From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "Wang, Jian J" <jian.j.wang@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Ye, Ting" <ting.ye@intel.com>, "Wei, Gang" <gang.wei@intel.com>
Subject: Re: [PATCH] Upgrade OpenSSL to 1.1.0j
Date: Fri, 21 Dec 2018 02:19:12 +0000 [thread overview]
Message-ID: <D827630B58408649ACB04F44C510003624ED3603@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <20181219030249.844-1-jian.j.wang@intel.com>
Pushed @ a18f784cfdbe17855ec4376e80db927e1a81aaca
To whom it may concern, please remember to update the openssl submodule before
building any modules from CryptoPkg.
Regards,
Jian
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Jian J
> Wang
> Sent: Wednesday, December 19, 2018 11:03 AM
> To: edk2-devel@lists.01.org
> Cc: Ye, Ting <ting.ye@intel.com>
> Subject: [edk2] [PATCH] Upgrade OpenSSL to 1.1.0j
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1393
>
> BZ#1089 (https://bugzilla.tianocore.org/show_bug.cgi?id=1089) requests
> to upgrade the OpenSSL to the latest 1.1.1 release. Since OpenSSL-1.1.1
> has many changes, more porting efforts and feature evaluation are needed.
> This might lead to a situation that it cannot catch the Q1'19 stable tag.
>
> One of the solution is upgrade current version (1.1.0h) to 1.1.0j.
> According to following web page in openssl.org, all security issues
> solved in 1.1.1 have been also back-ported to 1.1.0.j. This can make
> sure that no security vulnerabilities left in edk2 master before 1.1.1.
>
> https://www.openssl.org/news/vulnerabilities-1.1.1.html
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Gang Wei <gang.wei@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> ---
> CryptoPkg/CryptoPkg.dsc | 1 +
> .../Library/Include/openssl/opensslconf.h | 20 ++++++++++++-------
> CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 +++
> .../Library/OpensslLib/OpensslLibCrypto.inf | 3 +++
> CryptoPkg/Library/OpensslLib/openssl | 2 +-
> CryptoPkg/Library/OpensslLib/process_files.pl | 0
> 6 files changed, 21 insertions(+), 8 deletions(-)
> mode change 100644 => 100755 CryptoPkg/Library/OpensslLib/process_files.pl
>
> diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
> index a0334d628b..321abe4d4c 100644
> --- a/CryptoPkg/CryptoPkg.dsc
> +++ b/CryptoPkg/CryptoPkg.dsc
> @@ -121,6 +121,7 @@
> CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> CryptoPkg/Library/TlsLib/TlsLib.inf
> + CryptoPkg/Library/OpensslLib/OpensslLib.inf
>
> [Components.IA32, Components.X64]
> CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 1917d7ab24..28dd9ab93c 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -2,7 +2,7 @@
> * WARNING: do not edit!
> * Generated from include/openssl/opensslconf.h.in
> *
> - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
> + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
> *
> * Licensed under the OpenSSL license (the "License"). You may not use
> * this file except in compliance with the License. You can obtain a copy
> @@ -235,12 +235,18 @@ extern "C" {
> * still won't see them if the library has been built to disable deprecated
> * functions.
> */
> -#if defined(OPENSSL_NO_DEPRECATED)
> -# define DECLARE_DEPRECATED(f)
> -#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> -#else
> -# define DECLARE_DEPRECATED(f) f;
> +#ifndef DECLARE_DEPRECATED
> +# if defined(OPENSSL_NO_DEPRECATED)
> +# define DECLARE_DEPRECATED(f)
> +# else
> +# define DECLARE_DEPRECATED(f) f;
> +# ifdef __GNUC__
> +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> +# undef DECLARE_DEPRECATED
> +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> +# endif
> +# endif
> +# endif
> #endif
>
> #ifndef OPENSSL_FILE
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> index 0300856cf2..6162d29143 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> @@ -175,6 +175,7 @@
> $(OPENSSL_PATH)/crypto/conf/conf_mall.c
> $(OPENSSL_PATH)/crypto/conf/conf_mod.c
> $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> + $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
> $(OPENSSL_PATH)/crypto/cpt_err.c
> $(OPENSSL_PATH)/crypto/cryptlib.c
> $(OPENSSL_PATH)/crypto/cversion.c
> @@ -281,6 +282,7 @@
> $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
> $(OPENSSL_PATH)/crypto/evp/scrypt.c
> $(OPENSSL_PATH)/crypto/ex_data.c
> + $(OPENSSL_PATH)/crypto/getenv.c
> $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
> $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
> $(OPENSSL_PATH)/crypto/hmac/hmac.c
> @@ -418,6 +420,7 @@
> $(OPENSSL_PATH)/crypto/x509/x509_err.c
> $(OPENSSL_PATH)/crypto/x509/x509_ext.c
> $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> + $(OPENSSL_PATH)/crypto/x509/x509_meth.c
> $(OPENSSL_PATH)/crypto/x509/x509_obj.c
> $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
> $(OPENSSL_PATH)/crypto/x509/x509_req.c
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> index 23be4e1e14..b04bf62b4e 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> @@ -175,6 +175,7 @@
> $(OPENSSL_PATH)/crypto/conf/conf_mall.c
> $(OPENSSL_PATH)/crypto/conf/conf_mod.c
> $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> + $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
> $(OPENSSL_PATH)/crypto/cpt_err.c
> $(OPENSSL_PATH)/crypto/cryptlib.c
> $(OPENSSL_PATH)/crypto/cversion.c
> @@ -281,6 +282,7 @@
> $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
> $(OPENSSL_PATH)/crypto/evp/scrypt.c
> $(OPENSSL_PATH)/crypto/ex_data.c
> + $(OPENSSL_PATH)/crypto/getenv.c
> $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
> $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
> $(OPENSSL_PATH)/crypto/hmac/hmac.c
> @@ -418,6 +420,7 @@
> $(OPENSSL_PATH)/crypto/x509/x509_err.c
> $(OPENSSL_PATH)/crypto/x509/x509_ext.c
> $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> + $(OPENSSL_PATH)/crypto/x509/x509_meth.c
> $(OPENSSL_PATH)/crypto/x509/x509_obj.c
> $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
> $(OPENSSL_PATH)/crypto/x509/x509_req.c
> diff --git a/CryptoPkg/Library/OpensslLib/openssl
> b/CryptoPkg/Library/OpensslLib/openssl
> index d4e4bd2a81..74f2d9c1ec 160000
> --- a/CryptoPkg/Library/OpensslLib/openssl
> +++ b/CryptoPkg/Library/OpensslLib/openssl
> @@ -1 +1 @@
> -Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7
> +Subproject commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762
> diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl
> b/CryptoPkg/Library/OpensslLib/process_files.pl
> old mode 100644
> new mode 100755
> --
> 2.17.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
prev parent reply other threads:[~2018-12-21 2:19 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-19 3:02 [PATCH] Upgrade OpenSSL to 1.1.0j Jian J Wang
2018-12-19 3:17 ` Wei, Gang
2018-12-20 8:42 ` Ye, Ting
2018-12-21 2:19 ` Wang, Jian J [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D827630B58408649ACB04F44C510003624ED3603@SHSMSX103.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox