render / rpms / edk2

Forked from rpms/edk2 2 months ago
Clone
Blob Blame History Raw
From 724b271c0cb45063c3cbe230031091186f623ba8 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sat, 16 Nov 2019 17:11:27 +0100
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
 (RH)

Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:

- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257

- Recreate the patch based on downstream commits:

  - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
                  in the INFs (RH)", 2020-06-05),
  - e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",
                  2020-11-23),
  - 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /
                  RHEL-8.4", 2020-11-23).

  (1) At e81751a1c303, downstream edk2 was in sync with upstream edk2
      consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2
      ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).

      Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF
      files, namely

      - CryptoPkg/Library/OpensslLib/OpensslLib.inf
      - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf

      in the following commits only:

      - be01087e0780 ("CryptoPkg/Library: Remove the redundant build
        option", 2020-08-12), which did not affect the source file list at
        all,

      - b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate
        entropy in rand_pool", 2020-09-18), which replaced some of the
        *edk2-specific* "rand_pool_noise" source files with an RngLib
        dependency.

      This means that the list of required, actual OpenSSL source files
      has not changed in upstream edk2 since our downstream edk2 commit
      e81751a1c303.

  (2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),
      downstream edk2's OpenSSL dependency was satisfied with RHEL-8
      OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be
      shipped in RHEL-8.3.0.z", 2020-10-23).

      Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced
      (fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",
      2021-05-25), which is the current head of the rhel-8.5.0 branch.
      (See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)

      At both dist-git bdd048e929dc and dist-git a75722161d20, I built the
      respective RHEL-8 OpenSSL *source* RPM, and prepped the respective
      source tree, with "rpmbuild -bp". Subsequently I compared the
      prepped source trees recursively.

      - The following files disappeared:

        - 29 backup files created by "patch",

        - the assembly generator perl script called
          "ecp_nistz256-avx2.pl", which is not used during the build.

      - The following new files appeared:

        - 18 files directly or indirectly under the "test" subdirectory,
          which are not used during the build,

        - 5 backup files created by "patch",

        - 2 DCL scripts used when building OpenSSL on OpenVMS.

      This means that the total list of RHEL-8 OpenSSL source files has
      not changed in RHEL-8 OpenSSL dist-git since our downstream edk2
      commit 3e3fe5e62079.

  As a result, copy the "RHEL8-specific OpenSSL file list" sections
  verbatim from the INF files, at downstream commit e81751a1c303. (I used
  the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf
  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)

Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:

- "OpensslLib.inf":

  - Automatic leading context refresh against upstream commit c72ca4666886
    ("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing
    loop", 2020-03-10).

  - Manual trailing context refresh against upstream commit b49a6c8f80d9
    ("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).

- "OpensslLibCrypto.inf":

  - Automatic leading context refresh against upstream commits
    8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF
    file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update
    process_files.pl to generate .h files", 2019-10-30).

Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:

- new patch

The downstream changes in RHEL8's OpenSSL package, for example in
"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
preexistent code into those new files. In order to avoid undefined
references in link editing, we have to list the new files.

Note: "process_files.pl" is not re-run at this time manually, because

(a) "process_files.pl" would pollute the file list (and some of the
    auto-generated header files) with RHEL8-specific FIPS artifacts, which
    are explicitly unwanted in edk2,

(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
    of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
    and will help with future changes too.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)
---
 CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 11 +++++++++++
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
 2 files changed, 22 insertions(+)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index c899b811b1..4a89dc82b6 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -620,6 +620,17 @@
   $(OPENSSL_PATH)/ssl/statem/statem.h
   $(OPENSSL_PATH)/ssl/statem/statem_local.h
 # Autogenerated files list ends here
+# RHEL8-specific OpenSSL file list starts here
+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
+# RHEL8-specific OpenSSL file list ends here
   buildinf.h
   ossl_store.c
   rand_pool.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 0ec3724541..f1cc0aaf9f 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -569,6 +569,17 @@
   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
 # Autogenerated files list ends here
+# RHEL8-specific OpenSSL file list starts here
+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
+# RHEL8-specific OpenSSL file list ends here
   buildinf.h
   ossl_store.c
   rand_pool.c
-- 
2.31.1