Reviewed-by: Gang Wei <[email protected]> > -----Original Message----- > From: Wang, Jian J > Sent: Wednesday, December 19, 2018 11:03 AM > To: [email protected] > Cc: Ye, Ting <[email protected]>; Wei, Gang <[email protected]> > Subject: [PATCH] Upgrade OpenSSL to 1.1.0j > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1393 > > BZ#1089 (https://bugzilla.tianocore.org/show_bug.cgi?id=1089) requests > to upgrade the OpenSSL to the latest 1.1.1 release. Since OpenSSL-1.1.1 > has many changes, more porting efforts and feature evaluation are needed. > This might lead to a situation that it cannot catch the Q1'19 stable tag. > > One of the solution is upgrade current version (1.1.0h) to 1.1.0j. > According to following web page in openssl.org, all security issues > solved in 1.1.1 have been also back-ported to 1.1.0.j. This can make > sure that no security vulnerabilities left in edk2 master before 1.1.1. > > https://www.openssl.org/news/vulnerabilities-1.1.1.html > > Cc: Ting Ye <[email protected]> > Cc: Gang Wei <[email protected]> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Jian J Wang <[email protected]> > --- > CryptoPkg/CryptoPkg.dsc | 1 + > .../Library/Include/openssl/opensslconf.h | 20 ++++++++++++------- > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 +++ > .../Library/OpensslLib/OpensslLibCrypto.inf | 3 +++ > CryptoPkg/Library/OpensslLib/openssl | 2 +- > CryptoPkg/Library/OpensslLib/process_files.pl | 0 > 6 files changed, 21 insertions(+), 8 deletions(-) > mode change 100644 => 100755 > CryptoPkg/Library/OpensslLib/process_files.pl > > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > index a0334d628b..321abe4d4c 100644 > --- a/CryptoPkg/CryptoPkg.dsc > +++ b/CryptoPkg/CryptoPkg.dsc > @@ -121,6 +121,7 @@ > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > CryptoPkg/Library/TlsLib/TlsLib.inf > + CryptoPkg/Library/OpensslLib/OpensslLib.inf > > [Components.IA32, Components.X64] > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h > b/CryptoPkg/Library/Include/openssl/opensslconf.h > index 1917d7ab24..28dd9ab93c 100644 > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > @@ -2,7 +2,7 @@ > * WARNING: do not edit! > * Generated from include/openssl/opensslconf.h.in > * > - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. > + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. > * > * Licensed under the OpenSSL license (the "License"). You may not use > * this file except in compliance with the License. You can obtain a copy > @@ -235,12 +235,18 @@ extern "C" { > * still won't see them if the library has been built to disable deprecated > * functions. > */ > -#if defined(OPENSSL_NO_DEPRECATED) > -# define DECLARE_DEPRECATED(f) > -#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) > -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > -#else > -# define DECLARE_DEPRECATED(f) f; > +#ifndef DECLARE_DEPRECATED > +# if defined(OPENSSL_NO_DEPRECATED) > +# define DECLARE_DEPRECATED(f) > +# else > +# define DECLARE_DEPRECATED(f) f; > +# ifdef __GNUC__ > +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) > +# undef DECLARE_DEPRECATED > +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > +# endif > +# endif > +# endif > #endif > > #ifndef OPENSSL_FILE > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index 0300856cf2..6162d29143 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -175,6 +175,7 @@ > $(OPENSSL_PATH)/crypto/conf/conf_mall.c > $(OPENSSL_PATH)/crypto/conf/conf_mod.c > $(OPENSSL_PATH)/crypto/conf/conf_sap.c > + $(OPENSSL_PATH)/crypto/conf/conf_ssl.c > $(OPENSSL_PATH)/crypto/cpt_err.c > $(OPENSSL_PATH)/crypto/cryptlib.c > $(OPENSSL_PATH)/crypto/cversion.c > @@ -281,6 +282,7 @@ > $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c > $(OPENSSL_PATH)/crypto/evp/scrypt.c > $(OPENSSL_PATH)/crypto/ex_data.c > + $(OPENSSL_PATH)/crypto/getenv.c > $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c > $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c > $(OPENSSL_PATH)/crypto/hmac/hmac.c > @@ -418,6 +420,7 @@ > $(OPENSSL_PATH)/crypto/x509/x509_err.c > $(OPENSSL_PATH)/crypto/x509/x509_ext.c > $(OPENSSL_PATH)/crypto/x509/x509_lu.c > + $(OPENSSL_PATH)/crypto/x509/x509_meth.c > $(OPENSSL_PATH)/crypto/x509/x509_obj.c > $(OPENSSL_PATH)/crypto/x509/x509_r2x.c > $(OPENSSL_PATH)/crypto/x509/x509_req.c > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index 23be4e1e14..b04bf62b4e 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -175,6 +175,7 @@ > $(OPENSSL_PATH)/crypto/conf/conf_mall.c > $(OPENSSL_PATH)/crypto/conf/conf_mod.c > $(OPENSSL_PATH)/crypto/conf/conf_sap.c > + $(OPENSSL_PATH)/crypto/conf/conf_ssl.c > $(OPENSSL_PATH)/crypto/cpt_err.c > $(OPENSSL_PATH)/crypto/cryptlib.c > $(OPENSSL_PATH)/crypto/cversion.c > @@ -281,6 +282,7 @@ > $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c > $(OPENSSL_PATH)/crypto/evp/scrypt.c > $(OPENSSL_PATH)/crypto/ex_data.c > + $(OPENSSL_PATH)/crypto/getenv.c > $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c > $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c > $(OPENSSL_PATH)/crypto/hmac/hmac.c > @@ -418,6 +420,7 @@ > $(OPENSSL_PATH)/crypto/x509/x509_err.c > $(OPENSSL_PATH)/crypto/x509/x509_ext.c > $(OPENSSL_PATH)/crypto/x509/x509_lu.c > + $(OPENSSL_PATH)/crypto/x509/x509_meth.c > $(OPENSSL_PATH)/crypto/x509/x509_obj.c > $(OPENSSL_PATH)/crypto/x509/x509_r2x.c > $(OPENSSL_PATH)/crypto/x509/x509_req.c > diff --git a/CryptoPkg/Library/OpensslLib/openssl > b/CryptoPkg/Library/OpensslLib/openssl > index d4e4bd2a81..74f2d9c1ec 160000 > --- a/CryptoPkg/Library/OpensslLib/openssl > +++ b/CryptoPkg/Library/OpensslLib/openssl > @@ -1 +1 @@ > -Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 > +Subproject commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762 > diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl > b/CryptoPkg/Library/OpensslLib/process_files.pl > old mode 100644 > new mode 100755 > -- > 2.17.1
_______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
