render / rpms / edk2

Forked from rpms/edk2 2 months ago
Clone

Blame SOURCES/0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch

c49882
From e0b349962f12a500afa449900a81440a96ca21f4 Mon Sep 17 00:00:00 2001
6009e6
From: Laszlo Ersek <lersek@redhat.com>
6009e6
Date: Sat, 16 Nov 2019 17:11:27 +0100
6009e6
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
6009e6
 (RH)
6009e6
94daa4
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
94daa4
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
94daa4
94daa4
- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257
94daa4
94daa4
- Recreate the patch based on downstream commits:
94daa4
94daa4
  - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
94daa4
                  in the INFs (RH)", 2020-06-05),
94daa4
  - e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",
94daa4
                  2020-11-23),
94daa4
  - 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /
94daa4
                  RHEL-8.4", 2020-11-23).
94daa4
94daa4
  (1) At e81751a1c303, downstream edk2 was in sync with upstream edk2
94daa4
      consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2
94daa4
      ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).
94daa4
94daa4
      Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF
94daa4
      files, namely
94daa4
94daa4
      - CryptoPkg/Library/OpensslLib/OpensslLib.inf
94daa4
      - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
94daa4
94daa4
      in the following commits only:
94daa4
94daa4
      - be01087e0780 ("CryptoPkg/Library: Remove the redundant build
94daa4
        option", 2020-08-12), which did not affect the source file list at
94daa4
        all,
94daa4
94daa4
      - b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate
94daa4
        entropy in rand_pool", 2020-09-18), which replaced some of the
94daa4
        *edk2-specific* "rand_pool_noise" source files with an RngLib
94daa4
        dependency.
94daa4
94daa4
      This means that the list of required, actual OpenSSL source files
94daa4
      has not changed in upstream edk2 since our downstream edk2 commit
94daa4
      e81751a1c303.
94daa4
94daa4
  (2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),
94daa4
      downstream edk2's OpenSSL dependency was satisfied with RHEL-8
94daa4
      OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be
94daa4
      shipped in RHEL-8.3.0.z", 2020-10-23).
94daa4
94daa4
      Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced
94daa4
      (fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",
94daa4
      2021-05-25), which is the current head of the rhel-8.5.0 branch.
94daa4
      (See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)
94daa4
94daa4
      At both dist-git bdd048e929dc and dist-git a75722161d20, I built the
94daa4
      respective RHEL-8 OpenSSL *source* RPM, and prepped the respective
94daa4
      source tree, with "rpmbuild -bp". Subsequently I compared the
94daa4
      prepped source trees recursively.
94daa4
94daa4
      - The following files disappeared:
94daa4
94daa4
        - 29 backup files created by "patch",
94daa4
94daa4
        - the assembly generator perl script called
94daa4
          "ecp_nistz256-avx2.pl", which is not used during the build.
94daa4
94daa4
      - The following new files appeared:
94daa4
94daa4
        - 18 files directly or indirectly under the "test" subdirectory,
94daa4
          which are not used during the build,
94daa4
94daa4
        - 5 backup files created by "patch",
94daa4
94daa4
        - 2 DCL scripts used when building OpenSSL on OpenVMS.
94daa4
94daa4
      This means that the total list of RHEL-8 OpenSSL source files has
94daa4
      not changed in RHEL-8 OpenSSL dist-git since our downstream edk2
94daa4
      commit 3e3fe5e62079.
94daa4
94daa4
  As a result, copy the "RHEL8-specific OpenSSL file list" sections
94daa4
  verbatim from the INF files, at downstream commit e81751a1c303. (I used
94daa4
  the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf
94daa4
  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)
94daa4
3e2dc0
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
3e2dc0
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
3e2dc0
3e2dc0
- "OpensslLib.inf":
3e2dc0
3e2dc0
  - Automatic leading context refresh against upstream commit c72ca4666886
3e2dc0
    ("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing
3e2dc0
    loop", 2020-03-10).
3e2dc0
3e2dc0
  - Manual trailing context refresh against upstream commit b49a6c8f80d9
3e2dc0
    ("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).
3e2dc0
3e2dc0
- "OpensslLibCrypto.inf":
3e2dc0
3e2dc0
  - Automatic leading context refresh against upstream commits
3e2dc0
    8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF
3e2dc0
    file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update
3e2dc0
    process_files.pl to generate .h files", 2019-10-30).
3e2dc0
6009e6
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
6009e6
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
6009e6
6009e6
- new patch
6009e6
6009e6
The downstream changes in RHEL8's OpenSSL package, for example in
6009e6
"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
6009e6
preexistent code into those new files. In order to avoid undefined
6009e6
references in link editing, we have to list the new files.
6009e6
6009e6
Note: "process_files.pl" is not re-run at this time manually, because
6009e6
6009e6
(a) "process_files.pl" would pollute the file list (and some of the
6009e6
    auto-generated header files) with RHEL8-specific FIPS artifacts, which
6009e6
    are explicitly unwanted in edk2,
6009e6
6009e6
(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
6009e6
    of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
6009e6
    and will help with future changes too.
6009e6
6009e6
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
3e2dc0
(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
94daa4
(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)
6009e6
---
6009e6
 CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 11 +++++++++++
6009e6
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
6009e6
 2 files changed, 22 insertions(+)
6009e6
6009e6
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
c49882
index d84bde056a..19913a4ac6 100644
6009e6
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
6009e6
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
3e2dc0
@@ -570,6 +570,17 @@
3e2dc0
   $(OPENSSL_PATH)/ssl/statem/statem.h
94daa4
   $(OPENSSL_PATH)/ssl/statem/statem_local.h
6009e6
 # Autogenerated files list ends here
6009e6
+# RHEL8-specific OpenSSL file list starts here
6009e6
+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
6009e6
+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
6009e6
+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
6009e6
+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
6009e6
+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
6009e6
+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
6009e6
+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
6009e6
+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
6009e6
+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
6009e6
+# RHEL8-specific OpenSSL file list ends here
3e2dc0
   buildinf.h
6009e6
   ossl_store.c
94daa4
   rand_pool.c
6009e6
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
c49882
index cdeed0d073..5057857e8d 100644
6009e6
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
6009e6
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
3e2dc0
@@ -519,6 +519,17 @@
3e2dc0
   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
3e2dc0
   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
6009e6
 # Autogenerated files list ends here
6009e6
+# RHEL8-specific OpenSSL file list starts here
6009e6
+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
6009e6
+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
6009e6
+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
6009e6
+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
6009e6
+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
6009e6
+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
6009e6
+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
6009e6
+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
6009e6
+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
6009e6
+# RHEL8-specific OpenSSL file list ends here
6009e6
   buildinf.h
6009e6
   ossl_store.c
94daa4
   rand_pool.c
6009e6
-- 
94daa4
2.27.0
6009e6