From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.65; helo=mga03.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 31E9C2119707B for ; Thu, 20 Dec 2018 18:19:58 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Dec 2018 18:19:58 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,379,1539673200"; d="scan'208";a="261179236" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga004.jf.intel.com with ESMTP; 20 Dec 2018 18:19:58 -0800 Received: from fmsmsx126.amr.corp.intel.com (10.18.125.43) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 20 Dec 2018 18:19:35 -0800 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by FMSMSX126.amr.corp.intel.com (10.18.125.43) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 20 Dec 2018 18:19:35 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.59]) by shsmsx102.ccr.corp.intel.com ([169.254.2.182]) with mapi id 14.03.0415.000; Fri, 21 Dec 2018 10:19:13 +0800 From: "Wang, Jian J" To: "Wang, Jian J" , "edk2-devel@lists.01.org" CC: "Ye, Ting" , "Wei, Gang" Thread-Topic: [edk2] [PATCH] Upgrade OpenSSL to 1.1.0j Thread-Index: AQHUl0ddLsjs57Fn/kCuXUnUemu6q6WId34Q Date: Fri, 21 Dec 2018 02:19:12 +0000 Message-ID: References: <20181219030249.844-1-jian.j.wang@intel.com> In-Reply-To: <20181219030249.844-1-jian.j.wang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMGFmZWUzNTgtZWEyMi00ZTE1LTg1YzMtNjI3OTQ3MDA2ODM5IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoidVNuS2F0dlpMQkpmMFwvZ1FBTFZtTlZYSnpHbTRFcENKdGhtb3hjcTBQeEtKQ2dUanI2eFA4akJrc04wXC9yZVpzIn0= x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] Upgrade OpenSSL to 1.1.0j X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Dec 2018 02:19:59 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Pushed @ a18f784cfdbe17855ec4376e80db927e1a81aaca To whom it may concern, please remember to update the openssl submodule bef= ore building any modules from CryptoPkg. Regards, Jian > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ji= an J > Wang > Sent: Wednesday, December 19, 2018 11:03 AM > To: edk2-devel@lists.01.org > Cc: Ye, Ting > Subject: [edk2] [PATCH] Upgrade OpenSSL to 1.1.0j >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1393 >=20 > BZ#1089 (https://bugzilla.tianocore.org/show_bug.cgi?id=3D1089) requests > to upgrade the OpenSSL to the latest 1.1.1 release. Since OpenSSL-1.1.1 > has many changes, more porting efforts and feature evaluation are needed. > This might lead to a situation that it cannot catch the Q1'19 stable tag. >=20 > One of the solution is upgrade current version (1.1.0h) to 1.1.0j. > According to following web page in openssl.org, all security issues > solved in 1.1.1 have been also back-ported to 1.1.0.j. This can make > sure that no security vulnerabilities left in edk2 master before 1.1.1. >=20 > https://www.openssl.org/news/vulnerabilities-1.1.1.html >=20 > Cc: Ting Ye > Cc: Gang Wei > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Jian J Wang > --- > CryptoPkg/CryptoPkg.dsc | 1 + > .../Library/Include/openssl/opensslconf.h | 20 ++++++++++++------- > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 +++ > .../Library/OpensslLib/OpensslLibCrypto.inf | 3 +++ > CryptoPkg/Library/OpensslLib/openssl | 2 +- > CryptoPkg/Library/OpensslLib/process_files.pl | 0 > 6 files changed, 21 insertions(+), 8 deletions(-) > mode change 100644 =3D> 100755 CryptoPkg/Library/OpensslLib/process_file= s.pl >=20 > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > index a0334d628b..321abe4d4c 100644 > --- a/CryptoPkg/CryptoPkg.dsc > +++ b/CryptoPkg/CryptoPkg.dsc > @@ -121,6 +121,7 @@ > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > CryptoPkg/Library/TlsLib/TlsLib.inf > + CryptoPkg/Library/OpensslLib/OpensslLib.inf >=20 > [Components.IA32, Components.X64] > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h > b/CryptoPkg/Library/Include/openssl/opensslconf.h > index 1917d7ab24..28dd9ab93c 100644 > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > @@ -2,7 +2,7 @@ > * WARNING: do not edit! > * Generated from include/openssl/opensslconf.h.in > * > - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. > + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. > * > * Licensed under the OpenSSL license (the "License"). You may not use > * this file except in compliance with the License. You can obtain a co= py > @@ -235,12 +235,18 @@ extern "C" { > * still won't see them if the library has been built to disable depreca= ted > * functions. > */ > -#if defined(OPENSSL_NO_DEPRECATED) > -# define DECLARE_DEPRECATED(f) > -#elif __GNUC__ > 3 || (__GNUC__ =3D=3D 3 && __GNUC_MINOR__ > 0) > -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > -#else > -# define DECLARE_DEPRECATED(f) f; > +#ifndef DECLARE_DEPRECATED > +# if defined(OPENSSL_NO_DEPRECATED) > +# define DECLARE_DEPRECATED(f) > +# else > +# define DECLARE_DEPRECATED(f) f; > +# ifdef __GNUC__ > +# if __GNUC__ > 3 || (__GNUC__ =3D=3D 3 && __GNUC_MINOR__ > 0) > +# undef DECLARE_DEPRECATED > +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > +# endif > +# endif > +# endif > #endif >=20 > #ifndef OPENSSL_FILE > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index 0300856cf2..6162d29143 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -175,6 +175,7 @@ > $(OPENSSL_PATH)/crypto/conf/conf_mall.c > $(OPENSSL_PATH)/crypto/conf/conf_mod.c > $(OPENSSL_PATH)/crypto/conf/conf_sap.c > + $(OPENSSL_PATH)/crypto/conf/conf_ssl.c > $(OPENSSL_PATH)/crypto/cpt_err.c > $(OPENSSL_PATH)/crypto/cryptlib.c > $(OPENSSL_PATH)/crypto/cversion.c > @@ -281,6 +282,7 @@ > $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c > $(OPENSSL_PATH)/crypto/evp/scrypt.c > $(OPENSSL_PATH)/crypto/ex_data.c > + $(OPENSSL_PATH)/crypto/getenv.c > $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c > $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c > $(OPENSSL_PATH)/crypto/hmac/hmac.c > @@ -418,6 +420,7 @@ > $(OPENSSL_PATH)/crypto/x509/x509_err.c > $(OPENSSL_PATH)/crypto/x509/x509_ext.c > $(OPENSSL_PATH)/crypto/x509/x509_lu.c > + $(OPENSSL_PATH)/crypto/x509/x509_meth.c > $(OPENSSL_PATH)/crypto/x509/x509_obj.c > $(OPENSSL_PATH)/crypto/x509/x509_r2x.c > $(OPENSSL_PATH)/crypto/x509/x509_req.c > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index 23be4e1e14..b04bf62b4e 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -175,6 +175,7 @@ > $(OPENSSL_PATH)/crypto/conf/conf_mall.c > $(OPENSSL_PATH)/crypto/conf/conf_mod.c > $(OPENSSL_PATH)/crypto/conf/conf_sap.c > + $(OPENSSL_PATH)/crypto/conf/conf_ssl.c > $(OPENSSL_PATH)/crypto/cpt_err.c > $(OPENSSL_PATH)/crypto/cryptlib.c > $(OPENSSL_PATH)/crypto/cversion.c > @@ -281,6 +282,7 @@ > $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c > $(OPENSSL_PATH)/crypto/evp/scrypt.c > $(OPENSSL_PATH)/crypto/ex_data.c > + $(OPENSSL_PATH)/crypto/getenv.c > $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c > $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c > $(OPENSSL_PATH)/crypto/hmac/hmac.c > @@ -418,6 +420,7 @@ > $(OPENSSL_PATH)/crypto/x509/x509_err.c > $(OPENSSL_PATH)/crypto/x509/x509_ext.c > $(OPENSSL_PATH)/crypto/x509/x509_lu.c > + $(OPENSSL_PATH)/crypto/x509/x509_meth.c > $(OPENSSL_PATH)/crypto/x509/x509_obj.c > $(OPENSSL_PATH)/crypto/x509/x509_r2x.c > $(OPENSSL_PATH)/crypto/x509/x509_req.c > diff --git a/CryptoPkg/Library/OpensslLib/openssl > b/CryptoPkg/Library/OpensslLib/openssl > index d4e4bd2a81..74f2d9c1ec 160000 > --- a/CryptoPkg/Library/OpensslLib/openssl > +++ b/CryptoPkg/Library/OpensslLib/openssl > @@ -1 +1 @@ > -Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 > +Subproject commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762 > diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl > b/CryptoPkg/Library/OpensslLib/process_files.pl > old mode 100644 > new mode 100755 > -- > 2.17.1 >=20 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel