diff mbox series

openssl10: Fix mutliple include assumptions for bn.h in opensslconf.h

Message ID 20190207062526.33944-1-raj.khem@gmail.com
State Accepted
Commit f787b0bb9b0626ddbf2ac94cb206c76716a3773d
Headers show
Series openssl10: Fix mutliple include assumptions for bn.h in opensslconf.h | expand

Commit Message

Khem Raj Feb. 7, 2019, 6:25 a.m. UTC
After adding #pragma once to wrapper header ( opensslconf.h ) this
latent issue got to bite us, where it expect bn.h to be including
openssl.h to define BN_* defines, which is fragile. This patch removes
the contraints for nested includes for bn.h

Signed-off-by: Khem Raj <raj.khem@gmail.com>

---
 .../0001-Fix-BN_LLONG-breakage.patch          | 33 +++++++++++++++++++
 .../openssl/openssl10_1.0.2q.bb               |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

-- 
2.20.1

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Comments

Denys Dmytriyenko Feb. 26, 2019, 3:19 a.m. UTC | #1
Khem, Richard,

Sorry for belated reply. I haven't had time for master yet, but since this 
just got backported to thud, I'm seeing a similar breakage.

First of all, BN_LLONG not being defined does seem to be "fixed" by this 
patch, but I'm not entirely sure why it now checks for OPENSSL_SYS_UEFI - this 
seems to be a new define in OpenSSL 1.1, and doesn't even exist in OpenSSL 1.0
Is it a pure luck that it works now? Any hidden meaning I missded?

And it also breaks exactly the same for DES_LONG due to a similar construct:


#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
 * %20 speed up (longs are 8 bytes, int's are 4). */
#ifndef DES_LONG
#define DES_LONG unsigned int
#endif
#endif


I was going to fix it similarly as BN_LLONG, but since I don't understand how 
it was supposed to be fixed, I'm not sure how to fix DES_LONG not being 
defined. Any ideas?

Thanks.

-- 
Denys


On Wed, Feb 06, 2019 at 10:25:26PM -0800, Khem Raj wrote:
> After adding #pragma once to wrapper header ( opensslconf.h ) this

> latent issue got to bite us, where it expect bn.h to be including

> openssl.h to define BN_* defines, which is fragile. This patch removes

> the contraints for nested includes for bn.h

> 

> Signed-off-by: Khem Raj <raj.khem@gmail.com>

> ---

>  .../0001-Fix-BN_LLONG-breakage.patch          | 33 +++++++++++++++++++

>  .../openssl/openssl10_1.0.2q.bb               |  1 +

>  2 files changed, 34 insertions(+)

>  create mode 100644 meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> 

> diff --git a/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch b/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> new file mode 100644

> index 0000000000..13d39c918c

> --- /dev/null

> +++ b/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> @@ -0,0 +1,33 @@

> +From 247b3188cde5f3347091cd54271127386d3aece0 Mon Sep 17 00:00:00 2001

> +From: Khem Raj <raj.khem@gmail.com>

> +Date: Wed, 6 Feb 2019 22:10:33 -0800

> +Subject: [PATCH] Fix BN_LLONG breakage

> +

> +opensslconf.h is un-defining BN_LLONG only when included from bn.h which

> +is not robust at all, especially when include guards are used and

> +multiple inclusions of a given header is not allowed. so lets take out

> +the nesting constraint and add OPENSSL_SYS_UEFI constraint instead

> +

> +Upstream-Status: Inappropriate [ fixed differently with OpenSSL 1.1+ ]

> +

> +Signed-off-by: Khem Raj <raj.khem@gmail.com>

> +---

> + crypto/opensslconf.h.in | 2 +-

> + 1 file changed, 1 insertion(+), 1 deletion(-)

> +

> +diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in

> +index 7a1c85d..a10c10f 100644

> +--- a/crypto/opensslconf.h.in

> ++++ b/crypto/opensslconf.h.in

> +@@ -56,7 +56,7 @@

> + #endif

> + #endif

> + 

> +-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)

> ++#if !defined(OPENSSL_SYS_UEFI) && !defined(CONFIG_HEADER_BN_H)

> + #define CONFIG_HEADER_BN_H

> + #undef BN_LLONG

> + 

> +-- 

> +2.20.1

> +

> diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> index 809634f6c0..88aefdea4f 100644

> --- a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> +++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> @@ -40,6 +40,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \

>             file://0001-Fix-build-with-clang-using-external-assembler.patch \

>             file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \

>             file://0001-allow-manpages-to-be-disabled.patch \

> +           file://0001-Fix-BN_LLONG-breakage.patch \

>             "

>  

>  SRC_URI_append_class-target = " \

> -- 

> 2.20.1

> 

> -- 

> _______________________________________________

> Openembedded-core mailing list

> Openembedded-core@lists.openembedded.org

> http://lists.openembedded.org/mailman/listinfo/openembedded-core

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Denys Dmytriyenko Feb. 28, 2019, 1:44 a.m. UTC | #2
Ping. Any comments here? Thanks!


On Mon, Feb 25, 2019 at 10:19:51PM -0500, Denys Dmytriyenko wrote:
> Khem, Richard,

> 

> Sorry for belated reply. I haven't had time for master yet, but since this 

> just got backported to thud, I'm seeing a similar breakage.

> 

> First of all, BN_LLONG not being defined does seem to be "fixed" by this 

> patch, but I'm not entirely sure why it now checks for OPENSSL_SYS_UEFI - this 

> seems to be a new define in OpenSSL 1.1, and doesn't even exist in OpenSSL 1.0

> Is it a pure luck that it works now? Any hidden meaning I missded?

> 

> And it also breaks exactly the same for DES_LONG due to a similar construct:

> 

> 

> #if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)

> /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a

>  * %20 speed up (longs are 8 bytes, int's are 4). */

> #ifndef DES_LONG

> #define DES_LONG unsigned int

> #endif

> #endif

> 

> 

> I was going to fix it similarly as BN_LLONG, but since I don't understand how 

> it was supposed to be fixed, I'm not sure how to fix DES_LONG not being 

> defined. Any ideas?

> 

> Thanks.

> 

> -- 

> Denys

> 

> 

> On Wed, Feb 06, 2019 at 10:25:26PM -0800, Khem Raj wrote:

> > After adding #pragma once to wrapper header ( opensslconf.h ) this

> > latent issue got to bite us, where it expect bn.h to be including

> > openssl.h to define BN_* defines, which is fragile. This patch removes

> > the contraints for nested includes for bn.h

> > 

> > Signed-off-by: Khem Raj <raj.khem@gmail.com>

> > ---

> >  .../0001-Fix-BN_LLONG-breakage.patch          | 33 +++++++++++++++++++

> >  .../openssl/openssl10_1.0.2q.bb               |  1 +

> >  2 files changed, 34 insertions(+)

> >  create mode 100644 meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> > 

> > diff --git a/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch b/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> > new file mode 100644

> > index 0000000000..13d39c918c

> > --- /dev/null

> > +++ b/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> > @@ -0,0 +1,33 @@

> > +From 247b3188cde5f3347091cd54271127386d3aece0 Mon Sep 17 00:00:00 2001

> > +From: Khem Raj <raj.khem@gmail.com>

> > +Date: Wed, 6 Feb 2019 22:10:33 -0800

> > +Subject: [PATCH] Fix BN_LLONG breakage

> > +

> > +opensslconf.h is un-defining BN_LLONG only when included from bn.h which

> > +is not robust at all, especially when include guards are used and

> > +multiple inclusions of a given header is not allowed. so lets take out

> > +the nesting constraint and add OPENSSL_SYS_UEFI constraint instead

> > +

> > +Upstream-Status: Inappropriate [ fixed differently with OpenSSL 1.1+ ]

> > +

> > +Signed-off-by: Khem Raj <raj.khem@gmail.com>

> > +---

> > + crypto/opensslconf.h.in | 2 +-

> > + 1 file changed, 1 insertion(+), 1 deletion(-)

> > +

> > +diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in

> > +index 7a1c85d..a10c10f 100644

> > +--- a/crypto/opensslconf.h.in

> > ++++ b/crypto/opensslconf.h.in

> > +@@ -56,7 +56,7 @@

> > + #endif

> > + #endif

> > + 

> > +-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)

> > ++#if !defined(OPENSSL_SYS_UEFI) && !defined(CONFIG_HEADER_BN_H)

> > + #define CONFIG_HEADER_BN_H

> > + #undef BN_LLONG

> > + 

> > +-- 

> > +2.20.1

> > +

> > diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> > index 809634f6c0..88aefdea4f 100644

> > --- a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> > +++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> > @@ -40,6 +40,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \

> >             file://0001-Fix-build-with-clang-using-external-assembler.patch \

> >             file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \

> >             file://0001-allow-manpages-to-be-disabled.patch \

> > +           file://0001-Fix-BN_LLONG-breakage.patch \

> >             "

> >  

> >  SRC_URI_append_class-target = " \

> > -- 

> > 2.20.1

> > 

> > -- 

> > _______________________________________________

> > Openembedded-core mailing list

> > Openembedded-core@lists.openembedded.org

> > http://lists.openembedded.org/mailman/listinfo/openembedded-core

> -- 

> _______________________________________________

> Openembedded-core mailing list

> Openembedded-core@lists.openembedded.org

> http://lists.openembedded.org/mailman/listinfo/openembedded-core

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Khem Raj Feb. 28, 2019, 1:51 a.m. UTC | #3
On Mon, Feb 25, 2019 at 7:19 PM Denys Dmytriyenko <denis@denix.org> wrote:
>

> Khem, Richard,

>

> Sorry for belated reply. I haven't had time for master yet, but since this

> just got backported to thud, I'm seeing a similar breakage.

>

> First of all, BN_LLONG not being defined does seem to be "fixed" by this

> patch, but I'm not entirely sure why it now checks for OPENSSL_SYS_UEFI - this

> seems to be a new define in OpenSSL 1.1, and doesn't even exist in OpenSSL 1.0

> Is it a pure luck that it works now? Any hidden meaning I missded?

>


We don't have to, but then we might have uefi to compile so thats why its
there.

> And it also breaks exactly the same for DES_LONG due to a similar construct:


yeah the header nesting is a nightmare in openssl 1.0, it is a bit better
in 1.1, a lot of these recursions are fixed. but backporting then completely
to 1.0 is not an option, so we have to do tweaks that sustains the build.

>

>

> #if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)

> /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a

>  * %20 speed up (longs are 8 bytes, int's are 4). */

> #ifndef DES_LONG

> #define DES_LONG unsigned int

> #endif

> #endif

>

>

> I was going to fix it similarly as BN_LLONG, but since I don't understand how

> it was supposed to be fixed, I'm not sure how to fix DES_LONG not being

> defined. Any ideas?

>

> Thanks.

>

> --

> Denys

>

>

> On Wed, Feb 06, 2019 at 10:25:26PM -0800, Khem Raj wrote:

> > After adding #pragma once to wrapper header ( opensslconf.h ) this

> > latent issue got to bite us, where it expect bn.h to be including

> > openssl.h to define BN_* defines, which is fragile. This patch removes

> > the contraints for nested includes for bn.h

> >

> > Signed-off-by: Khem Raj <raj.khem@gmail.com>

> > ---

> >  .../0001-Fix-BN_LLONG-breakage.patch          | 33 +++++++++++++++++++

> >  .../openssl/openssl10_1.0.2q.bb               |  1 +

> >  2 files changed, 34 insertions(+)

> >  create mode 100644 meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> >

> > diff --git a/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch b/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> > new file mode 100644

> > index 0000000000..13d39c918c

> > --- /dev/null

> > +++ b/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> > @@ -0,0 +1,33 @@

> > +From 247b3188cde5f3347091cd54271127386d3aece0 Mon Sep 17 00:00:00 2001

> > +From: Khem Raj <raj.khem@gmail.com>

> > +Date: Wed, 6 Feb 2019 22:10:33 -0800

> > +Subject: [PATCH] Fix BN_LLONG breakage

> > +

> > +opensslconf.h is un-defining BN_LLONG only when included from bn.h which

> > +is not robust at all, especially when include guards are used and

> > +multiple inclusions of a given header is not allowed. so lets take out

> > +the nesting constraint and add OPENSSL_SYS_UEFI constraint instead

> > +

> > +Upstream-Status: Inappropriate [ fixed differently with OpenSSL 1.1+ ]

> > +

> > +Signed-off-by: Khem Raj <raj.khem@gmail.com>

> > +---

> > + crypto/opensslconf.h.in | 2 +-

> > + 1 file changed, 1 insertion(+), 1 deletion(-)

> > +

> > +diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in

> > +index 7a1c85d..a10c10f 100644

> > +--- a/crypto/opensslconf.h.in

> > ++++ b/crypto/opensslconf.h.in

> > +@@ -56,7 +56,7 @@

> > + #endif

> > + #endif

> > +

> > +-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)

> > ++#if !defined(OPENSSL_SYS_UEFI) && !defined(CONFIG_HEADER_BN_H)

> > + #define CONFIG_HEADER_BN_H

> > + #undef BN_LLONG

> > +

> > +--

> > +2.20.1

> > +

> > diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> > index 809634f6c0..88aefdea4f 100644

> > --- a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> > +++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> > @@ -40,6 +40,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \

> >             file://0001-Fix-build-with-clang-using-external-assembler.patch \

> >             file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \

> >             file://0001-allow-manpages-to-be-disabled.patch \

> > +           file://0001-Fix-BN_LLONG-breakage.patch \

> >             "

> >

> >  SRC_URI_append_class-target = " \

> > --

> > 2.20.1

> >

> > --

> > _______________________________________________

> > Openembedded-core mailing list

> > Openembedded-core@lists.openembedded.org

> > http://lists.openembedded.org/mailman/listinfo/openembedded-core

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Denys Dmytriyenko March 1, 2019, 5:35 p.m. UTC | #4
On Wed, Feb 27, 2019 at 05:51:23PM -0800, Khem Raj wrote:
> On Mon, Feb 25, 2019 at 7:19 PM Denys Dmytriyenko <denis@denix.org> wrote:

> >

> > Khem, Richard,

> >

> > Sorry for belated reply. I haven't had time for master yet, but since this

> > just got backported to thud, I'm seeing a similar breakage.

> >

> > First of all, BN_LLONG not being defined does seem to be "fixed" by this

> > patch, but I'm not entirely sure why it now checks for OPENSSL_SYS_UEFI - this

> > seems to be a new define in OpenSSL 1.1, and doesn't even exist in OpenSSL 1.0

> > Is it a pure luck that it works now? Any hidden meaning I missded?

> >

> 

> We don't have to, but then we might have uefi to compile so thats why its

> there.


Where is OPENSSL_SYS_UEFI supposed to be defined?

There are 0 references to it in OpenSSL 1.0 code base. It appears to be 
introduced only in OpenSSL 1.1, since there are several references there.

Hence my earlier question about whether it should be used here in the patch 
for 1.0.2q


> > And it also breaks exactly the same for DES_LONG due to a similar construct:

> 

> yeah the header nesting is a nightmare in openssl 1.0, it is a bit better

> in 1.1, a lot of these recursions are fixed. but backporting then completely

> to 1.0 is not an option, so we have to do tweaks that sustains the build.

> 

> >

> >

> > #if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)

> > /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a

> >  * %20 speed up (longs are 8 bytes, int's are 4). */

> > #ifndef DES_LONG

> > #define DES_LONG unsigned int

> > #endif

> > #endif


Would you recommend doing the same change here to fix DES_LONG not being 
defined due to nested header inclusion?


> > I was going to fix it similarly as BN_LLONG, but since I don't understand how

> > it was supposed to be fixed, I'm not sure how to fix DES_LONG not being

> > defined. Any ideas?

> >

> > Thanks.

> >

> > --

> > Denys

> >

> >

> > On Wed, Feb 06, 2019 at 10:25:26PM -0800, Khem Raj wrote:

> > > After adding #pragma once to wrapper header ( opensslconf.h ) this

> > > latent issue got to bite us, where it expect bn.h to be including

> > > openssl.h to define BN_* defines, which is fragile. This patch removes

> > > the contraints for nested includes for bn.h

> > >

> > > Signed-off-by: Khem Raj <raj.khem@gmail.com>

> > > ---

> > >  .../0001-Fix-BN_LLONG-breakage.patch          | 33 +++++++++++++++++++

> > >  .../openssl/openssl10_1.0.2q.bb               |  1 +

> > >  2 files changed, 34 insertions(+)

> > >  create mode 100644 meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> > >

> > > diff --git a/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch b/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> > > new file mode 100644

> > > index 0000000000..13d39c918c

> > > --- /dev/null

> > > +++ b/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> > > @@ -0,0 +1,33 @@

> > > +From 247b3188cde5f3347091cd54271127386d3aece0 Mon Sep 17 00:00:00 2001

> > > +From: Khem Raj <raj.khem@gmail.com>

> > > +Date: Wed, 6 Feb 2019 22:10:33 -0800

> > > +Subject: [PATCH] Fix BN_LLONG breakage

> > > +

> > > +opensslconf.h is un-defining BN_LLONG only when included from bn.h which

> > > +is not robust at all, especially when include guards are used and

> > > +multiple inclusions of a given header is not allowed. so lets take out

> > > +the nesting constraint and add OPENSSL_SYS_UEFI constraint instead

> > > +

> > > +Upstream-Status: Inappropriate [ fixed differently with OpenSSL 1.1+ ]

> > > +

> > > +Signed-off-by: Khem Raj <raj.khem@gmail.com>

> > > +---

> > > + crypto/opensslconf.h.in | 2 +-

> > > + 1 file changed, 1 insertion(+), 1 deletion(-)

> > > +

> > > +diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in

> > > +index 7a1c85d..a10c10f 100644

> > > +--- a/crypto/opensslconf.h.in

> > > ++++ b/crypto/opensslconf.h.in

> > > +@@ -56,7 +56,7 @@

> > > + #endif

> > > + #endif

> > > +

> > > +-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)

> > > ++#if !defined(OPENSSL_SYS_UEFI) && !defined(CONFIG_HEADER_BN_H)

> > > + #define CONFIG_HEADER_BN_H

> > > + #undef BN_LLONG

> > > +

> > > +--

> > > +2.20.1

> > > +

> > > diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> > > index 809634f6c0..88aefdea4f 100644

> > > --- a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> > > +++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> > > @@ -40,6 +40,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \

> > >             file://0001-Fix-build-with-clang-using-external-assembler.patch \

> > >             file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \

> > >             file://0001-allow-manpages-to-be-disabled.patch \

> > > +           file://0001-Fix-BN_LLONG-breakage.patch \

> > >             "

> > >

> > >  SRC_URI_append_class-target = " \

> > > --

> > > 2.20.1

> > >

> > > --

> > > _______________________________________________

> > > Openembedded-core mailing list

> > > Openembedded-core@lists.openembedded.org

> > > http://lists.openembedded.org/mailman/listinfo/openembedded-core

> 

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Khem Raj March 1, 2019, 5:40 p.m. UTC | #5
On Fri, Mar 1, 2019 at 9:35 AM Denys Dmytriyenko <denis@denix.org> wrote:
>

> On Wed, Feb 27, 2019 at 05:51:23PM -0800, Khem Raj wrote:

> > On Mon, Feb 25, 2019 at 7:19 PM Denys Dmytriyenko <denis@denix.org> wrote:

> > >

> > > Khem, Richard,

> > >

> > > Sorry for belated reply. I haven't had time for master yet, but since this

> > > just got backported to thud, I'm seeing a similar breakage.

> > >

> > > First of all, BN_LLONG not being defined does seem to be "fixed" by this

> > > patch, but I'm not entirely sure why it now checks for OPENSSL_SYS_UEFI - this

> > > seems to be a new define in OpenSSL 1.1, and doesn't even exist in OpenSSL 1.0

> > > Is it a pure luck that it works now? Any hidden meaning I missded?

> > >

> >

> > We don't have to, but then we might have uefi to compile so thats why its

> > there.

>

> Where is OPENSSL_SYS_UEFI supposed to be defined?

>


some apps like uefi can do that.

> There are 0 references to it in OpenSSL 1.0 code base. It appears to be

> introduced only in OpenSSL 1.1, since there are several references there.

>

> Hence my earlier question about whether it should be used here in the patch

> for 1.0.2q

>

>

> > > And it also breaks exactly the same for DES_LONG due to a similar construct:

> >

> > yeah the header nesting is a nightmare in openssl 1.0, it is a bit better

> > in 1.1, a lot of these recursions are fixed. but backporting then completely

> > to 1.0 is not an option, so we have to do tweaks that sustains the build.

> >

> > >

> > >

> > > #if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)

> > > /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a

> > >  * %20 speed up (longs are 8 bytes, int's are 4). */

> > > #ifndef DES_LONG

> > > #define DES_LONG unsigned int

> > > #endif

> > > #endif

>

> Would you recommend doing the same change here to fix DES_LONG not being

> defined due to nested header inclusion?

>

>

> > > I was going to fix it similarly as BN_LLONG, but since I don't understand how

> > > it was supposed to be fixed, I'm not sure how to fix DES_LONG not being

> > > defined. Any ideas?

> > >

> > > Thanks.

> > >

> > > --

> > > Denys

> > >

> > >

> > > On Wed, Feb 06, 2019 at 10:25:26PM -0800, Khem Raj wrote:

> > > > After adding #pragma once to wrapper header ( opensslconf.h ) this

> > > > latent issue got to bite us, where it expect bn.h to be including

> > > > openssl.h to define BN_* defines, which is fragile. This patch removes

> > > > the contraints for nested includes for bn.h

> > > >

> > > > Signed-off-by: Khem Raj <raj.khem@gmail.com>

> > > > ---

> > > >  .../0001-Fix-BN_LLONG-breakage.patch          | 33 +++++++++++++++++++

> > > >  .../openssl/openssl10_1.0.2q.bb               |  1 +

> > > >  2 files changed, 34 insertions(+)

> > > >  create mode 100644 meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> > > >

> > > > diff --git a/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch b/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> > > > new file mode 100644

> > > > index 0000000000..13d39c918c

> > > > --- /dev/null

> > > > +++ b/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch

> > > > @@ -0,0 +1,33 @@

> > > > +From 247b3188cde5f3347091cd54271127386d3aece0 Mon Sep 17 00:00:00 2001

> > > > +From: Khem Raj <raj.khem@gmail.com>

> > > > +Date: Wed, 6 Feb 2019 22:10:33 -0800

> > > > +Subject: [PATCH] Fix BN_LLONG breakage

> > > > +

> > > > +opensslconf.h is un-defining BN_LLONG only when included from bn.h which

> > > > +is not robust at all, especially when include guards are used and

> > > > +multiple inclusions of a given header is not allowed. so lets take out

> > > > +the nesting constraint and add OPENSSL_SYS_UEFI constraint instead

> > > > +

> > > > +Upstream-Status: Inappropriate [ fixed differently with OpenSSL 1.1+ ]

> > > > +

> > > > +Signed-off-by: Khem Raj <raj.khem@gmail.com>

> > > > +---

> > > > + crypto/opensslconf.h.in | 2 +-

> > > > + 1 file changed, 1 insertion(+), 1 deletion(-)

> > > > +

> > > > +diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in

> > > > +index 7a1c85d..a10c10f 100644

> > > > +--- a/crypto/opensslconf.h.in

> > > > ++++ b/crypto/opensslconf.h.in

> > > > +@@ -56,7 +56,7 @@

> > > > + #endif

> > > > + #endif

> > > > +

> > > > +-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)

> > > > ++#if !defined(OPENSSL_SYS_UEFI) && !defined(CONFIG_HEADER_BN_H)

> > > > + #define CONFIG_HEADER_BN_H

> > > > + #undef BN_LLONG

> > > > +

> > > > +--

> > > > +2.20.1

> > > > +

> > > > diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> > > > index 809634f6c0..88aefdea4f 100644

> > > > --- a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> > > > +++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb

> > > > @@ -40,6 +40,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \

> > > >             file://0001-Fix-build-with-clang-using-external-assembler.patch \

> > > >             file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \

> > > >             file://0001-allow-manpages-to-be-disabled.patch \

> > > > +           file://0001-Fix-BN_LLONG-breakage.patch \

> > > >             "

> > > >

> > > >  SRC_URI_append_class-target = " \

> > > > --

> > > > 2.20.1

> > > >

> > > > --

> > > > _______________________________________________

> > > > Openembedded-core mailing list

> > > > Openembedded-core@lists.openembedded.org

> > > > http://lists.openembedded.org/mailman/listinfo/openembedded-core

> >

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
diff mbox series

Patch

diff --git a/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch b/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch
new file mode 100644
index 0000000000..13d39c918c
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch
@@ -0,0 +1,33 @@ 
+From 247b3188cde5f3347091cd54271127386d3aece0 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 6 Feb 2019 22:10:33 -0800
+Subject: [PATCH] Fix BN_LLONG breakage
+
+opensslconf.h is un-defining BN_LLONG only when included from bn.h which
+is not robust at all, especially when include guards are used and
+multiple inclusions of a given header is not allowed. so lets take out
+the nesting constraint and add OPENSSL_SYS_UEFI constraint instead
+
+Upstream-Status: Inappropriate [ fixed differently with OpenSSL 1.1+ ]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ crypto/opensslconf.h.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
+index 7a1c85d..a10c10f 100644
+--- a/crypto/opensslconf.h.in
++++ b/crypto/opensslconf.h.in
+@@ -56,7 +56,7 @@
+ #endif
+ #endif
+ 
+-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
++#if !defined(OPENSSL_SYS_UEFI) && !defined(CONFIG_HEADER_BN_H)
+ #define CONFIG_HEADER_BN_H
+ #undef BN_LLONG
+ 
+-- 
+2.20.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
index 809634f6c0..88aefdea4f 100644
--- a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
+++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
@@ -40,6 +40,7 @@  SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-Fix-build-with-clang-using-external-assembler.patch \
            file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
            file://0001-allow-manpages-to-be-disabled.patch \
+           file://0001-Fix-BN_LLONG-breakage.patch \
            "
 
 SRC_URI_append_class-target = " \