[edk2-devel] [PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j

Liu, WeiX C posted 1 patch 3 years ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/edk2 tags/patchew/20210318055117.2059-1-weix.c.liu@intel.com
CryptoPkg/Library/Include/openssl/opensslconf.h | 7 ++++++-
CryptoPkg/Library/OpensslLib/openssl            | 2 +-
2 files changed, 7 insertions(+), 2 deletions(-)
[edk2-devel] [PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j
Posted by Liu, WeiX C 3 years ago
From: Liu Wei <weix.c.liu@intel.com>

Update openssl from 1.1.1g to 1.1.1j. Current OpenSSL version
1.1.1g contains the vulnerabilities of CVE-2021-23841 and
CVE-2021-23840. The related vulnerable API EVP_DecryptUpdate
are used in drivers.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3266

Besides, the opensslconf.h automatically generated in UNIX
format by process_files.pl.

Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Liu Wei <weix.c.liu@intel.com>
---
 CryptoPkg/Library/Include/openssl/opensslconf.h | 7 ++++++-
 CryptoPkg/Library/OpensslLib/openssl            | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 3a2544e..f9a73e9 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated from include/openssl/opensslconf.h.in
  *
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -268,6 +268,11 @@ extern "C" {
 #   undef DECLARE_DEPRECATED
 #   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
 #  endif
+# elif defined(__SUNPRO_C)
+#  if (__SUNPRO_C >= 0x5130)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
 # endif
 #endif
 
diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl
index e2e09d9..52c587d 160000
--- a/CryptoPkg/Library/OpensslLib/openssl
+++ b/CryptoPkg/Library/OpensslLib/openssl
@@ -1 +1 @@
-Subproject commit e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72
+Subproject commit 52c587d60be67c337364b830dd3fdc15404a2f04
-- 
2.7.4



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#73005): https://edk2.groups.io/g/devel/message/73005
Mute This Topic: https://groups.io/mt/81423270/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-


Re: [edk2-devel] [PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j
Posted by Wang, Jian J 3 years ago
Hi Liu Wei,

Thanks for upgrading the openssl lib. Please fix the line ending issue. It's required
by edk2 coding style that the line ending must Windows style.


Regards,
Jian

> -----Original Message-----
> From: Liu, WeiX C <weix.c.liu@intel.com>
> Sent: Thursday, March 18, 2021 1:51 PM
> To: devel@edk2.groups.io
> Cc: Liu, WeiX C <weix.c.liu@intel.com>; Wang, Jian J <jian.j.wang@intel.com>
> Subject: [PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j
> 
> From: Liu Wei <weix.c.liu@intel.com>
> 
> Update openssl from 1.1.1g to 1.1.1j. Current OpenSSL version
> 1.1.1g contains the vulnerabilities of CVE-2021-23841 and
> CVE-2021-23840. The related vulnerable API EVP_DecryptUpdate
> are used in drivers.
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3266
> 
> Besides, the opensslconf.h automatically generated in UNIX
> format by process_files.pl.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Signed-off-by: Liu Wei <weix.c.liu@intel.com>
> ---
>  CryptoPkg/Library/Include/openssl/opensslconf.h | 7 ++++++-
>  CryptoPkg/Library/OpensslLib/openssl            | 2 +-
>  2 files changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 3a2544e..f9a73e9 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -2,7 +2,7 @@
>   * WARNING: do not edit!
> 
>   * Generated from include/openssl/opensslconf.h.in
> 
>   *
> 
> - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
> 
> + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
> 
>   *
> 
>   * Licensed under the OpenSSL license (the "License").  You may not use
> 
>   * this file except in compliance with the License.  You can obtain a copy
> 
> @@ -268,6 +268,11 @@ extern "C" {
>  #   undef DECLARE_DEPRECATED
> 
>  #   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> 
>  #  endif
> 
> +# elif defined(__SUNPRO_C)
> 
> +#  if (__SUNPRO_C >= 0x5130)
> 
> +#   undef DECLARE_DEPRECATED
> 
> +#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> 
> +#  endif
> 
>  # endif
> 
>  #endif
> 
> 
> 
> diff --git a/CryptoPkg/Library/OpensslLib/openssl
> b/CryptoPkg/Library/OpensslLib/openssl
> index e2e09d9..52c587d 160000
> --- a/CryptoPkg/Library/OpensslLib/openssl
> +++ b/CryptoPkg/Library/OpensslLib/openssl
> @@ -1 +1 @@
> -Subproject commit e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72
> +Subproject commit 52c587d60be67c337364b830dd3fdc15404a2f04
> --
> 2.7.4



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#73006): https://edk2.groups.io/g/devel/message/73006
Mute This Topic: https://groups.io/mt/81423270/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-


Re: [edk2-devel] [PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j
Posted by Liu, WeiX C 3 years ago
Hi Wang Jian,

The format is caused by git, the original patch file has no EOL issue.

Thanks & BRs,
LIUWEI 

-----Original Message-----
From: Wang, Jian J <jian.j.wang@intel.com> 
Sent: 2021年3月18日 14:24
To: Liu, WeiX C <weix.c.liu@intel.com>; devel@edk2.groups.io
Subject: RE: [PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j

Hi Liu Wei,

Thanks for upgrading the openssl lib. Please fix the line ending issue. It's required by edk2 coding style that the line ending must Windows style.


Regards,
Jian

> -----Original Message-----
> From: Liu, WeiX C <weix.c.liu@intel.com>
> Sent: Thursday, March 18, 2021 1:51 PM
> To: devel@edk2.groups.io
> Cc: Liu, WeiX C <weix.c.liu@intel.com>; Wang, Jian J 
> <jian.j.wang@intel.com>
> Subject: [PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j
> 
> From: Liu Wei <weix.c.liu@intel.com>
> 
> Update openssl from 1.1.1g to 1.1.1j. Current OpenSSL version 1.1.1g 
> contains the vulnerabilities of CVE-2021-23841 and CVE-2021-23840. The 
> related vulnerable API EVP_DecryptUpdate are used in drivers.
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3266
> 
> Besides, the opensslconf.h automatically generated in UNIX format by 
> process_files.pl.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Signed-off-by: Liu Wei <weix.c.liu@intel.com>
> ---
>  CryptoPkg/Library/Include/openssl/opensslconf.h | 7 ++++++-
>  CryptoPkg/Library/OpensslLib/openssl            | 2 +-
>  2 files changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 3a2544e..f9a73e9 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -2,7 +2,7 @@
>   * WARNING: do not edit!
> 
>   * Generated from include/openssl/opensslconf.h.in
> 
>   *
> 
> - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
> 
> + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
> 
>   *
> 
>   * Licensed under the OpenSSL license (the "License").  You may not 
> use
> 
>   * this file except in compliance with the License.  You can obtain a 
> copy
> 
> @@ -268,6 +268,11 @@ extern "C" {
>  #   undef DECLARE_DEPRECATED
> 
>  #   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> 
>  #  endif
> 
> +# elif defined(__SUNPRO_C)
> 
> +#  if (__SUNPRO_C >= 0x5130)
> 
> +#   undef DECLARE_DEPRECATED
> 
> +#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> 
> +#  endif
> 
>  # endif
> 
>  #endif
> 
> 
> 
> diff --git a/CryptoPkg/Library/OpensslLib/openssl
> b/CryptoPkg/Library/OpensslLib/openssl
> index e2e09d9..52c587d 160000
> --- a/CryptoPkg/Library/OpensslLib/openssl
> +++ b/CryptoPkg/Library/OpensslLib/openssl
> @@ -1 +1 @@
> -Subproject commit e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72
> +Subproject commit 52c587d60be67c337364b830dd3fdc15404a2f04
> --
> 2.7.4



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#73066): https://edk2.groups.io/g/devel/message/73066
Mute This Topic: https://groups.io/mt/81423270/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-


Re: [edk2-devel] [PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j
Posted by Wang, Jian J 3 years ago
Hi Wei,

I see. Please fix the git issue to avoid such issue to happen again.

Reviewed-by: Jian J Wang <jian.j.wang@intel.com>

Regards,
Jian

> -----Original Message-----
> From: Liu, WeiX C <weix.c.liu@intel.com>
> Sent: Monday, March 22, 2021 1:56 PM
> To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io
> Subject: RE: [PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j
> 
> Hi Wang Jian,
> 
> The format is caused by git, the original patch file has no EOL issue.
> 
> Thanks & BRs,
> LIUWEI
> 
> -----Original Message-----
> From: Wang, Jian J <jian.j.wang@intel.com>
> Sent: 2021年3月18日 14:24
> To: Liu, WeiX C <weix.c.liu@intel.com>; devel@edk2.groups.io
> Subject: RE: [PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j
> 
> Hi Liu Wei,
> 
> Thanks for upgrading the openssl lib. Please fix the line ending issue. It's required
> by edk2 coding style that the line ending must Windows style.
> 
> 
> Regards,
> Jian
> 
> > -----Original Message-----
> > From: Liu, WeiX C <weix.c.liu@intel.com>
> > Sent: Thursday, March 18, 2021 1:51 PM
> > To: devel@edk2.groups.io
> > Cc: Liu, WeiX C <weix.c.liu@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>
> > Subject: [PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j
> >
> > From: Liu Wei <weix.c.liu@intel.com>
> >
> > Update openssl from 1.1.1g to 1.1.1j. Current OpenSSL version 1.1.1g
> > contains the vulnerabilities of CVE-2021-23841 and CVE-2021-23840. The
> > related vulnerable API EVP_DecryptUpdate are used in drivers.
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3266
> >
> > Besides, the opensslconf.h automatically generated in UNIX format by
> > process_files.pl.
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Signed-off-by: Liu Wei <weix.c.liu@intel.com>
> > ---
> >  CryptoPkg/Library/Include/openssl/opensslconf.h | 7 ++++++-
> >  CryptoPkg/Library/OpensslLib/openssl            | 2 +-
> >  2 files changed, 7 insertions(+), 2 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> > b/CryptoPkg/Library/Include/openssl/opensslconf.h
> > index 3a2544e..f9a73e9 100644
> > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> > @@ -2,7 +2,7 @@
> >   * WARNING: do not edit!
> >
> >   * Generated from include/openssl/opensslconf.h.in
> >
> >   *
> >
> > - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
> >
> > + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
> >
> >   *
> >
> >   * Licensed under the OpenSSL license (the "License").  You may not
> > use
> >
> >   * this file except in compliance with the License.  You can obtain a
> > copy
> >
> > @@ -268,6 +268,11 @@ extern "C" {
> >  #   undef DECLARE_DEPRECATED
> >
> >  #   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> >
> >  #  endif
> >
> > +# elif defined(__SUNPRO_C)
> >
> > +#  if (__SUNPRO_C >= 0x5130)
> >
> > +#   undef DECLARE_DEPRECATED
> >
> > +#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
> >
> > +#  endif
> >
> >  # endif
> >
> >  #endif
> >
> >
> >
> > diff --git a/CryptoPkg/Library/OpensslLib/openssl
> > b/CryptoPkg/Library/OpensslLib/openssl
> > index e2e09d9..52c587d 160000
> > --- a/CryptoPkg/Library/OpensslLib/openssl
> > +++ b/CryptoPkg/Library/OpensslLib/openssl
> > @@ -1 +1 @@
> > -Subproject commit e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72
> > +Subproject commit 52c587d60be67c337364b830dd3fdc15404a2f04
> > --
> > 2.7.4



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#73068): https://edk2.groups.io/g/devel/message/73068
Mute This Topic: https://groups.io/mt/81423270/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-