For the bitfield access, MSVC apparently uses a right shift of the base type of the bitfield member. In our case, is is cased by IA32_PTE_4K and
IA32_PAGE_LEAF_ENTRY_BIG_PAGESIZE and other structures which uses uint64
bitfields and 32-bit x86 doesn't have a 64-bit integer shift (except using MMX or SSE2). With -Od (NOOPT) even for constant counts it puts
the data in EDX:EAX, the shift count in cl and calls __aullshr.
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
The ashrdi3 function should do arithmetic shift instead of logic using
sar instruction. Also adds __lshrdi3 implementation to correct build
using LLVM
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
Some parts and versions of TLS require HMAC. This adds the missing HMAC
algorithms to the UEFI provider. One entry in the default signature
algorithms and one in the key management algorithms.
Source of these entries is the default OpenSSL provider, defltprov.c,
included in the OpenSSL library.
This change was required to connect to some TLS servers depending
on the used ciphers.
Signed-off-by: Sebastian Witt <sebastian.witt@siemens.com>
Move local variable init to C statements to follow
coding standard and remove the use of field names in
structure initialization to maximize compiler compatibility.
This issue was introduced by PR #6185
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Mbedtls requires the use of strncpy(), but it is currently included in
DummyOpensslSupport.c, which is not part of Mbedtls SecCryptLib.
To resolve this, move strncpy() to CrtWrapper.c, as Mbedtls SecCryptLib
not depend on OpensslLib
Signed-off-by: Amy Chan <amy.chan@intel.com>
In BaseCryptLib sleep() function is defined,
apply the same sleep function to BaseCryptLibMbedTls
Signed-off-by: "Kalavakolanu, Hema Anmisha" <hema.anmisha.kalavakolanu@intel.com>
OpenSSL ticket <https://github.com/openssl/openssl/issues/8904> has been
fixed in OpenSSL commit 2e9d61ecd81a ("crypto/evp/evp_key.c: #define
BUFSIZ if <stdio.h> doesn't #define it", 2019-05-27).
We should simplify "CryptoPkg/Library/Include/CrtLibSupport.h" and back
out the change made to that file by edk2 commit 456dd8b99f00 ("CryptoPkg:
Upgrade OpenSSL to 1.1.1b", 2019-06-03).
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1897
Signed-off-by: Laszlo Ersek <laszlo.ersek@posteo.net>
BaseTools has a limitation that modules in FVs that are force rebased
must have the same file and section alignment. This is intended for
XIP modules.
VS2019 and previous VS toolchains did not set 4k section alignment,
but VS2022 does, in order for memory protections to be applied to
images. This causes issues when building SEC and PEI modules on
VS2022 as the file alignment is 0x20 but the section alignment
is 0x1000, so BaseTools will fail to generate the FV. One option
is to set the file alignment to 0x1000 for all of these files, but
that is a large waste of space and is not feasible on some platforms
that have limited flash space. The other option is to selectively
set 0x20 as the section alignment for SEC and PEI modules, which is
the approach GCC ARM/AARCH64 took.
This is only an issue for building 64-bit PEI on x86 currently, as
other architectures are not supported by VS2022 in edk2 yet. For IA32,
the section alignment is set to 0x20 and so it matches the file
alignment, however x64 PEI uses the X64 DLINK flags which have 0x1000
set. For other architectures that don't have the PEI/DXE architecture
split, this is also an issue.
This commit is required to use VS2022 as the default CI in edk2, as
OvmfPkgX64.dsc will fail to build. Any platform with 64-bit PEI also
requires this.
This commit also updates CryptoPkg.dsc and SecurityPkg.dsc as they
are setting custom section alignments.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
Drop the ArmSoftFloatLib dependency from the OpensslLib implementations,
so that we can retire this git submodule and associated dependencies in
other components.
The upshot of this is that OpenSSL can no longer be used on 32-bit ARM
by components that rely on the random number generation routines (which
is where the floating point usage resides). In practice, this means that
ARM platforms should use MbedTLs instead for things like signed
capsules, authenticated variables and TPM2 support. HTTPS boot is no
longer supported, as TlsDxe depends on OpensslLib directly.
Note that MbedTLS itself -surprisingly- depends on OpensslLib as well,
but only for the SM3 routines, and incorporating those does not require
softfloat support.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
BaseCryptLib turn gettimeofday() from a Macro into a function call,
apply the same change to BaseCryptLibMbedTls
Signed-off-by: Amy Chan <amy.chan@intel.com>
Now that the ResetVectors are USER_DEFINED modules, they will not
be linked against StackCheckLibNull, which were the only modules
causing issues. So, we can now remove the kludge we had before
and the requirement for every DSC to include StackCheckLibNull
for SEC modules and just apply StackCheckLibNull globally.
This also changes every DSC to drop the SEC definition of
StackCheckLibNull.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Openssl 3.0.15 has a larger memory footprint.
Updating from EDK 2022.2 (openssl 1.1.j) to 2024.2 (openssl 3.0.15)
causes our EFI provisioning application[1] to fail due to an out of
memory condition.
On inspection, at the time of that fault, 2022.2 had an additional 900
pages. This is why this patch proposes the increase of the ScratchMemory
buffer by that same ammount.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Without this change we get:
error: variable 'Index' set but not used
when building on XCODE5.
Co-authored-by: Savva Mitrofanov <savvamtr@gmail.com>
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
REF: https://edk2.groups.io/g/devel/message/88179
Without this change, we get:
fatal error: 'Availability.h' file not found
when building on XCODE5.
The workaround uses a define present in openssl/include/crypto/rand.h
which modifies openssl behaviour on Apple only, causing the library
to default to a non-system specific source of entropy in syscall_random()
in rand_unix.c.
Co-authored-by: Savva Mitrofanov <savvamtr@gmail.com>
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
Adding $(OPENSSL_PATH)/e_os.h to the list of source files had the effect
that $(OPENSSL_PATH)/ was added to the list of include directories.
With the file being gone in openssl-3.2.x this doesn't work any more.
Add the directory to the [Includes.Common.Private] section instead.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Create a special OpensslLib implementation that only exposes the SM3
routines that MbedTlsLib borrows from OpensslLib, to avoid having to
pull in other parts of OpenSSL that are not needed (e.g., via the
library constructor)
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
SM3 needs to be tested so we can verify that alternative implementations
(such as the one I will be contributing to BaseCryptLibMbedTls) as well
as the reference implementation produce the expected value.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
The CLANG35 and CLANG38 toolchain specifiers have been phased out, and
replaced with CLANGDWARF. Update the MbedTls library definitions
accordingly.
While at it, switch to the gnu99 C dialect, which is a better match with
GCC in C99 mode, which includes GCC specific GNU extensions.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
As per the emailed RFC in
https://edk2.groups.io/g/devel/topic/rfc_move/107675828,
this patch moves CompilerIntrinsicsLib from ArmPkg to
MdePkg as this library provides compiler intrinsics, which
are industry standard.
This aligns with the goal of integrating ArmPkg into existing
packages: https://bugzilla.tianocore.org/show_bug.cgi?id=4121.
The newly placed CompilerIntrinsicsLib is added to MdeLibs.dsc.inc
as every DSC that builds ARM/AARCH64 needs this library added. The
old location is removed from every DSC in edk2 in this commit also
to not break bisectability with minimal hoop jumping.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Clang complains about a couple of variables potentially being
uninitialized, and those complaints seem to be valid.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
'asm' is not a keyword in C99, but GCC supports it nonetheless as a GNU
extension. So when using Clang, we must specify the gnu99 dialect
explicitly, or inline asm blocks using asm() rather than __asm__() will
be rejected by the compiler.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4830
Allow BrainpoolP512r1 to be leveraged when the corresponding curve ID
is passed to crypto libraries in EDK2
Signed-off-by: Michael G.A. Holland <michael.holland@intel.com>
Enable the following modules builds for AARCH64:
- OpensslLibAccel.inf
- OpensslLibFullAccel.inf
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
