Upgrade OpenSSL to 1.1.0j

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1393 BZ#1089 (https://bugzilla.tianocore.org/show_bug.cgi?id=1089) requests to upgrade the OpenSSL to the latest 1.1.1 release. Since OpenSSL-1.1.1 has many changes, more porting efforts and feature evaluation are needed. This might lead to a situation that it cannot catch the Q1'19 stable tag. One of the solution is upgrade current version (1.1.0h) to 1.1.0j. According to following web page in openssl.org, all security issues solved in 1.1.1 have been also back-ported to 1.1.0.j. This can make sure that no security vulnerabilities left in edk2 master before 1.1.1. https://www.openssl.org/news/vulnerabilities-1.1.1.html Cc: Ting Ye <ting.ye@intel.com> Cc: Gang Wei <gang.wei@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Gang Wei <gang.wei@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
2018-12-13 15:37:44 +08:00 · 2018-12-13 15:37:44 +08:00 · a18f784cfd
parent 7c4207e955
commit a18f784cfd
6 changed files with 21 additions and 8 deletions
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@ -121,6 +121,7 @@
  CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
  CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
  CryptoPkg/Library/TlsLib/TlsLib.inf
  CryptoPkg/Library/OpensslLib/OpensslLib.inf
 [Components.IA32, Components.X64]
  CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@ -2,7 +2,7 @@
 * WARNING: do not edit!
 * Generated from include/openssl/opensslconf.h.in
 *
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -235,12 +235,18 @@ extern "C" {
 * still won't see them if the library has been built to disable deprecated
 * functions.
 */
-#if defined(OPENSSL_NO_DEPRECATED)
+#ifndef DECLARE_DEPRECATED
 # if defined(OPENSSL_NO_DEPRECATED)
 #  define DECLARE_DEPRECATED(f)
-#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+# else
 # define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
 #else
 #  define DECLARE_DEPRECATED(f)   f;
 #  ifdef __GNUC__
 #   if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
 #    undef DECLARE_DEPRECATED
 #    define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
 #   endif
 #  endif
 # endif
 #endif
 #ifndef OPENSSL_FILE
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@ -175,6 +175,7 @@
  $(OPENSSL_PATH)/crypto/conf/conf_mall.c
  $(OPENSSL_PATH)/crypto/conf/conf_mod.c
  $(OPENSSL_PATH)/crypto/conf/conf_sap.c
  $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
  $(OPENSSL_PATH)/crypto/cpt_err.c
  $(OPENSSL_PATH)/crypto/cryptlib.c
  $(OPENSSL_PATH)/crypto/cversion.c
@ -281,6 +282,7 @@
  $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
  $(OPENSSL_PATH)/crypto/evp/scrypt.c
  $(OPENSSL_PATH)/crypto/ex_data.c
  $(OPENSSL_PATH)/crypto/getenv.c
  $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
  $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
  $(OPENSSL_PATH)/crypto/hmac/hmac.c
@ -418,6 +420,7 @@
  $(OPENSSL_PATH)/crypto/x509/x509_err.c
  $(OPENSSL_PATH)/crypto/x509/x509_ext.c
  $(OPENSSL_PATH)/crypto/x509/x509_lu.c
  $(OPENSSL_PATH)/crypto/x509/x509_meth.c
  $(OPENSSL_PATH)/crypto/x509/x509_obj.c
  $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
  $(OPENSSL_PATH)/crypto/x509/x509_req.c
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@ -175,6 +175,7 @@
  $(OPENSSL_PATH)/crypto/conf/conf_mall.c
  $(OPENSSL_PATH)/crypto/conf/conf_mod.c
  $(OPENSSL_PATH)/crypto/conf/conf_sap.c
  $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
  $(OPENSSL_PATH)/crypto/cpt_err.c
  $(OPENSSL_PATH)/crypto/cryptlib.c
  $(OPENSSL_PATH)/crypto/cversion.c
@ -281,6 +282,7 @@
  $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
  $(OPENSSL_PATH)/crypto/evp/scrypt.c
  $(OPENSSL_PATH)/crypto/ex_data.c
  $(OPENSSL_PATH)/crypto/getenv.c
  $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
  $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
  $(OPENSSL_PATH)/crypto/hmac/hmac.c
@ -418,6 +420,7 @@
  $(OPENSSL_PATH)/crypto/x509/x509_err.c
  $(OPENSSL_PATH)/crypto/x509/x509_ext.c
  $(OPENSSL_PATH)/crypto/x509/x509_lu.c
  $(OPENSSL_PATH)/crypto/x509/x509_meth.c
  $(OPENSSL_PATH)/crypto/x509/x509_obj.c
  $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
  $(OPENSSL_PATH)/crypto/x509/x509_req.c
--- a/CryptoPkg/Library/OpensslLib/openssl
+++ b/CryptoPkg/Library/OpensslLib/openssl
@ -1 +1 @@
-Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7
+Subproject commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
		`@ -1 +1 @@`
			`Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7`				`Subproject commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762`