Changeset 95676 in vbox

Timestamp:

Jul 17, 2022 3:01:19 AM (2 years ago)

Author:

vboxsync

Message:

/Config.kmk,openssl,RTSignTool: Build bldRTSignTool with signing capability on windows. bugref:8691

Location:

trunk

Files:

• Config.kmk (modified) (2 diffs)
• src/VBox/Runtime/tools/Makefile.kmk (modified) (1 diff)
• src/VBox/Runtime/tools/RTSignTool.cpp (modified) (9 diffs)
• src/libs/openssl-3.0.3/Config.kmk (modified) (1 diff)
• src/libs/openssl-3.0.3/crypto/Makefile.kmk (modified) (1 diff)
• src/libs/openssl-3.0.3/providers/Makefile.kmk (modified) (1 diff)
• src/libs/openssl-3.0.3/ssl/Makefile.kmk (modified) (1 diff)

trunk/Config.kmk

@@ -903 +903 @@
 # Enables full VM encryption support @bugref{9955}.
 VBOX_WITH_FULL_VM_ENCRYPTION = 1
+# Enables the 'sign' command in bldRTSignTool.  We may need this on windows.
+if1of ($(KBUILD_TARGET), win)
+ VBOX_WITH_BLD_RTSIGNTOOL_SIGNING = 1
+endif
 ## @}
 
@@ -4779 +4783 @@
         $(PATH_STAGE_LIB)/VBox-libssl-x86$(VBOX_SUFF_LIB) \
         $(PATH_STAGE_LIB)/VBox-libcrypto-x86$(VBOX_SUFF_LIB)
+
+ifdef VBOX_WITH_BLD_RTSIGNTOOL_SIGNING
+ SDK_VBOX_OPENSSL_BLDPROG               := OpenSSL - Build tools verison (i.e. bldRTSignTool)
+ SDK_VBOX_OPENSSL_BLDPROG_INCS          ?= $(SDK_VBOX_OPENSSL_VBOX_DEFAULT_INCS)
+ SDK_VBOX_OPENSSL_BLDPROG_ORDERDEPS     ?= $(crypto-headers_1_TARGET)
+ if  !defined(VBOX_ONLY_SDK) \
+  && ("$(SDK_VBOX_OPENSSL_INCS)" == "$(SDK_VBOX_OPENSSL_VBOX_DEFAULT_INCS)")
+  SDK_VBOX_OPENSSL_BLDPROG_DEPS         ?= $(SDK_VBOX_OPENSSL_INCS)/openssl/openssl-mangling.h
+ endif
+ SDK_VBOX_OPENSSL_BLDPROG_LIBS          ?= \
+        $(PATH_STAGE_LIB)/VBoxBldProg-libssl$(VBOX_SUFF_LIB) \
+        $(PATH_STAGE_LIB)/VBoxBldProg-libcrypto$(VBOX_SUFF_LIB)
+endif
 
 SDK_VBOX_OPENSSL2              := This is what you should be using!  It links against VBoxRT.

trunk/src/VBox/Runtime/tools/Makefile.kmk

@@ -74 +74 @@
   # RTSignTool - Signing utility - build version.  Signed on windows so we can get the certificate from it.
   BLDPROGS += bldRTSignTool
-  bldRTSignTool_TEMPLATE := VBoxAdvBldProg
-  bldRTSignTool_INCS     := ../include
-  bldRTSignTool_SOURCES  := RTSignTool.cpp
-  bldRTSignTool_DEFS     := IPRT_IN_BUILD_TOOL
-  bldRTSignTool_LIBS.win := Crypt32.lib NCrypt.lib
+  bldRTSignTool_TEMPLATE  := VBoxAdvBldProg
+  bldRTSignTool_INCS      := ../include
+  bldRTSignTool_SOURCES   := RTSignTool.cpp
+  bldRTSignTool_DEFS      := IPRT_IN_BUILD_TOOL
+  bldRTSignTool_LIBS.win  := Crypt32.lib NCrypt.lib
   bldRTSignTool_POST_CMDS.win = $(VBOX_SIGN_IMAGE_CMDS)
   if defined(VBOX_WITH_DARWIN_R0_DARWIN_IMAGE_VERIFICATION) && defined(VBOX_SIGNING_MODE)
    bldRTSignTool_POST_CMDS.darwin = $(call VBOX_SIGN_MACHO_FN,$(out),org.virtualbox.org.bldtool.$(target))
+  endif
+  ifndef VBOX_WITH_BLD_RTSIGNTOOL_SIGNING
+   bldRTSignTool_DEFS     += IPRT_SIGNTOOL_NO_SIGNING
+  else # RuntimeBldProg is missing a lot and is built w/o IPRT_WITH_OPENSSL. So, include missing and rebuilt openssl deps.
+   bldRTSignTool_SDKS     += VBOX_OPENSSL_BLDPROG
+   bldRTSignTool_DEFS     += IPRT_WITH_OPENSSL
+   bldRTSignTool_SOURCES  += \
+       ../common/string/RTStrICmpAscii.cpp \
+        ../common/checksum/alt-sha3.cpp \
+       ../common/crypto/store-inmem.cpp \
+       ../common/crypto/store-cert-add-basic.cpp \
+       ../common/crypto/rsa-core.cpp \
+       ../common/crypto/rsa-asn1-decoder.cpp \
+       ../common/crypto/rsa-init.cpp \
+       ../common/crypto/rsa-sanity.cpp \
+       ../common/crypto/RTCrStoreCertAddFromJavaKeyStore.cpp \
+       ../common/crypto/pkix-signature-core.cpp \
+       ../common/crypto/pkix-signature-builtin.cpp \
+       ../common/crypto/pkix-signature-rsa.cpp \
+       \
+       ../common/crypto/store.cpp \
+       ../common/crypto/digest-builtin.cpp \
+        ../common/crypto/iprt-openssl.cpp\
+       ../common/crypto/key.cpp \
+       ../common/crypto/key-file.cpp \
+        ../common/crypto/key-openssl.cpp \
+        ../common/crypto/pkcs7-core.cpp \
+        ../common/crypto/pkcs7-sign.cpp \
+        ../common/crypto/RTCrRandBytes-openssl.cpp
+
   endif
  endif

trunk/src/VBox/Runtime/tools/RTSignTool.cpp

@@ -1562 +1562 @@
 }
 
-#ifndef IPRT_IN_BUILD_TOOL
+#ifndef IPRT_SIGNTOOL_NO_SIGNING
 
 static PRTCRPKCS7ATTRIBUTE SignToolPkcs7_AuthAttribAppend(PRTCRPKCS7ATTRIBUTES pAuthAttribs)
@@ -2628 +2628 @@
 }
 
-#endif /* !IPRT_IN_BUILD_TOOL */
+#endif /* !IPRT_SIGNTOOL_NO_SIGNING */
 
 
@@ -3098 +3098 @@
 *   Option handlers shared by 'sign-exe', 'sign-cat', 'add-timestamp-exe-signature' and others.                                  *
 *********************************************************************************************************************************/
-#ifndef IPRT_IN_BUILD_TOOL
+#ifndef IPRT_SIGNTOOL_NO_SIGNING
 
 static RTEXITCODE HandleOptAddCert(PRTCRSTORE phStore, const char *pszFile)
@@ -3337 +3337 @@
 }
 
-#endif /* !IPRT_IN_BUILD_TOOL */
+#endif /* !IPRT_SIGNTOOL_NO_SIGNING */
 
 
@@ -3343 +3343 @@
 *   The 'add-timestamp-exe-signature' command.                                                                                   *
 *********************************************************************************************************************************/
-#ifndef IPRT_IN_BUILD_TOOL
+#ifndef IPRT_SIGNTOOL_NO_SIGNING
 
 static RTEXITCODE HelpAddTimestampExeSignature(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
@@ -3448 +3448 @@
 }
 
-#endif /*!IPRT_IN_BUILD_TOOL */
+#endif /*!IPRT_SIGNTOOL_NO_SIGNING */
 
 
@@ -3454 +3454 @@
 *   The 'sign-exe' command.                                                                                   *
 *********************************************************************************************************************************/
-#ifndef IPRT_IN_BUILD_TOOL
+#ifndef IPRT_SIGNTOOL_NO_SIGNING
 
 static RTEXITCODE HelpSign(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
@@ -3628 +3628 @@
 }
 
-#endif /*!IPRT_IN_BUILD_TOOL */
+#endif /*!IPRT_SIGNTOOL_NO_SIGNING */
 
 
@@ -5206 +5206 @@
     { "add-nested-exe-signature",       HandleAddNestedExeSignature,        HelpAddNestedExeSignature },
     { "add-nested-cat-signature",       HandleAddNestedCatSignature,        HelpAddNestedCatSignature },
-#ifndef IPRT_IN_BUILD_TOOL
+#ifndef IPRT_SIGNTOOL_NO_SIGNING
     { "add-timestamp-exe-signature",    HandleAddTimestampExeSignature,     HelpAddTimestampExeSignature },
     { "sign",                           HandleSign,                         HelpSign },

trunk/src/libs/openssl-3.0.3/Config.kmk

@@ -320 +320 @@
 TEMPLATE_LIBCRYPTOTST_LIBS    = $(PATH_STAGE_LIB)/VBox-libcrypto$(VBOX_SUFF_LIB) $(TEMPLATE_VBOXR3TSTEXE_LIBS)
 
+
+ifdef VBOX_WITH_BLD_RTSIGNTOOL_SIGNING
+#
+# Build program versions of LIBCRYPTO and SUBLIBCRYPTO for bldRTSignTool.
+#
+TEMPLATE_VBoxLibCryptoBldProg = Build program template the OpenSSL crypto library.
+TEMPLATE_VBoxLibCryptoBldProg_EXTENDS       := VBoxAdvBldProg
+TEMPLATE_VBoxLibCryptoBldProg_DEFS           = $(TEMPLATE_VBoxAdvBldProg_DEFS) $(TEMPLATE_LIBCRYPTO_DEFS)
+TEMPLATE_VBoxLibCryptoBldProg_CFLAGS.win     = $(TEMPLATE_VBoxAdvBldProg_CFLAGS.win) $(subst $(TEMPLATE_VBoxR3RuntimeDllNonPedantic_CFLAGS.win),, $(TEMPLATE_LIBCRYPTO_CFLAGS.win))
+TEMPLATE_VBoxLibCryptoBldProg_CFLAGS.win    += -wd4057 # refcount.h(137): warning C4057: 'function': 'volatile long *' differs in indirection to slightly different base types from 'volatile int *'
+TEMPLATE_VBoxLibCryptoBldProg_CFLAGS.win    += -wd4100 # refcount.h(135): warning C4100: 'lock': unreferenced formal parameter
+TEMPLATE_VBoxLibCryptoBldProg_CFLAGS.win    += -wd4132 # curve25519.c(5497): warning C4132: 'allzeroes': const object should be initialized
+TEMPLATE_VBoxLibCryptoBldProg_CFLAGS.win    += -wd4189 # eng_list.c(373): warning C4189: 'load_dir': local variable is initialized but not referenced
+TEMPLATE_VBoxLibCryptoBldProg_CFLAGS.win    += -wd4245 # bn_div.c(353): warning C4245: '=': conversion from '__int64' to 'unsigned __int64', signed/unsigned mismatch
+TEMPLATE_VBoxLibCryptoBldProg_CFLAGS.win    += -wd4255 # ctype.c(314): warning C4255: 'ossl_c_locale': no function prototype given: converting '()' to '(void)'
+TEMPLATE_VBoxLibCryptoBldProg_CFLAGS.win    += -wd4267 # p12_utl.c(23): warning C4267: '=': conversion from 'size_t' to 'int', possible loss of data
+TEMPLATE_VBoxLibCryptoBldProg_CFLAGS.win    += -wd4389 # encoder_pkey.c(110): warning C4389: '!=': signed/unsigned mismatch
+TEMPLATE_VBoxLibCryptoBldProg_CFLAGS.win    += -wd4668 # limits.h(70): warning C4668: '__STDC_WANT_SECURE_LIB__' is not defined as a preprocessor macro, replacing with '0' for '#if/#elif'
+TEMPLATE_VBoxLibCryptoBldProg_CFLAGS.win    += -wd4702 # ctrl_params_translate.c(681) : warning C4702: unreachable code
+TEMPLATE_VBoxLibCryptoBldProg_CFLAGS.freebsd = $(TEMPLATE_VBoxAdvBldProg_CFLAGS.freebsd) $(subst $(TEMPLATE_VBoxR3RuntimeDllNonPedantic_CFLAGS.freebsd),, $(TEMPLATE_LIBCRYPTO_CFLAGS.freebsd))
+TEMPLATE_VBoxLibCryptoBldProg_INCS           = $(TEMPLATE_LIBCRYPTO_INCS) $(TEMPLATE_VBoxAdvBldProg_INCS)
+TEMPLATE_VBoxLibCryptoBldProg_INTERMEDIATES  = $(TEMPLATE_VBoxAdvBldProg_INTERMEDIATES) $(TEMPLATE_LIBCRYPTO_INTERMEDIATES)
+
+TEMPLATE_VBoxSubLibCryptoBldProg = Build program template a OpenSSL crypto sub-library.
+TEMPLATE_VBoxSubLibCryptoBldProg_EXTENDS    := VBoxLibCryptoBldProg
+TEMPLATE_VBoxSubLibCryptoBldProg_INSTTYPE    = none
+endif # VBOX_WITH_BLD_RTSIGNTOOL_SIGNING
+
+
 #
 # 32-bit version of LIBCRYPTO and SUBLIBCRYPTO.

trunk/src/libs/openssl-3.0.3/crypto/Makefile.kmk

@@ -153 +153 @@
 
 
+ifdef VBOX_WITH_BLD_RTSIGNTOOL_SIGNING
+#
+# The build program libcrypto version.
+#
+LIBRARIES += VBoxBldProg-libcrypto
+VBoxBldProg-libcrypto          = For bldRTSignTool
+VBoxBldProg-libcrypto_EXTENDS  = VBox-libcrypto
+VBoxBldProg-libcrypto_TEMPLATE = VBoxLibCryptoBldProg
+VBoxBldProg-libcrypto_DEFS     = $(VBox-libcrypto_DEFS)
+VBoxBldProg-libcrypto_SOURCES  = \
+        $(filter %.c %.cpp,$(VBox-libcrypto_SOURCES)) \
+        $(PATH_STAGE_LIB)/VBoxBldProg-libproviders$(VBOX_SUFF_LIB) \
+        $(foreach sublib,$(VBOX_CRYPTO_SUBLIBS), $(VBoxBldProg-$(sublib)_1_TARGET))
+define def_VBoxBldProg_libcrypto_inherit
+ LIBRARIES += VBoxBldProg-$(sublib)
+ VBoxBldProg-$(sublib) = bldRTSignTool version of $(sublib)
+ VBoxBldProg-$(sublib)_EXTENDS    = $(sublib)
+ VBoxBldProg-$(sublib)_EXTENDS_BY = appending
+ VBoxBldProg-$(sublib)_TEMPLATE   = VBoxSubLibCryptoBldProg
+ VBoxBldProg-$(sublib)_DEFPATH    = $($(sublib)_DEFPATH)
+ ## @todo kBuild: DEFPATH isn't inherited! FIXME!
+endef
+$(foreach sublib,$(VBOX_CRYPTO_SUBLIBS), $(eval $(def_VBoxBldProg_libcrypto_inherit)))
+
+endif # VBOX_WITH_BLD_RTSIGNTOOL_SIGNING
+
+
 #
 # ...

trunk/src/libs/openssl-3.0.3/providers/Makefile.kmk

@@ -75 +75 @@
 endif
 
+
+ifdef VBOX_WITH_BLD_RTSIGNTOOL_SIGNING
+#
+# The build program libproviders version.
+#
+LIBRARIES += VBoxBldProg-libproviders
+VBoxBldProg-libproviders          = For bldRTSignTool
+VBoxBldProg-libproviders_EXTENDS  = VBox-libproviders
+VBoxBldProg-libproviders_TEMPLATE = VBoxLibCryptoBldProg
+VBoxBldProg-libproviders_SOURCES  = \
+        $(filter %.c,$(VBox-libproviders_SOURCES)) \
+        $(foreach sublib,$(VBOX_CRYPTO_PROVIDERS_SUBLIBS), $(VBoxBldProg-$(sublib)_1_TARGET))
+
+define def_VBoxBldProg_libproviders_inherit
+ LIBRARIES += VBoxBldProg-$(sublib)
+ VBoxBldProg-$(sublib) = bldRTSignTool version of $(sublib)
+ VBoxBldProg-$(sublib)_EXTENDS    = $(sublib)
+ VBoxBldProg-$(sublib)_EXTENDS_BY = appending
+ VBoxBldProg-$(sublib)_TEMPLATE   = VBoxSubLibCryptoBldProg
+ VBoxBldProg-$(sublib)_DEFPATH    = $($(sublib)_DEFPATH)
+ ## @todo kBuild: DEFPATH isn't inherited! FIXME!
+endef
+$(foreach sublib,$(VBOX_CRYPTO_PROVIDERS_SUBLIBS), $(eval $(def_VBoxBldProg_libproviders_inherit)))
+
+endif # VBOX_WITH_BLD_RTSIGNTOOL_SIGNING
+
+
 include $(FILE_KBUILD_SUB_FOOTER)
 

trunk/src/libs/openssl-3.0.3/ssl/Makefile.kmk

@@ -91 +91 @@
 endif
 
+
+ifdef VBOX_WITH_BLD_RTSIGNTOOL_SIGNING
+ #
+ # The build program version.
+ #
+ LIBRARIES += VBoxBldProg-libssl
+ VBoxBldProg-libssl_EXTENDS = VBox-libssl
+ VBoxBldProg-libssl_TEMPLATE = VBoxLibCryptoBldProg
+endif # VBOX_WITH_BLD_RTSIGNTOOL_SIGNING
+
 include $(FILE_KBUILD_SUB_FOOTER)