From dddeaf3f7dc8d30640119e999bbfabf4ce068a68 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 5 Mar 2021 17:44:23 -0500 Subject: Re-organize a bunch of CFLAGS-related makefile bits Some of our makefile bits are a mess, as you may have noticed, making changes to them difficult to review. This patch attempts to make some parts of them vaguely less of a mess, in order to facilitate review of follow-up changes. To so it: - coalesces feature flags, optimizations, -W{no-,}, -W{no-}error, include directives, and define/undefine directives into (mostly) separate groups. - exports them as appropriate so the sub-makes can use them - Makes sure we have -Wextra -Werror everywhere, but adds -Wno-foo and -Wno-error=foo directives at the appropriate places to keep the net warnings the same. - makes the arch defines in Cryptlib and Cryptlib/OpenSSL use the appropriate ones, with no attempt to make them less stupid, without changing the overall order. - coalesces the various includes, with no attempt to make them less stupid, without changing the overall order. - One giant glaring whitespace fix in Cryptlib/OpenSSL/Makefile Signed-off-by: Peter Jones --- Cryptlib/Makefile | 25 +- Cryptlib/OpenSSL/Makefile | 860 +++++++++++++++++++++++----------------------- 2 files changed, 454 insertions(+), 431 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 18a33b19..5bae10c9 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -1,27 +1,32 @@ -EFI_INCLUDES = -I$(TOPDIR)/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol +INCLUDES = -I$(TOPDIR) -iquote $(TOPDIR) -I$(TOPDIR)/Include \ + $(EFI_INCLUDES) -I$(shell $(CC) -print-file-name=include) -CFLAGS = -ggdb $(OPTIMIZATIONS) -I$(TOPDIR) -iquote $(TOPDIR) -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar \ - -Wall $(EFI_INCLUDES) -std=gnu89 \ - -ffreestanding -I$(shell $(CC) -print-file-name=include) +CFLAGS = $(FEATUREFLAGS) \ + $(OPTIMIZATIONS) \ + $(WARNFLAGS) \ + $(WERRFLAGS) \ + $(INCLUDES) \ + $(DEFINES) CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) ifeq ($(ARCH),x86_64) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) \ - -m64 -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ +FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) +DEFINES += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 endif ifeq ($(ARCH),ia32) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \ - $(CLANG_BUGS) -m32 -DMDE_CPU_IA32 +FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) +DEFINES += -DMDE_CPU_IA32 endif ifeq ($(ARCH),aarch64) - CFLAGS += -DMDE_CPU_AARCH64 +DEFINES += -DMDE_CPU_AARCH64 endif ifeq ($(ARCH),arm) - CFLAGS += -DMDE_CPU_ARM +DEFINES += -DMDE_CPU_ARM endif + LDFLAGS = -nostdlib -znocombreloc TARGET = libcryptlib.a diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 9a7697cc..6a58dbaa 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -1,440 +1,458 @@ -EFI_INCLUDES = -I$(TOPDIR)/../Include \ - -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol \ - -I$(TOPDIR)/crypto/asn1 -I$(TOPDIR)/crypto/evp -I$(TOPDIR)/crypto/modes -I$(TOPDIR)/crypto/include +DEFINES = -DL_ENDIAN \ + -D_CRT_SECURE_NO_DEPRECATE \ + -D_CRT_NONSTDC_NO_DEPRECATE \ + -DOPENSSL_SMALL_FOOTPRINT \ + -DPEDANTIC -CFLAGS = -ggdb $(OPTIMIZATIONS) -I$(TOPDIR) -I$(TOPDIR)/.. -I$(TOPDIR)/../Include/ -I$(TOPDIR)/crypto \ - -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \ - -ffreestanding -std=gnu89 -I$(shell $(CC) -print-file-name=include) \ - -Wall $(EFI_INCLUDES) -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC +INCLUDES = -I$(TOPDIR) -I$(TOPDIR)/.. -I$(TOPDIR)/../Include/ -I$(TOPDIR)/crypto \ + -I$(shell $(CC) -print-file-name=include) \ + -I$(TOPDIR)/../Include $(EFI_INCLUDES) \ + -I$(TOPDIR)/crypto/asn1 -I$(TOPDIR)/crypto/evp \ + -I$(TOPDIR)/crypto/modes -I$(TOPDIR)/crypto/include + +WERRFLAGS += -Wno-error=discarded-qualifiers \ + -Wno-error=maybe-uninitialized \ + -Wno-error=unused-function \ + -Wno-error=unused-but-set-variable + +CFLAGS = $(FEATUREFLAGS) \ + $(OPTIMIZATIONS) \ + $(WARNFLAGS) \ + $(WERRFLAGS) \ + $(INCLUDES) \ + $(DEFINES) CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) ifeq ($(ARCH),x86_64) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) \ - -m64 -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 +FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) +DEFINES += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ + -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 endif ifeq ($(ARCH),ia32) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \ - $(CLANG_BUGS) -m32 -DMDE_CPU_IA32 +FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) +DEFINES += -DMDE_CPU_IA32 endif ifeq ($(ARCH),aarch64) - CFLAGS += -O2 -DMDE_CPU_AARCH64 +OPTIMIZATIONS += -O2 +DEFINES += -DMDE_CPU_AARCH64 endif ifeq ($(ARCH),arm) - CFLAGS += -O2 -DMDE_CPU_ARM +OPTIMIZATIONS += -O2 +DEFINES += -DMDE_CPU_ARM endif + LDFLAGS = -nostdlib -znocombreloc TARGET = libopenssl.a -OBJS = crypto/cryptlib.o \ - crypto/mem.o \ - crypto/mem_clr.o \ - crypto/mem_dbg.o \ - crypto/cversion.o \ - crypto/ex_data.o \ - crypto/cpt_err.o \ - crypto/ebcdic.o \ - crypto/uid.o \ - crypto/o_time.o \ - crypto/o_str.o \ - crypto/o_dir.o \ - crypto/o_fips.o \ - crypto/o_init.o \ - crypto/fips_ers.o \ - crypto/md5/md5_dgst.o \ - crypto/md5/md5_one.o \ - crypto/sha/sha_dgst.o \ - crypto/sha/sha1dgst.o \ - crypto/sha/sha_one.o \ - crypto/sha/sha1_one.o \ - crypto/sha/sha256.o \ - crypto/sha/sha512.o \ - crypto/hmac/hmac.o \ - crypto/hmac/hm_ameth.o \ - crypto/hmac/hm_pmeth.o \ - crypto/rc4/rc4_enc.o \ - crypto/rc4/rc4_skey.o \ - crypto/rc4/rc4_utl.o \ - crypto/aes/aes_misc.o \ - crypto/aes/aes_ecb.o \ - crypto/aes/aes_cfb.o \ - crypto/aes/aes_ofb.o \ - crypto/aes/aes_ctr.o \ - crypto/aes/aes_ige.o \ - crypto/aes/aes_wrap.o \ - crypto/aes/aes_core.o \ - crypto/aes/aes_cbc.o \ - crypto/modes/cbc128.o \ - crypto/modes/ctr128.o \ - crypto/modes/cts128.o \ - crypto/modes/cfb128.o \ - crypto/modes/ofb128.o \ - crypto/modes/gcm128.o \ - crypto/modes/ccm128.o \ - crypto/modes/xts128.o \ - crypto/modes/wrap128.o \ - crypto/bn/bn_add.o \ - crypto/bn/bn_div.o \ - crypto/bn/bn_exp.o \ - crypto/bn/bn_lib.o \ - crypto/bn/bn_ctx.o \ - crypto/bn/bn_mul.o \ - crypto/bn/bn_mod.o \ - crypto/bn/bn_print.o \ - crypto/bn/bn_rand.o \ - crypto/bn/bn_shift.o \ - crypto/bn/bn_word.o \ - crypto/bn/bn_blind.o \ - crypto/bn/bn_kron.o \ - crypto/bn/bn_sqrt.o \ - crypto/bn/bn_gcd.o \ - crypto/bn/bn_prime.o \ - crypto/bn/bn_err.o \ - crypto/bn/bn_sqr.o \ - crypto/bn/bn_asm.o \ - crypto/bn/bn_recp.o \ - crypto/bn/bn_mont.o \ - crypto/bn/bn_mpi.o \ - crypto/bn/bn_exp2.o \ - crypto/bn/bn_gf2m.o \ - crypto/bn/bn_nist.o \ - crypto/bn/bn_depr.o \ - crypto/bn/bn_x931p.o \ - crypto/bn/bn_const.o \ - crypto/rsa/rsa_eay.o \ - crypto/rsa/rsa_gen.o \ - crypto/rsa/rsa_lib.o \ - crypto/rsa/rsa_sign.o \ - crypto/rsa/rsa_saos.o \ - crypto/rsa/rsa_err.o \ - crypto/rsa/rsa_pk1.o \ - crypto/rsa/rsa_ssl.o \ - crypto/rsa/rsa_none.o \ - crypto/rsa/rsa_oaep.o \ - crypto/rsa/rsa_chk.o \ - crypto/rsa/rsa_null.o \ - crypto/rsa/rsa_pss.o \ - crypto/rsa/rsa_x931.o \ - crypto/rsa/rsa_asn1.o \ - crypto/rsa/rsa_depr.o \ - crypto/rsa/rsa_ameth.o \ - crypto/rsa/rsa_prn.o \ - crypto/rsa/rsa_pmeth.o \ - crypto/rsa/rsa_crpt.o \ - crypto/dso/dso_dl.o \ - crypto/dso/dso_dlfcn.o \ - crypto/dso/dso_err.o \ - crypto/dso/dso_lib.o \ - crypto/dso/dso_null.o \ - crypto/dso/dso_openssl.o \ - crypto/dso/dso_win32.o \ - crypto/dso/dso_vms.o \ - crypto/dso/dso_beos.o \ - crypto/dh/dh_asn1.o \ - crypto/dh/dh_gen.o \ - crypto/dh/dh_key.o \ - crypto/dh/dh_lib.o \ - crypto/dh/dh_check.o \ - crypto/dh/dh_err.o \ - crypto/dh/dh_depr.o \ - crypto/dh/dh_ameth.o \ - crypto/dh/dh_pmeth.o \ - crypto/dh/dh_prn.o \ - crypto/dh/dh_rfc5114.o \ - crypto/buffer/buffer.o \ - crypto/buffer/buf_str.o \ - crypto/buffer/buf_err.o \ - crypto/bio/bio_lib.o \ - crypto/bio/bio_cb.o \ - crypto/bio/bio_err.o \ - crypto/bio/bss_mem.o \ - crypto/bio/bss_null.o \ - crypto/bio/bss_fd.o \ - crypto/bio/bss_file.o \ - crypto/bio/bss_sock.o \ - crypto/bio/bss_conn.o \ - crypto/bio/bf_null.o \ - crypto/bio/bf_buff.o \ - crypto/bio/b_dump.o \ - crypto/bio/b_print.o \ - crypto/bio/b_sock.o \ - crypto/bio/bss_acpt.o \ - crypto/bio/bf_nbio.o \ - crypto/bio/bss_log.o \ - crypto/bio/bss_bio.o \ - crypto/bio/bss_dgram.o \ - crypto/stack/stack.o \ - crypto/lhash/lhash.o \ - crypto/lhash/lh_stats.o \ - crypto/rand/md_rand.o \ - crypto/rand/randfile.o \ - crypto/rand/rand_lib.o \ - crypto/rand/rand_err.o \ - crypto/rand/rand_unix.o \ - crypto/err/err.o \ - crypto/err/err_all.o \ - crypto/err/err_prn.o \ - crypto/objects/o_names.o \ - crypto/objects/obj_dat.o \ - crypto/objects/obj_lib.o \ - crypto/objects/obj_err.o \ - crypto/objects/obj_xref.o \ - crypto/evp/encode.o \ - crypto/evp/digest.o \ - crypto/evp/evp_enc.o \ - crypto/evp/evp_key.o \ - crypto/evp/evp_acnf.o \ - crypto/evp/evp_cnf.o \ - crypto/evp/e_des.o \ - crypto/evp/e_bf.o \ - crypto/evp/e_idea.o \ - crypto/evp/e_des3.o \ - crypto/evp/e_camellia.o \ - crypto/evp/e_rc4.o \ - crypto/evp/e_aes.o \ - crypto/evp/names.o \ - crypto/evp/e_seed.o \ - crypto/evp/e_xcbc_d.o \ - crypto/evp/e_rc2.o \ - crypto/evp/e_cast.o \ - crypto/evp/e_rc5.o \ - crypto/evp/m_null.o \ - crypto/evp/m_md2.o \ - crypto/evp/m_md4.o \ - crypto/evp/m_md5.o \ - crypto/evp/m_sha.o \ - crypto/evp/m_sha1.o \ - crypto/evp/m_wp.o \ - crypto/evp/m_dss.o \ - crypto/evp/m_dss1.o \ - crypto/evp/m_mdc2.o \ - crypto/evp/m_ripemd.o \ - crypto/evp/m_ecdsa.o \ - crypto/evp/p_open.o \ - crypto/evp/p_seal.o \ - crypto/evp/p_sign.o \ - crypto/evp/p_verify.o \ - crypto/evp/p_lib.o \ - crypto/evp/p_enc.o \ - crypto/evp/p_dec.o \ - crypto/evp/bio_md.o \ - crypto/evp/bio_b64.o \ - crypto/evp/bio_enc.o \ - crypto/evp/evp_err.o \ - crypto/evp/e_null.o \ - crypto/evp/c_all.o \ - crypto/evp/c_allc.o \ - crypto/evp/c_alld.o \ - crypto/evp/evp_lib.o \ - crypto/evp/bio_ok.o \ - crypto/evp/evp_pkey.o \ - crypto/evp/evp_pbe.o \ - crypto/evp/p5_crpt.o \ - crypto/evp/p5_crpt2.o \ - crypto/evp/e_old.o \ - crypto/evp/pmeth_lib.o \ - crypto/evp/pmeth_fn.o \ - crypto/evp/pmeth_gn.o \ - crypto/evp/m_sigver.o \ - crypto/evp/e_aes_cbc_hmac_sha1.o \ - crypto/evp/e_aes_cbc_hmac_sha256.o \ - crypto/evp/e_rc4_hmac_md5.o \ - crypto/asn1/a_object.o \ - crypto/asn1/a_bitstr.o \ - crypto/asn1/a_utctm.o \ - crypto/asn1/a_gentm.o \ - crypto/asn1/a_time.o \ - crypto/asn1/a_int.o \ - crypto/asn1/a_octet.o \ - crypto/asn1/a_print.o \ - crypto/asn1/a_type.o \ - crypto/asn1/a_set.o \ - crypto/asn1/a_dup.o \ - crypto/asn1/a_d2i_fp.o \ - crypto/asn1/a_i2d_fp.o \ - crypto/asn1/a_enum.o \ - crypto/asn1/a_utf8.o \ - crypto/asn1/a_sign.o \ - crypto/asn1/a_digest.o \ - crypto/asn1/a_verify.o \ - crypto/asn1/a_mbstr.o \ - crypto/asn1/a_strex.o \ - crypto/asn1/x_algor.o \ - crypto/asn1/x_val.o \ - crypto/asn1/x_pubkey.o \ - crypto/asn1/x_sig.o \ - crypto/asn1/x_req.o \ - crypto/asn1/x_attrib.o \ - crypto/asn1/x_bignum.o \ - crypto/asn1/x_long.o \ - crypto/asn1/x_name.o \ - crypto/asn1/x_x509.o \ - crypto/asn1/x_x509a.o \ - crypto/asn1/x_crl.o \ - crypto/asn1/x_info.o \ - crypto/asn1/x_spki.o \ - crypto/asn1/nsseq.o \ - crypto/asn1/x_nx509.o \ - crypto/asn1/d2i_pu.o \ - crypto/asn1/d2i_pr.o \ - crypto/asn1/i2d_pu.o \ - crypto/asn1/i2d_pr.o \ - crypto/asn1/t_req.o \ - crypto/asn1/t_x509.o \ - crypto/asn1/t_x509a.o \ - crypto/asn1/t_crl.o \ - crypto/asn1/t_pkey.o \ - crypto/asn1/t_spki.o \ - crypto/asn1/t_bitst.o \ - crypto/asn1/tasn_new.o \ - crypto/asn1/tasn_fre.o \ - crypto/asn1/tasn_enc.o \ - crypto/asn1/tasn_dec.o \ - crypto/asn1/tasn_utl.o \ - crypto/asn1/tasn_typ.o \ - crypto/asn1/tasn_prn.o \ - crypto/asn1/ameth_lib.o \ - crypto/asn1/f_int.o \ - crypto/asn1/f_string.o \ - crypto/asn1/n_pkey.o \ - crypto/asn1/f_enum.o \ - crypto/asn1/x_pkey.o \ - crypto/asn1/a_bool.o \ - crypto/asn1/x_exten.o \ - crypto/asn1/bio_asn1.o \ - crypto/asn1/bio_ndef.o \ - crypto/asn1/asn_mime.o \ - crypto/asn1/asn1_gen.o \ - crypto/asn1/asn1_par.o \ - crypto/asn1/asn1_lib.o \ - crypto/asn1/asn1_err.o \ - crypto/asn1/a_bytes.o \ - crypto/asn1/a_strnid.o \ - crypto/asn1/evp_asn1.o \ - crypto/asn1/asn_pack.o \ - crypto/asn1/p5_pbe.o \ - crypto/asn1/p5_pbev2.o \ - crypto/asn1/p8_pkey.o \ - crypto/asn1/asn_moid.o \ - crypto/pem/pem_sign.o \ - crypto/pem/pem_seal.o \ - crypto/pem/pem_info.o \ - crypto/pem/pem_lib.o \ - crypto/pem/pem_all.o \ - crypto/pem/pem_err.o \ - crypto/pem/pem_x509.o \ - crypto/pem/pem_xaux.o \ - crypto/pem/pem_oth.o \ - crypto/pem/pem_pk8.o \ - crypto/pem/pem_pkey.o \ - crypto/pem/pvkfmt.o \ - crypto/x509/x509_def.o \ - crypto/x509/x509_d2.o \ - crypto/x509/x509_r2x.o \ - crypto/x509/x509_cmp.o \ - crypto/x509/x509_obj.o \ - crypto/x509/x509_req.o \ - crypto/x509/x509spki.o \ - crypto/x509/x509_vfy.o \ - crypto/x509/x509_set.o \ - crypto/x509/x509cset.o \ - crypto/x509/x509rset.o \ - crypto/x509/x509_err.o \ - crypto/x509/x509name.o \ - crypto/x509/x509_v3.o \ - crypto/x509/x509_ext.o \ - crypto/x509/x509_att.o \ - crypto/x509/x509type.o \ - crypto/x509/x509_lu.o \ - crypto/x509/x_all.o \ - crypto/x509/x509_txt.o \ - crypto/x509/x509_trs.o \ - crypto/x509/x509_vpm.o \ - crypto/x509v3/v3_bcons.o \ - crypto/x509v3/v3_bitst.o \ - crypto/x509v3/v3_conf.o \ - crypto/x509v3/v3_extku.o \ - crypto/x509v3/v3_ia5.o \ - crypto/x509v3/v3_lib.o \ - crypto/x509v3/v3_prn.o \ - crypto/x509v3/v3_utl.o \ - crypto/x509v3/v3err.o \ - crypto/x509v3/v3_genn.o \ - crypto/x509v3/v3_alt.o \ - crypto/x509v3/v3_skey.o \ - crypto/x509v3/v3_akey.o \ - crypto/x509v3/v3_pku.o \ - crypto/x509v3/v3_int.o \ - crypto/x509v3/v3_enum.o \ - crypto/x509v3/v3_sxnet.o \ - crypto/x509v3/v3_cpols.o \ - crypto/x509v3/v3_crld.o \ - crypto/x509v3/v3_purp.o \ - crypto/x509v3/v3_info.o \ - crypto/x509v3/v3_ocsp.o \ - crypto/x509v3/v3_akeya.o \ - crypto/x509v3/v3_pmaps.o \ - crypto/x509v3/v3_pcons.o \ - crypto/x509v3/v3_ncons.o \ - crypto/x509v3/v3_pcia.o \ - crypto/x509v3/v3_pci.o \ - crypto/x509v3/pcy_cache.o \ - crypto/x509v3/pcy_node.o \ - crypto/x509v3/pcy_data.o \ - crypto/x509v3/pcy_map.o \ - crypto/x509v3/pcy_tree.o \ - crypto/x509v3/pcy_lib.o \ - crypto/x509v3/v3_asid.o \ - crypto/x509v3/v3_addr.o \ - crypto/conf/conf_err.o \ - crypto/conf/conf_lib.o \ - crypto/conf/conf_api.o \ - crypto/conf/conf_def.o \ - crypto/conf/conf_mod.o \ - crypto/conf/conf_mall.o \ - crypto/conf/conf_sap.o \ - crypto/txt_db/txt_db.o \ - crypto/pkcs7/pk7_asn1.o \ - crypto/pkcs7/pk7_lib.o \ - crypto/pkcs7/pkcs7err.o \ - crypto/pkcs7/pk7_doit.o \ - crypto/pkcs7/pk7_smime.o \ - crypto/pkcs7/pk7_attr.o \ - crypto/pkcs7/pk7_mime.o \ - crypto/pkcs7/bio_pk7.o \ - crypto/pkcs12/p12_add.o \ - crypto/pkcs12/p12_asn.o \ - crypto/pkcs12/p12_attr.o \ - crypto/pkcs12/p12_crpt.o \ - crypto/pkcs12/p12_crt.o \ - crypto/pkcs12/p12_decr.o \ - crypto/pkcs12/p12_init.o \ - crypto/pkcs12/p12_key.o \ - crypto/pkcs12/p12_kiss.o \ - crypto/pkcs12/p12_mutl.o \ - crypto/pkcs12/p12_utl.o \ - crypto/pkcs12/p12_npas.o \ - crypto/pkcs12/pk12err.o \ - crypto/pkcs12/p12_p8d.o \ - crypto/pkcs12/p12_p8e.o \ - crypto/comp/comp_lib.o \ - crypto/comp/comp_err.o \ - crypto/comp/c_rle.o \ - crypto/comp/c_zlib.o \ - crypto/ocsp/ocsp_asn.o \ - crypto/ocsp/ocsp_ext.o \ - crypto/ocsp/ocsp_ht.o \ - crypto/ocsp/ocsp_lib.o \ - crypto/ocsp/ocsp_cl.o \ - crypto/ocsp/ocsp_srv.o \ - crypto/ocsp/ocsp_prn.o \ - crypto/ocsp/ocsp_vfy.o \ - crypto/ocsp/ocsp_err.o \ - crypto/cmac/cmac.o \ - crypto/cmac/cm_ameth.o \ - crypto/cmac/cm_pmeth.o \ +OBJS = crypto/cryptlib.o \ + crypto/mem.o \ + crypto/mem_clr.o \ + crypto/mem_dbg.o \ + crypto/cversion.o \ + crypto/ex_data.o \ + crypto/cpt_err.o \ + crypto/ebcdic.o \ + crypto/uid.o \ + crypto/o_time.o \ + crypto/o_str.o \ + crypto/o_dir.o \ + crypto/o_fips.o \ + crypto/o_init.o \ + crypto/fips_ers.o \ + crypto/md5/md5_dgst.o \ + crypto/md5/md5_one.o \ + crypto/sha/sha_dgst.o \ + crypto/sha/sha1dgst.o \ + crypto/sha/sha_one.o \ + crypto/sha/sha1_one.o \ + crypto/sha/sha256.o \ + crypto/sha/sha512.o \ + crypto/hmac/hmac.o \ + crypto/hmac/hm_ameth.o \ + crypto/hmac/hm_pmeth.o \ + crypto/rc4/rc4_enc.o \ + crypto/rc4/rc4_skey.o \ + crypto/rc4/rc4_utl.o \ + crypto/aes/aes_misc.o \ + crypto/aes/aes_ecb.o \ + crypto/aes/aes_cfb.o \ + crypto/aes/aes_ofb.o \ + crypto/aes/aes_ctr.o \ + crypto/aes/aes_ige.o \ + crypto/aes/aes_wrap.o \ + crypto/aes/aes_core.o \ + crypto/aes/aes_cbc.o \ + crypto/modes/cbc128.o \ + crypto/modes/ctr128.o \ + crypto/modes/cts128.o \ + crypto/modes/cfb128.o \ + crypto/modes/ofb128.o \ + crypto/modes/gcm128.o \ + crypto/modes/ccm128.o \ + crypto/modes/xts128.o \ + crypto/modes/wrap128.o \ + crypto/bn/bn_add.o \ + crypto/bn/bn_div.o \ + crypto/bn/bn_exp.o \ + crypto/bn/bn_lib.o \ + crypto/bn/bn_ctx.o \ + crypto/bn/bn_mul.o \ + crypto/bn/bn_mod.o \ + crypto/bn/bn_print.o \ + crypto/bn/bn_rand.o \ + crypto/bn/bn_shift.o \ + crypto/bn/bn_word.o \ + crypto/bn/bn_blind.o \ + crypto/bn/bn_kron.o \ + crypto/bn/bn_sqrt.o \ + crypto/bn/bn_gcd.o \ + crypto/bn/bn_prime.o \ + crypto/bn/bn_err.o \ + crypto/bn/bn_sqr.o \ + crypto/bn/bn_asm.o \ + crypto/bn/bn_recp.o \ + crypto/bn/bn_mont.o \ + crypto/bn/bn_mpi.o \ + crypto/bn/bn_exp2.o \ + crypto/bn/bn_gf2m.o \ + crypto/bn/bn_nist.o \ + crypto/bn/bn_depr.o \ + crypto/bn/bn_x931p.o \ + crypto/bn/bn_const.o \ + crypto/rsa/rsa_eay.o \ + crypto/rsa/rsa_gen.o \ + crypto/rsa/rsa_lib.o \ + crypto/rsa/rsa_sign.o \ + crypto/rsa/rsa_saos.o \ + crypto/rsa/rsa_err.o \ + crypto/rsa/rsa_pk1.o \ + crypto/rsa/rsa_ssl.o \ + crypto/rsa/rsa_none.o \ + crypto/rsa/rsa_oaep.o \ + crypto/rsa/rsa_chk.o \ + crypto/rsa/rsa_null.o \ + crypto/rsa/rsa_pss.o \ + crypto/rsa/rsa_x931.o \ + crypto/rsa/rsa_asn1.o \ + crypto/rsa/rsa_depr.o \ + crypto/rsa/rsa_ameth.o \ + crypto/rsa/rsa_prn.o \ + crypto/rsa/rsa_pmeth.o \ + crypto/rsa/rsa_crpt.o \ + crypto/dso/dso_dl.o \ + crypto/dso/dso_dlfcn.o \ + crypto/dso/dso_err.o \ + crypto/dso/dso_lib.o \ + crypto/dso/dso_null.o \ + crypto/dso/dso_openssl.o \ + crypto/dso/dso_win32.o \ + crypto/dso/dso_vms.o \ + crypto/dso/dso_beos.o \ + crypto/dh/dh_asn1.o \ + crypto/dh/dh_gen.o \ + crypto/dh/dh_key.o \ + crypto/dh/dh_lib.o \ + crypto/dh/dh_check.o \ + crypto/dh/dh_err.o \ + crypto/dh/dh_depr.o \ + crypto/dh/dh_ameth.o \ + crypto/dh/dh_pmeth.o \ + crypto/dh/dh_prn.o \ + crypto/dh/dh_rfc5114.o \ + crypto/buffer/buffer.o \ + crypto/buffer/buf_str.o \ + crypto/buffer/buf_err.o \ + crypto/bio/bio_lib.o \ + crypto/bio/bio_cb.o \ + crypto/bio/bio_err.o \ + crypto/bio/bss_mem.o \ + crypto/bio/bss_null.o \ + crypto/bio/bss_fd.o \ + crypto/bio/bss_file.o \ + crypto/bio/bss_sock.o \ + crypto/bio/bss_conn.o \ + crypto/bio/bf_null.o \ + crypto/bio/bf_buff.o \ + crypto/bio/b_dump.o \ + crypto/bio/b_print.o \ + crypto/bio/b_sock.o \ + crypto/bio/bss_acpt.o \ + crypto/bio/bf_nbio.o \ + crypto/bio/bss_log.o \ + crypto/bio/bss_bio.o \ + crypto/bio/bss_dgram.o \ + crypto/stack/stack.o \ + crypto/lhash/lhash.o \ + crypto/lhash/lh_stats.o \ + crypto/rand/md_rand.o \ + crypto/rand/randfile.o \ + crypto/rand/rand_lib.o \ + crypto/rand/rand_err.o \ + crypto/rand/rand_unix.o \ + crypto/err/err.o \ + crypto/err/err_all.o \ + crypto/err/err_prn.o \ + crypto/objects/o_names.o \ + crypto/objects/obj_dat.o \ + crypto/objects/obj_lib.o \ + crypto/objects/obj_err.o \ + crypto/objects/obj_xref.o \ + crypto/evp/encode.o \ + crypto/evp/digest.o \ + crypto/evp/evp_enc.o \ + crypto/evp/evp_key.o \ + crypto/evp/evp_acnf.o \ + crypto/evp/evp_cnf.o \ + crypto/evp/e_des.o \ + crypto/evp/e_bf.o \ + crypto/evp/e_idea.o \ + crypto/evp/e_des3.o \ + crypto/evp/e_camellia.o \ + crypto/evp/e_rc4.o \ + crypto/evp/e_aes.o \ + crypto/evp/names.o \ + crypto/evp/e_seed.o \ + crypto/evp/e_xcbc_d.o \ + crypto/evp/e_rc2.o \ + crypto/evp/e_cast.o \ + crypto/evp/e_rc5.o \ + crypto/evp/m_null.o \ + crypto/evp/m_md2.o \ + crypto/evp/m_md4.o \ + crypto/evp/m_md5.o \ + crypto/evp/m_sha.o \ + crypto/evp/m_sha1.o \ + crypto/evp/m_wp.o \ + crypto/evp/m_dss.o \ + crypto/evp/m_dss1.o \ + crypto/evp/m_mdc2.o \ + crypto/evp/m_ripemd.o \ + crypto/evp/m_ecdsa.o \ + crypto/evp/p_open.o \ + crypto/evp/p_seal.o \ + crypto/evp/p_sign.o \ + crypto/evp/p_verify.o \ + crypto/evp/p_lib.o \ + crypto/evp/p_enc.o \ + crypto/evp/p_dec.o \ + crypto/evp/bio_md.o \ + crypto/evp/bio_b64.o \ + crypto/evp/bio_enc.o \ + crypto/evp/evp_err.o \ + crypto/evp/e_null.o \ + crypto/evp/c_all.o \ + crypto/evp/c_allc.o \ + crypto/evp/c_alld.o \ + crypto/evp/evp_lib.o \ + crypto/evp/bio_ok.o \ + crypto/evp/evp_pkey.o \ + crypto/evp/evp_pbe.o \ + crypto/evp/p5_crpt.o \ + crypto/evp/p5_crpt2.o \ + crypto/evp/e_old.o \ + crypto/evp/pmeth_lib.o \ + crypto/evp/pmeth_fn.o \ + crypto/evp/pmeth_gn.o \ + crypto/evp/m_sigver.o \ + crypto/evp/e_aes_cbc_hmac_sha1.o \ + crypto/evp/e_aes_cbc_hmac_sha256.o \ + crypto/evp/e_rc4_hmac_md5.o \ + crypto/asn1/a_object.o \ + crypto/asn1/a_bitstr.o \ + crypto/asn1/a_utctm.o \ + crypto/asn1/a_gentm.o \ + crypto/asn1/a_time.o \ + crypto/asn1/a_int.o \ + crypto/asn1/a_octet.o \ + crypto/asn1/a_print.o \ + crypto/asn1/a_type.o \ + crypto/asn1/a_set.o \ + crypto/asn1/a_dup.o \ + crypto/asn1/a_d2i_fp.o \ + crypto/asn1/a_i2d_fp.o \ + crypto/asn1/a_enum.o \ + crypto/asn1/a_utf8.o \ + crypto/asn1/a_sign.o \ + crypto/asn1/a_digest.o \ + crypto/asn1/a_verify.o \ + crypto/asn1/a_mbstr.o \ + crypto/asn1/a_strex.o \ + crypto/asn1/x_algor.o \ + crypto/asn1/x_val.o \ + crypto/asn1/x_pubkey.o \ + crypto/asn1/x_sig.o \ + crypto/asn1/x_req.o \ + crypto/asn1/x_attrib.o \ + crypto/asn1/x_bignum.o \ + crypto/asn1/x_long.o \ + crypto/asn1/x_name.o \ + crypto/asn1/x_x509.o \ + crypto/asn1/x_x509a.o \ + crypto/asn1/x_crl.o \ + crypto/asn1/x_info.o \ + crypto/asn1/x_spki.o \ + crypto/asn1/nsseq.o \ + crypto/asn1/x_nx509.o \ + crypto/asn1/d2i_pu.o \ + crypto/asn1/d2i_pr.o \ + crypto/asn1/i2d_pu.o \ + crypto/asn1/i2d_pr.o \ + crypto/asn1/t_req.o \ + crypto/asn1/t_x509.o \ + crypto/asn1/t_x509a.o \ + crypto/asn1/t_crl.o \ + crypto/asn1/t_pkey.o \ + crypto/asn1/t_spki.o \ + crypto/asn1/t_bitst.o \ + crypto/asn1/tasn_new.o \ + crypto/asn1/tasn_fre.o \ + crypto/asn1/tasn_enc.o \ + crypto/asn1/tasn_dec.o \ + crypto/asn1/tasn_utl.o \ + crypto/asn1/tasn_typ.o \ + crypto/asn1/tasn_prn.o \ + crypto/asn1/ameth_lib.o \ + crypto/asn1/f_int.o \ + crypto/asn1/f_string.o \ + crypto/asn1/n_pkey.o \ + crypto/asn1/f_enum.o \ + crypto/asn1/x_pkey.o \ + crypto/asn1/a_bool.o \ + crypto/asn1/x_exten.o \ + crypto/asn1/bio_asn1.o \ + crypto/asn1/bio_ndef.o \ + crypto/asn1/asn_mime.o \ + crypto/asn1/asn1_gen.o \ + crypto/asn1/asn1_par.o \ + crypto/asn1/asn1_lib.o \ + crypto/asn1/asn1_err.o \ + crypto/asn1/a_bytes.o \ + crypto/asn1/a_strnid.o \ + crypto/asn1/evp_asn1.o \ + crypto/asn1/asn_pack.o \ + crypto/asn1/p5_pbe.o \ + crypto/asn1/p5_pbev2.o \ + crypto/asn1/p8_pkey.o \ + crypto/asn1/asn_moid.o \ + crypto/pem/pem_sign.o \ + crypto/pem/pem_seal.o \ + crypto/pem/pem_info.o \ + crypto/pem/pem_lib.o \ + crypto/pem/pem_all.o \ + crypto/pem/pem_err.o \ + crypto/pem/pem_x509.o \ + crypto/pem/pem_xaux.o \ + crypto/pem/pem_oth.o \ + crypto/pem/pem_pk8.o \ + crypto/pem/pem_pkey.o \ + crypto/pem/pvkfmt.o \ + crypto/x509/x509_def.o \ + crypto/x509/x509_d2.o \ + crypto/x509/x509_r2x.o \ + crypto/x509/x509_cmp.o \ + crypto/x509/x509_obj.o \ + crypto/x509/x509_req.o \ + crypto/x509/x509spki.o \ + crypto/x509/x509_vfy.o \ + crypto/x509/x509_set.o \ + crypto/x509/x509cset.o \ + crypto/x509/x509rset.o \ + crypto/x509/x509_err.o \ + crypto/x509/x509name.o \ + crypto/x509/x509_v3.o \ + crypto/x509/x509_ext.o \ + crypto/x509/x509_att.o \ + crypto/x509/x509type.o \ + crypto/x509/x509_lu.o \ + crypto/x509/x_all.o \ + crypto/x509/x509_txt.o \ + crypto/x509/x509_trs.o \ + crypto/x509/x509_vpm.o \ + crypto/x509v3/v3_bcons.o \ + crypto/x509v3/v3_bitst.o \ + crypto/x509v3/v3_conf.o \ + crypto/x509v3/v3_extku.o \ + crypto/x509v3/v3_ia5.o \ + crypto/x509v3/v3_lib.o \ + crypto/x509v3/v3_prn.o \ + crypto/x509v3/v3_utl.o \ + crypto/x509v3/v3err.o \ + crypto/x509v3/v3_genn.o \ + crypto/x509v3/v3_alt.o \ + crypto/x509v3/v3_skey.o \ + crypto/x509v3/v3_akey.o \ + crypto/x509v3/v3_pku.o \ + crypto/x509v3/v3_int.o \ + crypto/x509v3/v3_enum.o \ + crypto/x509v3/v3_sxnet.o \ + crypto/x509v3/v3_cpols.o \ + crypto/x509v3/v3_crld.o \ + crypto/x509v3/v3_purp.o \ + crypto/x509v3/v3_info.o \ + crypto/x509v3/v3_ocsp.o \ + crypto/x509v3/v3_akeya.o \ + crypto/x509v3/v3_pmaps.o \ + crypto/x509v3/v3_pcons.o \ + crypto/x509v3/v3_ncons.o \ + crypto/x509v3/v3_pcia.o \ + crypto/x509v3/v3_pci.o \ + crypto/x509v3/pcy_cache.o \ + crypto/x509v3/pcy_node.o \ + crypto/x509v3/pcy_data.o \ + crypto/x509v3/pcy_map.o \ + crypto/x509v3/pcy_tree.o \ + crypto/x509v3/pcy_lib.o \ + crypto/x509v3/v3_asid.o \ + crypto/x509v3/v3_addr.o \ + crypto/conf/conf_err.o \ + crypto/conf/conf_lib.o \ + crypto/conf/conf_api.o \ + crypto/conf/conf_def.o \ + crypto/conf/conf_mod.o \ + crypto/conf/conf_mall.o \ + crypto/conf/conf_sap.o \ + crypto/txt_db/txt_db.o \ + crypto/pkcs7/pk7_asn1.o \ + crypto/pkcs7/pk7_lib.o \ + crypto/pkcs7/pkcs7err.o \ + crypto/pkcs7/pk7_doit.o \ + crypto/pkcs7/pk7_smime.o \ + crypto/pkcs7/pk7_attr.o \ + crypto/pkcs7/pk7_mime.o \ + crypto/pkcs7/bio_pk7.o \ + crypto/pkcs12/p12_add.o \ + crypto/pkcs12/p12_asn.o \ + crypto/pkcs12/p12_attr.o \ + crypto/pkcs12/p12_crpt.o \ + crypto/pkcs12/p12_crt.o \ + crypto/pkcs12/p12_decr.o \ + crypto/pkcs12/p12_init.o \ + crypto/pkcs12/p12_key.o \ + crypto/pkcs12/p12_kiss.o \ + crypto/pkcs12/p12_mutl.o \ + crypto/pkcs12/p12_utl.o \ + crypto/pkcs12/p12_npas.o \ + crypto/pkcs12/pk12err.o \ + crypto/pkcs12/p12_p8d.o \ + crypto/pkcs12/p12_p8e.o \ + crypto/comp/comp_lib.o \ + crypto/comp/comp_err.o \ + crypto/comp/c_rle.o \ + crypto/comp/c_zlib.o \ + crypto/ocsp/ocsp_asn.o \ + crypto/ocsp/ocsp_ext.o \ + crypto/ocsp/ocsp_ht.o \ + crypto/ocsp/ocsp_lib.o \ + crypto/ocsp/ocsp_cl.o \ + crypto/ocsp/ocsp_srv.o \ + crypto/ocsp/ocsp_prn.o \ + crypto/ocsp/ocsp_vfy.o \ + crypto/ocsp/ocsp_err.o \ + crypto/cmac/cmac.o \ + crypto/cmac/cm_ameth.o \ + crypto/cmac/cm_pmeth.o \ all: $(TARGET) -- cgit v1.2.3 From 1954ef164a55cbc4369f513cca3fb43f3550d81a Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 8 Mar 2021 11:54:33 -0500 Subject: Minor OpenSSL fixes These are all the NULL pointer dereferences (which all appear to be, at worst, very difficult to hit) that gcc -fanalyzer finds in our OpenSSL code. Signed-off-by: Peter Jones --- Cryptlib/OpenSSL/crypto/asn1/asn_mime.c | 4 ++++ Cryptlib/OpenSSL/crypto/asn1/t_req.c | 5 +++-- Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 3 +++ Cryptlib/OpenSSL/crypto/conf/conf_lib.c | 3 +++ Cryptlib/OpenSSL/crypto/mem_dbg.c | 5 +++++ Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 2 +- Cryptlib/OpenSSL/crypto/x509/x509_trs.c | 8 ++++++-- 7 files changed, 25 insertions(+), 5 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c index 5170906c..017be9d9 100644 --- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c +++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c @@ -843,6 +843,10 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) char *tmpname, *tmpval, *p; int c; MIME_PARAM *mparam; + + if (!mhdr) + return 0; + if (name) { tmpname = BUF_strdup(name); if (!tmpname) diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c index 70aba4cc..c32241c2 100644 --- a/Cryptlib/OpenSSL/crypto/asn1/t_req.c +++ b/Cryptlib/OpenSSL/crypto/asn1/t_req.c @@ -195,10 +195,11 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, goto err; if (BIO_puts(bp, ":") <= 0) goto err; - if ((type == V_ASN1_PRINTABLESTRING) || + if (bs != NULL && ( + (type == V_ASN1_PRINTABLESTRING) || (type == V_ASN1_UTF8STRING) || (type == V_ASN1_T61STRING) || - (type == V_ASN1_IA5STRING)) { + (type == V_ASN1_IA5STRING))) { if (BIO_write(bp, (char *)bs->data, bs->length) != bs->length) goto err; diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c index 10b78f51..2671f35c 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c @@ -496,6 +496,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) if (bn_wexpand(a, b->top) == NULL) return (NULL); + if (!a || !b || !a->d || !b->d) + return (NULL); + #if 1 A = a->d; B = b->d; diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c index 952b5452..b3b29adb 100644 --- a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c +++ b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c @@ -340,6 +340,9 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, return 0; } + if (conf == NULL) + return 0; + str = NCONF_get_string(conf, group, name); if (str == NULL) diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c index 8525ded7..c98c1b88 100644 --- a/Cryptlib/OpenSSL/crypto/mem_dbg.c +++ b/Cryptlib/OpenSSL/crypto/mem_dbg.c @@ -640,8 +640,13 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) if (m->addr == (char *)l->bio) return; + if (!bufp) + return; + if (options & V_CRYPTO_MDEBUG_TIME) { lcl = localtime(&m->time); + if (!lcl) + return; BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", lcl->tm_hour, lcl->tm_min, lcl->tm_sec); diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c index 6cf8253b..e6a44f40 100644 --- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c +++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c @@ -654,7 +654,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) if (data_body->length > 0) BIO_write(bio, (char *)data_body->data, data_body->length); # else - if (data_body->length > 0) + if (data_body != NULL && data_body->length > 0) bio = BIO_new_mem_buf(data_body->data, data_body->length); else { bio = BIO_new(BIO_s_mem()); diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c index 11e07634..2fa33823 100644 --- a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c +++ b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c @@ -131,6 +131,8 @@ int X509_check_trust(X509 *x, int id, int flags) if (idx == -1) return default_trust(id, x, flags); pt = X509_TRUST_get0(idx); + if (!pt) + return default_trust(id, x, flags); return pt->check_trust(pt, x, flags); } @@ -195,8 +197,10 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), return 0; } trtmp->flags = X509_TRUST_DYNAMIC; - } else - trtmp = X509_TRUST_get0(idx); + } else if (!(trtmp = X509_TRUST_get0(idx))) { + X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); + return 0; + } /* OPENSSL_free existing name if dynamic */ if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) -- cgit v1.2.3 From 7d5df1cebdbdc3ed11cde165a752cf358878aa8a Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 8 Mar 2021 12:42:21 -0500 Subject: static analysis: make our build targets work better This improves our static analysis targets by making them work better with our make variables, and inhibits the use of ccache while building those. Signed-off-by: Peter Jones --- Cryptlib/Makefile | 3 +++ Cryptlib/OpenSSL/Makefile | 3 +++ Make.defaults | 9 +++++++++ include/coverity.mk | 37 +++++++++++++++++++++++++++++-------- include/fanalyzer.mk | 36 ++++++++++++++++++++++++------------ include/scan-build.mk | 35 +++++++++++++++++++++++++++++------ 6 files changed, 97 insertions(+), 26 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 5bae10c9..bc5681c5 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -1,3 +1,6 @@ +ifneq ($(CCACHE_DISABLE),) +export CCACHE_DISABLE +endif INCLUDES = -I$(TOPDIR) -iquote $(TOPDIR) -I$(TOPDIR)/Include \ $(EFI_INCLUDES) -I$(shell $(CC) -print-file-name=include) diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 6a58dbaa..6ff58e47 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -1,3 +1,6 @@ +ifneq ($(CCACHE_DISABLE),) +export CCACHE_DISABLE +endif DEFINES = -DL_ENDIAN \ -D_CRT_SECURE_NO_DEPRECATE \ diff --git a/Make.defaults b/Make.defaults index 5f30e292..7f1b8015 100644 --- a/Make.defaults +++ b/Make.defaults @@ -28,6 +28,15 @@ DASHJ ?= -j$(shell echo $$(($$(grep -c "^model name" /proc/cpuinfo) + 1))) ARCH ?= $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) OBJCOPY_GTE224 = $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.*\((.*)\|version\) //g' | cut -f1-2 -d.` \>= 2.24) OPTIMIZATIONS ?= -Os +FA_OPTIMIZATIONS ?= -O2 +ifneq ($(FANALYZER),) +override OPTIMIZATIONS := $(FA_OPTIMIZATIONS) +override CCACHE_DISABLE := true +endif +export OPTIMIZATIONS +ifneq ($(CCACHE_DISABLE),) +export CCACHE_DISABLE +endif SUBDIRS = $(TOPDIR)/Cryptlib $(TOPDIR)/lib diff --git a/include/coverity.mk b/include/coverity.mk index a897aa0a..e1e5c874 100644 --- a/include/coverity.mk +++ b/include/coverity.mk @@ -3,12 +3,18 @@ COV_TOKEN=$(call get-config,coverity.token) COV_URL=$(call get-config,coverity.url) COV_FILE=$(NAME)-coverity-$(VERSION)-$(COMMIT_ID).tar.bz2 -cov-int : clean-shim-objs - make $(DASHJ) Cryptlib/OpenSSL/libopenssl.a Cryptlib/libcryptlib.a - cov-build --dir cov-int make $(DASHJ) all +include $(TOPDIR)/Make.rules -cov-int-all : clean - cov-build --dir cov-int make $(DASHJ) all +define prop +$(if $(findstring undefined,$(origin $(1))),,$(1)="$($1)") +endef + +override CCACHE_DISABLE := 1 +export CCACHE_DISABLE + +PROPOGATE_MAKE_FLAGS = ARCH ARCH_SUFFIX COLOR COMPILER CROSS_COMPILE + +MAKEARGS = $(foreach x,$(PROPOGATE_MAKE_FLAGS),$(call prop,$(x))) cov-clean : @rm -vf $(NAME)-coverity-*.tar.* @@ -19,7 +25,7 @@ cov-file : | $(COV_FILE) $(COV_FILE) : | cov-int tar caf $@ cov-int -cov-upload : +cov-upload : | cov-file @if [ -n "$(COV_URL)" ] && \ [ -n "$(COV_TOKEN)" ] && \ [ -n "$(COV_EMAIL)" ] ; \ @@ -30,11 +36,26 @@ cov-upload : echo Coverity output is in $(COV_FILE) ; \ fi +cov-build-unchecked-cryptlib : | clean-cryptlib-objs +cov-build-unchecked-cryptlib : Cryptlib/libcryptlib.a + +cov-build-unchecked-openssl : | clean-openssl-objs +cov-build-unchecked-openssl : Cryptlib/OpenSSL/libopenssl.a + +cov-build-all : | clean clean-shim-objs clean-cryptlib-objs clean-openssl-objs + +cov-build --dir cov-int $(MAKE) $(MAKEARGS) CCACHE_DISABLE=1 all + +coverity-no-openssl : | cov-test +coverity-no-openssl : clean-shim-objs clean-cryptlib-objs cov-build-unchecked-openssl cov-build-all cov-file cov-upload + +coverity-no-cryptlib : | cov-test +coverity-no-cryptlib : clean-shim-objs cov-build-unchecked-openssl cov-build-unchecked-cryptlib cov-build-all cov-file cov-upload + coverity : | cov-test -coverity : cov-int cov-file cov-upload +coverity : coverity-no-openssl cov-file cov-upload coverity-all : | cov-test -coverity-all : cov-int-all cov-file cov-upload +coverity-all : clean cov-build-all cov-file cov-upload clean : | cov-clean diff --git a/include/fanalyzer.mk b/include/fanalyzer.mk index 1018d1da..7e31a082 100644 --- a/include/fanalyzer.mk +++ b/include/fanalyzer.mk @@ -3,25 +3,37 @@ GCC_BINARY ?= $(shell x=$$(which --skip-alias --skip-functions gcc 2>/dev/null) fanalyzer-test : ; $(if $(findstring /,$(GCC_BINARY)),,$(error gcc not found)) define prop -$(if $(filter-out undefined,$(origin $(1))),$(1)=$($1),) +$(if $(findstring undefined,$(origin $(1))),,$(eval export $(1))) endef -MAKEARGS := \ - $(call prop,ARCH) \ - $(call prop,COLOR) \ - $(call prop,CROSS_COMPILE) +override CCACHE_DISABLE := 1 +export CCACHE_DISABLE +override COMPILER := gcc +export COMPILER + +PROPOGATE_MAKE_FLAGS = ARCH ARCH_SUFFIX COLOR COMPILER CROSS_COMPILE DASHJ + +MAKEARGS = $(foreach x,$(PROPOGATE_MAKE_FLAGS),$(call prop,$(x))) fanalyzer : | fanalyzer-test -fanalyzer : clean-shim-objs fanalyzer-build +fanalyzer : fanalyzer-no-openssl + +fanalyzer-build-unchecked-cryptlib : Cryptlib/libcryptlib.a + +fanalyzer-build-unchecked-openssl : Cryptlib/OpenSSL/libopenssl.a -fanalyzer-build : - make CC=gcc $(MAKEARGS) $(DASHJ) Cryptlib/OpenSSL/libopenssl.a Cryptlib/libcryptlib.a - make CC=gcc $(MAKEARGS) FANALYZER=true all +fanalyzer-build-all : CCACHE_DISABLE=1 +fanalyzer-build-all : FEATUREFLAGS+=-fanalyzer +fanalyzer-build-all : WERRFLAGS=-Werror=analyzer-null-dereference +fanalyzer-build-all : all + +fanalyzer-no-openssl : | fanalyzer-test +fanalyzer-no-openssl : clean-shim-objs clean-cryptlib-objs fanalyzer-build-unchecked-openssl fanalyzer-build-all + +fanalyzer-no-cryptlib : | fanalyzer-test +fanalyzer-no-cryptlib : clean-shim-objs fanalyzer-build-unchecked-openssl fanalyzer-build-unchecked-cryptlib fanalyzer-build-all fanalyzer-all : | fanalyzer-test fanalyzer-all : clean fanalyzer-build-all -fanalyzer-build-all : - make CC=gcc $(MAKEARGS) FANALYZER=true all - .PHONY : fanalyzer fanalyzer-build fanalyzer-all fanalyzer-build-all fanalyzer-clean diff --git a/include/scan-build.mk b/include/scan-build.mk index 7697cb89..2cb33e79 100644 --- a/include/scan-build.mk +++ b/include/scan-build.mk @@ -2,16 +2,39 @@ SCAN_BUILD ?= $(shell x=$$(which --skip-alias --skip-functions scan-build 2>/dev scan-test : ; $(if $(findstring /,$(SCAN_BUILD)),,$(error scan-build not found)) +define prop +$(if $(findstring undefined,$(origin $(1))),,$(1)="$($1)") +endef + +override CCACHE_DISABLE := 1 +export CCACHE_DISABLE +override COMPILER = clang + +PROPOGATE_MAKE_FLAGS = ARCH ARCH_SUFFIX COLOR COMPILER CROSS_COMPILE DASHJ + +MAKEARGS = $(foreach x,$(PROPOGATE_MAKE_FLAGS),$(call prop,$(x))) + scan-clean : @if [[ -d scan-results ]]; then rm -rf scan-results && echo "removed 'scan-results'"; fi -scan-build : | scan-test -scan-build : clean-shim-objs - make $(DASHJ) Cryptlib/OpenSSL/libopenssl.a Cryptlib/libcryptlib.a - scan-build -o scan-results make $(DASHJ) CC=clang all +scan : | scan-test +scan : clean-shim-objs clean-cryptlib-objs scan-build-no-openssl + +scan-build-unchecked-cryptlib : Cryptlib/libcryptlib.a + +scan-build-unchecked-openssl : Cryptlib/OpenSSL/libopenssl.a scan-build-all : | scan-test -scan-build-all : clean - scan-build -o scan-results make $(DASHJ) CC=clang all +scan-build-all : + +scan-build -o scan-results make $(MAKEARGS) $(DASHJ) CCACHE_DISABLE=1 all + +scan-build-no-openssl : | scan-test +scan-build-no-openssl : clean-shim-objs clean-cryptlib-objs scan-build-unchecked-openssl scan-build-all + +scan-build-no-cryptlib : | scan-test +scan-build-no-cryptlib : clean-shim-objs scan-build-unchecked-cryptlib scan-build-unchecked-openssl scan-build-all + +scan-all : | scan-test +scan-all : clean scan-build-all .PHONY : scan-build scan-clean -- cgit v1.2.3 From 4425a1bf8b60cc4a3a17f5ee98d0ee771447815d Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 5 Mar 2021 18:01:29 -0500 Subject: More minor makefile cleanups This patch does some makefile cleanups, to fix the parts that are actually just bad that the previous patch left in for clarity: - removes -fno-builtin . This flag is implied by -ffreestanding , which we use everywhere. - gets rid of the two places where ARM has their own -O flags for no real reason. Note that this will make those use -Os instead of -O2. - export VERBOSE and DEBUG if they're set. Signed-off-by: Peter Jones --- Cryptlib/OpenSSL/Makefile | 2 -- Make.defaults | 9 +++++++-- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 6ff58e47..5bd72481 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -38,11 +38,9 @@ FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) DEFINES += -DMDE_CPU_IA32 endif ifeq ($(ARCH),aarch64) -OPTIMIZATIONS += -O2 DEFINES += -DMDE_CPU_AARCH64 endif ifeq ($(ARCH),arm) -OPTIMIZATIONS += -O2 DEFINES += -DMDE_CPU_ARM endif diff --git a/Make.defaults b/Make.defaults index 7f1b8015..13393496 100644 --- a/Make.defaults +++ b/Make.defaults @@ -104,11 +104,9 @@ INCLUDES = -nostdinc \ -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol \ -I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd) - override DEFAULT_FEATUREFLAGS = \ -std=gnu89 \ -ggdb \ - -fno-builtin \ -ffreestanding \ -fmacro-prefix-map='$(TOPDIR)/=$(DEBUGSRC)' \ -fno-stack-protector \ @@ -181,3 +179,10 @@ DEFINES += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" endif LDFLAGS = --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1 $(ARCH_LDFLAGS) --no-undefined + +ifneq ($(DEBUG),) +export DEBUG +endif +ifneq ($(VERBOSE),) +export VERBOSE +endif -- cgit v1.2.3 From 758b795a86589994065099d0af02eb30626a3c21 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Sat, 20 Feb 2021 12:32:48 -0500 Subject: Cryptlib: make some Str*() args const. --- Cryptlib/Include/OpenSslSupport.h | 10 +++++----- Cryptlib/Library/BaseLib.h | 10 +++++----- Cryptlib/SysCall/BaseStrings.c | 14 +++++++------- 3 files changed, 17 insertions(+), 17 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index b38043cb..0b555271 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -370,14 +370,14 @@ extern FILE *stdout; #define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count))) #define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count)) #define strlen(str) (size_t)(AsciiStrLen((CHAR8 *)str)) -#define strcpy(strDest,strSource) AsciiStrCpy(strDest,strSource) -#define strncpy(strDest,strSource,count) AsciiStrnCpy(strDest,strSource,(UINTN)count) -#define strcat(strDest,strSource) AsciiStrCat(strDest,strSource) +#define strcpy(strDest,strSource) AsciiStrCpy((CHAR8 *)strDest,(const CHAR8 *)strSource) +#define strncpy(strDest,strSource,count) AsciiStrnCpy((CHAR8 *)strDest,(const CHAR8 *)strSource,(UINTN)count) +#define strcat(strDest,strSource) AsciiStrCat((CHAR8 *)strDest,(const CHAR8 *)strSource) #define strchr(str,ch) (char *)(ScanMem8((CHAR8 *)str,AsciiStrSize((CHAR8 *)str),ch)) -#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count))) +#define strncmp(string1,string2,count) (int)(AsciiStrnCmp((const CHAR8 *)string1, (const CHAR8 *)string2,(UINTN)(count))) #define localtime(timer) NULL #define assert(expression) -#define atoi(nptr) AsciiStrDecimalToUintn(nptr) +#define atoi(nptr) AsciiStrDecimalToUintn((const CHAR8 *)nptr) #define gettimeofday(tvp,tz) do { (tvp)->tv_sec = time(NULL); (tvp)->tv_usec = 0; } while (0) #define gmtime_r(timer,result) (result = NULL) #define abort() diff --git a/Cryptlib/Library/BaseLib.h b/Cryptlib/Library/BaseLib.h index 5d326844..93d5c691 100644 --- a/Cryptlib/Library/BaseLib.h +++ b/Cryptlib/Library/BaseLib.h @@ -2,8 +2,8 @@ #include UINT32 WriteUnaligned32 (UINT32 *Buffer, UINT32 Value); -UINTN AsciiStrSize (CHAR8 *string); -char *AsciiStrnCpy(char *Destination, char *Source, UINTN count); -char *AsciiStrCat(char *Destination, char *Source); -CHAR8 *AsciiStrCpy(CHAR8 *Destination, CHAR8 *Source); -UINTN AsciiStrDecimalToUintn(const char *String); +UINTN AsciiStrSize (const CHAR8 *string); +CHAR8 *AsciiStrnCpy(CHAR8 *Destination, const CHAR8 *Source, UINTN count); +CHAR8 *AsciiStrCat(CHAR8 *Destination, const CHAR8 *Source); +CHAR8 *AsciiStrCpy(CHAR8 *Destination, const CHAR8 *Source); +UINTN AsciiStrDecimalToUintn(const CHAR8 *String); diff --git a/Cryptlib/SysCall/BaseStrings.c b/Cryptlib/SysCall/BaseStrings.c index 252e6db3..c4b3e18e 100644 --- a/Cryptlib/SysCall/BaseStrings.c +++ b/Cryptlib/SysCall/BaseStrings.c @@ -1,7 +1,7 @@ #include -char * -AsciiStrCat(char *Destination, char *Source) +CHAR8 * +AsciiStrCat(CHAR8 *Destination, const CHAR8 *Source) { UINTN dest_len = strlena((CHAR8 *)Destination); UINTN i; @@ -14,7 +14,7 @@ AsciiStrCat(char *Destination, char *Source) } CHAR8 * -AsciiStrCpy(CHAR8 *Destination, CHAR8 *Source) +AsciiStrCpy(CHAR8 *Destination, const CHAR8 *Source) { UINTN i; @@ -25,8 +25,8 @@ AsciiStrCpy(CHAR8 *Destination, CHAR8 *Source) return Destination; } -char * -AsciiStrnCpy(char *Destination, char *Source, UINTN count) +CHAR8 * +AsciiStrnCpy(CHAR8 *Destination, const CHAR8 *Source, UINTN count) { UINTN i; @@ -59,7 +59,7 @@ WriteUnaligned32(UINT32 *Buffer, UINT32 Value) } UINTN -AsciiStrSize(CHAR8 *string) +AsciiStrSize(const CHAR8 *string) { return strlena(string) + 1; } @@ -97,7 +97,7 @@ strcasecmp (const char *str1, const char *str2) /* Based on AsciiStrDecimalToUintnS() in edk2 * MdePkg/Library/BaseLib/SafeString.c */ UINTN -AsciiStrDecimalToUintn(const char *String) +AsciiStrDecimalToUintn(const CHAR8 *String) { UINTN Result; -- cgit v1.2.3 From f033a1da9f4c3acf7e3dfef906d01e348b6fcf42 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 9 Mar 2021 11:42:34 -0500 Subject: Restructure our includes. This re-structures our includes so we can be sure everything is always including all the system headers in a uniform, predictable way. Temporarily it also adds a bunch of junk at all the places we use variadic functions to specifically pick either the MS (cdecl) or ELF ABIs. I'm not 100% sure that's all correct (see later patch) but it's enough to allow this to build. Signed-off-by: Peter Jones --- Cryptlib/Include/OpenSslSupport.h | 13 +++++++----- Cryptlib/Include/ctype.h | 16 -------------- Cryptlib/Include/openssl/crypto.h | 1 + Cryptlib/Include/stdarg.h | 16 -------------- Cryptlib/Include/stddef.h | 15 -------------- Cryptlib/Include/stdlib.h | 16 -------------- Cryptlib/Include/string.h | 16 -------------- Cryptlib/Include/strings.h | 15 -------------- Cryptlib/InternalCryptLib.h | 2 ++ Cryptlib/Makefile | 14 +++++++++---- Cryptlib/OpenSSL/Makefile | 16 +++++++++----- Cryptlib/OpenSSL/crypto/bio/b_print.c | 8 +++---- Make.defaults | 3 ++- Makefile | 7 ++++--- MokManager.c | 8 +------ PasswordCrypt.c | 6 ++---- crypt_blowfish.c | 5 ----- errlog.c | 29 +++++++++++++------------- fallback.c | 4 ---- httpboot.c | 4 ---- include/console.h | 8 +++---- include/hexdump.h | 17 ++++++++------- include/system/alloca.h | 10 +++++++++ include/system/ctype.h | 14 +++++++++++++ include/system/inttypes.h | 13 ++++++++++++ include/system/stdarg.h | 31 ++++++++++++++++++++++++++++ include/system/stdio.h | 13 ++++++++++++ include/system/stdlib.h | 16 ++++++++++++++ include/system/string.h | 14 +++++++++++++ include/system/strings.h | 10 +++++++++ include/test.h | 4 ++-- lib/Makefile | 39 +++++++++++++++++++++++++++++++++-- lib/configtable.c | 3 --- lib/console.c | 21 +++++++------------ lib/execute.c | 4 ---- lib/print_crypto.c | 5 ----- lib/security_policy.c | 4 ---- lib/shell.c | 3 --- lib/simple_file.c | 4 ---- lib/variables.c | 3 --- mok.c | 4 ---- netboot.c | 2 -- pe.c | 1 - replacements.c | 5 ----- sbat.c | 1 - shim.c | 1 - shim.h | 25 ++++++++++++++++------ test.c | 3 ++- tpm.c | 6 ------ 49 files changed, 262 insertions(+), 236 deletions(-) delete mode 100644 Cryptlib/Include/ctype.h delete mode 100644 Cryptlib/Include/stdarg.h delete mode 100644 Cryptlib/Include/stddef.h delete mode 100644 Cryptlib/Include/stdlib.h delete mode 100644 Cryptlib/Include/string.h delete mode 100644 Cryptlib/Include/strings.h create mode 100644 include/system/alloca.h create mode 100644 include/system/ctype.h create mode 100644 include/system/inttypes.h create mode 100644 include/system/stdarg.h create mode 100644 include/system/stdio.h create mode 100644 include/system/stdlib.h create mode 100644 include/system/string.h create mode 100644 include/system/strings.h (limited to 'Cryptlib') diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index 0b555271..7af9650f 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -15,6 +15,14 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #ifndef __OPEN_SSL_SUPPORT_H__ #define __OPEN_SSL_SUPPORT_H__ +/* + * Include stddef.h to avoid redefining "offsetof" + */ +#include +#include +#include +#include + #include #include #include "Base.h" @@ -23,11 +31,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "Library/MemoryAllocationLib.h" #include "Library/DebugLib.h" -/* - * Include stddef.h to avoid redefining "offsetof" - */ -#include - #define CONST const // diff --git a/Cryptlib/Include/ctype.h b/Cryptlib/Include/ctype.h deleted file mode 100644 index ee07f6bc..00000000 --- a/Cryptlib/Include/ctype.h +++ /dev/null @@ -1,16 +0,0 @@ -/** @file - Include file to support building OpenSSL Crypto Library. - -Copyright (c) 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include - diff --git a/Cryptlib/Include/openssl/crypto.h b/Cryptlib/Include/openssl/crypto.h index bea4ca19..e201a123 100644 --- a/Cryptlib/Include/openssl/crypto.h +++ b/Cryptlib/Include/openssl/crypto.h @@ -117,6 +117,7 @@ #ifndef HEADER_CRYPTO_H # define HEADER_CRYPTO_H +# include # include # include diff --git a/Cryptlib/Include/stdarg.h b/Cryptlib/Include/stdarg.h deleted file mode 100644 index ee07f6bc..00000000 --- a/Cryptlib/Include/stdarg.h +++ /dev/null @@ -1,16 +0,0 @@ -/** @file - Include file to support building OpenSSL Crypto Library. - -Copyright (c) 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include - diff --git a/Cryptlib/Include/stddef.h b/Cryptlib/Include/stddef.h deleted file mode 100644 index 8dfc36ff..00000000 --- a/Cryptlib/Include/stddef.h +++ /dev/null @@ -1,15 +0,0 @@ -/** @file - Include file to support building OpenSSL Crypto Library. - -Copyright (c) 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include diff --git a/Cryptlib/Include/stdlib.h b/Cryptlib/Include/stdlib.h deleted file mode 100644 index ee07f6bc..00000000 --- a/Cryptlib/Include/stdlib.h +++ /dev/null @@ -1,16 +0,0 @@ -/** @file - Include file to support building OpenSSL Crypto Library. - -Copyright (c) 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include - diff --git a/Cryptlib/Include/string.h b/Cryptlib/Include/string.h deleted file mode 100644 index ee07f6bc..00000000 --- a/Cryptlib/Include/string.h +++ /dev/null @@ -1,16 +0,0 @@ -/** @file - Include file to support building OpenSSL Crypto Library. - -Copyright (c) 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include - diff --git a/Cryptlib/Include/strings.h b/Cryptlib/Include/strings.h deleted file mode 100644 index 8dfc36ff..00000000 --- a/Cryptlib/Include/strings.h +++ /dev/null @@ -1,15 +0,0 @@ -/** @file - Include file to support building OpenSSL Crypto Library. - -Copyright (c) 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include diff --git a/Cryptlib/InternalCryptLib.h b/Cryptlib/InternalCryptLib.h index e9a4c20a..dc1a95e6 100644 --- a/Cryptlib/InternalCryptLib.h +++ b/Cryptlib/InternalCryptLib.h @@ -15,6 +15,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #ifndef __INTERNAL_CRYPT_LIB_H__ #define __INTERNAL_CRYPT_LIB_H__ +#include + #include "Library/BaseLib.h" #include "Library/BaseMemoryLib.h" #include "Library/MemoryAllocationLib.h" diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index bc5681c5..65a3918c 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -2,8 +2,14 @@ ifneq ($(CCACHE_DISABLE),) export CCACHE_DISABLE endif -INCLUDES = -I$(TOPDIR) -iquote $(TOPDIR) -I$(TOPDIR)/Include \ - $(EFI_INCLUDES) -I$(shell $(CC) -print-file-name=include) +CRYPTDIR = $(TOPDIR)/Cryptlib + +FEATUREFLAGS += -nostdinc + +INCLUDES = -I$(CRYPTDIR) -I$(CRYPTDIR)/Include \ + $(EFI_INCLUDES) \ + -isystem $(TOPDIR)/include/system \ + -isystem $(shell $(CC) -print-file-name=include) CFLAGS = $(FEATUREFLAGS) \ $(OPTIMIZATIONS) \ @@ -15,12 +21,12 @@ CFLAGS = $(FEATUREFLAGS) \ CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) ifeq ($(ARCH),x86_64) -FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) +FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) DEFINES += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 endif ifeq ($(ARCH),ia32) -FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) +FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) DEFINES += -DMDE_CPU_IA32 endif ifeq ($(ARCH),aarch64) diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 5bd72481..294e889a 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -2,17 +2,23 @@ ifneq ($(CCACHE_DISABLE),) export CCACHE_DISABLE endif +CRYPTDIR = $(TOPDIR)/Cryptlib +OSSLDIR = $(TOPDIR)/Cryptlib/OpenSSL + DEFINES = -DL_ENDIAN \ -D_CRT_SECURE_NO_DEPRECATE \ -D_CRT_NONSTDC_NO_DEPRECATE \ -DOPENSSL_SMALL_FOOTPRINT \ -DPEDANTIC -INCLUDES = -I$(TOPDIR) -I$(TOPDIR)/.. -I$(TOPDIR)/../Include/ -I$(TOPDIR)/crypto \ - -I$(shell $(CC) -print-file-name=include) \ - -I$(TOPDIR)/../Include $(EFI_INCLUDES) \ - -I$(TOPDIR)/crypto/asn1 -I$(TOPDIR)/crypto/evp \ - -I$(TOPDIR)/crypto/modes -I$(TOPDIR)/crypto/include +INCLUDES = -I$(OSSLDIR) -I$(CRYPTDIR) -I$(OSSLDIR)/Include/ \ + -I$(OSSLDIR)/crypto -I$(CRYPTDIR)/Include $(EFI_INCLUDES) \ + -I$(OSSLDIR)/crypto/asn1 -I$(OSSLDIR)/crypto/evp \ + -I$(OSSLDIR)/crypto/modes -I$(OSSLDIR)/crypto/include \ + -isystem $(TOPDIR)/include/system \ + -isystem $(shell $(CC) -print-file-name=include) + +FEATUREFLAGS += -nostdinc WERRFLAGS += -Wno-error=discarded-qualifiers \ -Wno-error=maybe-uninitialized \ diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c index fea73864..2d303ee8 100644 --- a/Cryptlib/OpenSSL/crypto/bio/b_print.c +++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c @@ -134,9 +134,9 @@ static int fmtfp(char **, char **, size_t *, size_t *, LDOUBLE, int, int, int); #endif static int doapr_outch(char **, char **, size_t *, size_t *, int); -static int _dopr(char **sbuffer, char **buffer, - size_t *maxlen, size_t *retlen, int *truncated, - const char *format, va_list args); +static int EFIAPI _dopr(char **sbuffer, char **buffer, + size_t *maxlen, size_t *retlen, int *truncated, + const char *format, va_list args); /* format read states */ #define DP_S_DEFAULT 0 @@ -167,7 +167,7 @@ static int _dopr(char **sbuffer, char **buffer, #define char_to_int(p) (p - '0') #define OSSL_MAX(p,q) ((p >= q) ? p : q) -static int +static int EFIAPI _dopr(char **sbuffer, char **buffer, size_t *maxlen, diff --git a/Make.defaults b/Make.defaults index bef3cb51..ebb9e3c3 100644 --- a/Make.defaults +++ b/Make.defaults @@ -102,7 +102,8 @@ INCLUDES = -nostdinc \ -I$(shell $(CC) $(ARCH_CFLAGS) -print-file-name=include) \ -I$(TOPDIR)/Cryptlib -I$(TOPDIR)/Cryptlib/Include \ -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH_GNUEFI) -I$(EFI_INCLUDE)/protocol \ - -I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd) + -I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd) \ + -isystem $(TOPDIR)/include/system override DEFAULT_FEATUREFLAGS = \ -std=gnu11 \ diff --git a/Makefile b/Makefile index c1d13947..6a62e00a 100644 --- a/Makefile +++ b/Makefile @@ -16,6 +16,7 @@ override TOPDIR := $(shell pwd) endif override TOPDIR := $(abspath $(TOPDIR)) VPATH = $(TOPDIR) +export TOPDIR include $(TOPDIR)/Make.rules include $(TOPDIR)/Make.defaults @@ -134,15 +135,15 @@ gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: Cryptlib/libcryptlib.a: for i in Hash Hmac Cipher Rand Pk Pem SysCall; do mkdir -p Cryptlib/$$i; done - $(MAKE) VPATH=$(TOPDIR)/Cryptlib TOPDIR=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile + $(MAKE) VPATH=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile Cryptlib/OpenSSL/libopenssl.a: for i in x509v3 x509 txt_db stack sha rsa rc4 rand pkcs7 pkcs12 pem ocsp objects modes md5 lhash kdf hmac evp err dso dh conf comp cmac buffer bn bio async/arch asn1 aes; do mkdir -p Cryptlib/OpenSSL/crypto/$$i; done - $(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL TOPDIR=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile + $(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile lib/lib.a: | $(TOPDIR)/lib/Makefile $(wildcard $(TOPDIR)/include/*.[ch]) if [ ! -d lib ]; then mkdir lib ; fi - $(MAKE) VPATH=$(TOPDIR)/lib TOPDIR=$(TOPDIR) CFLAGS="$(CFLAGS)" -C lib -f $(TOPDIR)/lib/Makefile lib.a + $(MAKE) VPATH=$(TOPDIR)/lib -C lib -f $(TOPDIR)/lib/Makefile lib.a buildid : $(TOPDIR)/buildid.c $(CC) -Og -g3 -Wall -Werror -Wextra -o $@ $< -lelf diff --git a/MokManager.c b/MokManager.c index 5a851d86..cd1492f8 100644 --- a/MokManager.c +++ b/MokManager.c @@ -1,18 +1,12 @@ // SPDX-License-Identifier: BSD-2-Clause-Patent +#include "shim.h" -#include -#include -#include #include #include #include #include #include -#include "shim.h" - -#include "hexdump.h" - #define PASSWORD_MAX 256 #define PASSWORD_MIN 1 #define SB_PASSWORD_LEN 16 diff --git a/PasswordCrypt.c b/PasswordCrypt.c index 311c914b..1030a6dd 100644 --- a/PasswordCrypt.c +++ b/PasswordCrypt.c @@ -1,13 +1,11 @@ // SPDX-License-Identifier: BSD-2-Clause-Patent -#include -#include +#include "shim.h" + #include #include #include -#include "shim.h" - #define TRAD_DES_HASH_SIZE 13 /* (64/6+1) + (12/6) */ #define BSDI_DES_HASH_SIZE 20 /* (64/6+1) + (24/6) + 4 + 1 */ #define BLOWFISH_HASH_SIZE 31 /* 184/6+1 */ diff --git a/crypt_blowfish.c b/crypt_blowfish.c index 7a474f26..b1eb0e60 100644 --- a/crypt_blowfish.c +++ b/crypt_blowfish.c @@ -43,11 +43,6 @@ * Blowfish library (I can't be sure if I would think of something if I * hadn't seen his code). */ - -#include -#include - -/* Just to make sure the prototypes match the actual definitions */ #include "shim.h" typedef unsigned int BF_word; diff --git a/errlog.c b/errlog.c index 714d09d3..16af23b0 100644 --- a/errlog.c +++ b/errlog.c @@ -5,30 +5,29 @@ */ #include "shim.h" -#include "hexdump.h" static CHAR16 **errs = NULL; static UINTN nerrs = 0; -EFI_STATUS -vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, va_list args) +EFI_STATUS EFIAPI +vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, elf_va_list args) { - va_list args2; + elf_va_list args2; EFI_STATUS efi_status = EFI_SUCCESS; if (verbose) { - va_copy(args2, args); + elf_va_copy(args2, args); console_print(L"%a:%d:%a() ", file, line, func); efi_status = VPrint(fmt, args2); - va_end(args2); + elf_va_end(args2); } return efi_status; } -EFI_STATUS -VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, va_list args) +EFI_STATUS EFIAPI +VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, elf_va_list args) { - va_list args2; + elf_va_list args2; CHAR16 **newerrs; newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs), @@ -39,11 +38,11 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, va_li newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func); if (!newerrs[nerrs]) return EFI_OUT_OF_RESOURCES; - va_copy(args2, args); + elf_va_copy(args2, args); newerrs[nerrs+1] = VPoolPrint(fmt, args2); if (!newerrs[nerrs+1]) return EFI_OUT_OF_RESOURCES; - va_end(args2); + elf_va_end(args2); nerrs += 2; newerrs[nerrs] = NULL; @@ -52,15 +51,15 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, va_li return EFI_SUCCESS; } -EFI_STATUS +EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...) { - va_list args; + elf_va_list args; EFI_STATUS efi_status; - va_start(args, fmt); + elf_va_start(args, fmt); efi_status = VLogError(file, line, func, fmt, args); - va_end(args); + elf_va_end(args); return efi_status; } diff --git a/fallback.c b/fallback.c index fc81c5e4..ba90bb3b 100644 --- a/fallback.c +++ b/fallback.c @@ -3,10 +3,6 @@ * Copyright Red Hat, Inc. * Copyright Peter Jones */ - -#include -#include - #include "shim.h" #define NO_REBOOT L"FB_NO_REBOOT" diff --git a/httpboot.c b/httpboot.c index bedb99d2..fe08f3f7 100644 --- a/httpboot.c +++ b/httpboot.c @@ -7,10 +7,6 @@ * (http://tianocore.sf.net) and are Copyright 2009-2012 Intel * Corporation. */ - -#include -#include - #include "shim.h" static UINTN diff --git a/include/console.h b/include/console.h index b2ab5fe4..d8af3cd3 100644 --- a/include/console.h +++ b/include/console.h @@ -17,9 +17,9 @@ EFI_STATUS console_get_keystroke(EFI_INPUT_KEY *key); -UINTN +UINTN EFIAPI console_print(const CHAR16 *fmt, ...); -UINTN +UINTN EFIAPI console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...); void console_print_box_at(CHAR16 *str_arr[], int highlight, @@ -101,8 +101,8 @@ extern UINT32 verbose; #define dprint(fmt, ...) \ dprint_(L"%a:%d:%a() " fmt, __FILE__, __LINE__ - 1, __func__, \ ##__VA_ARGS__) -extern EFI_STATUS -vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, va_list args); +extern EFI_STATUS EFIAPI vdprint_(const CHAR16 *fmt, const char *file, int line, + const char *func, elf_va_list args); #define vdprint(fmt, ...) \ vdprint_(fmt, __FILE__, __LINE__ - 1, __func__, ##__VA_ARGS__) diff --git a/include/hexdump.h b/include/hexdump.h index 8b8b4557..36d77ec4 100644 --- a/include/hexdump.h +++ b/include/hexdump.h @@ -3,7 +3,8 @@ #ifndef STATIC_HEXDUMP_H #define STATIC_HEXDUMP_H -#include +#include "shim.h" +#include "include/console.h" static inline unsigned long UNUSED prepare_hex(const void *data, size_t size, char *buf, unsigned int position) @@ -80,8 +81,9 @@ prepare_text(const void *data, size_t size, char *buf, unsigned int position) * variadic hexdump formatted * think of it as: printf("%s%s\n", vformat(fmt, ap), hexdump(data,size)); */ -static inline void UNUSED -vhexdumpf(const char *file, int line, const char *func, const CHAR16 * const fmt, const void *data, unsigned long size, size_t at, va_list ap) +static inline void UNUSED EFIAPI +vhexdumpf(const char *file, int line, const char *func, const CHAR16 *const fmt, + const void *data, unsigned long size, size_t at, elf_va_list ap) { unsigned long display_offset = at; unsigned long offset = 0; @@ -115,13 +117,14 @@ vhexdumpf(const char *file, int line, const char *func, const CHAR16 * const fmt * think of it as: printf("%s%s", format(fmt, ...), hexdump(data,size)[lineN]); */ static inline void UNUSED -hexdumpf(const char *file, int line, const char *func, const CHAR16 * const fmt, const void *data, unsigned long size, size_t at, ...) +hexdumpf(const char *file, int line, const char *func, const CHAR16 *const fmt, + const void *data, unsigned long size, size_t at, ...) { - va_list ap; + elf_va_list ap; - va_start(ap, at); + elf_va_start(ap, at); vhexdumpf(file, line, func, fmt, data, size, at, ap); - va_end(ap); + elf_va_end(ap); } static inline void UNUSED diff --git a/include/system/alloca.h b/include/system/alloca.h new file mode 100644 index 00000000..dc11b60d --- /dev/null +++ b/include/system/alloca.h @@ -0,0 +1,10 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _ALLOCA_H +#define _ALLOCA_H + +#endif /* !_ALLOCA_H */ +#endif +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/ctype.h b/include/system/ctype.h new file mode 100644 index 00000000..c771bb69 --- /dev/null +++ b/include/system/ctype.h @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/* + * ctype.h - standard ctype functions + */ +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _CTYPE_H +#define _CTYPE_H + + +#endif /* !_CTYPE_H */ +#endif /* !SHIM_UNIT_TEST */ +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/inttypes.h b/include/system/inttypes.h new file mode 100644 index 00000000..a35b0090 --- /dev/null +++ b/include/system/inttypes.h @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _INTTYPES_H +#define _INTTYPES_H + +#include +#include + +#endif /* !INTTYPES_H_ */ +#endif +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/stdarg.h b/include/system/stdarg.h new file mode 100644 index 00000000..346b760d --- /dev/null +++ b/include/system/stdarg.h @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/* + * stdarg.h - try to make consistent va_* handling for EFI + */ +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _STDARG_H +#define _STDARG_H + +#include + +#endif /* !_STDARG_H */ +#endif +#ifndef SHIM_STDARG_H_ +#define SHIM_STDARG_H_ + +typedef __builtin_ms_va_list ms_va_list; +#define ms_va_copy(dest, start) __builtin_ms_va_copy(dest, start) +#define ms_va_start(marker, arg) __builtin_ms_va_start(marker, arg) +#define ms_va_arg(marker, type) __builtin_va_arg(marker, type) +#define ms_va_end(marker) __builtin_ms_va_end(marker) + +typedef __builtin_va_list elf_va_list; +#define elf_va_copy(dest, start) __builtin_va_copy(dest, start) +#define elf_va_start(marker, arg) __builtin_va_start(marker, arg) +#define elf_va_arg(marker, type) __builtin_va_arg(marker, type) +#define elf_va_end(marker) __builtin_va_end(marker) + +#endif /* !SHIM_STDARG_H_ */ +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/stdio.h b/include/system/stdio.h new file mode 100644 index 00000000..6ea60d71 --- /dev/null +++ b/include/system/stdio.h @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/* + * stdio.h - sigh + */ +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _STDIO_H +#define _STDIO_H + +#endif /* !_STDIO_H */ +#endif +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/stdlib.h b/include/system/stdlib.h new file mode 100644 index 00000000..f2660f63 --- /dev/null +++ b/include/system/stdlib.h @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _STDLIB_H +#define _STDLIB_H + +/* + * I don't know why, but openssl expects to get size_t from stdlib.h + * instead of stddef.h, so... whatever. + */ +#include + +#endif /* !_STDLIB_H */ +#endif +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/string.h b/include/system/string.h new file mode 100644 index 00000000..21e46c1d --- /dev/null +++ b/include/system/string.h @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _STRING_H +#define _STRING_H + +#include + +__typeof__(__builtin_memset) memset; +__typeof__(__builtin_memcpy) memcpy; + +#endif /* _STRING_H */ +#endif diff --git a/include/system/strings.h b/include/system/strings.h new file mode 100644 index 00000000..c82bd917 --- /dev/null +++ b/include/system/strings.h @@ -0,0 +1,10 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +#ifdef SHIM_UNIT_TEST +#include_next +#else +#ifndef _STRINGS_H +#define _STRINGS_H + +#endif /* !_STRINGS_H */ +#endif +// vim:fenc=utf-8:tw=75:noet diff --git a/include/test.h b/include/test.h index 6fc178ba..8a970fd2 100644 --- a/include/test.h +++ b/include/test.h @@ -11,13 +11,13 @@ #include #if defined(__aarch64__) -#include +#include #elif defined(__arm__) #include #elif defined(__i386__) || defined(__i486__) || defined(__i686__) #include #elif defined(__x86_64__) -#include +#include #else #error what arch is this #endif diff --git a/lib/Makefile b/lib/Makefile index d9188c74..63893c3e 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -2,9 +2,44 @@ TARGET = lib.a LIBFILES = $(foreach x,$(wildcard *.c),$(patsubst %.c,%.o,$(x))) +CRYPTDIR = $(TOPDIR)/Cryptlib + INCLUDES = $(EFI_INCLUDES) \ - -I$(TOPDIR)/../include \ - -I$(TOPDIR)/CryptLib/Include/openssl/ + -I$(TOPDIR)/include \ + -I$(CRYPTDIR)/Include/openssl/ \ + -I$(CRYPTDIR)/Include/ \ + -I$(CRYPTDIR) \ + -I$(TOPDIR) \ + -isystem $(TOPDIR)/include/system \ + -isystem $(shell $(CC) -print-file-name=include) + +CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) + +ifeq ($(ARCH),x86_64) +FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) +DEFINES += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ + -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 +endif +ifeq ($(ARCH),ia32) +FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) +DEFINES += -DMDE_CPU_IA32 +endif +ifeq ($(ARCH),aarch64) +DEFINES += -DMDE_CPU_AARCH64 +endif +ifeq ($(ARCH),arm) +DEFINES += -DMDE_CPU_ARM +endif + +LDFLAGS = -nostdlib -znocombreloc + + +CFLAGS = $(FEATUREFLAGS) \ + $(OPTIMIZATIONS) \ + $(WARNFLAGS) \ + $(WERRFLAGS) \ + $(INCLUDES) \ + $(DEFINES) lib.a: $(LIBFILES) $(AR) rcs lib.a $(LIBFILES) diff --git a/lib/configtable.c b/lib/configtable.c index 8675fad1..66e97f63 100644 --- a/lib/configtable.c +++ b/lib/configtable.c @@ -4,9 +4,6 @@ * * read some platform configuration tables */ -#include -#include - #include "shim.h" void * diff --git a/lib/console.c b/lib/console.c index ffa8ea5c..32c6d55d 100644 --- a/lib/console.c +++ b/lib/console.c @@ -3,11 +3,6 @@ * Copyright 2012 * Copyright 2013 Red Hat Inc. */ -#include -#include -#include -#include - #include "shim.h" static UINT8 console_text_mode = 0; @@ -88,27 +83,27 @@ VOID console_fini(VOID) setup_console(0); } -UINTN +UINTN EFIAPI console_print(const CHAR16 *fmt, ...) { - va_list args; + elf_va_list args; UINTN ret; if (!console_text_mode) setup_console(1); - va_start(args, fmt); + elf_va_start(args, fmt); ret = VPrint(fmt, args); - va_end(args); + elf_va_end(args); return ret; } -UINTN +UINTN EFIAPI console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) { SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; - va_list args; + elf_va_list args; UINTN ret; if (!console_text_mode) @@ -116,9 +111,9 @@ console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) co->SetCursorPosition(co, col, row); - va_start(args, fmt); + elf_va_start(args, fmt); ret = VPrint(fmt, args); - va_end(args); + elf_va_end(args); return ret; } diff --git a/lib/execute.c b/lib/execute.c index f57a6321..642f94a3 100644 --- a/lib/execute.c +++ b/lib/execute.c @@ -3,10 +3,6 @@ * Copyright 2012 * Code Copyright 2012 Red Hat, Inc */ - -#include -#include - #include "shim.h" EFI_STATUS diff --git a/lib/print_crypto.c b/lib/print_crypto.c index 39dfd2c0..ccdb65b1 100644 --- a/lib/print_crypto.c +++ b/lib/print_crypto.c @@ -2,11 +2,6 @@ /* * Copyright 2019 SUSE LLC */ - -#include -#include -#include - #include "shim.h" #include diff --git a/lib/security_policy.c b/lib/security_policy.c index 6a9b13ed..6c42cc14 100644 --- a/lib/security_policy.c +++ b/lib/security_policy.c @@ -4,10 +4,6 @@ * * Install and remove a platform security2 override policy */ - -#include -#include - #include "shim.h" #if defined(OVERRIDE_SECURITY_POLICY) diff --git a/lib/shell.c b/lib/shell.c index 87f279d6..146d9a21 100644 --- a/lib/shell.c +++ b/lib/shell.c @@ -4,9 +4,6 @@ * * misc shell helper functions */ -#include -#include - #include "shim.h" EFI_STATUS diff --git a/lib/simple_file.c b/lib/simple_file.c index e6544709..5fd3e1a6 100644 --- a/lib/simple_file.c +++ b/lib/simple_file.c @@ -2,10 +2,6 @@ /* * Copyright 2012 */ - -#include -#include - #include "shim.h" EFI_STATUS diff --git a/lib/variables.c b/lib/variables.c index 6db069ef..57875e26 100644 --- a/lib/variables.c +++ b/lib/variables.c @@ -10,9 +10,6 @@ * Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.
* */ -#include -#include - #include "shim.h" EFI_STATUS diff --git a/mok.c b/mok.c index ac0276ec..6bd506be 100644 --- a/mok.c +++ b/mok.c @@ -6,10 +6,6 @@ #include "shim.h" -#include - -#include "hexdump.h" - /* * Check if a variable exists */ diff --git a/netboot.c b/netboot.c index 25a6df7f..450e9def 100644 --- a/netboot.c +++ b/netboot.c @@ -13,8 +13,6 @@ #include "shim.h" -#include - #define ntohs(x) __builtin_bswap16(x) /* supported both by GCC and clang */ #define htons(x) ntohs(x) diff --git a/pe.c b/pe.c index 45dd4714..73b05a51 100644 --- a/pe.c +++ b/pe.c @@ -5,7 +5,6 @@ */ #include "shim.h" -#include "hexdump.h" #include #include diff --git a/replacements.c b/replacements.c index 69dbd5a2..278a8e78 100644 --- a/replacements.c +++ b/replacements.c @@ -18,11 +18,6 @@ * National Security Policy and Scientific Developments, November 20, * 1969. */ - -#include -#include -#include - #include "shim.h" static EFI_SYSTEM_TABLE *systab; diff --git a/sbat.c b/sbat.c index f46bb8ab..d8750962 100644 --- a/sbat.c +++ b/sbat.c @@ -4,7 +4,6 @@ */ #include "shim.h" -#include "string.h" EFI_STATUS parse_sbat_section(char *section_base, size_t section_size, diff --git a/shim.c b/shim.c index 32bc3e81..6f627b1f 100644 --- a/shim.c +++ b/shim.c @@ -12,7 +12,6 @@ */ #include "shim.h" -#include "hexdump.h" #if defined(ENABLE_SHIM_CERT) #include "shim_cert.h" #endif /* defined(ENABLE_SHIM_CERT) */ diff --git a/shim.h b/shim.h index d28e16b7..61dafa82 100644 --- a/shim.h +++ b/shim.h @@ -26,6 +26,14 @@ #endif #endif +#include +#include +#include +#include +#include +#include +#include + #ifndef SHIM_UNIT_TEST #include #include @@ -34,9 +42,6 @@ #include #endif -#include -#include - #ifdef SHIM_UNIT_TEST #include "include/test.h" #endif @@ -158,9 +163,14 @@ #include "include/tpm.h" #include "include/ucs2.h" #include "include/variables.h" +#include "include/hexdump.h" #include "version.h" +#ifndef SHIM_UNIT_TEST +#include "Cryptlib/Include/OpenSslSupport.h" +#endif + INTERFACE_DECL(_SHIM_LOCK); typedef @@ -196,9 +206,12 @@ typedef struct _SHIM_LOCK { extern EFI_STATUS shim_init(void); extern void shim_fini(void); -extern EFI_STATUS LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...); -extern EFI_STATUS VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, va_list args); -extern VOID LogHexdump_(const char *file, int line, const char *func, const void *data, size_t sz); +extern EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func, + const CHAR16 *fmt, ...); +extern EFI_STATUS EFIAPI VLogError(const char *file, int line, const char *func, + const CHAR16 *fmt, elf_va_list args); +extern VOID LogHexdump_(const char *file, int line, const char *func, + const void *data, size_t sz); extern VOID PrintErrors(VOID); extern VOID ClearErrors(VOID); extern VOID restore_loaded_image(VOID); diff --git a/test.c b/test.c index b21e2191..aa0da1fd 100644 --- a/test.c +++ b/test.c @@ -12,7 +12,8 @@ UINT8 in_protocol = 0; int debug = DEFAULT_DEBUG_PRINT_STATE; -EFI_STATUS LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...) +EFI_STATUS EFIAPI +LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...) { assert(0); return EFI_SUCCESS; diff --git a/tpm.c b/tpm.c index e1fcb8be..808e0444 100644 --- a/tpm.c +++ b/tpm.c @@ -1,10 +1,4 @@ // SPDX-License-Identifier: BSD-2-Clause-Patent - -#include -#include -#include -#include - #include "shim.h" typedef struct { -- cgit v1.2.3 From 78809820b5a3f79a0bfbec00e630e40011acf4ec Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 9 Mar 2021 12:16:23 -0500 Subject: Fix Cryptlib's va_* definitions. Some time ago, commit e571428e212 ("Update to openssl to 1.0.2e") changed the way we define the va_* (and VA_*) functions and macros. Unfortunately, it only changed for some parts of the tree, and the different parts of the tree need to both call each other and use the same types in all cases. Additionally, they need to all be able to call gnu-efi functions such as VPrint, which means they need the same va_list type definitions everywhere. This partially reverts that patch, adding EFIAPI back and unsetting NO_BUILTIN_VA_FUNCS everywhere. --- Cryptlib/Include/openssl/bio.h | 9 +++++---- Cryptlib/Include/openssl/err.h | 4 ++-- Cryptlib/OpenSSL/crypto/bio/b_print.c | 8 ++++---- Cryptlib/OpenSSL/crypto/cryptlib.c | 4 ++-- Cryptlib/OpenSSL/crypto/cryptlib.h | 2 +- Cryptlib/OpenSSL/crypto/err/err.c | 4 ++-- Make.defaults | 2 +- 7 files changed, 17 insertions(+), 16 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/Include/openssl/bio.h b/Cryptlib/Include/openssl/bio.h index 8f2438cd..2efa873d 100644 --- a/Cryptlib/Include/openssl/bio.h +++ b/Cryptlib/Include/openssl/bio.h @@ -59,6 +59,7 @@ #ifndef HEADER_BIO_H # define HEADER_BIO_H +# include # include # ifndef OPENSSL_NO_FP_API @@ -791,13 +792,13 @@ void BIO_copy_next_retry(BIO *b); # else # define __bio_h__attr__(x) # endif -int BIO_printf(BIO *bio, const char *format, ...) +int EFIAPI BIO_printf(BIO *bio, const char *format, ...) __bio_h__attr__((__format__(__printf__, 2, 3))); -int BIO_vprintf(BIO *bio, const char *format, va_list args) +int EFIAPI BIO_vprintf(BIO *bio, const char *format, va_list args) __bio_h__attr__((__format__(__printf__, 2, 0))); -int BIO_snprintf(char *buf, size_t n, const char *format, ...) +int EFIAPI BIO_snprintf(char *buf, size_t n, const char *format, ...) __bio_h__attr__((__format__(__printf__, 3, 4))); -int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +int EFIAPI BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) __bio_h__attr__((__format__(__printf__, 3, 0))); # undef __bio_h__attr__ diff --git a/Cryptlib/Include/openssl/err.h b/Cryptlib/Include/openssl/err.h index 04c6cfc6..32da8c37 100644 --- a/Cryptlib/Include/openssl/err.h +++ b/Cryptlib/Include/openssl/err.h @@ -344,8 +344,8 @@ void ERR_print_errors_fp(FILE *fp); # ifndef OPENSSL_NO_BIO void ERR_print_errors(BIO *bp); # endif -void ERR_add_error_data(int num, ...); -void ERR_add_error_vdata(int num, va_list args); +void EFIAPI ERR_add_error_data(int num, ...); +void EFIAPI ERR_add_error_vdata(int num, va_list args); void ERR_load_strings(int lib, ERR_STRING_DATA str[]); void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); void ERR_load_ERR_strings(void); diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c index 2d303ee8..34c8fca7 100644 --- a/Cryptlib/OpenSSL/crypto/bio/b_print.c +++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c @@ -797,7 +797,7 @@ doapr_outch(char **sbuffer, /***************************************************************************/ -int BIO_printf(BIO *bio, const char *format, ...) +int EFIAPI BIO_printf(BIO *bio, const char *format, ...) { va_list args; int ret; @@ -810,7 +810,7 @@ int BIO_printf(BIO *bio, const char *format, ...) return (ret); } -int BIO_vprintf(BIO *bio, const char *format, va_list args) +int EFIAPI BIO_vprintf(BIO *bio, const char *format, va_list args) { int ret; size_t retlen; @@ -845,7 +845,7 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args) * closely related to BIO_printf, and we need *some* name prefix ... (XXX the * function should be renamed, but to what?) */ -int BIO_snprintf(char *buf, size_t n, const char *format, ...) +int EFIAPI BIO_snprintf(char *buf, size_t n, const char *format, ...) { va_list args; int ret; @@ -858,7 +858,7 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...) return (ret); } -int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +int EFIAPI BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) { size_t retlen; int truncated; diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c index da4b34dc..23f58fa9 100644 --- a/Cryptlib/OpenSSL/crypto/cryptlib.c +++ b/Cryptlib/OpenSSL/crypto/cryptlib.c @@ -866,7 +866,7 @@ int OPENSSL_isservice(void) } # endif -void OPENSSL_showfatal(const char *fmta, ...) +void EFIAPI OPENSSL_showfatal(const char *fmta, ...) { va_list ap; TCHAR buf[256]; @@ -979,7 +979,7 @@ void OPENSSL_showfatal(const char *fmta, ...) MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR); } #else -void OPENSSL_showfatal(const char *fmta, ...) +void EFIAPI OPENSSL_showfatal(const char *fmta, ...) { #ifndef OPENSSL_NO_STDIO va_list ap; diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.h b/Cryptlib/OpenSSL/crypto/cryptlib.h index 3e3ea5e3..2bce19ff 100644 --- a/Cryptlib/OpenSSL/crypto/cryptlib.h +++ b/Cryptlib/OpenSSL/crypto/cryptlib.h @@ -100,7 +100,7 @@ extern "C" { void OPENSSL_cpuid_setup(void); extern unsigned int OPENSSL_ia32cap_P[]; -void OPENSSL_showfatal(const char *fmta, ...); +void EFIAPI OPENSSL_showfatal(const char *fmta, ...); #ifndef OPENSSL_NO_STDIO void *OPENSSL_stderr(void); #endif diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c index 52dc9a5d..d0752adf 100644 --- a/Cryptlib/OpenSSL/crypto/err/err.c +++ b/Cryptlib/OpenSSL/crypto/err/err.c @@ -1075,7 +1075,7 @@ void ERR_set_error_data(char *data, int flags) es->err_data_flags[i] = flags; } -void ERR_add_error_data(int num, ...) +void EFIAPI ERR_add_error_data(int num, ...) { va_list args; va_start(args, num); @@ -1083,7 +1083,7 @@ void ERR_add_error_data(int num, ...) va_end(args); } -void ERR_add_error_vdata(int num, va_list args) +void EFIAPI ERR_add_error_vdata(int num, va_list args) { int i, n, s; char *str, *p, *a; diff --git a/Make.defaults b/Make.defaults index ebb9e3c3..50164ae8 100644 --- a/Make.defaults +++ b/Make.defaults @@ -54,7 +54,7 @@ ifeq ($(ARCH),x86_64) ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \ $(CLANG_BUGS) -m64 \ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 \ + -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 \ -DPAGE_SIZE=4096 ARCH_GNUEFI ?= x86_64 ARCH_SUFFIX ?= x64 -- cgit v1.2.3 From 766aac4d5cfbe76026be5ce718b0883ee211f323 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 9 Mar 2021 11:54:58 -0500 Subject: Consolidate most of our standard lib functions to lib Signed-off-by: Peter Jones --- Cryptlib/Include/OpenSslSupport.h | 23 +--- Cryptlib/Makefile | 3 +- Cryptlib/SysCall/BaseStrings.c | 34 +----- Cryptlib/SysCall/CrtWrapper.c | 82 ------------- Cryptlib/SysCall/memset.c | 40 ------- Makefile | 4 +- csv.c | 4 +- gnu-efi | 2 +- httpboot.c | 14 +-- include/compiler.h | 5 + include/endian.h | 19 +++ include/hexdump.h | 2 - include/str.h | 118 +----------------- include/system/alloca.h | 6 + include/system/builtins_begin_.h | 94 +++++++++++++++ include/system/builtins_end_.h | 28 +++++ include/system/ctype.h | 73 +++++++++++- include/system/stdlib.h | 12 ++ include/system/string.h | 51 +++++++- include/system/strings.h | 9 ++ lib/string.c | 245 ++++++++++++++++++++++++++++++++++++++ mok.c | 2 +- netboot.c | 8 +- sbat.c | 4 +- shim.h | 2 + 25 files changed, 566 insertions(+), 318 deletions(-) delete mode 100644 Cryptlib/SysCall/memset.c create mode 100644 include/endian.h create mode 100644 include/system/builtins_begin_.h create mode 100644 include/system/builtins_end_.h create mode 100644 lib/string.c (limited to 'Cryptlib') diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index 7af9650f..6bb7ba64 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -288,34 +288,21 @@ extern int errno; void *malloc (size_t); void *realloc (void *, size_t); void free (void *); -int isdigit (int); -int isspace (int); -int tolower (int); -int isupper (int); -int isxdigit (int); -int isalnum (int); void *memcpy (void *, const void *, size_t); void *memset (void *, int, size_t); void *memchr (const void *, int, size_t); int memcmp (const void *, const void *, size_t); void *memmove (void *, const void *, size_t); -int strcmp (const char *, const char *); -int strncmp (const char *, const char *, size_t); char *strcpy (char *, const char *); char *strncpy (char *, const char *, size_t); -size_t strlen (const char *); char *strcat (char *, const char *); char *strchr (const char *, int); int strcasecmp (const char *, const char *); int strncasecmp (const char *, const char *, size_t); char *strncpy (char *, const char *, size_t); -int strncmp (const char *, const char *, size_t); -char *strrchr (const char *, int); unsigned long strtoul (const char *, char **, int); long strtol (const char *, char **, int); char *strerror (int); -size_t strspn (const char *, const char *); -size_t strcspn (const char *, const char *); int printf (const char *, ...); int sscanf (const char *, const char *, ...); int open (const char *, int, ...); @@ -351,7 +338,6 @@ gid_t getegid (void); void qsort (void *, size_t, size_t, int (*)(const void *, const void *)); char *getenv (const char *); void exit (int); -void abort (void); __sighandler_t *signal (int, __sighandler_t *); // @@ -361,7 +347,7 @@ extern FILE *stderr; extern FILE *stdin; extern FILE *stdout; -#define AsciiStrLen(x) strlena(x) +#define AsciiStrLen(x) strlen(x) #define AsciiStrnCmp(s1, s2, len) strncmpa((CHAR8 *)s1, (CHAR8 *)s2, len) // @@ -372,17 +358,10 @@ extern FILE *stdout; #define memchr(buf,ch,count) ScanMem8((CHAR8 *)buf,(UINTN)(count),ch) #define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count))) #define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count)) -#define strlen(str) (size_t)(AsciiStrLen((CHAR8 *)str)) -#define strcpy(strDest,strSource) AsciiStrCpy((CHAR8 *)strDest,(const CHAR8 *)strSource) -#define strncpy(strDest,strSource,count) AsciiStrnCpy((CHAR8 *)strDest,(const CHAR8 *)strSource,(UINTN)count) -#define strcat(strDest,strSource) AsciiStrCat((CHAR8 *)strDest,(const CHAR8 *)strSource) -#define strchr(str,ch) (char *)(ScanMem8((CHAR8 *)str,AsciiStrSize((CHAR8 *)str),ch)) -#define strncmp(string1,string2,count) (int)(AsciiStrnCmp((const CHAR8 *)string1, (const CHAR8 *)string2,(UINTN)(count))) #define localtime(timer) NULL #define assert(expression) #define atoi(nptr) AsciiStrDecimalToUintn((const CHAR8 *)nptr) #define gettimeofday(tvp,tz) do { (tvp)->tv_sec = time(NULL); (tvp)->tv_usec = 0; } while (0) #define gmtime_r(timer,result) (result = NULL) -#define abort() #endif diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 65a3918c..27614618 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -63,8 +63,7 @@ OBJS = Hash/CryptMd4Null.o \ SysCall/CrtWrapper.o \ SysCall/TimerWrapper.o \ SysCall/BaseMemAllocation.o \ - SysCall/BaseStrings.o \ - SysCall/memset.o + SysCall/BaseStrings.o all: $(TARGET) diff --git a/Cryptlib/SysCall/BaseStrings.c b/Cryptlib/SysCall/BaseStrings.c index c4b3e18e..29a16100 100644 --- a/Cryptlib/SysCall/BaseStrings.c +++ b/Cryptlib/SysCall/BaseStrings.c @@ -3,7 +3,7 @@ CHAR8 * AsciiStrCat(CHAR8 *Destination, const CHAR8 *Source) { - UINTN dest_len = strlena((CHAR8 *)Destination); + UINTN dest_len = strlen((CHAR8 *)Destination); UINTN i; for (i = 0; Source[i] != '\0'; i++) @@ -61,37 +61,7 @@ WriteUnaligned32(UINT32 *Buffer, UINT32 Value) UINTN AsciiStrSize(const CHAR8 *string) { - return strlena(string) + 1; -} - -int -strcmp (const char *str1, const char *str2) -{ - return strcmpa((CHAR8 *)str1,(CHAR8 *)str2); -} - -inline static char -toupper (char c) -{ - return ((c >= 'a' && c <= 'z') ? c - ('a' - 'A') : c); -} - -/* Based on AsciiStriCmp() in edk2 MdePkg/Library/BaseLib/String.c */ -int -strcasecmp (const char *str1, const char *str2) -{ - char c1, c2; - - c1 = toupper (*str1); - c2 = toupper (*str2); - while ((*str1 != '\0') && (c1 == c2)) { - str1++; - str2++; - c1 = toupper (*str1); - c2 = toupper (*str2); - } - - return c1 - c2; + return strlen(string) + 1; } /* Based on AsciiStrDecimalToUintnS() in edk2 diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c index 698e1eef..4bdaede9 100644 --- a/Cryptlib/SysCall/CrtWrapper.c +++ b/Cryptlib/SysCall/CrtWrapper.c @@ -121,21 +121,6 @@ QuickSortWorker ( // -- String Manipulation Routines -- // -/* Scan a string for the last occurrence of a character */ -char *strrchr (const char *str, int c) -{ - char * save; - - for (save = NULL; ; ++str) { - if (*str == c) { - save = (char *)str; - } - if (*str == 0) { - return (save); - } - } -} - /* Read formatted data from a string */ int sscanf (const char *buffer, const char *format, ...) { @@ -146,59 +131,6 @@ int sscanf (const char *buffer, const char *format, ...) return 0; } -// -// -- Character Classification Routines -- -// - -/* Determines if a particular character is a decimal-digit character */ -int isdigit (int c) -{ - // - // ::= [0-9] - // - return (('0' <= (c)) && ((c) <= '9')); -} - -/* Determine if an integer represents character that is a hex digit */ -int isxdigit (int c) -{ - // - // ::= [0-9] | [a-f] | [A-F] - // - return ((('0' <= (c)) && ((c) <= '9')) || - (('a' <= (c)) && ((c) <= 'f')) || - (('A' <= (c)) && ((c) <= 'F'))); -} - -/* Determines if a particular character represents a space character */ -int isspace (int c) -{ - // - // ::= [ ] - // - return ((c) == ' '); -} - -/* Determine if a particular character is an alphanumeric character */ -int isalnum (int c) -{ - // - // ::= [0-9] | [a-z] | [A-Z] - // - return ((('0' <= (c)) && ((c) <= '9')) || - (('a' <= (c)) && ((c) <= 'z')) || - (('A' <= (c)) && ((c) <= 'Z'))); -} - -/* Determines if a particular character is in upper case */ -int isupper (int c) -{ - // - // := [A-Z] - // - return (('A' <= (c)) && ((c) <= 'Z')); -} - // // -- Data Conversion Routines -- // @@ -223,15 +155,6 @@ unsigned long strtoul (const char *nptr, char **endptr, int base) return 0; } -/* Convert character to lowercase */ -int tolower (int c) -{ - if (('A' <= (c)) && ((c) <= 'Z')) { - return (c - ('A' - 'a')); - } - return (c); -} - // // -- Searching and Sorting Routines -- // @@ -424,11 +347,6 @@ int stat (const char *c, struct stat *s) return -1; } -int strncasecmp (const char *c, const char *s, size_t l) -{ - return 0; -} - void syslog (int a, const char *c, ...) { diff --git a/Cryptlib/SysCall/memset.c b/Cryptlib/SysCall/memset.c deleted file mode 100644 index 76deed68..00000000 --- a/Cryptlib/SysCall/memset.c +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2016 SUSE LINUX GmbH - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the - * distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include - -typedef UINTN size_t; - -void * -memset (void *dest, int ch, size_t count) -{ - SetMem(dest, count, (UINT8)(ch)); - return dest; -} diff --git a/Makefile b/Makefile index 6a62e00a..7c0fbb11 100644 --- a/Makefile +++ b/Makefile @@ -116,12 +116,12 @@ LIBS = Cryptlib/libcryptlib.a \ gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a $(SHIMSONAME): $(OBJS) $(LIBS) - $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a fallback.o: $(FALLBACK_SRCS) $(FBSONAME): $(FALLBACK_OBJS) $(LIBS) - $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a MokManager.o: $(MOK_SOURCES) diff --git a/csv.c b/csv.c index 3c821414..d141f035 100644 --- a/csv.c +++ b/csv.c @@ -21,8 +21,8 @@ parse_csv_line(char * line, size_t max, size_t *n_columns, const char *columns[] valid = strntoken(next, max, delims, &token, &state); } if (valid) { - next += strlena(token) + 1; - max -= strlena(token) + 1; + next += strlen(token) + 1; + max -= strlen(token) + 1; columns[n] = token; new_n = n + 1; } else { diff --git a/gnu-efi b/gnu-efi index 9aa86c75..d7e183a3 160000 --- a/gnu-efi +++ b/gnu-efi @@ -1 +1 @@ -Subproject commit 9aa86c7526a4adc363afe6847bc3a4c8efe6df84 +Subproject commit d7e183a351d1a81efb2402e5148a4a69fc170365 diff --git a/httpboot.c b/httpboot.c index fe08f3f7..93d88931 100644 --- a/httpboot.c +++ b/httpboot.c @@ -130,7 +130,7 @@ find_httpboot (EFI_HANDLE device) /* Save the current URI */ UriNode = (URI_DEVICE_PATH *)Node; - uri_size = strlena(UriNode->Uri); + uri_size = strlen(UriNode->Uri); uri = AllocatePool(uri_size + 1); if (!uri) { perror(L"Failed to allocate uri\n"); @@ -156,10 +156,10 @@ generate_next_uri (CONST CHAR8 *current_uri, CONST CHAR8 *next_loader, UINTN path_len = 0; UINTN count = 0; - if (strncmpa(current_uri, (CHAR8 *)"http://", 7) == 0) { + if (strncmp(current_uri, (CHAR8 *)"http://", 7) == 0) { ptr = current_uri + 7; count += 7; - } else if (strncmpa(current_uri, (CHAR8 *)"https://", 8) == 0) { + } else if (strncmp(current_uri, (CHAR8 *)"https://", 8) == 0) { ptr = current_uri + 8; count += 8; } else { @@ -167,7 +167,7 @@ generate_next_uri (CONST CHAR8 *current_uri, CONST CHAR8 *next_loader, } /* Extract the path */ - next_len = strlena(next_loader); + next_len = strlen(next_loader); while (*ptr != '\0') { count++; if (*ptr == '/') @@ -192,9 +192,9 @@ extract_hostname (CONST CHAR8 *url, CHAR8 **hostname) CONST CHAR8 *ptr, *start; UINTN host_len = 0; - if (strncmpa(url, (CHAR8 *)"http://", 7) == 0) + if (strncmp(url, (CHAR8 *)"http://", 7) == 0) start = url + 7; - else if (strncmpa(url, (CHAR8 *)"https://", 8) == 0) + else if (strncmp(url, (CHAR8 *)"https://", 8) == 0) start = url + 8; else return EFI_INVALID_PARAMETER; @@ -571,7 +571,7 @@ receive_http_response(EFI_HTTP_PROTOCOL *http, VOID **buffer, UINT64 *buf_size) /* Check the length of the file */ for (i = 0; i < rx_message.HeaderCount; i++) { - if (!strcmpa(rx_message.Headers[i].FieldName, (CHAR8 *)"Content-Length")) { + if (!strcmp(rx_message.Headers[i].FieldName, (CHAR8 *)"Content-Length")) { *buf_size = ascii_to_int(rx_message.Headers[i].FieldValue); } } diff --git a/include/compiler.h b/include/compiler.h index 3cabd09c..40358a11 100644 --- a/include/compiler.h +++ b/include/compiler.h @@ -179,5 +179,10 @@ #define MIN(a, b) ({(a) < (b) ? (a) : (b);}) #define MAX(a, b) ({(a) <= (b) ? (b) : (a);}) +/** + * Builtins that don't go in string.h + */ +#define unreachable() __builtin_unreachable() + #endif /* !COMPILER_H_ */ // vim:fenc=utf-8:tw=75:et diff --git a/include/endian.h b/include/endian.h new file mode 100644 index 00000000..267fbf00 --- /dev/null +++ b/include/endian.h @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/* + * endian.h - bswap decls that can't go in compiler.h + * Copyright Peter Jones + */ + +#ifndef ENDIAN_H_ +#define ENDIAN_H_ + +#include + +#include "system/builtins_begin_.h" +mkbi1_(uint16_t, bswap16, uint16_t, x) +mkbi1_(uint32_t, bswap32, uint32_t, x) +mkbi1_(uint64_t, bswap64, uint64_t, x) +#include "system/builtins_end_.h" + +#endif /* !ENDIAN_H_ */ +// vim:fenc=utf-8:tw=75:noet diff --git a/include/hexdump.h b/include/hexdump.h index 36d77ec4..a6aa2bfa 100644 --- a/include/hexdump.h +++ b/include/hexdump.h @@ -48,8 +48,6 @@ prepare_hex(const void *data, size_t size, char *buf, unsigned int position) return ret; } -#define isprint(c) ((c) >= 0x20 && (c) <= 0x7e) - static inline void UNUSED prepare_text(const void *data, size_t size, char *buf, unsigned int position) { diff --git a/include/str.h b/include/str.h index c4d12113..189aceff 100644 --- a/include/str.h +++ b/include/str.h @@ -9,122 +9,8 @@ #pragma GCC diagnostic ignored "-Wnonnull-compare" #endif -static inline UNUSED NONNULL(1) unsigned long -strnlena(const CHAR8 *s, unsigned long n) -{ - unsigned long i; - for (i = 0; i < n; i++) - if (s[i] == '\0') - break; - return i; -} - -static inline UNUSED RETURNS_NONNULL NONNULL(1, 2) CHAR8 * -strncpya(CHAR8 *dest, const CHAR8 *src, unsigned long n) -{ - unsigned long i; - - for (i = 0; i < n && src[i] != '\0'; i++) - dest[i] = src[i]; - for (; i < n; i++) - dest[i] = '\0'; - - return dest; -} - -static inline UNUSED RETURNS_NONNULL NONNULL(1, 2) CHAR8 * -strcata(CHAR8 *dest, const CHAR8 *src) -{ - unsigned long dest_len = strlena(dest); - unsigned long i; - - for (i = 0; src[i] != '\0'; i++) - dest[dest_len + i] = src[i]; - dest[dest_len + i] = '\0'; - - return dest; -} - -static inline UNUSED NONNULL(1) CHAR8 * -strdup(const CHAR8 * const src) -{ - UINTN len; - CHAR8 *news = NULL; - - len = strlena(src); - news = AllocateZeroPool(len + 1); - if (news) - strncpya(news, src, len); - return news; -} - -static inline UNUSED NONNULL(1) CHAR8 * -strndupa(const CHAR8 * const src, const UINTN srcmax) -{ - UINTN len; - CHAR8 *news = NULL; - - len = strnlena(src, srcmax); - news = AllocateZeroPool(len + 1); - if (news) - strncpya(news, src, len); - return news; -} - -static inline UNUSED RETURNS_NONNULL NONNULL(1, 2) char * -stpcpy(char *dest, const char * const src) -{ - size_t i = 0; - for (i = 0; src[i]; i++) - dest[i] = src[i]; - dest[i] = '\000'; - return &dest[i]; -} - -static inline UNUSED CHAR8 * -translate_slashes(CHAR8 *out, const char *str) -{ - int i; - int j; - if (str == NULL || out == NULL) - return NULL; - - for (i = 0, j = 0; str[i] != '\0'; i++, j++) { - if (str[i] == '\\') { - out[j] = '/'; - if (str[i+1] == '\\') - i++; - } else - out[j] = str[i]; - } - out[j] = '\0'; - return out; -} - -static inline UNUSED RETURNS_NONNULL NONNULL(1) CHAR8 * -strchrnula(const CHAR8 *s, int c) -{ - unsigned int i; - - for (i = 0; s[i] != '\000' && s[i] != c; i++) - ; - - return (CHAR8 *)&s[i]; -} - -static inline UNUSED NONNULL(1) CHAR8 * -strchra(const CHAR8 *s, int c) -{ - const CHAR8 *s1; - - s1 = strchrnula(s, c); - if (!s1 || s1[0] == '\000') - return NULL; - - return (CHAR8 *)s1; -} - -static inline UNUSED RETURNS_NONNULL NONNULL(1) char * +static inline UNUSED RETURNS_NONNULL NONNULL(1) +char * strnchrnul(const char *s, size_t max, int c) { unsigned int i; diff --git a/include/system/alloca.h b/include/system/alloca.h index dc11b60d..a9d1aab1 100644 --- a/include/system/alloca.h +++ b/include/system/alloca.h @@ -5,6 +5,12 @@ #ifndef _ALLOCA_H #define _ALLOCA_H +#include +mkbi1_(void *, alloca, size_t, size) +#define alloca_with_align(size, alignment) __builtin_alloca_with_align(size, alignment) +#define alloca_with_align_and_max(size, alignment, max) __builtin_alloca_with_align_and_max(size, alignment, max) +#include + #endif /* !_ALLOCA_H */ #endif // vim:fenc=utf-8:tw=75:noet diff --git a/include/system/builtins_begin_.h b/include/system/builtins_begin_.h new file mode 100644 index 00000000..92ea5e3a --- /dev/null +++ b/include/system/builtins_begin_.h @@ -0,0 +1,94 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/** + * macros to build builtin wrappers + */ +#ifndef mkbi_cat_ +#define mkbi_cat_(a, b) a##b +#endif +#ifdef SHIM_STRING_C_ + +#ifndef mkbi1_ +#define mkbi1_(rtype, x, typea, a) __typeof__(mkbi_cat_(__builtin_, x)) x; +#endif +#ifndef mkbi2_ +#define mkbi2_(rtype, x, typea, a, typeb, b) __typeof__(mkbi_cat_(__builtin_, x)) x; +#endif + +#ifndef mkbi3_ +#define mkbi3_(rtype, x, typea, a, typeb, b, typec, c) __typeof__(mkbi_cat_(__builtin_, x)) x; +#endif + +#ifndef mkdepbi1_ +#define mkdepbi1_(rtype, x, typea, a) __typeof__(mkbi_cat_(__builtin_, x)) x; +#endif + +#ifndef mkdepbi2_ +#define mkdepbi2_(rtype, x, typea, a, typeb, b) __typeof__(mkbi_cat_(__builtin_, x)) x; +#endif + +#else /* ! SHIM_STRING_C_ */ + +#ifndef mkbi1_ +#define mkbi1_(rtype, x, typea, a) \ + static inline __attribute__((__unused__)) \ + rtype \ + x(typea a) \ + { \ + return mkbi_cat_(__builtin_, x)(a); \ + } +#endif + +#ifndef mkbi2_ +#define mkbi2_(rtype, x, typea, a, typeb, b) \ + static inline __attribute__((__unused__)) \ + rtype \ + x(typea a, typeb b) \ + { \ + return mkbi_cat_(__builtin_, x)(a, b); \ + } +#endif + +#ifndef mkbi3_ +#define mkbi3_(rtype, x, typea, a, typeb, b, typec, c) \ + static inline __attribute__((__unused__)) \ + rtype \ + x(typea a, typeb b, typec c) \ + { \ + return mkbi_cat_(__builtin_, x)(a, b,c); \ + } +#endif + +#ifdef SHIM_DEPRECATE_STRLEN +#ifndef mkdepbi_dep_ +#define mkdepbi_dep_ __attribute__((__deprecated__)) +#endif +#else /* !SHIM_DEPRECATE_STRLEN */ +#ifndef mkdepbi_dep_ +#define mkdepbi_dep_ +#endif +#endif /* SHIM_DEPRECATE_STRLEN */ + +#ifndef mkdepbi1_ +#define mkdepbi1_(rtype, x, typea, a) \ + static inline __attribute__((__unused__)) \ + mkdepbi_dep_ \ + rtype \ + x(typea a) \ + { \ + return mkbi_cat_(__builtin_, x)(a); \ + } +#endif + +#ifndef mkdepbi2_ +#define mkdepbi2_(rtype, x, typea, a, typeb, b) \ + static inline __attribute__((__unused__)) \ + mkdepbi_dep_ \ + rtype \ + x(typea a, typeb b) \ + { \ + return mkbi_cat_(__builtin_, x)(a, b); \ + } +#endif +#endif /* SHIM_STRING_C_ */ + +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/builtins_end_.h b/include/system/builtins_end_.h new file mode 100644 index 00000000..0a6ad60a --- /dev/null +++ b/include/system/builtins_end_.h @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent + +#ifdef mkbi1_ +#undef mkbi1_ +#endif +#ifdef mkbi2_ +#undef mkbi2_ +#endif +#ifdef mkbi3_ +#undef mkbi3_ +#endif +#ifdef mkdepbi1_ +#undef mkdepbi1_ +#endif +#ifdef mkdepbi2_ +#undef mkdepbi2_ +#endif +#ifdef mkdepbi_dep_ +#undef mkdepbi_dep_ +#endif +#ifdef mkbi_cat_ +#undef mkbi_cat_ +#endif + +#ifdef _BUILTINS_BEGIN__H +#undef _BUILTINS_BEGIN__H +#endif +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/ctype.h b/include/system/ctype.h index c771bb69..65e7348f 100644 --- a/include/system/ctype.h +++ b/include/system/ctype.h @@ -3,11 +3,82 @@ * ctype.h - standard ctype functions */ #ifdef SHIM_UNIT_TEST -#include_next +#include_next #else #ifndef _CTYPE_H #define _CTYPE_H +#define isprint(c) ((c) >= 0x20 && (c) <= 0x7e) + +/* Determines if a particular character is a decimal-digit character */ +static inline __attribute__((__unused__)) int +isdigit(int c) +{ + // + // ::= [0-9] + // + return (('0' <= (c)) && ((c) <= '9')); +} + +/* Determine if an integer represents character that is a hex digit */ +static inline __attribute__((__unused__)) int +isxdigit(int c) +{ + // + // ::= [0-9] | [a-f] | [A-F] + // + return ((('0' <= (c)) && ((c) <= '9')) || + (('a' <= (c)) && ((c) <= 'f')) || + (('A' <= (c)) && ((c) <= 'F'))); +} + +/* Determines if a particular character represents a space character */ +static inline __attribute__((__unused__)) int +isspace(int c) +{ + // + // ::= [ ] + // + return ((c) == ' '); +} + +/* Determine if a particular character is an alphanumeric character */ +static inline __attribute__((__unused__)) int +isalnum(int c) +{ + // + // ::= [0-9] | [a-z] | [A-Z] + // + return ((('0' <= (c)) && ((c) <= '9')) || + (('a' <= (c)) && ((c) <= 'z')) || + (('A' <= (c)) && ((c) <= 'Z'))); +} + +/* Determines if a particular character is in upper case */ +static inline __attribute__((__unused__)) int +isupper(int c) +{ + // + // := [A-Z] + // + return (('A' <= (c)) && ((c) <= 'Z')); +} + +/* Convert character to lowercase */ +static inline __attribute__((__unused__)) int +tolower(int c) +{ + if (('A' <= (c)) && ((c) <= 'Z')) { + return (c - ('A' - 'a')); + } + return (c); +} + +static inline __attribute__((__unused__)) int +toupper(int c) +{ + return ((c >= 'a' && c <= 'z') ? c - ('a' - 'A') : c); +} #endif /* !_CTYPE_H */ #endif /* !SHIM_UNIT_TEST */ diff --git a/include/system/stdlib.h b/include/system/stdlib.h index f2660f63..da7d3af9 100644 --- a/include/system/stdlib.h +++ b/include/system/stdlib.h @@ -11,6 +11,18 @@ */ #include +static inline void abort(void) { } + +#include +mkbi1_(int, abs, int, j) +mkbi1_(long int, labs, long int, j) +mkbi1_(long long int, llabs, long long int, j) + +#ifdef _INTTYPES_H +mkbi1_(intmax_t, imaxabs, intmax_t, j) +#endif /* _INTTYPES_H */ +#include + #endif /* !_STDLIB_H */ #endif // vim:fenc=utf-8:tw=75:noet diff --git a/include/system/string.h b/include/system/string.h index 21e46c1d..822e28fa 100644 --- a/include/system/string.h +++ b/include/system/string.h @@ -7,8 +7,55 @@ #include -__typeof__(__builtin_memset) memset; -__typeof__(__builtin_memcpy) memcpy; +#include + +mkbi1_(long int, ffsl, long int, x) +mkbi1_(long int, clzl, long int, x) +mkbi1_(long int, ctzl, long int, x) +mkbi1_(long int, clrsbl, long int, x) +mkbi1_(long int, popcountl, long int, x) +mkbi1_(long int, parityl, long int, x) +mkbi1_(long long int, ffsll, long long int, x) +mkbi1_(long long int, clzll, long long int, x) +mkbi1_(long long int, ctzll, long long int, x) +mkbi1_(long long int, clrsbll, long long int, x) +mkbi1_(long long int, popcountll, long long int, x) +mkbi1_(long long int, parityll, long long int, x) + +mkbi3_(int, bcmp, const void *, s1, const void *, s2, size_t, n) +mkbi3_(void, bcopy, const void *, src, void *, dest, size_t, n) +mkbi2_(void, bzero, void *, s, size_t, n) +mkdepbi2_(char *, index, const char *, s, int, c) +mkbi3_(void *, memchr, const void *, s, int, c, size_t, n) +mkbi3_(int, memcmp, const void *, s1, const void *, s2, size_t, n) +mkbi3_(void *, memcpy, void *, dest, const void *, src, size_t, n) +mkbi3_(void *, memmove, void *, dest, const void *, src, size_t, n) +mkbi3_(void *, mempcpy, void *, dest, const void *, src, size_t, n) +mkdepbi2_(char *, rindex, const char *, s, int, c) +mkdepbi2_(char *, stpcpy, char *, dest, const char *, src) +mkbi3_(char *, stpncpy, char *, dest, const char *, src, size_t, n) +mkdepbi2_(int, strcasecmp, const char *, s1, const char *, s2) +mkdepbi2_(char *, strcat, char *, dest, const char *, src) +mkdepbi2_(char *, strchr, const char *, s, int, c) +mkdepbi2_(int, strcmp, const char *, s1, const char *, s2) +mkdepbi2_(char *, strcpy, char *, dest, const char *, src) +mkdepbi2_(size_t, strcspn, const char *, s, const char *, reject) +mkdepbi1_(char *, strdup, const char *, s) +mkbi2_(char *, strndup, const char *, s, size_t, n) +mkdepbi1_(size_t, strlen, const char *, s) +mkbi3_(int, strncasecmp, const char *, s1, const char *, s2, size_t, n) +mkbi3_(char *, strncat, char *, dest, const char *, src, size_t, n) +mkbi3_(int, strncmp, const char *, s1, const char *, s2, size_t, n) +mkbi3_(char *, strncpy, char *, dest, const char *, src, size_t, n) +mkbi2_(int, strnlen, const char *, s1, size_t, n) +mkdepbi2_(char *, strpbrk, const char *, s, const char *, accept) +mkdepbi2_(char *, strrchr, const char *, s, int, c) +mkdepbi2_(size_t, strspn, const char *, s, const char *, accept) +mkdepbi2_(char *, strstr, const char *, haystack, const char *, needle) + +mkbi3_(void *, memset, void *, s, int, c, size_t, n); + +#include #endif /* _STRING_H */ #endif diff --git a/include/system/strings.h b/include/system/strings.h index c82bd917..99bc05f2 100644 --- a/include/system/strings.h +++ b/include/system/strings.h @@ -5,6 +5,15 @@ #ifndef _STRINGS_H #define _STRINGS_H +#include +mkbi1_(int, ffs, int, x) +mkbi1_(int, clz, int, x) +mkbi1_(int, ctz, int, x) +mkbi1_(int, clrsb, int, x) +mkbi1_(int, popcount, int, x) +mkbi1_(int, parity, int, x) +#include + #endif /* !_STRINGS_H */ #endif // vim:fenc=utf-8:tw=75:noet diff --git a/lib/string.c b/lib/string.c new file mode 100644 index 00000000..1f58f3ec --- /dev/null +++ b/lib/string.c @@ -0,0 +1,245 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/* + * string.c - implementations we need for string finctions + */ +#define SHIM_STRING_C_ +#include "shim.h" + +size_t +strlen(const char *s1) +{ + size_t len; + + for (len = 0; *s1; s1 += 1, len += 1) + ; + return len; +} + +int +strcmp(const char *s1p, const char *s2p) +{ + const uint8_t *s1 = (const uint8_t *)s1p; + const uint8_t *s2 = (const uint8_t *)s2p; + + while (*s1) { + if (*s1 != *s2) { + break; + } + + s1 += 1; + s2 += 1; + } + + return *s1 - *s2; +} + +int +strncmp(const char *s1p, const char *s2p, size_t len) +{ + const uint8_t *s1 = (const uint8_t *)s1p; + const uint8_t *s2 = (const uint8_t *)s2p; + + while (*s1 && len) { + if (*s1 != *s2) { + break; + } + + s1 += 1; + s2 += 1; + len -= 1; + } + + return len ? *s1 - *s2 : 0; +} + +/* Based on AsciiStriCmp() in edk2 MdePkg/Library/BaseLib/String.c */ +int +strncasecmp(const char *s1p, const char *s2p, size_t n) +{ + const uint8_t *s1 = (const uint8_t *)s1p; + const uint8_t *s2 = (const uint8_t *)s2p; + + while (*s1 && n) { + if (toupper(*s1) != toupper(*s2)) { + break; + } + + s1 += 1; + s2 += 1; + n -= 1; + } + + return n ? *s1 - *s2 : 0; +} + +/* Based on AsciiStriCmp() in edk2 MdePkg/Library/BaseLib/String.c */ +int +strcasecmp(const char *str1, const char *str2) +{ + char c1, c2; + + c1 = toupper(*str1); + c2 = toupper(*str2); + while ((*str1 != '\0') && (c1 == c2)) { + str1++; + str2++; + c1 = toupper(*str1); + c2 = toupper(*str2); + } + + return c1 - c2; +} + +/* Scan a string for the last occurrence of a character */ +char * +strrchr(const char *str, int c) +{ + char *save; + + for (save = NULL;; ++str) { + if (*str == c) { + save = (char *)str; + } + if (*str == 0) { + return (save); + } + } +} + +NONNULL(1) +size_t +strnlen(const char *s, size_t n) +{ + size_t i; + for (i = 0; i < n; i++) + if (s[i] == '\0') + break; + return i; +} + +RETURNS_NONNULL NONNULL(1, 2) +char * +strcpy(char *dest, const char *src) +{ + size_t i; + + for (i = 0; src[i] != '\0'; i++) + dest[i] = src[i]; + + dest[i] = '\0'; + return dest; +} + +RETURNS_NONNULL NONNULL(1, 2) +char * +strncpy(char *dest, const char *src, size_t n) +{ + size_t i; + + for (i = 0; i < n && src[i] != '\0'; i++) + dest[i] = src[i]; + for (; i < n; i++) + dest[i] = '\0'; + + return dest; +} + +RETURNS_NONNULL NONNULL(1, 2) +char * +strcat(char *dest, const char *src) +{ + size_t dest_len = strlen(dest); + size_t i; + + for (i = 0; src[i] != '\0'; i++) + dest[dest_len + i] = src[i]; + dest[dest_len + i] = '\0'; + + return dest; +} + +NONNULL(1) +char * +strdup(const char *const src) +{ + size_t len; + char *news = NULL; + + len = strlen(src); + news = AllocateZeroPool(len + 1); + if (news) + strncpy(news, src, len); + return news; +} + +NONNULL(1) +char * +strndup(const char *const src, const size_t srcmax) +{ + size_t len; + char *news = NULL; + + len = strnlen(src, srcmax); + news = AllocateZeroPool(len + 1); + if (news) + strncpy(news, src, len); + return news; +} + +RETURNS_NONNULL NONNULL(1, 2) +char * +stpcpy(char *dest, const char *const src) +{ + size_t i = 0; + for (i = 0; src[i]; i++) + dest[i] = src[i]; + dest[i] = '\000'; + return &dest[i]; +} + +RETURNS_NONNULL NONNULL(1) +char * +strchrnul(const char *s, int c) +{ + unsigned int i; + + for (i = 0; s[i] != '\000' && s[i] != c; i++) + ; + + return (char *)&s[i]; +} + +NONNULL(1) +char * +strchr(const char *s, int c) +{ + const char *s1; + + s1 = strchrnul(s, c); + if (!s1 || s1[0] == '\000') + return NULL; + + return (char *)s1; +} + +char * +translate_slashes(char *out, const char *str) +{ + int i; + int j; + if (str == NULL || out == NULL) + return NULL; + + for (i = 0, j = 0; str[i] != '\0'; i++, j++) { + if (str[i] == '\\') { + out[j] = '/'; + if (str[i + 1] == '\\') + i++; + } else + out[j] = str[i]; + } + out[j] = '\0'; + return out; +} + +// vim:fenc=utf-8:tw=75:noet diff --git a/mok.c b/mok.c index 6bd506be..be477c48 100644 --- a/mok.c +++ b/mok.c @@ -1013,7 +1013,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle) struct mok_state_variable *v = &mok_state_variables[i]; ZeroMem(&config_template, sizeof(config_template)); - strncpya(config_template.name, (CHAR8 *)v->rtname8, 255); + strncpy(config_template.name, (CHAR8 *)v->rtname8, 255); config_template.name[255] = '\0'; config_template.data_size = v->data_size; diff --git a/netboot.c b/netboot.c index 450e9def..3f5c5198 100644 --- a/netboot.c +++ b/netboot.c @@ -172,7 +172,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url) // to check against str2ip6() errors memset(ip6inv, 0, sizeof(ip6inv)); - if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) { + if (strncmp((const char *)url, (const char *)"tftp://", 7)) { console_print(L"URLS MUST START WITH tftp://\n"); return FALSE; } @@ -258,7 +258,7 @@ static EFI_STATUS parseDhcp4() pkt_v4 = &pxe->Mode->PxeReply.Dhcpv4; } - INTN dir_len = strnlena((CHAR8 *)pkt_v4->BootpBootFile, 127); + INTN dir_len = strnlen((CHAR8 *)pkt_v4->BootpBootFile, 127); INTN i; UINT8 *dir = pkt_v4->BootpBootFile; @@ -274,13 +274,13 @@ static EFI_STATUS parseDhcp4() return EFI_OUT_OF_RESOURCES; if (dir_len > 0) { - strncpya(full_path, (CHAR8 *)dir, dir_len); + strncpy(full_path, (CHAR8 *)dir, dir_len); if (full_path[dir_len-1] == '/' && template[0] == '/') full_path[dir_len-1] = '\0'; } if (dir_len == 0 && dir[0] != '/' && template[0] == '/') template_ofs++; - strcata(full_path, template + template_ofs); + strcat(full_path, template + template_ofs); memcpy(&tftp_addr.v4, pkt_v4->BootpSiAddr, 4); return EFI_SUCCESS; diff --git a/sbat.c b/sbat.c index d8750962..fec22a73 100644 --- a/sbat.c +++ b/sbat.c @@ -48,7 +48,7 @@ parse_sbat_section(char *section_base, size_t section_size, efi_status = EFI_INVALID_PARAMETER; goto err; } - allocsz += strlena(row->columns[i]) + 1; + allocsz += strlen(row->columns[i]) + 1; } n++; } @@ -226,7 +226,7 @@ parse_sbat_var_data(list_t *entry_list, UINT8 *data, UINTN datasize) efi_status = EFI_INVALID_PARAMETER; goto err; } - allocsz += strlena(row->columns[i]) + 1; + allocsz += strlen(row->columns[i]) + 1; } n++; } diff --git a/shim.h b/shim.h index 61dafa82..3d2ac2d4 100644 --- a/shim.h +++ b/shim.h @@ -259,4 +259,6 @@ verify_buffer (char *data, int datasize, #define LogError(fmt, ...) #endif +char *translate_slashes(char *out, const char *str); + #endif /* SHIM_H_ */ -- cgit v1.2.3 From 9beca885c29c77bb901547321a5ce6fd3c9c8ee3 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 9 Mar 2021 14:40:03 -0500 Subject: Fix stdarg to work the same everywhere. This gets us the same working definition for VA_* va_* etc everywhere, and it's the same definition edk2 is using. Signed-off-by: Peter Jones --- Cryptlib/Include/OpenSslSupport.h | 125 ++++++-------------------------------- Cryptlib/Library/BaseLib.h | 16 +++++ Cryptlib/Makefile | 3 +- Cryptlib/OpenSSL/Makefile | 3 +- Make.defaults | 4 +- errlog.c | 24 ++++---- include/console.h | 2 +- include/hexdump.h | 10 +-- include/system/efistdarg.h | 15 +++++ include/system/stdarg.h | 41 ++++++++----- lib/Makefile | 3 +- lib/console.c | 12 ++-- shim.h | 23 +++++-- 13 files changed, 120 insertions(+), 161 deletions(-) create mode 100644 include/system/efistdarg.h (limited to 'Cryptlib') diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index 6bb7ba64..1f475a32 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -15,6 +15,22 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #ifndef __OPEN_SSL_SUPPORT_H__ #define __OPEN_SSL_SUPPORT_H__ +#if defined(__x86_64__) +/* shim.h will check if the compiler is new enough in some other CU */ + +#if !defined(GNU_EFI_USE_EXTERNAL_STDARG) +#define GNU_EFI_USE_EXTERNAL_STDARG +#endif + +#if !defined(GNU_EFI_USE_MS_ABI) +#define GNU_EFI_USE_MS_ABI +#endif + +#ifdef NO_BUILTIN_VA_FUNCS +#undef NO_BUILTIN_VA_FUNCS +#endif +#endif + /* * Include stddef.h to avoid redefining "offsetof" */ @@ -64,113 +80,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // typedef VOID *FILE; -// -// Map all va_xxxx elements to VA_xxx defined in MdePkg/Include/Base.h -// -#if !defined(__CC_ARM) || defined(_STDARG_H) // if va_list is not already defined -/* - * These are now unconditionally #defined by GNU_EFI's efistdarg.h, - * so we should #undef them here before providing a new definition. - */ -#undef va_arg -#undef va_start -#undef va_end - -#define va_list VA_LIST -#define va_arg VA_ARG -#define va_start VA_START -#define va_end VA_END - -# if !defined(NO_BUILTIN_VA_FUNCS) - -typedef __builtin_va_list VA_LIST; - -#define VA_START(Marker, Parameter) __builtin_va_start (Marker, Parameter) - -#define VA_ARG(Marker, TYPE) ((sizeof (TYPE) < sizeof (UINTN)) ? (TYPE)(__builtin_va_arg (Marker, UINTN)) : (TYPE)(__builtin_va_arg (Marker, TYPE))) - -#define VA_END(Marker) __builtin_va_end (Marker) - -#define VA_COPY(Dest, Start) __builtin_va_copy (Dest, Start) - -# else - -#define _INT_SIZE_OF(n) ((sizeof (n) + sizeof (UINTN) - 1) &~(sizeof (UINTN) - 1)) -/// -/// Variable used to traverse the list of arguments. This type can vary by -/// implementation and could be an array or structure. -/// -typedef CHAR8 *VA_LIST; - -/** - Retrieves a pointer to the beginning of a variable argument list, based on - the name of the parameter that immediately precedes the variable argument list. - - This function initializes Marker to point to the beginning of the variable - argument list that immediately follows Parameter. The method for computing the - pointer to the next argument in the argument list is CPU-specific following the - EFIAPI ABI. - - @param Marker The VA_LIST used to traverse the list of arguments. - @param Parameter The name of the parameter that immediately precedes - the variable argument list. - - @return A pointer to the beginning of a variable argument list. - -**/ -#define VA_START(Marker, Parameter) (Marker = (VA_LIST) ((UINTN) & (Parameter) + _INT_SIZE_OF (Parameter))) - -/** - Returns an argument of a specified type from a variable argument list and updates - the pointer to the variable argument list to point to the next argument. - - This function returns an argument of the type specified by TYPE from the beginning - of the variable argument list specified by Marker. Marker is then updated to point - to the next argument in the variable argument list. The method for computing the - pointer to the next argument in the argument list is CPU-specific following the EFIAPI ABI. - - @param Marker VA_LIST used to traverse the list of arguments. - @param TYPE The type of argument to retrieve from the beginning - of the variable argument list. - - @return An argument of the type specified by TYPE. - -**/ -#define VA_ARG(Marker, TYPE) (*(TYPE *) ((Marker += _INT_SIZE_OF (TYPE)) - _INT_SIZE_OF (TYPE))) - -/** - Terminates the use of a variable argument list. - - This function initializes Marker so it can no longer be used with VA_ARG(). - After this macro is used, the only way to access the variable argument list is - by using VA_START() again. - - @param Marker VA_LIST used to traverse the list of arguments. - -**/ -#define VA_END(Marker) (Marker = (VA_LIST) 0) - -/** - Initializes a VA_LIST as a copy of an existing VA_LIST. - - This macro initializes Dest as a copy of Start, as if the VA_START macro had been applied to Dest - followed by the same sequence of uses of the VA_ARG macro as had previously been used to reach - the present state of Start. - - @param Dest VA_LIST used to traverse the list of arguments. - @param Start VA_LIST used to traverse the list of arguments. - -**/ -#define VA_COPY(Dest, Start) ((void)((Dest) = (Start))) - -# endif - -#else // __CC_ARM -#define va_start(Marker, Parameter) __va_start(Marker, Parameter) -#define va_arg(Marker, TYPE) __va_arg(Marker, TYPE) -#define va_end(Marker) ((void)0) -#endif - // // #defines from EFI Application Toolkit required to buiild Open SSL // @@ -318,7 +227,7 @@ size_t fwrite (const void *, size_t, size_t, FILE *); char *fgets (char *, int, FILE *); int fputs (const char *, FILE *); int fprintf (FILE *, const char *, ...); -int vfprintf (FILE *, const char *, VA_LIST); +int vfprintf (FILE *, const char *, va_list); int fflush (FILE *); int fclose (FILE *); DIR *opendir (const char *); diff --git a/Cryptlib/Library/BaseLib.h b/Cryptlib/Library/BaseLib.h index 93d5c691..94b25c93 100644 --- a/Cryptlib/Library/BaseLib.h +++ b/Cryptlib/Library/BaseLib.h @@ -1,3 +1,19 @@ +#if defined(__x86_64__) +/* shim.h will check if the compiler is new enough in some other CU */ + +#if !defined(GNU_EFI_USE_EXTERNAL_STDARG) +#define GNU_EFI_USE_EXTERNAL_STDARG +#endif + +#if !defined(GNU_EFI_USE_MS_ABI) +#define GNU_EFI_USE_MS_ABI +#endif + +#ifdef NO_BUILTIN_VA_FUNCS +#undef NO_BUILTIN_VA_FUNCS +#endif +#endif + #include #include diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 27614618..547fd106 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -22,8 +22,7 @@ CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) ifeq ($(ARCH),x86_64) FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) -DEFINES += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 +DEFINES += -DMDE_CPU_X64 endif ifeq ($(ARCH),ia32) FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 294e889a..1b8ca318 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -36,8 +36,7 @@ CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) ifeq ($(ARCH),x86_64) FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) -DEFINES += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 +DEFINES += -DMDE_CPU_X64 endif ifeq ($(ARCH),ia32) FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) diff --git a/Make.defaults b/Make.defaults index 50164ae8..f956c005 100644 --- a/Make.defaults +++ b/Make.defaults @@ -53,9 +53,7 @@ COMMIT_ID ?= $(shell if [ -e .git ] ; then git log -1 --pretty=format:%H ; elif ifeq ($(ARCH),x86_64) ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \ $(CLANG_BUGS) -m64 \ - -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 \ - -DPAGE_SIZE=4096 + -DMDE_CPU_X64 -DPAGE_SIZE=4096 ARCH_GNUEFI ?= x86_64 ARCH_SUFFIX ?= x64 ARCH_SUFFIX_UPPER ?= X64 diff --git a/errlog.c b/errlog.c index 16af23b0..ac657151 100644 --- a/errlog.c +++ b/errlog.c @@ -10,24 +10,26 @@ static CHAR16 **errs = NULL; static UINTN nerrs = 0; EFI_STATUS EFIAPI -vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, elf_va_list args) +vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, + va_list args) { - elf_va_list args2; + va_list args2; EFI_STATUS efi_status = EFI_SUCCESS; if (verbose) { - elf_va_copy(args2, args); + va_copy(args2, args); console_print(L"%a:%d:%a() ", file, line, func); efi_status = VPrint(fmt, args2); - elf_va_end(args2); + va_end(args2); } return efi_status; } EFI_STATUS EFIAPI -VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, elf_va_list args) +VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, + va_list args) { - elf_va_list args2; + va_list args2; CHAR16 **newerrs; newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs), @@ -38,11 +40,11 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, elf_v newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func); if (!newerrs[nerrs]) return EFI_OUT_OF_RESOURCES; - elf_va_copy(args2, args); + va_copy(args2, args); newerrs[nerrs+1] = VPoolPrint(fmt, args2); if (!newerrs[nerrs+1]) return EFI_OUT_OF_RESOURCES; - elf_va_end(args2); + va_end(args2); nerrs += 2; newerrs[nerrs] = NULL; @@ -54,12 +56,12 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, elf_v EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...) { - elf_va_list args; + va_list args; EFI_STATUS efi_status; - elf_va_start(args, fmt); + va_start(args, fmt); efi_status = VLogError(file, line, func, fmt, args); - elf_va_end(args); + va_end(args); return efi_status; } diff --git a/include/console.h b/include/console.h index d8af3cd3..00982744 100644 --- a/include/console.h +++ b/include/console.h @@ -102,7 +102,7 @@ extern UINT32 verbose; dprint_(L"%a:%d:%a() " fmt, __FILE__, __LINE__ - 1, __func__, \ ##__VA_ARGS__) extern EFI_STATUS EFIAPI vdprint_(const CHAR16 *fmt, const char *file, int line, - const char *func, elf_va_list args); + const char *func, va_list args); #define vdprint(fmt, ...) \ vdprint_(fmt, __FILE__, __LINE__ - 1, __func__, ##__VA_ARGS__) diff --git a/include/hexdump.h b/include/hexdump.h index a6aa2bfa..f778de9a 100644 --- a/include/hexdump.h +++ b/include/hexdump.h @@ -81,7 +81,7 @@ prepare_text(const void *data, size_t size, char *buf, unsigned int position) */ static inline void UNUSED EFIAPI vhexdumpf(const char *file, int line, const char *func, const CHAR16 *const fmt, - const void *data, unsigned long size, size_t at, elf_va_list ap) + const void *data, unsigned long size, size_t at, va_list ap) { unsigned long display_offset = at; unsigned long offset = 0; @@ -114,15 +114,15 @@ vhexdumpf(const char *file, int line, const char *func, const CHAR16 *const fmt, * hexdump formatted * think of it as: printf("%s%s", format(fmt, ...), hexdump(data,size)[lineN]); */ -static inline void UNUSED +static inline void UNUSED EFIAPI hexdumpf(const char *file, int line, const char *func, const CHAR16 *const fmt, const void *data, unsigned long size, size_t at, ...) { - elf_va_list ap; + va_list ap; - elf_va_start(ap, at); + va_start(ap, at); vhexdumpf(file, line, func, fmt, data, size, at, ap); - elf_va_end(ap); + va_end(ap); } static inline void UNUSED diff --git a/include/system/efistdarg.h b/include/system/efistdarg.h new file mode 100644 index 00000000..837c4f23 --- /dev/null +++ b/include/system/efistdarg.h @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/* + * efistdarg.h - AAAARGGGG + * Copyright Peter Jones + */ + +#ifndef SHIM_UNIT_TEST +#ifndef _EFISTDARG_H_ +#define _EFISTDARG_H_ + +#include + +#endif /* !_EFISTDARG_H_ */ +#endif +// vim:fenc=utf-8:tw=75:noet diff --git a/include/system/stdarg.h b/include/system/stdarg.h index 346b760d..af1ac59b 100644 --- a/include/system/stdarg.h +++ b/include/system/stdarg.h @@ -8,24 +8,33 @@ #ifndef _STDARG_H #define _STDARG_H -#include - -#endif /* !_STDARG_H */ +#ifndef GNU_EFI_USE_EXTERNAL_STDARG +#define GNU_EFI_USE_EXTERNAL_STDARG #endif -#ifndef SHIM_STDARG_H_ -#define SHIM_STDARG_H_ -typedef __builtin_ms_va_list ms_va_list; -#define ms_va_copy(dest, start) __builtin_ms_va_copy(dest, start) -#define ms_va_start(marker, arg) __builtin_ms_va_start(marker, arg) -#define ms_va_arg(marker, type) __builtin_va_arg(marker, type) -#define ms_va_end(marker) __builtin_ms_va_end(marker) +#if defined(__aarch64__) || defined(__arm__) || defined(__i386__) || \ + defined(__i486__) || defined(__i686__) || defined(SHIM_UNIT_TEST) +typedef __builtin_va_list va_list; +#define va_copy(dest, start) __builtin_va_copy(dest, start) +#define va_start(marker, arg) __builtin_va_start(marker, arg) +#define va_arg(marker, type) __builtin_va_arg(marker, type) +#define va_end(marker) __builtin_va_end(marker) +#elif defined(__x86_64__) +typedef __builtin_ms_va_list va_list; +#define va_copy(dest, start) __builtin_ms_va_copy(dest, start) +#define va_start(marker, arg) __builtin_ms_va_start(marker, arg) +#define va_arg(marker, type) __builtin_va_arg(marker, type) +#define va_end(marker) __builtin_ms_va_end(marker) +#else +#error what arch is this +#endif -typedef __builtin_va_list elf_va_list; -#define elf_va_copy(dest, start) __builtin_va_copy(dest, start) -#define elf_va_start(marker, arg) __builtin_va_start(marker, arg) -#define elf_va_arg(marker, type) __builtin_va_arg(marker, type) -#define elf_va_end(marker) __builtin_va_end(marker) +typedef va_list VA_LIST; +#define VA_COPY(dest, start) va_copy(dest, start) +#define VA_START(marker, arg) va_start(marker, arg) +#define VA_END(marker) va_end(marker) +#define VA_ARG(marker, type) va_arg(marker, type) -#endif /* !SHIM_STDARG_H_ */ +#endif /* !_STDARG_H */ +#endif /* !SHIM_UNIT_TEST */ // vim:fenc=utf-8:tw=75:noet diff --git a/lib/Makefile b/lib/Makefile index 63893c3e..0d2d0a9d 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -17,8 +17,7 @@ CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) ifeq ($(ARCH),x86_64) FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) -DEFINES += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 +DEFINES += -DMDE_CPU_X64 endif ifeq ($(ARCH),ia32) FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) diff --git a/lib/console.c b/lib/console.c index 32c6d55d..2da20b31 100644 --- a/lib/console.c +++ b/lib/console.c @@ -86,15 +86,15 @@ VOID console_fini(VOID) UINTN EFIAPI console_print(const CHAR16 *fmt, ...) { - elf_va_list args; + va_list args; UINTN ret; if (!console_text_mode) setup_console(1); - elf_va_start(args, fmt); + va_start(args, fmt); ret = VPrint(fmt, args); - elf_va_end(args); + va_end(args); return ret; } @@ -103,7 +103,7 @@ UINTN EFIAPI console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) { SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; - elf_va_list args; + va_list args; UINTN ret; if (!console_text_mode) @@ -111,9 +111,9 @@ console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) co->SetCursorPosition(co, col, row); - elf_va_start(args, fmt); + va_start(args, fmt); ret = VPrint(fmt, args); - elf_va_end(args); + va_end(args); return ret; } diff --git a/shim.h b/shim.h index 3d2ac2d4..0ea182eb 100644 --- a/shim.h +++ b/shim.h @@ -17,20 +17,29 @@ #endif #if defined(__x86_64__) -#if !defined(GNU_EFI_USE_MS_ABI) -#error On x86_64 you must use ms_abi (GNU_EFI_USE_MS_ABI) in gnu-efi and shim. -#endif /* gcc 4.5.4 is the first documented release with -mabi=ms */ #if !GNUC_PREREQ(4, 7) && !CLANG_PREREQ(3, 4) #error On x86_64 you must have a compiler new enough to support __attribute__((__ms_abi__)) #endif + +#if !defined(GNU_EFI_USE_EXTERNAL_STDARG) +#define GNU_EFI_USE_EXTERNAL_STDARG +#endif + +#if !defined(GNU_EFI_USE_MS_ABI) +#define GNU_EFI_USE_MS_ABI +#endif + +#ifdef NO_BUILTIN_VA_FUNCS +#undef NO_BUILTIN_VA_FUNCS +#endif #endif #include #include #include #include -#include +#include #include #include @@ -40,6 +49,10 @@ #undef uefi_call_wrapper #include #include + +#if defined(__x86_64__) && !defined(HAVE_USE_MS_ABI) +#error something has gone wrong with the gnu-efi includes and defines +#endif #endif #ifdef SHIM_UNIT_TEST @@ -209,7 +222,7 @@ extern void shim_fini(void); extern EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...); extern EFI_STATUS EFIAPI VLogError(const char *file, int line, const char *func, - const CHAR16 *fmt, elf_va_list args); + const CHAR16 *fmt, va_list args); extern VOID LogHexdump_(const char *file, int line, const char *func, const void *data, size_t sz); extern VOID PrintErrors(VOID); -- cgit v1.2.3 From f5493df9c626a7436803d1e68b0118f4d041e0fa Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Tue, 9 Mar 2021 12:15:00 -0500 Subject: openssl: fix various build errors and warnings There were a couple cases of "uninitialized variable" warnings in the imported OpenSSL code; I used the current OpenSSL code as a guide for picking the default values used here. On my dev system there is one remaining build warning in OpenSSL's crypto/asn1/x_pkey.c:X509_PKEY_new() function. Unfortunately it involves some preprocessor crimes and the fix would be a bit ugly. Fortunately it appears the warning here is harmless and can be ignored. As a point of reference, my build system is a current Arch install with GCC v10.2.0 and GNU-EFI v 3.0.12. Signed-off-by: Paul Moore --- Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 3 ++- Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c | 2 +- Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c index 1269a146..b27b0f68 100644 --- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c @@ -530,7 +530,8 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) { BIO *tmpmem; - int ret, i; + int ret = 0; /* current openssl sets 'ret' to zero here */ + int i; char *buf = NULL; if (!p7) { diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c index 951e1d5c..ddead3d7 100644 --- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c +++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c @@ -768,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, return 2; } +#ifndef OPENSSL_NO_CMS static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) { @@ -791,7 +792,6 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, return pss; } -#ifndef OPENSSL_NO_CMS static int rsa_cms_decrypt(CMS_RecipientInfo *ri) { EVP_PKEY_CTX *pkctx; diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c index 5bf3f07a..96f306b2 100644 --- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c @@ -984,7 +984,8 @@ static int check_cert(X509_STORE_CTX *ctx) { X509_CRL *crl = NULL, *dcrl = NULL; X509 *x; - int ok, cnum; + int ok = 0; /* current openssl sets 'ok' to zero here */ + int cnum; unsigned int last_reasons; cnum = ctx->error_depth; x = sk_X509_value(ctx->chain, cnum); -- cgit v1.2.3 From 1bc4bf063adf57a17e5d6d8dc6399f03080a0566 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 9 Mar 2021 17:15:53 -0500 Subject: make: use -Wextra (minus some obnoxious bits) gcc -Wextra, has a lot of good, useful checks, a few obnoxious checks, and a few absolutely insane checks. This enables -Wextra, but disables -Wmissing-field-initializers, because it is irrational nonsense that just leads to worse code. It also disables some specific things in the Cryptlib and Cryptlib/OpenSSL trees: Both: -Wno-unused-parameter - there are a fair number of functions that have to conform to some API or another but have arguments that are unused, but haven't been marked with UNUSED; we don't need to see warnings about them. Cryptlib/OpenSSL: -Wno-empty-body - functions that exist merely to populate some API -Wno-implicit-fallthrough - these probably should get fixed someday, but I bet upstream will do it and rebasing will solve it -Wno-old-style-declaration - this gripes if you write "const static" instead of "static const". Again I expect rebasing will fix it at some point. -Wno-unused-but-set-variable - self explanatory, and again, I expect a rebase to solve it someday. Signed-off-by: Peter Jones --- Cryptlib/Makefile | 2 ++ Cryptlib/OpenSSL/Makefile | 9 +++++---- Make.defaults | 8 +++++--- 3 files changed, 12 insertions(+), 7 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 547fd106..89fd5cdc 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -11,6 +11,8 @@ INCLUDES = -I$(CRYPTDIR) -I$(CRYPTDIR)/Include \ -isystem $(TOPDIR)/include/system \ -isystem $(shell $(CC) -print-file-name=include) +WARNFLAGS += -Wno-unused-parameter + CFLAGS = $(FEATUREFLAGS) \ $(OPTIMIZATIONS) \ $(WARNFLAGS) \ diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 1b8ca318..2b96c385 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -20,10 +20,11 @@ INCLUDES = -I$(OSSLDIR) -I$(CRYPTDIR) -I$(OSSLDIR)/Include/ \ FEATUREFLAGS += -nostdinc -WERRFLAGS += -Wno-error=discarded-qualifiers \ - -Wno-error=maybe-uninitialized \ - -Wno-error=unused-function \ - -Wno-error=unused-but-set-variable +WARNFLAGS += -Wno-empty-body \ + -Wno-implicit-fallthrough \ + -Wno-old-style-declaration \ + -Wno-unused-but-set-variable \ + -Wno-unused-parameter CFLAGS = $(FEATUREFLAGS) \ $(OPTIMIZATIONS) \ diff --git a/Make.defaults b/Make.defaults index f956c005..20aa8cd4 100644 --- a/Make.defaults +++ b/Make.defaults @@ -118,12 +118,12 @@ $(call conditional-add-flag,$(COLOR),diagnostics-color,FEATUREFLAGS,-fdiagnostic override DEFAULT_WARNFLAGS = \ -Wall \ - -Wsign-compare + -Wextra \ + -Wno-missing-field-initializers $(call update-variable,WARNFLAGS) override DEFAULT_WERRFLAGS = \ - -Werror \ - -Werror=sign-compare + -Werror $(call update-variable,WERRFLAGS) CFLAGS = $(FEATUREFLAGS) \ @@ -186,3 +186,5 @@ endif ifneq ($(VERBOSE),) export VERBOSE endif + +# vim:filetype=make -- cgit v1.2.3 From df74fff124a84428c9717a89ff00ca0931d09c52 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 11 Mar 2021 11:40:46 -0500 Subject: openssl: nerf some -W flags for clang. Signed-off-by: Peter Jones --- Cryptlib/OpenSSL/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 2b96c385..795f471d 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -22,8 +22,8 @@ FEATUREFLAGS += -nostdinc WARNFLAGS += -Wno-empty-body \ -Wno-implicit-fallthrough \ - -Wno-old-style-declaration \ - -Wno-unused-but-set-variable \ + $(if $(findstring gcc,$(CC)),-Wno-old-style-declaration) \ + $(if $(findstring gcc,$(CC)),-Wno-unused-but-set-variable) \ -Wno-unused-parameter CFLAGS = $(FEATUREFLAGS) \ -- cgit v1.2.3 From 4457d79ce0ea638e7732f5529bf13849e290940d Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 11 Mar 2021 16:48:44 -0500 Subject: More va_* work Be much more explicit about exactly which va_* stuff comes from which ABI in both shim and gnu-efi. This fixes the problem where we see: | (null):0:(null)() v->name:"(null)" v->rtname:"(null)" | (null):0:(null)() v->data_size:0 v->data:0x0 and similar messages where everything is NULL. Signed-off-by: Peter Jones --- Cryptlib/Include/OpenSslSupport.h | 2 +- Cryptlib/Include/openssl/bio.h | 4 +- Cryptlib/Include/openssl/err.h | 2 +- Cryptlib/OpenSSL/crypto/bio/b_print.c | 66 ++++++++++++++--------------- Cryptlib/OpenSSL/crypto/err/err.c | 10 ++--- Makefile | 1 + errlog.c | 22 +++++----- gnu-efi | 2 +- include/console.h | 2 +- include/hexdump.h | 8 ++-- include/system/efistdarg.h | 4 ++ include/system/stdarg.h | 80 ++++++++++++++++++++++++++--------- lib/console.c | 12 +++--- shim.h | 3 +- 14 files changed, 132 insertions(+), 86 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index 1f475a32..b97149e2 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -227,7 +227,7 @@ size_t fwrite (const void *, size_t, size_t, FILE *); char *fgets (char *, int, FILE *); int fputs (const char *, FILE *); int fprintf (FILE *, const char *, ...); -int vfprintf (FILE *, const char *, va_list); +int vfprintf (FILE *, const char *, ms_va_list); int fflush (FILE *); int fclose (FILE *); DIR *opendir (const char *); diff --git a/Cryptlib/Include/openssl/bio.h b/Cryptlib/Include/openssl/bio.h index 2efa873d..da8c6580 100644 --- a/Cryptlib/Include/openssl/bio.h +++ b/Cryptlib/Include/openssl/bio.h @@ -794,11 +794,11 @@ void BIO_copy_next_retry(BIO *b); # endif int EFIAPI BIO_printf(BIO *bio, const char *format, ...) __bio_h__attr__((__format__(__printf__, 2, 3))); -int EFIAPI BIO_vprintf(BIO *bio, const char *format, va_list args) +int EFIAPI BIO_vprintf(BIO *bio, const char *format, ms_va_list args) __bio_h__attr__((__format__(__printf__, 2, 0))); int EFIAPI BIO_snprintf(char *buf, size_t n, const char *format, ...) __bio_h__attr__((__format__(__printf__, 3, 4))); -int EFIAPI BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +int EFIAPI BIO_vsnprintf(char *buf, size_t n, const char *format, ms_va_list args) __bio_h__attr__((__format__(__printf__, 3, 0))); # undef __bio_h__attr__ diff --git a/Cryptlib/Include/openssl/err.h b/Cryptlib/Include/openssl/err.h index 32da8c37..5a019808 100644 --- a/Cryptlib/Include/openssl/err.h +++ b/Cryptlib/Include/openssl/err.h @@ -345,7 +345,7 @@ void ERR_print_errors_fp(FILE *fp); void ERR_print_errors(BIO *bp); # endif void EFIAPI ERR_add_error_data(int num, ...); -void EFIAPI ERR_add_error_vdata(int num, va_list args); +void EFIAPI ERR_add_error_vdata(int num, ms_va_list args); void ERR_load_strings(int lib, ERR_STRING_DATA str[]); void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); void ERR_load_ERR_strings(void); diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c index 34c8fca7..29da9036 100644 --- a/Cryptlib/OpenSSL/crypto/bio/b_print.c +++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c @@ -136,7 +136,7 @@ static int fmtfp(char **, char **, size_t *, size_t *, static int doapr_outch(char **, char **, size_t *, size_t *, int); static int EFIAPI _dopr(char **sbuffer, char **buffer, size_t *maxlen, size_t *retlen, int *truncated, - const char *format, va_list args); + const char *format, ms_va_list args); /* format read states */ #define DP_S_DEFAULT 0 @@ -171,7 +171,7 @@ static int EFIAPI _dopr(char **sbuffer, char **buffer, size_t *maxlen, - size_t *retlen, int *truncated, const char *format, va_list args) + size_t *retlen, int *truncated, const char *format, ms_va_list args) { char ch; LLONG value; @@ -236,7 +236,7 @@ _dopr(char **sbuffer, min = 10 * min + char_to_int(ch); ch = *format++; } else if (ch == '*') { - min = va_arg(args, int); + min = ms_va_arg(args, int); ch = *format++; state = DP_S_DOT; } else @@ -256,7 +256,7 @@ _dopr(char **sbuffer, max = 10 * max + char_to_int(ch); ch = *format++; } else if (ch == '*') { - max = va_arg(args, int); + max = ms_va_arg(args, int); ch = *format++; state = DP_S_MOD; } else @@ -297,16 +297,16 @@ _dopr(char **sbuffer, case 'i': switch (cflags) { case DP_C_SHORT: - value = (short int)va_arg(args, int); + value = (short int)ms_va_arg(args, int); break; case DP_C_LONG: - value = va_arg(args, long int); + value = ms_va_arg(args, long int); break; case DP_C_LLONG: - value = va_arg(args, LLONG); + value = ms_va_arg(args, LLONG); break; default: - value = va_arg(args, int); + value = ms_va_arg(args, int); break; } if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min, @@ -322,16 +322,16 @@ _dopr(char **sbuffer, flags |= DP_F_UNSIGNED; switch (cflags) { case DP_C_SHORT: - value = (unsigned short int)va_arg(args, unsigned int); + value = (unsigned short int)ms_va_arg(args, unsigned int); break; case DP_C_LONG: - value = (LLONG) va_arg(args, unsigned long int); + value = (LLONG) ms_va_arg(args, unsigned long int); break; case DP_C_LLONG: - value = va_arg(args, unsigned LLONG); + value = ms_va_arg(args, unsigned LLONG); break; default: - value = (LLONG) va_arg(args, unsigned int); + value = (LLONG) ms_va_arg(args, unsigned int); break; } if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, @@ -342,9 +342,9 @@ _dopr(char **sbuffer, #ifndef OPENSSL_SYS_UEFI case 'f': if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); + fvalue = ms_va_arg(args, LDOUBLE); else - fvalue = va_arg(args, double); + fvalue = ms_va_arg(args, double); if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, flags)) return 0; @@ -353,26 +353,26 @@ _dopr(char **sbuffer, flags |= DP_F_UP; case 'e': if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); + fvalue = ms_va_arg(args, LDOUBLE); else - fvalue = va_arg(args, double); + fvalue = ms_va_arg(args, double); break; case 'G': flags |= DP_F_UP; case 'g': if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); + fvalue = ms_va_arg(args, LDOUBLE); else - fvalue = va_arg(args, double); + fvalue = ms_va_arg(args, double); break; #endif case 'c': if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, - va_arg(args, int))) + ms_va_arg(args, int))) return 0; break; case 's': - strvalue = va_arg(args, char *); + strvalue = ms_va_arg(args, char *); if (max < 0) { if (buffer) max = INT_MAX; @@ -384,7 +384,7 @@ _dopr(char **sbuffer, return 0; break; case 'p': - value = (long)va_arg(args, void *); + value = (long)ms_va_arg(args, void *); if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 16, min, max, flags | DP_F_NUM)) return 0; @@ -392,19 +392,19 @@ _dopr(char **sbuffer, case 'n': /* XXX */ if (cflags == DP_C_SHORT) { short int *num; - num = va_arg(args, short int *); + num = ms_va_arg(args, short int *); *num = currlen; } else if (cflags == DP_C_LONG) { /* XXX */ long int *num; - num = va_arg(args, long int *); + num = ms_va_arg(args, long int *); *num = (long int)currlen; } else if (cflags == DP_C_LLONG) { /* XXX */ LLONG *num; - num = va_arg(args, LLONG *); + num = ms_va_arg(args, LLONG *); *num = (LLONG) currlen; } else { int *num; - num = va_arg(args, int *); + num = ms_va_arg(args, int *); *num = currlen; } break; @@ -799,18 +799,18 @@ doapr_outch(char **sbuffer, int EFIAPI BIO_printf(BIO *bio, const char *format, ...) { - va_list args; + ms_va_list args; int ret; - va_start(args, format); + ms_va_start(args, format); ret = BIO_vprintf(bio, format, args); - va_end(args); + ms_va_end(args); return (ret); } -int EFIAPI BIO_vprintf(BIO *bio, const char *format, va_list args) +int EFIAPI BIO_vprintf(BIO *bio, const char *format, ms_va_list args) { int ret; size_t retlen; @@ -847,18 +847,18 @@ int EFIAPI BIO_vprintf(BIO *bio, const char *format, va_list args) */ int EFIAPI BIO_snprintf(char *buf, size_t n, const char *format, ...) { - va_list args; + ms_va_list args; int ret; - va_start(args, format); + ms_va_start(args, format); ret = BIO_vsnprintf(buf, n, format, args); - va_end(args); + ms_va_end(args); return (ret); } -int EFIAPI BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +int EFIAPI BIO_vsnprintf(char *buf, size_t n, const char *format, ms_va_list args) { size_t retlen; int truncated; diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c index d0752adf..e2251454 100644 --- a/Cryptlib/OpenSSL/crypto/err/err.c +++ b/Cryptlib/OpenSSL/crypto/err/err.c @@ -1077,13 +1077,13 @@ void ERR_set_error_data(char *data, int flags) void EFIAPI ERR_add_error_data(int num, ...) { - va_list args; - va_start(args, num); + ms_va_list args; + ms_va_start(args, num); ERR_add_error_vdata(num, args); - va_end(args); + ms_va_end(args); } -void EFIAPI ERR_add_error_vdata(int num, va_list args) +void EFIAPI ERR_add_error_vdata(int num, ms_va_list args) { int i, n, s; char *str, *p, *a; @@ -1096,7 +1096,7 @@ void EFIAPI ERR_add_error_vdata(int num, va_list args) n = 0; for (i = 0; i < num; i++) { - a = va_arg(args, char *); + a = ms_va_arg(args, char *); /* ignore NULLs, thanks to Bob Beck */ if (a != NULL) { n += strlen(a); diff --git a/Makefile b/Makefile index df2d8b6e..9a93d740 100644 --- a/Makefile +++ b/Makefile @@ -136,6 +136,7 @@ MokManager.o: $(MOK_SOURCES) $(MMSONAME): $(MOK_OBJS) $(LIBS) $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a +gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: CFLAGS+=-DGNU_EFI_USE_EXTERNAL_STDARG gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: $(MAKE) -C gnu-efi \ ARCH=$(ARCH_GNUEFI) TOPDIR=$(TOPDIR)/gnu-efi \ diff --git a/errlog.c b/errlog.c index ac657151..cc6a89f5 100644 --- a/errlog.c +++ b/errlog.c @@ -11,25 +11,25 @@ static UINTN nerrs = 0; EFI_STATUS EFIAPI vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, - va_list args) + ms_va_list args) { - va_list args2; + ms_va_list args2; EFI_STATUS efi_status = EFI_SUCCESS; if (verbose) { - va_copy(args2, args); + ms_va_copy(args2, args); console_print(L"%a:%d:%a() ", file, line, func); efi_status = VPrint(fmt, args2); - va_end(args2); + ms_va_end(args2); } return efi_status; } EFI_STATUS EFIAPI VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, - va_list args) + ms_va_list args) { - va_list args2; + ms_va_list args2; CHAR16 **newerrs; newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs), @@ -40,11 +40,11 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func); if (!newerrs[nerrs]) return EFI_OUT_OF_RESOURCES; - va_copy(args2, args); + ms_va_copy(args2, args); newerrs[nerrs+1] = VPoolPrint(fmt, args2); if (!newerrs[nerrs+1]) return EFI_OUT_OF_RESOURCES; - va_end(args2); + ms_va_end(args2); nerrs += 2; newerrs[nerrs] = NULL; @@ -56,12 +56,12 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...) { - va_list args; + ms_va_list args; EFI_STATUS efi_status; - va_start(args, fmt); + ms_va_start(args, fmt); efi_status = VLogError(file, line, func, fmt, args); - va_end(args); + ms_va_end(args); return efi_status; } diff --git a/gnu-efi b/gnu-efi index 4444de49..f922aec7 160000 --- a/gnu-efi +++ b/gnu-efi @@ -1 +1 @@ -Subproject commit 4444de49c66b5b6758976ab1e3862bb17cff9d56 +Subproject commit f922aec7d6d60c245a4d1e1f82598d427c7765b5 diff --git a/include/console.h b/include/console.h index 036262ef..f56b1231 100644 --- a/include/console.h +++ b/include/console.h @@ -108,7 +108,7 @@ extern UINT32 verbose; #endif extern EFI_STATUS EFIAPI vdprint_(const CHAR16 *fmt, const char *file, int line, - const char *func, va_list args); + const char *func, ms_va_list args); #define vdprint(fmt, ...) \ vdprint_(fmt, __FILE__, __LINE__ - 1, __func__, ##__VA_ARGS__) diff --git a/include/hexdump.h b/include/hexdump.h index f778de9a..381e1a68 100644 --- a/include/hexdump.h +++ b/include/hexdump.h @@ -81,7 +81,7 @@ prepare_text(const void *data, size_t size, char *buf, unsigned int position) */ static inline void UNUSED EFIAPI vhexdumpf(const char *file, int line, const char *func, const CHAR16 *const fmt, - const void *data, unsigned long size, size_t at, va_list ap) + const void *data, unsigned long size, size_t at, ms_va_list ap) { unsigned long display_offset = at; unsigned long offset = 0; @@ -118,11 +118,11 @@ static inline void UNUSED EFIAPI hexdumpf(const char *file, int line, const char *func, const CHAR16 *const fmt, const void *data, unsigned long size, size_t at, ...) { - va_list ap; + ms_va_list ap; - va_start(ap, at); + ms_va_start(ap, at); vhexdumpf(file, line, func, fmt, data, size, at, ap); - va_end(ap); + ms_va_end(ap); } static inline void UNUSED diff --git a/include/system/efistdarg.h b/include/system/efistdarg.h index 837c4f23..034977cc 100644 --- a/include/system/efistdarg.h +++ b/include/system/efistdarg.h @@ -8,6 +8,10 @@ #ifndef _EFISTDARG_H_ #define _EFISTDARG_H_ +#ifndef GNU_EFI_USE_EXTERNAL_STDARG +#define GNU_EFI_USE_EXTERNAL_STDARG +#endif + #include #endif /* !_EFISTDARG_H_ */ diff --git a/include/system/stdarg.h b/include/system/stdarg.h index af1ac59b..ce722249 100644 --- a/include/system/stdarg.h +++ b/include/system/stdarg.h @@ -2,39 +2,79 @@ /* * stdarg.h - try to make consistent va_* handling for EFI */ -#ifdef SHIM_UNIT_TEST -#include_next -#else #ifndef _STDARG_H -#define _STDARG_H + +/* + * clang doesn't know about __builtin_sysv_va_list, apparently. + */ +#ifdef __clang__ +#pragma GCC diagnostic push +#pragma GCC diagnostic warning "-Wcpp" +typedef __builtin_va_list __builtin_sysv_va_list; +#warning clang builds may not work at all for anything other than scan-build +#pragma GCC diagnostic pop +#endif #ifndef GNU_EFI_USE_EXTERNAL_STDARG #define GNU_EFI_USE_EXTERNAL_STDARG #endif +#ifdef SHIM_UNIT_TEST +#include_next +#endif + #if defined(__aarch64__) || defined(__arm__) || defined(__i386__) || \ defined(__i486__) || defined(__i686__) || defined(SHIM_UNIT_TEST) -typedef __builtin_va_list va_list; -#define va_copy(dest, start) __builtin_va_copy(dest, start) -#define va_start(marker, arg) __builtin_va_start(marker, arg) -#define va_arg(marker, type) __builtin_va_arg(marker, type) -#define va_end(marker) __builtin_va_end(marker) + +typedef __builtin_va_list ms_va_list; +typedef __builtin_va_list __builtin_ms_va_list; +#define ms_va_copy(dest, start) __builtin_va_copy(dest, start) +#define ms_va_start(marker, arg) __builtin_va_start(marker, arg) +#define ms_va_arg(marker, type) __builtin_va_arg(marker, type) +#define ms_va_end(marker) __builtin_va_end(marker) + +typedef __builtin_va_list sysv_va_list; +#define sysv_va_copy(dest, start) __builtin_va_copy(dest, start) +#define sysv_va_start(marker, arg) __builtin_va_start(marker, arg) +#define sysv_va_arg(marker, type) __builtin_va_arg(marker, type) +#define sysv_va_end(marker) __builtin_va_end(marker) +/* + * OpenSSL's X509ConstructCertificateStack needs this. + */ +typedef __builtin_va_list VA_LIST; +#define VA_COPY(dest, start) __builtin_va_copy(dest, start) +#define VA_START(marker, arg) __builtin_va_start(marker, arg) +#define VA_END(marker) __builtin_va_end(marker) +#define VA_ARG(marker, type) __builtin_va_arg(marker, type) + #elif defined(__x86_64__) -typedef __builtin_ms_va_list va_list; -#define va_copy(dest, start) __builtin_ms_va_copy(dest, start) -#define va_start(marker, arg) __builtin_ms_va_start(marker, arg) -#define va_arg(marker, type) __builtin_va_arg(marker, type) -#define va_end(marker) __builtin_ms_va_end(marker) + +typedef __builtin_ms_va_list ms_va_list; +#define ms_va_copy(dest, start) __builtin_ms_va_copy(dest, start) +#define ms_va_start(marker, arg) __builtin_ms_va_start(marker, arg) +#define ms_va_arg(marker, type) __builtin_va_arg(marker, type) +#define ms_va_end(marker) __builtin_ms_va_end(marker) +typedef __builtin_sysv_va_list sysv_va_list; +#define sysv_va_copy(dest, start) __builtin_sysv_va_copy(dest, start) +#define sysv_va_start(marker, arg) __builtin_sysv_va_start(marker, arg) +#define sysv_va_arg(marker, type) __builtin_va_arg(marker, type) +#define sysv_va_end(marker) __builtin_sysv_va_end(marker) +/* + * OpenSSL's X509ConstructCertificateStack needs this. + */ +typedef __builtin_ms_va_list VA_LIST; +#define VA_COPY(dest, start) __builtin_ms_va_copy(dest, start) +#define VA_START(marker, arg) __builtin_ms_va_start(marker, arg) +#define VA_END(marker) __builtin_ms_va_end(marker) +#define VA_ARG(marker, type) __builtin_va_arg(marker, type) + #else #error what arch is this #endif -typedef va_list VA_LIST; -#define VA_COPY(dest, start) va_copy(dest, start) -#define VA_START(marker, arg) va_start(marker, arg) -#define VA_END(marker) va_end(marker) -#define VA_ARG(marker, type) va_arg(marker, type) +#ifndef _STDARG_H +#define _STDARG_H +#endif /* !_STDARG_H #2 */ #endif /* !_STDARG_H */ -#endif /* !SHIM_UNIT_TEST */ // vim:fenc=utf-8:tw=75:noet diff --git a/lib/console.c b/lib/console.c index 2da20b31..c310d213 100644 --- a/lib/console.c +++ b/lib/console.c @@ -86,15 +86,15 @@ VOID console_fini(VOID) UINTN EFIAPI console_print(const CHAR16 *fmt, ...) { - va_list args; + ms_va_list args; UINTN ret; if (!console_text_mode) setup_console(1); - va_start(args, fmt); + ms_va_start(args, fmt); ret = VPrint(fmt, args); - va_end(args); + ms_va_end(args); return ret; } @@ -103,7 +103,7 @@ UINTN EFIAPI console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) { SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; - va_list args; + ms_va_list args; UINTN ret; if (!console_text_mode) @@ -111,9 +111,9 @@ console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) co->SetCursorPosition(co, col, row); - va_start(args, fmt); + ms_va_start(args, fmt); ret = VPrint(fmt, args); - va_end(args); + ms_va_end(args); return ret; } diff --git a/shim.h b/shim.h index 44dddc7a..69ad2cc3 100644 --- a/shim.h +++ b/shim.h @@ -22,6 +22,7 @@ #if defined(__x86_64__) /* gcc 4.5.4 is the first documented release with -mabi=ms */ +/* gcc 4.7.1 is the first one with __builtin_ms_va_list */ #if !GNUC_PREREQ(4, 7) && !CLANG_PREREQ(3, 4) #error On x86_64 you must have a compiler new enough to support __attribute__((__ms_abi__)) #endif @@ -226,7 +227,7 @@ extern void shim_fini(void); extern EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...); extern EFI_STATUS EFIAPI VLogError(const char *file, int line, const char *func, - const CHAR16 *fmt, va_list args); + const CHAR16 *fmt, ms_va_list args); extern VOID LogHexdump_(const char *file, int line, const char *func, const void *data, size_t sz); extern VOID PrintErrors(VOID); -- cgit v1.2.3 From e13ac7386ea425c9222e05a2f9879d5af5cb91f6 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 4 Aug 2021 13:24:11 -0400 Subject: Make CopyMem() work with EFI's declaration EFI_BOOT_SERVICES includes CopyMem() and SetMem() functions which are marked EFIAPI, and in the case of CopyMem() does not mark the source argument as CONST. This patch makes all our invocations work with that, so (once gnu-efi's implementation is fixed to match) we can use the existing implementation as the implementation in a mock EFI_BOOT_SERVICES. Signed-off-by: Peter Jones --- Cryptlib/Hash/CryptMd5.c | 2 +- Cryptlib/Hash/CryptSha1.c | 2 +- Cryptlib/Hash/CryptSha256.c | 2 +- Cryptlib/Hash/CryptSha512.c | 4 ++-- Cryptlib/Include/OpenSslSupport.h | 4 ++-- Cryptlib/Pk/CryptPkcs7Verify.c | 2 +- httpboot.c | 6 +++--- lib/variables.c | 6 +++--- 8 files changed, 14 insertions(+), 14 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/Hash/CryptMd5.c b/Cryptlib/Hash/CryptMd5.c index ccf6ad00..b389f0e1 100644 --- a/Cryptlib/Hash/CryptMd5.c +++ b/Cryptlib/Hash/CryptMd5.c @@ -93,7 +93,7 @@ Md5Duplicate ( return FALSE; } - CopyMem (NewMd5Context, Md5Context, sizeof (MD5_CTX)); + CopyMem (NewMd5Context, (void *)Md5Context, sizeof (MD5_CTX)); return TRUE; } diff --git a/Cryptlib/Hash/CryptSha1.c b/Cryptlib/Hash/CryptSha1.c index 42cfd08a..3e67a805 100644 --- a/Cryptlib/Hash/CryptSha1.c +++ b/Cryptlib/Hash/CryptSha1.c @@ -92,7 +92,7 @@ Sha1Duplicate ( return FALSE; } - CopyMem (NewSha1Context, Sha1Context, sizeof (SHA_CTX)); + CopyMem (NewSha1Context, (void *)Sha1Context, sizeof (SHA_CTX)); return TRUE; } diff --git a/Cryptlib/Hash/CryptSha256.c b/Cryptlib/Hash/CryptSha256.c index 06ecb2e9..05bc6b0a 100644 --- a/Cryptlib/Hash/CryptSha256.c +++ b/Cryptlib/Hash/CryptSha256.c @@ -91,7 +91,7 @@ Sha256Duplicate ( return FALSE; } - CopyMem (NewSha256Context, Sha256Context, sizeof (SHA256_CTX)); + CopyMem (NewSha256Context, (void *)Sha256Context, sizeof (SHA256_CTX)); return TRUE; } diff --git a/Cryptlib/Hash/CryptSha512.c b/Cryptlib/Hash/CryptSha512.c index 3ce372a0..16063b23 100644 --- a/Cryptlib/Hash/CryptSha512.c +++ b/Cryptlib/Hash/CryptSha512.c @@ -93,7 +93,7 @@ Sha384Duplicate ( return FALSE; } - CopyMem (NewSha384Context, Sha384Context, sizeof (SHA512_CTX)); + CopyMem (NewSha384Context, (void *)Sha384Context, sizeof (SHA512_CTX)); return TRUE; } @@ -308,7 +308,7 @@ Sha512Duplicate ( return FALSE; } - CopyMem (NewSha512Context, Sha512Context, sizeof (SHA512_CTX)); + CopyMem (NewSha512Context, (void *)Sha512Context, sizeof (SHA512_CTX)); return TRUE; } diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index b97149e2..0c2fb8b0 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -262,11 +262,11 @@ extern FILE *stdout; // // Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions // -#define memcpy(dest,source,count) ( {CopyMem(dest,source,(UINTN)(count)); dest; }) +#define memcpy(dest,source,count) ( {CopyMem(dest,(void *)source,(UINTN)(count)); dest; }) #define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch)) #define memchr(buf,ch,count) ScanMem8((CHAR8 *)buf,(UINTN)(count),ch) #define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count))) -#define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count)) +#define memmove(dest,source,count) CopyMem(dest,(void *)source,(UINTN)(count)) #define localtime(timer) NULL #define assert(expression) #define atoi(nptr) AsciiStrDecimalToUintn((const CHAR8 *)nptr) diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c index 09895d8c..c1893848 100644 --- a/Cryptlib/Pk/CryptPkcs7Verify.c +++ b/Cryptlib/Pk/CryptPkcs7Verify.c @@ -216,7 +216,7 @@ WrapPkcs7Data ( // // Part7: P7Data. // - CopyMem (SignedData + 19, P7Data, P7Length); + CopyMem (SignedData + 19, (void *)P7Data, P7Length); } *WrapFlag = Wrapped; diff --git a/httpboot.c b/httpboot.c index 5d16bc1e..3340a7f9 100644 --- a/httpboot.c +++ b/httpboot.c @@ -179,8 +179,8 @@ generate_next_uri (CONST CHAR8 *current_uri, CONST CHAR8 *next_loader, if (!*uri) return EFI_OUT_OF_RESOURCES; - CopyMem(*uri, current_uri, path_len); - CopyMem(*uri + path_len, next_loader, next_len); + CopyMem(*uri, (void *)current_uri, path_len); + CopyMem(*uri + path_len, (void *)next_loader, next_len); (*uri)[path_len + next_len] = '\0'; return EFI_SUCCESS; @@ -209,7 +209,7 @@ extract_hostname (CONST CHAR8 *url, CHAR8 **hostname) if (!*hostname) return EFI_OUT_OF_RESOURCES; - CopyMem(*hostname, start, host_len); + CopyMem(*hostname, (void *)start, host_len); (*hostname)[host_len] = '\0'; return EFI_SUCCESS; diff --git a/lib/variables.c b/lib/variables.c index ff61d0e2..3ec05478 100644 --- a/lib/variables.c +++ b/lib/variables.c @@ -49,7 +49,7 @@ fill_esl(const EFI_SIGNATURE_DATA *first_sig, const size_t howmany, sl->SignatureListSize = needed; sd = (EFI_SIGNATURE_DATA *)(out + sizeof(EFI_SIGNATURE_LIST)); - CopyMem(sd, first_sig, data_len); + CopyMem(sd, (void *)first_sig, data_len); return EFI_SUCCESS; } @@ -69,8 +69,8 @@ fill_esl_with_one_signature(const uint8_t *data, const uint32_t data_len, if (out) { sd = AllocateZeroPool(sig_size); if (owner) - CopyMem(sd, owner, sizeof(EFI_GUID)); - CopyMem(sd->SignatureData, data, data_len); + CopyMem(sd, (void *)owner, sizeof(EFI_GUID)); + CopyMem(sd->SignatureData, (void *)data, data_len); } efi_status = fill_esl(sd, 1, type, sig_size, out, outlen); -- cgit v1.2.3 From 53509eaf2253e23bfb552e9386fd0877abe592b4 Mon Sep 17 00:00:00 2001 From: Jian J Wang Date: Thu, 25 Apr 2019 23:42:16 +0800 Subject: CryptoPkg/BaseCryptLib: fix NULL dereference AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded signed authenticode pkcs#7 data. when this successfully returns, a type check is done by calling PKCS7_type_is_signed() and then Pkcs7->d.sign->contents->type is used. It is possible to construct an asn1 blob that successfully decodes and have d2i_PKCS7() return a valid pointer and have PKCS7_type_is_signed() also return success but have Pkcs7->d.sign be a NULL pointer. Looking at how PKCS7_verify() [inside of OpenSSL] implements checking for pkcs7 structs it does the following: - call PKCS7_type_is_signed() - call PKCS7_get_detached() Looking into how PKCS7_get_detatched() is implemented, it checks to see if p7->d.sign is NULL or if p7->d.sign->contents->d.ptr is NULL. As such, the fix is to do the same as OpenSSL after calling d2i_PKCS7(). - Add call to PKS7_get_detached() to existing error handling Cc: Chao Zhang Cc: Jiewen Yao Signed-off-by: Jian J Wang Cherry-picked-from: https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10 --- Cryptlib/Pk/CryptAuthenticode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c index 74e50a2e..f6f988b8 100644 --- a/Cryptlib/Pk/CryptAuthenticode.c +++ b/Cryptlib/Pk/CryptAuthenticode.c @@ -9,7 +9,7 @@ AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for data structure. -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2011 - 2019, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -106,7 +106,7 @@ AuthenticodeVerify ( // // Check if it's PKCS#7 Signed Data (for Authenticode Scenario) // - if (!PKCS7_type_is_signed (Pkcs7)) { + if (!PKCS7_type_is_signed (Pkcs7) || PKCS7_get_detached (Pkcs7)) { goto _Exit; } -- cgit v1.2.3 From 89972ae25c133df31290f394413c19ea903219ad Mon Sep 17 00:00:00 2001 From: Long Qin Date: Wed, 1 Nov 2017 16:10:04 +0800 Subject: CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper There is one long-standing problem in CRT realloc wrapper, which will cause the obvious buffer overflow issue when re-allocating one bigger memory block: void *realloc (void *ptr, size_t size) { // // BUG: hardcode OldSize == size! We have no any knowledge about // memory size of original pointer ptr. // return ReallocatePool ((UINTN) size, (UINTN) size, ptr); } This patch introduces one extra header to record the memory buffer size information when allocating memory block from malloc routine, and re-wrap the realloc() and free() routines to remove this BUG. Cc: Laszlo Ersek Cc: Ting Ye Cc: Jian J Wang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long Reviewed-by: Jian J Wang Validated-by: Jian J Wang Cherry picked from https://github.com/tianocore/edk2.git, commit cf8197a39d07179027455421a182598bd6989999. Changes: * `SIGNATURE_32` -> `EFI_SIGNATURE_32` * Added definition of `MIN` Fixes https://github.com/rhboot/shim/issues/538 Signed-off-by: Nicholas Bishop --- Cryptlib/SysCall/BaseMemAllocation.c | 85 +++++++++++++++++++++++++++++++++--- 1 file changed, 78 insertions(+), 7 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/SysCall/BaseMemAllocation.c b/Cryptlib/SysCall/BaseMemAllocation.c index 792b29e8..7a565ffd 100644 --- a/Cryptlib/SysCall/BaseMemAllocation.c +++ b/Cryptlib/SysCall/BaseMemAllocation.c @@ -15,6 +15,20 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include +// +// Extra header to record the memory buffer size from malloc routine. +// +#define CRYPTMEM_HEAD_SIGNATURE EFI_SIGNATURE_32('c','m','h','d') +typedef struct { + UINT32 Signature; + UINT32 Reserved; + UINTN Size; +} CRYPTMEM_HEAD; + +#define CRYPTMEM_OVERHEAD sizeof(CRYPTMEM_HEAD) + +#define MIN(a, b) ({(a) < (b) ? (a) : (b);}) + // // -- Memory-Allocation Routines -- // @@ -22,27 +36,84 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. /* Allocates memory blocks */ void *malloc (size_t size) { - return AllocatePool ((UINTN) size); + CRYPTMEM_HEAD *PoolHdr; + UINTN NewSize; + VOID *Data; + + // + // Adjust the size by the buffer header overhead + // + NewSize = (UINTN)(size) + CRYPTMEM_OVERHEAD; + + Data = AllocatePool (NewSize); + if (Data != NULL) { + PoolHdr = (CRYPTMEM_HEAD *)Data; + // + // Record the memory brief information + // + PoolHdr->Signature = CRYPTMEM_HEAD_SIGNATURE; + PoolHdr->Size = size; + + return (VOID *)(PoolHdr + 1); + } else { + // + // The buffer allocation failed. + // + return NULL; + } } /* Reallocate memory blocks */ void *realloc (void *ptr, size_t size) { - // - // BUG: hardcode OldSize == size! We have no any knowledge about - // memory size of original pointer ptr. - // - return ReallocatePool (ptr, (UINTN) size, (UINTN) size); + CRYPTMEM_HEAD *OldPoolHdr; + CRYPTMEM_HEAD *NewPoolHdr; + UINTN OldSize; + UINTN NewSize; + VOID *Data; + + NewSize = (UINTN)size + CRYPTMEM_OVERHEAD; + Data = AllocatePool (NewSize); + if (Data != NULL) { + NewPoolHdr = (CRYPTMEM_HEAD *)Data; + NewPoolHdr->Signature = CRYPTMEM_HEAD_SIGNATURE; + NewPoolHdr->Size = size; + if (ptr != NULL) { + // + // Retrieve the original size from the buffer header. + // + OldPoolHdr = (CRYPTMEM_HEAD *)ptr - 1; + ASSERT (OldPoolHdr->Signature == CRYPTMEM_HEAD_SIGNATURE); + OldSize = OldPoolHdr->Size; + + // + // Duplicate the buffer content. + // + CopyMem ((VOID *)(NewPoolHdr + 1), ptr, MIN (OldSize, size)); + FreePool ((VOID *)OldPoolHdr); + } + + return (VOID *)(NewPoolHdr + 1); + } else { + // + // The buffer allocation failed. + // + return NULL; + } } /* De-allocates or frees a memory block */ void free (void *ptr) { + CRYPTMEM_HEAD *PoolHdr; + // // In Standard C, free() handles a null pointer argument transparently. This // is not true of FreePool() below, so protect it. // if (ptr != NULL) { - FreePool (ptr); + PoolHdr = (CRYPTMEM_HEAD *)ptr - 1; + ASSERT (PoolHdr->Signature == CRYPTMEM_HEAD_SIGNATURE); + FreePool (PoolHdr); } } -- cgit v1.2.3 From 243f12589dbb5e9549d0e08760a03f3a41cd82a2 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 14 Jun 2023 16:04:12 -0400 Subject: Use -Wno-unused-but-set-variable for Cryptlib and OpenSSL Cryptlib and OpenSSL both currently throw warnings with some compilers using -Wunused-but-set-variable: clang -std=gnu11 -ggdb -ffreestanding -fmacro-prefix-map=/home/pjones/devel/github.com/shim/main/= -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -m64 -mno-mmx -mno-sse -mno-red-zone -Os -Wall -Wextra -Wno-missing-field-initializers -Wno-unused-parameter -Werror -I/home/pjones/devel/github.com/shim/main/Cryptlib -I/home/pjones/devel/github.com/shim/main/Cryptlib/Include -I/home/pjones/devel/github.com/shim/main/gnu-efi/inc -I/home/pjones/devel/github.com/shim/main/gnu-efi/inc/x86_64 -I/home/pjones/devel/github.com/shim/main/gnu-efi/inc/protocol -isystem /home/pjones/devel/github.com/shim/main/include/system -isystem /usr/lib64/clang/16/include -DMDE_CPU_X64 -c -o Pk/CryptX509.o Pk/CryptX509.c Pk/CryptX509.c:94:19: error: variable 'Index' set but not used [-Werror,-Wunused-but-set-variable] UINTN Index; ^ clang -std=gnu11 -ggdb -ffreestanding -fmacro-prefix-map=/home/pjones/devel/github.com/shim/main/= -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -m64 -mno-mmx -mno-sse -mno-red-zone -Os -Wall -Wextra -Wno-missing-field-initializers -Wno-empty-body -Wno-implicit-fallthrough -Wno-unused-parameter -Werror -I/home/pjones/devel/github.com/shim/main/Cryptlib/OpenSSL -I/home/pjones/devel/github.com/shim/main/Cryptlib -I/home/pjones/devel/github.com/shim/main/Cryptlib/OpenSSL/Include/ -I/home/pjones/devel/github.com/shim/main/Cryptlib/OpenSSL/crypto -I/home/pjones/devel/github.com/shim/main/Cryptlib/Include -I/home/pjones/devel/github.com/shim/main/gnu-efi/inc -I/home/pjones/devel/github.com/shim/main/gnu-efi/inc/x86_64 -I/home/pjones/devel/github.com/shim/main/gnu-efi/inc/protocol -I/home/pjones/devel/github.com/shim/main/Cryptlib/OpenSSL/crypto/asn1 -I/home/pjones/devel/github.com/shim/main/Cryptlib/OpenSSL/crypto/evp -I/home/pjones/devel/github.com/shim/main/Cryptlib/OpenSSL/crypto/modes -I/home/pjones/devel/github.com/shim/main/Cryptlib/OpenSSL/crypto/include -isystem /home/pjones/devel/github.com/shim/main/include/system -isystem /usr/lib64/clang/16/include -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC -DMDE_CPU_X64 -c -o crypto/asn1/t_x509.o crypto/asn1/t_x509.c crypto/asn1/t_x509.c:504:18: error: variable 'l' set but not used [-Werror,-Wunused-but-set-variable] int ret = 0, l, i; ^ Since we normally build with -Werror, these cause builds to fail in these cases. While the bad code should be addressed, it appears generally safe, so we should solve it upstream. This patch adds -Wno-unused-but-set-variable to the Cryptlib Makefile, and removes the conditionalization on gcc in the OpenSSL Makefile, as clang now has this argument, and since we don't support building with clang for the final build, it's useful to have clang-based tools working. Signed-off-by: Peter Jones --- Cryptlib/Makefile | 3 ++- Cryptlib/OpenSSL/Makefile | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 89fd5cdc..626788c9 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -11,7 +11,8 @@ INCLUDES = -I$(CRYPTDIR) -I$(CRYPTDIR)/Include \ -isystem $(TOPDIR)/include/system \ -isystem $(shell $(CC) -print-file-name=include) -WARNFLAGS += -Wno-unused-parameter +WARNFLAGS += -Wno-unused-parameter \ + -Wno-unused-but-set-variable CFLAGS = $(FEATUREFLAGS) \ $(OPTIMIZATIONS) \ diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 795f471d..d59c5d7a 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -23,7 +23,7 @@ FEATUREFLAGS += -nostdinc WARNFLAGS += -Wno-empty-body \ -Wno-implicit-fallthrough \ $(if $(findstring gcc,$(CC)),-Wno-old-style-declaration) \ - $(if $(findstring gcc,$(CC)),-Wno-unused-but-set-variable) \ + -Wno-unused-but-set-variable \ -Wno-unused-parameter CFLAGS = $(FEATUREFLAGS) \ -- cgit v1.2.3 From 0c9249d13bced071986ada03846e2241143a1ad4 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 17 Dec 2024 13:07:38 -0500 Subject: Suppress some warnings even harder in Cryptlib and OpenSSL. In some cases the -Werror / -Wfoo / -Wno-foo / -Wno-error=foo bits aren't propagating in a way that clang is happy with, so we get errors about unused variables and the like in Cryptlib and OpenSSL. We're never going to fix those nits in this tree, so this patch tries even harder to make the compiler ignore them, or at least not end the build with a benign error. Signed-off-by: Peter Jones --- Cryptlib/Makefile | 3 +++ Cryptlib/OpenSSL/Makefile | 3 +++ 2 files changed, 6 insertions(+) (limited to 'Cryptlib') diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 626788c9..51f4ca1d 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -14,6 +14,9 @@ INCLUDES = -I$(CRYPTDIR) -I$(CRYPTDIR)/Include \ WARNFLAGS += -Wno-unused-parameter \ -Wno-unused-but-set-variable +WERRFLAGS += -Wno-error=unused-but-set-variable \ + -Wno-error=unused-parameter + CFLAGS = $(FEATUREFLAGS) \ $(OPTIMIZATIONS) \ $(WARNFLAGS) \ diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index d59c5d7a..e517bcfd 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -26,6 +26,9 @@ WARNFLAGS += -Wno-empty-body \ -Wno-unused-but-set-variable \ -Wno-unused-parameter +WERRFLAGS += -Wno-error=unused-but-set-variable \ + -Wno-error=unused-parameter + CFLAGS = $(FEATUREFLAGS) \ $(OPTIMIZATIONS) \ $(WARNFLAGS) \ -- cgit v1.2.3 From 15c1a9a310645ceb958587fe000d5f60ed3bc4bd Mon Sep 17 00:00:00 2001 From: Gary Lin Date: Wed, 5 Jun 2024 15:31:04 +0800 Subject: Implement the CodeSign EKU check to fulfill the requirements of NIAP OS_PP. Also modify the ModSign EKU check to use VerifyEKUsInPkcs7Signature() to check the signer certificate instead of the certificate directly from the key database. This commit supersedes the PR#232 and PR#661 (Apply the EKU checks) so that author's original codes can be quite independent of other modification. To answer the question in PR#232, author also changed the conditional statement to EFI_Status != EFI_SUCCESS right after VerifyEKUsInPkcs7Signature() in Cryptlib/Pk/CryptPkcs7Verify.c Signed-off-by: Dennis Tseng Signed-off-by: Gary Lin --- Cryptlib/InternalCryptLib.h | 32 +++ Cryptlib/Library/BaseCryptLib.h | 40 +++ Cryptlib/Makefile | 1 + Cryptlib/Pk/CryptPkcs7Verify.c | 10 + Cryptlib/Pk/CryptPkcs7VerifyEku.c | 516 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 599 insertions(+) create mode 100644 Cryptlib/Pk/CryptPkcs7VerifyEku.c (limited to 'Cryptlib') diff --git a/Cryptlib/InternalCryptLib.h b/Cryptlib/InternalCryptLib.h index dc1a95e6..b713ed1c 100644 --- a/Cryptlib/InternalCryptLib.h +++ b/Cryptlib/InternalCryptLib.h @@ -32,5 +32,37 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define OBJ_length(o) ((o)->length) #endif +/** + Check input P7Data is a wrapped ContentInfo structure or not. If not construct + a new structure to wrap P7Data. + + Caution: This function may receive untrusted input. + UEFI Authenticated Variable is external input, so this function will do basic + check for PKCS#7 data structure. + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise + return FALSE. + @param[out] WrapData If return status of this function is TRUE: + 1) when WrapFlag is TRUE, pointer to P7Data. + 2) when WrapFlag is FALSE, pointer to a new ContentInfo + structure. It's caller's responsibility to free this + buffer. + @param[out] WrapDataSize Length of ContentInfo structure in bytes. + + @retval TRUE The operation is finished successfully. + @retval FALSE The operation is failed due to lack of resources. + +**/ +BOOLEAN +WrapPkcs7Data ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT BOOLEAN *WrapFlag, + OUT UINT8 **WrapData, + OUT UINTN *WrapDataSize + ); + #endif diff --git a/Cryptlib/Library/BaseCryptLib.h b/Cryptlib/Library/BaseCryptLib.h index 2df8bd2f..ed482d3f 100644 --- a/Cryptlib/Library/BaseCryptLib.h +++ b/Cryptlib/Library/BaseCryptLib.h @@ -2403,6 +2403,46 @@ Pkcs7Verify ( IN UINTN DataLength ); +/** + This function receives a PKCS#7 formatted signature blob, + looks for the EKU SEQUENCE blob, and if found then looks + for all the required EKUs. This function was created so that + the Surface team can cut down on the number of Certificate + Authorities (CA's) by checking EKU's on leaf signers for + a specific product. This prevents one product's certificate + from signing another product's firmware or unlock blobs. + + Note that this function does not validate the certificate chain. + That needs to be done before using this function. + + @param[in] Pkcs7Signature The PKCS#7 signed information content block. An array + containing the content block with both the signature, + the signer's certificate, and any necessary intermediate + certificates. + @param[in] Pkcs7SignatureSize Number of bytes in Pkcs7Signature. + @param[in] RequiredEKUs Array of null-terminated strings listing OIDs of + required EKUs that must be present in the signature. + @param[in] RequiredEKUsSize Number of elements in the RequiredEKUs string array. + @param[in] RequireAllPresent If this is TRUE, then all of the specified EKU's + must be present in the leaf signer. If it is + FALSE, then we will succeed if we find any + of the specified EKU's. + + @retval EFI_SUCCESS The required EKUs were found in the signature. + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_NOT_FOUND One or more EKU's were not found in the signature. + +**/ +EFI_STATUS +EFIAPI +VerifyEKUsInPkcs7Signature ( + IN CONST UINT8 *Pkcs7Signature, + IN CONST UINT32 SignatureSize, + IN CONST CHAR8 *RequiredEKUs[], + IN CONST UINT32 RequiredEKUsSize, + IN BOOLEAN RequireAllPresent + ); + /** Extracts the attached content from a PKCS#7 signed data if existed. The input signed data could be wrapped in a ContentInfo structure. diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 51f4ca1d..023da637 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -60,6 +60,7 @@ OBJS = Hash/CryptMd4Null.o \ Pk/CryptRsaExtNull.o \ Pk/CryptPkcs7SignNull.o \ Pk/CryptPkcs7Verify.o \ + Pk/CryptPkcs7VerifyEku.o \ Pk/CryptDhNull.o \ Pk/CryptTs.o \ Pk/CryptX509.o \ diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c index c1893848..fd523c59 100644 --- a/Cryptlib/Pk/CryptPkcs7Verify.c +++ b/Cryptlib/Pk/CryptPkcs7Verify.c @@ -29,6 +29,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 }; +/* EKU CodeSign */ +CHAR8 mOidCodeSign[] = "1.3.6.1.5.5.7.3.3"; #if 1 #if OPENSSL_VERSION_NUMBER < 0x10100000L @@ -846,6 +848,8 @@ Pkcs7Verify ( CONST UINT8 *Temp; UINTN SignedDataSize; BOOLEAN Wrapped; + CONST CHAR8 *Ekus[1]; + EFI_STATUS EFI_Status; // // Check input parameters. @@ -859,6 +863,7 @@ Pkcs7Verify ( DataBio = NULL; Cert = NULL; CertStore = NULL; + Ekus[0] = mOidCodeSign; // // Register & Initialize necessary digest algorithms for PKCS#7 Handling @@ -958,6 +963,11 @@ Pkcs7Verify ( // X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY); + EFI_Status = VerifyEKUsInPkcs7Signature(P7Data, P7Length, Ekus, 1, TRUE); + if (EFI_Status != EFI_SUCCESS) { + goto _Exit; + } + // // Verifies the PKCS#7 signedData structure // diff --git a/Cryptlib/Pk/CryptPkcs7VerifyEku.c b/Cryptlib/Pk/CryptPkcs7VerifyEku.c new file mode 100644 index 00000000..f277f1dd --- /dev/null +++ b/Cryptlib/Pk/CryptPkcs7VerifyEku.c @@ -0,0 +1,516 @@ +/** @file + This module verifies that Enhanced Key Usages (EKU's) are present within + a PKCS7 signature blob using OpenSSL. + + Copyright (C) Microsoft Corporation. All Rights Reserved. + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include "InternalCryptLib.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/** + This function will return the leaf signer certificate in a chain. This is + required because certificate chains are not guaranteed to have the + certificates in the order that they were issued. + + A typical certificate chain looks like this: + + + ---------------------------- + | Root | + ---------------------------- + ^ + | + ---------------------------- + | Policy CA | <-- Typical Trust Anchor. + ---------------------------- + ^ + | + ---------------------------- + | Issuing CA | + ---------------------------- + ^ + | + ----------------------------- + / End-Entity (leaf) signer / <-- Bottom certificate. + ----------------------------- EKU: "1.3.6.1.4.1.311.76.9.21.1" + (Firmware Signing) + + + @param[in] CertChain Certificate chain. + + @param[out] SignerCert Last certificate in the chain. For PKCS7 signatures, + this will be the end-entity (leaf) signer cert. + + @retval EFI_SUCCESS The required EKUs were found in the signature. + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_NOT_FOUND The number of signers found was not 1. + +**/ +EFI_STATUS +GetSignerCertificate ( + IN CONST PKCS7 *CertChain, + OUT X509 **SignerCert + ) +{ + EFI_STATUS Status; + STACK_OF(X509) *Signers; + INT32 NumberSigners; + + Status = EFI_SUCCESS; + Signers = NULL; + NumberSigners = 0; + + if (CertChain == NULL || SignerCert == NULL) { + Status = EFI_INVALID_PARAMETER; + goto Exit; + } + + // + // Get the signers from the chain. + // + Signers = PKCS7_get0_signers ((PKCS7*) CertChain, NULL, PKCS7_BINARY); + if (Signers == NULL) { + // + // Fail to get signers form PKCS7 + // + Status = EFI_INVALID_PARAMETER; + goto Exit; + } + + // + // There should only be one signer in the PKCS7 stack. + // + NumberSigners = sk_X509_num (Signers); + if (NumberSigners != 1) { + // + // The number of singers should have been 1 + // + Status = EFI_NOT_FOUND; + goto Exit; + } + + *SignerCert = sk_X509_value (Signers, 0); + +Exit: + // + // Release Resources + // + if (Signers != NULL) { + sk_X509_free (Signers); + } + + return Status; +} + + +/** + Determines if the specified EKU represented in ASN1 form is present + in a given certificate. + + @param[in] Cert The certificate to check. + + @param[in] Asn1ToFind The EKU to look for. + + @retval EFI_SUCCESS We successfully identified the signing type. + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_NOT_FOUND One or more EKU's were not found in the signature. + +**/ +EFI_STATUS +IsEkuInCertificate ( + IN CONST X509 *Cert, + IN ASN1_OBJECT *Asn1ToFind + ) +{ + EFI_STATUS Status; + X509 *ClonedCert; + X509_EXTENSION *Extension; + EXTENDED_KEY_USAGE *Eku; + INT32 ExtensionIndex; + INTN NumExtensions; + ASN1_OBJECT *Asn1InCert; + INTN Index; + + Status = EFI_NOT_FOUND; + ClonedCert = NULL; + Extension = NULL; + Eku = NULL; + ExtensionIndex = -1; + NumExtensions = 0; + Asn1InCert = NULL; + + if (Cert == NULL || Asn1ToFind == NULL) { + Status = EFI_INVALID_PARAMETER; + goto Exit; + } + + // + // Clone the certificate. This is required because the Extension API's + // only work once per instance of an X509 object. + // + ClonedCert = X509_dup ((X509*)Cert); + if (ClonedCert == NULL) { + // + // Fail to duplicate cert. + // + Status = EFI_INVALID_PARAMETER; + goto Exit; + } + + // + // Look for the extended key usage. + // + ExtensionIndex = X509_get_ext_by_NID (ClonedCert, NID_ext_key_usage, -1); + + if (ExtensionIndex < 0) { + // + // Fail to find 'NID_ext_key_usage' in Cert. + // + goto Exit; + } + + Extension = X509_get_ext (ClonedCert, ExtensionIndex); + if (Extension == NULL) { + // + // Fail to get Extension form cert. + // + goto Exit; + } + + Eku = (EXTENDED_KEY_USAGE*)X509V3_EXT_d2i (Extension); + if (Eku == NULL) { + // + // Fail to get Eku from extension. + // + goto Exit; + } + + NumExtensions = sk_ASN1_OBJECT_num (Eku); + + // + // Now loop through the extensions, looking for the specified Eku. + // + for (Index = 0; Index < NumExtensions; Index++) { + Asn1InCert = sk_ASN1_OBJECT_value (Eku, (INT32)Index); + if (Asn1InCert == NULL) { + // + // Fail to get ASN object from Eku. + // + goto Exit; + } + + if (OBJ_cmp(Asn1InCert, Asn1ToFind) == 0) { + // + // Found Eku in certificate. + // + Status = EFI_SUCCESS; + goto Exit; + } + } + +Exit: + + // + // Release Resources + // + if (ClonedCert != NULL) { + X509_free (ClonedCert); + } + + if (Eku != NULL) { + sk_ASN1_OBJECT_pop_free (Eku, ASN1_OBJECT_free); + } + + return Status; +} + + +/** + Determines if the specified EKUs are present in a signing certificate. + + @param[in] SignerCert The certificate to check. + @param[in] RequiredEKUs The EKUs to look for. + @param[in] RequiredEKUsSize The number of EKUs + @param[in] RequireAllPresent If TRUE, then all the specified EKUs + must be present in the certificate. + + @retval EFI_SUCCESS We successfully identified the signing type. + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_NOT_FOUND One or more EKU's were not found in the signature. +**/ +EFI_STATUS +CheckEKUs( + IN CONST X509 *SignerCert, + IN CONST CHAR8 *RequiredEKUs[], + IN CONST UINT32 RequiredEKUsSize, + IN BOOLEAN RequireAllPresent + ) +{ + EFI_STATUS Status; + ASN1_OBJECT *Asn1ToFind; + UINT32 NumEkusFound; + UINT32 Index; + + Status = EFI_NOT_FOUND; + Asn1ToFind = NULL; + NumEkusFound = 0; + + if (SignerCert == NULL || RequiredEKUs == NULL || RequiredEKUsSize == 0) { + Status = EFI_INVALID_PARAMETER; + goto Exit; + } + + for (Index = 0; Index < RequiredEKUsSize; Index++) { + // + // Finding required EKU in cert. + // + if (Asn1ToFind != NULL) { + ASN1_OBJECT_free(Asn1ToFind); + Asn1ToFind = NULL; + } + + Asn1ToFind = OBJ_txt2obj (RequiredEKUs[Index], 0); + if (Asn1ToFind == NULL) { + // + // Fail to convert required EKU to ASN1. + // + Status = EFI_INVALID_PARAMETER; + goto Exit; + } + + Status = IsEkuInCertificate (SignerCert, Asn1ToFind); + if (Status == EFI_SUCCESS) { + NumEkusFound++; + if (!RequireAllPresent) { + // + // Found at least one, so we are done. + // + goto Exit; + } + } else { + // + // Fail to find Eku in cert + break; + } + } + +Exit: + + if (Asn1ToFind != NULL) { + ASN1_OBJECT_free(Asn1ToFind); + } + + if (RequireAllPresent && + NumEkusFound == RequiredEKUsSize) { + // + // Found all required EKUs in certificate. + // + Status = EFI_SUCCESS; + } + + return Status; +} + +/** + This function receives a PKCS#7 formatted signature blob, + looks for the EKU SEQUENCE blob, and if found then looks + for all the required EKUs. This function was created so that + the Surface team can cut down on the number of Certificate + Authorities (CA's) by checking EKU's on leaf signers for + a specific product. This prevents one product's certificate + from signing another product's firmware or unlock blobs. + + Note that this function does not validate the certificate chain. + That needs to be done before using this function. + + @param[in] Pkcs7Signature The PKCS#7 signed information content block. An array + containing the content block with both the signature, + the signer's certificate, and any necessary intermediate + certificates. + @param[in] Pkcs7SignatureSize Number of bytes in Pkcs7Signature. + @param[in] RequiredEKUs Array of null-terminated strings listing OIDs of + required EKUs that must be present in the signature. + @param[in] RequiredEKUsSize Number of elements in the RequiredEKUs string array. + @param[in] RequireAllPresent If this is TRUE, then all of the specified EKU's + must be present in the leaf signer. If it is + FALSE, then we will succeed if we find any + of the specified EKU's. + + @retval EFI_SUCCESS The required EKUs were found in the signature. + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_NOT_FOUND One or more EKU's were not found in the signature. + +**/ +EFI_STATUS +EFIAPI +VerifyEKUsInPkcs7Signature ( + IN CONST UINT8 *Pkcs7Signature, + IN CONST UINT32 SignatureSize, + IN CONST CHAR8 *RequiredEKUs[], + IN CONST UINT32 RequiredEKUsSize, + IN BOOLEAN RequireAllPresent + ) +{ + EFI_STATUS Status; + PKCS7 *Pkcs7; + STACK_OF(X509) *CertChain; + INT32 SignatureType; + INT32 NumberCertsInSignature; + X509 *SignerCert; + UINT8 *SignedData; + UINT8 *Temp; + UINTN SignedDataSize; + BOOLEAN IsWrapped; + BOOLEAN Ok; + + Status = EFI_SUCCESS; + Pkcs7 = NULL; + CertChain = NULL; + SignatureType = 0; + NumberCertsInSignature = 0; + SignerCert = NULL; + SignedData = NULL; + SignedDataSize = 0; + IsWrapped = FALSE; + Ok = FALSE; + + // + //Validate the input parameters. + // + if (Pkcs7Signature == NULL || + SignatureSize == 0 || + RequiredEKUs == NULL || + RequiredEKUsSize == 0) { + Status = EFI_INVALID_PARAMETER; + goto Exit; + } + + if (RequiredEKUsSize == 1) { + RequireAllPresent = TRUE; + } + + // + // Wrap the PKCS7 data if needed. + // + Ok = WrapPkcs7Data (Pkcs7Signature, + SignatureSize, + &IsWrapped, + &SignedData, + &SignedDataSize); + if (!Ok) { + // + // Fail to Wrap the PKCS7 data. + // + Status = EFI_INVALID_PARAMETER; + goto Exit; + } + + Temp = SignedData; + + // + // Create the PKCS7 object. + // + Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (INT32)SignedDataSize); + if (Pkcs7 == NULL) { + // + // Fail to read PKCS7 data. + // + Status = EFI_INVALID_PARAMETER; + goto Exit; + } + + // + // Get the certificate chain. + // + SignatureType = OBJ_obj2nid (Pkcs7->type); + switch (SignatureType) { + case NID_pkcs7_signed: + if (Pkcs7->d.sign != NULL) { + CertChain = Pkcs7->d.sign->cert; + } + break; + case NID_pkcs7_signedAndEnveloped: + if (Pkcs7->d.signed_and_enveloped != NULL) { + CertChain = Pkcs7->d.signed_and_enveloped->cert; + } + break; + default: + break; + } + + // + // Ensure we have a certificate stack + // + if (CertChain == NULL) { + // + // Fail to get the certificate stack from signature. + // + Status = EFI_INVALID_PARAMETER; + goto Exit; + } + + // + // Find out how many certificates were in the PKCS7 signature. + // + NumberCertsInSignature = sk_X509_num (CertChain); + + if (NumberCertsInSignature == 0) { + // + // Fail to find any certificates in signature. + // + Status = EFI_INVALID_PARAMETER; + goto Exit; + } + + // + // Get the leaf signer. + // + Status = GetSignerCertificate (Pkcs7, &SignerCert); + if (Status != EFI_SUCCESS || SignerCert == NULL) { + // + // Fail to get the end-entity leaf signer certificate. + // + Status = EFI_INVALID_PARAMETER; + goto Exit; + } + + Status = CheckEKUs (SignerCert, RequiredEKUs, RequiredEKUsSize, RequireAllPresent); + if (Status != EFI_SUCCESS) { + goto Exit; + } + +Exit: + + // + // Release Resources + // + // If the signature was not wrapped, then the call to WrapData() will allocate + // the data and add a header to it + // + if (!IsWrapped && SignedData) { + free (SignedData); + } + + if (Pkcs7 != NULL) { + PKCS7_free (Pkcs7); + } + + return Status; +} + -- cgit v1.2.3 From eb02afc6f822576b73b7added3966ad7e72fd342 Mon Sep 17 00:00:00 2001 From: Dennis Tseng Date: Wed, 5 Jun 2024 22:33:06 +0800 Subject: Optionally enabling codesign EKU check in compiling time. This commit also supersedes PR#232 which was closed on Jul 1, 2021. So that original codesign EKU codes cannot be bothered. To enable the codesign check, ENABLE_CODESIGN_EKU can be set to 1. To disable the codesign check, ENABLE_CODESIGN_EKU can be set to 0 or just omit this flag. For example: make xxxx ENABLE_CODESIGN_EKU=1 xxxx shim.efi Signed-off-by: Dennis Tseng --- Cryptlib/InternalCryptLib.h | 3 ++- Cryptlib/Library/BaseCryptLib.h | 2 ++ Cryptlib/Makefile | 8 +++++++- Cryptlib/Pk/CryptPkcs7Verify.c | 8 ++++++++ 4 files changed, 19 insertions(+), 2 deletions(-) (limited to 'Cryptlib') diff --git a/Cryptlib/InternalCryptLib.h b/Cryptlib/InternalCryptLib.h index b713ed1c..0ad2ef70 100644 --- a/Cryptlib/InternalCryptLib.h +++ b/Cryptlib/InternalCryptLib.h @@ -32,6 +32,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define OBJ_length(o) ((o)->length) #endif +#if defined(ENABLE_CODESIGN_EKU) /** Check input P7Data is a wrapped ContentInfo structure or not. If not construct a new structure to wrap P7Data. @@ -65,4 +66,4 @@ WrapPkcs7Data ( ); #endif - +#endif diff --git a/Cryptlib/Library/BaseCryptLib.h b/Cryptlib/Library/BaseCryptLib.h index ed482d3f..439f0516 100644 --- a/Cryptlib/Library/BaseCryptLib.h +++ b/Cryptlib/Library/BaseCryptLib.h @@ -2403,6 +2403,7 @@ Pkcs7Verify ( IN UINTN DataLength ); +#if defined(ENABLE_CODESIGN_EKU) /** This function receives a PKCS#7 formatted signature blob, looks for the EKU SEQUENCE blob, and if found then looks @@ -2442,6 +2443,7 @@ VerifyEKUsInPkcs7Signature ( IN CONST UINT32 RequiredEKUsSize, IN BOOLEAN RequireAllPresent ); +#endif /** Extracts the attached content from a PKCS#7 signed data if existed. The input signed diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 023da637..68a9395e 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -40,6 +40,9 @@ endif ifeq ($(ARCH),arm) DEFINES += -DMDE_CPU_ARM endif +ifeq ($(ENABLE_CODESIGN_EKU),1) +DEFINES += -DENABLE_CODESIGN_EKU +endif LDFLAGS = -nostdlib -znocombreloc @@ -60,7 +63,6 @@ OBJS = Hash/CryptMd4Null.o \ Pk/CryptRsaExtNull.o \ Pk/CryptPkcs7SignNull.o \ Pk/CryptPkcs7Verify.o \ - Pk/CryptPkcs7VerifyEku.o \ Pk/CryptDhNull.o \ Pk/CryptTs.o \ Pk/CryptX509.o \ @@ -71,6 +73,10 @@ OBJS = Hash/CryptMd4Null.o \ SysCall/BaseMemAllocation.o \ SysCall/BaseStrings.o +ifeq ($(ENABLE_CODESIGN_EKU),1) + OBJS += Pk/CryptPkcs7VerifyEku.o +endif + all: $(TARGET) libcryptlib.a: $(OBJS) diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c index fd523c59..640b01d0 100644 --- a/Cryptlib/Pk/CryptPkcs7Verify.c +++ b/Cryptlib/Pk/CryptPkcs7Verify.c @@ -29,8 +29,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 }; +#if defined(ENABLE_CODESIGN_EKU) /* EKU CodeSign */ CHAR8 mOidCodeSign[] = "1.3.6.1.5.5.7.3.3"; +#endif #if 1 #if OPENSSL_VERSION_NUMBER < 0x10100000L @@ -848,8 +850,10 @@ Pkcs7Verify ( CONST UINT8 *Temp; UINTN SignedDataSize; BOOLEAN Wrapped; +#if defined(ENABLE_CODESIGN_EKU) CONST CHAR8 *Ekus[1]; EFI_STATUS EFI_Status; +#endif // // Check input parameters. @@ -863,7 +867,9 @@ Pkcs7Verify ( DataBio = NULL; Cert = NULL; CertStore = NULL; +#if defined(ENABLE_CODESIGN_EKU) Ekus[0] = mOidCodeSign; +#endif // // Register & Initialize necessary digest algorithms for PKCS#7 Handling @@ -963,10 +969,12 @@ Pkcs7Verify ( // X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY); +#if defined(ENABLE_CODESIGN_EKU) EFI_Status = VerifyEKUsInPkcs7Signature(P7Data, P7Length, Ekus, 1, TRUE); if (EFI_Status != EFI_SUCCESS) { goto _Exit; } +#endif // // Verifies the PKCS#7 signedData structure -- cgit v1.2.3