render / rpms / edk2

Forked from rpms/edk2 3 months ago
Clone

Blame SOURCES/0012-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch

8ff9b3
From 87d4b94d2ea1896dec43a6e70feeae1aef7a4ce2 Mon Sep 17 00:00:00 2001
7439a5
From: Laszlo Ersek <lersek@redhat.com>
7439a5
Date: Sat, 16 Nov 2019 17:11:27 +0100
7439a5
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
7439a5
 (RH)
7439a5
7439a5
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
7439a5
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
7439a5
7439a5
- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257
7439a5
7439a5
- Recreate the patch based on downstream commits:
7439a5
7439a5
  - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
7439a5
                  in the INFs (RH)", 2020-06-05),
7439a5
  - e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",
7439a5
                  2020-11-23),
7439a5
  - 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /
7439a5
                  RHEL-8.4", 2020-11-23).
7439a5
7439a5
  (1) At e81751a1c303, downstream edk2 was in sync with upstream edk2
7439a5
      consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2
7439a5
      ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).
7439a5
7439a5
      Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF
7439a5
      files, namely
7439a5
7439a5
      - CryptoPkg/Library/OpensslLib/OpensslLib.inf
7439a5
      - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
7439a5
7439a5
      in the following commits only:
7439a5
7439a5
      - be01087e0780 ("CryptoPkg/Library: Remove the redundant build
7439a5
        option", 2020-08-12), which did not affect the source file list at
7439a5
        all,
7439a5
7439a5
      - b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate
7439a5
        entropy in rand_pool", 2020-09-18), which replaced some of the
7439a5
        *edk2-specific* "rand_pool_noise" source files with an RngLib
7439a5
        dependency.
7439a5
7439a5
      This means that the list of required, actual OpenSSL source files
7439a5
      has not changed in upstream edk2 since our downstream edk2 commit
7439a5
      e81751a1c303.
7439a5
7439a5
  (2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),
7439a5
      downstream edk2's OpenSSL dependency was satisfied with RHEL-8
7439a5
      OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be
7439a5
      shipped in RHEL-8.3.0.z", 2020-10-23).
7439a5
7439a5
      Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced
7439a5
      (fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",
7439a5
      2021-05-25), which is the current head of the rhel-8.5.0 branch.
7439a5
      (See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)
7439a5
7439a5
      At both dist-git bdd048e929dc and dist-git a75722161d20, I built the
7439a5
      respective RHEL-8 OpenSSL *source* RPM, and prepped the respective
7439a5
      source tree, with "rpmbuild -bp". Subsequently I compared the
7439a5
      prepped source trees recursively.
7439a5
7439a5
      - The following files disappeared:
7439a5
7439a5
        - 29 backup files created by "patch",
7439a5
7439a5
        - the assembly generator perl script called
7439a5
          "ecp_nistz256-avx2.pl", which is not used during the build.
7439a5
7439a5
      - The following new files appeared:
7439a5
7439a5
        - 18 files directly or indirectly under the "test" subdirectory,
7439a5
          which are not used during the build,
7439a5
7439a5
        - 5 backup files created by "patch",
7439a5
7439a5
        - 2 DCL scripts used when building OpenSSL on OpenVMS.
7439a5
7439a5
      This means that the total list of RHEL-8 OpenSSL source files has
7439a5
      not changed in RHEL-8 OpenSSL dist-git since our downstream edk2
7439a5
      commit 3e3fe5e62079.
7439a5
7439a5
  As a result, copy the "RHEL8-specific OpenSSL file list" sections
7439a5
  verbatim from the INF files, at downstream commit e81751a1c303. (I used
7439a5
  the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf
7439a5
  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)
7439a5
7439a5
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
7439a5
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
7439a5
7439a5
- "OpensslLib.inf":
7439a5
7439a5
  - Automatic leading context refresh against upstream commit c72ca4666886
7439a5
    ("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing
7439a5
    loop", 2020-03-10).
7439a5
7439a5
  - Manual trailing context refresh against upstream commit b49a6c8f80d9
7439a5
    ("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).
7439a5
7439a5
- "OpensslLibCrypto.inf":
7439a5
7439a5
  - Automatic leading context refresh against upstream commits
7439a5
    8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF
7439a5
    file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update
7439a5
    process_files.pl to generate .h files", 2019-10-30).
7439a5
7439a5
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
7439a5
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
7439a5
7439a5
- new patch
7439a5
7439a5
The downstream changes in RHEL8's OpenSSL package, for example in
7439a5
"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
7439a5
preexistent code into those new files. In order to avoid undefined
7439a5
references in link editing, we have to list the new files.
7439a5
7439a5
Note: "process_files.pl" is not re-run at this time manually, because
7439a5
7439a5
(a) "process_files.pl" would pollute the file list (and some of the
7439a5
    auto-generated header files) with RHEL8-specific FIPS artifacts, which
7439a5
    are explicitly unwanted in edk2,
7439a5
7439a5
(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
7439a5
    of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
7439a5
    and will help with future changes too.
7439a5
7439a5
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
7439a5
(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
7439a5
(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)
7439a5
---
7439a5
 CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 11 +++++++++++
7439a5
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
7439a5
 2 files changed, 22 insertions(+)
7439a5
7439a5
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
8ff9b3
index 60c6c24b0a..e446b51e66 100644
7439a5
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
7439a5
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
8ff9b3
@@ -575,6 +575,17 @@
7439a5
   $(OPENSSL_PATH)/ssl/statem/statem.h
7439a5
   $(OPENSSL_PATH)/ssl/statem/statem_local.h
7439a5
 # Autogenerated files list ends here
7439a5
+# RHEL8-specific OpenSSL file list starts here
7439a5
+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
7439a5
+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
7439a5
+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
7439a5
+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
7439a5
+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
7439a5
+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
7439a5
+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
7439a5
+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
7439a5
+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
7439a5
+# RHEL8-specific OpenSSL file list ends here
7439a5
   buildinf.h
7439a5
   ossl_store.c
7439a5
   rand_pool.c
7439a5
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
8ff9b3
index c4eaea888c..c207dc8f4c 100644
7439a5
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
7439a5
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
8ff9b3
@@ -525,6 +525,17 @@
7439a5
   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
7439a5
   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
7439a5
 # Autogenerated files list ends here
7439a5
+# RHEL8-specific OpenSSL file list starts here
7439a5
+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
7439a5
+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
7439a5
+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
7439a5
+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
7439a5
+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
7439a5
+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
7439a5
+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
7439a5
+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
7439a5
+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
7439a5
+# RHEL8-specific OpenSSL file list ends here
7439a5
   buildinf.h
7439a5
   ossl_store.c
7439a5
   rand_pool.c
7439a5
-- 
8ff9b3
2.38.1
7439a5