[edk2] [PATCH] Upgrade OpenSSL to 1.1.0j

Wei, Gang gang.wei at intel.com
Tue Dec 18 19:17:54 PST 2018


Reviewed-by: Gang Wei <gang.wei at intel.com>

> -----Original Message-----
> From: Wang, Jian J
> Sent: Wednesday, December 19, 2018 11:03 AM
> To: edk2-devel at lists.01.org
> Cc: Ye, Ting <ting.ye at intel.com>; Wei, Gang <gang.wei at intel.com>
> Subject: [PATCH] Upgrade OpenSSL to 1.1.0j
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1393
> 
> BZ#1089 (https://bugzilla.tianocore.org/show_bug.cgi?id=1089) requests
> to upgrade the OpenSSL to the latest 1.1.1 release. Since OpenSSL-1.1.1
> has many changes, more porting efforts and feature evaluation are needed.
> This might lead to a situation that it cannot catch the Q1'19 stable tag.
> 
> One of the solution is upgrade current version (1.1.0h) to 1.1.0j.
> According to following web page in openssl.org, all security issues
> solved in 1.1.1 have been also back-ported to 1.1.0.j. This can make
> sure that no security vulnerabilities left in edk2 master before 1.1.1.
> 
> https://www.openssl.org/news/vulnerabilities-1.1.1.html
> 
> Cc: Ting Ye <ting.ye at intel.com>
> Cc: Gang Wei <gang.wei at intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <jian.j.wang at intel.com>
> ---
>  CryptoPkg/CryptoPkg.dsc                       |  1 +
>  .../Library/Include/openssl/opensslconf.h     | 20 ++++++++++++-------
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf   |  3 +++
>  .../Library/OpensslLib/OpensslLibCrypto.inf   |  3 +++
>  CryptoPkg/Library/OpensslLib/openssl          |  2 +-
>  CryptoPkg/Library/OpensslLib/process_files.pl |  0
>  6 files changed, 21 insertions(+), 8 deletions(-)
>  mode change 100644 => 100755
> CryptoPkg/Library/OpensslLib/process_files.pl
> 
> diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
> index a0334d628b..321abe4d4c 100644
> --- a/CryptoPkg/CryptoPkg.dsc
> +++ b/CryptoPkg/CryptoPkg.dsc
> @@ -121,6 +121,7 @@
>    CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
>    CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
>    CryptoPkg/Library/TlsLib/TlsLib.inf
> +  CryptoPkg/Library/OpensslLib/OpensslLib.inf
> 
>  [Components.IA32, Components.X64]
>    CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 1917d7ab24..28dd9ab93c 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -2,7 +2,7 @@
>   * WARNING: do not edit!
>   * Generated from include/openssl/opensslconf.h.in
>   *
> - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
> + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
>   *
>   * Licensed under the OpenSSL license (the "License").  You may not use
>   * this file except in compliance with the License.  You can obtain a copy
> @@ -235,12 +235,18 @@ extern "C" {
>   * still won't see them if the library has been built to disable deprecated
>   * functions.
>   */
> -#if defined(OPENSSL_NO_DEPRECATED)
> -# define DECLARE_DEPRECATED(f)
> -#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> -# define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> -#else
> -# define DECLARE_DEPRECATED(f)   f;
> +#ifndef DECLARE_DEPRECATED
> +# if defined(OPENSSL_NO_DEPRECATED)
> +#  define DECLARE_DEPRECATED(f)
> +# else
> +#  define DECLARE_DEPRECATED(f)   f;
> +#  ifdef __GNUC__
> +#   if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> +#    undef DECLARE_DEPRECATED
> +#    define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> +#   endif
> +#  endif
> +# endif
>  #endif
> 
>  #ifndef OPENSSL_FILE
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> index 0300856cf2..6162d29143 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> @@ -175,6 +175,7 @@
>    $(OPENSSL_PATH)/crypto/conf/conf_mall.c
>    $(OPENSSL_PATH)/crypto/conf/conf_mod.c
>    $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> +  $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
>    $(OPENSSL_PATH)/crypto/cpt_err.c
>    $(OPENSSL_PATH)/crypto/cryptlib.c
>    $(OPENSSL_PATH)/crypto/cversion.c
> @@ -281,6 +282,7 @@
>    $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
>    $(OPENSSL_PATH)/crypto/evp/scrypt.c
>    $(OPENSSL_PATH)/crypto/ex_data.c
> +  $(OPENSSL_PATH)/crypto/getenv.c
>    $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
>    $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
>    $(OPENSSL_PATH)/crypto/hmac/hmac.c
> @@ -418,6 +420,7 @@
>    $(OPENSSL_PATH)/crypto/x509/x509_err.c
>    $(OPENSSL_PATH)/crypto/x509/x509_ext.c
>    $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> +  $(OPENSSL_PATH)/crypto/x509/x509_meth.c
>    $(OPENSSL_PATH)/crypto/x509/x509_obj.c
>    $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
>    $(OPENSSL_PATH)/crypto/x509/x509_req.c
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> index 23be4e1e14..b04bf62b4e 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> @@ -175,6 +175,7 @@
>    $(OPENSSL_PATH)/crypto/conf/conf_mall.c
>    $(OPENSSL_PATH)/crypto/conf/conf_mod.c
>    $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> +  $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
>    $(OPENSSL_PATH)/crypto/cpt_err.c
>    $(OPENSSL_PATH)/crypto/cryptlib.c
>    $(OPENSSL_PATH)/crypto/cversion.c
> @@ -281,6 +282,7 @@
>    $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
>    $(OPENSSL_PATH)/crypto/evp/scrypt.c
>    $(OPENSSL_PATH)/crypto/ex_data.c
> +  $(OPENSSL_PATH)/crypto/getenv.c
>    $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
>    $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
>    $(OPENSSL_PATH)/crypto/hmac/hmac.c
> @@ -418,6 +420,7 @@
>    $(OPENSSL_PATH)/crypto/x509/x509_err.c
>    $(OPENSSL_PATH)/crypto/x509/x509_ext.c
>    $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> +  $(OPENSSL_PATH)/crypto/x509/x509_meth.c
>    $(OPENSSL_PATH)/crypto/x509/x509_obj.c
>    $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
>    $(OPENSSL_PATH)/crypto/x509/x509_req.c
> diff --git a/CryptoPkg/Library/OpensslLib/openssl
> b/CryptoPkg/Library/OpensslLib/openssl
> index d4e4bd2a81..74f2d9c1ec 160000
> --- a/CryptoPkg/Library/OpensslLib/openssl
> +++ b/CryptoPkg/Library/OpensslLib/openssl
> @@ -1 +1 @@
> -Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7
> +Subproject commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762
> diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl
> b/CryptoPkg/Library/OpensslLib/process_files.pl
> old mode 100644
> new mode 100755
> --
> 2.17.1



More information about the edk2-devel mailing list