|
|
ea838b |
From e0b349962f12a500afa449900a81440a96ca21f4 Mon Sep 17 00:00:00 2001
|
|
|
63d87e |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
63d87e |
Date: Sat, 16 Nov 2019 17:11:27 +0100
|
|
|
63d87e |
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
|
|
|
63d87e |
(RH)
|
|
|
63d87e |
|
|
|
9e1c84 |
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
|
|
9e1c84 |
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
|
|
9e1c84 |
|
|
|
9e1c84 |
- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257
|
|
|
9e1c84 |
|
|
|
9e1c84 |
- Recreate the patch based on downstream commits:
|
|
|
9e1c84 |
|
|
|
9e1c84 |
- 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
|
|
|
9e1c84 |
in the INFs (RH)", 2020-06-05),
|
|
|
9e1c84 |
- e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",
|
|
|
9e1c84 |
2020-11-23),
|
|
|
9e1c84 |
- 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /
|
|
|
9e1c84 |
RHEL-8.4", 2020-11-23).
|
|
|
9e1c84 |
|
|
|
9e1c84 |
(1) At e81751a1c303, downstream edk2 was in sync with upstream edk2
|
|
|
9e1c84 |
consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2
|
|
|
9e1c84 |
("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).
|
|
|
9e1c84 |
|
|
|
9e1c84 |
Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF
|
|
|
9e1c84 |
files, namely
|
|
|
9e1c84 |
|
|
|
9e1c84 |
- CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
|
|
9e1c84 |
- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
|
|
9e1c84 |
|
|
|
9e1c84 |
in the following commits only:
|
|
|
9e1c84 |
|
|
|
9e1c84 |
- be01087e0780 ("CryptoPkg/Library: Remove the redundant build
|
|
|
9e1c84 |
option", 2020-08-12), which did not affect the source file list at
|
|
|
9e1c84 |
all,
|
|
|
9e1c84 |
|
|
|
9e1c84 |
- b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate
|
|
|
9e1c84 |
entropy in rand_pool", 2020-09-18), which replaced some of the
|
|
|
9e1c84 |
*edk2-specific* "rand_pool_noise" source files with an RngLib
|
|
|
9e1c84 |
dependency.
|
|
|
9e1c84 |
|
|
|
9e1c84 |
This means that the list of required, actual OpenSSL source files
|
|
|
9e1c84 |
has not changed in upstream edk2 since our downstream edk2 commit
|
|
|
9e1c84 |
e81751a1c303.
|
|
|
9e1c84 |
|
|
|
9e1c84 |
(2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),
|
|
|
9e1c84 |
downstream edk2's OpenSSL dependency was satisfied with RHEL-8
|
|
|
9e1c84 |
OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be
|
|
|
9e1c84 |
shipped in RHEL-8.3.0.z", 2020-10-23).
|
|
|
9e1c84 |
|
|
|
9e1c84 |
Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced
|
|
|
9e1c84 |
(fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",
|
|
|
9e1c84 |
2021-05-25), which is the current head of the rhel-8.5.0 branch.
|
|
|
9e1c84 |
(See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)
|
|
|
9e1c84 |
|
|
|
9e1c84 |
At both dist-git bdd048e929dc and dist-git a75722161d20, I built the
|
|
|
9e1c84 |
respective RHEL-8 OpenSSL *source* RPM, and prepped the respective
|
|
|
9e1c84 |
source tree, with "rpmbuild -bp". Subsequently I compared the
|
|
|
9e1c84 |
prepped source trees recursively.
|
|
|
9e1c84 |
|
|
|
9e1c84 |
- The following files disappeared:
|
|
|
9e1c84 |
|
|
|
9e1c84 |
- 29 backup files created by "patch",
|
|
|
9e1c84 |
|
|
|
9e1c84 |
- the assembly generator perl script called
|
|
|
9e1c84 |
"ecp_nistz256-avx2.pl", which is not used during the build.
|
|
|
9e1c84 |
|
|
|
9e1c84 |
- The following new files appeared:
|
|
|
9e1c84 |
|
|
|
9e1c84 |
- 18 files directly or indirectly under the "test" subdirectory,
|
|
|
9e1c84 |
which are not used during the build,
|
|
|
9e1c84 |
|
|
|
9e1c84 |
- 5 backup files created by "patch",
|
|
|
9e1c84 |
|
|
|
9e1c84 |
- 2 DCL scripts used when building OpenSSL on OpenVMS.
|
|
|
9e1c84 |
|
|
|
9e1c84 |
This means that the total list of RHEL-8 OpenSSL source files has
|
|
|
9e1c84 |
not changed in RHEL-8 OpenSSL dist-git since our downstream edk2
|
|
|
9e1c84 |
commit 3e3fe5e62079.
|
|
|
9e1c84 |
|
|
|
9e1c84 |
As a result, copy the "RHEL8-specific OpenSSL file list" sections
|
|
|
9e1c84 |
verbatim from the INF files, at downstream commit e81751a1c303. (I used
|
|
|
9e1c84 |
the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf
|
|
|
9e1c84 |
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)
|
|
|
9e1c84 |
|
|
|
82dd91 |
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
|
|
82dd91 |
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
|
|
82dd91 |
|
|
|
82dd91 |
- "OpensslLib.inf":
|
|
|
82dd91 |
|
|
|
82dd91 |
- Automatic leading context refresh against upstream commit c72ca4666886
|
|
|
82dd91 |
("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing
|
|
|
82dd91 |
loop", 2020-03-10).
|
|
|
82dd91 |
|
|
|
82dd91 |
- Manual trailing context refresh against upstream commit b49a6c8f80d9
|
|
|
82dd91 |
("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).
|
|
|
82dd91 |
|
|
|
82dd91 |
- "OpensslLibCrypto.inf":
|
|
|
82dd91 |
|
|
|
82dd91 |
- Automatic leading context refresh against upstream commits
|
|
|
82dd91 |
8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF
|
|
|
82dd91 |
file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update
|
|
|
82dd91 |
process_files.pl to generate .h files", 2019-10-30).
|
|
|
82dd91 |
|
|
|
63d87e |
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
|
|
63d87e |
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
|
|
63d87e |
|
|
|
63d87e |
- new patch
|
|
|
63d87e |
|
|
|
63d87e |
The downstream changes in RHEL8's OpenSSL package, for example in
|
|
|
63d87e |
"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
|
|
|
63d87e |
preexistent code into those new files. In order to avoid undefined
|
|
|
63d87e |
references in link editing, we have to list the new files.
|
|
|
63d87e |
|
|
|
63d87e |
Note: "process_files.pl" is not re-run at this time manually, because
|
|
|
63d87e |
|
|
|
63d87e |
(a) "process_files.pl" would pollute the file list (and some of the
|
|
|
63d87e |
auto-generated header files) with RHEL8-specific FIPS artifacts, which
|
|
|
63d87e |
are explicitly unwanted in edk2,
|
|
|
63d87e |
|
|
|
63d87e |
(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
|
|
|
63d87e |
of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
|
|
|
63d87e |
and will help with future changes too.
|
|
|
63d87e |
|
|
|
63d87e |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
82dd91 |
(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
|
|
|
9e1c84 |
(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)
|
|
|
63d87e |
---
|
|
|
63d87e |
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 11 +++++++++++
|
|
|
63d87e |
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
|
|
|
63d87e |
2 files changed, 22 insertions(+)
|
|
|
63d87e |
|
|
|
63d87e |
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
|
|
ea838b |
index d84bde056a..19913a4ac6 100644
|
|
|
63d87e |
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
|
|
63d87e |
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
|
|
82dd91 |
@@ -570,6 +570,17 @@
|
|
|
82dd91 |
$(OPENSSL_PATH)/ssl/statem/statem.h
|
|
|
9e1c84 |
$(OPENSSL_PATH)/ssl/statem/statem_local.h
|
|
|
63d87e |
# Autogenerated files list ends here
|
|
|
63d87e |
+# RHEL8-specific OpenSSL file list starts here
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
|
|
|
63d87e |
+# RHEL8-specific OpenSSL file list ends here
|
|
|
82dd91 |
buildinf.h
|
|
|
63d87e |
ossl_store.c
|
|
|
9e1c84 |
rand_pool.c
|
|
|
63d87e |
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
|
|
ea838b |
index cdeed0d073..5057857e8d 100644
|
|
|
63d87e |
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
|
|
63d87e |
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
|
|
82dd91 |
@@ -519,6 +519,17 @@
|
|
|
82dd91 |
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
|
|
|
82dd91 |
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
|
|
63d87e |
# Autogenerated files list ends here
|
|
|
63d87e |
+# RHEL8-specific OpenSSL file list starts here
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
|
|
|
63d87e |
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
|
|
|
63d87e |
+# RHEL8-specific OpenSSL file list ends here
|
|
|
63d87e |
buildinf.h
|
|
|
63d87e |
ossl_store.c
|
|
|
9e1c84 |
rand_pool.c
|
|
|
63d87e |
--
|
|
|
9e1c84 |
2.27.0
|
|
|
63d87e |
|