edk2/0012-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
Camilla Conte 0bde85a20e * Thu Dec 15 2022 Camilla Conte <cconte@redhat.com> - 20221207gitfff6d81270b5-1
- Rebase to edk2-stable202211 tag
  Resolves: RHEL-119
  (rebase edk2 to edk2-stable202211)
- Resolves: RHEL-75
  (edk2 builds should show the build version)
- Resolves: bz#2132951
  (edk2: Sort traditional virtualization builds before Confidential Computing builds)
2022-12-15 12:45:35 +00:00

180 lines
7.2 KiB
Diff

From 87d4b94d2ea1896dec43a6e70feeae1aef7a4ce2 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sat, 16 Nov 2019 17:11:27 +0100
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
(RH)
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257
- Recreate the patch based on downstream commits:
- 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
in the INFs (RH)", 2020-06-05),
- e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",
2020-11-23),
- 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /
RHEL-8.4", 2020-11-23).
(1) At e81751a1c303, downstream edk2 was in sync with upstream edk2
consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2
("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).
Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF
files, namely
- CryptoPkg/Library/OpensslLib/OpensslLib.inf
- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
in the following commits only:
- be01087e0780 ("CryptoPkg/Library: Remove the redundant build
option", 2020-08-12), which did not affect the source file list at
all,
- b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate
entropy in rand_pool", 2020-09-18), which replaced some of the
*edk2-specific* "rand_pool_noise" source files with an RngLib
dependency.
This means that the list of required, actual OpenSSL source files
has not changed in upstream edk2 since our downstream edk2 commit
e81751a1c303.
(2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),
downstream edk2's OpenSSL dependency was satisfied with RHEL-8
OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be
shipped in RHEL-8.3.0.z", 2020-10-23).
Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced
(fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",
2021-05-25), which is the current head of the rhel-8.5.0 branch.
(See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)
At both dist-git bdd048e929dc and dist-git a75722161d20, I built the
respective RHEL-8 OpenSSL *source* RPM, and prepped the respective
source tree, with "rpmbuild -bp". Subsequently I compared the
prepped source trees recursively.
- The following files disappeared:
- 29 backup files created by "patch",
- the assembly generator perl script called
"ecp_nistz256-avx2.pl", which is not used during the build.
- The following new files appeared:
- 18 files directly or indirectly under the "test" subdirectory,
which are not used during the build,
- 5 backup files created by "patch",
- 2 DCL scripts used when building OpenSSL on OpenVMS.
This means that the total list of RHEL-8 OpenSSL source files has
not changed in RHEL-8 OpenSSL dist-git since our downstream edk2
commit 3e3fe5e62079.
As a result, copy the "RHEL8-specific OpenSSL file list" sections
verbatim from the INF files, at downstream commit e81751a1c303. (I used
the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- "OpensslLib.inf":
- Automatic leading context refresh against upstream commit c72ca4666886
("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing
loop", 2020-03-10).
- Manual trailing context refresh against upstream commit b49a6c8f80d9
("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).
- "OpensslLibCrypto.inf":
- Automatic leading context refresh against upstream commits
8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF
file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update
process_files.pl to generate .h files", 2019-10-30).
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- new patch
The downstream changes in RHEL8's OpenSSL package, for example in
"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
preexistent code into those new files. In order to avoid undefined
references in link editing, we have to list the new files.
Note: "process_files.pl" is not re-run at this time manually, because
(a) "process_files.pl" would pollute the file list (and some of the
auto-generated header files) with RHEL8-specific FIPS artifacts, which
are explicitly unwanted in edk2,
(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
and will help with future changes too.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)
---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 11 +++++++++++
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
2 files changed, 22 insertions(+)
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 60c6c24b0a..e446b51e66 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -575,6 +575,17 @@
$(OPENSSL_PATH)/ssl/statem/statem.h
$(OPENSSL_PATH)/ssl/statem/statem_local.h
# Autogenerated files list ends here
+# RHEL8-specific OpenSSL file list starts here
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
+# RHEL8-specific OpenSSL file list ends here
buildinf.h
ossl_store.c
rand_pool.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index c4eaea888c..c207dc8f4c 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -525,6 +525,17 @@
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
# Autogenerated files list ends here
+# RHEL8-specific OpenSSL file list starts here
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
+# RHEL8-specific OpenSSL file list ends here
buildinf.h
ossl_store.c
rand_pool.c
--
2.38.1