From 25bb2c2ae96229dfe64663e8a4870063c3ece80e Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Sat, 16 Nov 2019 17:11:27 +0100 Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs (RH) Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: - Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257 - Recreate the patch based on downstream commits: - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs (RH)", 2020-06-05), - e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-11-23), - 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ / RHEL-8.4", 2020-11-23). (1) At e81751a1c303, downstream edk2 was in sync with upstream edk2 consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)). Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF files, namely - CryptoPkg/Library/OpensslLib/OpensslLib.inf - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf in the following commits only: - be01087e0780 ("CryptoPkg/Library: Remove the redundant build option", 2020-08-12), which did not affect the source file list at all, - b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool", 2020-09-18), which replaced some of the *edk2-specific* "rand_pool_noise" source files with an RngLib dependency. This means that the list of required, actual OpenSSL source files has not changed in upstream edk2 since our downstream edk2 commit e81751a1c303. (2) At commit 3e3fe5e62079 (the direct child of e81751a1c303), downstream edk2's OpenSSL dependency was satisfied with RHEL-8 OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be shipped in RHEL-8.3.0.z", 2020-10-23). Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced (fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k", 2021-05-25), which is the current head of the rhel-8.5.0 branch. (See also .) At both dist-git bdd048e929dc and dist-git a75722161d20, I built the respective RHEL-8 OpenSSL *source* RPM, and prepped the respective source tree, with "rpmbuild -bp". Subsequently I compared the prepped source trees recursively. - The following files disappeared: - 29 backup files created by "patch", - the assembly generator perl script called "ecp_nistz256-avx2.pl", which is not used during the build. - The following new files appeared: - 18 files directly or indirectly under the "test" subdirectory, which are not used during the build, - 5 backup files created by "patch", - 2 DCL scripts used when building OpenSSL on OpenVMS. This means that the total list of RHEL-8 OpenSSL source files has not changed in RHEL-8 OpenSSL dist-git since our downstream edk2 commit 3e3fe5e62079. As a result, copy the "RHEL8-specific OpenSSL file list" sections verbatim from the INF files, at downstream commit e81751a1c303. (I used the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.) Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: - "OpensslLib.inf": - Automatic leading context refresh against upstream commit c72ca4666886 ("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing loop", 2020-03-10). - Manual trailing context refresh against upstream commit b49a6c8f80d9 ("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02). - "OpensslLibCrypto.inf": - Automatic leading context refresh against upstream commits 8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update process_files.pl to generate .h files", 2019-10-30). Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: - new patch The downstream changes in RHEL8's OpenSSL package, for example in "openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some preexistent code into those new files. In order to avoid undefined references in link editing, we have to list the new files. Note: "process_files.pl" is not re-run at this time manually, because (a) "process_files.pl" would pollute the file list (and some of the auto-generated header files) with RHEL8-specific FIPS artifacts, which are explicitly unwanted in edk2, (b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set of files in , and will help with future changes too. Signed-off-by: Laszlo Ersek (cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40) (cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995) --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 11 +++++++++++ CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++ 2 files changed, 22 insertions(+) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index d84bde056a..19913a4ac6 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -570,6 +570,17 @@ $(OPENSSL_PATH)/ssl/statem/statem.h $(OPENSSL_PATH)/ssl/statem/statem_local.h # Autogenerated files list ends here +# RHEL8-specific OpenSSL file list starts here + $(OPENSSL_PATH)/crypto/evp/kdf_lib.c + $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c + $(OPENSSL_PATH)/crypto/kdf/kbkdf.c + $(OPENSSL_PATH)/crypto/kdf/kdf_local.h + $(OPENSSL_PATH)/crypto/kdf/kdf_util.c + $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c + $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c + $(OPENSSL_PATH)/crypto/kdf/sshkdf.c + $(OPENSSL_PATH)/crypto/kdf/sskdf.c +# RHEL8-specific OpenSSL file list ends here buildinf.h ossl_store.c rand_pool.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf index cdeed0d073..5057857e8d 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -519,6 +519,17 @@ $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h # Autogenerated files list ends here +# RHEL8-specific OpenSSL file list starts here + $(OPENSSL_PATH)/crypto/evp/kdf_lib.c + $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c + $(OPENSSL_PATH)/crypto/kdf/kbkdf.c + $(OPENSSL_PATH)/crypto/kdf/kdf_local.h + $(OPENSSL_PATH)/crypto/kdf/kdf_util.c + $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c + $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c + $(OPENSSL_PATH)/crypto/kdf/sshkdf.c + $(OPENSSL_PATH)/crypto/kdf/sskdf.c +# RHEL8-specific OpenSSL file list ends here buildinf.h ossl_store.c rand_pool.c -- 2.31.1