From dc0e1f27f51c425966dadb3a7c5d45f7658b34b6 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Wed, 14 May 2025 12:54:07 +0200
Subject: [PATCH] Fix UEFI builds

Resolves: RHEL-89137
---
 ...ypto-disable-OSSL_PARAM_REAL-on-UEFI.patch | 58 +++++++++++++++
 0056-hashfunc-add-stddef.h-include.patch      | 36 +++++++++
 0057-rio-add-RIO_POLL_METHOD_NONE.patch       | 73 +++++++++++++++++++
 openssl.spec                                  |  6 ++
 4 files changed, 173 insertions(+)
 create mode 100644 0055-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch
 create mode 100644 0056-hashfunc-add-stddef.h-include.patch
 create mode 100644 0057-rio-add-RIO_POLL_METHOD_NONE.patch

diff --git a/0055-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch b/0055-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch
new file mode 100644
index 0000000..4a91c03
--- /dev/null
+++ b/0055-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch
@@ -0,0 +1,58 @@
+From 54eabd5b18433a4d624904193c7148e92cb3c9b0 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 7 Apr 2025 12:58:54 +0200
+Subject: [PATCH 55/57] crypto: disable OSSL_PARAM_REAL on UEFI
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Floating point types like double can't be used on UEFI.
+Fix build on UEFI by disabling the OSSL_PARAM_REAL branch.
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Reviewed-by: Saša Nedvědický <sashan@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/27284)
+---
+ crypto/params_from_text.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/params_from_text.c b/crypto/params_from_text.c
+index 7532d4d439..fb25400dc1 100644
+--- a/crypto/params_from_text.c
++++ b/crypto/params_from_text.c
+@@ -220,9 +220,9 @@ int OSSL_PARAM_print_to_bio(const OSSL_PARAM *p, BIO *bio, int print_values)
+     BIGNUM *bn;
+ #ifndef OPENSSL_SYS_UEFI
+     double d;
++    int dok;
+ #endif
+     int ok = -1;
+-    int dok;
+ 
+     /*
+      * Iterate through each key in the array printing its key and value
+@@ -280,16 +280,16 @@ int OSSL_PARAM_print_to_bio(const OSSL_PARAM *p, BIO *bio, int print_values)
+         case OSSL_PARAM_OCTET_STRING:
+             ok = BIO_dump(bio, (char *)p->data, p->data_size);
+             break;
++#ifndef OPENSSL_SYS_UEFI
+         case OSSL_PARAM_REAL:
+             dok = 0;
+-#ifndef OPENSSL_SYS_UEFI
+             dok = OSSL_PARAM_get_double(p, &d);
+-#endif
+             if (dok == 1)
+                 ok = BIO_printf(bio, "%f\n", d);
+             else
+                 ok = BIO_printf(bio, "error getting value\n");
+             break;
++#endif
+         default:
+             ok = BIO_printf(bio, "unknown type (%u) of %zu bytes\n",
+                             p->data_type, p->data_size);
+-- 
+2.49.0
+
diff --git a/0056-hashfunc-add-stddef.h-include.patch b/0056-hashfunc-add-stddef.h-include.patch
new file mode 100644
index 0000000..6873b27
--- /dev/null
+++ b/0056-hashfunc-add-stddef.h-include.patch
@@ -0,0 +1,36 @@
+From b2770d12f3225982813bdc3fece7b541d0974793 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 7 Apr 2025 13:29:36 +0200
+Subject: [PATCH 56/57] hashfunc: add stddef.h include
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+size_t is declared in stddef.h, so include the header file to
+make sure it is available.  Fixes build on UEFI.
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Reviewed-by: Saša Nedvědický <sashan@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/27284)
+---
+ include/internal/hashfunc.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/include/internal/hashfunc.h b/include/internal/hashfunc.h
+index cabc7beed4..fae8a275fa 100644
+--- a/include/internal/hashfunc.h
++++ b/include/internal/hashfunc.h
+@@ -11,6 +11,7 @@
+ # define OPENSSL_HASHFUNC_H
+ 
+ # include <openssl/e_os2.h>
++# include <stddef.h>
+ /**
+  * Generalized fnv1a 64 bit hash function
+  */
+-- 
+2.49.0
+
diff --git a/0057-rio-add-RIO_POLL_METHOD_NONE.patch b/0057-rio-add-RIO_POLL_METHOD_NONE.patch
new file mode 100644
index 0000000..dca288b
--- /dev/null
+++ b/0057-rio-add-RIO_POLL_METHOD_NONE.patch
@@ -0,0 +1,73 @@
+From 48a4ffa48905d76b5bca24252de9697bb1a3ea86 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 7 Apr 2025 14:06:28 +0200
+Subject: [PATCH 57/57] rio: add RIO_POLL_METHOD_NONE
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes build on UEFI.
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Reviewed-by: Saša Nedvědický <sashan@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/27284)
+---
+ ssl/rio/poll_builder.c | 4 +++-
+ ssl/rio/poll_builder.h | 4 +++-
+ ssl/rio/poll_method.h  | 5 ++++-
+ 3 files changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/ssl/rio/poll_builder.c b/ssl/rio/poll_builder.c
+index 007e360d87..3cfbe3b0ac 100644
+--- a/ssl/rio/poll_builder.c
++++ b/ssl/rio/poll_builder.c
+@@ -16,7 +16,9 @@ OSSL_SAFE_MATH_UNSIGNED(size_t, size_t)
+ 
+ int ossl_rio_poll_builder_init(RIO_POLL_BUILDER *rpb)
+ {
+-#if RIO_POLL_METHOD == RIO_POLL_METHOD_SELECT
++#if RIO_POLL_METHOD == RIO_POLL_METHOD_NONE
++    return 0;
++#elif RIO_POLL_METHOD == RIO_POLL_METHOD_SELECT
+     FD_ZERO(&rpb->rfd);
+     FD_ZERO(&rpb->wfd);
+     FD_ZERO(&rpb->efd);
+diff --git a/ssl/rio/poll_builder.h b/ssl/rio/poll_builder.h
+index ffc9bbf9fc..985e4713b2 100644
+--- a/ssl/rio/poll_builder.h
++++ b/ssl/rio/poll_builder.h
+@@ -23,7 +23,9 @@
+  * FDs.
+  */
+ typedef struct rio_poll_builder_st {
+-# if RIO_POLL_METHOD == RIO_POLL_METHOD_SELECT
++# if RIO_POLL_METHOD == RIO_POLL_METHOD_NONE
++    /* nothing */;
++# elif RIO_POLL_METHOD == RIO_POLL_METHOD_SELECT
+     fd_set          rfd, wfd, efd;
+     int             hwm_fd;
+ # elif RIO_POLL_METHOD == RIO_POLL_METHOD_POLL
+diff --git a/ssl/rio/poll_method.h b/ssl/rio/poll_method.h
+index 9a6de89270..d5af8663c2 100644
+--- a/ssl/rio/poll_method.h
++++ b/ssl/rio/poll_method.h
+@@ -14,9 +14,12 @@
+ 
+ # define RIO_POLL_METHOD_SELECT         1
+ # define RIO_POLL_METHOD_POLL           2
++# define RIO_POLL_METHOD_NONE           3
+ 
+ # ifndef RIO_POLL_METHOD
+-#  if !defined(OPENSSL_SYS_WINDOWS) && defined(POLLIN)
++#  if defined(OPENSSL_SYS_UEFI)
++#   define RIO_POLL_METHOD              RIO_POLL_METHOD_NONE
++#  elif !defined(OPENSSL_SYS_WINDOWS) && defined(POLLIN)
+ #   define RIO_POLL_METHOD              RIO_POLL_METHOD_POLL
+ #  else
+ #   define RIO_POLL_METHOD              RIO_POLL_METHOD_SELECT
+-- 
+2.49.0
+
diff --git a/openssl.spec b/openssl.spec
index 6f4a52f..8ec8058 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -94,6 +94,10 @@ Patch0051: 0051-Make-openssl-speed-run-in-FIPS-mode.patch
 Patch0052: 0052-Fixup-forbid-SHA1.patch
 Patch0053: 0053-Backport-upstream-27483-for-PKCS11-needs.patch
 Patch0054: 0054-Red-Hat-9-FIPS-indicator-defines.patch
+Patch0055: 0055-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch
+Patch0056: 0056-hashfunc-add-stddef.h-include.patch
+Patch0057: 0057-rio-add-RIO_POLL_METHOD_NONE.patch
+
 
 License: Apache-2.0
 URL: http://www.openssl.org/
@@ -443,6 +447,8 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
   Resolves: RHEL-88906
 - Enable sslkeylog support
   Resolves: RHEL-90853
+- Fix UEFI builds
+  Resolves: RHEL-89137
 
 * Thu Apr 17 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-2
 - Update depencency on crypto-policies