Blame SOURCES/0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch

75d8e7
From 7e6632fecb119feaf6c34c794e72a8424792fd3f Mon Sep 17 00:00:00 2001
c4e3b2
From: Laszlo Ersek <lersek@redhat.com>
c4e3b2
Date: Sat, 16 Nov 2019 17:11:27 +0100
c4e3b2
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
c4e3b2
 (RH)
c4e3b2
c4e3b2
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
c4e3b2
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
c4e3b2
c4e3b2
- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257
c4e3b2
c4e3b2
- Recreate the patch based on downstream commits:
c4e3b2
c4e3b2
  - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
c4e3b2
                  in the INFs (RH)", 2020-06-05),
c4e3b2
  - e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",
c4e3b2
                  2020-11-23),
c4e3b2
  - 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /
c4e3b2
                  RHEL-8.4", 2020-11-23).
c4e3b2
c4e3b2
  (1) At e81751a1c303, downstream edk2 was in sync with upstream edk2
c4e3b2
      consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2
c4e3b2
      ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).
c4e3b2
c4e3b2
      Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF
c4e3b2
      files, namely
c4e3b2
c4e3b2
      - CryptoPkg/Library/OpensslLib/OpensslLib.inf
c4e3b2
      - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
c4e3b2
c4e3b2
      in the following commits only:
c4e3b2
c4e3b2
      - be01087e0780 ("CryptoPkg/Library: Remove the redundant build
c4e3b2
        option", 2020-08-12), which did not affect the source file list at
c4e3b2
        all,
c4e3b2
c4e3b2
      - b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate
c4e3b2
        entropy in rand_pool", 2020-09-18), which replaced some of the
c4e3b2
        *edk2-specific* "rand_pool_noise" source files with an RngLib
c4e3b2
        dependency.
c4e3b2
c4e3b2
      This means that the list of required, actual OpenSSL source files
c4e3b2
      has not changed in upstream edk2 since our downstream edk2 commit
c4e3b2
      e81751a1c303.
c4e3b2
c4e3b2
  (2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),
c4e3b2
      downstream edk2's OpenSSL dependency was satisfied with RHEL-8
c4e3b2
      OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be
c4e3b2
      shipped in RHEL-8.3.0.z", 2020-10-23).
c4e3b2
c4e3b2
      Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced
c4e3b2
      (fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",
c4e3b2
      2021-05-25), which is the current head of the rhel-8.5.0 branch.
c4e3b2
      (See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)
c4e3b2
c4e3b2
      At both dist-git bdd048e929dc and dist-git a75722161d20, I built the
c4e3b2
      respective RHEL-8 OpenSSL *source* RPM, and prepped the respective
c4e3b2
      source tree, with "rpmbuild -bp". Subsequently I compared the
c4e3b2
      prepped source trees recursively.
c4e3b2
c4e3b2
      - The following files disappeared:
c4e3b2
c4e3b2
        - 29 backup files created by "patch",
c4e3b2
c4e3b2
        - the assembly generator perl script called
c4e3b2
          "ecp_nistz256-avx2.pl", which is not used during the build.
c4e3b2
c4e3b2
      - The following new files appeared:
c4e3b2
c4e3b2
        - 18 files directly or indirectly under the "test" subdirectory,
c4e3b2
          which are not used during the build,
c4e3b2
c4e3b2
        - 5 backup files created by "patch",
c4e3b2
c4e3b2
        - 2 DCL scripts used when building OpenSSL on OpenVMS.
c4e3b2
c4e3b2
      This means that the total list of RHEL-8 OpenSSL source files has
c4e3b2
      not changed in RHEL-8 OpenSSL dist-git since our downstream edk2
c4e3b2
      commit 3e3fe5e62079.
c4e3b2
c4e3b2
  As a result, copy the "RHEL8-specific OpenSSL file list" sections
c4e3b2
  verbatim from the INF files, at downstream commit e81751a1c303. (I used
c4e3b2
  the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf
c4e3b2
  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)
c4e3b2
c4e3b2
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
c4e3b2
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
c4e3b2
c4e3b2
- "OpensslLib.inf":
c4e3b2
c4e3b2
  - Automatic leading context refresh against upstream commit c72ca4666886
c4e3b2
    ("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing
c4e3b2
    loop", 2020-03-10).
c4e3b2
c4e3b2
  - Manual trailing context refresh against upstream commit b49a6c8f80d9
c4e3b2
    ("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).
c4e3b2
c4e3b2
- "OpensslLibCrypto.inf":
c4e3b2
c4e3b2
  - Automatic leading context refresh against upstream commits
c4e3b2
    8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF
c4e3b2
    file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update
c4e3b2
    process_files.pl to generate .h files", 2019-10-30).
c4e3b2
c4e3b2
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
c4e3b2
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
c4e3b2
c4e3b2
- new patch
c4e3b2
c4e3b2
The downstream changes in RHEL8's OpenSSL package, for example in
c4e3b2
"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
c4e3b2
preexistent code into those new files. In order to avoid undefined
c4e3b2
references in link editing, we have to list the new files.
c4e3b2
c4e3b2
Note: "process_files.pl" is not re-run at this time manually, because
c4e3b2
c4e3b2
(a) "process_files.pl" would pollute the file list (and some of the
c4e3b2
    auto-generated header files) with RHEL8-specific FIPS artifacts, which
c4e3b2
    are explicitly unwanted in edk2,
c4e3b2
c4e3b2
(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
c4e3b2
    of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
c4e3b2
    and will help with future changes too.
c4e3b2
c4e3b2
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
c4e3b2
(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
c4e3b2
(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)
c4e3b2
---
c4e3b2
 CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 11 +++++++++++
c4e3b2
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
c4e3b2
 2 files changed, 22 insertions(+)
c4e3b2
c4e3b2
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
75d8e7
index d84bde056a..19913a4ac6 100644
c4e3b2
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
c4e3b2
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
c4e3b2
@@ -570,6 +570,17 @@
c4e3b2
   $(OPENSSL_PATH)/ssl/statem/statem.h
c4e3b2
   $(OPENSSL_PATH)/ssl/statem/statem_local.h
c4e3b2
 # Autogenerated files list ends here
c4e3b2
+# RHEL8-specific OpenSSL file list starts here
c4e3b2
+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
c4e3b2
+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
c4e3b2
+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
c4e3b2
+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
c4e3b2
+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
c4e3b2
+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
c4e3b2
+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
c4e3b2
+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
c4e3b2
+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
c4e3b2
+# RHEL8-specific OpenSSL file list ends here
c4e3b2
   buildinf.h
c4e3b2
   ossl_store.c
c4e3b2
   rand_pool.c
c4e3b2
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
75d8e7
index cdeed0d073..5057857e8d 100644
c4e3b2
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
c4e3b2
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
c4e3b2
@@ -519,6 +519,17 @@
c4e3b2
   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
c4e3b2
   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
c4e3b2
 # Autogenerated files list ends here
c4e3b2
+# RHEL8-specific OpenSSL file list starts here
c4e3b2
+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
c4e3b2
+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
c4e3b2
+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
c4e3b2
+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
c4e3b2
+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
c4e3b2
+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
c4e3b2
+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
c4e3b2
+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
c4e3b2
+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
c4e3b2
+# RHEL8-specific OpenSSL file list ends here
c4e3b2
   buildinf.h
c4e3b2
   ossl_store.c
c4e3b2
   rand_pool.c
c4e3b2
-- 
c4e3b2
2.27.0
c4e3b2