From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jian.j.wang@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.65; helo=mga03.intel.com;
 envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 31E9C2119707B
 for <edk2-devel@lists.01.org>; Thu, 20 Dec 2018 18:19:58 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
 by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 20 Dec 2018 18:19:58 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,379,1539673200"; d="scan'208";a="261179236"
Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205])
 by orsmga004.jf.intel.com with ESMTP; 20 Dec 2018 18:19:58 -0800
Received: from fmsmsx126.amr.corp.intel.com (10.18.125.43) by
 fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Thu, 20 Dec 2018 18:19:35 -0800
Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by
 FMSMSX126.amr.corp.intel.com (10.18.125.43) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Thu, 20 Dec 2018 18:19:35 -0800
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.59]) by
 shsmsx102.ccr.corp.intel.com ([169.254.2.182]) with mapi id 14.03.0415.000;
 Fri, 21 Dec 2018 10:19:13 +0800
From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "Wang, Jian J" <jian.j.wang@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Ye, Ting" <ting.ye@intel.com>, "Wei, Gang" <gang.wei@intel.com>
Thread-Topic: [edk2] [PATCH] Upgrade OpenSSL to 1.1.0j
Thread-Index: AQHUl0ddLsjs57Fn/kCuXUnUemu6q6WId34Q
Date: Fri, 21 Dec 2018 02:19:12 +0000
Message-ID: <D827630B58408649ACB04F44C510003624ED3603@SHSMSX103.ccr.corp.intel.com>
References: <20181219030249.844-1-jian.j.wang@intel.com>
In-Reply-To: <20181219030249.844-1-jian.j.wang@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMGFmZWUzNTgtZWEyMi00ZTE1LTg1YzMtNjI3OTQ3MDA2ODM5IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoidVNuS2F0dlpMQkpmMFwvZ1FBTFZtTlZYSnpHbTRFcENKdGhtb3hjcTBQeEtKQ2dUanI2eFA4akJrc04wXC9yZVpzIn0=
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.400.15
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH] Upgrade OpenSSL to 1.1.0j
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Dec 2018 02:19:59 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Pushed @ a18f784cfdbe17855ec4376e80db927e1a81aaca

To whom it may concern, please remember to update the openssl submodule bef=
ore
building any modules from CryptoPkg.

Regards,
Jian


> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ji=
an J
> Wang
> Sent: Wednesday, December 19, 2018 11:03 AM
> To: edk2-devel@lists.01.org
> Cc: Ye, Ting <ting.ye@intel.com>
> Subject: [edk2] [PATCH] Upgrade OpenSSL to 1.1.0j
>=20
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1393
>=20
> BZ#1089 (https://bugzilla.tianocore.org/show_bug.cgi?id=3D1089) requests
> to upgrade the OpenSSL to the latest 1.1.1 release. Since OpenSSL-1.1.1
> has many changes, more porting efforts and feature evaluation are needed.
> This might lead to a situation that it cannot catch the Q1'19 stable tag.
>=20
> One of the solution is upgrade current version (1.1.0h) to 1.1.0j.
> According to following web page in openssl.org, all security issues
> solved in 1.1.1 have been also back-ported to 1.1.0.j. This can make
> sure that no security vulnerabilities left in edk2 master before 1.1.1.
>=20
> https://www.openssl.org/news/vulnerabilities-1.1.1.html
>=20
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Gang Wei <gang.wei@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> ---
>  CryptoPkg/CryptoPkg.dsc                       |  1 +
>  .../Library/Include/openssl/opensslconf.h     | 20 ++++++++++++-------
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf   |  3 +++
>  .../Library/OpensslLib/OpensslLibCrypto.inf   |  3 +++
>  CryptoPkg/Library/OpensslLib/openssl          |  2 +-
>  CryptoPkg/Library/OpensslLib/process_files.pl |  0
>  6 files changed, 21 insertions(+), 8 deletions(-)
>  mode change 100644 =3D> 100755 CryptoPkg/Library/OpensslLib/process_file=
s.pl
>=20
> diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
> index a0334d628b..321abe4d4c 100644
> --- a/CryptoPkg/CryptoPkg.dsc
> +++ b/CryptoPkg/CryptoPkg.dsc
> @@ -121,6 +121,7 @@
>    CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
>    CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
>    CryptoPkg/Library/TlsLib/TlsLib.inf
> +  CryptoPkg/Library/OpensslLib/OpensslLib.inf
>=20
>  [Components.IA32, Components.X64]
>    CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 1917d7ab24..28dd9ab93c 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -2,7 +2,7 @@
>   * WARNING: do not edit!
>   * Generated from include/openssl/opensslconf.h.in
>   *
> - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
> + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
>   *
>   * Licensed under the OpenSSL license (the "License").  You may not use
>   * this file except in compliance with the License.  You can obtain a co=
py
> @@ -235,12 +235,18 @@ extern "C" {
>   * still won't see them if the library has been built to disable depreca=
ted
>   * functions.
>   */
> -#if defined(OPENSSL_NO_DEPRECATED)
> -# define DECLARE_DEPRECATED(f)
> -#elif __GNUC__ > 3 || (__GNUC__ =3D=3D 3 && __GNUC_MINOR__ > 0)
> -# define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> -#else
> -# define DECLARE_DEPRECATED(f)   f;
> +#ifndef DECLARE_DEPRECATED
> +# if defined(OPENSSL_NO_DEPRECATED)
> +#  define DECLARE_DEPRECATED(f)
> +# else
> +#  define DECLARE_DEPRECATED(f)   f;
> +#  ifdef __GNUC__
> +#   if __GNUC__ > 3 || (__GNUC__ =3D=3D 3 && __GNUC_MINOR__ > 0)
> +#    undef DECLARE_DEPRECATED
> +#    define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> +#   endif
> +#  endif
> +# endif
>  #endif
>=20
>  #ifndef OPENSSL_FILE
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> index 0300856cf2..6162d29143 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> @@ -175,6 +175,7 @@
>    $(OPENSSL_PATH)/crypto/conf/conf_mall.c
>    $(OPENSSL_PATH)/crypto/conf/conf_mod.c
>    $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> +  $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
>    $(OPENSSL_PATH)/crypto/cpt_err.c
>    $(OPENSSL_PATH)/crypto/cryptlib.c
>    $(OPENSSL_PATH)/crypto/cversion.c
> @@ -281,6 +282,7 @@
>    $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
>    $(OPENSSL_PATH)/crypto/evp/scrypt.c
>    $(OPENSSL_PATH)/crypto/ex_data.c
> +  $(OPENSSL_PATH)/crypto/getenv.c
>    $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
>    $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
>    $(OPENSSL_PATH)/crypto/hmac/hmac.c
> @@ -418,6 +420,7 @@
>    $(OPENSSL_PATH)/crypto/x509/x509_err.c
>    $(OPENSSL_PATH)/crypto/x509/x509_ext.c
>    $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> +  $(OPENSSL_PATH)/crypto/x509/x509_meth.c
>    $(OPENSSL_PATH)/crypto/x509/x509_obj.c
>    $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
>    $(OPENSSL_PATH)/crypto/x509/x509_req.c
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> index 23be4e1e14..b04bf62b4e 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> @@ -175,6 +175,7 @@
>    $(OPENSSL_PATH)/crypto/conf/conf_mall.c
>    $(OPENSSL_PATH)/crypto/conf/conf_mod.c
>    $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> +  $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
>    $(OPENSSL_PATH)/crypto/cpt_err.c
>    $(OPENSSL_PATH)/crypto/cryptlib.c
>    $(OPENSSL_PATH)/crypto/cversion.c
> @@ -281,6 +282,7 @@
>    $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
>    $(OPENSSL_PATH)/crypto/evp/scrypt.c
>    $(OPENSSL_PATH)/crypto/ex_data.c
> +  $(OPENSSL_PATH)/crypto/getenv.c
>    $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
>    $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
>    $(OPENSSL_PATH)/crypto/hmac/hmac.c
> @@ -418,6 +420,7 @@
>    $(OPENSSL_PATH)/crypto/x509/x509_err.c
>    $(OPENSSL_PATH)/crypto/x509/x509_ext.c
>    $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> +  $(OPENSSL_PATH)/crypto/x509/x509_meth.c
>    $(OPENSSL_PATH)/crypto/x509/x509_obj.c
>    $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
>    $(OPENSSL_PATH)/crypto/x509/x509_req.c
> diff --git a/CryptoPkg/Library/OpensslLib/openssl
> b/CryptoPkg/Library/OpensslLib/openssl
> index d4e4bd2a81..74f2d9c1ec 160000
> --- a/CryptoPkg/Library/OpensslLib/openssl
> +++ b/CryptoPkg/Library/OpensslLib/openssl
> @@ -1 +1 @@
> -Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7
> +Subproject commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762
> diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl
> b/CryptoPkg/Library/OpensslLib/process_files.pl
> old mode 100644
> new mode 100755
> --
> 2.17.1
>=20
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel