[PATCH v2 0/1] Upgrade the OpenSSL to 1.1.1g

[PATCH v2 0/1] Upgrade the OpenSSL to 1.1.1g

[Guomin Jiang]

v2:
Change the process_files.pl to convert the EOL automatically so the
generated file will be CRLF format.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>

Guomin Jiang (1):
  CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g

 CryptoPkg/CryptoPkg.dec                       |  1 -
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 58 +++++++++----------
 .../Library/OpensslLib/OpensslLibCrypto.inf   | 50 ++++++++--------
 .../Include/{internal => crypto}/dso_conf.h   | 32 +++++-----
 .../Library/Include/openssl/opensslconf.h     |  3 -
 .../Library/BaseCryptLib/Hash/CryptSm3.c      |  2 +-
 .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c     |  4 +-
 CryptoPkg/Library/OpensslLib/rand_pool.c      |  2 +-
 CryptoPkg/Library/OpensslLib/openssl          |  2 +-
 CryptoPkg/Library/OpensslLib/process_files.pl | 25 +++++---
 10 files changed, 91 insertions(+), 88 deletions(-)
 rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (76%)

-- 
2.25.1.windows.1

[PATCH v2 1/1] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g

[Guomin Jiang]

Upgrade openssl to 1.1.1g. the directory have been reorganized,
openssl moved crypto/include/internal to include/crypto folder.
So we change directory to match the re-organization.

The dso_conf.h and opensslconf.h will generated in UNIX format,
change process_files.pl to covent the EOL automatically.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
---
 CryptoPkg/CryptoPkg.dec                       |  1 -
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 58 +++++++++----------
 .../Library/OpensslLib/OpensslLibCrypto.inf   | 50 ++++++++--------
 .../Include/{internal => crypto}/dso_conf.h   | 32 +++++-----
 .../Library/Include/openssl/opensslconf.h     |  3 -
 .../Library/BaseCryptLib/Hash/CryptSm3.c      |  2 +-
 .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c     |  4 +-
 CryptoPkg/Library/OpensslLib/rand_pool.c      |  2 +-
 CryptoPkg/Library/OpensslLib/openssl          |  2 +-
 CryptoPkg/Library/OpensslLib/process_files.pl | 25 +++++---
 10 files changed, 91 insertions(+), 88 deletions(-)
 rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (76%)

diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index 4d1a1368a8d4..5888941bab4c 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -23,7 +23,6 @@ [Includes.Common.Private]
   Private
   Library/Include
   Library/OpensslLib/openssl/include
-  Library/OpensslLib/openssl/crypto/include
 
 [LibraryClasses]
   ##  @libraryclass  Provides basic library functions for cryptographic primitives.
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index c8ec9454bd90..dbbe5386a10c 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -477,45 +477,45 @@ [Sources]
   $(OPENSSL_PATH)/crypto/s390x_arch.h
   $(OPENSSL_PATH)/crypto/sparc_arch.h
   $(OPENSSL_PATH)/crypto/vms_rms.h
-  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
+  $(OPENSSL_PATH)/crypto/aes/aes_local.h
   $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
-  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
+  $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
   $(OPENSSL_PATH)/crypto/asn1/charmap.h
   $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
   $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
-  $(OPENSSL_PATH)/crypto/async/async_locl.h
+  $(OPENSSL_PATH)/crypto/async/async_local.h
   $(OPENSSL_PATH)/crypto/async/arch/async_null.h
   $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
   $(OPENSSL_PATH)/crypto/async/arch/async_win.h
-  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
-  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
+  $(OPENSSL_PATH)/crypto/bio/bio_local.h
+  $(OPENSSL_PATH)/crypto/bn/bn_local.h
   $(OPENSSL_PATH)/crypto/bn/bn_prime.h
   $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
-  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
+  $(OPENSSL_PATH)/crypto/comp/comp_local.h
   $(OPENSSL_PATH)/crypto/conf/conf_def.h
-  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
-  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
-  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
-  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
-  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
-  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
-  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
-  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
+  $(OPENSSL_PATH)/crypto/conf/conf_local.h
+  $(OPENSSL_PATH)/crypto/dh/dh_local.h
+  $(OPENSSL_PATH)/crypto/dso/dso_local.h
+  $(OPENSSL_PATH)/crypto/evp/evp_local.h
+  $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
+  $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
+  $(OPENSSL_PATH)/crypto/md5/md5_local.h
+  $(OPENSSL_PATH)/crypto/modes/modes_local.h
   $(OPENSSL_PATH)/crypto/objects/obj_dat.h
-  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
+  $(OPENSSL_PATH)/crypto/objects/obj_local.h
   $(OPENSSL_PATH)/crypto/objects/obj_xref.h
-  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
-  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
-  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
-  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
-  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
+  $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
+  $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
+  $(OPENSSL_PATH)/crypto/rand/rand_local.h
+  $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
+  $(OPENSSL_PATH)/crypto/sha/sha_local.h
   $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
-  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
-  $(OPENSSL_PATH)/crypto/store/store_locl.h
-  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
-  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+  $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
+  $(OPENSSL_PATH)/crypto/store/store_local.h
+  $(OPENSSL_PATH)/crypto/ui/ui_local.h
+  $(OPENSSL_PATH)/crypto/x509/x509_local.h
   $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
-  $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
+  $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
   $(OPENSSL_PATH)/ssl/bio_ssl.c
@@ -562,13 +562,13 @@ [Sources]
   $(OPENSSL_PATH)/ssl/t1_trce.c
   $(OPENSSL_PATH)/ssl/tls13_enc.c
   $(OPENSSL_PATH)/ssl/tls_srp.c
-  $(OPENSSL_PATH)/ssl/packet_locl.h
+  $(OPENSSL_PATH)/ssl/packet_local.h
   $(OPENSSL_PATH)/ssl/ssl_cert_table.h
-  $(OPENSSL_PATH)/ssl/ssl_locl.h
+  $(OPENSSL_PATH)/ssl/ssl_local.h
   $(OPENSSL_PATH)/ssl/record/record.h
-  $(OPENSSL_PATH)/ssl/record/record_locl.h
+  $(OPENSSL_PATH)/ssl/record/record_local.h
   $(OPENSSL_PATH)/ssl/statem/statem.h
-  $(OPENSSL_PATH)/ssl/statem/statem_locl.h
+  $(OPENSSL_PATH)/ssl/statem/statem_local.h
 # Autogenerated files list ends here
   buildinf.h
   rand_pool_noise.h
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 2f232e3e1289..616ccd9f62d1 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -477,45 +477,45 @@ [Sources]
   $(OPENSSL_PATH)/crypto/s390x_arch.h
   $(OPENSSL_PATH)/crypto/sparc_arch.h
   $(OPENSSL_PATH)/crypto/vms_rms.h
-  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
+  $(OPENSSL_PATH)/crypto/aes/aes_local.h
   $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
-  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
+  $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
   $(OPENSSL_PATH)/crypto/asn1/charmap.h
   $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
   $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
-  $(OPENSSL_PATH)/crypto/async/async_locl.h
+  $(OPENSSL_PATH)/crypto/async/async_local.h
   $(OPENSSL_PATH)/crypto/async/arch/async_null.h
   $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
   $(OPENSSL_PATH)/crypto/async/arch/async_win.h
-  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
-  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
+  $(OPENSSL_PATH)/crypto/bio/bio_local.h
+  $(OPENSSL_PATH)/crypto/bn/bn_local.h
   $(OPENSSL_PATH)/crypto/bn/bn_prime.h
   $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
-  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
+  $(OPENSSL_PATH)/crypto/comp/comp_local.h
   $(OPENSSL_PATH)/crypto/conf/conf_def.h
-  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
-  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
-  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
-  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
-  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
-  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
-  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
-  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
+  $(OPENSSL_PATH)/crypto/conf/conf_local.h
+  $(OPENSSL_PATH)/crypto/dh/dh_local.h
+  $(OPENSSL_PATH)/crypto/dso/dso_local.h
+  $(OPENSSL_PATH)/crypto/evp/evp_local.h
+  $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
+  $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
+  $(OPENSSL_PATH)/crypto/md5/md5_local.h
+  $(OPENSSL_PATH)/crypto/modes/modes_local.h
   $(OPENSSL_PATH)/crypto/objects/obj_dat.h
-  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
+  $(OPENSSL_PATH)/crypto/objects/obj_local.h
   $(OPENSSL_PATH)/crypto/objects/obj_xref.h
-  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
-  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
-  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
-  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
-  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
+  $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
+  $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
+  $(OPENSSL_PATH)/crypto/rand/rand_local.h
+  $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
+  $(OPENSSL_PATH)/crypto/sha/sha_local.h
   $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
-  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
-  $(OPENSSL_PATH)/crypto/store/store_locl.h
-  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
-  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+  $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
+  $(OPENSSL_PATH)/crypto/store/store_local.h
+  $(OPENSSL_PATH)/crypto/ui/ui_local.h
+  $(OPENSSL_PATH)/crypto/x509/x509_local.h
   $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
-  $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
+  $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
 # Autogenerated files list ends here
diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h
similarity index 76%
rename from CryptoPkg/Library/Include/internal/dso_conf.h
rename to CryptoPkg/Library/Include/crypto/dso_conf.h
index 43c891588bc2..95f4db2b1586 100644
--- a/CryptoPkg/Library/Include/internal/dso_conf.h
+++ b/CryptoPkg/Library/Include/crypto/dso_conf.h
@@ -1,16 +1,16 @@
-/* WARNING: do not edit! */
-/* Generated from crypto/include/internal/dso_conf.h.in */
-/*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef HEADER_DSO_CONF_H
-# define HEADER_DSO_CONF_H
-# define DSO_NONE
-# define DSO_EXTENSION ".so"
-#endif
+/* WARNING: do not edit! */
+/* Generated from include/crypto/dso_conf.h.in */
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DSO_CONF_H
+# define OSSL_CRYPTO_DSO_CONF_H
+# define DSO_NONE
+# define DSO_EXTENSION ".so"
+#endif
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 62c2736cb0b5..3a2544ea5ccc 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -247,9 +247,6 @@ extern "C" {
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 # define OPENSSL_NO_DYNAMIC_ENGINE
 #endif
-#ifndef OPENSSL_NO_AFALGENG
-# define OPENSSL_NO_AFALGENG
-#endif
 
 
 /*
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
index eacf4826c4f7..235331c2a038 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
 #include "InternalCryptLib.h"
-#include "internal/sm3.h"
+#include "crypto/sm3.h"
 
 /**
   Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
index 229c244b2657..c9fdb65b99d1 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
@@ -15,13 +15,13 @@
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
 #include <openssl/bio.h>
-#include <internal/x509_int.h>
+#include <crypto/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/bn.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/pem.h>
 #include <openssl/evp.h>
-#include <internal/asn1_int.h>
+#include <crypto/asn1.h>
 
 /**
   This function will return the leaf signer certificate in a chain.  This is
diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c
index 9f3983f7c35b..9e0179b03490 100644
--- a/CryptoPkg/Library/OpensslLib/rand_pool.c
+++ b/CryptoPkg/Library/OpensslLib/rand_pool.c
@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
 
-#include "internal/rand_int.h"
+#include "crypto/rand.h"
 #include <openssl/aes.h>
 
 #include <Uefi.h>
diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl
index c3656cc594da..e2e09d9fba11 160000
--- a/CryptoPkg/Library/OpensslLib/openssl
+++ b/CryptoPkg/Library/OpensslLib/openssl
@@ -1 +1 @@
-Subproject commit c3656cc594daac8167721dde7220f0e59ae146fc
+Subproject commit e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index 65d07a2aed44..57ce1953947b 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -111,8 +111,8 @@ BEGIN {
             # Generate dso_conf.h per config data
             system(
                 "perl -I. -Mconfigdata util/dofile.pl " .
-                "crypto/include/internal/dso_conf.h.in " .
-                "> include/internal/dso_conf.h"
+                "include/crypto/dso_conf.h.in " .
+                "> include/crypto/dso_conf.h"
                 ) == 0 ||
                     die "Failed to generate dso_conf.h!\n";
 
@@ -263,14 +263,21 @@ print "Done!";
 # Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration
 #
 print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
-copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
-     $OPENSSL_PATH . "/../../Include/openssl/") ||
-   die "Cannot copy opensslconf.h!";
+system(
+    "perl -pe 's/\\n/\\r\\n/' " .
+    "< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " .
+    "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h"
+    ) == 0 ||
+    die "Cannot copy opensslconf.h!";
 print "Done!";
-print "\n--> Duplicating dso_conf.h into Include/internal ... ";
-copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
-     $OPENSSL_PATH . "/../../Include/internal/") ||
-   die "Cannot copy dso_conf.h!";
+
+print "\n--> Duplicating dso_conf.h into Include/crypto ... ";
+system(
+    "perl -pe 's/\\n/\\r\\n/' " .
+    "< " . $OPENSSL_PATH . "/include/crypto/dso_conf.h" .
+    "> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h"
+    ) == 0 ||
+    die "Cannot copy dso_conf.h!";
 print "Done!\n";
 
 print "\nProcessing Files Done!\n";
-- 
2.25.1.windows.1

Re: [PATCH v2 1/1] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g

[Wang, Jian J]

Reviewed-by: Jian J Wang <jian.j.wang@intel.com>

Regards,
Jian

> -----Original Message-----
> From: Jiang, Guomin <guomin.jiang@intel.com>
> Sent: Friday, July 17, 2020 9:36 AM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>;
> Laszlo Ersek <lersek@redhat.com>
> Subject: [PATCH v2 1/1] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g
> 
> Upgrade openssl to 1.1.1g. the directory have been reorganized,
> openssl moved crypto/include/internal to include/crypto folder.
> So we change directory to match the re-organization.
> 
> The dso_conf.h and opensslconf.h will generated in UNIX format,
> change process_files.pl to covent the EOL automatically.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
> Tested-by: Laszlo Ersek <lersek@redhat.com>
> ---
>  CryptoPkg/CryptoPkg.dec                       |  1 -
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 58 +++++++++----------
>  .../Library/OpensslLib/OpensslLibCrypto.inf   | 50 ++++++++--------
>  .../Include/{internal => crypto}/dso_conf.h   | 32 +++++-----
>  .../Library/Include/openssl/opensslconf.h     |  3 -
>  .../Library/BaseCryptLib/Hash/CryptSm3.c      |  2 +-
>  .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c     |  4 +-
>  CryptoPkg/Library/OpensslLib/rand_pool.c      |  2 +-
>  CryptoPkg/Library/OpensslLib/openssl          |  2 +-
>  CryptoPkg/Library/OpensslLib/process_files.pl | 25 +++++---
>  10 files changed, 91 insertions(+), 88 deletions(-)
>  rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (76%)
> 
> diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
> index 4d1a1368a8d4..5888941bab4c 100644
> --- a/CryptoPkg/CryptoPkg.dec
> +++ b/CryptoPkg/CryptoPkg.dec
> @@ -23,7 +23,6 @@ [Includes.Common.Private]
>    Private
>    Library/Include
>    Library/OpensslLib/openssl/include
> -  Library/OpensslLib/openssl/crypto/include
> 
>  [LibraryClasses]
>    ##  @libraryclass  Provides basic library functions for cryptographic primitives.
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> index c8ec9454bd90..dbbe5386a10c 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> @@ -477,45 +477,45 @@ [Sources]
>    $(OPENSSL_PATH)/crypto/s390x_arch.h
>    $(OPENSSL_PATH)/crypto/sparc_arch.h
>    $(OPENSSL_PATH)/crypto/vms_rms.h
> -  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
> +  $(OPENSSL_PATH)/crypto/aes/aes_local.h
>    $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
> -  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
> +  $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
>    $(OPENSSL_PATH)/crypto/asn1/charmap.h
>    $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
>    $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
> -  $(OPENSSL_PATH)/crypto/async/async_locl.h
> +  $(OPENSSL_PATH)/crypto/async/async_local.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_null.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_win.h
> -  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
> -  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
> +  $(OPENSSL_PATH)/crypto/bio/bio_local.h
> +  $(OPENSSL_PATH)/crypto/bn/bn_local.h
>    $(OPENSSL_PATH)/crypto/bn/bn_prime.h
>    $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> -  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
> +  $(OPENSSL_PATH)/crypto/comp/comp_local.h
>    $(OPENSSL_PATH)/crypto/conf/conf_def.h
> -  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
> -  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
> -  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
> -  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
> -  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
> -  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
> -  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
> -  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
> +  $(OPENSSL_PATH)/crypto/conf/conf_local.h
> +  $(OPENSSL_PATH)/crypto/dh/dh_local.h
> +  $(OPENSSL_PATH)/crypto/dso/dso_local.h
> +  $(OPENSSL_PATH)/crypto/evp/evp_local.h
> +  $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> +  $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> +  $(OPENSSL_PATH)/crypto/md5/md5_local.h
> +  $(OPENSSL_PATH)/crypto/modes/modes_local.h
>    $(OPENSSL_PATH)/crypto/objects/obj_dat.h
> -  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
> +  $(OPENSSL_PATH)/crypto/objects/obj_local.h
>    $(OPENSSL_PATH)/crypto/objects/obj_xref.h
> -  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
> -  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
> -  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
> -  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
> -  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
> +  $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
> +  $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
> +  $(OPENSSL_PATH)/crypto/rand/rand_local.h
> +  $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
> +  $(OPENSSL_PATH)/crypto/sha/sha_local.h
>    $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
> -  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
> -  $(OPENSSL_PATH)/crypto/store/store_locl.h
> -  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
> -  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
> +  $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
> +  $(OPENSSL_PATH)/crypto/store/store_local.h
> +  $(OPENSSL_PATH)/crypto/ui/ui_local.h
> +  $(OPENSSL_PATH)/crypto/x509/x509_local.h
>    $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
> -  $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
> +  $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
>    $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
>    $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
>    $(OPENSSL_PATH)/ssl/bio_ssl.c
> @@ -562,13 +562,13 @@ [Sources]
>    $(OPENSSL_PATH)/ssl/t1_trce.c
>    $(OPENSSL_PATH)/ssl/tls13_enc.c
>    $(OPENSSL_PATH)/ssl/tls_srp.c
> -  $(OPENSSL_PATH)/ssl/packet_locl.h
> +  $(OPENSSL_PATH)/ssl/packet_local.h
>    $(OPENSSL_PATH)/ssl/ssl_cert_table.h
> -  $(OPENSSL_PATH)/ssl/ssl_locl.h
> +  $(OPENSSL_PATH)/ssl/ssl_local.h
>    $(OPENSSL_PATH)/ssl/record/record.h
> -  $(OPENSSL_PATH)/ssl/record/record_locl.h
> +  $(OPENSSL_PATH)/ssl/record/record_local.h
>    $(OPENSSL_PATH)/ssl/statem/statem.h
> -  $(OPENSSL_PATH)/ssl/statem/statem_locl.h
> +  $(OPENSSL_PATH)/ssl/statem/statem_local.h
>  # Autogenerated files list ends here
>    buildinf.h
>    rand_pool_noise.h
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> index 2f232e3e1289..616ccd9f62d1 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> @@ -477,45 +477,45 @@ [Sources]
>    $(OPENSSL_PATH)/crypto/s390x_arch.h
>    $(OPENSSL_PATH)/crypto/sparc_arch.h
>    $(OPENSSL_PATH)/crypto/vms_rms.h
> -  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
> +  $(OPENSSL_PATH)/crypto/aes/aes_local.h
>    $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
> -  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
> +  $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
>    $(OPENSSL_PATH)/crypto/asn1/charmap.h
>    $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
>    $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
> -  $(OPENSSL_PATH)/crypto/async/async_locl.h
> +  $(OPENSSL_PATH)/crypto/async/async_local.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_null.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_win.h
> -  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
> -  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
> +  $(OPENSSL_PATH)/crypto/bio/bio_local.h
> +  $(OPENSSL_PATH)/crypto/bn/bn_local.h
>    $(OPENSSL_PATH)/crypto/bn/bn_prime.h
>    $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> -  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
> +  $(OPENSSL_PATH)/crypto/comp/comp_local.h
>    $(OPENSSL_PATH)/crypto/conf/conf_def.h
> -  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
> -  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
> -  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
> -  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
> -  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
> -  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
> -  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
> -  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
> +  $(OPENSSL_PATH)/crypto/conf/conf_local.h
> +  $(OPENSSL_PATH)/crypto/dh/dh_local.h
> +  $(OPENSSL_PATH)/crypto/dso/dso_local.h
> +  $(OPENSSL_PATH)/crypto/evp/evp_local.h
> +  $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> +  $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> +  $(OPENSSL_PATH)/crypto/md5/md5_local.h
> +  $(OPENSSL_PATH)/crypto/modes/modes_local.h
>    $(OPENSSL_PATH)/crypto/objects/obj_dat.h
> -  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
> +  $(OPENSSL_PATH)/crypto/objects/obj_local.h
>    $(OPENSSL_PATH)/crypto/objects/obj_xref.h
> -  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
> -  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
> -  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
> -  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
> -  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
> +  $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
> +  $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
> +  $(OPENSSL_PATH)/crypto/rand/rand_local.h
> +  $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
> +  $(OPENSSL_PATH)/crypto/sha/sha_local.h
>    $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
> -  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
> -  $(OPENSSL_PATH)/crypto/store/store_locl.h
> -  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
> -  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
> +  $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
> +  $(OPENSSL_PATH)/crypto/store/store_local.h
> +  $(OPENSSL_PATH)/crypto/ui/ui_local.h
> +  $(OPENSSL_PATH)/crypto/x509/x509_local.h
>    $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
> -  $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
> +  $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
>    $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
>    $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
>  # Autogenerated files list ends here
> diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h
> b/CryptoPkg/Library/Include/crypto/dso_conf.h
> similarity index 76%
> rename from CryptoPkg/Library/Include/internal/dso_conf.h
> rename to CryptoPkg/Library/Include/crypto/dso_conf.h
> index 43c891588bc2..95f4db2b1586 100644
> --- a/CryptoPkg/Library/Include/internal/dso_conf.h
> +++ b/CryptoPkg/Library/Include/crypto/dso_conf.h
> @@ -1,16 +1,16 @@
> -/* WARNING: do not edit! */
> -/* Generated from crypto/include/internal/dso_conf.h.in */
> -/*
> - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
> - *
> - * Licensed under the OpenSSL license (the "License").  You may not use
> - * this file except in compliance with the License.  You can obtain a copy
> - * in the file LICENSE in the source distribution or at
> - * https://www.openssl.org/source/license.html
> - */
> -
> -#ifndef HEADER_DSO_CONF_H
> -# define HEADER_DSO_CONF_H
> -# define DSO_NONE
> -# define DSO_EXTENSION ".so"
> -#endif
> +/* WARNING: do not edit! */
> +/* Generated from include/crypto/dso_conf.h.in */
> +/*
> + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
> + *
> + * Licensed under the OpenSSL license (the "License").  You may not use
> + * this file except in compliance with the License.  You can obtain a copy
> + * in the file LICENSE in the source distribution or at
> + * https://www.openssl.org/source/license.html
> + */
> +
> +#ifndef OSSL_CRYPTO_DSO_CONF_H
> +# define OSSL_CRYPTO_DSO_CONF_H
> +# define DSO_NONE
> +# define DSO_EXTENSION ".so"
> +#endif
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 62c2736cb0b5..3a2544ea5ccc 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -247,9 +247,6 @@ extern "C" {
>  #ifndef OPENSSL_NO_DYNAMIC_ENGINE
>  # define OPENSSL_NO_DYNAMIC_ENGINE
>  #endif
> -#ifndef OPENSSL_NO_AFALGENG
> -# define OPENSSL_NO_AFALGENG
> -#endif
> 
> 
>  /*
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
> b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
> index eacf4826c4f7..235331c2a038 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
> @@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  **/
> 
>  #include "InternalCryptLib.h"
> -#include "internal/sm3.h"
> +#include "crypto/sm3.h"
> 
>  /**
>    Retrieves the size, in bytes, of the context buffer required for SM3 hash
> operations.
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> index 229c244b2657..c9fdb65b99d1 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> @@ -15,13 +15,13 @@
>  #include <openssl/asn1.h>
>  #include <openssl/x509.h>
>  #include <openssl/bio.h>
> -#include <internal/x509_int.h>
> +#include <crypto/x509.h>
>  #include <openssl/pkcs7.h>
>  #include <openssl/bn.h>
>  #include <openssl/x509_vfy.h>
>  #include <openssl/pem.h>
>  #include <openssl/evp.h>
> -#include <internal/asn1_int.h>
> +#include <crypto/asn1.h>
> 
>  /**
>    This function will return the leaf signer certificate in a chain.  This is
> diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c
> b/CryptoPkg/Library/OpensslLib/rand_pool.c
> index 9f3983f7c35b..9e0179b03490 100644
> --- a/CryptoPkg/Library/OpensslLib/rand_pool.c
> +++ b/CryptoPkg/Library/OpensslLib/rand_pool.c
> @@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> 
>  **/
> 
> -#include "internal/rand_int.h"
> +#include "crypto/rand.h"
>  #include <openssl/aes.h>
> 
>  #include <Uefi.h>
> diff --git a/CryptoPkg/Library/OpensslLib/openssl
> b/CryptoPkg/Library/OpensslLib/openssl
> index c3656cc594da..e2e09d9fba11 160000
> --- a/CryptoPkg/Library/OpensslLib/openssl
> +++ b/CryptoPkg/Library/OpensslLib/openssl
> @@ -1 +1 @@
> -Subproject commit c3656cc594daac8167721dde7220f0e59ae146fc
> +Subproject commit e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72
> diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl
> b/CryptoPkg/Library/OpensslLib/process_files.pl
> index 65d07a2aed44..57ce1953947b 100755
> --- a/CryptoPkg/Library/OpensslLib/process_files.pl
> +++ b/CryptoPkg/Library/OpensslLib/process_files.pl
> @@ -111,8 +111,8 @@ BEGIN {
>              # Generate dso_conf.h per config data
>              system(
>                  "perl -I. -Mconfigdata util/dofile.pl " .
> -                "crypto/include/internal/dso_conf.h.in " .
> -                "> include/internal/dso_conf.h"
> +                "include/crypto/dso_conf.h.in " .
> +                "> include/crypto/dso_conf.h"
>                  ) == 0 ||
>                      die "Failed to generate dso_conf.h!\n";
> 
> @@ -263,14 +263,21 @@ print "Done!";
>  # Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration
>  #
>  print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
> -copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
> -     $OPENSSL_PATH . "/../../Include/openssl/") ||
> -   die "Cannot copy opensslconf.h!";
> +system(
> +    "perl -pe 's/\\n/\\r\\n/' " .
> +    "< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " .
> +    "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h"
> +    ) == 0 ||
> +    die "Cannot copy opensslconf.h!";
>  print "Done!";
> -print "\n--> Duplicating dso_conf.h into Include/internal ... ";
> -copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
> -     $OPENSSL_PATH . "/../../Include/internal/") ||
> -   die "Cannot copy dso_conf.h!";
> +
> +print "\n--> Duplicating dso_conf.h into Include/crypto ... ";
> +system(
> +    "perl -pe 's/\\n/\\r\\n/' " .
> +    "< " . $OPENSSL_PATH . "/include/crypto/dso_conf.h" .
> +    "> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h"
> +    ) == 0 ||
> +    die "Cannot copy dso_conf.h!";
>  print "Done!\n";
> 
>  print "\nProcessing Files Done!\n";
> --
> 2.25.1.windows.1

Re: [PATCH v2 1/1] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g

[Laszlo Ersek]

On 07/17/20 03:36, Guomin Jiang wrote:
> Upgrade openssl to 1.1.1g. the directory have been reorganized,
> openssl moved crypto/include/internal to include/crypto folder.
> So we change directory to match the re-organization.
> 
> The dso_conf.h and opensslconf.h will generated in UNIX format,
> change process_files.pl to covent the EOL automatically.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
> Tested-by: Laszlo Ersek <lersek@redhat.com>
> ---
>  CryptoPkg/CryptoPkg.dec                       |  1 -
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 58 +++++++++----------
>  .../Library/OpensslLib/OpensslLibCrypto.inf   | 50 ++++++++--------
>  .../Include/{internal => crypto}/dso_conf.h   | 32 +++++-----
>  .../Library/Include/openssl/opensslconf.h     |  3 -
>  .../Library/BaseCryptLib/Hash/CryptSm3.c      |  2 +-
>  .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c     |  4 +-
>  CryptoPkg/Library/OpensslLib/rand_pool.c      |  2 +-
>  CryptoPkg/Library/OpensslLib/openssl          |  2 +-
>  CryptoPkg/Library/OpensslLib/process_files.pl | 25 +++++---
>  10 files changed, 91 insertions(+), 88 deletions(-)
>  rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (76%)

The patch changed non-trivially, so *in general* my R-b and especially
T-b tags should have been dropped, in v2.

However, the v1->v2 changes are the following:

- the commit message has been extended, the way I asked,

- the code changes are restricted to "process_files.pl", and:

  - I never tested that script in the first place (my T-b didn't
    cover the script anyway), so my T-b is unaffected by the v1->v2
    update

  - the new stuff in the script looks acceptable (although certainly not
    optimal; see below), so I'm fine with keeping my R-b as well.

> 
> diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
> index 4d1a1368a8d4..5888941bab4c 100644
> --- a/CryptoPkg/CryptoPkg.dec
> +++ b/CryptoPkg/CryptoPkg.dec
> @@ -23,7 +23,6 @@ [Includes.Common.Private]
>    Private
>    Library/Include
>    Library/OpensslLib/openssl/include
> -  Library/OpensslLib/openssl/crypto/include
>  
>  [LibraryClasses]
>    ##  @libraryclass  Provides basic library functions for cryptographic primitives.
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> index c8ec9454bd90..dbbe5386a10c 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> @@ -477,45 +477,45 @@ [Sources]
>    $(OPENSSL_PATH)/crypto/s390x_arch.h
>    $(OPENSSL_PATH)/crypto/sparc_arch.h
>    $(OPENSSL_PATH)/crypto/vms_rms.h
> -  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
> +  $(OPENSSL_PATH)/crypto/aes/aes_local.h
>    $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
> -  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
> +  $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
>    $(OPENSSL_PATH)/crypto/asn1/charmap.h
>    $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
>    $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
> -  $(OPENSSL_PATH)/crypto/async/async_locl.h
> +  $(OPENSSL_PATH)/crypto/async/async_local.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_null.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_win.h
> -  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
> -  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
> +  $(OPENSSL_PATH)/crypto/bio/bio_local.h
> +  $(OPENSSL_PATH)/crypto/bn/bn_local.h
>    $(OPENSSL_PATH)/crypto/bn/bn_prime.h
>    $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> -  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
> +  $(OPENSSL_PATH)/crypto/comp/comp_local.h
>    $(OPENSSL_PATH)/crypto/conf/conf_def.h
> -  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
> -  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
> -  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
> -  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
> -  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
> -  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
> -  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
> -  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
> +  $(OPENSSL_PATH)/crypto/conf/conf_local.h
> +  $(OPENSSL_PATH)/crypto/dh/dh_local.h
> +  $(OPENSSL_PATH)/crypto/dso/dso_local.h
> +  $(OPENSSL_PATH)/crypto/evp/evp_local.h
> +  $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> +  $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> +  $(OPENSSL_PATH)/crypto/md5/md5_local.h
> +  $(OPENSSL_PATH)/crypto/modes/modes_local.h
>    $(OPENSSL_PATH)/crypto/objects/obj_dat.h
> -  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
> +  $(OPENSSL_PATH)/crypto/objects/obj_local.h
>    $(OPENSSL_PATH)/crypto/objects/obj_xref.h
> -  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
> -  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
> -  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
> -  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
> -  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
> +  $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
> +  $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
> +  $(OPENSSL_PATH)/crypto/rand/rand_local.h
> +  $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
> +  $(OPENSSL_PATH)/crypto/sha/sha_local.h
>    $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
> -  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
> -  $(OPENSSL_PATH)/crypto/store/store_locl.h
> -  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
> -  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
> +  $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
> +  $(OPENSSL_PATH)/crypto/store/store_local.h
> +  $(OPENSSL_PATH)/crypto/ui/ui_local.h
> +  $(OPENSSL_PATH)/crypto/x509/x509_local.h
>    $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
> -  $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
> +  $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
>    $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
>    $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
>    $(OPENSSL_PATH)/ssl/bio_ssl.c
> @@ -562,13 +562,13 @@ [Sources]
>    $(OPENSSL_PATH)/ssl/t1_trce.c
>    $(OPENSSL_PATH)/ssl/tls13_enc.c
>    $(OPENSSL_PATH)/ssl/tls_srp.c
> -  $(OPENSSL_PATH)/ssl/packet_locl.h
> +  $(OPENSSL_PATH)/ssl/packet_local.h
>    $(OPENSSL_PATH)/ssl/ssl_cert_table.h
> -  $(OPENSSL_PATH)/ssl/ssl_locl.h
> +  $(OPENSSL_PATH)/ssl/ssl_local.h
>    $(OPENSSL_PATH)/ssl/record/record.h
> -  $(OPENSSL_PATH)/ssl/record/record_locl.h
> +  $(OPENSSL_PATH)/ssl/record/record_local.h
>    $(OPENSSL_PATH)/ssl/statem/statem.h
> -  $(OPENSSL_PATH)/ssl/statem/statem_locl.h
> +  $(OPENSSL_PATH)/ssl/statem/statem_local.h
>  # Autogenerated files list ends here
>    buildinf.h
>    rand_pool_noise.h
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> index 2f232e3e1289..616ccd9f62d1 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> @@ -477,45 +477,45 @@ [Sources]
>    $(OPENSSL_PATH)/crypto/s390x_arch.h
>    $(OPENSSL_PATH)/crypto/sparc_arch.h
>    $(OPENSSL_PATH)/crypto/vms_rms.h
> -  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
> +  $(OPENSSL_PATH)/crypto/aes/aes_local.h
>    $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
> -  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
> +  $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
>    $(OPENSSL_PATH)/crypto/asn1/charmap.h
>    $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
>    $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
> -  $(OPENSSL_PATH)/crypto/async/async_locl.h
> +  $(OPENSSL_PATH)/crypto/async/async_local.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_null.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_win.h
> -  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
> -  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
> +  $(OPENSSL_PATH)/crypto/bio/bio_local.h
> +  $(OPENSSL_PATH)/crypto/bn/bn_local.h
>    $(OPENSSL_PATH)/crypto/bn/bn_prime.h
>    $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> -  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
> +  $(OPENSSL_PATH)/crypto/comp/comp_local.h
>    $(OPENSSL_PATH)/crypto/conf/conf_def.h
> -  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
> -  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
> -  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
> -  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
> -  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
> -  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
> -  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
> -  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
> +  $(OPENSSL_PATH)/crypto/conf/conf_local.h
> +  $(OPENSSL_PATH)/crypto/dh/dh_local.h
> +  $(OPENSSL_PATH)/crypto/dso/dso_local.h
> +  $(OPENSSL_PATH)/crypto/evp/evp_local.h
> +  $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> +  $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> +  $(OPENSSL_PATH)/crypto/md5/md5_local.h
> +  $(OPENSSL_PATH)/crypto/modes/modes_local.h
>    $(OPENSSL_PATH)/crypto/objects/obj_dat.h
> -  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
> +  $(OPENSSL_PATH)/crypto/objects/obj_local.h
>    $(OPENSSL_PATH)/crypto/objects/obj_xref.h
> -  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
> -  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
> -  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
> -  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
> -  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
> +  $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
> +  $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
> +  $(OPENSSL_PATH)/crypto/rand/rand_local.h
> +  $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
> +  $(OPENSSL_PATH)/crypto/sha/sha_local.h
>    $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
> -  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
> -  $(OPENSSL_PATH)/crypto/store/store_locl.h
> -  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
> -  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
> +  $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
> +  $(OPENSSL_PATH)/crypto/store/store_local.h
> +  $(OPENSSL_PATH)/crypto/ui/ui_local.h
> +  $(OPENSSL_PATH)/crypto/x509/x509_local.h
>    $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
> -  $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
> +  $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
>    $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
>    $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
>  # Autogenerated files list ends here
> diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h
> similarity index 76%
> rename from CryptoPkg/Library/Include/internal/dso_conf.h
> rename to CryptoPkg/Library/Include/crypto/dso_conf.h
> index 43c891588bc2..95f4db2b1586 100644
> --- a/CryptoPkg/Library/Include/internal/dso_conf.h
> +++ b/CryptoPkg/Library/Include/crypto/dso_conf.h
> @@ -1,16 +1,16 @@
> -/* WARNING: do not edit! */
> -/* Generated from crypto/include/internal/dso_conf.h.in */
> -/*
> - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
> - *
> - * Licensed under the OpenSSL license (the "License").  You may not use
> - * this file except in compliance with the License.  You can obtain a copy
> - * in the file LICENSE in the source distribution or at
> - * https://www.openssl.org/source/license.html
> - */
> -
> -#ifndef HEADER_DSO_CONF_H
> -# define HEADER_DSO_CONF_H
> -# define DSO_NONE
> -# define DSO_EXTENSION ".so"
> -#endif
> +/* WARNING: do not edit! */
> +/* Generated from include/crypto/dso_conf.h.in */
> +/*
> + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
> + *
> + * Licensed under the OpenSSL license (the "License").  You may not use
> + * this file except in compliance with the License.  You can obtain a copy
> + * in the file LICENSE in the source distribution or at
> + * https://www.openssl.org/source/license.html
> + */
> +
> +#ifndef OSSL_CRYPTO_DSO_CONF_H
> +# define OSSL_CRYPTO_DSO_CONF_H
> +# define DSO_NONE
> +# define DSO_EXTENSION ".so"
> +#endif
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 62c2736cb0b5..3a2544ea5ccc 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -247,9 +247,6 @@ extern "C" {
>  #ifndef OPENSSL_NO_DYNAMIC_ENGINE
>  # define OPENSSL_NO_DYNAMIC_ENGINE
>  #endif
> -#ifndef OPENSSL_NO_AFALGENG
> -# define OPENSSL_NO_AFALGENG
> -#endif
>  
>  
>  /*
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
> index eacf4826c4f7..235331c2a038 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
> @@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  **/
>  
>  #include "InternalCryptLib.h"
> -#include "internal/sm3.h"
> +#include "crypto/sm3.h"
>  
>  /**
>    Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> index 229c244b2657..c9fdb65b99d1 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> @@ -15,13 +15,13 @@
>  #include <openssl/asn1.h>
>  #include <openssl/x509.h>
>  #include <openssl/bio.h>
> -#include <internal/x509_int.h>
> +#include <crypto/x509.h>
>  #include <openssl/pkcs7.h>
>  #include <openssl/bn.h>
>  #include <openssl/x509_vfy.h>
>  #include <openssl/pem.h>
>  #include <openssl/evp.h>
> -#include <internal/asn1_int.h>
> +#include <crypto/asn1.h>
>  
>  /**
>    This function will return the leaf signer certificate in a chain.  This is
> diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c
> index 9f3983f7c35b..9e0179b03490 100644
> --- a/CryptoPkg/Library/OpensslLib/rand_pool.c
> +++ b/CryptoPkg/Library/OpensslLib/rand_pool.c
> @@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  
>  **/
>  
> -#include "internal/rand_int.h"
> +#include "crypto/rand.h"
>  #include <openssl/aes.h>
>  
>  #include <Uefi.h>
> diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl
> index c3656cc594da..e2e09d9fba11 160000
> --- a/CryptoPkg/Library/OpensslLib/openssl
> +++ b/CryptoPkg/Library/OpensslLib/openssl
> @@ -1 +1 @@
> -Subproject commit c3656cc594daac8167721dde7220f0e59ae146fc
> +Subproject commit e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72
> diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
> index 65d07a2aed44..57ce1953947b 100755
> --- a/CryptoPkg/Library/OpensslLib/process_files.pl
> +++ b/CryptoPkg/Library/OpensslLib/process_files.pl
> @@ -111,8 +111,8 @@ BEGIN {
>              # Generate dso_conf.h per config data
>              system(
>                  "perl -I. -Mconfigdata util/dofile.pl " .
> -                "crypto/include/internal/dso_conf.h.in " .
> -                "> include/internal/dso_conf.h"
> +                "include/crypto/dso_conf.h.in " .
> +                "> include/crypto/dso_conf.h"
>                  ) == 0 ||
>                      die "Failed to generate dso_conf.h!\n";
>  
> @@ -263,14 +263,21 @@ print "Done!";
>  # Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration
>  #
>  print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
> -copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
> -     $OPENSSL_PATH . "/../../Include/openssl/") ||
> -   die "Cannot copy opensslconf.h!";
> +system(
> +    "perl -pe 's/\\n/\\r\\n/' " .
> +    "< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " .
> +    "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h"
> +    ) == 0 ||
> +    die "Cannot copy opensslconf.h!";
>  print "Done!";
> -print "\n--> Duplicating dso_conf.h into Include/internal ... ";
> -copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
> -     $OPENSSL_PATH . "/../../Include/internal/") ||
> -   die "Cannot copy dso_conf.h!";
> +
> +print "\n--> Duplicating dso_conf.h into Include/crypto ... ";
> +system(
> +    "perl -pe 's/\\n/\\r\\n/' " .
> +    "< " . $OPENSSL_PATH . "/include/crypto/dso_conf.h" .
> +    "> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h"
> +    ) == 0 ||
> +    die "Cannot copy dso_conf.h!";
>  print "Done!\n";
>  
>  print "\nProcessing Files Done!\n";
> 

I think we could significantly improve the LF->CRLF conversion, because
running system("perl -pe") from a script that's *already* being executed
by the Perl interpreter is overkill.

We should simply convert the "-p" option of the sub-perl into a simple
loop -- as described in the perlrun(1) manual for "-p" --, and in the
body of that loop, convert each line.

But, this script is run so infrequently that I totally don't desire to
review v3 of this patch just for such an update. I'm OK with the current
version (=v2). If we ever decide to improve the LF->CRLF conversion in
this script, I'd prefer seeing that as a separate patch (independently
of an OpenSSL upgrade).

So, just for clarity's sake:

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>

Thanks,
Laszlo

Re: [PATCH v2 1/1] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g

[Guomin Jiang]

Checked in 8c30327debb28c0b6cfa2106b736774e0b20daac.

> -----Original Message-----
> From: Laszlo Ersek <lersek@redhat.com>
> Sent: Saturday, July 18, 2020 12:18 AM
> To: Jiang, Guomin <guomin.jiang@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> <xiaoyux.lu@intel.com>
> Subject: Re: [PATCH v2 1/1] CryptoPkg/OpensslLib: Upgrade OpenSSL to
> 1.1.1g
> 
> On 07/17/20 03:36, Guomin Jiang wrote:
> > Upgrade openssl to 1.1.1g. the directory have been reorganized,
> > openssl moved crypto/include/internal to include/crypto folder.
> > So we change directory to match the re-organization.
> >
> > The dso_conf.h and opensslconf.h will generated in UNIX format, change
> > process_files.pl to covent the EOL automatically.
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
> > Reviewed-by: Laszlo Ersek <lersek@redhat.com>
> > Tested-by: Laszlo Ersek <lersek@redhat.com>
> > ---
> >  CryptoPkg/CryptoPkg.dec                       |  1 -
> >  CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 58 +++++++++----------
> >  .../Library/OpensslLib/OpensslLibCrypto.inf   | 50 ++++++++--------
> >  .../Include/{internal => crypto}/dso_conf.h   | 32 +++++-----
> >  .../Library/Include/openssl/opensslconf.h     |  3 -
> >  .../Library/BaseCryptLib/Hash/CryptSm3.c      |  2 +-
> >  .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c     |  4 +-
> >  CryptoPkg/Library/OpensslLib/rand_pool.c      |  2 +-
> >  CryptoPkg/Library/OpensslLib/openssl          |  2 +-
> >  CryptoPkg/Library/OpensslLib/process_files.pl | 25 +++++---
> >  10 files changed, 91 insertions(+), 88 deletions(-)  rename
> > CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (76%)
> 
> The patch changed non-trivially, so *in general* my R-b and especially T-b
> tags should have been dropped, in v2.
> 
> However, the v1->v2 changes are the following:
> 
> - the commit message has been extended, the way I asked,
> 
> - the code changes are restricted to "process_files.pl", and:
> 
>   - I never tested that script in the first place (my T-b didn't
>     cover the script anyway), so my T-b is unaffected by the v1->v2
>     update
> 
>   - the new stuff in the script looks acceptable (although certainly not
>     optimal; see below), so I'm fine with keeping my R-b as well.
> 
> >
> > diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index
> > 4d1a1368a8d4..5888941bab4c 100644
> > --- a/CryptoPkg/CryptoPkg.dec
> > +++ b/CryptoPkg/CryptoPkg.dec
> > @@ -23,7 +23,6 @@ [Includes.Common.Private]
> >    Private
> >    Library/Include
> >    Library/OpensslLib/openssl/include
> > -  Library/OpensslLib/openssl/crypto/include
> >
> >  [LibraryClasses]
> >    ##  @libraryclass  Provides basic library functions for cryptographic
> primitives.
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > index c8ec9454bd90..dbbe5386a10c 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > @@ -477,45 +477,45 @@ [Sources]
> >    $(OPENSSL_PATH)/crypto/s390x_arch.h
> >    $(OPENSSL_PATH)/crypto/sparc_arch.h
> >    $(OPENSSL_PATH)/crypto/vms_rms.h
> > -  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
> > +  $(OPENSSL_PATH)/crypto/aes/aes_local.h
> >    $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
> > -  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
> > +  $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
> >    $(OPENSSL_PATH)/crypto/asn1/charmap.h
> >    $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
> >    $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
> > -  $(OPENSSL_PATH)/crypto/async/async_locl.h
> > +  $(OPENSSL_PATH)/crypto/async/async_local.h
> >    $(OPENSSL_PATH)/crypto/async/arch/async_null.h
> >    $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
> >    $(OPENSSL_PATH)/crypto/async/arch/async_win.h
> > -  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
> > -  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
> > +  $(OPENSSL_PATH)/crypto/bio/bio_local.h
> > +  $(OPENSSL_PATH)/crypto/bn/bn_local.h
> >    $(OPENSSL_PATH)/crypto/bn/bn_prime.h
> >    $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> > -  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
> > +  $(OPENSSL_PATH)/crypto/comp/comp_local.h
> >    $(OPENSSL_PATH)/crypto/conf/conf_def.h
> > -  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
> > -  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
> > -  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
> > -  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
> > -  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
> > -  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
> > -  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
> > -  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
> > +  $(OPENSSL_PATH)/crypto/conf/conf_local.h
> > +  $(OPENSSL_PATH)/crypto/dh/dh_local.h
> > +  $(OPENSSL_PATH)/crypto/dso/dso_local.h
> > +  $(OPENSSL_PATH)/crypto/evp/evp_local.h
> > +  $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> > +  $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> > +  $(OPENSSL_PATH)/crypto/md5/md5_local.h
> > +  $(OPENSSL_PATH)/crypto/modes/modes_local.h
> >    $(OPENSSL_PATH)/crypto/objects/obj_dat.h
> > -  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
> > +  $(OPENSSL_PATH)/crypto/objects/obj_local.h
> >    $(OPENSSL_PATH)/crypto/objects/obj_xref.h
> > -  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
> > -  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
> > -  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
> > -  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
> > -  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
> > +  $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
> > +  $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
> > +  $(OPENSSL_PATH)/crypto/rand/rand_local.h
> > +  $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
> > +  $(OPENSSL_PATH)/crypto/sha/sha_local.h
> >    $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
> > -  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
> > -  $(OPENSSL_PATH)/crypto/store/store_locl.h
> > -  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
> > -  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
> > +  $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
> > +  $(OPENSSL_PATH)/crypto/store/store_local.h
> > +  $(OPENSSL_PATH)/crypto/ui/ui_local.h
> > +  $(OPENSSL_PATH)/crypto/x509/x509_local.h
> >    $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
> > -  $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
> > +  $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
> >    $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
> >    $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
> >    $(OPENSSL_PATH)/ssl/bio_ssl.c
> > @@ -562,13 +562,13 @@ [Sources]
> >    $(OPENSSL_PATH)/ssl/t1_trce.c
> >    $(OPENSSL_PATH)/ssl/tls13_enc.c
> >    $(OPENSSL_PATH)/ssl/tls_srp.c
> > -  $(OPENSSL_PATH)/ssl/packet_locl.h
> > +  $(OPENSSL_PATH)/ssl/packet_local.h
> >    $(OPENSSL_PATH)/ssl/ssl_cert_table.h
> > -  $(OPENSSL_PATH)/ssl/ssl_locl.h
> > +  $(OPENSSL_PATH)/ssl/ssl_local.h
> >    $(OPENSSL_PATH)/ssl/record/record.h
> > -  $(OPENSSL_PATH)/ssl/record/record_locl.h
> > +  $(OPENSSL_PATH)/ssl/record/record_local.h
> >    $(OPENSSL_PATH)/ssl/statem/statem.h
> > -  $(OPENSSL_PATH)/ssl/statem/statem_locl.h
> > +  $(OPENSSL_PATH)/ssl/statem/statem_local.h
> >  # Autogenerated files list ends here
> >    buildinf.h
> >    rand_pool_noise.h
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > index 2f232e3e1289..616ccd9f62d1 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > @@ -477,45 +477,45 @@ [Sources]
> >    $(OPENSSL_PATH)/crypto/s390x_arch.h
> >    $(OPENSSL_PATH)/crypto/sparc_arch.h
> >    $(OPENSSL_PATH)/crypto/vms_rms.h
> > -  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
> > +  $(OPENSSL_PATH)/crypto/aes/aes_local.h
> >    $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
> > -  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
> > +  $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
> >    $(OPENSSL_PATH)/crypto/asn1/charmap.h
> >    $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
> >    $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
> > -  $(OPENSSL_PATH)/crypto/async/async_locl.h
> > +  $(OPENSSL_PATH)/crypto/async/async_local.h
> >    $(OPENSSL_PATH)/crypto/async/arch/async_null.h
> >    $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
> >    $(OPENSSL_PATH)/crypto/async/arch/async_win.h
> > -  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
> > -  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
> > +  $(OPENSSL_PATH)/crypto/bio/bio_local.h
> > +  $(OPENSSL_PATH)/crypto/bn/bn_local.h
> >    $(OPENSSL_PATH)/crypto/bn/bn_prime.h
> >    $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> > -  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
> > +  $(OPENSSL_PATH)/crypto/comp/comp_local.h
> >    $(OPENSSL_PATH)/crypto/conf/conf_def.h
> > -  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
> > -  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
> > -  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
> > -  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
> > -  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
> > -  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
> > -  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
> > -  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
> > +  $(OPENSSL_PATH)/crypto/conf/conf_local.h
> > +  $(OPENSSL_PATH)/crypto/dh/dh_local.h
> > +  $(OPENSSL_PATH)/crypto/dso/dso_local.h
> > +  $(OPENSSL_PATH)/crypto/evp/evp_local.h
> > +  $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> > +  $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> > +  $(OPENSSL_PATH)/crypto/md5/md5_local.h
> > +  $(OPENSSL_PATH)/crypto/modes/modes_local.h
> >    $(OPENSSL_PATH)/crypto/objects/obj_dat.h
> > -  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
> > +  $(OPENSSL_PATH)/crypto/objects/obj_local.h
> >    $(OPENSSL_PATH)/crypto/objects/obj_xref.h
> > -  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
> > -  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
> > -  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
> > -  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
> > -  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
> > +  $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
> > +  $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
> > +  $(OPENSSL_PATH)/crypto/rand/rand_local.h
> > +  $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
> > +  $(OPENSSL_PATH)/crypto/sha/sha_local.h
> >    $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
> > -  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
> > -  $(OPENSSL_PATH)/crypto/store/store_locl.h
> > -  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
> > -  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
> > +  $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
> > +  $(OPENSSL_PATH)/crypto/store/store_local.h
> > +  $(OPENSSL_PATH)/crypto/ui/ui_local.h
> > +  $(OPENSSL_PATH)/crypto/x509/x509_local.h
> >    $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
> > -  $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
> > +  $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
> >    $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
> >    $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
> >  # Autogenerated files list ends here
> > diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h
> > b/CryptoPkg/Library/Include/crypto/dso_conf.h
> > similarity index 76%
> > rename from CryptoPkg/Library/Include/internal/dso_conf.h
> > rename to CryptoPkg/Library/Include/crypto/dso_conf.h
> > index 43c891588bc2..95f4db2b1586 100644
> > --- a/CryptoPkg/Library/Include/internal/dso_conf.h
> > +++ b/CryptoPkg/Library/Include/crypto/dso_conf.h
> > @@ -1,16 +1,16 @@
> > -/* WARNING: do not edit! */
> > -/* Generated from crypto/include/internal/dso_conf.h.in */
> > -/*
> > - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
> > - *
> > - * Licensed under the OpenSSL license (the "License").  You may not
> > use
> > - * this file except in compliance with the License.  You can obtain a
> > copy
> > - * in the file LICENSE in the source distribution or at
> > - * https://www.openssl.org/source/license.html
> > - */
> > -
> > -#ifndef HEADER_DSO_CONF_H
> > -# define HEADER_DSO_CONF_H
> > -# define DSO_NONE
> > -# define DSO_EXTENSION ".so"
> > -#endif
> > +/* WARNING: do not edit! */
> > +/* Generated from include/crypto/dso_conf.h.in */
> > +/*
> > + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
> > + *
> > + * Licensed under the OpenSSL license (the "License").  You may not
> > +use
> > + * this file except in compliance with the License.  You can obtain a
> > +copy
> > + * in the file LICENSE in the source distribution or at
> > + * https://www.openssl.org/source/license.html
> > + */
> > +
> > +#ifndef OSSL_CRYPTO_DSO_CONF_H
> > +# define OSSL_CRYPTO_DSO_CONF_H
> > +# define DSO_NONE
> > +# define DSO_EXTENSION ".so"
> > +#endif
> > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> > b/CryptoPkg/Library/Include/openssl/opensslconf.h
> > index 62c2736cb0b5..3a2544ea5ccc 100644
> > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> > @@ -247,9 +247,6 @@ extern "C" {
> >  #ifndef OPENSSL_NO_DYNAMIC_ENGINE
> >  # define OPENSSL_NO_DYNAMIC_ENGINE
> >  #endif
> > -#ifndef OPENSSL_NO_AFALGENG
> > -# define OPENSSL_NO_AFALGENG
> > -#endif
> >
> >
> >  /*
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
> > b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
> > index eacf4826c4f7..235331c2a038 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
> > @@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent  **/
> >
> >  #include "InternalCryptLib.h"
> > -#include "internal/sm3.h"
> > +#include "crypto/sm3.h"
> >
> >  /**
> >    Retrieves the size, in bytes, of the context buffer required for SM3 hash
> operations.
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > index 229c244b2657..c9fdb65b99d1 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > @@ -15,13 +15,13 @@
> >  #include <openssl/asn1.h>
> >  #include <openssl/x509.h>
> >  #include <openssl/bio.h>
> > -#include <internal/x509_int.h>
> > +#include <crypto/x509.h>
> >  #include <openssl/pkcs7.h>
> >  #include <openssl/bn.h>
> >  #include <openssl/x509_vfy.h>
> >  #include <openssl/pem.h>
> >  #include <openssl/evp.h>
> > -#include <internal/asn1_int.h>
> > +#include <crypto/asn1.h>
> >
> >  /**
> >    This function will return the leaf signer certificate in a chain.
> > This is diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c
> > b/CryptoPkg/Library/OpensslLib/rand_pool.c
> > index 9f3983f7c35b..9e0179b03490 100644
> > --- a/CryptoPkg/Library/OpensslLib/rand_pool.c
> > +++ b/CryptoPkg/Library/OpensslLib/rand_pool.c
> > @@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> >  **/
> >
> > -#include "internal/rand_int.h"
> > +#include "crypto/rand.h"
> >  #include <openssl/aes.h>
> >
> >  #include <Uefi.h>
> > diff --git a/CryptoPkg/Library/OpensslLib/openssl
> > b/CryptoPkg/Library/OpensslLib/openssl
> > index c3656cc594da..e2e09d9fba11 160000
> > --- a/CryptoPkg/Library/OpensslLib/openssl
> > +++ b/CryptoPkg/Library/OpensslLib/openssl
> > @@ -1 +1 @@
> > -Subproject commit c3656cc594daac8167721dde7220f0e59ae146fc
> > +Subproject commit e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72
> > diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl
> > b/CryptoPkg/Library/OpensslLib/process_files.pl
> > index 65d07a2aed44..57ce1953947b 100755
> > --- a/CryptoPkg/Library/OpensslLib/process_files.pl
> > +++ b/CryptoPkg/Library/OpensslLib/process_files.pl
> > @@ -111,8 +111,8 @@ BEGIN {
> >              # Generate dso_conf.h per config data
> >              system(
> >                  "perl -I. -Mconfigdata util/dofile.pl " .
> > -                "crypto/include/internal/dso_conf.h.in " .
> > -                "> include/internal/dso_conf.h"
> > +                "include/crypto/dso_conf.h.in " .
> > +                "> include/crypto/dso_conf.h"
> >                  ) == 0 ||
> >                      die "Failed to generate dso_conf.h!\n";
> >
> > @@ -263,14 +263,21 @@ print "Done!";
> >  # Copy opensslconf.h and dso_conf.h generated from OpenSSL
> > Configuration  #  print "\n--> Duplicating opensslconf.h into
> > Include/openssl ... "; -copy($OPENSSL_PATH .
> > "/include/openssl/opensslconf.h",
> > -     $OPENSSL_PATH . "/../../Include/openssl/") ||
> > -   die "Cannot copy opensslconf.h!";
> > +system(
> > +    "perl -pe 's/\\n/\\r\\n/' " .
> > +    "< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " .
> > +    "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h"
> > +    ) == 0 ||
> > +    die "Cannot copy opensslconf.h!";
> >  print "Done!";
> > -print "\n--> Duplicating dso_conf.h into Include/internal ... ";
> > -copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
> > -     $OPENSSL_PATH . "/../../Include/internal/") ||
> > -   die "Cannot copy dso_conf.h!";
> > +
> > +print "\n--> Duplicating dso_conf.h into Include/crypto ... ";
> > +system(
> > +    "perl -pe 's/\\n/\\r\\n/' " .
> > +    "< " . $OPENSSL_PATH . "/include/crypto/dso_conf.h" .
> > +    "> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h"
> > +    ) == 0 ||
> > +    die "Cannot copy dso_conf.h!";
> >  print "Done!\n";
> >
> >  print "\nProcessing Files Done!\n";
> >
> 
> I think we could significantly improve the LF->CRLF conversion, because
> running system("perl -pe") from a script that's *already* being executed by
> the Perl interpreter is overkill.
> 
> We should simply convert the "-p" option of the sub-perl into a simple loop --
> as described in the perlrun(1) manual for "-p" --, and in the body of that loop,
> convert each line.
> 
> But, this script is run so infrequently that I totally don't desire to review v3 of
> this patch just for such an update. I'm OK with the current version (=v2). If
> we ever decide to improve the LF->CRLF conversion in this script, I'd prefer
> seeing that as a separate patch (independently of an OpenSSL upgrade).
> 
> So, just for clarity's sake:
> 
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
> Tested-by: Laszlo Ersek <lersek@redhat.com>
> 
> Thanks,
> Laszlo