmac.o \ - crypto/hmac/hm_ameth.o \ - crypto/hmac/hm_pmeth.o \ - crypto/rc4/rc4_enc.o \ - crypto/rc4/rc4_skey.o \ - crypto/rc4/rc4_utl.o \ - crypto/aes/aes_misc.o \ - crypto/aes/aes_ecb.o \ - crypto/aes/aes_cfb.o \ - crypto/aes/aes_ofb.o \ - crypto/aes/aes_ctr.o \ - crypto/aes/aes_ige.o \ - crypto/aes/aes_wrap.o \ - crypto/aes/aes_core.o \ - crypto/aes/aes_cbc.o \ - crypto/modes/cbc128.o \ - crypto/modes/ctr128.o \ - crypto/modes/cts128.o \ - crypto/modes/cfb128.o \ - crypto/modes/ofb128.o \ - crypto/modes/gcm128.o \ - crypto/modes/ccm128.o \ - crypto/modes/xts128.o \ - crypto/modes/wrap128.o \ - crypto/bn/bn_add.o \ - crypto/bn/bn_div.o \ - crypto/bn/bn_exp.o \ - crypto/bn/bn_lib.o \ - crypto/bn/bn_ctx.o \ - crypto/bn/bn_mul.o \ - crypto/bn/bn_mod.o \ - crypto/bn/bn_print.o \ - crypto/bn/bn_rand.o \ - crypto/bn/bn_shift.o \ - crypto/bn/bn_word.o \ - crypto/bn/bn_blind.o \ - crypto/bn/bn_kron.o \ - crypto/bn/bn_sqrt.o \ - crypto/bn/bn_gcd.o \ - crypto/bn/bn_prime.o \ - crypto/bn/bn_err.o \ - crypto/bn/bn_sqr.o \ - crypto/bn/bn_asm.o \ - crypto/bn/bn_recp.o \ - crypto/bn/bn_mont.o \ - crypto/bn/bn_mpi.o \ - crypto/bn/bn_exp2.o \ - crypto/bn/bn_gf2m.o \ - crypto/bn/bn_nist.o \ - crypto/bn/bn_depr.o \ - crypto/bn/bn_x931p.o \ - crypto/bn/bn_const.o \ - crypto/rsa/rsa_eay.o \ - crypto/rsa/rsa_gen.o \ - crypto/rsa/rsa_lib.o \ - crypto/rsa/rsa_sign.o \ - crypto/rsa/rsa_saos.o \ - crypto/rsa/rsa_err.o \ - crypto/rsa/rsa_pk1.o \ - crypto/rsa/rsa_ssl.o \ - crypto/rsa/rsa_none.o \ - crypto/rsa/rsa_oaep.o \ - crypto/rsa/rsa_chk.o \ - crypto/rsa/rsa_null.o \ - crypto/rsa/rsa_pss.o \ - crypto/rsa/rsa_x931.o \ - crypto/rsa/rsa_asn1.o \ - crypto/rsa/rsa_depr.o \ - crypto/rsa/rsa_ameth.o \ - crypto/rsa/rsa_prn.o \ - crypto/rsa/rsa_pmeth.o \ - crypto/rsa/rsa_crpt.o \ - crypto/dso/dso_dl.o \ - crypto/dso/dso_dlfcn.o \ - crypto/dso/dso_err.o \ - crypto/dso/dso_lib.o \ - crypto/dso/dso_null.o \ - crypto/dso/dso_openssl.o \ - crypto/dso/dso_win32.o \ - crypto/dso/dso_vms.o \ - crypto/dso/dso_beos.o \ - crypto/dh/dh_asn1.o \ - crypto/dh/dh_gen.o \ - crypto/dh/dh_key.o \ - crypto/dh/dh_lib.o \ - crypto/dh/dh_check.o \ - crypto/dh/dh_err.o \ - crypto/dh/dh_depr.o \ - crypto/dh/dh_ameth.o \ - crypto/dh/dh_pmeth.o \ - crypto/dh/dh_prn.o \ - crypto/dh/dh_rfc5114.o \ - crypto/buffer/buffer.o \ - crypto/buffer/buf_str.o \ - crypto/buffer/buf_err.o \ - crypto/bio/bio_lib.o \ - crypto/bio/bio_cb.o \ - crypto/bio/bio_err.o \ - crypto/bio/bss_mem.o \ - crypto/bio/bss_null.o \ - crypto/bio/bss_fd.o \ - crypto/bio/bss_file.o \ - crypto/bio/bss_sock.o \ - crypto/bio/bss_conn.o \ - crypto/bio/bf_null.o \ - crypto/bio/bf_buff.o \ - crypto/bio/b_dump.o \ - crypto/bio/b_print.o \ - crypto/bio/b_sock.o \ - crypto/bio/bss_acpt.o \ - crypto/bio/bf_nbio.o \ - crypto/bio/bss_log.o \ - crypto/bio/bss_bio.o \ - crypto/bio/bss_dgram.o \ - crypto/stack/stack.o \ - crypto/lhash/lhash.o \ - crypto/lhash/lh_stats.o \ - crypto/rand/md_rand.o \ - crypto/rand/randfile.o \ - crypto/rand/rand_lib.o \ - crypto/rand/rand_err.o \ - crypto/rand/rand_unix.o \ - crypto/err/err.o \ - crypto/err/err_all.o \ - crypto/err/err_prn.o \ - crypto/objects/o_names.o \ - crypto/objects/obj_dat.o \ - crypto/objects/obj_lib.o \ - crypto/objects/obj_err.o \ - crypto/objects/obj_xref.o \ - crypto/evp/encode.o \ - crypto/evp/digest.o \ - crypto/evp/evp_enc.o \ - crypto/evp/evp_key.o \ - crypto/evp/evp_acnf.o \ - crypto/evp/evp_cnf.o \ - crypto/evp/e_des.o \ - crypto/evp/e_bf.o \ - crypto/evp/e_idea.o \ - crypto/evp/e_des3.o \ - crypto/evp/e_camellia.o \ - crypto/evp/e_rc4.o \ - crypto/evp/e_aes.o \ - crypto/evp/names.o \ - crypto/evp/e_seed.o \ - crypto/evp/e_xcbc_d.o \ - crypto/evp/e_rc2.o \ - crypto/evp/e_cast.o \ - crypto/evp/e_rc5.o \ - crypto/evp/m_null.o \ - crypto/evp/m_md2.o \ - crypto/evp/m_md4.o \ - crypto/evp/m_md5.o \ - crypto/evp/m_sha.o \ - crypto/evp/m_sha1.o \ - crypto/evp/m_wp.o \ - crypto/evp/m_dss.o \ - crypto/evp/m_dss1.o \ - crypto/evp/m_mdc2.o \ - crypto/evp/m_ripemd.o \ - crypto/evp/m_ecdsa.o \ - crypto/evp/p_open.o \ - crypto/evp/p_seal.o \ - crypto/evp/p_sign.o \ - crypto/evp/p_verify.o \ - crypto/evp/p_lib.o \ - crypto/evp/p_enc.o \ - crypto/evp/p_dec.o \ - crypto/evp/bio_md.o \ - crypto/evp/bio_b64.o \ - crypto/evp/bio_enc.o \ - crypto/evp/evp_err.o \ - crypto/evp/e_null.o \ - crypto/evp/c_all.o \ - crypto/evp/c_allc.o \ - crypto/evp/c_alld.o \ - crypto/evp/evp_lib.o \ - crypto/evp/bio_ok.o \ - crypto/evp/evp_pkey.o \ - crypto/evp/evp_pbe.o \ - crypto/evp/p5_crpt.o \ - crypto/evp/p5_crpt2.o \ - crypto/evp/e_old.o \ - crypto/evp/pmeth_lib.o \ - crypto/evp/pmeth_fn.o \ - crypto/evp/pmeth_gn.o \ - crypto/evp/m_sigver.o \ - crypto/evp/e_aes_cbc_hmac_sha1.o \ - crypto/evp/e_aes_cbc_hmac_sha256.o \ - crypto/evp/e_rc4_hmac_md5.o \ - crypto/asn1/a_object.o \ - crypto/asn1/a_bitstr.o \ - crypto/asn1/a_utctm.o \ - crypto/asn1/a_gentm.o \ - crypto/asn1/a_time.o \ - crypto/asn1/a_int.o \ - crypto/asn1/a_octet.o \ - crypto/asn1/a_print.o \ - crypto/asn1/a_type.o \ - crypto/asn1/a_set.o \ - crypto/asn1/a_dup.o \ - crypto/asn1/a_d2i_fp.o \ - crypto/asn1/a_i2d_fp.o \ - crypto/asn1/a_enum.o \ - crypto/asn1/a_utf8.o \ - crypto/asn1/a_sign.o \ - crypto/asn1/a_digest.o \ - crypto/asn1/a_verify.o \ - crypto/asn1/a_mbstr.o \ - crypto/asn1/a_strex.o \ - crypto/asn1/x_algor.o \ - crypto/asn1/x_val.o \ - crypto/asn1/x_pubkey.o \ - crypto/asn1/x_sig.o \ - crypto/asn1/x_req.o \ - crypto/asn1/x_attrib.o \ - crypto/asn1/x_bignum.o \ - crypto/asn1/x_long.o \ - crypto/asn1/x_name.o \ - crypto/asn1/x_x509.o \ - crypto/asn1/x_x509a.o \ - crypto/asn1/x_crl.o \ - crypto/asn1/x_info.o \ - crypto/asn1/x_spki.o \ - crypto/asn1/nsseq.o \ - crypto/asn1/x_nx509.o \ - crypto/asn1/d2i_pu.o \ - crypto/asn1/d2i_pr.o \ - crypto/asn1/i2d_pu.o \ - crypto/asn1/i2d_pr.o \ - crypto/asn1/t_req.o \ - crypto/asn1/t_x509.o \ - crypto/asn1/t_x509a.o \ - crypto/asn1/t_crl.o \ - crypto/asn1/t_pkey.o \ - crypto/asn1/t_spki.o \ - crypto/asn1/t_bitst.o \ - crypto/asn1/tasn_new.o \ - crypto/asn1/tasn_fre.o \ - crypto/asn1/tasn_enc.o \ - crypto/asn1/tasn_dec.o \ - crypto/asn1/tasn_utl.o \ - crypto/asn1/tasn_typ.o \ - crypto/asn1/tasn_prn.o \ - crypto/asn1/ameth_lib.o \ - crypto/asn1/f_int.o \ - crypto/asn1/f_string.o \ - crypto/asn1/n_pkey.o \ - crypto/asn1/f_enum.o \ - crypto/asn1/x_pkey.o \ - crypto/asn1/a_bool.o \ - crypto/asn1/x_exten.o \ - crypto/asn1/bio_asn1.o \ - crypto/asn1/bio_ndef.o \ - crypto/asn1/asn_mime.o \ - crypto/asn1/asn1_gen.o \ - crypto/asn1/asn1_par.o \ - crypto/asn1/asn1_lib.o \ - crypto/asn1/asn1_err.o \ - crypto/asn1/a_bytes.o \ - crypto/asn1/a_strnid.o \ - crypto/asn1/evp_asn1.o \ - crypto/asn1/asn_pack.o \ - crypto/asn1/p5_pbe.o \ - crypto/asn1/p5_pbev2.o \ - crypto/asn1/p8_pkey.o \ - crypto/asn1/asn_moid.o \ - crypto/pem/pem_sign.o \ - crypto/pem/pem_seal.o \ - crypto/pem/pem_info.o \ - crypto/pem/pem_lib.o \ - crypto/pem/pem_all.o \ - crypto/pem/pem_err.o \ - crypto/pem/pem_x509.o \ - crypto/pem/pem_xaux.o \ - crypto/pem/pem_oth.o \ - crypto/pem/pem_pk8.o \ - crypto/pem/pem_pkey.o \ - crypto/pem/pvkfmt.o \ - crypto/x509/x509_def.o \ - crypto/x509/x509_d2.o \ - crypto/x509/x509_r2x.o \ - crypto/x509/x509_cmp.o \ - crypto/x509/x509_obj.o \ - crypto/x509/x509_req.o \ - crypto/x509/x509spki.o \ - crypto/x509/x509_vfy.o \ - crypto/x509/x509_set.o \ - crypto/x509/x509cset.o \ - crypto/x509/x509rset.o \ - crypto/x509/x509_err.o \ - crypto/x509/x509name.o \ - crypto/x509/x509_v3.o \ - crypto/x509/x509_ext.o \ - crypto/x509/x509_att.o \ - crypto/x509/x509type.o \ - crypto/x509/x509_lu.o \ - crypto/x509/x_all.o \ - crypto/x509/x509_txt.o \ - crypto/x509/x509_trs.o \ - crypto/x509/x509_vpm.o \ - crypto/x509v3/v3_bcons.o \ - crypto/x509v3/v3_bitst.o \ - crypto/x509v3/v3_conf.o \ - crypto/x509v3/v3_extku.o \ - crypto/x509v3/v3_ia5.o \ - crypto/x509v3/v3_lib.o \ - crypto/x509v3/v3_prn.o \ - crypto/x509v3/v3_utl.o \ - crypto/x509v3/v3err.o \ - crypto/x509v3/v3_genn.o \ - crypto/x509v3/v3_alt.o \ - crypto/x509v3/v3_skey.o \ - crypto/x509v3/v3_akey.o \ - crypto/x509v3/v3_pku.o \ - crypto/x509v3/v3_int.o \ - crypto/x509v3/v3_enum.o \ - crypto/x509v3/v3_sxnet.o \ - crypto/x509v3/v3_cpols.o \ - crypto/x509v3/v3_crld.o \ - crypto/x509v3/v3_purp.o \ - crypto/x509v3/v3_info.o \ - crypto/x509v3/v3_ocsp.o \ - crypto/x509v3/v3_akeya.o \ - crypto/x509v3/v3_pmaps.o \ - crypto/x509v3/v3_pcons.o \ - crypto/x509v3/v3_ncons.o \ - crypto/x509v3/v3_pcia.o \ - crypto/x509v3/v3_pci.o \ - crypto/x509v3/pcy_cache.o \ - crypto/x509v3/pcy_node.o \ - crypto/x509v3/pcy_data.o \ - crypto/x509v3/pcy_map.o \ - crypto/x509v3/pcy_tree.o \ - crypto/x509v3/pcy_lib.o \ - crypto/x509v3/v3_asid.o \ - crypto/x509v3/v3_addr.o \ - crypto/conf/conf_err.o \ - crypto/conf/conf_lib.o \ - crypto/conf/conf_api.o \ - crypto/conf/conf_def.o \ - crypto/conf/conf_mod.o \ - crypto/conf/conf_mall.o \ - crypto/conf/conf_sap.o \ - crypto/txt_db/txt_db.o \ - crypto/pkcs7/pk7_asn1.o \ - crypto/pkcs7/pk7_lib.o \ - crypto/pkcs7/pkcs7err.o \ - crypto/pkcs7/pk7_doit.o \ - crypto/pkcs7/pk7_smime.o \ - crypto/pkcs7/pk7_attr.o \ - crypto/pkcs7/pk7_mime.o \ - crypto/pkcs7/bio_pk7.o \ - crypto/pkcs12/p12_add.o \ - crypto/pkcs12/p12_asn.o \ - crypto/pkcs12/p12_attr.o \ - crypto/pkcs12/p12_crpt.o \ - crypto/pkcs12/p12_crt.o \ - crypto/pkcs12/p12_decr.o \ - crypto/pkcs12/p12_init.o \ - crypto/pkcs12/p12_key.o \ - crypto/pkcs12/p12_kiss.o \ - crypto/pkcs12/p12_mutl.o \ - crypto/pkcs12/p12_utl.o \ - crypto/pkcs12/p12_npas.o \ - crypto/pkcs12/pk12err.o \ - crypto/pkcs12/p12_p8d.o \ - crypto/pkcs12/p12_p8e.o \ - crypto/comp/comp_lib.o \ - crypto/comp/comp_err.o \ - crypto/comp/c_rle.o \ - crypto/comp/c_zlib.o \ - crypto/ocsp/ocsp_asn.o \ - crypto/ocsp/ocsp_ext.o \ - crypto/ocsp/ocsp_ht.o \ - crypto/ocsp/ocsp_lib.o \ - crypto/ocsp/ocsp_cl.o \ - crypto/ocsp/ocsp_srv.o \ - crypto/ocsp/ocsp_prn.o \ - crypto/ocsp/ocsp_vfy.o \ - crypto/ocsp/ocsp_err.o \ - crypto/cmac/cmac.o \ - crypto/cmac/cm_ameth.o \ - crypto/cmac/cm_pmeth.o \ +OBJS = crypto/cryptlib.o \ + crypto/mem.o \ + crypto/mem_clr.o \ + crypto/mem_dbg.o \ + crypto/cversion.o \ + crypto/ex_data.o \ + crypto/cpt_err.o \ + crypto/ebcdic.o \ + crypto/uid.o \ + crypto/o_time.o \ + crypto/o_str.o \ + crypto/o_dir.o \ + crypto/o_fips.o \ + crypto/o_init.o \ + crypto/fips_ers.o \ + crypto/md5/md5_dgst.o \ + crypto/md5/md5_one.o \ + crypto/sha/sha_dgst.o \ + crypto/sha/sha1dgst.o \ + crypto/sha/sha_one.o \ + crypto/sha/sha1_one.o \ + crypto/sha/sha256.o \ + crypto/sha/sha512.o \ + crypto/hmac/hmac.o \ + crypto/hmac/hm_ameth.o \ + crypto/hmac/hm_pmeth.o \ + crypto/rc4/rc4_enc.o \ + crypto/rc4/rc4_skey.o \ + crypto/rc4/rc4_utl.o \ + crypto/aes/aes_misc.o \ + crypto/aes/aes_ecb.o \ + crypto/aes/aes_cfb.o \ + crypto/aes/aes_ofb.o \ + crypto/aes/aes_ctr.o \ + crypto/aes/aes_ige.o \ + crypto/aes/aes_wrap.o \ + crypto/aes/aes_core.o \ + crypto/aes/aes_cbc.o \ + crypto/modes/cbc128.o \ + crypto/modes/ctr128.o \ + crypto/modes/cts128.o \ + crypto/modes/cfb128.o \ + crypto/modes/ofb128.o \ + crypto/modes/gcm128.o \ + crypto/modes/ccm128.o \ + crypto/modes/xts128.o \ + crypto/modes/wrap128.o \ + crypto/bn/bn_add.o \ + crypto/bn/bn_div.o \ + crypto/bn/bn_exp.o \ + crypto/bn/bn_lib.o \ + crypto/bn/bn_ctx.o \ + crypto/bn/bn_mul.o \ + crypto/bn/bn_mod.o \ + crypto/bn/bn_print.o \ + crypto/bn/bn_rand.o \ + crypto/bn/bn_shift.o \ + crypto/bn/bn_word.o \ + crypto/bn/bn_blind.o \ + crypto/bn/bn_kron.o \ + crypto/bn/bn_sqrt.o \ + crypto/bn/bn_gcd.o \ + crypto/bn/bn_prime.o \ + crypto/bn/bn_err.o \ + crypto/bn/bn_sqr.o \ + crypto/bn/bn_asm.o \ + crypto/bn/bn_recp.o \ + crypto/bn/bn_mont.o \ + crypto/bn/bn_mpi.o \ + crypto/bn/bn_exp2.o \ + crypto/bn/bn_gf2m.o \ + crypto/bn/bn_nist.o \ + crypto/bn/bn_depr.o \ + crypto/bn/bn_x931p.o \ + crypto/bn/bn_const.o \ + crypto/rsa/rsa_eay.o \ + crypto/rsa/rsa_gen.o \ + crypto/rsa/rsa_lib.o \ + crypto/rsa/rsa_sign.o \ + crypto/rsa/rsa_saos.o \ + crypto/rsa/rsa_err.o \ + crypto/rsa/rsa_pk1.o \ + crypto/rsa/rsa_ssl.o \ + crypto/rsa/rsa_none.o \ + crypto/rsa/rsa_oaep.o \ + crypto/rsa/rsa_chk.o \ + crypto/rsa/rsa_null.o \ + crypto/rsa/rsa_pss.o \ + crypto/rsa/rsa_x931.o \ + crypto/rsa/rsa_asn1.o \ + crypto/rsa/rsa_depr.o \ + crypto/rsa/rsa_ameth.o \ + crypto/rsa/rsa_prn.o \ + crypto/rsa/rsa_pmeth.o \ + crypto/rsa/rsa_crpt.o \ + crypto/dso/dso_dl.o \ + crypto/dso/dso_dlfcn.o \ + crypto/dso/dso_err.o \ + crypto/dso/dso_lib.o \ + crypto/dso/dso_null.o \ + crypto/dso/dso_openssl.o \ + crypto/dso/dso_win32.o \ + crypto/dso/dso_vms.o \ + crypto/dso/dso_beos.o \ + crypto/dh/dh_asn1.o \ + crypto/dh/dh_gen.o \ + crypto/dh/dh_key.o \ + crypto/dh/dh_lib.o \ + crypto/dh/dh_check.o \ + crypto/dh/dh_err.o \ + crypto/dh/dh_depr.o \ + crypto/dh/dh_ameth.o \ + crypto/dh/dh_pmeth.o \ + crypto/dh/dh_prn.o \ + crypto/dh/dh_rfc5114.o \ + crypto/buffer/buffer.o \ + crypto/buffer/buf_str.o \ + crypto/buffer/buf_err.o \ + crypto/bio/bio_lib.o \ + crypto/bio/bio_cb.o \ + crypto/bio/bio_err.o \ + crypto/bio/bss_mem.o \ + crypto/bio/bss_null.o \ + crypto/bio/bss_fd.o \ + crypto/bio/bss_file.o \ + crypto/bio/bss_sock.o \ + crypto/bio/bss_conn.o \ + crypto/bio/bf_null.o \ + crypto/bio/bf_buff.o \ + crypto/bio/b_dump.o \ + crypto/bio/b_print.o \ + crypto/bio/b_sock.o \ + crypto/bio/bss_acpt.o \ + crypto/bio/bf_nbio.o \ + crypto/bio/bss_log.o \ + crypto/bio/bss_bio.o \ + crypto/bio/bss_dgram.o \ + crypto/stack/stack.o \ + crypto/lhash/lhash.o \ + crypto/lhash/lh_stats.o \ + crypto/rand/md_rand.o \ + crypto/rand/randfile.o \ + crypto/rand/rand_lib.o \ + crypto/rand/rand_err.o \ + crypto/rand/rand_unix.o \ + crypto/err/err.o \ + crypto/err/err_all.o \ + crypto/err/err_prn.o \ + crypto/objects/o_names.o \ + crypto/objects/obj_dat.o \ + crypto/objects/obj_lib.o \ + crypto/objects/obj_err.o \ + crypto/objects/obj_xref.o \ + crypto/evp/encode.o \ + crypto/evp/digest.o \ + crypto/evp/evp_enc.o \ + crypto/evp/evp_key.o \ + crypto/evp/evp_acnf.o \ + crypto/evp/evp_cnf.o \ + crypto/evp/e_des.o \ + crypto/evp/e_bf.o \ + crypto/evp/e_idea.o \ + crypto/evp/e_des3.o \ + crypto/evp/e_camellia.o \ + crypto/evp/e_rc4.o \ + crypto/evp/e_aes.o \ + crypto/evp/names.o \ + crypto/evp/e_seed.o \ + crypto/evp/e_xcbc_d.o \ + crypto/evp/e_rc2.o \ + crypto/evp/e_cast.o \ + crypto/evp/e_rc5.o \ + crypto/evp/m_null.o \ + crypto/evp/m_md2.o \ + crypto/evp/m_md4.o \ + crypto/evp/m_md5.o \ + crypto/evp/m_sha.o \ + crypto/evp/m_sha1.o \ + crypto/evp/m_wp.o \ + crypto/evp/m_dss.o \ + crypto/evp/m_dss1.o \ + crypto/evp/m_mdc2.o \ + crypto/evp/m_ripemd.o \ + crypto/evp/m_ecdsa.o \ + crypto/evp/p_open.o \ + crypto/evp/p_seal.o \ + crypto/evp/p_sign.o \ + crypto/evp/p_verify.o \ + crypto/evp/p_lib.o \ + crypto/evp/p_enc.o \ + crypto/evp/p_dec.o \ + crypto/evp/bio_md.o \ + crypto/evp/bio_b64.o \ + crypto/evp/bio_enc.o \ + crypto/evp/evp_err.o \ + crypto/evp/e_null.o \ + crypto/evp/c_all.o \ + crypto/evp/c_allc.o \ + crypto/evp/c_alld.o \ + crypto/evp/evp_lib.o \ + crypto/evp/bio_ok.o \ + crypto/evp/evp_pkey.o \ + crypto/evp/evp_pbe.o \ + crypto/evp/p5_crpt.o \ + crypto/evp/p5_crpt2.o \ + crypto/evp/e_old.o \ + crypto/evp/pmeth_lib.o \ + crypto/evp/pmeth_fn.o \ + crypto/evp/pmeth_gn.o \ + crypto/evp/m_sigver.o \ + crypto/evp/e_aes_cbc_hmac_sha1.o \ + crypto/evp/e_aes_cbc_hmac_sha256.o \ + crypto/evp/e_rc4_hmac_md5.o \ + crypto/asn1/a_object.o \ + crypto/asn1/a_bitstr.o \ + crypto/asn1/a_utctm.o \ + crypto/asn1/a_gentm.o \ + crypto/asn1/a_time.o \ + crypto/asn1/a_int.o \ + crypto/asn1/a_octet.o \ + crypto/asn1/a_print.o \ + crypto/asn1/a_type.o \ + crypto/asn1/a_set.o \ + crypto/asn1/a_dup.o \ + crypto/asn1/a_d2i_fp.o \ + crypto/asn1/a_i2d_fp.o \ + crypto/asn1/a_enum.o \ + crypto/asn1/a_utf8.o \ + crypto/asn1/a_sign.o \ + crypto/asn1/a_digest.o \ + crypto/asn1/a_verify.o \ + crypto/asn1/a_mbstr.o \ + crypto/asn1/a_strex.o \ + crypto/asn1/x_algor.o \ + crypto/asn1/x_val.o \ + crypto/asn1/x_pubkey.o \ + crypto/asn1/x_sig.o \ + crypto/asn1/x_req.o \ + crypto/asn1/x_attrib.o \ + crypto/asn1/x_bignum.o \ + crypto/asn1/x_long.o \ + crypto/asn1/x_name.o \ + crypto/asn1/x_x509.o \ + crypto/asn1/x_x509a.o \ + crypto/asn1/x_crl.o \ + crypto/asn1/x_info.o \ + crypto/asn1/x_spki.o \ + crypto/asn1/nsseq.o \ + crypto/asn1/x_nx509.o \ + crypto/asn1/d2i_pu.o \ + crypto/asn1/d2i_pr.o \ + crypto/asn1/i2d_pu.o \ + crypto/asn1/i2d_pr.o \ + crypto/asn1/t_req.o \ + crypto/asn1/t_x509.o \ + crypto/asn1/t_x509a.o \ + crypto/asn1/t_crl.o \ + crypto/asn1/t_pkey.o \ + crypto/asn1/t_spki.o \ + crypto/asn1/t_bitst.o \ + crypto/asn1/tasn_new.o \ + crypto/asn1/tasn_fre.o \ + crypto/asn1/tasn_enc.o \ + crypto/asn1/tasn_dec.o \ + crypto/asn1/tasn_utl.o \ + crypto/asn1/tasn_typ.o \ + crypto/asn1/tasn_prn.o \ + crypto/asn1/ameth_lib.o \ + crypto/asn1/f_int.o \ + crypto/asn1/f_string.o \ + crypto/asn1/n_pkey.o \ + crypto/asn1/f_enum.o \ + crypto/asn1/x_pkey.o \ + crypto/asn1/a_bool.o \ + crypto/asn1/x_exten.o \ + crypto/asn1/bio_asn1.o \ + crypto/asn1/bio_ndef.o \ + crypto/asn1/asn_mime.o \ + crypto/asn1/asn1_gen.o \ + crypto/asn1/asn1_par.o \ + crypto/asn1/asn1_lib.o \ + crypto/asn1/asn1_err.o \ + crypto/asn1/a_bytes.o \ + crypto/asn1/a_strnid.o \ + crypto/asn1/evp_asn1.o \ + crypto/asn1/asn_pack.o \ + crypto/asn1/p5_pbe.o \ + crypto/asn1/p5_pbev2.o \ + crypto/asn1/p8_pkey.o \ + crypto/asn1/asn_moid.o \ + crypto/pem/pem_sign.o \ + crypto/pem/pem_seal.o \ + crypto/pem/pem_info.o \ + crypto/pem/pem_lib.o \ + crypto/pem/pem_all.o \ + crypto/pem/pem_err.o \ + crypto/pem/pem_x509.o \ + crypto/pem/pem_xaux.o \ + crypto/pem/pem_oth.o \ + crypto/pem/pem_pk8.o \ + crypto/pem/pem_pkey.o \ + crypto/pem/pvkfmt.o \ + crypto/x509/x509_def.o \ + crypto/x509/x509_d2.o \ + crypto/x509/x509_r2x.o \ + crypto/x509/x509_cmp.o \ + crypto/x509/x509_obj.o \ + crypto/x509/x509_req.o \ + crypto/x509/x509spki.o \ + crypto/x509/x509_vfy.o \ + crypto/x509/x509_set.o \ + crypto/x509/x509cset.o \ + crypto/x509/x509rset.o \ + crypto/x509/x509_err.o \ + crypto/x509/x509name.o \ + crypto/x509/x509_v3.o \ + crypto/x509/x509_ext.o \ + crypto/x509/x509_att.o \ + crypto/x509/x509type.o \ + crypto/x509/x509_lu.o \ + crypto/x509/x_all.o \ + crypto/x509/x509_txt.o \ + crypto/x509/x509_trs.o \ + crypto/x509/x509_vpm.o \ + crypto/x509v3/v3_bcons.o \ + crypto/x509v3/v3_bitst.o \ + crypto/x509v3/v3_conf.o \ + crypto/x509v3/v3_extku.o \ + crypto/x509v3/v3_ia5.o \ + crypto/x509v3/v3_lib.o \ + crypto/x509v3/v3_prn.o \ + crypto/x509v3/v3_utl.o \ + crypto/x509v3/v3err.o \ + crypto/x509v3/v3_genn.o \ + crypto/x509v3/v3_alt.o \ + crypto/x509v3/v3_skey.o \ + crypto/x509v3/v3_akey.o \ + crypto/x509v3/v3_pku.o \ + crypto/x509v3/v3_int.o \ + crypto/x509v3/v3_enum.o \ + crypto/x509v3/v3_sxnet.o \ + crypto/x509v3/v3_cpols.o \ + crypto/x509v3/v3_crld.o \ + crypto/x509v3/v3_purp.o \ + crypto/x509v3/v3_info.o \ + crypto/x509v3/v3_ocsp.o \ + crypto/x509v3/v3_akeya.o \ + crypto/x509v3/v3_pmaps.o \ + crypto/x509v3/v3_pcons.o \ + crypto/x509v3/v3_ncons.o \ + crypto/x509v3/v3_pcia.o \ + crypto/x509v3/v3_pci.o \ + crypto/x509v3/pcy_cache.o \ + crypto/x509v3/pcy_node.o \ + crypto/x509v3/pcy_data.o \ + crypto/x509v3/pcy_map.o \ + crypto/x509v3/pcy_tree.o \ + crypto/x509v3/pcy_lib.o \ + crypto/x509v3/v3_asid.o \ + crypto/x509v3/v3_addr.o \ + crypto/conf/conf_err.o \ + crypto/conf/conf_lib.o \ + crypto/conf/conf_api.o \ + crypto/conf/conf_def.o \ + crypto/conf/conf_mod.o \ + crypto/conf/conf_mall.o \ + crypto/conf/conf_sap.o \ + crypto/txt_db/txt_db.o \ + crypto/pkcs7/pk7_asn1.o \ + crypto/pkcs7/pk7_lib.o \ + crypto/pkcs7/pkcs7err.o \ + crypto/pkcs7/pk7_doit.o \ + crypto/pkcs7/pk7_smime.o \ + crypto/pkcs7/pk7_attr.o \ + crypto/pkcs7/pk7_mime.o \ + crypto/pkcs7/bio_pk7.o \ + crypto/pkcs12/p12_add.o \ + crypto/pkcs12/p12_asn.o \ + crypto/pkcs12/p12_attr.o \ + crypto/pkcs12/p12_crpt.o \ + crypto/pkcs12/p12_crt.o \ + crypto/pkcs12/p12_decr.o \ + crypto/pkcs12/p12_init.o \ + crypto/pkcs12/p12_key.o \ + crypto/pkcs12/p12_kiss.o \ + crypto/pkcs12/p12_mutl.o \ + crypto/pkcs12/p12_utl.o \ + crypto/pkcs12/p12_npas.o \ + crypto/pkcs12/pk12err.o \ + crypto/pkcs12/p12_p8d.o \ + crypto/pkcs12/p12_p8e.o \ + crypto/comp/comp_lib.o \ + crypto/comp/comp_err.o \ + crypto/comp/c_rle.o \ + crypto/comp/c_zlib.o \ + crypto/ocsp/ocsp_asn.o \ + crypto/ocsp/ocsp_ext.o \ + crypto/ocsp/ocsp_ht.o \ + crypto/ocsp/ocsp_lib.o \ + crypto/ocsp/ocsp_cl.o \ + crypto/ocsp/ocsp_srv.o \ + crypto/ocsp/ocsp_prn.o \ + crypto/ocsp/ocsp_vfy.o \ + crypto/ocsp/ocsp_err.o \ + crypto/cmac/cmac.o \ + crypto/cmac/cm_ameth.o \ + crypto/cmac/cm_pmeth.o \ all: $(TARGET) -- cgit v1.2.3 From 1954ef164a55cbc4369f513cca3fb43f3550d81a Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 8 Mar 2021 11:54:33 -0500 Subject: Minor OpenSSL fixes These are all the NULL pointer dereferences (which all appear to be, at worst, very difficult to hit) that gcc -fanalyzer finds in our OpenSSL code. Signed-off-by: Peter Jones --- Cryptlib/OpenSSL/crypto/asn1/asn_mime.c | 4 ++++ Cryptlib/OpenSSL/crypto/asn1/t_req.c | 5 +++-- Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 3 +++ Cryptlib/OpenSSL/crypto/conf/conf_lib.c | 3 +++ Cryptlib/OpenSSL/crypto/mem_dbg.c | 5 +++++ Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 2 +- Cryptlib/OpenSSL/crypto/x509/x509_trs.c | 8 ++++++-- 7 files changed, 25 insertions(+), 5 deletions(-) (limited to 'Cryptlib/OpenSSL') diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c index 5170906c..017be9d9 100644 --- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c +++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c @@ -843,6 +843,10 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) char *tmpname, *tmpval, *p; int c; MIME_PARAM *mparam; + + if (!mhdr) + return 0; + if (name) { tmpname = BUF_strdup(name); if (!tmpname) diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c index 70aba4cc..c32241c2 100644 --- a/Cryptlib/OpenSSL/crypto/asn1/t_req.c +++ b/Cryptlib/OpenSSL/crypto/asn1/t_req.c @@ -195,10 +195,11 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, goto err; if (BIO_puts(bp, ":") <= 0) goto err; - if ((type == V_ASN1_PRINTABLESTRING) || + if (bs != NULL && ( + (type == V_ASN1_PRINTABLESTRING) || (type == V_ASN1_UTF8STRING) || (type == V_ASN1_T61STRING) || - (type == V_ASN1_IA5STRING)) { + (type == V_ASN1_IA5STRING))) { if (BIO_write(bp, (char *)bs->data, bs->length) != bs->length) goto err; diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c index 10b78f51..2671f35c 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c @@ -496,6 +496,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) if (bn_wexpand(a, b->top) == NULL) return (NULL); + if (!a || !b || !a->d || !b->d) + return (NULL); + #if 1 A = a->d; B = b->d; diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c index 952b5452..b3b29adb 100644 --- a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c +++ b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c @@ -340,6 +340,9 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, return 0; } + if (conf == NULL) + return 0; + str = NCONF_get_string(conf, group, name); if (str == NULL) diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c index 8525ded7..c98c1b88 100644 --- a/Cryptlib/OpenSSL/crypto/mem_dbg.c +++ b/Cryptlib/OpenSSL/crypto/mem_dbg.c @@ -640,8 +640,13 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) if (m->addr == (char *)l->bio) return; + if (!bufp) + return; + if (options & V_CRYPTO_MDEBUG_TIME) { lcl = localtime(&m->time); + if (!lcl) + return; BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", lcl->tm_hour, lcl->tm_min, lcl->tm_sec); diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c index 6cf8253b..e6a44f40 100644 --- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c +++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c @@ -654,7 +654,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) if (data_body->length > 0) BIO_write(bio, (char *)data_body->data, data_body->length); # else - if (data_body->length > 0) + if (data_body != NULL && data_body->length > 0) bio = BIO_new_mem_buf(data_body->data, data_body->length); else { bio = BIO_new(BIO_s_mem()); diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c index 11e07634..2fa33823 100644 --- a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c +++ b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c @@ -131,6 +131,8 @@ int X509_check_trust(X509 *x, int id, int flags) if (idx == -1) return default_trust(id, x, flags); pt = X509_TRUST_get0(idx); + if (!pt) + return default_trust(id, x, flags); return pt->check_trust(pt, x, flags); } @@ -195,8 +197,10 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), return 0; } trtmp->flags = X509_TRUST_DYNAMIC; - } else - trtmp = X509_TRUST_get0(idx); + } else if (!(trtmp = X509_TRUST_get0(idx))) { + X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); + return 0; + } /* OPENSSL_free existing name if dynamic */ if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) -- cgit v1.2.3 From 7d5df1cebdbdc3ed11cde165a752cf358878aa8a Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 8 Mar 2021 12:42:21 -0500 Subject: static analysis: make our build targets work better This improves our static analysis targets by making them work better with our make variables, and inhibits the use of ccache while building those. Signed-off-by: Peter Jones --- Cryptlib/Makefile | 3 +++ Cryptlib/OpenSSL/Makefile | 3 +++ Make.defaults | 9 +++++++++ include/coverity.mk | 37 +++++++++++++++++++++++++++++-------- include/fanalyzer.mk | 36 ++++++++++++++++++++++++------------ include/scan-build.mk | 35 +++++++++++++++++++++++++++++------ 6 files changed, 97 insertions(+), 26 deletions(-) (limited to 'Cryptlib/OpenSSL') diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 5bae10c9..bc5681c5 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -1,3 +1,6 @@ +ifneq ($(CCACHE_DISABLE),) +export CCACHE_DISABLE +endif INCLUDES = -I$(TOPDIR) -iquote $(TOPDIR) -I$(TOPDIR)/Include \ $(EFI_INCLUDES) -I$(shell $(CC) -print-file-name=include) diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 6a58dbaa..6ff58e47 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -1,3 +1,6 @@ +ifneq ($(CCACHE_DISABLE),) +export CCACHE_DISABLE +endif DEFINES = -DL_ENDIAN \ -D_CRT_SECURE_NO_DEPRECATE \ diff --git a/Make.defaults b/Make.defaults index 5f30e292..7f1b8015 100644 --- a/Make.defaults +++ b/Make.defaults @@ -28,6 +28,15 @@ DASHJ ?= -j$(shell echo $$(($$(grep -c "^model name" /proc/cpuinfo) + 1))) ARCH ?= $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) OBJCOPY_GTE224 = $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.*\((.*)\|version\) //g' | cut -f1-2 -d.` \>= 2.24) OPTIMIZATIONS ?= -Os +FA_OPTIMIZATIONS ?= -O2 +ifneq ($(FANALYZER),) +override OPTIMIZATIONS := $(FA_OPTIMIZATIONS) +override CCACHE_DISABLE := true +endif +export OPTIMIZATIONS +ifneq ($(CCACHE_DISABLE),) +export CCACHE_DISABLE +endif SUBDIRS = $(TOPDIR)/Cryptlib $(TOPDIR)/lib diff --git a/include/coverity.mk b/include/coverity.mk index a897aa0a..e1e5c874 100644 --- a/include/coverity.mk +++ b/include/coverity.mk @@ -3,12 +3,18 @@ COV_TOKEN=$(call get-config,coverity.token) COV_URL=$(call get-config,coverity.url) COV_FILE=$(NAME)-coverity-$(VERSION)-$(COMMIT_ID).tar.bz2 -cov-int : clean-shim-objs - make $(DASHJ) Cryptlib/OpenSSL/libopenssl.a Cryptlib/libcryptlib.a - cov-build --dir cov-int make $(DASHJ) all +include $(TOPDIR)/Make.rules -cov-int-all : clean - cov-build --dir cov-int make $(DASHJ) all +define prop +$(if $(findstring undefined,$(origin $(1))),,$(1)="$($1)") +endef + +override CCACHE_DISABLE := 1 +export CCACHE_DISABLE + +PROPOGATE_MAKE_FLAGS = ARCH ARCH_SUFFIX COLOR COMPILER CROSS_COMPILE + +MAKEARGS = $(foreach x,$(PROPOGATE_MAKE_FLAGS),$(call prop,$(x))) cov-clean : @rm -vf $(NAME)-coverity-*.tar.* @@ -19,7 +25,7 @@ cov-file : | $(COV_FILE) $(COV_FILE) : | cov-int tar caf $@ cov-int -cov-upload : +cov-upload : | cov-file @if [ -n "$(COV_URL)" ] && \ [ -n "$(COV_TOKEN)" ] && \ [ -n "$(COV_EMAIL)" ] ; \ @@ -30,11 +36,26 @@ cov-upload : echo Coverity output is in $(COV_FILE) ; \ fi +cov-build-unchecked-cryptlib : | clean-cryptlib-objs +cov-build-unchecked-cryptlib : Cryptlib/libcryptlib.a + +cov-build-unchecked-openssl : | clean-openssl-objs +cov-build-unchecked-openssl : Cryptlib/OpenSSL/libopenssl.a + +cov-build-all : | clean clean-shim-objs clean-cryptlib-objs clean-openssl-objs + +cov-build --dir cov-int $(MAKE) $(MAKEARGS) CCACHE_DISABLE=1 all + +coverity-no-openssl : | cov-test +coverity-no-openssl : clean-shim-objs clean-cryptlib-objs cov-build-unchecked-openssl cov-build-all cov-file cov-upload + +coverity-no-cryptlib : | cov-test +coverity-no-cryptlib : clean-shim-objs cov-build-unchecked-openssl cov-build-unchecked-cryptlib cov-build-all cov-file cov-upload + coverity : | cov-test -coverity : cov-int cov-file cov-upload +coverity : coverity-no-openssl cov-file cov-upload coverity-all : | cov-test -coverity-all : cov-int-all cov-file cov-upload +coverity-all : clean cov-build-all cov-file cov-upload clean : | cov-clean diff --git a/include/fanalyzer.mk b/include/fanalyzer.mk index 1018d1da..7e31a082 100644 --- a/include/fanalyzer.mk +++ b/include/fanalyzer.mk @@ -3,25 +3,37 @@ GCC_BINARY ?= $(shell x=$$(which --skip-alias --skip-functions gcc 2>/dev/null) fanalyzer-test : ; $(if $(findstring /,$(GCC_BINARY)),,$(error gcc not found)) define prop -$(if $(filter-out undefined,$(origin $(1))),$(1)=$($1),) +$(if $(findstring undefined,$(origin $(1))),,$(eval export $(1))) endef -MAKEARGS := \ - $(call prop,ARCH) \ - $(call prop,COLOR) \ - $(call prop,CROSS_COMPILE) +override CCACHE_DISABLE := 1 +export CCACHE_DISABLE +override COMPILER := gcc +export COMPILER + +PROPOGATE_MAKE_FLAGS = ARCH ARCH_SUFFIX COLOR COMPILER CROSS_COMPILE DASHJ + +MAKEARGS = $(foreach x,$(PROPOGATE_MAKE_FLAGS),$(call prop,$(x))) fanalyzer : | fanalyzer-test -fanalyzer : clean-shim-objs fanalyzer-build +fanalyzer : fanalyzer-no-openssl + +fanalyzer-build-unchecked-cryptlib : Cryptlib/libcryptlib.a + +fanalyzer-build-unchecked-openssl : Cryptlib/OpenSSL/libopenssl.a -fanalyzer-build : - make CC=gcc $(MAKEARGS) $(DASHJ) Cryptlib/OpenSSL/libopenssl.a Cryptlib/libcryptlib.a - make CC=gcc $(MAKEARGS) FANALYZER=true all +fanalyzer-build-all : CCACHE_DISABLE=1 +fanalyzer-build-all : FEATUREFLAGS+=-fanalyzer +fanalyzer-build-all : WERRFLAGS=-Werror=analyzer-null-dereference +fanalyzer-build-all : all + +fanalyzer-no-openssl : | fanalyzer-test +fanalyzer-no-openssl : clean-shim-objs clean-cryptlib-objs fanalyzer-build-unchecked-openssl fanalyzer-build-all + +fanalyzer-no-cryptlib : | fanalyzer-test +fanalyzer-no-cryptlib : clean-shim-objs fanalyzer-build-unchecked-openssl fanalyzer-build-unchecked-cryptlib fanalyzer-build-all fanalyzer-all : | fanalyzer-test fanalyzer-all : clean fanalyzer-build-all -fanalyzer-build-all : - make CC=gcc $(MAKEARGS) FANALYZER=true all - .PHONY : fanalyzer fanalyzer-build fanalyzer-all fanalyzer-build-all fanalyzer-clean diff --git a/include/scan-build.mk b/include/scan-build.mk index 7697cb89..2cb33e79 100644 --- a/include/scan-build.mk +++ b/include/scan-build.mk @@ -2,16 +2,39 @@ SCAN_BUILD ?= $(shell x=$$(which --skip-alias --skip-functions scan-build 2>/dev scan-test : ; $(if $(findstring /,$(SCAN_BUILD)),,$(error scan-build not found)) +define prop +$(if $(findstring undefined,$(origin $(1))),,$(1)="$($1)") +endef + +override CCACHE_DISABLE := 1 +export CCACHE_DISABLE +override COMPILER = clang + +PROPOGATE_MAKE_FLAGS = ARCH ARCH_SUFFIX COLOR COMPILER CROSS_COMPILE DASHJ + +MAKEARGS = $(foreach x,$(PROPOGATE_MAKE_FLAGS),$(call prop,$(x))) + scan-clean : @if [[ -d scan-results ]]; then rm -rf scan-results && echo "removed 'scan-results'"; fi -scan-build : | scan-test -scan-build : clean-shim-objs - make $(DASHJ) Cryptlib/OpenSSL/libopenssl.a Cryptlib/libcryptlib.a - scan-build -o scan-results make $(DASHJ) CC=clang all +scan : | scan-test +scan : clean-shim-objs clean-cryptlib-objs scan-build-no-openssl + +scan-build-unchecked-cryptlib : Cryptlib/libcryptlib.a + +scan-build-unchecked-openssl : Cryptlib/OpenSSL/libopenssl.a scan-build-all : | scan-test -scan-build-all : clean - scan-build -o scan-results make $(DASHJ) CC=clang all +scan-build-all : + +scan-build -o scan-results make $(MAKEARGS) $(DASHJ) CCACHE_DISABLE=1 all + +scan-build-no-openssl : | scan-test +scan-build-no-openssl : clean-shim-objs clean-cryptlib-objs scan-build-unchecked-openssl scan-build-all + +scan-build-no-cryptlib : | scan-test +scan-build-no-cryptlib : clean-shim-objs scan-build-unchecked-cryptlib scan-build-unchecked-openssl scan-build-all + +scan-all : | scan-test +scan-all : clean scan-build-all .PHONY : scan-build scan-clean -- cgit v1.2.3 From 4425a1bf8b60cc4a3a17f5ee98d0ee771447815d Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 5 Mar 2021 18:01:29 -0500 Subject: More minor makefile cleanups This patch does some makefile cleanups, to fix the parts that are actually just bad that the previous patch left in for clarity: - removes -fno-builtin . This flag is implied by -ffreestanding , which we use everywhere. - gets rid of the two places where ARM has their own -O flags for no real reason. Note that this will make those use -Os instead of -O2. - export VERBOSE and DEBUG if they're set. Signed-off-by: Peter Jones --- Cryptlib/OpenSSL/Makefile | 2 -- Make.defaults | 9 +++++++-- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'Cryptlib/OpenSSL') diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 6ff58e47..5bd72481 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -38,11 +38,9 @@ FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) DEFINES += -DMDE_CPU_IA32 endif ifeq ($(ARCH),aarch64) -OPTIMIZATIONS += -O2 DEFINES += -DMDE_CPU_AARCH64 endif ifeq ($(ARCH),arm) -OPTIMIZATIONS += -O2 DEFINES += -DMDE_CPU_ARM endif diff --git a/Make.defaults b/Make.defaults index 7f1b8015..13393496 100644 --- a/Make.defaults +++ b/Make.defaults @@ -104,11 +104,9 @@ INCLUDES = -nostdinc \ -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol \ -I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd) - override DEFAULT_FEATUREFLAGS = \ -std=gnu89 \ -ggdb \ - -fno-builtin \ -ffreestanding \ -fmacro-prefix-map='$(TOPDIR)/=$(DEBUGSRC)' \ -fno-stack-protector \ @@ -181,3 +179,10 @@ DEFINES += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" endif LDFLAGS = --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1 $(ARCH_LDFLAGS) --no-undefined + +ifneq ($(DEBUG),) +export DEBUG +endif +ifneq ($(VERBOSE),) +export VERBOSE +endif -- cgit v1.2.3 From f033a1da9f4c3acf7e3dfef906d01e348b6fcf42 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 9 Mar 2021 11:42:34 -0500 Subject: Restructure our includes. This re-structures our includes so we can be sure everything is always including all the system headers in a uniform, predictable way. Temporarily it also adds a bunch of junk at all the places we use variadic functions to specifically pick either the MS (cdecl) or ELF ABIs. I'm not 100% sure that's all correct (see later patch) but it's enough to allow this to build. Signed-off-by: Peter Jones --- Cryptlib/Include/OpenSslSupport.h | 13 +++++++----- Cryptlib/Include/ctype.h | 16 -------------- Cryptlib/Include/openssl/crypto.h | 1 + Cryptlib/Include/stdarg.h | 16 -------------- Cryptlib/Include/stddef.h | 15 -------------- Cryptlib/Include/stdlib.h | 16 -------------- Cryptlib/Include/string.h | 16 -------------- Cryptlib/Include/strings.h | 15 -------------- Cryptlib/InternalCryptLib.h | 2 ++ Cryptlib/Makefile | 14 +++++++++---- Cryptlib/OpenSSL/Makefile | 16 +++++++++----- Cryptlib/OpenSSL/crypto/bio/b_print.c | 8 +++---- Make.defaults | 3 ++- Makefile | 7 ++++--- MokManager.c | 8 +------ PasswordCrypt.c | 6 ++---- crypt_blowfish.c | 5 ----- errlog.c | 29 +++++++++++++------------- fallback.c | 4 ---- httpboot.c | 4 ---- include/console.h | 8 +++---- include/hexdump.h | 17 ++++++++------- include/system/alloca.h | 10 +++++++++ include/system/ctype.h | 14 +++++++++++++ include/system/inttypes.h | 13 ++++++++++++ include/system/stdarg.h | 31 ++++++++++++++++++++++++++++ include/system/stdio.h | 13 ++++++++++++ include/system/stdlib.h | 16 ++++++++++++++ include/system/string.h | 14 +++++++++++++ include/system/strings.h | 10 +++++++++ include/test.h | 4 ++-- lib/Makefile | 39 +++++++++++++++++++++++++++++++++-- lib/configtable.c | 3 --- lib/console.c | 21 +++++++------------ lib/execute.c | 4 ---- lib/print_crypto.c | 5 ----- lib/security_policy.c | 4 ---- lib/shell.c | 3 --- lib/simple_file.c | 4 ---- lib/variables.c | 3 --- mok.c | 4 ---- netboot.c | 2 -- pe.c | 1 - replacements.c | 5 ----- sbat.c | 1 - shim.c | 1 - shim.h | 25 ++++++++++++++++------ test.c | 3 ++- tpm.c | 6 ------ 49 files changed, 262 insertions(+), 236 deletions(-) delete mode 100644 Cryptlib/Include/ctype.h delete mode 100644 Cryptlib/Include/stdarg.h delete mode 100644 Cryptlib/Include/stddef.h delete mode 100644 Cryptlib/Include/stdlib.h delete mode 100644 Cryptlib/Include/string.h delete mode 100644 Cryptlib/Include/strings.h create mode 100644 include/system/alloca.h create mode 100644 include/system/ctype.h create mode 100644 include/system/inttypes.h create mode 100644 include/system/stdarg.h create mode 100644 include/system/stdio.h create mode 100644 include/system/stdlib.h create mode 100644 include/system/string.h create mode 100644 include/system/strings.h (limited to 'Cryptlib/OpenSSL') diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index 0b555271..7af9650f 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -15,6 +15,14 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #ifndef __OPEN_SSL_SUPPORT_H__ #define __OPEN_SSL_SUPPORT_H__ +/* + * Include stddef.h to avoid redefining "offsetof" + */ +#include +#include +#include +#include + #include #include #include "Base.h" @@ -23,11 +31,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "Library/MemoryAllocationLib.h" #include "Library/DebugLib.h" -/* - * Include stddef.h to avoid redefining "offsetof" - */ -#include - #define CONST const // diff --git a/Cryptlib/Include/ctype.h b/Cryptlib/Include/ctype.h deleted file mode 100644 index ee07f6bc..00000000 --- a/Cryptlib/Include/ctype.h +++ /dev/null @@ -1,16 +0,0 @@ -/** @file - Include file to support building OpenSSL Crypto Library. - -Copyright (c) 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include - diff --git a/Cryptlib/Include/openssl/crypto.h b/Cryptlib/Include/openssl/crypto.h index bea4ca19..e201a123 100644 --- a/Cryptlib/Include/openssl/crypto.h +++ b/Cryptlib/Include/openssl/crypto.h @@ -117,6 +117,7 @@ #ifndef HEADER_CRYPTO_H # define HEADER_CRYPTO_H +# include # include # include diff --git a/Cryptlib/Include/stdarg.h b/Cryptlib/Include/stdarg.h deleted file mode 100644 index ee07f6bc..00000000 --- a/Cryptlib/Include/stdarg.h +++ /dev/null @@ -1,16 +0,0 @@ -/** @file - Include file to support building OpenSSL Crypto Library. - -Copyright (c) 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include - diff --git a/Cryptlib/Include/stddef.h b/Cryptlib/Include/stddef.h deleted file mode 100644 index 8dfc36ff..00000000 --- a/Cryptlib/Include/stddef.h +++ /dev/null @@ -1,15 +0,0 @@ -/** @file - Include file to support building OpenSSL Crypto Library. - -Copyright (c) 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include diff --git a/Cryptlib/Include/stdlib.h b/Cryptlib/Include/stdlib.h deleted file mode 100644 index ee07f6bc..00000000 --- a/Cryptlib/Include/stdlib.h +++ /dev/null @@ -1,16 +0,0 @@ -/** @file - Include file to support building OpenSSL Crypto Library. - -Copyright (c) 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include - diff --git a/Cryptlib/Include/string.h b/Cryptlib/Include/string.h deleted file mode 100644 index ee07f6bc..00000000 --- a/Cryptlib/Include/string.h +++ /dev/null @@ -1,16 +0,0 @@ -/** @file - Include file to support building OpenSSL Crypto Library. - -Copyright (c) 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include - diff --git a/Cryptlib/Include/strings.h b/Cryptlib/Include/strings.h deleted file mode 100644 index 8dfc36ff..00000000 --- a/Cryptlib/Include/strings.h +++ /dev/null @@ -1,15 +0,0 @@ -/** @file - Include file to support building OpenSSL Crypto Library. - -Copyright (c) 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include diff --git a/Cryptlib/InternalCryptLib.h b/Cryptlib/InternalCryptLib.h index e9a4c20a..dc1a95e6 100644 --- a/Cryptlib/InternalCryptLib.h +++ b/Cryptlib/InternalCryptLib.h @@ -15,6 +15,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #ifndef __INTERNAL_CRYPT_LIB_H__ #define __INTERNAL_CRYPT_LIB_H__ +#include + #include "Library/BaseLib.h" #include "Library/BaseMemoryLib.h" #include "Library/MemoryAllocationLib.h" diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index bc5681c5..65a3918c 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -2,8 +2,14 @@ ifneq ($(CCACHE_DISABLE),) export CCACHE_DISABLE endif -INCLUDES = -I$(TOPDIR) -iquote $(TOPDIR) -I$(TOPDIR)/Include \ - $(EFI_INCLUDES) -I$(shell $(CC) -print-file-name=include) +CRYPTDIR = $(TOPDIR)/Cryptlib + +FEATUREFLAGS += -nostdinc + +INCLUDES = -I$(CRYPTDIR) -I$(CRYPTDIR)/Include \ + $(EFI_INCLUDES) \ + -isystem $(TOPDIR)/include/system \ + -isystem $(shell $(CC) -print-file-name=include) CFLAGS = $(FEATUREFLAGS) \ $(OPTIMIZATIONS) \ @@ -15,12 +21,12 @@ CFLAGS = $(FEATUREFLAGS) \ CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) ifeq ($(ARCH),x86_64) -FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) +FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) DEFINES += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 endif ifeq ($(ARCH),ia32) -FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) +FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) DEFINES += -DMDE_CPU_IA32 endif ifeq ($(ARCH),aarch64) diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 5bd72481..294e889a 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -2,17 +2,23 @@ ifneq ($(CCACHE_DISABLE),) export CCACHE_DISABLE endif +CRYPTDIR = $(TOPDIR)/Cryptlib +OSSLDIR = $(TOPDIR)/Cryptlib/OpenSSL + DEFINES = -DL_ENDIAN \ -D_CRT_SECURE_NO_DEPRECATE \ -D_CRT_NONSTDC_NO_DEPRECATE \ -DOPENSSL_SMALL_FOOTPRINT \ -DPEDANTIC -INCLUDES = -I$(TOPDIR) -I$(TOPDIR)/.. -I$(TOPDIR)/../Include/ -I$(TOPDIR)/crypto \ - -I$(shell $(CC) -print-file-name=include) \ - -I$(TOPDIR)/../Include $(EFI_INCLUDES) \ - -I$(TOPDIR)/crypto/asn1 -I$(TOPDIR)/crypto/evp \ - -I$(TOPDIR)/crypto/modes -I$(TOPDIR)/crypto/include +INCLUDES = -I$(OSSLDIR) -I$(CRYPTDIR) -I$(OSSLDIR)/Include/ \ + -I$(OSSLDIR)/crypto -I$(CRYPTDIR)/Include $(EFI_INCLUDES) \ + -I$(OSSLDIR)/crypto/asn1 -I$(OSSLDIR)/crypto/evp \ + -I$(OSSLDIR)/crypto/modes -I$(OSSLDIR)/crypto/include \ + -isystem $(TOPDIR)/include/system \ + -isystem $(shell $(CC) -print-file-name=include) + +FEATUREFLAGS += -nostdinc WERRFLAGS += -Wno-error=discarded-qualifiers \ -Wno-error=maybe-uninitialized \ diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c index fea73864..2d303ee8 100644 --- a/Cryptlib/OpenSSL/crypto/bio/b_print.c +++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c @@ -134,9 +134,9 @@ static int fmtfp(char **, char **, size_t *, size_t *, LDOUBLE, int, int, int); #endif static int doapr_outch(char **, char **, size_t *, size_t *, int); -static int _dopr(char **sbuffer, char **buffer, - size_t *maxlen, size_t *retlen, int *truncated, - const char *format, va_list args); +static int EFIAPI _dopr(char **sbuffer, char **buffer, + size_t *maxlen, size_t *retlen, int *truncated, + const char *format, va_list args); /* format read states */ #define DP_S_DEFAULT 0 @@ -167,7 +167,7 @@ static int _dopr(char **sbuffer, char **buffer, #define char_to_int(p) (p - '0') #define OSSL_MAX(p,q) ((p >= q) ? p : q) -static int +static int EFIAPI _dopr(char **sbuffer, char **buffer, size_t *maxlen, diff --git a/Make.defaults b/Make.defaults index bef3cb51..ebb9e3c3 100644 --- a/Make.defaults +++ b/Make.defaults @@ -102,7 +102,8 @@ INCLUDES = -nostdinc \ -I$(shell $(CC) $(ARCH_CFLAGS) -print-file-name=include) \ -I$(TOPDIR)/Cryptlib -I$(TOPDIR)/Cryptlib/Include \ -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH_GNUEFI) -I$(EFI_INCLUDE)/protocol \ - -I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd) + -I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd) \ + -isystem $(TOPDIR)/include/system override DEFAULT_FEATUREFLAGS = \ -std=gnu11 \ diff --git a/Makefile b/Makefile index c1d13947..6a62e00a 100644 --- a/Makefile +++ b/Makefile @@ -16,6 +16,7 @@ override TOPDIR := $(shell pwd) endif override TOPDIR := $(abspath $(TOPDIR)) VPATH = $(TOPDIR) +export TOPDIR include $(TOPDIR)/Make.rules include $(TOPDIR)/Make.defaults @@ -134,15 +135,15 @@ gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: Cryptlib/libcryptlib.a: for i in Hash Hmac Cipher Rand Pk Pem SysCall; do mkdir -p Cryptlib/$$i; done - $(MAKE) VPATH=$(TOPDIR)/Cryptlib TOPDIR=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile + $(MAKE) VPATH=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile Cryptlib/OpenSSL/libopenssl.a: for i in x509v3 x509 txt_db stack sha rsa rc4 rand pkcs7 pkcs12 pem ocsp objects modes md5 lhash kdf hmac evp err dso dh conf comp cmac buffer bn bio async/arch asn1 aes; do mkdir -p Cryptlib/OpenSSL/crypto/$$i; done - $(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL TOPDIR=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile + $(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile lib/lib.a: | $(TOPDIR)/lib/Makefile $(wildcard $(TOPDIR)/include/*.[ch]) if [ ! -d lib ]; then mkdir lib ; fi - $(MAKE) VPATH=$(TOPDIR)/lib TOPDIR=$(TOPDIR) CFLAGS="$(CFLAGS)" -C lib -f $(TOPDIR)/lib/Makefile lib.a + $(MAKE) VPATH=$(TOPDIR)/lib -C lib -f $(TOPDIR)/lib/Makefile lib.a buildid : $(TOPDIR)/buildid.c $(CC) -Og -g3 -Wall -Werror -Wextra -o $@ $< -lelf diff --git a/MokManager.c b/MokManager.c index 5a851d86..cd1492f8 100644 --- a/MokManager.c +++ b/MokManager.c @@ -1,18 +1,12 @@ // SPDX-License-Identifier: BSD-2-Clause-Patent +#include "shim.h" -#include -#include -#include #include #include #include #include #include -#include "shim.h" - -#include "hexdump.h" - #define PASSWORD_MAX 256 #define PASSWORD_MIN 1 #define SB_PASSWORD_LEN 16 diff --git a/PasswordCrypt.c b/PasswordCrypt.c index 311c914b..1030a6dd 100644 --- a/PasswordCrypt.c +++ b/PasswordCrypt.c @@ -1,13 +1,11 @@ // SPDX-License-Identifier: BSD-2-Clause-Patent -#include -#include +#include "shim.h" + #include #include #include -#include "shim.h" - #define TRAD_DES_HASH_SIZE 13 /* (64/6+1) + (12/6) */ #define BSDI_DES_HASH_SIZE 20 /* (64/6+1) + (24/6) + 4 + 1 */ #define BLOWFISH_HASH_SIZE 31 /* 184/6+1 */ diff --git a/crypt_blowfish.c b/crypt_blowfish.c index 7a474f26..b1eb0e60 100644 --- a/crypt_blowfish.c +++ b/crypt_blowfish.c @@ -43,11 +43,6 @@ * Blowfish library (I can't be sure if I would think of something if I * hadn't seen his code). */ - -#include -#include - -/* Just to make sure the prototypes match the actual definitions */ #include "shim.h" typedef unsigned int BF_word; diff --git a/errlog.c b/errlog.c index 714d09d3..16af23b0 100644 --- a/errlog.c +++ b/errlog.c @@ -5,30 +5,29 @@ */ #include "shim.h" -#include "hexdump.h" static CHAR16 **errs = NULL; static UINTN nerrs = 0; -EFI_STATUS -vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, va_list args) +EFI_STATUS EFIAPI +vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, elf_va_list args) { - va_list args2; + elf_va_list args2; EFI_STATUS efi_status = EFI_SUCCESS; if (verbose) { - va_copy(args2, args); + elf_va_copy(args2, args); console_print(L"%a:%d:%a() ", file, line, func); efi_status = VPrint(fmt, args2); - va_end(args2); + elf_va_end(args2); } return efi_status; } -EFI_STATUS -VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, va_list args) +EFI_STATUS EFIAPI +VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, elf_va_list args) { - va_list args2; + elf_va_list args2; CHAR16 **newerrs; newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs), @@ -39,11 +38,11 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, va_li newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func); if (!newerrs[nerrs]) return EFI_OUT_OF_RESOURCES; - va_copy(args2, args); + elf_va_copy(args2, args); newerrs[nerrs+1] = VPoolPrint(fmt, args2); if (!newerrs[nerrs+1]) return EFI_OUT_OF_RESOURCES; - va_end(args2); + elf_va_end(args2); nerrs += 2; newerrs[nerrs] = NULL; @@ -52,15 +51,15 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, va_li return EFI_SUCCESS; } -EFI_STATUS +EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...) { - va_list args; + elf_va_list args; EFI_STATUS efi_status; - va_start(args, fmt); + elf_va_start(args, fmt); efi_status = VLogError(file, line, func, fmt, args); - va_end(args); + elf_va_end(args); return efi_status; } diff --git a/fallback.c b/fallback.c index fc81c5e4..ba90bb3b 100644 --- a/fallback.c +++ b/fallback.c @@ -3,10 +3,6 @@ * Copyright Red Hat, Inc. * Copyright Peter Jones */ - -#include -#include - #include "shim.h" #define NO_REBOOT L"FB_NO_REBOOT" diff --git a/httpboot.c b/httpboot.c index bedb99d2..fe08f3f7 100644 --- a/httpboot.c +++ b/httpboot.c @@ -7,10 +7,6 @@ * (http://tianocore.sf.net) and are Copyright 2009-2012 Intel * Corporation. */ - -#include -#include - #include "shim.h" static UINTN diff --git a/include/console.h b/include/console.h index b2ab5fe4..d8af3cd3 100644 --- a/include/console.h +++ b/include/console.h @@ -17,9 +17,9 @@ EFI_STATUS console_get_keystroke(EFI_INPUT_KEY *key); -UINTN +UINTN EFIAPI console_print(const CHAR16 *fmt, ...); -UINTN +UINTN EFIAPI console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...); void console_print_box_at(CHAR16 *str_arr[], int highlight, @@ -101,8 +101,8 @@ extern UINT32 verbose; #define dprint(fmt, ...) \ dprint_(L"%a:%d:%a() " fmt, __FILE__, __LINE__ - 1, __func__, \ ##__VA_ARGS__) -extern EFI_STATUS -vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, va_list args); +extern EFI_STATUS EFIAPI vdprint_(const CHAR16 *fmt, const char *file, int line, + const char *func, elf_va_list args); #define vdprint(fmt, ...) \ vdprint_(fmt, __FILE__, __LINE__ - 1, __func__, ##__VA_ARGS__) diff --git a/include/hexdump.h b/include/hexdump.h index 8b8b4557..36d77ec4 100644 --- a/include/hexdump.h +++ b/include/hexdump.h @@ -3,7 +3,8 @@ #ifndef STATIC_HEXDUMP_H #define STATIC_HEXDUMP_H -#include +#include "shim.h" +#include "include/console.h" static inline unsigned long UNUSED prepare_hex(const void *data, size_t size, char *buf, unsigned int position) @@ -80,8 +81,9 @@ prepare_text(const void *data, size_t size, char *buf, unsigned int position) * variadic hexdump formatted * think of it as: printf("%s%s\n", vformat(fmt, ap), hexdump(data,size)); */ -static inline void UNUSED -vhexdumpf(const char *file, int line, const char *func, const CHAR16 * const fmt, const void *data, unsigned long size, size_t at, va_list ap) +static inline void UNUSED EFIAPI +vhexdumpf(const char *file, int line, const char *func, const CHAR16 *const fmt, + const void *data, unsigned long size, size_t at, elf_va_list ap) { unsigned long display_offset = at; unsigned long offset = 0; @@ -115,13 +117,14 @@ vhexdumpf(const char *file, int line, const char *func, const CHAR16 * const fmt * think of it as: printf("%s%s", format(fmt, ...), hexdump(data,size)[lineN]); */ static inline void UNUSED -hexdumpf(const char *file, int line, const char *func, const CHAR16 * const fmt, const void *data, unsigned long size, size_t at, ...) +hexdumpf(const char *file, int line, const char *func, const CHAR16 *const fmt, + const void *data, unsigned long size, size_t at, ...) { - va_list ap; + elf_va_list ap; - va_start(ap, at); + elf_va_start(ap, at); vhexdumpf(file, line, func, fmt, data, size, at, ap); - va_end(ap); + elf_va_end(ap); } static inline void UNUSED diff --git a/include/system/alloca.h b/include/system/alloca.h new file mode 100644 index 00000000..dc11b60d --- /dev/null +++ b/include/system/alloca.h @@ -0,0 +1,10 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _ALLOCA_H +#define _ALLOCA_H + +#endif /* !_ALLOCA_H */ +#endif +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/ctype.h b/include/system/ctype.h new file mode 100644 index 00000000..c771bb69 --- /dev/null +++ b/include/system/ctype.h @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/* + * ctype.h - standard ctype functions + */ +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _CTYPE_H +#define _CTYPE_H + + +#endif /* !_CTYPE_H */ +#endif /* !SHIM_UNIT_TEST */ +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/inttypes.h b/include/system/inttypes.h new file mode 100644 index 00000000..a35b0090 --- /dev/null +++ b/include/system/inttypes.h @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _INTTYPES_H +#define _INTTYPES_H + +#include +#include + +#endif /* !INTTYPES_H_ */ +#endif +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/stdarg.h b/include/system/stdarg.h new file mode 100644 index 00000000..346b760d --- /dev/null +++ b/include/system/stdarg.h @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/* + * stdarg.h - try to make consistent va_* handling for EFI + */ +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _STDARG_H +#define _STDARG_H + +#include + +#endif /* !_STDARG_H */ +#endif +#ifndef SHIM_STDARG_H_ +#define SHIM_STDARG_H_ + +typedef __builtin_ms_va_list ms_va_list; +#define ms_va_copy(dest, start) __builtin_ms_va_copy(dest, start) +#define ms_va_start(marker, arg) __builtin_ms_va_start(marker, arg) +#define ms_va_arg(marker, type) __builtin_va_arg(marker, type) +#define ms_va_end(marker) __builtin_ms_va_end(marker) + +typedef __builtin_va_list elf_va_list; +#define elf_va_copy(dest, start) __builtin_va_copy(dest, start) +#define elf_va_start(marker, arg) __builtin_va_start(marker, arg) +#define elf_va_arg(marker, type) __builtin_va_arg(marker, type) +#define elf_va_end(marker) __builtin_va_end(marker) + +#endif /* !SHIM_STDARG_H_ */ +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/stdio.h b/include/system/stdio.h new file mode 100644 index 00000000..6ea60d71 --- /dev/null +++ b/include/system/stdio.h @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/* + * stdio.h - sigh + */ +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _STDIO_H +#define _STDIO_H + +#endif /* !_STDIO_H */ +#endif +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/stdlib.h b/include/system/stdlib.h new file mode 100644 index 00000000..f2660f63 --- /dev/null +++ b/include/system/stdlib.h @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _STDLIB_H +#define _STDLIB_H + +/* + * I don't know why, but openssl expects to get size_t from stdlib.h + * instead of stddef.h, so... whatever. + */ +#include + +#endif /* !_STDLIB_H */ +#endif +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/string.h b/include/system/string.h new file mode 100644 index 00000000..21e46c1d --- /dev/null +++ b/include/system/string.h @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _STRING_H +#define _STRING_H + +#include + +__typeof__(__builtin_memset) memset; +__typeof__(__builtin_memcpy) memcpy; + +#endif /* _STRING_H */ +#endif diff --git a/include/system/strings.h b/include/system/strings.h new file mode 100644 index 00000000..c82bd917 --- /dev/null +++ b/include/system/strings.h @@ -0,0 +1,10 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _STRINGS_H +#define _STRINGS_H + +#endif /* !_STRINGS_H */ +#endif +// vim:fenc=utf-8:tw=75:noet diff --git a/include/test.h b/include/test.h index 6fc178ba..8a970fd2 100644 --- a/include/test.h +++ b/include/test.h @@ -11,13 +11,13 @@ #include #if defined(__aarch64__) -#include +#include #elif defined(__arm__) #include #elif defined(__i386__) || defined(__i486__) || defined(__i686__) #include #elif defined(__x86_64__) -#include +#include #else #error what arch is this #endif diff --git a/lib/Makefile b/lib/Makefile index d9188c74..63893c3e 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -2,9 +2,44 @@ TARGET = lib.a LIBFILES = $(foreach x,$(wildcard *.c),$(patsubst %.c,%.o,$(x))) +CRYPTDIR = $(TOPDIR)/Cryptlib + INCLUDES = $(EFI_INCLUDES) \ - -I$(TOPDIR)/../include \ - -I$(TOPDIR)/CryptLib/Include/openssl/ + -I$(TOPDIR)/include \ + -I$(CRYPTDIR)/Include/openssl/ \ + -I$(CRYPTDIR)/Include/ \ + -I$(CRYPTDIR) \ + -I$(TOPDIR) \ + -isystem $(TOPDIR)/include/system \ + -isystem $(shell $(CC) -print-file-name=include) + +CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) + +ifeq ($(ARCH),x86_64) +FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) +DEFINES += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ + -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 +endif +ifeq ($(ARCH),ia32) +FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) +DEFINES += -DMDE_CPU_IA32 +endif +ifeq ($(ARCH),aarch64) +DEFINES += -DMDE_CPU_AARCH64 +endif +ifeq ($(ARCH),arm) +DEFINES += -DMDE_CPU_ARM +endif + +LDFLAGS = -nostdlib -znocombreloc + + +CFLAGS = $(FEATUREFLAGS) \ + $(OPTIMIZATIONS) \ + $(WARNFLAGS) \ + $(WERRFLAGS) \ + $(INCLUDES) \ + $(DEFINES) lib.a: $(LIBFILES) $(AR) rcs lib.a $(LIBFILES) diff --git a/lib/configtable.c b/lib/configtable.c index 8675fad1..66e97f63 100644 --- a/lib/configtable.c +++ b/lib/configtable.c @@ -4,9 +4,6 @@ * * read some platform configuration tables */ -#include -#include - #include "shim.h" void * diff --git a/lib/console.c b/lib/console.c index ffa8ea5c..32c6d55d 100644 --- a/lib/console.c +++ b/lib/console.c @@ -3,11 +3,6 @@ * Copyright 2012 * Copyright 2013 Red Hat Inc. */ -#include -#include -#include -#include - #include "shim.h" static UINT8 console_text_mode = 0; @@ -88,27 +83,27 @@ VOID console_fini(VOID) setup_console(0); } -UINTN +UINTN EFIAPI console_print(const CHAR16 *fmt, ...) { - va_list args; + elf_va_list args; UINTN ret; if (!console_text_mode) setup_console(1); - va_start(args, fmt); + elf_va_start(args, fmt); ret = VPrint(fmt, args); - va_end(args); + elf_va_end(args); return ret; } -UINTN +UINTN EFIAPI console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) { SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; - va_list args; + elf_va_list args; UINTN ret; if (!console_text_mode) @@ -116,9 +111,9 @@ console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) co->SetCursorPosition(co, col, row); - va_start(args, fmt); + elf_va_start(args, fmt); ret = VPrint(fmt, args); - va_end(args); + elf_va_end(args); return ret; } diff --git a/lib/execute.c b/lib/execute.c index f57a6321..642f94a3 100644 --- a/lib/execute.c +++ b/lib/execute.c @@ -3,10 +3,6 @@ * Copyright 2012 * Code Copyright 2012 Red Hat, Inc */ - -#include -#include - #include "shim.h" EFI_STATUS diff --git a/lib/print_crypto.c b/lib/print_crypto.c index 39dfd2c0..ccdb65b1 100644 --- a/lib/print_crypto.c +++ b/lib/print_crypto.c @@ -2,11 +2,6 @@ /* * Copyright 2019 SUSE LLC */ - -#include -#include -#include - #include "shim.h" #include diff --git a/lib/security_policy.c b/lib/security_policy.c index 6a9b13ed..6c42cc14 100644 --- a/lib/security_policy.c +++ b/lib/security_policy.c @@ -4,10 +4,6 @@ * * Install and remove a platform security2 override policy */ - -#include -#include - #include "shim.h" #if defined(OVERRIDE_SECURITY_POLICY) diff --git a/lib/shell.c b/lib/shell.c index 87f279d6..146d9a21 100644 --- a/lib/shell.c +++ b/lib/shell.c @@ -4,9 +4,6 @@ * * misc shell helper functions */ -#include -#include - #include "shim.h" EFI_STATUS diff --git a/lib/simple_file.c b/lib/simple_file.c index e6544709..5fd3e1a6 100644 --- a/lib/simple_file.c +++ b/lib/simple_file.c @@ -2,10 +2,6 @@ /* * Copyright 2012 */ - -#include -#include - #include "shim.h" EFI_STATUS diff --git a/lib/variables.c b/lib/variables.c index 6db069ef..57875e26 100644 --- a/lib/variables.c +++ b/lib/variables.c @@ -10,9 +10,6 @@ * Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.
* */ -#include -#include - #include "shim.h" EFI_STATUS diff --git a/mok.c b/mok.c index ac0276ec..6bd506be 100644 --- a/mok.c +++ b/mok.c @@ -6,10 +6,6 @@ #include "shim.h" -#include - -#include "hexdump.h" - /* * Check if a variable exists */ diff --git a/netboot.c b/netboot.c index 25a6df7f..450e9def 100644 --- a/netboot.c +++ b/netboot.c @@ -13,8 +13,6 @@ #include "shim.h" -#include - #define ntohs(x) __builtin_bswap16(x) /* supported both by GCC and clang */ #define htons(x) ntohs(x) diff --git a/pe.c b/pe.c index 45dd4714..73b05a51 100644 --- a/pe.c +++ b/pe.c @@ -5,7 +5,6 @@ */ #include "shim.h" -#include "hexdump.h" #include #include diff --git a/replacements.c b/replacements.c index 69dbd5a2..278a8e78 100644 --- a/replacements.c +++ b/replacements.c @@ -18,11 +18,6 @@ * National Security Policy and Scientific Developments, November 20, * 1969. */ - -#include -#include -#include - #include "shim.h" static EFI_SYSTEM_TABLE *systab; diff --git a/sbat.c b/sbat.c index f46bb8ab..d8750962 100644 --- a/sbat.c +++ b/sbat.c @@ -4,7 +4,6 @@ */ #include "shim.h" -#include "string.h" EFI_STATUS parse_sbat_section(char *section_base, size_t section_size, diff --git a/shim.c b/shim.c index 32bc3e81..6f627b1f 100644 --- a/shim.c +++ b/shim.c @@ -12,7 +12,6 @@ */ #include "shim.h" -#include "hexdump.h" #if defined(ENABLE_SHIM_CERT) #include "shim_cert.h" #endif /* defined(ENABLE_SHIM_CERT) */ diff --git a/shim.h b/shim.h index d28e16b7..61dafa82 100644 --- a/shim.h +++ b/shim.h @@ -26,6 +26,14 @@ #endif #endif +#include +#include +#include +#include +#include +#include +#include + #ifndef SHIM_UNIT_TEST #include #include @@ -34,9 +42,6 @@ #include #endif -#include -#include - #ifdef SHIM_UNIT_TEST #include "include/test.h" #endif @@ -158,9 +163,14 @@ #include "include/tpm.h" #include "include/ucs2.h" #include "include/variables.h" +#include "include/hexdump.h" #include "version.h" +#ifndef SHIM_UNIT_TEST +#include "Cryptlib/Include/OpenSslSupport.h" +#endif + INTERFACE_DECL(_SHIM_LOCK); typedef @@ -196,9 +206,12 @@ typedef struct _SHIM_LOCK { extern EFI_STATUS shim_init(void); extern void shim_fini(void); -extern EFI_STATUS LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...); -extern EFI_STATUS VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, va_list args); -extern VOID LogHexdump_(const char *file, int line, const char *func, const void *data, size_t sz); +extern EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func, + const CHAR16 *fmt, ...); +extern EFI_STATUS EFIAPI VLogError(const char *file, int line, const char *func, + const CHAR16 *fmt, elf_va_list args); +extern VOID LogHexdump_(const char *file, int line, const char *func, + const void *data, size_t sz); extern VOID PrintErrors(VOID); extern VOID ClearErrors(VOID); extern VOID restore_loaded_image(VOID); diff --git a/test.c b/test.c index b21e2191..aa0da1fd 100644 --- a/test.c +++ b/test.c @@ -12,7 +12,8 @@ UINT8 in_protocol = 0; int debug = DEFAULT_DEBUG_PRINT_STATE; -EFI_STATUS LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...) +EFI_STATUS EFIAPI +LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...) { assert(0); return EFI_SUCCESS; diff --git a/tpm.c b/tpm.c index e1fcb8be..808e0444 100644 --- a/tpm.c +++ b/tpm.c @@ -1,10 +1,4 @@ // SPDX-License-Identifier: BSD-2-Clause-Patent - -#include -#include -#include -#include - #include "shim.h" typedef struct { -- cgit v1.2.3 From 78809820b5a3f79a0bfbec00e630e40011acf4ec Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 9 Mar 2021 12:16:23 -0500 Subject: Fix Cryptlib's va_* definitions. Some time ago, commit e571428e212 ("Update to openssl to 1.0.2e") changed the way we define the va_* (and VA_*) functions and macros. Unfortunately, it only changed for some parts of the tree, and the different parts of the tree need to both call each other and use the same types in all cases. Additionally, they need to all be able to call gnu-efi functions such as VPrint, which means they need the same va_list type definitions everywhere. This partially reverts that patch, adding EFIAPI back and unsetting NO_BUILTIN_VA_FUNCS everywhere. --- Cryptlib/Include/openssl/bio.h | 9 +++++---- Cryptlib/Include/openssl/err.h | 4 ++-- Cryptlib/OpenSSL/crypto/bio/b_print.c | 8 ++++---- Cryptlib/OpenSSL/crypto/cryptlib.c | 4 ++-- Cryptlib/OpenSSL/crypto/cryptlib.h | 2 +- Cryptlib/OpenSSL/crypto/err/err.c | 4 ++-- Make.defaults | 2 +- 7 files changed, 17 insertions(+), 16 deletions(-) (limited to 'Cryptlib/OpenSSL') diff --git a/Cryptlib/Include/openssl/bio.h b/Cryptlib/Include/openssl/bio.h index 8f2438cd..2efa873d 100644 --- a/Cryptlib/Include/openssl/bio.h +++ b/Cryptlib/Include/openssl/bio.h @@ -59,6 +59,7 @@ #ifndef HEADER_BIO_H # define HEADER_BIO_H +# include # include # ifndef OPENSSL_NO_FP_API @@ -791,13 +792,13 @@ void BIO_copy_next_retry(BIO *b); # else # define __bio_h__attr__(x) # endif -int BIO_printf(BIO *bio, const char *format, ...) +int EFIAPI BIO_printf(BIO *bio, const char *format, ...) __bio_h__attr__((__format__(__printf__, 2, 3))); -int BIO_vprintf(BIO *bio, const char *format, va_list args) +int EFIAPI BIO_vprintf(BIO *bio, const char *format, va_list args) __bio_h__attr__((__format__(__printf__, 2, 0))); -int BIO_snprintf(char *buf, size_t n, const char *format, ...) +int EFIAPI BIO_snprintf(char *buf, size_t n, const char *format, ...) __bio_h__attr__((__format__(__printf__, 3, 4))); -int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +int EFIAPI BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) __bio_h__attr__((__format__(__printf__, 3, 0))); # undef __bio_h__attr__ diff --git a/Cryptlib/Include/openssl/err.h b/Cryptlib/Include/openssl/err.h index 04c6cfc6..32da8c37 100644 --- a/Cryptlib/Include/openssl/err.h +++ b/Cryptlib/Include/openssl/err.h @@ -344,8 +344,8 @@ void ERR_print_errors_fp(FILE *fp); # ifndef OPENSSL_NO_BIO void ERR_print_errors(BIO *bp); # endif -void ERR_add_error_data(int num, ...); -void ERR_add_error_vdata(int num, va_list args); +void EFIAPI ERR_add_error_data(int num, ...); +void EFIAPI ERR_add_error_vdata(int num, va_list args); void ERR_load_strings(int lib, ERR_STRING_DATA str[]); void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); void ERR_load_ERR_strings(void); diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c index 2d303ee8..34c8fca7 100644 --- a/Cryptlib/OpenSSL/crypto/bio/b_print.c +++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c @@ -797,7 +797,7 @@ doapr_outch(char **sbuffer, /***************************************************************************/ -int BIO_printf(BIO *bio, const char *format, ...) +int EFIAPI BIO_printf(BIO *bio, const char *format, ...) { va_list args; int ret; @@ -810,7 +810,7 @@ int BIO_printf(BIO *bio, const char *format, ...) return (ret); } -int BIO_vprintf(BIO *bio, const char *format, va_list args) +int EFIAPI BIO_vprintf(BIO *bio, const char *format, va_list args) { int ret; size_t retlen; @@ -845,7 +845,7 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args) * closely related to BIO_printf, and we need *some* name prefix ... (XXX the * function should be renamed, but to what?) */ -int BIO_snprintf(char *buf, size_t n, const char *format, ...) +int EFIAPI BIO_snprintf(char *buf, size_t n, const char *format, ...) { va_list args; int ret; @@ -858,7 +858,7 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...) return (ret); } -int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +int EFIAPI BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) { size_t retlen; int truncated; diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c index da4b34dc..23f58fa9 100644 --- a/Cryptlib/OpenSSL/crypto/cryptlib.c +++ b/Cryptlib/OpenSSL/crypto/cryptlib.c @@ -866,7 +866,7 @@ int OPENSSL_isservice(void) } # endif -void OPENSSL_showfatal(const char *fmta, ...) +void EFIAPI OPENSSL_showfatal(const char *fmta, ...) { va_list ap; TCHAR buf[256]; @@ -979,7 +979,7 @@ void OPENSSL_showfatal(const char *fmta, ...) MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR); } #else -void OPENSSL_showfatal(const char *fmta, ...) +void EFIAPI OPENSSL_showfatal(const char *fmta, ...) { #ifndef OPENSSL_NO_STDIO va_list ap; diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.h b/Cryptlib/OpenSSL/crypto/cryptlib.h index 3e3ea5e3..2bce19ff 100644 --- a/Cryptlib/OpenSSL/crypto/cryptlib.h +++ b/Cryptlib/OpenSSL/crypto/cryptlib.h @@ -100,7 +100,7 @@ extern "C" { void OPENSSL_cpuid_setup(void); extern unsigned int OPENSSL_ia32cap_P[]; -void OPENSSL_showfatal(const char *fmta, ...); +void EFIAPI OPENSSL_showfatal(const char *fmta, ...); #ifndef OPENSSL_NO_STDIO void *OPENSSL_stderr(void); #endif diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c index 52dc9a5d..d0752adf 100644 --- a/Cryptlib/OpenSSL/crypto/err/err.c +++ b/Cryptlib/OpenSSL/crypto/err/err.c @@ -1075,7 +1075,7 @@ void ERR_set_error_data(char *data, int flags) es->err_data_flags[i] = flags; } -void ERR_add_error_data(int num, ...) +void EFIAPI ERR_add_error_data(int num, ...) { va_list args; va_start(args, num); @@ -1083,7 +1083,7 @@ void ERR_add_error_data(int num, ...) va_end(args); } -void ERR_add_error_vdata(int num, va_list args) +void EFIAPI ERR_add_error_vdata(int num, va_list args) { int i, n, s; char *str, *p, *a; diff --git a/Make.defaults b/Make.defaults index ebb9e3c3..50164ae8 100644 --- a/Make.defaults +++ b/Make.defaults @@ -54,7 +54,7 @@ ifeq ($(ARCH),x86_64) ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \ $(CLANG_BUGS) -m64 \ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 \ + -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 \ -DPAGE_SIZE=4096 ARCH_GNUEFI ?= x86_64 ARCH_SUFFIX ?= x64 -- cgit v1.2.3 From 9beca885c29c77bb901547321a5ce6fd3c9c8ee3 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 9 Mar 2021 14:40:03 -0500 Subject: Fix stdarg to work the same everywhere. This gets us the same working definition for VA_* va_* etc everywhere, and it's the same definition edk2 is using. Signed-off-by: Peter Jones --- Cryptlib/Include/OpenSslSupport.h | 125 ++++++-------------------------------- Cryptlib/Library/BaseLib.h | 16 +++++ Cryptlib/Makefile | 3 +- Cryptlib/OpenSSL/Makefile | 3 +- Make.defaults | 4 +- errlog.c | 24 ++++---- include/console.h | 2 +- include/hexdump.h | 10 +-- include/system/efistdarg.h | 15 +++++ include/system/stdarg.h | 41 ++++++++----- lib/Makefile | 3 +- lib/console.c | 12 ++-- shim.h | 23 +++++-- 13 files changed, 120 insertions(+), 161 deletions(-) create mode 100644 include/system/efistdarg.h (limited to 'Cryptlib/OpenSSL') diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index 6bb7ba64..1f475a32 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -15,6 +15,22 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #ifndef __OPEN_SSL_SUPPORT_H__ #define __OPEN_SSL_SUPPORT_H__ +#if defined(__x86_64__) +/* shim.h will check if the compiler is new enough in some other CU */ + +#if !defined(GNU_EFI_USE_EXTERNAL_STDARG) +#define GNU_EFI_USE_EXTERNAL_STDARG +#endif + +#if !defined(GNU_EFI_USE_MS_ABI) +#define GNU_EFI_USE_MS_ABI +#endif + +#ifdef NO_BUILTIN_VA_FUNCS +#undef NO_BUILTIN_VA_FUNCS +#endif +#endif + /* * Include stddef.h to avoid redefining "offsetof" */ @@ -64,113 +80,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // typedef VOID *FILE; -// -// Map all va_xxxx elements to VA_xxx defined in MdePkg/Include/Base.h -// -#if !defined(__CC_ARM) || defined(_STDARG_H) // if va_list is not already defined -/* - * These are now unconditionally #defined by GNU_EFI's efistdarg.h, - * so we should #undef them here before providing a new definition. - */ -#undef va_arg -#undef va_start -#undef va_end - -#define va_list VA_LIST -#define va_arg VA_ARG -#define va_start VA_START -#define va_end VA_END - -# if !defined(NO_BUILTIN_VA_FUNCS) - -typedef __builtin_va_list VA_LIST; - -#define VA_START(Marker, Parameter) __builtin_va_start (Marker, Parameter) - -#define VA_ARG(Marker, TYPE) ((sizeof (TYPE) < sizeof (UINTN)) ? (TYPE)(__builtin_va_arg (Marker, UINTN)) : (TYPE)(__builtin_va_arg (Marker, TYPE))) - -#define VA_END(Marker) __builtin_va_end (Marker) - -#define VA_COPY(Dest, Start) __builtin_va_copy (Dest, Start) - -# else - -#define _INT_SIZE_OF(n) ((sizeof (n) + sizeof (UINTN) - 1) &~(sizeof (UINTN) - 1)) -/// -/// Variable used to traverse the list of arguments. This type can vary by -/// implementation and could be an array or structure. -/// -typedef CHAR8 *VA_LIST; - -/** - Retrieves a pointer to the beginning of a variable argument list, based on - the name of the parameter that immediately precedes the variable argument list. - - This function initializes Marker to point to the beginning of the variable - argument list that immediately follows Parameter. The method for computing the - pointer to the next argument in the argument list is CPU-specific following the - EFIAPI ABI. - - @param Marker The VA_LIST used to traverse the list of arguments. - @param Parameter The name of the parameter that immediately precedes - the variable argument list. - - @return A pointer to the beginning of a variable argument list. - -**/ -#define VA_START(Marker, Parameter) (Marker = (VA_LIST) ((UINTN) & (Parameter) + _INT_SIZE_OF (Parameter))) - -/** - Returns an argument of a specified type from a variable argument list and updates - the pointer to the variable argument list to point to the next argument. - - This function returns an argument of the type specified by TYPE from the beginning - of the variable argument list specified by Marker. Marker is then updated to point - to the next argument in the variable argument list. The method for computing the - pointer to the next argument in the argument list is CPU-specific following the EFIAPI ABI. - - @param Marker VA_LIST used to traverse the list of arguments. - @param TYPE The type of argument to retrieve from the beginning - of the variable argument list. - - @return An argument of the type specified by TYPE. - -**/ -#define VA_ARG(Marker, TYPE) (*(TYPE *) ((Marker += _INT_SIZE_OF (TYPE)) - _INT_SIZE_OF (TYPE))) - -/** - Terminates the use of a variable argument list. - - This function initializes Marker so it can no longer be used with VA_ARG(). - After this macro is used, the only way to access the variable argument list is - by using VA_START() again. - - @param Marker VA_LIST used to traverse the list of arguments. - -**/ -#define VA_END(Marker) (Marker = (VA_LIST) 0) - -/** - Initializes a VA_LIST as a copy of an existing VA_LIST. - - This macro initializes Dest as a copy of Start, as if the VA_START macro had been applied to Dest - followed by the same sequence of uses of the VA_ARG macro as had previously been used to reach - the present state of Start. - - @param Dest VA_LIST used to traverse the list of arguments. - @param Start VA_LIST used to traverse the list of arguments. - -**/ -#define VA_COPY(Dest, Start) ((void)((Dest) = (Start))) - -# endif - -#else // __CC_ARM -#define va_start(Marker, Parameter) __va_start(Marker, Parameter) -#define va_arg(Marker, TYPE) __va_arg(Marker, TYPE) -#define va_end(Marker) ((void)0) -#endif - // // #defines from EFI Application Toolkit required to buiild Open SSL // @@ -318,7 +227,7 @@ size_t fwrite (const void *, size_t, size_t, FILE *); char *fgets (char *, int, FILE *); int fputs (const char *, FILE *); int fprintf (FILE *, const char *, ...); -int vfprintf (FILE *, const char *, VA_LIST); +int vfprintf (FILE *, const char *, va_list); int fflush (FILE *); int fclose (FILE *); DIR *opendir (const char *); diff --git a/Cryptlib/Library/BaseLib.h b/Cryptlib/Library/BaseLib.h index 93d5c691..94b25c93 100644 --- a/Cryptlib/Library/BaseLib.h +++ b/Cryptlib/Library/BaseLib.h @@ -1,3 +1,19 @@ +#if defined(__x86_64__) +/* shim.h will check if the compiler is new enough in some other CU */ + +#if !defined(GNU_EFI_USE_EXTERNAL_STDARG) +#define GNU_EFI_USE_EXTERNAL_STDARG +#endif + +#if !defined(GNU_EFI_USE_MS_ABI) +#define GNU_EFI_USE_MS_ABI +#endif + +#ifdef NO_BUILTIN_VA_FUNCS +#undef NO_BUILTIN_VA_FUNCS +#endif +#endif + #include #include diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 27614618..547fd106 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -22,8 +22,7 @@ CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) ifeq ($(ARCH),x86_64) FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) -DEFINES += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 +DEFINES += -DMDE_CPU_X64 endif ifeq ($(ARCH),ia32) FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 294e889a..1b8ca318 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -36,8 +36,7 @@ CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) ifeq ($(ARCH),x86_64) FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) -DEFINES += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 +DEFINES += -DMDE_CPU_X64 endif ifeq ($(ARCH),ia32) FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) diff --git a/Make.defaults b/Make.defaults index 50164ae8..f956c005 100644 --- a/Make.defaults +++ b/Make.defaults @@ -53,9 +53,7 @@ COMMIT_ID ?= $(shell if [ -e .git ] ; then git log -1 --pretty=format:%H ; elif ifeq ($(ARCH),x86_64) ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \ $(CLANG_BUGS) -m64 \ - -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 \ - -DPAGE_SIZE=4096 + -DMDE_CPU_X64 -DPAGE_SIZE=4096 ARCH_GNUEFI ?= x86_64 ARCH_SUFFIX ?= x64 ARCH_SUFFIX_UPPER ?= X64 diff --git a/errlog.c b/errlog.c index 16af23b0..ac657151 100644 --- a/errlog.c +++ b/errlog.c @@ -10,24 +10,26 @@ static CHAR16 **errs = NULL; static UINTN nerrs = 0; EFI_STATUS EFIAPI -vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, elf_va_list args) +vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, + va_list args) { - elf_va_list args2; + va_list args2; EFI_STATUS efi_status = EFI_SUCCESS; if (verbose) { - elf_va_copy(args2, args); + va_copy(args2, args); console_print(L"%a:%d:%a() ", file, line, func); efi_status = VPrint(fmt, args2); - elf_va_end(args2); + va_end(args2); } return efi_status; } EFI_STATUS EFIAPI -VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, elf_va_list args) +VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, + va_list args) { - elf_va_list args2; + va_list args2; CHAR16 **newerrs; newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs), @@ -38,11 +40,11 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, elf_v newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func); if (!newerrs[nerrs]) return EFI_OUT_OF_RESOURCES; - elf_va_copy(args2, args); + va_copy(args2, args); newerrs[nerrs+1] = VPoolPrint(fmt, args2); if (!newerrs[nerrs+1]) return EFI_OUT_OF_RESOURCES; - elf_va_end(args2); + va_end(args2); nerrs += 2; newerrs[nerrs] = NULL; @@ -54,12 +56,12 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, elf_v EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...) { - elf_va_list args; + va_list args; EFI_STATUS efi_status; - elf_va_start(args, fmt); + va_start(args, fmt); efi_status = VLogError(file, line, func, fmt, args); - elf_va_end(args); + va_end(args); return efi_status; } diff --git a/include/console.h b/include/console.h index d8af3cd3..00982744 100644 --- a/include/console.h +++ b/include/console.h @@ -102,7 +102,7 @@ extern UINT32 verbose; dprint_(L"%a:%d:%a() " fmt, __FILE__, __LINE__ - 1, __func__, \ ##__VA_ARGS__) extern EFI_STATUS EFIAPI vdprint_(const CHAR16 *fmt, const char *file, int line, - const char *func, elf_va_list args); + const char *func, va_list args); #define vdprint(fmt, ...) \ vdprint_(fmt, __FILE__, __LINE__ - 1, __func__, ##__VA_ARGS__) diff --git a/include/hexdump.h b/include/hexdump.h index a6aa2bfa..f778de9a 100644 --- a/include/hexdump.h +++ b/include/hexdump.h @@ -81,7 +81,7 @@ prepare_text(const void *data, size_t size, char *buf, unsigned int position) */ static inline void UNUSED EFIAPI vhexdumpf(const char *file, int line, const char *func, const CHAR16 *const fmt, - const void *data, unsigned long size, size_t at, elf_va_list ap) + const void *data, unsigned long size, size_t at, va_list ap) { unsigned long display_offset = at; unsigned long offset = 0; @@ -114,15 +114,15 @@ vhexdumpf(const char *file, int line, const char *func, const CHAR16 *const fmt, * hexdump formatted * think of it as: printf("%s%s", format(fmt, ...), hexdump(data,size)[lineN]); */ -static inline void UNUSED +static inline void UNUSED EFIAPI hexdumpf(const char *file, int line, const char *func, const CHAR16 *const fmt, const void *data, unsigned long size, size_t at, ...) { - elf_va_list ap; + va_list ap; - elf_va_start(ap, at); + va_start(ap, at); vhexdumpf(file, line, func, fmt, data, size, at, ap); - elf_va_end(ap); + va_end(ap); } static inline void UNUSED diff --git a/include/system/efistdarg.h b/include/system/efistdarg.h new file mode 100644 index 00000000..837c4f23 --- /dev/null +++ b/include/system/efistdarg.h @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/* + * efistdarg.h - AAAARGGGG + * Copyright Peter Jones + */ + +#ifndef SHIM_UNIT_TEST +#ifndef _EFISTDARG_H_ +#define _EFISTDARG_H_ + +#include + +#endif /* !_EFISTDARG_H_ */ +#endif +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/stdarg.h b/include/system/stdarg.h index 346b760d..af1ac59b 100644 --- a/include/system/stdarg.h +++ b/include/system/stdarg.h @@ -8,24 +8,33 @@ #ifndef _STDARG_H #define _STDARG_H -#include - -#endif /* !_STDARG_H */ +#ifndef GNU_EFI_USE_EXTERNAL_STDARG +#define GNU_EFI_USE_EXTERNAL_STDARG #endif -#ifndef SHIM_STDARG_H_ -#define SHIM_STDARG_H_ -typedef __builtin_ms_va_list ms_va_list; -#define ms_va_copy(dest, start) __builtin_ms_va_copy(dest, start) -#define ms_va_start(marker, arg) __builtin_ms_va_start(marker, arg) -#define ms_va_arg(marker, type) __builtin_va_arg(marker, type) -#define ms_va_end(marker) __builtin_ms_va_end(marker) +#if defined(__aarch64__) || defined(__arm__) || defined(__i386__) || \ + defined(__i486__) || defined(__i686__) || defined(SHIM_UNIT_TEST) +typedef __builtin_va_list va_list; +#define va_copy(dest, start) __builtin_va_copy(dest, start) +#define va_start(marker, arg) __builtin_va_start(marker, arg) +#define va_arg(marker, type) __builtin_va_arg(marker, type) +#define va_end(marker) __builtin_va_end(marker) +#elif defined(__x86_64__) +typedef __builtin_ms_va_list va_list; +#define va_copy(dest, start) __builtin_ms_va_copy(dest, start) +#define va_start(marker, arg) __builtin_ms_va_start(marker, arg) +#define va_arg(marker, type) __builtin_va_arg(marker, type) +#define va_end(marker) __builtin_ms_va_end(marker) +#else +#error what arch is this +#endif -typedef __builtin_va_list elf_va_list; -#define elf_va_copy(dest, start) __builtin_va_copy(dest, start) -#define elf_va_start(marker, arg) __builtin_va_start(marker, arg) -#define elf_va_arg(marker, type) __builtin_va_arg(marker, type) -#define elf_va_end(marker) __builtin_va_end(marker) +typedef va_list VA_LIST; +#define VA_COPY(dest, start) va_copy(dest, start) +#define VA_START(marker, arg) va_start(marker, arg) +#define VA_END(marker) va_end(marker) +#define VA_ARG(marker, type) va_arg(marker, type) -#endif /* !SHIM_STDARG_H_ */ +#endif /* !_STDARG_H */ +#endif /* !SHIM_UNIT_TEST */ // vim:fenc=utf-8:tw=75:noet diff --git a/lib/Makefile b/lib/Makefile index 63893c3e..0d2d0a9d 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -17,8 +17,7 @@ CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) ifeq ($(ARCH),x86_64) FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) -DEFINES += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 +DEFINES += -DMDE_CPU_X64 endif ifeq ($(ARCH),ia32) FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) diff --git a/lib/console.c b/lib/console.c index 32c6d55d..2da20b31 100644 --- a/lib/console.c +++ b/lib/console.c @@ -86,15 +86,15 @@ VOID console_fini(VOID) UINTN EFIAPI console_print(const CHAR16 *fmt, ...) { - elf_va_list args; + va_list args; UINTN ret; if (!console_text_mode) setup_console(1); - elf_va_start(args, fmt); + va_start(args, fmt); ret = VPrint(fmt, args); - elf_va_end(args); + va_end(args); return ret; } @@ -103,7 +103,7 @@ UINTN EFIAPI console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) { SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; - elf_va_list args; + va_list args; UINTN ret; if (!console_text_mode) @@ -111,9 +111,9 @@ console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) co->SetCursorPosition(co, col, row); - elf_va_start(args, fmt); + va_start(args, fmt); ret = VPrint(fmt, args); - elf_va_end(args); + va_end(args); return ret; } diff --git a/shim.h b/shim.h index 3d2ac2d4..0ea182eb 100644 --- a/shim.h +++ b/shim.h @@ -17,20 +17,29 @@ #endif #if defined(__x86_64__) -#if !defined(GNU_EFI_USE_MS_ABI) -#error On x86_64 you must use ms_abi (GNU_EFI_USE_MS_ABI) in gnu-efi and shim. -#endif /* gcc 4.5.4 is the first documented release with -mabi=ms */ #if !GNUC_PREREQ(4, 7) && !CLANG_PREREQ(3, 4) #error On x86_64 you must have a compiler new enough to support __attribute__((__ms_abi__)) #endif + +#if !defined(GNU_EFI_USE_EXTERNAL_STDARG) +#define GNU_EFI_USE_EXTERNAL_STDARG +#endif + +#if !defined(GNU_EFI_USE_MS_ABI) +#define GNU_EFI_USE_MS_ABI +#endif + +#ifdef NO_BUILTIN_VA_FUNCS +#undef NO_BUILTIN_VA_FUNCS +#endif #endif #include #include #include #include -#include +#include #include #include @@ -40,6 +49,10 @@ #undef uefi_call_wrapper #include #include + +#if defined(__x86_64__) && !defined(HAVE_USE_MS_ABI) +#error something has gone wrong with the gnu-efi includes and defines +#endif #endif #ifdef SHIM_UNIT_TEST @@ -209,7 +222,7 @@ extern void shim_fini(void); extern EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...); extern EFI_STATUS EFIAPI VLogError(const char *file, int line, const char *func, - const CHAR16 *fmt, elf_va_list args); + const CHAR16 *fmt, va_list args); extern VOID LogHexdump_(const char *file, int line, const char *func, const void *data, size_t sz); extern VOID PrintErrors(VOID); -- cgit v1.2.3 From f5493df9c626a7436803d1e68b0118f4d041e0fa Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Tue, 9 Mar 2021 12:15:00 -0500 Subject: openssl: fix various build errors and warnings There were a couple cases of "uninitialized variable" warnings in the imported OpenSSL code; I used the current OpenSSL code as a guide for picking the default values used here. On my dev system there is one remaining build warning in OpenSSL's crypto/asn1/x_pkey.c:X509_PKEY_new() function. Unfortunately it involves some preprocessor crimes and the fix would be a bit ugly. Fortunately it appears the warning here is harmless and can be ignored. As a point of reference, my build system is a current Arch install with GCC v10.2.0 and GNU-EFI v 3.0.12. Signed-off-by: Paul Moore --- Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 3 ++- Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c | 2 +- Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) (limited to 'Cryptlib/OpenSSL') diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c index 1269a146..b27b0f68 100644 --- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c @@ -530,7 +530,8 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) { BIO *tmpmem; - int ret, i; + int ret = 0; /* current openssl sets 'ret' to zero here */ + int i; char *buf = NULL; if (!p7) { diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c index 951e1d5c..ddead3d7 100644 --- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c +++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c @@ -768,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, return 2; } +#ifndef OPENSSL_NO_CMS static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) { @@ -791,7 +792,6 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, return pss; } -#ifndef OPENSSL_NO_CMS static int rsa_cms_decrypt(CMS_RecipientInfo *ri) { EVP_PKEY_CTX *pkctx; diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c index 5bf3f07a..96f306b2 100644 --- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c @@ -984,7 +984,8 @@ static int check_cert(X509_STORE_CTX *ctx) { X509_CRL *crl = NULL, *dcrl = NULL; X509 *x; - int ok, cnum; + int ok = 0; /* current openssl sets 'ok' to zero here */ + int cnum; unsigned int last_reasons; cnum = ctx->error_depth; x = sk_X509_value(ctx->chain, cnum); -- cgit v1.2.3 From 1bc4bf063adf57a17e5d6d8dc6399f03080a0566 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 9 Mar 2021 17:15:53 -0500 Subject: make: use -Wextra (minus some obnoxious bits) gcc -Wextra, has a lot of good, useful checks, a few obnoxious checks, and a few absolutely insane checks. This enables -Wextra, but disables -Wmissing-field-initializers, because it is irrational nonsense that just leads to worse code. It also disables some specific things in the Cryptlib and Cryptlib/OpenSSL trees: Both: -Wno-unused-parameter - there are a fair number of functions that have to conform to some API or another but have arguments that are unused, but haven't been marked with UNUSED; we don't need to see warnings about them. Cryptlib/OpenSSL: -Wno-empty-body - functions that exist merely to populate some API -Wno-implicit-fallthrough - these probably should get fixed someday, but I bet upstream will do it and rebasing will solve it -Wno-old-style-declaration - this gripes if you write "const static" instead of "static const". Again I expect rebasing will fix it at some point. -Wno-unused-but-set-variable - self explanatory, and again, I expect a rebase to solve it someday. Signed-off-by: Peter Jones --- Cryptlib/Makefile | 2 ++ Cryptlib/OpenSSL/Makefile | 9 +++++---- Make.defaults | 8 +++++--- 3 files changed, 12 insertions(+), 7 deletions(-) (limited to 'Cryptlib/OpenSSL') diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 547fd106..89fd5cdc 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -11,6 +11,8 @@ INCLUDES = -I$(CRYPTDIR) -I$(CRYPTDIR)/Include \ -isystem $(TOPDIR)/include/system \ -isystem $(shell $(CC) -print-file-name=include) +WARNFLAGS += -Wno-unused-parameter + CFLAGS = $(FEATUREFLAGS) \ $(OPTIMIZATIONS) \ $(WARNFLAGS) \ diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 1b8ca318..2b96c385 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -20,10 +20,11 @@ INCLUDES = -I$(OSSLDIR) -I$(CRYPTDIR) -I$(OSSLDIR)/Include/ \ FEATUREFLAGS += -nostdinc -WERRFLAGS += -Wno-error=discarded-qualifiers \ - -Wno-error=maybe-uninitialized \ - -Wno-error=unused-function \ - -Wno-error=unused-but-set-variable +WARNFLAGS += -Wno-empty-body \ + -Wno-implicit-fallthrough \ + -Wno-old-style-declaration \ + -Wno-unused-but-set-variable \ + -Wno-unused-parameter CFLAGS = $(FEATUREFLAGS) \ $(OPTIMIZATIONS) \ diff --git a/Make.defaults b/Make.defaults index f956c005..20aa8cd4 100644 --- a/Make.defaults +++ b/Make.defaults @@ -118,12 +118,12 @@ $(call conditional-add-flag,$(COLOR),diagnostics-color,FEATUREFLAGS,-fdiagnostic override DEFAULT_WARNFLAGS = \ -Wall \ - -Wsign-compare + -Wextra \ + -Wno-missing-field-initializers $(call update-variable,WARNFLAGS) override DEFAULT_WERRFLAGS = \ - -Werror \ - -Werror=sign-compare + -Werror $(call update-variable,WERRFLAGS) CFLAGS = $(FEATUREFLAGS) \ @@ -186,3 +186,5 @@ endif ifneq ($(VERBOSE),) export VERBOSE endif + +# vim:filetype=make -- cgit v1.2.3 From df74fff124a84428c9717a89ff00ca0931d09c52 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 11 Mar 2021 11:40:46 -0500 Subject: openssl: nerf some -W flags for clang. Signed-off-by: Peter Jones --- Cryptlib/OpenSSL/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Cryptlib/OpenSSL') diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 2b96c385..795f471d 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -22,8 +22,8 @@ FEATUREFLAGS += -nostdinc WARNFLAGS += -Wno-empty-body \ -Wno-implicit-fallthrough \ - -Wno-old-style-declaration \ - -Wno-unused-but-set-variable \ + $(if $(findstring gcc,$(CC)),-Wno-old-style-declaration) \ + $(if $(findstring gcc,$(CC)),-Wno-unused-but-set-variable) \ -Wno-unused-parameter CFLAGS = $(FEATUREFLAGS) \ -- cgit v1.2.3 From 4457d79ce0ea638e7732f5529bf13849e290940d Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 11 Mar 2021 16:48:44 -0500 Subject: More va_* work Be much more explicit about exactly which va_* stuff comes from which ABI in both shim and gnu-efi. This fixes the problem where we see: | (null):0:(null)() v->name:"(null)" v->rtname:"(null)" | (null):0:(null)() v->data_size:0 v->data:0x0 and similar messages where everything is NULL. Signed-off-by: Peter Jones --- Cryptlib/Include/OpenSslSupport.h | 2 +- Cryptlib/Include/openssl/bio.h | 4 +- Cryptlib/Include/openssl/err.h | 2 +- Cryptlib/OpenSSL/crypto/bio/b_print.c | 66 ++++++++++++++--------------- Cryptlib/OpenSSL/crypto/err/err.c | 10 ++--- Makefile | 1 + errlog.c | 22 +++++----- gnu-efi | 2 +- include/console.h | 2 +- include/hexdump.h | 8 ++-- include/system/efistdarg.h | 4 ++ include/system/stdarg.h | 80 ++++++++++++++++++++++++++--------- lib/console.c | 12 +++--- shim.h | 3 +- 14 files changed, 132 insertions(+), 86 deletions(-) (limited to 'Cryptlib/OpenSSL') diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index 1f475a32..b97149e2 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -227,7 +227,7 @@ size_t fwrite (const void *, size_t, size_t, FILE *); char *fgets (char *, int, FILE *); int fputs (const char *, FILE *); int fprintf (FILE *, const char *, ...); -int vfprintf (FILE *, const char *, va_list); +int vfprintf (FILE *, const char *, ms_va_list); int fflush (FILE *); int fclose (FILE *); DIR *opendir (const char *); diff --git a/Cryptlib/Include/openssl/bio.h b/Cryptlib/Include/openssl/bio.h index 2efa873d..da8c6580 100644 --- a/Cryptlib/Include/openssl/bio.h +++ b/Cryptlib/Include/openssl/bio.h @@ -794,11 +794,11 @@ void BIO_copy_next_retry(BIO *b); # endif int EFIAPI BIO_printf(BIO *bio, const char *format, ...) __bio_h__attr__((__format__(__printf__, 2, 3))); -int EFIAPI BIO_vprintf(BIO *bio, const char *format, va_list args) +int EFIAPI BIO_vprintf(BIO *bio, const char *format, ms_va_list args) __bio_h__attr__((__format__(__printf__, 2, 0))); int EFIAPI BIO_snprintf(char *buf, size_t n, const char *format, ...) __bio_h__attr__((__format__(__printf__, 3, 4))); -int EFIAPI BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +int EFIAPI BIO_vsnprintf(char *buf, size_t n, const char *format, ms_va_list args) __bio_h__attr__((__format__(__printf__, 3, 0))); # undef __bio_h__attr__ diff --git a/Cryptlib/Include/openssl/err.h b/Cryptlib/Include/openssl/err.h index 32da8c37..5a019808 100644 --- a/Cryptlib/Include/openssl/err.h +++ b/Cryptlib/Include/openssl/err.h @@ -345,7 +345,7 @@ void ERR_print_errors_fp(FILE *fp); void ERR_print_errors(BIO *bp); # endif void EFIAPI ERR_add_error_data(int num, ...); -void EFIAPI ERR_add_error_vdata(int num, va_list args); +void EFIAPI ERR_add_error_vdata(int num, ms_va_list args); void ERR_load_strings(int lib, ERR_STRING_DATA str[]); void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); void ERR_load_ERR_strings(void); diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c index 34c8fca7..29da9036 100644 --- a/Cryptlib/OpenSSL/crypto/bio/b_print.c +++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c @@ -136,7 +136,7 @@ static int fmtfp(char **, char **, size_t *, size_t *, static int doapr_outch(char **, char **, size_t *, size_t *, int); static int EFIAPI _dopr(char **sbuffer, char **buffer, size_t *maxlen, size_t *retlen, int *truncated, - const char *format, va_list args); + const char *format, ms_va_list args); /* format read states */ #define DP_S_DEFAULT 0 @@ -171,7 +171,7 @@ static int EFIAPI _dopr(char **sbuffer, char **buffer, size_t *maxlen, - size_t *retlen, int *truncated, const char *format, va_list args) + size_t *retlen, int *truncated, const char *format, ms_va_list args) { char ch; LLONG value; @@ -236,7 +236,7 @@ _dopr(char **sbuffer, min = 10 * min + char_to_int(ch); ch = *format++; } else if (ch == '*') { - min = va_arg(args, int); + min = ms_va_arg(args, int); ch = *format++; state = DP_S_DOT; } else @@ -256,7 +256,7 @@ _dopr(char **sbuffer, max = 10 * max + char_to_int(ch); ch = *format++; } else if (ch == '*') { - max = va_arg(args, int); + max = ms_va_arg(args, int); ch = *format++; state = DP_S_MOD; } else @@ -297,16 +297,16 @@ _dopr(char **sbuffer, case 'i': switch (cflags) { case DP_C_SHORT: - value = (short int)va_arg(args, int); + value = (short int)ms_va_arg(args, int); break; case DP_C_LONG: - value = va_arg(args, long int); + value = ms_va_arg(args, long int); break; case DP_C_LLONG: - value = va_arg(args, LLONG); + value = ms_va_arg(args, LLONG); break; default: - value = va_arg(args, int); + value = ms_va_arg(args, int); break; } if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min, @@ -322,16 +322,16 @@ _dopr(char **sbuffer, flags |= DP_F_UNSIGNED; switch (cflags) { case DP_C_SHORT: - value = (unsigned short int)va_arg(args, unsigned int); + value = (unsigned short int)ms_va_arg(args, unsigned int); break; case DP_C_LONG: - value = (LLONG) va_arg(args, unsigned long int); + value = (LLONG) ms_va_arg(args, unsigned long int); break; case DP_C_LLONG: - value = va_arg(args, unsigned LLONG); + value = ms_va_arg(args, unsigned LLONG); break; default: - value = (LLONG) va_arg(args, unsigned int); + value = (LLONG) ms_va_arg(args, unsigned int); break; } if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, @@ -342,9 +342,9 @@ _dopr(char **sbuffer, #ifndef OPENSSL_SYS_UEFI case 'f': if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); + fvalue = ms_va_arg(args, LDOUBLE); else - fvalue = va_arg(args, double); + fvalue = ms_va_arg(args, double); if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, flags)) return 0; @@ -353,26 +353,26 @@ _dopr(char **sbuffer, flags |= DP_F_UP; case 'e': if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); + fvalue = ms_va_arg(args, LDOUBLE); else - fvalue = va_arg(args, double); + fvalue = ms_va_arg(args, double); break; case 'G': flags |= DP_F_UP; case 'g': if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); + fvalue = ms_va_arg(args, LDOUBLE); else - fvalue = va_arg(args, double); + fvalue = ms_va_arg(args, double); break; #endif case 'c': if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, - va_arg(args, int))) + ms_va_arg(args, int))) return 0; break; case 's': - strvalue = va_arg(args, char *); + strvalue = ms_va_arg(args, char *); if (max < 0) { if (buffer) max = INT_MAX; @@ -384,7 +384,7 @@ _dopr(char **sbuffer, return 0; break; case 'p': - value = (long)va_arg(args, void *); + value = (long)ms_va_arg(args, void *); if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 16, min, max, flags | DP_F_NUM)) return 0; @@ -392,19 +392,19 @@ _dopr(char **sbuffer, case 'n': /* XXX */ if (cflags == DP_C_SHORT) { short int *num; - num = va_arg(args, short int *); + num = ms_va_arg(args, short int *); *num = currlen; } else if (cflags == DP_C_LONG) { /* XXX */ long int *num; - num = va_arg(args, long int *); + num = ms_va_arg(args, long int *); *num = (long int)currlen; } else if (cflags == DP_C_LLONG) { /* XXX */ LLONG *num; - num = va_arg(args, LLONG *); + num = ms_va_arg(args, LLONG *); *num = (LLONG) currlen; } else { int *num; - num = va_arg(args, int *); + num = ms_va_arg(args, int *); *num = currlen; } break; @@ -799,18 +799,18 @@ doapr_outch(char **sbuffer, int EFIAPI BIO_printf(BIO *bio, const char *format, ...) { - va_list args; + ms_va_list args; int ret; - va_start(args, format); + ms_va_start(args, format); ret = BIO_vprintf(bio, format, args); - va_end(args); + ms_va_end(args); return (ret); } -int EFIAPI BIO_vprintf(BIO *bio, const char *format, va_list args) +int EFIAPI BIO_vprintf(BIO *bio, const char *format, ms_va_list args) { int ret; size_t retlen; @@ -847,18 +847,18 @@ int EFIAPI BIO_vprintf(BIO *bio, const char *format, va_list args) */ int EFIAPI BIO_snprintf(char *buf, size_t n, const char *format, ...) { - va_list args; + ms_va_list args; int ret; - va_start(args, format); + ms_va_start(args, format); ret = BIO_vsnprintf(buf, n, format, args); - va_end(args); + ms_va_end(args); return (ret); } -int EFIAPI BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +int EFIAPI BIO_vsnprintf(char *buf, size_t n, const char *format, ms_va_list args) { size_t retlen; int truncated; diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c index d0752adf..e2251454 100644 --- a/Cryptlib/OpenSSL/crypto/err/err.c +++ b/Cryptlib/OpenSSL/crypto/err/err.c @@ -1077,13 +1077,13 @@ void ERR_set_error_data(char *data, int flags) void EFIAPI ERR_add_error_data(int num, ...) { - va_list args; - va_start(args, num); + ms_va_list args; + ms_va_start(args, num); ERR_add_error_vdata(num, args); - va_end(args); + ms_va_end(args); } -void EFIAPI ERR_add_error_vdata(int num, va_list args) +void EFIAPI ERR_add_error_vdata(int num, ms_va_list args) { int i, n, s; char *str, *p, *a; @@ -1096,7 +1096,7 @@ void EFIAPI ERR_add_error_vdata(int num, va_list args) n = 0; for (i = 0; i < num; i++) { - a = va_arg(args, char *); + a = ms_va_arg(args, char *); /* ignore NULLs, thanks to Bob Beck */ if (a != NULL) { n += strlen(a); diff --git a/Makefile b/Makefile index df2d8b6e..9a93d740 100644 --- a/Makefile +++ b/Makefile @@ -136,6 +136,7 @@ MokManager.o: $(MOK_SOURCES) $(MMSONAME): $(MOK_OBJS) $(LIBS) $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a +gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: CFLAGS+=-DGNU_EFI_USE_EXTERNAL_STDARG gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: $(MAKE) -C gnu-efi \ ARCH=$(ARCH_GNUEFI) TOPDIR=$(TOPDIR)/gnu-efi \ diff --git a/errlog.c b/errlog.c index ac657151..cc6a89f5 100644 --- a/errlog.c +++ b/errlog.c @@ -11,25 +11,25 @@ static UINTN nerrs = 0; EFI_STATUS EFIAPI vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, - va_list args) + ms_va_list args) { - va_list args2; + ms_va_list args2; EFI_STATUS efi_status = EFI_SUCCESS; if (verbose) { - va_copy(args2, args); + ms_va_copy(args2, args); console_print(L"%a:%d:%a() ", file, line, func); efi_status = VPrint(fmt, args2); - va_end(args2); + ms_va_end(args2); } return efi_status; } EFI_STATUS EFIAPI VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, - va_list args) + ms_va_list args) { - va_list args2; + ms_va_list args2; CHAR16 **newerrs; newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs), @@ -40,11 +40,11 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func); if (!newerrs[nerrs]) return EFI_OUT_OF_RESOURCES; - va_copy(args2, args); + ms_va_copy(args2, args); newerrs[nerrs+1] = VPoolPrint(fmt, args2); if (!newerrs[nerrs+1]) return EFI_OUT_OF_RESOURCES; - va_end(args2); + ms_va_end(args2); nerrs += 2; newerrs[nerrs] = NULL; @@ -56,12 +56,12 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...) { - va_list args; + ms_va_list args; EFI_STATUS efi_status; - va_start(args, fmt); + ms_va_start(args, fmt); efi_status = VLogError(file, line, func, fmt, args); - va_end(args); + ms_va_end(args); return efi_status; } diff --git a/gnu-efi b/gnu-efi index 4444de49..f922aec7 160000 --- a/gnu-efi +++ b/gnu-efi @@ -1 +1 @@ -Subproject commit 4444de49c66b5b6758976ab1e3862bb17cff9d56 +Subproject commit f922aec7d6d60c245a4d1e1f82598d427c7765b5 diff --git a/include/console.h b/include/console.h index 036262ef..f56b1231 100644 --- a/include/console.h +++ b/include/console.h @@ -108,7 +108,7 @@ extern UINT32 verbose; #endif extern EFI_STATUS EFIAPI vdprint_(const CHAR16 *fmt, const char *file, int line, - const char *func, va_list args); + const char *func, ms_va_list args); #define vdprint(fmt, ...) \ vdprint_(fmt, __FILE__, __LINE__ - 1, __func__, ##__VA_ARGS__) diff --git a/include/hexdump.h b/include/hexdump.h index f778de9a..381e1a68 100644 --- a/include/hexdump.h +++ b/include/hexdump.h @@ -81,7 +81,7 @@ prepare_text(const void *data, size_t size, char *buf, unsigned int position) */ static inline void UNUSED EFIAPI vhexdumpf(const char *file, int line, const char *func, const CHAR16 *const fmt, - const void *data, unsigned long size, size_t at, va_list ap) + const void *data, unsigned long size, size_t at, ms_va_list ap) { unsigned long display_offset = at; unsigned long offset = 0; @@ -118,11 +118,11 @@ static inline void UNUSED EFIAPI hexdumpf(const char *file, int line, const char *func, const CHAR16 *const fmt, const void *data, unsigned long size, size_t at, ...) { - va_list ap; + ms_va_list ap; - va_start(ap, at); + ms_va_start(ap, at); vhexdumpf(file, line, func, fmt, data, size, at, ap); - va_end(ap); + ms_va_end(ap); } static inline void UNUSED diff --git a/include/system/efistdarg.h b/include/system/efistdarg.h index 837c4f23..034977cc 100644 --- a/include/system/efistdarg.h +++ b/include/system/efistdarg.h @@ -8,6 +8,10 @@ #ifndef _EFISTDARG_H_ #define _EFISTDARG_H_ +#ifndef GNU_EFI_USE_EXTERNAL_STDARG +#define GNU_EFI_USE_EXTERNAL_STDARG +#endif + #include #endif /* !_EFISTDARG_H_ */ diff --git a/include/system/stdarg.h b/include/system/stdarg.h index af1ac59b..ce722249 100644 --- a/include/system/stdarg.h +++ b/include/system/stdarg.h @@ -2,39 +2,79 @@ /* * stdarg.h - try to make consistent va_* handling for EFI */ -#ifdef SHIM_UNIT_TEST -#include_next -#else #ifndef _STDARG_H -#define _STDARG_H + +/* + * clang doesn't know about __builtin_sysv_va_list, apparently. + */ +#ifdef __clang__ +#pragma GCC diagnostic push +#pragma GCC diagnostic warning "-Wcpp" +typedef __builtin_va_list __builtin_sysv_va_list; +#warning clang builds may not work at all for anything other than scan-build +#pragma GCC diagnostic pop +#endif #ifndef GNU_EFI_USE_EXTERNAL_STDARG #define GNU_EFI_USE_EXTERNAL_STDARG #endif +#ifdef SHIM_UNIT_TEST +#include_next +#endif + #if defined(__aarch64__) || defined(__arm__) || defined(__i386__) || \ defined(__i486__) || defined(__i686__) || defined(SHIM_UNIT_TEST) -typedef __builtin_va_list va_list; -#define va_copy(dest, start) __builtin_va_copy(dest, start) -#define va_start(marker, arg) __builtin_va_start(marker, arg) -#define va_arg(marker, type) __builtin_va_arg(marker, type) -#define va_end(marker) __builtin_va_end(marker) + +typedef __builtin_va_list ms_va_list; +typedef __builtin_va_list __builtin_ms_va_list; +#define ms_va_copy(dest, start) __builtin_va_copy(dest, start) +#define ms_va_start(marker, arg) __builtin_va_start(marker, arg) +#define ms_va_arg(marker, type) __builtin_va_arg(marker, type) +#define ms_va_end(marker) __builtin_va_end(marker) + +typedef __builtin_va_list sysv_va_list; +#define sysv_va_copy(dest, start) __builtin_va_copy(dest, start) +#define sysv_va_start(marker, arg) __builtin_va_start(marker, arg) +#define sysv_va_arg(marker, type) __builtin_va_arg(marker, type) +#define sysv_va_end(marker) __builtin_va_end(marker) +/* + * OpenSSL's X509ConstructCertificateStack needs this. + */ +typedef __builtin_va_list VA_LIST; +#define VA_COPY(dest, start) __builtin_va_copy(dest, start) +#define VA_START(marker, arg) __builtin_va_start(marker, arg) +#define VA_END(marker) __builtin_va_end(marker) +#define VA_ARG(marker, type) __builtin_va_arg(marker, type) + #elif defined(__x86_64__) -typedef __builtin_ms_va_list va_list; -#define va_copy(dest, start) __builtin_ms_va_copy(dest, start) -#define va_start(marker, arg) __builtin_ms_va_start(marker, arg) -#define va_arg(marker, type) __builtin_va_arg(marker, type) -#define va_end(marker) __builtin_ms_va_end(marker) + +typedef __builtin_ms_va_list ms_va_list; +#define ms_va_copy(dest, start) __builtin_ms_va_copy(dest, start) +#define ms_va_start(marker, arg) __builtin_ms_va_start(marker, arg) +#define ms_va_arg(marker, type) __builtin_va_arg(marker, type) +#define ms_va_end(marker) __builtin_ms_va_end(marker) +typedef __builtin_sysv_va_list sysv_va_list; +#define sysv_va_copy(dest, start) __builtin_sysv_va_copy(dest, start) +#define sysv_va_start(marker, arg) __builtin_sysv_va_start(marker, arg) +#define sysv_va_arg(marker, type) __builtin_va_arg(marker, type) +#define sysv_va_end(marker) __builtin_sysv_va_end(marker) +/* + * OpenSSL's X509ConstructCertificateStack needs this. + */ +typedef __builtin_ms_va_list VA_LIST; +#define VA_COPY(dest, start) __builtin_ms_va_copy(dest, start) +#define VA_START(marker, arg) __builtin_ms_va_start(marker, arg) +#define VA_END(marker) __builtin_ms_va_end(marker) +#define VA_ARG(marker, type) __builtin_va_arg(marker, type) + #else #error what arch is this #endif -typedef va_list VA_LIST; -#define VA_COPY(dest, start) va_copy(dest, start) -#define VA_START(marker, arg) va_start(marker, arg) -#define VA_END(marker) va_end(marker) -#define VA_ARG(marker, type) va_arg(marker, type) +#ifndef _STDARG_H +#define _STDARG_H +#endif /* !_STDARG_H #2 */ #endif /* !_STDARG_H */ -#endif /* !SHIM_UNIT_TEST */ // vim:fenc=utf-8:tw=75:noet diff --git a/lib/console.c b/lib/console.c index 2da20b31..c310d213 100644 --- a/lib/console.c +++ b/lib/console.c @@ -86,15 +86,15 @@ VOID console_fini(VOID) UINTN EFIAPI console_print(const CHAR16 *fmt, ...) { - va_list args; + ms_va_list args; UINTN ret; if (!console_text_mode) setup_console(1); - va_start(args, fmt); + ms_va_start(args, fmt); ret = VPrint(fmt, args); - va_end(args); + ms_va_end(args); return ret; } @@ -103,7 +103,7 @@ UINTN EFIAPI console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) { SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; - va_list args; + ms_va_list args; UINTN ret; if (!console_text_mode) @@ -111,9 +111,9 @@ console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) co->SetCursorPosition(co, col, row); - va_start(args, fmt); + ms_va_start(args, fmt); ret = VPrint(fmt, args); - va_end(args); + ms_va_end(args); return ret; } diff --git a/shim.h b/shim.h index 44dddc7a..69ad2cc3 100644 --- a/shim.h +++ b/shim.h @@ -22,6 +22,7 @@ #if defined(__x86_64__) /* gcc 4.5.4 is the first documented release with -mabi=ms */ +/* gcc 4.7.1 is the first one with __builtin_ms_va_list */ #if !GNUC_PREREQ(4, 7) && !CLANG_PREREQ(3, 4) #error On x86_64 you must have a compiler new enough to support __attribute__((__ms_abi__)) #endif @@ -226,7 +227,7 @@ extern void shim_fini(void); extern EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...); extern EFI_STATUS EFIAPI VLogError(const char *file, int line, const char *func, - const CHAR16 *fmt, va_list args); + const CHAR16 *fmt, ms_va_list args); extern VOID LogHexdump_(const char *file, int line, const char *func, const void *data, size_t sz); extern VOID PrintErrors(VOID); -- cgit v1.2.3 From 243f12589dbb5e9549d0e08760a03f3a41cd82a2 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 14 Jun 2023 16:04:12 -0400 Subject: Use -Wno-unused-but-set-variable for Cryptlib and OpenSSL Cryptlib and OpenSSL both currently throw warnings with some compilers using -Wunused-but-set-variable: clang -std=gnu11 -ggdb -ffreestanding -fmacro-prefix-map=/home/pjones/devel/github.com/shim/main/= -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -m64 -mno-mmx -mno-sse -mno-red-zone -Os -Wall -Wextra -Wno-missing-field-initializers -Wno-unused-parameter -Werror -I/home/pjones/devel/github.com/shim/main/Cryptlib -I/home/pjones/devel/github.com/shim/main/Cryptlib/Include -I/home/pjones/devel/github.com/shim/main/gnu-efi/inc -I/home/pjones/devel/github.com/shim/main/gnu-efi/inc/x86_64 -I/home/pjones/devel/github.com/shim/main/gnu-efi/inc/protocol -isystem /home/pjones/devel/github.com/shim/main/include/system -isystem /usr/lib64/clang/16/include -DMDE_CPU_X64 -c -o Pk/CryptX509.o Pk/CryptX509.c Pk/CryptX509.c:94:19: error: variable 'Index' set but not used [-Werror,-Wunused-but-set-variable] UINTN Index; ^ clang -std=gnu11 -ggdb -ffreestanding -fmacro-prefix-map=/home/pjones/devel/github.com/shim/main/= -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -m64 -mno-mmx -mno-sse -mno-red-zone -Os -Wall -Wextra -Wno-missing-field-initializers -Wno-empty-body -Wno-implicit-fallthrough -Wno-unused-parameter -Werror -I/home/pjones/devel/github.com/shim/main/Cryptlib/OpenSSL -I/home/pjones/devel/github.com/shim/main/Cryptlib -I/home/pjones/devel/github.com/shim/main/Cryptlib/OpenSSL/Include/ -I/home/pjones/devel/github.com/shim/main/Cryptlib/OpenSSL/crypto -I/home/pjones/devel/github.com/shim/main/Cryptlib/Include -I/home/pjones/devel/github.com/shim/main/gnu-efi/inc -I/home/pjones/devel/github.com/shim/main/gnu-efi/inc/x86_64 -I/home/pjones/devel/github.com/shim/main/gnu-efi/inc/protocol -I/home/pjones/devel/github.com/shim/main/Cryptlib/OpenSSL/crypto/asn1 -I/home/pjones/devel/github.com/shim/main/Cryptlib/OpenSSL/crypto/evp -I/home/pjones/devel/github.com/shim/main/Cryptlib/OpenSSL/crypto/modes -I/home/pjones/devel/github.com/shim/main/Cryptlib/OpenSSL/crypto/include -isystem /home/pjones/devel/github.com/shim/main/include/system -isystem /usr/lib64/clang/16/include -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC -DMDE_CPU_X64 -c -o crypto/asn1/t_x509.o crypto/asn1/t_x509.c crypto/asn1/t_x509.c:504:18: error: variable 'l' set but not used [-Werror,-Wunused-but-set-variable] int ret = 0, l, i; ^ Since we normally build with -Werror, these cause builds to fail in these cases. While the bad code should be addressed, it appears generally safe, so we should solve it upstream. This patch adds -Wno-unused-but-set-variable to the Cryptlib Makefile, and removes the conditionalization on gcc in the OpenSSL Makefile, as clang now has this argument, and since we don't support building with clang for the final build, it's useful to have clang-based tools working. Signed-off-by: Peter Jones --- Cryptlib/Makefile | 3 ++- Cryptlib/OpenSSL/Makefile | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'Cryptlib/OpenSSL') diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 89fd5cdc..626788c9 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -11,7 +11,8 @@ INCLUDES = -I$(CRYPTDIR) -I$(CRYPTDIR)/Include \ -isystem $(TOPDIR)/include/system \ -isystem $(shell $(CC) -print-file-name=include) -WARNFLAGS += -Wno-unused-parameter +WARNFLAGS += -Wno-unused-parameter \ + -Wno-unused-but-set-variable CFLAGS = $(FEATUREFLAGS) \ $(OPTIMIZATIONS) \ diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 795f471d..d59c5d7a 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -23,7 +23,7 @@ FEATUREFLAGS += -nostdinc WARNFLAGS += -Wno-empty-body \ -Wno-implicit-fallthrough \ $(if $(findstring gcc,$(CC)),-Wno-old-style-declaration) \ - $(if $(findstring gcc,$(CC)),-Wno-unused-but-set-variable) \ + -Wno-unused-but-set-variable \ -Wno-unused-parameter CFLAGS = $(FEATUREFLAGS) \ -- cgit v1.2.3 From 0c9249d13bced071986ada03846e2241143a1ad4 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 17 Dec 2024 13:07:38 -0500 Subject: Suppress some warnings even harder in Cryptlib and OpenSSL. In some cases the -Werror / -Wfoo / -Wno-foo / -Wno-error=foo bits aren't propagating in a way that clang is happy with, so we get errors about unused variables and the like in Cryptlib and OpenSSL. We're never going to fix those nits in this tree, so this patch tries even harder to make the compiler ignore them, or at least not end the build with a benign error. Signed-off-by: Peter Jones --- Cryptlib/Makefile | 3 +++ Cryptlib/OpenSSL/Makefile | 3 +++ 2 files changed, 6 insertions(+) (limited to 'Cryptlib/OpenSSL') diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 626788c9..51f4ca1d 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -14,6 +14,9 @@ INCLUDES = -I$(CRYPTDIR) -I$(CRYPTDIR)/Include \ WARNFLAGS += -Wno-unused-parameter \ -Wno-unused-but-set-variable +WERRFLAGS += -Wno-error=unused-but-set-variable \ + -Wno-error=unused-parameter + CFLAGS = $(FEATUREFLAGS) \ $(OPTIMIZATIONS) \ $(WARNFLAGS) \ diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index d59c5d7a..e517bcfd 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -26,6 +26,9 @@ WARNFLAGS += -Wno-empty-body \ -Wno-unused-but-set-variable \ -Wno-unused-parameter +WERRFLAGS += -Wno-error=unused-but-set-variable \ + -Wno-error=unused-parameter + CFLAGS = $(FEATUREFLAGS) \ $(OPTIMIZATIONS) \ $(WARNFLAGS) \ -- cgit v1.2.3