render / rpms / edk2

Forked from rpms/edk2 2 months ago
Clone

Blame SOURCES/0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch

ea838b
From e0b349962f12a500afa449900a81440a96ca21f4 Mon Sep 17 00:00:00 2001
63d87e
From: Laszlo Ersek <lersek@redhat.com>
63d87e
Date: Sat, 16 Nov 2019 17:11:27 +0100
63d87e
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
63d87e
 (RH)
63d87e
9e1c84
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
9e1c84
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
9e1c84
9e1c84
- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257
9e1c84
9e1c84
- Recreate the patch based on downstream commits:
9e1c84
9e1c84
  - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
9e1c84
                  in the INFs (RH)", 2020-06-05),
9e1c84
  - e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",
9e1c84
                  2020-11-23),
9e1c84
  - 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /
9e1c84
                  RHEL-8.4", 2020-11-23).
9e1c84
9e1c84
  (1) At e81751a1c303, downstream edk2 was in sync with upstream edk2
9e1c84
      consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2
9e1c84
      ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).
9e1c84
9e1c84
      Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF
9e1c84
      files, namely
9e1c84
9e1c84
      - CryptoPkg/Library/OpensslLib/OpensslLib.inf
9e1c84
      - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
9e1c84
9e1c84
      in the following commits only:
9e1c84
9e1c84
      - be01087e0780 ("CryptoPkg/Library: Remove the redundant build
9e1c84
        option", 2020-08-12), which did not affect the source file list at
9e1c84
        all,
9e1c84
9e1c84
      - b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate
9e1c84
        entropy in rand_pool", 2020-09-18), which replaced some of the
9e1c84
        *edk2-specific* "rand_pool_noise" source files with an RngLib
9e1c84
        dependency.
9e1c84
9e1c84
      This means that the list of required, actual OpenSSL source files
9e1c84
      has not changed in upstream edk2 since our downstream edk2 commit
9e1c84
      e81751a1c303.
9e1c84
9e1c84
  (2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),
9e1c84
      downstream edk2's OpenSSL dependency was satisfied with RHEL-8
9e1c84
      OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be
9e1c84
      shipped in RHEL-8.3.0.z", 2020-10-23).
9e1c84
9e1c84
      Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced
9e1c84
      (fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",
9e1c84
      2021-05-25), which is the current head of the rhel-8.5.0 branch.
9e1c84
      (See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)
9e1c84
9e1c84
      At both dist-git bdd048e929dc and dist-git a75722161d20, I built the
9e1c84
      respective RHEL-8 OpenSSL *source* RPM, and prepped the respective
9e1c84
      source tree, with "rpmbuild -bp". Subsequently I compared the
9e1c84
      prepped source trees recursively.
9e1c84
9e1c84
      - The following files disappeared:
9e1c84
9e1c84
        - 29 backup files created by "patch",
9e1c84
9e1c84
        - the assembly generator perl script called
9e1c84
          "ecp_nistz256-avx2.pl", which is not used during the build.
9e1c84
9e1c84
      - The following new files appeared:
9e1c84
9e1c84
        - 18 files directly or indirectly under the "test" subdirectory,
9e1c84
          which are not used during the build,
9e1c84
9e1c84
        - 5 backup files created by "patch",
9e1c84
9e1c84
        - 2 DCL scripts used when building OpenSSL on OpenVMS.
9e1c84
9e1c84
      This means that the total list of RHEL-8 OpenSSL source files has
9e1c84
      not changed in RHEL-8 OpenSSL dist-git since our downstream edk2
9e1c84
      commit 3e3fe5e62079.
9e1c84
9e1c84
  As a result, copy the "RHEL8-specific OpenSSL file list" sections
9e1c84
  verbatim from the INF files, at downstream commit e81751a1c303. (I used
9e1c84
  the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf
9e1c84
  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)
9e1c84
82dd91
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
82dd91
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
82dd91
82dd91
- "OpensslLib.inf":
82dd91
82dd91
  - Automatic leading context refresh against upstream commit c72ca4666886
82dd91
    ("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing
82dd91
    loop", 2020-03-10).
82dd91
82dd91
  - Manual trailing context refresh against upstream commit b49a6c8f80d9
82dd91
    ("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).
82dd91
82dd91
- "OpensslLibCrypto.inf":
82dd91
82dd91
  - Automatic leading context refresh against upstream commits
82dd91
    8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF
82dd91
    file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update
82dd91
    process_files.pl to generate .h files", 2019-10-30).
82dd91
63d87e
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
63d87e
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
63d87e
63d87e
- new patch
63d87e
63d87e
The downstream changes in RHEL8's OpenSSL package, for example in
63d87e
"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
63d87e
preexistent code into those new files. In order to avoid undefined
63d87e
references in link editing, we have to list the new files.
63d87e
63d87e
Note: "process_files.pl" is not re-run at this time manually, because
63d87e
63d87e
(a) "process_files.pl" would pollute the file list (and some of the
63d87e
    auto-generated header files) with RHEL8-specific FIPS artifacts, which
63d87e
    are explicitly unwanted in edk2,
63d87e
63d87e
(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
63d87e
    of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
63d87e
    and will help with future changes too.
63d87e
63d87e
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
82dd91
(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
9e1c84
(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)
63d87e
---
63d87e
 CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 11 +++++++++++
63d87e
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
63d87e
 2 files changed, 22 insertions(+)
63d87e
63d87e
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
ea838b
index d84bde056a..19913a4ac6 100644
63d87e
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
63d87e
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
82dd91
@@ -570,6 +570,17 @@
82dd91
   $(OPENSSL_PATH)/ssl/statem/statem.h
9e1c84
   $(OPENSSL_PATH)/ssl/statem/statem_local.h
63d87e
 # Autogenerated files list ends here
63d87e
+# RHEL8-specific OpenSSL file list starts here
63d87e
+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
63d87e
+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
63d87e
+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
63d87e
+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
63d87e
+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
63d87e
+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
63d87e
+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
63d87e
+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
63d87e
+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
63d87e
+# RHEL8-specific OpenSSL file list ends here
82dd91
   buildinf.h
63d87e
   ossl_store.c
9e1c84
   rand_pool.c
63d87e
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
ea838b
index cdeed0d073..5057857e8d 100644
63d87e
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
63d87e
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
82dd91
@@ -519,6 +519,17 @@
82dd91
   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
82dd91
   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
63d87e
 # Autogenerated files list ends here
63d87e
+# RHEL8-specific OpenSSL file list starts here
63d87e
+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
63d87e
+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
63d87e
+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
63d87e
+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
63d87e
+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
63d87e
+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
63d87e
+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
63d87e
+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
63d87e
+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
63d87e
+# RHEL8-specific OpenSSL file list ends here
63d87e
   buildinf.h
63d87e
   ossl_store.c
9e1c84
   rand_pool.c
63d87e
-- 
9e1c84
2.27.0
63d87e