From 72c050576a41a14915f02a2c243cd41b22ad2384 Mon Sep 17 00:00:00 2001

From: Laszlo Ersek <lersek@redhat.com>

Date: Sat, 16 Nov 2019 17:11:27 +0100

Subject: [PATCH 12/17] CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files

 in the INFs (RH)

Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->

RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:

- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257

- Recreate the patch based on downstream commits:

  - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files

                  in the INFs (RH)", 2020-06-05),

  - e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",

                  2020-11-23),

  - 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /

                  RHEL-8.4", 2020-11-23).

  (1) At e81751a1c303, downstream edk2 was in sync with upstream edk2

      consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2

      ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).

      Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF

      files, namely

      - CryptoPkg/Library/OpensslLib/OpensslLib.inf

      - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf

      in the following commits only:

      - be01087e0780 ("CryptoPkg/Library: Remove the redundant build

        option", 2020-08-12), which did not affect the source file list at

        all,

      - b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate

        entropy in rand_pool", 2020-09-18), which replaced some of the

        *edk2-specific* "rand_pool_noise" source files with an RngLib

        dependency.

      This means that the list of required, actual OpenSSL source files

      has not changed in upstream edk2 since our downstream edk2 commit

      e81751a1c303.

  (2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),

      downstream edk2's OpenSSL dependency was satisfied with RHEL-8

      OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be

      shipped in RHEL-8.3.0.z", 2020-10-23).

      Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced

      (fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",

      2021-05-25), which is the current head of the rhel-8.5.0 branch.

      (See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)

      At both dist-git bdd048e929dc and dist-git a75722161d20, I built the

      respective RHEL-8 OpenSSL *source* RPM, and prepped the respective

      source tree, with "rpmbuild -bp". Subsequently I compared the

      prepped source trees recursively.

      - The following files disappeared:

        - 29 backup files created by "patch",

        - the assembly generator perl script called

          "ecp_nistz256-avx2.pl", which is not used during the build.

      - The following new files appeared:

        - 18 files directly or indirectly under the "test" subdirectory,

          which are not used during the build,

        - 5 backup files created by "patch",

        - 2 DCL scripts used when building OpenSSL on OpenVMS.

      This means that the total list of RHEL-8 OpenSSL source files has

      not changed in RHEL-8 OpenSSL dist-git since our downstream edk2

      commit 3e3fe5e62079.

  As a result, copy the "RHEL8-specific OpenSSL file list" sections

  verbatim from the INF files, at downstream commit e81751a1c303. (I used

  the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf

  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)

Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->

RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:

- "OpensslLib.inf":

  - Automatic leading context refresh against upstream commit c72ca4666886

    ("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing

    loop", 2020-03-10).

  - Manual trailing context refresh against upstream commit b49a6c8f80d9

    ("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).

- "OpensslLibCrypto.inf":

  - Automatic leading context refresh against upstream commits

    8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF

    file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update

    process_files.pl to generate .h files", 2019-10-30).

Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->

RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:

- new patch

The downstream changes in RHEL8's OpenSSL package, for example in

"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some

preexistent code into those new files. In order to avoid undefined

references in link editing, we have to list the new files.

Note: "process_files.pl" is not re-run at this time manually, because

(a) "process_files.pl" would pollute the file list (and some of the

    auto-generated header files) with RHEL8-specific FIPS artifacts, which

    are explicitly unwanted in edk2,

(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set

    of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,

    and will help with future changes too.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>

(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)

(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)

---

 CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 11 +++++++++++

 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++

 2 files changed, 22 insertions(+)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf

index 60c6c24b0a67..e446b51e66cd 100644

--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf

+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf

@@ -575,6 +575,17 @@ [Sources]

   $(OPENSSL_PATH)/ssl/statem/statem.h

   $(OPENSSL_PATH)/ssl/statem/statem_local.h

 # Autogenerated files list ends here

+# RHEL8-specific OpenSSL file list starts here

+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c

+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c

+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c

+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h

+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c

+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c

+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c

+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c

+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c

+# RHEL8-specific OpenSSL file list ends here

   buildinf.h

   ossl_store.c

   rand_pool.c

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf

index c4eaea888c1a..c207dc8f4cfd 100644

--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf

+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf

@@ -525,6 +525,17 @@ [Sources]

   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h

   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h

 # Autogenerated files list ends here

+# RHEL8-specific OpenSSL file list starts here

+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c

+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c

+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c

+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h

+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c

+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c

+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c

+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c

+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c

+# RHEL8-specific OpenSSL file list ends here

   buildinf.h

   ossl_store.c

   rand_pool.c

-- 

2.38.1