You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
180 lines
7.2 KiB
180 lines
7.2 KiB
9 months ago
|
From e0b349962f12a500afa449900a81440a96ca21f4 Mon Sep 17 00:00:00 2001
|
||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||
|
Date: Sat, 16 Nov 2019 17:11:27 +0100
|
||
|
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
|
||
|
(RH)
|
||
|
|
||
|
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||
|
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||
|
|
||
|
- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257
|
||
|
|
||
|
- Recreate the patch based on downstream commits:
|
||
|
|
||
|
- 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
|
||
|
in the INFs (RH)", 2020-06-05),
|
||
|
- e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",
|
||
|
2020-11-23),
|
||
|
- 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /
|
||
|
RHEL-8.4", 2020-11-23).
|
||
|
|
||
|
(1) At e81751a1c303, downstream edk2 was in sync with upstream edk2
|
||
|
consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2
|
||
|
("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).
|
||
|
|
||
|
Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF
|
||
|
files, namely
|
||
|
|
||
|
- CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||
|
- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||
|
|
||
|
in the following commits only:
|
||
|
|
||
|
- be01087e0780 ("CryptoPkg/Library: Remove the redundant build
|
||
|
option", 2020-08-12), which did not affect the source file list at
|
||
|
all,
|
||
|
|
||
|
- b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate
|
||
|
entropy in rand_pool", 2020-09-18), which replaced some of the
|
||
|
*edk2-specific* "rand_pool_noise" source files with an RngLib
|
||
|
dependency.
|
||
|
|
||
|
This means that the list of required, actual OpenSSL source files
|
||
|
has not changed in upstream edk2 since our downstream edk2 commit
|
||
|
e81751a1c303.
|
||
|
|
||
|
(2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),
|
||
|
downstream edk2's OpenSSL dependency was satisfied with RHEL-8
|
||
|
OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be
|
||
|
shipped in RHEL-8.3.0.z", 2020-10-23).
|
||
|
|
||
|
Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced
|
||
|
(fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",
|
||
|
2021-05-25), which is the current head of the rhel-8.5.0 branch.
|
||
|
(See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)
|
||
|
|
||
|
At both dist-git bdd048e929dc and dist-git a75722161d20, I built the
|
||
|
respective RHEL-8 OpenSSL *source* RPM, and prepped the respective
|
||
|
source tree, with "rpmbuild -bp". Subsequently I compared the
|
||
|
prepped source trees recursively.
|
||
|
|
||
|
- The following files disappeared:
|
||
|
|
||
|
- 29 backup files created by "patch",
|
||
|
|
||
|
- the assembly generator perl script called
|
||
|
"ecp_nistz256-avx2.pl", which is not used during the build.
|
||
|
|
||
|
- The following new files appeared:
|
||
|
|
||
|
- 18 files directly or indirectly under the "test" subdirectory,
|
||
|
which are not used during the build,
|
||
|
|
||
|
- 5 backup files created by "patch",
|
||
|
|
||
|
- 2 DCL scripts used when building OpenSSL on OpenVMS.
|
||
|
|
||
|
This means that the total list of RHEL-8 OpenSSL source files has
|
||
|
not changed in RHEL-8 OpenSSL dist-git since our downstream edk2
|
||
|
commit 3e3fe5e62079.
|
||
|
|
||
|
As a result, copy the "RHEL8-specific OpenSSL file list" sections
|
||
|
verbatim from the INF files, at downstream commit e81751a1c303. (I used
|
||
|
the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf
|
||
|
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)
|
||
|
|
||
|
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||
|
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||
|
|
||
|
- "OpensslLib.inf":
|
||
|
|
||
|
- Automatic leading context refresh against upstream commit c72ca4666886
|
||
|
("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing
|
||
|
loop", 2020-03-10).
|
||
|
|
||
|
- Manual trailing context refresh against upstream commit b49a6c8f80d9
|
||
|
("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).
|
||
|
|
||
|
- "OpensslLibCrypto.inf":
|
||
|
|
||
|
- Automatic leading context refresh against upstream commits
|
||
|
8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF
|
||
|
file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update
|
||
|
process_files.pl to generate .h files", 2019-10-30).
|
||
|
|
||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||
|
|
||
|
- new patch
|
||
|
|
||
|
The downstream changes in RHEL8's OpenSSL package, for example in
|
||
|
"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
|
||
|
preexistent code into those new files. In order to avoid undefined
|
||
|
references in link editing, we have to list the new files.
|
||
|
|
||
|
Note: "process_files.pl" is not re-run at this time manually, because
|
||
|
|
||
|
(a) "process_files.pl" would pollute the file list (and some of the
|
||
|
auto-generated header files) with RHEL8-specific FIPS artifacts, which
|
||
|
are explicitly unwanted in edk2,
|
||
|
|
||
|
(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
|
||
|
of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
|
||
|
and will help with future changes too.
|
||
|
|
||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||
|
(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
|
||
|
(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)
|
||
|
---
|
||
|
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 11 +++++++++++
|
||
|
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
|
||
|
2 files changed, 22 insertions(+)
|
||
|
|
||
|
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||
|
index d84bde056a..19913a4ac6 100644
|
||
|
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||
|
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||
|
@@ -570,6 +570,17 @@
|
||
|
$(OPENSSL_PATH)/ssl/statem/statem.h
|
||
|
$(OPENSSL_PATH)/ssl/statem/statem_local.h
|
||
|
# Autogenerated files list ends here
|
||
|
+# RHEL8-specific OpenSSL file list starts here
|
||
|
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
|
||
|
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
|
||
|
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
|
||
|
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
|
||
|
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
|
||
|
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
|
||
|
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
|
||
|
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
|
||
|
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
|
||
|
+# RHEL8-specific OpenSSL file list ends here
|
||
|
buildinf.h
|
||
|
ossl_store.c
|
||
|
rand_pool.c
|
||
|
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||
|
index cdeed0d073..5057857e8d 100644
|
||
|
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||
|
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||
|
@@ -519,6 +519,17 @@
|
||
|
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
|
||
|
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||
|
# Autogenerated files list ends here
|
||
|
+# RHEL8-specific OpenSSL file list starts here
|
||
|
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
|
||
|
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
|
||
|
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
|
||
|
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
|
||
|
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
|
||
|
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
|
||
|
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
|
||
|
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
|
||
|
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
|
||
|
+# RHEL8-specific OpenSSL file list ends here
|
||
|
buildinf.h
|
||
|
ossl_store.c
|
||
|
rand_pool.c
|
||
|
--
|
||
|
2.27.0
|
||
|
|