CryptoPkg: Upgrade OpenSSL to 1.1.1b

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089

* Update OpenSSL submodule to OpenSSL_1_1_1b
   OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687)

* Run process_files.pl script to regenerate OpensslLib[Crypto].inf
  and opensslconf.h

* Remove -DNO_SYSLOG from OPENSSL_FLAGS in OpensslLib[Crypto].inf,
  due to upstream OpenSSL commit cff55b90e95e("Cleaning UEFI
  Build with additional OPENSSL_SYS_UEFI flags", 2017-03-29),
  which was first released as part of OpenSSL_1_1_1.

* Starting with OpenSSL commit 8a8d9e1905(first release in
  OpenSSL_1_1_1), the OpenSSL_version() function can no longer
  return a pointer to the string literal "compiler: information
  not available", in the case CFLAGS macro is not defined.
  Instead, the function now has a hard dependency on the global
  variable 'compiler_flags'. This variable is normally placed
  by "util/mkbuildinf.pl" into "buildinf.h". In edk2 we don't
  run that script whenever we build OpenSSL, therefore we
  must provide our own dummy 'compiler_flags'.

* BUFSIZ is used by crypto/evp/evp_key.c(OpenSSL_1_1_1b)
  And it is declared in stdio.h. So add it to CrtLibSupport.h.
  Here's a discussion about this.
  Ref: https://github.com/openssl/openssl/issues/8904

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>

6 files changed, 149 insertions, 31 deletions

diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
index b05c5d908c..5806f50f74 100644
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
@@ -2,7 +2,7 @@
   Root include file of C runtime library to support building the third-party

   cryptographic library.

 

-Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>

+Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>

 SPDX-License-Identifier: BSD-2-Clause-Patent

 

 **/

@@ -21,6 +21,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define MAX_STRING_SIZE  0x1000

 

 //

+// We already have "no-ui" in out Configure invocation.

+// but the code still fails to compile.

+// Ref:  https://github.com/openssl/openssl/issues/8904

+//

+// This is defined in CRT library(stdio.h).

+//

+#ifndef BUFSIZ

+#define BUFSIZ  8192

+#endif

+

+//

 // OpenSSL relies on explicit configuration for word size in crypto/bn,

 // but we want it to be automatically inferred from the target. So we

 // bypass what's in <openssl/opensslconf.h> for OPENSSL_SYS_UEFI, and

diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 28dd9ab93c..9ce99705d8 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -10,6 +10,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/opensslv.h>

+

 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -77,18 +79,21 @@ extern "C" {
 #ifndef OPENSSL_NO_SEED
 # define OPENSSL_NO_SEED
 #endif
+#ifndef OPENSSL_NO_SM2

+# define OPENSSL_NO_SM2

+#endif

 #ifndef OPENSSL_NO_SRP
 # define OPENSSL_NO_SRP
 #endif
 #ifndef OPENSSL_NO_TS
 # define OPENSSL_NO_TS
 #endif
-#ifndef OPENSSL_NO_UI
-# define OPENSSL_NO_UI
-#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
+#ifndef OPENSSL_RAND_SEED_NONE

+# define OPENSSL_RAND_SEED_NONE

+#endif

 #ifndef OPENSSL_NO_AFALGENG
 # define OPENSSL_NO_AFALGENG
 #endif
@@ -122,6 +127,9 @@ extern "C" {
 #ifndef OPENSSL_NO_DEPRECATED
 # define OPENSSL_NO_DEPRECATED
 #endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG

+# define OPENSSL_NO_DEVCRYPTOENG

+#endif

 #ifndef OPENSSL_NO_DGRAM
 # define OPENSSL_NO_DGRAM
 #endif
@@ -155,6 +163,9 @@ extern "C" {
 #ifndef OPENSSL_NO_ERR
 # define OPENSSL_NO_ERR
 #endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS

+# define OPENSSL_NO_EXTERNAL_TESTS

+#endif

 #ifndef OPENSSL_NO_FILENAMES
 # define OPENSSL_NO_FILENAMES
 #endif
@@ -209,15 +220,24 @@ extern "C" {
 #ifndef OPENSSL_NO_TESTS
 # define OPENSSL_NO_TESTS
 #endif
+#ifndef OPENSSL_NO_TLS1_3

+# define OPENSSL_NO_TLS1_3

+#endif

 #ifndef OPENSSL_NO_UBSAN
 # define OPENSSL_NO_UBSAN
 #endif
+#ifndef OPENSSL_NO_UI_CONSOLE

+# define OPENSSL_NO_UI_CONSOLE

+#endif

 #ifndef OPENSSL_NO_UNIT_TEST
 # define OPENSSL_NO_UNIT_TEST
 #endif
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 # define OPENSSL_NO_WEAK_SSL_CIPHERS
 #endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE

+# define OPENSSL_NO_DYNAMIC_ENGINE

+#endif

 #ifndef OPENSSL_NO_AFALGENG
 # define OPENSSL_NO_AFALGENG
 #endif
@@ -236,15 +256,11 @@ extern "C" {
  * functions.
  */
 #ifndef DECLARE_DEPRECATED
-# if defined(OPENSSL_NO_DEPRECATED)
-#  define DECLARE_DEPRECATED(f)
-# else
-#  define DECLARE_DEPRECATED(f)   f;
-#  ifdef __GNUC__
-#   if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
-#    undef DECLARE_DEPRECATED
-#    define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
-#   endif
+# define DECLARE_DEPRECATED(f)   f;

+# ifdef __GNUC__

+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)

+#   undef DECLARE_DEPRECATED

+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));

 #  endif
 # endif
 #endif
@@ -268,6 +284,18 @@ extern "C" {
 # define OPENSSL_API_COMPAT OPENSSL_MIN_API
 #endif
 
+/*

+ * Do not deprecate things to be deprecated in version 1.2.0 before the

+ * OpenSSL version number matches.

+ */

+#if OPENSSL_VERSION_NUMBER < 0x10200000L

+# define DEPRECATEDIN_1_2_0(f)   f;

+#elif OPENSSL_API_COMPAT < 0x10200000L

+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)

+#else

+# define DEPRECATEDIN_1_2_0(f)

+#endif

+

 #if OPENSSL_API_COMPAT < 0x10100000L
 # define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
 #else
@@ -286,8 +314,6 @@ extern "C" {
 # define DEPRECATEDIN_0_9_8(f)
 #endif
 
-
-
 /* Generate 80386 code? */
 #undef I386_ONLY
 
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index ce04d44155..3974951802 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -1,7 +1,7 @@
 ## @file

 #  This module provides OpenSSL Library implementation.

 #

-#  Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>

+#  Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>

 #  SPDX-License-Identifier: BSD-2-Clause-Patent

 #

 ##

@@ -15,7 +15,7 @@
   VERSION_STRING                 = 1.0

   LIBRARY_CLASS                  = OpensslLib

   DEFINE OPENSSL_PATH            = openssl

-  DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DNO_SYSLOG

+  DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE

 

 #

 #  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64

@@ -32,6 +32,7 @@
   $(OPENSSL_PATH)/crypto/aes/aes_misc.c

   $(OPENSSL_PATH)/crypto/aes/aes_ofb.c

   $(OPENSSL_PATH)/crypto/aes/aes_wrap.c

+  $(OPENSSL_PATH)/crypto/aria/aria.c

   $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c

   $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c

   $(OPENSSL_PATH)/crypto/asn1/a_digest.c

@@ -54,6 +55,7 @@
   $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c

   $(OPENSSL_PATH)/crypto/asn1/asn1_err.c

   $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c

+  $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c

   $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c

   $(OPENSSL_PATH)/crypto/asn1/asn1_par.c

   $(OPENSSL_PATH)/crypto/asn1/asn_mime.c

@@ -172,6 +174,7 @@
   $(OPENSSL_PATH)/crypto/conf/conf_ssl.c

   $(OPENSSL_PATH)/crypto/cpt_err.c

   $(OPENSSL_PATH)/crypto/cryptlib.c

+  $(OPENSSL_PATH)/crypto/ctype.c

   $(OPENSSL_PATH)/crypto/cversion.c

   $(OPENSSL_PATH)/crypto/des/cbc_cksm.c

   $(OPENSSL_PATH)/crypto/des/cbc_enc.c

@@ -189,7 +192,6 @@
   $(OPENSSL_PATH)/crypto/des/pcbc_enc.c

   $(OPENSSL_PATH)/crypto/des/qud_cksm.c

   $(OPENSSL_PATH)/crypto/des/rand_key.c

-  $(OPENSSL_PATH)/crypto/des/rpc_enc.c

   $(OPENSSL_PATH)/crypto/des/set_key.c

   $(OPENSSL_PATH)/crypto/des/str2key.c

   $(OPENSSL_PATH)/crypto/des/xcbc_enc.c

@@ -206,6 +208,7 @@
   $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c

   $(OPENSSL_PATH)/crypto/dh/dh_prn.c

   $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c

+  $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c

   $(OPENSSL_PATH)/crypto/dso/dso_dl.c

   $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c

   $(OPENSSL_PATH)/crypto/dso/dso_err.c

@@ -228,6 +231,7 @@
   $(OPENSSL_PATH)/crypto/evp/e_aes.c

   $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c

   $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c

+  $(OPENSSL_PATH)/crypto/evp/e_aria.c

   $(OPENSSL_PATH)/crypto/evp/e_bf.c

   $(OPENSSL_PATH)/crypto/evp/e_camellia.c

   $(OPENSSL_PATH)/crypto/evp/e_cast.c

@@ -242,6 +246,7 @@
   $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c

   $(OPENSSL_PATH)/crypto/evp/e_rc5.c

   $(OPENSSL_PATH)/crypto/evp/e_seed.c

+  $(OPENSSL_PATH)/crypto/evp/e_sm4.c

   $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c

   $(OPENSSL_PATH)/crypto/evp/encode.c

   $(OPENSSL_PATH)/crypto/evp/evp_cnf.c

@@ -259,6 +264,7 @@
   $(OPENSSL_PATH)/crypto/evp/m_null.c

   $(OPENSSL_PATH)/crypto/evp/m_ripemd.c

   $(OPENSSL_PATH)/crypto/evp/m_sha1.c

+  $(OPENSSL_PATH)/crypto/evp/m_sha3.c

   $(OPENSSL_PATH)/crypto/evp/m_sigver.c

   $(OPENSSL_PATH)/crypto/evp/m_wp.c

   $(OPENSSL_PATH)/crypto/evp/names.c

@@ -271,10 +277,10 @@
   $(OPENSSL_PATH)/crypto/evp/p_seal.c

   $(OPENSSL_PATH)/crypto/evp/p_sign.c

   $(OPENSSL_PATH)/crypto/evp/p_verify.c

+  $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c

   $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c

   $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c

   $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c

-  $(OPENSSL_PATH)/crypto/evp/scrypt.c

   $(OPENSSL_PATH)/crypto/ex_data.c

   $(OPENSSL_PATH)/crypto/getenv.c

   $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c

@@ -283,6 +289,7 @@
   $(OPENSSL_PATH)/crypto/init.c

   $(OPENSSL_PATH)/crypto/kdf/hkdf.c

   $(OPENSSL_PATH)/crypto/kdf/kdf_err.c

+  $(OPENSSL_PATH)/crypto/kdf/scrypt.c

   $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c

   $(OPENSSL_PATH)/crypto/lhash/lh_stats.c

   $(OPENSSL_PATH)/crypto/lhash/lhash.c

@@ -360,14 +367,14 @@
   $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c

   $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c

   $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c

-  $(OPENSSL_PATH)/crypto/rand/md_rand.c

+  $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c

+  $(OPENSSL_PATH)/crypto/rand/drbg_lib.c

   $(OPENSSL_PATH)/crypto/rand/rand_egd.c

   $(OPENSSL_PATH)/crypto/rand/rand_err.c

   $(OPENSSL_PATH)/crypto/rand/rand_lib.c

   $(OPENSSL_PATH)/crypto/rand/rand_unix.c

   $(OPENSSL_PATH)/crypto/rand/rand_vms.c

   $(OPENSSL_PATH)/crypto/rand/rand_win.c

-  $(OPENSSL_PATH)/crypto/rand/randfile.c

   $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c

   $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c

@@ -379,8 +386,8 @@
   $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c

+  $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_none.c

-  $(OPENSSL_PATH)/crypto/rsa/rsa_null.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c

@@ -392,15 +399,27 @@
   $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c

+  $(OPENSSL_PATH)/crypto/sha/keccak1600.c

   $(OPENSSL_PATH)/crypto/sha/sha1_one.c

   $(OPENSSL_PATH)/crypto/sha/sha1dgst.c

   $(OPENSSL_PATH)/crypto/sha/sha256.c

   $(OPENSSL_PATH)/crypto/sha/sha512.c

+  $(OPENSSL_PATH)/crypto/siphash/siphash.c

+  $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c

+  $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c

+  $(OPENSSL_PATH)/crypto/sm3/m_sm3.c

+  $(OPENSSL_PATH)/crypto/sm3/sm3.c

+  $(OPENSSL_PATH)/crypto/sm4/sm4.c

   $(OPENSSL_PATH)/crypto/stack/stack.c

   $(OPENSSL_PATH)/crypto/threads_none.c

   $(OPENSSL_PATH)/crypto/threads_pthread.c

   $(OPENSSL_PATH)/crypto/threads_win.c

   $(OPENSSL_PATH)/crypto/txt_db/txt_db.c

+  $(OPENSSL_PATH)/crypto/ui/ui_err.c

+  $(OPENSSL_PATH)/crypto/ui/ui_lib.c

+  $(OPENSSL_PATH)/crypto/ui/ui_null.c

+  $(OPENSSL_PATH)/crypto/ui/ui_openssl.c

+  $(OPENSSL_PATH)/crypto/ui/ui_util.c

   $(OPENSSL_PATH)/crypto/uid.c

   $(OPENSSL_PATH)/crypto/x509/by_dir.c

   $(OPENSSL_PATH)/crypto/x509/by_file.c

@@ -445,6 +464,7 @@
   $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c

   $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c

   $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c

+  $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c

   $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c

   $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c

   $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c

@@ -479,12 +499,14 @@
   $(OPENSSL_PATH)/ssl/d1_msg.c

   $(OPENSSL_PATH)/ssl/d1_srtp.c

   $(OPENSSL_PATH)/ssl/methods.c

+  $(OPENSSL_PATH)/ssl/packet.c

   $(OPENSSL_PATH)/ssl/pqueue.c

   $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c

   $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c

   $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c

   $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c

   $(OPENSSL_PATH)/ssl/record/ssl3_record.c

+  $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c

   $(OPENSSL_PATH)/ssl/s3_cbc.c

   $(OPENSSL_PATH)/ssl/s3_enc.c

   $(OPENSSL_PATH)/ssl/s3_lib.c

@@ -502,25 +524,45 @@
   $(OPENSSL_PATH)/ssl/ssl_stat.c

   $(OPENSSL_PATH)/ssl/ssl_txt.c

   $(OPENSSL_PATH)/ssl/ssl_utst.c

+  $(OPENSSL_PATH)/ssl/statem/extensions.c

+  $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c

+  $(OPENSSL_PATH)/ssl/statem/extensions_cust.c

+  $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c

   $(OPENSSL_PATH)/ssl/statem/statem.c

   $(OPENSSL_PATH)/ssl/statem/statem_clnt.c

   $(OPENSSL_PATH)/ssl/statem/statem_dtls.c

   $(OPENSSL_PATH)/ssl/statem/statem_lib.c

   $(OPENSSL_PATH)/ssl/statem/statem_srvr.c

   $(OPENSSL_PATH)/ssl/t1_enc.c

-  $(OPENSSL_PATH)/ssl/t1_ext.c

   $(OPENSSL_PATH)/ssl/t1_lib.c

-  $(OPENSSL_PATH)/ssl/t1_reneg.c

   $(OPENSSL_PATH)/ssl/t1_trce.c

+  $(OPENSSL_PATH)/ssl/tls13_enc.c

   $(OPENSSL_PATH)/ssl/tls_srp.c

 # Autogenerated files list ends here

 

+  ossl_store.c

+  rand_pool.c

+

+[Sources.Ia32]

+  rand_pool_noise_tsc.c

+

+[Sources.X64]

+  rand_pool_noise_tsc.c

+

+[Sources.ARM]

+  rand_pool_noise.c

+

+[Sources.AARCH64]

+  rand_pool_noise.c

+

 [Packages]

   MdePkg/MdePkg.dec

   CryptoPkg/CryptoPkg.dec

 

 [LibraryClasses]

+  BaseLib

   DebugLib

+  TimerLib

 

 [LibraryClasses.ARM]

   ArmSoftFloatLib

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 35430e77d3..8c290caacf 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -1,7 +1,7 @@
 ## @file

 #  This module provides OpenSSL Library implementation.

 #

-#  Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>

+#  Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>

 #  SPDX-License-Identifier: BSD-2-Clause-Patent

 #

 ##

@@ -15,7 +15,7 @@
   VERSION_STRING                 = 1.0

   LIBRARY_CLASS                  = OpensslLib

   DEFINE OPENSSL_PATH            = openssl

-  DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DNO_SYSLOG

+  DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE

 

 #

 #  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64

@@ -32,6 +32,7 @@
   $(OPENSSL_PATH)/crypto/aes/aes_misc.c

   $(OPENSSL_PATH)/crypto/aes/aes_ofb.c

   $(OPENSSL_PATH)/crypto/aes/aes_wrap.c

+  $(OPENSSL_PATH)/crypto/aria/aria.c

   $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c

   $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c

   $(OPENSSL_PATH)/crypto/asn1/a_digest.c

@@ -54,6 +55,7 @@
   $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c

   $(OPENSSL_PATH)/crypto/asn1/asn1_err.c

   $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c

+  $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c

   $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c

   $(OPENSSL_PATH)/crypto/asn1/asn1_par.c

   $(OPENSSL_PATH)/crypto/asn1/asn_mime.c

@@ -172,6 +174,7 @@
   $(OPENSSL_PATH)/crypto/conf/conf_ssl.c

   $(OPENSSL_PATH)/crypto/cpt_err.c

   $(OPENSSL_PATH)/crypto/cryptlib.c

+  $(OPENSSL_PATH)/crypto/ctype.c

   $(OPENSSL_PATH)/crypto/cversion.c

   $(OPENSSL_PATH)/crypto/des/cbc_cksm.c

   $(OPENSSL_PATH)/crypto/des/cbc_enc.c

@@ -189,7 +192,6 @@
   $(OPENSSL_PATH)/crypto/des/pcbc_enc.c

   $(OPENSSL_PATH)/crypto/des/qud_cksm.c

   $(OPENSSL_PATH)/crypto/des/rand_key.c

-  $(OPENSSL_PATH)/crypto/des/rpc_enc.c

   $(OPENSSL_PATH)/crypto/des/set_key.c

   $(OPENSSL_PATH)/crypto/des/str2key.c

   $(OPENSSL_PATH)/crypto/des/xcbc_enc.c

@@ -206,6 +208,7 @@
   $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c

   $(OPENSSL_PATH)/crypto/dh/dh_prn.c

   $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c

+  $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c

   $(OPENSSL_PATH)/crypto/dso/dso_dl.c

   $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c

   $(OPENSSL_PATH)/crypto/dso/dso_err.c

@@ -228,6 +231,7 @@
   $(OPENSSL_PATH)/crypto/evp/e_aes.c

   $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c

   $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c

+  $(OPENSSL_PATH)/crypto/evp/e_aria.c

   $(OPENSSL_PATH)/crypto/evp/e_bf.c

   $(OPENSSL_PATH)/crypto/evp/e_camellia.c

   $(OPENSSL_PATH)/crypto/evp/e_cast.c

@@ -242,6 +246,7 @@
   $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c

   $(OPENSSL_PATH)/crypto/evp/e_rc5.c

   $(OPENSSL_PATH)/crypto/evp/e_seed.c

+  $(OPENSSL_PATH)/crypto/evp/e_sm4.c

   $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c

   $(OPENSSL_PATH)/crypto/evp/encode.c

   $(OPENSSL_PATH)/crypto/evp/evp_cnf.c

@@ -259,6 +264,7 @@
   $(OPENSSL_PATH)/crypto/evp/m_null.c

   $(OPENSSL_PATH)/crypto/evp/m_ripemd.c

   $(OPENSSL_PATH)/crypto/evp/m_sha1.c

+  $(OPENSSL_PATH)/crypto/evp/m_sha3.c

   $(OPENSSL_PATH)/crypto/evp/m_sigver.c

   $(OPENSSL_PATH)/crypto/evp/m_wp.c

   $(OPENSSL_PATH)/crypto/evp/names.c

@@ -271,10 +277,10 @@
   $(OPENSSL_PATH)/crypto/evp/p_seal.c

   $(OPENSSL_PATH)/crypto/evp/p_sign.c

   $(OPENSSL_PATH)/crypto/evp/p_verify.c

+  $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c

   $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c

   $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c

   $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c

-  $(OPENSSL_PATH)/crypto/evp/scrypt.c

   $(OPENSSL_PATH)/crypto/ex_data.c

   $(OPENSSL_PATH)/crypto/getenv.c

   $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c

@@ -283,6 +289,7 @@
   $(OPENSSL_PATH)/crypto/init.c

   $(OPENSSL_PATH)/crypto/kdf/hkdf.c

   $(OPENSSL_PATH)/crypto/kdf/kdf_err.c

+  $(OPENSSL_PATH)/crypto/kdf/scrypt.c

   $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c

   $(OPENSSL_PATH)/crypto/lhash/lh_stats.c

   $(OPENSSL_PATH)/crypto/lhash/lhash.c

@@ -360,14 +367,14 @@
   $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c

   $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c

   $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c

-  $(OPENSSL_PATH)/crypto/rand/md_rand.c

+  $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c

+  $(OPENSSL_PATH)/crypto/rand/drbg_lib.c

   $(OPENSSL_PATH)/crypto/rand/rand_egd.c

   $(OPENSSL_PATH)/crypto/rand/rand_err.c

   $(OPENSSL_PATH)/crypto/rand/rand_lib.c

   $(OPENSSL_PATH)/crypto/rand/rand_unix.c

   $(OPENSSL_PATH)/crypto/rand/rand_vms.c

   $(OPENSSL_PATH)/crypto/rand/rand_win.c

-  $(OPENSSL_PATH)/crypto/rand/randfile.c

   $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c

   $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c

@@ -379,8 +386,8 @@
   $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c

+  $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_none.c

-  $(OPENSSL_PATH)/crypto/rsa/rsa_null.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c

@@ -392,15 +399,27 @@
   $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c

   $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c

+  $(OPENSSL_PATH)/crypto/sha/keccak1600.c

   $(OPENSSL_PATH)/crypto/sha/sha1_one.c

   $(OPENSSL_PATH)/crypto/sha/sha1dgst.c

   $(OPENSSL_PATH)/crypto/sha/sha256.c

   $(OPENSSL_PATH)/crypto/sha/sha512.c

+  $(OPENSSL_PATH)/crypto/siphash/siphash.c

+  $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c

+  $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c

+  $(OPENSSL_PATH)/crypto/sm3/m_sm3.c

+  $(OPENSSL_PATH)/crypto/sm3/sm3.c

+  $(OPENSSL_PATH)/crypto/sm4/sm4.c

   $(OPENSSL_PATH)/crypto/stack/stack.c

   $(OPENSSL_PATH)/crypto/threads_none.c

   $(OPENSSL_PATH)/crypto/threads_pthread.c

   $(OPENSSL_PATH)/crypto/threads_win.c

   $(OPENSSL_PATH)/crypto/txt_db/txt_db.c

+  $(OPENSSL_PATH)/crypto/ui/ui_err.c

+  $(OPENSSL_PATH)/crypto/ui/ui_lib.c

+  $(OPENSSL_PATH)/crypto/ui/ui_null.c

+  $(OPENSSL_PATH)/crypto/ui/ui_openssl.c

+  $(OPENSSL_PATH)/crypto/ui/ui_util.c

   $(OPENSSL_PATH)/crypto/uid.c

   $(OPENSSL_PATH)/crypto/x509/by_dir.c

   $(OPENSSL_PATH)/crypto/x509/by_file.c

@@ -445,6 +464,7 @@
   $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c

   $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c

   $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c

+  $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c

   $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c

   $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c

   $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c

@@ -476,12 +496,29 @@
   $(OPENSSL_PATH)/crypto/x509v3/v3err.c

 # Autogenerated files list ends here

 

+  ossl_store.c

+  rand_pool.c

+

+[Sources.Ia32]

+  rand_pool_noise_tsc.c

+

+[Sources.X64]

+  rand_pool_noise_tsc.c

+

+[Sources.ARM]

+  rand_pool_noise.c

+

+[Sources.AARCH64]

+  rand_pool_noise.c

+

 [Packages]

   MdePkg/MdePkg.dec

   CryptoPkg/CryptoPkg.dec

 

 [LibraryClasses]

+  BaseLib

   DebugLib

+  TimerLib

 

 [LibraryClasses.ARM]

   ArmSoftFloatLib

diff --git a/CryptoPkg/Library/OpensslLib/buildinf.h b/CryptoPkg/Library/OpensslLib/buildinf.h
index c5ca293c72..b840c8656a 100644
--- a/CryptoPkg/Library/OpensslLib/buildinf.h
+++ b/CryptoPkg/Library/OpensslLib/buildinf.h
@@ -1,2 +1,4 @@
 #define PLATFORM  "UEFI"

 #define DATE      "Fri Dec 22 01:23:45 PDT 2017"

+

+const char * compiler_flags = "compiler: information not available from edk2";

diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl
-Subproject 74f2d9c1ec5f5510e1d3da5a9f03c28df097776
+Subproject 50eaac9f3337667259de725451f201e78459968