Google Git
Sign in
android / platform / external / vboot_reference / d6759e4ce635fabf01e7919ef070e114d54b455b^! / .
commitd6759e4ce635fabf01e7919ef070e114d54b455b[log] [tgz]
authorAdam Langley <agl@google.com>Wed Apr 01 11:29:03 2015 -0700
committerAdam Langley <agl@google.com>Wed Apr 01 11:35:18 2015 -0700
treeda47155e1904661be32da14828c5c659d120f691
parent4e4c19602edf3834b50d66d3ba067e895aca6fa0 [diff]
vboot: fix name-collision with OpenSSL.

vboot currently uses the |SHA256_CTX| name, which is claimed by OpenSSL.
To work around this, it defines OPENSSL_NO_SHA, but that can't be done
at compile time:

The OPENSSL_NO_* defines are set by OpenSSL to reflect the configuration
that it was built with so that users of OpenSSL can disable features as
needed. They can affect the contents of structures any thus the ABI of
the library.

If these defines are set outside of OpenSSL, then the library and the
code that uses it will have incompatible ABIs. At that point it's only
functioning by blind luck.

This change renames the name-collisions so that this hack isn't needed.
This is the same change as was made internally in cl/85758149.

Change-Id: I709da2507f341896d89d50129ce30ffb111a20d1

diff --git a/Android.mk b/Android.mk
index 3fcd02f..02fd6da 100644
--- a/Android.mk
+++ b/Android.mk

@@ -24,8 +24,7 @@
 	$(LOCAL_PATH)/firmware/lib/tpm_lite/include \
 	$(LOCAL_PATH)/firmware/2lib/include \
 	$(LOCAL_PATH)/host/include \
-	$(LOCAL_PATH)/host/lib/include \
-	external/openssl/include
+	$(LOCAL_PATH)/host/lib/include
 
 # Firmware library sources needed by VbInit() call
 VBINIT_SRCS = \
@@ -108,6 +107,7 @@
 	$(UTILLIB_SRCS)
 
 LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_C_INCLUDES)
+LOCAL_STATIC_LIBRARIES := libcrypto_static
 
 include $(BUILD_HOST_STATIC_LIBRARY)
 
@@ -174,6 +174,6 @@
 LOCAL_GENERATED_SOURCES := $(generated_sources)/futility_cmds.c
 
 LOCAL_STATIC_LIBRARIES := libvboot_util-host
-LOCAL_SHARED_LIBRARIES := libssl-host libcrypto-host
+LOCAL_SHARED_LIBRARIES := libcrypto-host
 include $(BUILD_HOST_EXECUTABLE)
 

diff --git a/firmware/lib/cryptolib/include/sha.h b/firmware/lib/cryptolib/include/sha.h
index 3ff2b5b..47a9e5f 100644
--- a/firmware/lib/cryptolib/include/sha.h
+++ b/firmware/lib/cryptolib/include/sha.h

@@ -42,7 +42,7 @@
   uint32_t len;
   uint8_t block[2 * SHA256_BLOCK_SIZE];
   uint8_t buf[SHA256_DIGEST_SIZE];  /* Used for storing the final digest. */
-} SHA256_CTX;
+} VB_SHA256_CTX;
 
 typedef struct {
   uint64_t h[8];
@@ -50,20 +50,20 @@
   uint32_t len;
   uint8_t block[2 * SHA512_BLOCK_SIZE];
   uint8_t buf[SHA512_DIGEST_SIZE];  /* Used for storing the final digest. */
-} SHA512_CTX;
+} VB_SHA512_CTX;
 
 
 void SHA1_init(SHA1_CTX* ctx);
 void SHA1_update(SHA1_CTX* ctx, const uint8_t* data, uint64_t len);
 uint8_t* SHA1_final(SHA1_CTX* ctx);
 
-void SHA256_init(SHA256_CTX* ctx);
-void SHA256_update(SHA256_CTX* ctx, const uint8_t* data, uint32_t len);
-uint8_t* SHA256_final(SHA256_CTX* ctx);
+void SHA256_init(VB_SHA256_CTX* ctx);
+void SHA256_update(VB_SHA256_CTX* ctx, const uint8_t* data, uint32_t len);
+uint8_t* SHA256_final(VB_SHA256_CTX* ctx);
 
-void SHA512_init(SHA512_CTX* ctx);
-void SHA512_update(SHA512_CTX* ctx, const uint8_t* data, uint32_t len);
-uint8_t* SHA512_final(SHA512_CTX* ctx);
+void SHA512_init(VB_SHA512_CTX* ctx);
+void SHA512_update(VB_SHA512_CTX* ctx, const uint8_t* data, uint32_t len);
+uint8_t* SHA512_final(VB_SHA512_CTX* ctx);
 
 /* Convenience function for SHA-1.  Computes hash on [data] of length [len].
  * and stores it into [digest]. [digest] should be pre-allocated to
@@ -95,8 +95,8 @@
  */
 typedef struct DigestContext {
   SHA1_CTX* sha1_ctx;
-  SHA256_CTX* sha256_ctx;
-  SHA512_CTX* sha512_ctx;
+  VB_SHA256_CTX* sha256_ctx;
+  VB_SHA512_CTX* sha512_ctx;
   int algorithm;  /* Hashing algorithm to use. */
 } DigestContext;
 

diff --git a/firmware/lib/cryptolib/sha256.c b/firmware/lib/cryptolib/sha256.c
index 664b876..128e356 100644
--- a/firmware/lib/cryptolib/sha256.c
+++ b/firmware/lib/cryptolib/sha256.c

@@ -108,7 +108,7 @@
 
 
 /* SHA-256 implementation */
-void SHA256_init(SHA256_CTX *ctx) {
+void SHA256_init(VB_SHA256_CTX *ctx) {
 #ifndef UNROLL_LOOPS
     int i;
     for (i = 0; i < 8; i++) {
@@ -126,7 +126,7 @@
 }
 
 
-static void SHA256_transform(SHA256_CTX* ctx, const uint8_t* message,
+static void SHA256_transform(VB_SHA256_CTX* ctx, const uint8_t* message,
                              unsigned int block_nb) {
   uint32_t w[64];
   uint32_t wv[8];
@@ -242,7 +242,7 @@
 
 
 
-void SHA256_update(SHA256_CTX* ctx, const uint8_t* data, uint32_t len) {
+void SHA256_update(VB_SHA256_CTX* ctx, const uint8_t* data, uint32_t len) {
     unsigned int block_nb;
     unsigned int new_len, rem_len, tmp_len;
     const uint8_t *shifted_data;
@@ -274,7 +274,7 @@
     ctx->tot_len += (block_nb + 1) << 6;
 }
 
-uint8_t* SHA256_final(SHA256_CTX* ctx) {
+uint8_t* SHA256_final(VB_SHA256_CTX* ctx) {
     unsigned int block_nb;
     unsigned int pm_len;
     unsigned int len_b;
@@ -317,7 +317,7 @@
   const uint8_t* result;
   uint64_t remaining_len;
   int i;
-  SHA256_CTX ctx;
+  VB_SHA256_CTX ctx;
 
   SHA256_init(&ctx);
 

diff --git a/firmware/lib/cryptolib/sha512.c b/firmware/lib/cryptolib/sha512.c
index 96b2bef..33d47a1 100644
--- a/firmware/lib/cryptolib/sha512.c
+++ b/firmware/lib/cryptolib/sha512.c

@@ -151,7 +151,7 @@
 
 /* SHA-512 implementation */
 
-void SHA512_init(SHA512_CTX *ctx) {
+void SHA512_init(VB_SHA512_CTX *ctx) {
 #ifdef UNROLL_LOOPS_SHA512
     ctx->h[0] = sha512_h0[0]; ctx->h[1] = sha512_h0[1];
     ctx->h[2] = sha512_h0[2]; ctx->h[3] = sha512_h0[3];
@@ -169,7 +169,7 @@
 }
 
 
-static void SHA512_transform(SHA512_CTX* ctx, const uint8_t* message,
+static void SHA512_transform(VB_SHA512_CTX* ctx, const uint8_t* message,
                              unsigned int block_nb) {
   uint64_t w[80];
   uint64_t wv[8];
@@ -263,7 +263,7 @@
 }
 
 
-void SHA512_update(SHA512_CTX* ctx, const uint8_t* data,
+void SHA512_update(VB_SHA512_CTX* ctx, const uint8_t* data,
                    uint32_t len) {
     unsigned int block_nb;
     unsigned int new_len, rem_len, tmp_len;
@@ -296,7 +296,7 @@
     ctx->tot_len += (block_nb + 1) << 7;
 }
 
-uint8_t* SHA512_final(SHA512_CTX* ctx)
+uint8_t* SHA512_final(VB_SHA512_CTX* ctx)
 {
     unsigned int block_nb;
     unsigned int pm_len;
@@ -341,7 +341,7 @@
   const uint8_t* result;
   uint64_t remaining_len;
   int i;
-  SHA512_CTX ctx;
+  VB_SHA512_CTX ctx;
   SHA512_init(&ctx);
 
   input_ptr = data;

diff --git a/firmware/lib/cryptolib/sha_utility.c b/firmware/lib/cryptolib/sha_utility.c
index 6c7aa49..38bce14 100644
--- a/firmware/lib/cryptolib/sha_utility.c
+++ b/firmware/lib/cryptolib/sha_utility.c

@@ -21,12 +21,12 @@
       break;
 #endif
     case SHA256_DIGEST_ALGORITHM:
-      ctx->sha256_ctx = (SHA256_CTX*) VbExMalloc(sizeof(SHA256_CTX));
+      ctx->sha256_ctx = (VB_SHA256_CTX*) VbExMalloc(sizeof(VB_SHA256_CTX));
       SHA256_init(ctx->sha256_ctx);
       break;
 #ifndef CHROMEOS_EC
     case SHA512_DIGEST_ALGORITHM:
-      ctx->sha512_ctx = (SHA512_CTX*) VbExMalloc(sizeof(SHA512_CTX));
+      ctx->sha512_ctx = (VB_SHA512_CTX*) VbExMalloc(sizeof(VB_SHA512_CTX));
       SHA512_init(ctx->sha512_ctx);
       break;
 #endif

diff --git a/futility/cmd_create.c b/futility/cmd_create.c
index f4eb3f2..bd155d4 100644
--- a/futility/cmd_create.c
+++ b/futility/cmd_create.c

@@ -7,7 +7,6 @@
 #include <stdio.h>
 #include <unistd.h>
 
-#define OPENSSL_NO_SHA
 #include <openssl/pem.h>
 
 #include "2sysincludes.h"

diff --git a/host/lib/host_key.c b/host/lib/host_key.c
index 067a188..fed579a 100644
--- a/host/lib/host_key.c
+++ b/host/lib/host_key.c

@@ -7,7 +7,6 @@
 
 /* TODO: change all 'return 0', 'return 1' into meaningful return codes */
 
-#define OPENSSL_NO_SHA
 #include <openssl/pem.h>
 
 #include <stdio.h>

diff --git a/host/lib/host_signature.c b/host/lib/host_signature.c
index 43766cf..68eba29 100644
--- a/host/lib/host_signature.c
+++ b/host/lib/host_signature.c

@@ -7,7 +7,6 @@
 
 /* TODO: change all 'return 0', 'return 1' into meaningful return codes */
 
-#define OPENSSL_NO_SHA
 #include <openssl/rsa.h>
 
 #include <stdio.h>

diff --git a/host/lib/signature_digest.c b/host/lib/signature_digest.c
index c9e721e..dcc2cf2 100644
--- a/host/lib/signature_digest.c
+++ b/host/lib/signature_digest.c

@@ -3,7 +3,6 @@
  * found in the LICENSE file.
  */
 
-#define OPENSSL_NO_SHA
 #include <openssl/pem.h>
 
 #include <stdio.h>

diff --git a/host/lib/util_misc.c b/host/lib/util_misc.c
index d2c21f5..e75251e 100644
--- a/host/lib/util_misc.c
+++ b/host/lib/util_misc.c

@@ -5,7 +5,7 @@
  * Miscellaneous functions for userspace vboot utilities.
  */
 
-#define OPENSSL_NO_SHA
+#include <openssl/bn.h>
 #include <openssl/rsa.h>
 
 #include <stdio.h>

diff --git a/host/lib21/host_key.c b/host/lib21/host_key.c
index 4acba9c..2a53b1f 100644
--- a/host/lib21/host_key.c
+++ b/host/lib21/host_key.c

@@ -7,7 +7,6 @@
 
 #include <stdio.h>
 
-#define OPENSSL_NO_SHA
 #include <openssl/pem.h>
 
 #include "2sysincludes.h"

diff --git a/host/lib21/host_signature.c b/host/lib21/host_signature.c
index 11785c7..6b7ba8f 100644
--- a/host/lib21/host_signature.c
+++ b/host/lib21/host_signature.c

@@ -5,7 +5,6 @@
  * Host functions for signatures.
  */
 
-#define OPENSSL_NO_SHA
 #include <openssl/rsa.h>
 
 #include "2sysincludes.h"

diff --git a/utility/dumpRSAPublicKey.c b/utility/dumpRSAPublicKey.c
index e97fa02..b3b7b96 100644
--- a/utility/dumpRSAPublicKey.c
+++ b/utility/dumpRSAPublicKey.c

@@ -8,7 +8,6 @@
  * /tools/DumpPublicKey.java). Uses the OpenSSL X509 and BIGNUM library.
  */
 
-#define OPENSSL_NO_SHA
 #include <openssl/pem.h>
 
 #include <stdint.h>