vboot: fix name-collision with OpenSSL.
vboot currently uses the |SHA256_CTX| name, which is claimed by OpenSSL.
To work around this, it defines OPENSSL_NO_SHA, but that can't be done
at compile time:
The OPENSSL_NO_* defines are set by OpenSSL to reflect the configuration
that it was built with so that users of OpenSSL can disable features as
needed. They can affect the contents of structures any thus the ABI of
the library.
If these defines are set outside of OpenSSL, then the library and the
code that uses it will have incompatible ABIs. At that point it's only
functioning by blind luck.
This change renames the name-collisions so that this hack isn't needed.
This is the same change as was made internally in cl/85758149.
BUG=none
BRANCH=none
TEST=emerge-samus coreboot; make runtests
Change-Id: I709da2507f341896d89d50129ce30ffb111a20d1
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/263506
Reviewed-by: Randall Spangler <rspangler@chromium.org>
diff --git a/Android.mk b/Android.mk
index 3fcd02f..02fd6da 100644
--- a/Android.mk
+++ b/Android.mk
@@ -24,8 +24,7 @@
$(LOCAL_PATH)/firmware/lib/tpm_lite/include \
$(LOCAL_PATH)/firmware/2lib/include \
$(LOCAL_PATH)/host/include \
- $(LOCAL_PATH)/host/lib/include \
- external/openssl/include
+ $(LOCAL_PATH)/host/lib/include
# Firmware library sources needed by VbInit() call
VBINIT_SRCS = \
@@ -108,6 +107,7 @@
$(UTILLIB_SRCS)
LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_C_INCLUDES)
+LOCAL_STATIC_LIBRARIES := libcrypto_static
include $(BUILD_HOST_STATIC_LIBRARY)
@@ -174,6 +174,6 @@
LOCAL_GENERATED_SOURCES := $(generated_sources)/futility_cmds.c
LOCAL_STATIC_LIBRARIES := libvboot_util-host
-LOCAL_SHARED_LIBRARIES := libssl-host libcrypto-host
+LOCAL_SHARED_LIBRARIES := libcrypto-host
include $(BUILD_HOST_EXECUTABLE)
diff --git a/firmware/lib/cryptolib/include/sha.h b/firmware/lib/cryptolib/include/sha.h
index 3ff2b5b..47a9e5f 100644
--- a/firmware/lib/cryptolib/include/sha.h
+++ b/firmware/lib/cryptolib/include/sha.h
@@ -42,7 +42,7 @@
uint32_t len;
uint8_t block[2 * SHA256_BLOCK_SIZE];
uint8_t buf[SHA256_DIGEST_SIZE]; /* Used for storing the final digest. */
-} SHA256_CTX;
+} VB_SHA256_CTX;
typedef struct {
uint64_t h[8];
@@ -50,20 +50,20 @@
uint32_t len;
uint8_t block[2 * SHA512_BLOCK_SIZE];
uint8_t buf[SHA512_DIGEST_SIZE]; /* Used for storing the final digest. */
-} SHA512_CTX;
+} VB_SHA512_CTX;
void SHA1_init(SHA1_CTX* ctx);
void SHA1_update(SHA1_CTX* ctx, const uint8_t* data, uint64_t len);
uint8_t* SHA1_final(SHA1_CTX* ctx);
-void SHA256_init(SHA256_CTX* ctx);
-void SHA256_update(SHA256_CTX* ctx, const uint8_t* data, uint32_t len);
-uint8_t* SHA256_final(SHA256_CTX* ctx);
+void SHA256_init(VB_SHA256_CTX* ctx);
+void SHA256_update(VB_SHA256_CTX* ctx, const uint8_t* data, uint32_t len);
+uint8_t* SHA256_final(VB_SHA256_CTX* ctx);
-void SHA512_init(SHA512_CTX* ctx);
-void SHA512_update(SHA512_CTX* ctx, const uint8_t* data, uint32_t len);
-uint8_t* SHA512_final(SHA512_CTX* ctx);
+void SHA512_init(VB_SHA512_CTX* ctx);
+void SHA512_update(VB_SHA512_CTX* ctx, const uint8_t* data, uint32_t len);
+uint8_t* SHA512_final(VB_SHA512_CTX* ctx);
/* Convenience function for SHA-1. Computes hash on [data] of length [len].
* and stores it into [digest]. [digest] should be pre-allocated to
@@ -95,8 +95,8 @@
*/
typedef struct DigestContext {
SHA1_CTX* sha1_ctx;
- SHA256_CTX* sha256_ctx;
- SHA512_CTX* sha512_ctx;
+ VB_SHA256_CTX* sha256_ctx;
+ VB_SHA512_CTX* sha512_ctx;
int algorithm; /* Hashing algorithm to use. */
} DigestContext;
diff --git a/firmware/lib/cryptolib/sha256.c b/firmware/lib/cryptolib/sha256.c
index 664b876..128e356 100644
--- a/firmware/lib/cryptolib/sha256.c
+++ b/firmware/lib/cryptolib/sha256.c
@@ -108,7 +108,7 @@
/* SHA-256 implementation */
-void SHA256_init(SHA256_CTX *ctx) {
+void SHA256_init(VB_SHA256_CTX *ctx) {
#ifndef UNROLL_LOOPS
int i;
for (i = 0; i < 8; i++) {
@@ -126,7 +126,7 @@
}
-static void SHA256_transform(SHA256_CTX* ctx, const uint8_t* message,
+static void SHA256_transform(VB_SHA256_CTX* ctx, const uint8_t* message,
unsigned int block_nb) {
uint32_t w[64];
uint32_t wv[8];
@@ -242,7 +242,7 @@
-void SHA256_update(SHA256_CTX* ctx, const uint8_t* data, uint32_t len) {
+void SHA256_update(VB_SHA256_CTX* ctx, const uint8_t* data, uint32_t len) {
unsigned int block_nb;
unsigned int new_len, rem_len, tmp_len;
const uint8_t *shifted_data;
@@ -274,7 +274,7 @@
ctx->tot_len += (block_nb + 1) << 6;
}
-uint8_t* SHA256_final(SHA256_CTX* ctx) {
+uint8_t* SHA256_final(VB_SHA256_CTX* ctx) {
unsigned int block_nb;
unsigned int pm_len;
unsigned int len_b;
@@ -317,7 +317,7 @@
const uint8_t* result;
uint64_t remaining_len;
int i;
- SHA256_CTX ctx;
+ VB_SHA256_CTX ctx;
SHA256_init(&ctx);
diff --git a/firmware/lib/cryptolib/sha512.c b/firmware/lib/cryptolib/sha512.c
index 96b2bef..33d47a1 100644
--- a/firmware/lib/cryptolib/sha512.c
+++ b/firmware/lib/cryptolib/sha512.c
@@ -151,7 +151,7 @@
/* SHA-512 implementation */
-void SHA512_init(SHA512_CTX *ctx) {
+void SHA512_init(VB_SHA512_CTX *ctx) {
#ifdef UNROLL_LOOPS_SHA512
ctx->h[0] = sha512_h0[0]; ctx->h[1] = sha512_h0[1];
ctx->h[2] = sha512_h0[2]; ctx->h[3] = sha512_h0[3];
@@ -169,7 +169,7 @@
}
-static void SHA512_transform(SHA512_CTX* ctx, const uint8_t* message,
+static void SHA512_transform(VB_SHA512_CTX* ctx, const uint8_t* message,
unsigned int block_nb) {
uint64_t w[80];
uint64_t wv[8];
@@ -263,7 +263,7 @@
}
-void SHA512_update(SHA512_CTX* ctx, const uint8_t* data,
+void SHA512_update(VB_SHA512_CTX* ctx, const uint8_t* data,
uint32_t len) {
unsigned int block_nb;
unsigned int new_len, rem_len, tmp_len;
@@ -296,7 +296,7 @@
ctx->tot_len += (block_nb + 1) << 7;
}
-uint8_t* SHA512_final(SHA512_CTX* ctx)
+uint8_t* SHA512_final(VB_SHA512_CTX* ctx)
{
unsigned int block_nb;
unsigned int pm_len;
@@ -341,7 +341,7 @@
const uint8_t* result;
uint64_t remaining_len;
int i;
- SHA512_CTX ctx;
+ VB_SHA512_CTX ctx;
SHA512_init(&ctx);
input_ptr = data;
diff --git a/firmware/lib/cryptolib/sha_utility.c b/firmware/lib/cryptolib/sha_utility.c
index 6c7aa49..38bce14 100644
--- a/firmware/lib/cryptolib/sha_utility.c
+++ b/firmware/lib/cryptolib/sha_utility.c
@@ -21,12 +21,12 @@
break;
#endif
case SHA256_DIGEST_ALGORITHM:
- ctx->sha256_ctx = (SHA256_CTX*) VbExMalloc(sizeof(SHA256_CTX));
+ ctx->sha256_ctx = (VB_SHA256_CTX*) VbExMalloc(sizeof(VB_SHA256_CTX));
SHA256_init(ctx->sha256_ctx);
break;
#ifndef CHROMEOS_EC
case SHA512_DIGEST_ALGORITHM:
- ctx->sha512_ctx = (SHA512_CTX*) VbExMalloc(sizeof(SHA512_CTX));
+ ctx->sha512_ctx = (VB_SHA512_CTX*) VbExMalloc(sizeof(VB_SHA512_CTX));
SHA512_init(ctx->sha512_ctx);
break;
#endif
diff --git a/futility/cmd_create.c b/futility/cmd_create.c
index e3fafd3..6da59a7 100644
--- a/futility/cmd_create.c
+++ b/futility/cmd_create.c
@@ -7,7 +7,6 @@
#include <stdio.h>
#include <unistd.h>
-#define OPENSSL_NO_SHA
#include <openssl/pem.h>
#include "2sysincludes.h"
diff --git a/host/lib/host_key.c b/host/lib/host_key.c
index 067a188..fed579a 100644
--- a/host/lib/host_key.c
+++ b/host/lib/host_key.c
@@ -7,7 +7,6 @@
/* TODO: change all 'return 0', 'return 1' into meaningful return codes */
-#define OPENSSL_NO_SHA
#include <openssl/pem.h>
#include <stdio.h>
diff --git a/host/lib/host_signature.c b/host/lib/host_signature.c
index 43766cf..68eba29 100644
--- a/host/lib/host_signature.c
+++ b/host/lib/host_signature.c
@@ -7,7 +7,6 @@
/* TODO: change all 'return 0', 'return 1' into meaningful return codes */
-#define OPENSSL_NO_SHA
#include <openssl/rsa.h>
#include <stdio.h>
diff --git a/host/lib/signature_digest.c b/host/lib/signature_digest.c
index c9e721e..dcc2cf2 100644
--- a/host/lib/signature_digest.c
+++ b/host/lib/signature_digest.c
@@ -3,7 +3,6 @@
* found in the LICENSE file.
*/
-#define OPENSSL_NO_SHA
#include <openssl/pem.h>
#include <stdio.h>
diff --git a/host/lib/util_misc.c b/host/lib/util_misc.c
index ecaf8ea..03ec683 100644
--- a/host/lib/util_misc.c
+++ b/host/lib/util_misc.c
@@ -5,7 +5,7 @@
* Miscellaneous functions for userspace vboot utilities.
*/
-#define OPENSSL_NO_SHA
+#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <stdio.h>
diff --git a/host/lib21/host_key.c b/host/lib21/host_key.c
index b18d018..f7ea162 100644
--- a/host/lib21/host_key.c
+++ b/host/lib21/host_key.c
@@ -7,7 +7,6 @@
#include <stdio.h>
-#define OPENSSL_NO_SHA
#include <openssl/pem.h>
#include "2sysincludes.h"
diff --git a/host/lib21/host_signature.c b/host/lib21/host_signature.c
index 50cc8f0..539a74b 100644
--- a/host/lib21/host_signature.c
+++ b/host/lib21/host_signature.c
@@ -5,7 +5,6 @@
* Host functions for signatures.
*/
-#define OPENSSL_NO_SHA
#include <openssl/rsa.h>
#include "2sysincludes.h"
diff --git a/utility/dumpRSAPublicKey.c b/utility/dumpRSAPublicKey.c
index e97fa02..b3b7b96 100644
--- a/utility/dumpRSAPublicKey.c
+++ b/utility/dumpRSAPublicKey.c
@@ -8,7 +8,6 @@
* /tools/DumpPublicKey.java). Uses the OpenSSL X509 and BIGNUM library.
*/
-#define OPENSSL_NO_SHA
#include <openssl/pem.h>
#include <stdint.h>
