* [PATCH] Upgrade OpenSSL to 1.1.0j
@ 2018-12-19 3:02 Jian J Wang
2018-12-19 3:17 ` Wei, Gang
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Jian J Wang @ 2018-12-19 3:02 UTC (permalink / raw)
To: edk2-devel; +Cc: Ting Ye, Gang Wei
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1393
BZ#1089 (https://bugzilla.tianocore.org/show_bug.cgi?id=1089) requests
to upgrade the OpenSSL to the latest 1.1.1 release. Since OpenSSL-1.1.1
has many changes, more porting efforts and feature evaluation are needed.
This might lead to a situation that it cannot catch the Q1'19 stable tag.
One of the solution is upgrade current version (1.1.0h) to 1.1.0j.
According to following web page in openssl.org, all security issues
solved in 1.1.1 have been also back-ported to 1.1.0.j. This can make
sure that no security vulnerabilities left in edk2 master before 1.1.1.
https://www.openssl.org/news/vulnerabilities-1.1.1.html
Cc: Ting Ye <ting.ye@intel.com>
Cc: Gang Wei <gang.wei@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 1 +
.../Library/Include/openssl/opensslconf.h | 20 ++++++++++++-------
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 +++
.../Library/OpensslLib/OpensslLibCrypto.inf | 3 +++
CryptoPkg/Library/OpensslLib/openssl | 2 +-
CryptoPkg/Library/OpensslLib/process_files.pl | 0
6 files changed, 21 insertions(+), 8 deletions(-)
mode change 100644 => 100755 CryptoPkg/Library/OpensslLib/process_files.pl
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index a0334d628b..321abe4d4c 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -121,6 +121,7 @@
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
CryptoPkg/Library/TlsLib/TlsLib.inf
+ CryptoPkg/Library/OpensslLib/OpensslLib.inf
[Components.IA32, Components.X64]
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 1917d7ab24..28dd9ab93c 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated from include/openssl/opensslconf.h.in
*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -235,12 +235,18 @@ extern "C" {
* still won't see them if the library has been built to disable deprecated
* functions.
*/
-#if defined(OPENSSL_NO_DEPRECATED)
-# define DECLARE_DEPRECATED(f)
-#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
-# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
-#else
-# define DECLARE_DEPRECATED(f) f;
+#ifndef DECLARE_DEPRECATED
+# if defined(OPENSSL_NO_DEPRECATED)
+# define DECLARE_DEPRECATED(f)
+# else
+# define DECLARE_DEPRECATED(f) f;
+# ifdef __GNUC__
+# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+# undef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
+# endif
+# endif
+# endif
#endif
#ifndef OPENSSL_FILE
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 0300856cf2..6162d29143 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -175,6 +175,7 @@
$(OPENSSL_PATH)/crypto/conf/conf_mall.c
$(OPENSSL_PATH)/crypto/conf/conf_mod.c
$(OPENSSL_PATH)/crypto/conf/conf_sap.c
+ $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
$(OPENSSL_PATH)/crypto/cpt_err.c
$(OPENSSL_PATH)/crypto/cryptlib.c
$(OPENSSL_PATH)/crypto/cversion.c
@@ -281,6 +282,7 @@
$(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
$(OPENSSL_PATH)/crypto/evp/scrypt.c
$(OPENSSL_PATH)/crypto/ex_data.c
+ $(OPENSSL_PATH)/crypto/getenv.c
$(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
$(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
$(OPENSSL_PATH)/crypto/hmac/hmac.c
@@ -418,6 +420,7 @@
$(OPENSSL_PATH)/crypto/x509/x509_err.c
$(OPENSSL_PATH)/crypto/x509/x509_ext.c
$(OPENSSL_PATH)/crypto/x509/x509_lu.c
+ $(OPENSSL_PATH)/crypto/x509/x509_meth.c
$(OPENSSL_PATH)/crypto/x509/x509_obj.c
$(OPENSSL_PATH)/crypto/x509/x509_r2x.c
$(OPENSSL_PATH)/crypto/x509/x509_req.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 23be4e1e14..b04bf62b4e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -175,6 +175,7 @@
$(OPENSSL_PATH)/crypto/conf/conf_mall.c
$(OPENSSL_PATH)/crypto/conf/conf_mod.c
$(OPENSSL_PATH)/crypto/conf/conf_sap.c
+ $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
$(OPENSSL_PATH)/crypto/cpt_err.c
$(OPENSSL_PATH)/crypto/cryptlib.c
$(OPENSSL_PATH)/crypto/cversion.c
@@ -281,6 +282,7 @@
$(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
$(OPENSSL_PATH)/crypto/evp/scrypt.c
$(OPENSSL_PATH)/crypto/ex_data.c
+ $(OPENSSL_PATH)/crypto/getenv.c
$(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
$(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
$(OPENSSL_PATH)/crypto/hmac/hmac.c
@@ -418,6 +420,7 @@
$(OPENSSL_PATH)/crypto/x509/x509_err.c
$(OPENSSL_PATH)/crypto/x509/x509_ext.c
$(OPENSSL_PATH)/crypto/x509/x509_lu.c
+ $(OPENSSL_PATH)/crypto/x509/x509_meth.c
$(OPENSSL_PATH)/crypto/x509/x509_obj.c
$(OPENSSL_PATH)/crypto/x509/x509_r2x.c
$(OPENSSL_PATH)/crypto/x509/x509_req.c
diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl
index d4e4bd2a81..74f2d9c1ec 160000
--- a/CryptoPkg/Library/OpensslLib/openssl
+++ b/CryptoPkg/Library/OpensslLib/openssl
@@ -1 +1 @@
-Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7
+Subproject commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
old mode 100644
new mode 100755
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] Upgrade OpenSSL to 1.1.0j
2018-12-19 3:02 [PATCH] Upgrade OpenSSL to 1.1.0j Jian J Wang
@ 2018-12-19 3:17 ` Wei, Gang
2018-12-20 8:42 ` Ye, Ting
2018-12-21 2:19 ` Wang, Jian J
2 siblings, 0 replies; 4+ messages in thread
From: Wei, Gang @ 2018-12-19 3:17 UTC (permalink / raw)
To: Wang, Jian J, edk2-devel@lists.01.org; +Cc: Ye, Ting
Reviewed-by: Gang Wei <gang.wei@intel.com>
> -----Original Message-----
> From: Wang, Jian J
> Sent: Wednesday, December 19, 2018 11:03 AM
> To: edk2-devel@lists.01.org
> Cc: Ye, Ting <ting.ye@intel.com>; Wei, Gang <gang.wei@intel.com>
> Subject: [PATCH] Upgrade OpenSSL to 1.1.0j
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1393
>
> BZ#1089 (https://bugzilla.tianocore.org/show_bug.cgi?id=1089) requests
> to upgrade the OpenSSL to the latest 1.1.1 release. Since OpenSSL-1.1.1
> has many changes, more porting efforts and feature evaluation are needed.
> This might lead to a situation that it cannot catch the Q1'19 stable tag.
>
> One of the solution is upgrade current version (1.1.0h) to 1.1.0j.
> According to following web page in openssl.org, all security issues
> solved in 1.1.1 have been also back-ported to 1.1.0.j. This can make
> sure that no security vulnerabilities left in edk2 master before 1.1.1.
>
> https://www.openssl.org/news/vulnerabilities-1.1.1.html
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Gang Wei <gang.wei@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> ---
> CryptoPkg/CryptoPkg.dsc | 1 +
> .../Library/Include/openssl/opensslconf.h | 20 ++++++++++++-------
> CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 +++
> .../Library/OpensslLib/OpensslLibCrypto.inf | 3 +++
> CryptoPkg/Library/OpensslLib/openssl | 2 +-
> CryptoPkg/Library/OpensslLib/process_files.pl | 0
> 6 files changed, 21 insertions(+), 8 deletions(-)
> mode change 100644 => 100755
> CryptoPkg/Library/OpensslLib/process_files.pl
>
> diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
> index a0334d628b..321abe4d4c 100644
> --- a/CryptoPkg/CryptoPkg.dsc
> +++ b/CryptoPkg/CryptoPkg.dsc
> @@ -121,6 +121,7 @@
> CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> CryptoPkg/Library/TlsLib/TlsLib.inf
> + CryptoPkg/Library/OpensslLib/OpensslLib.inf
>
> [Components.IA32, Components.X64]
> CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 1917d7ab24..28dd9ab93c 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -2,7 +2,7 @@
> * WARNING: do not edit!
> * Generated from include/openssl/opensslconf.h.in
> *
> - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
> + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
> *
> * Licensed under the OpenSSL license (the "License"). You may not use
> * this file except in compliance with the License. You can obtain a copy
> @@ -235,12 +235,18 @@ extern "C" {
> * still won't see them if the library has been built to disable deprecated
> * functions.
> */
> -#if defined(OPENSSL_NO_DEPRECATED)
> -# define DECLARE_DEPRECATED(f)
> -#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> -#else
> -# define DECLARE_DEPRECATED(f) f;
> +#ifndef DECLARE_DEPRECATED
> +# if defined(OPENSSL_NO_DEPRECATED)
> +# define DECLARE_DEPRECATED(f)
> +# else
> +# define DECLARE_DEPRECATED(f) f;
> +# ifdef __GNUC__
> +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> +# undef DECLARE_DEPRECATED
> +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> +# endif
> +# endif
> +# endif
> #endif
>
> #ifndef OPENSSL_FILE
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> index 0300856cf2..6162d29143 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> @@ -175,6 +175,7 @@
> $(OPENSSL_PATH)/crypto/conf/conf_mall.c
> $(OPENSSL_PATH)/crypto/conf/conf_mod.c
> $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> + $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
> $(OPENSSL_PATH)/crypto/cpt_err.c
> $(OPENSSL_PATH)/crypto/cryptlib.c
> $(OPENSSL_PATH)/crypto/cversion.c
> @@ -281,6 +282,7 @@
> $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
> $(OPENSSL_PATH)/crypto/evp/scrypt.c
> $(OPENSSL_PATH)/crypto/ex_data.c
> + $(OPENSSL_PATH)/crypto/getenv.c
> $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
> $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
> $(OPENSSL_PATH)/crypto/hmac/hmac.c
> @@ -418,6 +420,7 @@
> $(OPENSSL_PATH)/crypto/x509/x509_err.c
> $(OPENSSL_PATH)/crypto/x509/x509_ext.c
> $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> + $(OPENSSL_PATH)/crypto/x509/x509_meth.c
> $(OPENSSL_PATH)/crypto/x509/x509_obj.c
> $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
> $(OPENSSL_PATH)/crypto/x509/x509_req.c
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> index 23be4e1e14..b04bf62b4e 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> @@ -175,6 +175,7 @@
> $(OPENSSL_PATH)/crypto/conf/conf_mall.c
> $(OPENSSL_PATH)/crypto/conf/conf_mod.c
> $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> + $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
> $(OPENSSL_PATH)/crypto/cpt_err.c
> $(OPENSSL_PATH)/crypto/cryptlib.c
> $(OPENSSL_PATH)/crypto/cversion.c
> @@ -281,6 +282,7 @@
> $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
> $(OPENSSL_PATH)/crypto/evp/scrypt.c
> $(OPENSSL_PATH)/crypto/ex_data.c
> + $(OPENSSL_PATH)/crypto/getenv.c
> $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
> $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
> $(OPENSSL_PATH)/crypto/hmac/hmac.c
> @@ -418,6 +420,7 @@
> $(OPENSSL_PATH)/crypto/x509/x509_err.c
> $(OPENSSL_PATH)/crypto/x509/x509_ext.c
> $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> + $(OPENSSL_PATH)/crypto/x509/x509_meth.c
> $(OPENSSL_PATH)/crypto/x509/x509_obj.c
> $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
> $(OPENSSL_PATH)/crypto/x509/x509_req.c
> diff --git a/CryptoPkg/Library/OpensslLib/openssl
> b/CryptoPkg/Library/OpensslLib/openssl
> index d4e4bd2a81..74f2d9c1ec 160000
> --- a/CryptoPkg/Library/OpensslLib/openssl
> +++ b/CryptoPkg/Library/OpensslLib/openssl
> @@ -1 +1 @@
> -Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7
> +Subproject commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762
> diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl
> b/CryptoPkg/Library/OpensslLib/process_files.pl
> old mode 100644
> new mode 100755
> --
> 2.17.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Upgrade OpenSSL to 1.1.0j
2018-12-19 3:02 [PATCH] Upgrade OpenSSL to 1.1.0j Jian J Wang
2018-12-19 3:17 ` Wei, Gang
@ 2018-12-20 8:42 ` Ye, Ting
2018-12-21 2:19 ` Wang, Jian J
2 siblings, 0 replies; 4+ messages in thread
From: Ye, Ting @ 2018-12-20 8:42 UTC (permalink / raw)
To: Wang, Jian J, edk2-devel@lists.01.org
Reviewed-by: Ye Ting <ting.ye@intel.com>
-----Original Message-----
From: Wang, Jian J
Sent: Wednesday, December 19, 2018 11:03 AM
To: edk2-devel@lists.01.org
Cc: Ye, Ting <ting.ye@intel.com>; Wei, Gang <gang.wei@intel.com>
Subject: [PATCH] Upgrade OpenSSL to 1.1.0j
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1393
BZ#1089 (https://bugzilla.tianocore.org/show_bug.cgi?id=1089) requests to upgrade the OpenSSL to the latest 1.1.1 release. Since OpenSSL-1.1.1 has many changes, more porting efforts and feature evaluation are needed.
This might lead to a situation that it cannot catch the Q1'19 stable tag.
One of the solution is upgrade current version (1.1.0h) to 1.1.0j.
According to following web page in openssl.org, all security issues solved in 1.1.1 have been also back-ported to 1.1.0.j. This can make sure that no security vulnerabilities left in edk2 master before 1.1.1.
https://www.openssl.org/news/vulnerabilities-1.1.1.html
Cc: Ting Ye <ting.ye@intel.com>
Cc: Gang Wei <gang.wei@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 1 +
.../Library/Include/openssl/opensslconf.h | 20 ++++++++++++-------
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 +++
.../Library/OpensslLib/OpensslLibCrypto.inf | 3 +++
CryptoPkg/Library/OpensslLib/openssl | 2 +-
CryptoPkg/Library/OpensslLib/process_files.pl | 0
6 files changed, 21 insertions(+), 8 deletions(-) mode change 100644 => 100755 CryptoPkg/Library/OpensslLib/process_files.pl
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index a0334d628b..321abe4d4c 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -121,6 +121,7 @@
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
CryptoPkg/Library/TlsLib/TlsLib.inf
+ CryptoPkg/Library/OpensslLib/OpensslLib.inf
[Components.IA32, Components.X64]
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 1917d7ab24..28dd9ab93c 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated from include/openssl/opensslconf.h.in
*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy @@ -235,12 +235,18 @@ extern "C" {
* still won't see them if the library has been built to disable deprecated
* functions.
*/
-#if defined(OPENSSL_NO_DEPRECATED)
-# define DECLARE_DEPRECATED(f)
-#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
-# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
-#else
-# define DECLARE_DEPRECATED(f) f;
+#ifndef DECLARE_DEPRECATED
+# if defined(OPENSSL_NO_DEPRECATED)
+# define DECLARE_DEPRECATED(f)
+# else
+# define DECLARE_DEPRECATED(f) f;
+# ifdef __GNUC__
+# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+# undef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
+# endif
+# endif
+# endif
#endif
#ifndef OPENSSL_FILE
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 0300856cf2..6162d29143 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -175,6 +175,7 @@
$(OPENSSL_PATH)/crypto/conf/conf_mall.c
$(OPENSSL_PATH)/crypto/conf/conf_mod.c
$(OPENSSL_PATH)/crypto/conf/conf_sap.c
+ $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
$(OPENSSL_PATH)/crypto/cpt_err.c
$(OPENSSL_PATH)/crypto/cryptlib.c
$(OPENSSL_PATH)/crypto/cversion.c
@@ -281,6 +282,7 @@
$(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
$(OPENSSL_PATH)/crypto/evp/scrypt.c
$(OPENSSL_PATH)/crypto/ex_data.c
+ $(OPENSSL_PATH)/crypto/getenv.c
$(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
$(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
$(OPENSSL_PATH)/crypto/hmac/hmac.c
@@ -418,6 +420,7 @@
$(OPENSSL_PATH)/crypto/x509/x509_err.c
$(OPENSSL_PATH)/crypto/x509/x509_ext.c
$(OPENSSL_PATH)/crypto/x509/x509_lu.c
+ $(OPENSSL_PATH)/crypto/x509/x509_meth.c
$(OPENSSL_PATH)/crypto/x509/x509_obj.c
$(OPENSSL_PATH)/crypto/x509/x509_r2x.c
$(OPENSSL_PATH)/crypto/x509/x509_req.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 23be4e1e14..b04bf62b4e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -175,6 +175,7 @@
$(OPENSSL_PATH)/crypto/conf/conf_mall.c
$(OPENSSL_PATH)/crypto/conf/conf_mod.c
$(OPENSSL_PATH)/crypto/conf/conf_sap.c
+ $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
$(OPENSSL_PATH)/crypto/cpt_err.c
$(OPENSSL_PATH)/crypto/cryptlib.c
$(OPENSSL_PATH)/crypto/cversion.c
@@ -281,6 +282,7 @@
$(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
$(OPENSSL_PATH)/crypto/evp/scrypt.c
$(OPENSSL_PATH)/crypto/ex_data.c
+ $(OPENSSL_PATH)/crypto/getenv.c
$(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
$(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
$(OPENSSL_PATH)/crypto/hmac/hmac.c
@@ -418,6 +420,7 @@
$(OPENSSL_PATH)/crypto/x509/x509_err.c
$(OPENSSL_PATH)/crypto/x509/x509_ext.c
$(OPENSSL_PATH)/crypto/x509/x509_lu.c
+ $(OPENSSL_PATH)/crypto/x509/x509_meth.c
$(OPENSSL_PATH)/crypto/x509/x509_obj.c
$(OPENSSL_PATH)/crypto/x509/x509_r2x.c
$(OPENSSL_PATH)/crypto/x509/x509_req.c
diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl
index d4e4bd2a81..74f2d9c1ec 160000
--- a/CryptoPkg/Library/OpensslLib/openssl
+++ b/CryptoPkg/Library/OpensslLib/openssl
@@ -1 +1 @@
-Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7
+Subproject commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
old mode 100644
new mode 100755
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] Upgrade OpenSSL to 1.1.0j
2018-12-19 3:02 [PATCH] Upgrade OpenSSL to 1.1.0j Jian J Wang
2018-12-19 3:17 ` Wei, Gang
2018-12-20 8:42 ` Ye, Ting
@ 2018-12-21 2:19 ` Wang, Jian J
2 siblings, 0 replies; 4+ messages in thread
From: Wang, Jian J @ 2018-12-21 2:19 UTC (permalink / raw)
To: Wang, Jian J, edk2-devel@lists.01.org; +Cc: Ye, Ting, Wei, Gang
Pushed @ a18f784cfdbe17855ec4376e80db927e1a81aaca
To whom it may concern, please remember to update the openssl submodule before
building any modules from CryptoPkg.
Regards,
Jian
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Jian J
> Wang
> Sent: Wednesday, December 19, 2018 11:03 AM
> To: edk2-devel@lists.01.org
> Cc: Ye, Ting <ting.ye@intel.com>
> Subject: [edk2] [PATCH] Upgrade OpenSSL to 1.1.0j
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1393
>
> BZ#1089 (https://bugzilla.tianocore.org/show_bug.cgi?id=1089) requests
> to upgrade the OpenSSL to the latest 1.1.1 release. Since OpenSSL-1.1.1
> has many changes, more porting efforts and feature evaluation are needed.
> This might lead to a situation that it cannot catch the Q1'19 stable tag.
>
> One of the solution is upgrade current version (1.1.0h) to 1.1.0j.
> According to following web page in openssl.org, all security issues
> solved in 1.1.1 have been also back-ported to 1.1.0.j. This can make
> sure that no security vulnerabilities left in edk2 master before 1.1.1.
>
> https://www.openssl.org/news/vulnerabilities-1.1.1.html
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Gang Wei <gang.wei@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> ---
> CryptoPkg/CryptoPkg.dsc | 1 +
> .../Library/Include/openssl/opensslconf.h | 20 ++++++++++++-------
> CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 +++
> .../Library/OpensslLib/OpensslLibCrypto.inf | 3 +++
> CryptoPkg/Library/OpensslLib/openssl | 2 +-
> CryptoPkg/Library/OpensslLib/process_files.pl | 0
> 6 files changed, 21 insertions(+), 8 deletions(-)
> mode change 100644 => 100755 CryptoPkg/Library/OpensslLib/process_files.pl
>
> diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
> index a0334d628b..321abe4d4c 100644
> --- a/CryptoPkg/CryptoPkg.dsc
> +++ b/CryptoPkg/CryptoPkg.dsc
> @@ -121,6 +121,7 @@
> CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> CryptoPkg/Library/TlsLib/TlsLib.inf
> + CryptoPkg/Library/OpensslLib/OpensslLib.inf
>
> [Components.IA32, Components.X64]
> CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 1917d7ab24..28dd9ab93c 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -2,7 +2,7 @@
> * WARNING: do not edit!
> * Generated from include/openssl/opensslconf.h.in
> *
> - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
> + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
> *
> * Licensed under the OpenSSL license (the "License"). You may not use
> * this file except in compliance with the License. You can obtain a copy
> @@ -235,12 +235,18 @@ extern "C" {
> * still won't see them if the library has been built to disable deprecated
> * functions.
> */
> -#if defined(OPENSSL_NO_DEPRECATED)
> -# define DECLARE_DEPRECATED(f)
> -#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> -#else
> -# define DECLARE_DEPRECATED(f) f;
> +#ifndef DECLARE_DEPRECATED
> +# if defined(OPENSSL_NO_DEPRECATED)
> +# define DECLARE_DEPRECATED(f)
> +# else
> +# define DECLARE_DEPRECATED(f) f;
> +# ifdef __GNUC__
> +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> +# undef DECLARE_DEPRECATED
> +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> +# endif
> +# endif
> +# endif
> #endif
>
> #ifndef OPENSSL_FILE
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> index 0300856cf2..6162d29143 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> @@ -175,6 +175,7 @@
> $(OPENSSL_PATH)/crypto/conf/conf_mall.c
> $(OPENSSL_PATH)/crypto/conf/conf_mod.c
> $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> + $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
> $(OPENSSL_PATH)/crypto/cpt_err.c
> $(OPENSSL_PATH)/crypto/cryptlib.c
> $(OPENSSL_PATH)/crypto/cversion.c
> @@ -281,6 +282,7 @@
> $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
> $(OPENSSL_PATH)/crypto/evp/scrypt.c
> $(OPENSSL_PATH)/crypto/ex_data.c
> + $(OPENSSL_PATH)/crypto/getenv.c
> $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
> $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
> $(OPENSSL_PATH)/crypto/hmac/hmac.c
> @@ -418,6 +420,7 @@
> $(OPENSSL_PATH)/crypto/x509/x509_err.c
> $(OPENSSL_PATH)/crypto/x509/x509_ext.c
> $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> + $(OPENSSL_PATH)/crypto/x509/x509_meth.c
> $(OPENSSL_PATH)/crypto/x509/x509_obj.c
> $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
> $(OPENSSL_PATH)/crypto/x509/x509_req.c
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> index 23be4e1e14..b04bf62b4e 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> @@ -175,6 +175,7 @@
> $(OPENSSL_PATH)/crypto/conf/conf_mall.c
> $(OPENSSL_PATH)/crypto/conf/conf_mod.c
> $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> + $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
> $(OPENSSL_PATH)/crypto/cpt_err.c
> $(OPENSSL_PATH)/crypto/cryptlib.c
> $(OPENSSL_PATH)/crypto/cversion.c
> @@ -281,6 +282,7 @@
> $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
> $(OPENSSL_PATH)/crypto/evp/scrypt.c
> $(OPENSSL_PATH)/crypto/ex_data.c
> + $(OPENSSL_PATH)/crypto/getenv.c
> $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
> $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
> $(OPENSSL_PATH)/crypto/hmac/hmac.c
> @@ -418,6 +420,7 @@
> $(OPENSSL_PATH)/crypto/x509/x509_err.c
> $(OPENSSL_PATH)/crypto/x509/x509_ext.c
> $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> + $(OPENSSL_PATH)/crypto/x509/x509_meth.c
> $(OPENSSL_PATH)/crypto/x509/x509_obj.c
> $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
> $(OPENSSL_PATH)/crypto/x509/x509_req.c
> diff --git a/CryptoPkg/Library/OpensslLib/openssl
> b/CryptoPkg/Library/OpensslLib/openssl
> index d4e4bd2a81..74f2d9c1ec 160000
> --- a/CryptoPkg/Library/OpensslLib/openssl
> +++ b/CryptoPkg/Library/OpensslLib/openssl
> @@ -1 +1 @@
> -Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7
> +Subproject commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762
> diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl
> b/CryptoPkg/Library/OpensslLib/process_files.pl
> old mode 100644
> new mode 100755
> --
> 2.17.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-12-21 2:19 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-12-19 3:02 [PATCH] Upgrade OpenSSL to 1.1.0j Jian J Wang
2018-12-19 3:17 ` Wei, Gang
2018-12-20 8:42 ` Ye, Ting
2018-12-21 2:19 ` Wang, Jian J
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox