render / rpms / edk2

Forked from rpms/edk2 2 months ago
Clone

Blame 0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch

59c3cd
From 7e6817e96a15f9ce32f0c9cf6326bb682672724c Mon Sep 17 00:00:00 2001
59c3cd
From: Laszlo Ersek <lersek@redhat.com>
59c3cd
Date: Sat, 16 Nov 2019 17:11:27 +0100
59c3cd
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
59c3cd
 (RH)
59c3cd
59c3cd
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
59c3cd
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
59c3cd
59c3cd
- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257
59c3cd
59c3cd
- Recreate the patch based on downstream commits:
59c3cd
59c3cd
  - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
59c3cd
                  in the INFs (RH)", 2020-06-05),
59c3cd
  - e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",
59c3cd
                  2020-11-23),
59c3cd
  - 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /
59c3cd
                  RHEL-8.4", 2020-11-23).
59c3cd
59c3cd
  (1) At e81751a1c303, downstream edk2 was in sync with upstream edk2
59c3cd
      consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2
59c3cd
      ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).
59c3cd
59c3cd
      Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF
59c3cd
      files, namely
59c3cd
59c3cd
      - CryptoPkg/Library/OpensslLib/OpensslLib.inf
59c3cd
      - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
59c3cd
59c3cd
      in the following commits only:
59c3cd
59c3cd
      - be01087e0780 ("CryptoPkg/Library: Remove the redundant build
59c3cd
        option", 2020-08-12), which did not affect the source file list at
59c3cd
        all,
59c3cd
59c3cd
      - b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate
59c3cd
        entropy in rand_pool", 2020-09-18), which replaced some of the
59c3cd
        *edk2-specific* "rand_pool_noise" source files with an RngLib
59c3cd
        dependency.
59c3cd
59c3cd
      This means that the list of required, actual OpenSSL source files
59c3cd
      has not changed in upstream edk2 since our downstream edk2 commit
59c3cd
      e81751a1c303.
59c3cd
59c3cd
  (2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),
59c3cd
      downstream edk2's OpenSSL dependency was satisfied with RHEL-8
59c3cd
      OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be
59c3cd
      shipped in RHEL-8.3.0.z", 2020-10-23).
59c3cd
59c3cd
      Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced
59c3cd
      (fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",
59c3cd
      2021-05-25), which is the current head of the rhel-8.5.0 branch.
59c3cd
      (See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)
59c3cd
59c3cd
      At both dist-git bdd048e929dc and dist-git a75722161d20, I built the
59c3cd
      respective RHEL-8 OpenSSL *source* RPM, and prepped the respective
59c3cd
      source tree, with "rpmbuild -bp". Subsequently I compared the
59c3cd
      prepped source trees recursively.
59c3cd
59c3cd
      - The following files disappeared:
59c3cd
59c3cd
        - 29 backup files created by "patch",
59c3cd
59c3cd
        - the assembly generator perl script called
59c3cd
          "ecp_nistz256-avx2.pl", which is not used during the build.
59c3cd
59c3cd
      - The following new files appeared:
59c3cd
59c3cd
        - 18 files directly or indirectly under the "test" subdirectory,
59c3cd
          which are not used during the build,
59c3cd
59c3cd
        - 5 backup files created by "patch",
59c3cd
59c3cd
        - 2 DCL scripts used when building OpenSSL on OpenVMS.
59c3cd
59c3cd
      This means that the total list of RHEL-8 OpenSSL source files has
59c3cd
      not changed in RHEL-8 OpenSSL dist-git since our downstream edk2
59c3cd
      commit 3e3fe5e62079.
59c3cd
59c3cd
  As a result, copy the "RHEL8-specific OpenSSL file list" sections
59c3cd
  verbatim from the INF files, at downstream commit e81751a1c303. (I used
59c3cd
  the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf
59c3cd
  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)
59c3cd
59c3cd
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
59c3cd
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
59c3cd
59c3cd
- "OpensslLib.inf":
59c3cd
59c3cd
  - Automatic leading context refresh against upstream commit c72ca4666886
59c3cd
    ("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing
59c3cd
    loop", 2020-03-10).
59c3cd
59c3cd
  - Manual trailing context refresh against upstream commit b49a6c8f80d9
59c3cd
    ("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).
59c3cd
59c3cd
- "OpensslLibCrypto.inf":
59c3cd
59c3cd
  - Automatic leading context refresh against upstream commits
59c3cd
    8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF
59c3cd
    file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update
59c3cd
    process_files.pl to generate .h files", 2019-10-30).
59c3cd
59c3cd
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
59c3cd
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
59c3cd
59c3cd
- new patch
59c3cd
59c3cd
The downstream changes in RHEL8's OpenSSL package, for example in
59c3cd
"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
59c3cd
preexistent code into those new files. In order to avoid undefined
59c3cd
references in link editing, we have to list the new files.
59c3cd
59c3cd
Note: "process_files.pl" is not re-run at this time manually, because
59c3cd
59c3cd
(a) "process_files.pl" would pollute the file list (and some of the
59c3cd
    auto-generated header files) with RHEL8-specific FIPS artifacts, which
59c3cd
    are explicitly unwanted in edk2,
59c3cd
59c3cd
(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
59c3cd
    of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
59c3cd
    and will help with future changes too.
59c3cd
59c3cd
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
59c3cd
(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
59c3cd
(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)
59c3cd
---
59c3cd
 CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 11 +++++++++++
59c3cd
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
59c3cd
 2 files changed, 22 insertions(+)
59c3cd
59c3cd
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
59c3cd
index b00bb74ce6..71e32f26ea 100644
59c3cd
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
59c3cd
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
59c3cd
@@ -570,6 +570,17 @@
59c3cd
   $(OPENSSL_PATH)/ssl/statem/statem.h
59c3cd
   $(OPENSSL_PATH)/ssl/statem/statem_local.h
59c3cd
 # Autogenerated files list ends here
59c3cd
+# RHEL8-specific OpenSSL file list starts here
59c3cd
+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
59c3cd
+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
59c3cd
+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
59c3cd
+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
59c3cd
+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
59c3cd
+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
59c3cd
+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
59c3cd
+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
59c3cd
+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
59c3cd
+# RHEL8-specific OpenSSL file list ends here
59c3cd
   buildinf.h
59c3cd
   ossl_store.c
59c3cd
   rand_pool.c
59c3cd
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
59c3cd
index 3557711bd8..003dcbad7a 100644
59c3cd
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
59c3cd
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
59c3cd
@@ -519,6 +519,17 @@
59c3cd
   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
59c3cd
   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
59c3cd
 # Autogenerated files list ends here
59c3cd
+# RHEL8-specific OpenSSL file list starts here
59c3cd
+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
59c3cd
+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
59c3cd
+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
59c3cd
+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
59c3cd
+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
59c3cd
+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
59c3cd
+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
59c3cd
+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
59c3cd
+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
59c3cd
+# RHEL8-specific OpenSSL file list ends here
59c3cd
   buildinf.h
59c3cd
   ossl_store.c
59c3cd
   rand_pool.c
59c3cd
-- 
59c3cd
2.27.0
59c3cd