From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gang.wei@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.126; helo=mga18.intel.com;
 envelope-from=gang.wei@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id DF0D821962301
 for <edk2-devel@lists.01.org>; Tue, 18 Dec 2018 19:17:57 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga006.jf.intel.com ([10.7.209.51])
 by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 18 Dec 2018 19:17:57 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,371,1539673200"; d="scan'208";a="101759525"
Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206])
 by orsmga006.jf.intel.com with ESMTP; 18 Dec 2018 19:17:57 -0800
Received: from fmsmsx120.amr.corp.intel.com (10.18.124.208) by
 FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Tue, 18 Dec 2018 19:17:57 -0800
Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by
 fmsmsx120.amr.corp.intel.com (10.18.124.208) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Tue, 18 Dec 2018 19:17:56 -0800
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.182]) by
 SHSMSX103.ccr.corp.intel.com ([169.254.4.59]) with mapi id 14.03.0415.000;
 Wed, 19 Dec 2018 11:17:55 +0800
From: "Wei, Gang" <gang.wei@intel.com>
To: "Wang, Jian J" <jian.j.wang@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Ye, Ting" <ting.ye@intel.com>
Thread-Topic: [PATCH] Upgrade OpenSSL to 1.1.0j
Thread-Index: AQHUl0doGUn17X9PEkaMfRwKbeneh6WFY+eQ
Date: Wed, 19 Dec 2018 03:17:54 +0000
Message-ID: <D0B11485C64D4B47B66902F8A4E901BE40657933@shsmsx102.ccr.corp.intel.com>
References: <20181219030249.844-1-jian.j.wang@intel.com>
In-Reply-To: <20181219030249.844-1-jian.j.wang@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZGY5OWJlNTAtNzlmYy00YTUyLWExNTAtZDg4NDBmN2MyNjdlIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiVWhWVklncGdIWlVGMUk3V0dXcW5YQ2NCWWdaMnNcL3JDWXpCbnBhTERJXC9kOE5CVzJWSGZwa29RMXE5NlM0ZVIxIn0=
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.400.15
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH] Upgrade OpenSSL to 1.1.0j
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Dec 2018 03:17:58 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Gang Wei <gang.wei@intel.com>

> -----Original Message-----
> From: Wang, Jian J
> Sent: Wednesday, December 19, 2018 11:03 AM
> To: edk2-devel@lists.01.org
> Cc: Ye, Ting <ting.ye@intel.com>; Wei, Gang <gang.wei@intel.com>
> Subject: [PATCH] Upgrade OpenSSL to 1.1.0j
>=20
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1393
>=20
> BZ#1089 (https://bugzilla.tianocore.org/show_bug.cgi?id=3D1089) requests
> to upgrade the OpenSSL to the latest 1.1.1 release. Since OpenSSL-1.1.1
> has many changes, more porting efforts and feature evaluation are needed.
> This might lead to a situation that it cannot catch the Q1'19 stable tag.
>=20
> One of the solution is upgrade current version (1.1.0h) to 1.1.0j.
> According to following web page in openssl.org, all security issues
> solved in 1.1.1 have been also back-ported to 1.1.0.j. This can make
> sure that no security vulnerabilities left in edk2 master before 1.1.1.
>=20
> https://www.openssl.org/news/vulnerabilities-1.1.1.html
>=20
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Gang Wei <gang.wei@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> ---
>  CryptoPkg/CryptoPkg.dsc                       |  1 +
>  .../Library/Include/openssl/opensslconf.h     | 20 ++++++++++++-------
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf   |  3 +++
>  .../Library/OpensslLib/OpensslLibCrypto.inf   |  3 +++
>  CryptoPkg/Library/OpensslLib/openssl          |  2 +-
>  CryptoPkg/Library/OpensslLib/process_files.pl |  0
>  6 files changed, 21 insertions(+), 8 deletions(-)
>  mode change 100644 =3D> 100755
> CryptoPkg/Library/OpensslLib/process_files.pl
>=20
> diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
> index a0334d628b..321abe4d4c 100644
> --- a/CryptoPkg/CryptoPkg.dsc
> +++ b/CryptoPkg/CryptoPkg.dsc
> @@ -121,6 +121,7 @@
>    CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
>    CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
>    CryptoPkg/Library/TlsLib/TlsLib.inf
> +  CryptoPkg/Library/OpensslLib/OpensslLib.inf
>=20
>  [Components.IA32, Components.X64]
>    CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 1917d7ab24..28dd9ab93c 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -2,7 +2,7 @@
>   * WARNING: do not edit!
>   * Generated from include/openssl/opensslconf.h.in
>   *
> - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
> + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
>   *
>   * Licensed under the OpenSSL license (the "License").  You may not use
>   * this file except in compliance with the License.  You can obtain a co=
py
> @@ -235,12 +235,18 @@ extern "C" {
>   * still won't see them if the library has been built to disable depreca=
ted
>   * functions.
>   */
> -#if defined(OPENSSL_NO_DEPRECATED)
> -# define DECLARE_DEPRECATED(f)
> -#elif __GNUC__ > 3 || (__GNUC__ =3D=3D 3 && __GNUC_MINOR__ > 0)
> -# define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> -#else
> -# define DECLARE_DEPRECATED(f)   f;
> +#ifndef DECLARE_DEPRECATED
> +# if defined(OPENSSL_NO_DEPRECATED)
> +#  define DECLARE_DEPRECATED(f)
> +# else
> +#  define DECLARE_DEPRECATED(f)   f;
> +#  ifdef __GNUC__
> +#   if __GNUC__ > 3 || (__GNUC__ =3D=3D 3 && __GNUC_MINOR__ > 0)
> +#    undef DECLARE_DEPRECATED
> +#    define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> +#   endif
> +#  endif
> +# endif
>  #endif
>=20
>  #ifndef OPENSSL_FILE
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> index 0300856cf2..6162d29143 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> @@ -175,6 +175,7 @@
>    $(OPENSSL_PATH)/crypto/conf/conf_mall.c
>    $(OPENSSL_PATH)/crypto/conf/conf_mod.c
>    $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> +  $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
>    $(OPENSSL_PATH)/crypto/cpt_err.c
>    $(OPENSSL_PATH)/crypto/cryptlib.c
>    $(OPENSSL_PATH)/crypto/cversion.c
> @@ -281,6 +282,7 @@
>    $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
>    $(OPENSSL_PATH)/crypto/evp/scrypt.c
>    $(OPENSSL_PATH)/crypto/ex_data.c
> +  $(OPENSSL_PATH)/crypto/getenv.c
>    $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
>    $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
>    $(OPENSSL_PATH)/crypto/hmac/hmac.c
> @@ -418,6 +420,7 @@
>    $(OPENSSL_PATH)/crypto/x509/x509_err.c
>    $(OPENSSL_PATH)/crypto/x509/x509_ext.c
>    $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> +  $(OPENSSL_PATH)/crypto/x509/x509_meth.c
>    $(OPENSSL_PATH)/crypto/x509/x509_obj.c
>    $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
>    $(OPENSSL_PATH)/crypto/x509/x509_req.c
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> index 23be4e1e14..b04bf62b4e 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> @@ -175,6 +175,7 @@
>    $(OPENSSL_PATH)/crypto/conf/conf_mall.c
>    $(OPENSSL_PATH)/crypto/conf/conf_mod.c
>    $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> +  $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
>    $(OPENSSL_PATH)/crypto/cpt_err.c
>    $(OPENSSL_PATH)/crypto/cryptlib.c
>    $(OPENSSL_PATH)/crypto/cversion.c
> @@ -281,6 +282,7 @@
>    $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
>    $(OPENSSL_PATH)/crypto/evp/scrypt.c
>    $(OPENSSL_PATH)/crypto/ex_data.c
> +  $(OPENSSL_PATH)/crypto/getenv.c
>    $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
>    $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
>    $(OPENSSL_PATH)/crypto/hmac/hmac.c
> @@ -418,6 +420,7 @@
>    $(OPENSSL_PATH)/crypto/x509/x509_err.c
>    $(OPENSSL_PATH)/crypto/x509/x509_ext.c
>    $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> +  $(OPENSSL_PATH)/crypto/x509/x509_meth.c
>    $(OPENSSL_PATH)/crypto/x509/x509_obj.c
>    $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
>    $(OPENSSL_PATH)/crypto/x509/x509_req.c
> diff --git a/CryptoPkg/Library/OpensslLib/openssl
> b/CryptoPkg/Library/OpensslLib/openssl
> index d4e4bd2a81..74f2d9c1ec 160000
> --- a/CryptoPkg/Library/OpensslLib/openssl
> +++ b/CryptoPkg/Library/OpensslLib/openssl
> @@ -1 +1 @@
> -Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7
> +Subproject commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762
> diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl
> b/CryptoPkg/Library/OpensslLib/process_files.pl
> old mode 100644
> new mode 100755
> --
> 2.17.1