public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Laszlo Ersek" <lersek@redhat.com>
To: devel@edk2.groups.io, guomin.jiang@intel.com
Cc: Jian J Wang <jian.j.wang@intel.com>,
	Xiaoyu Lu <xiaoyux.lu@intel.com>,
	GuoMinJ <newexplorerj@gmail.com>
Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g
Date: Mon, 13 Jul 2020 12:57:37 +0200	[thread overview]
Message-ID: <9eafd38b-8dc0-823e-c207-0eba3ca58670@redhat.com> (raw)
In-Reply-To: <20200710022736.408-1-guomin.jiang@intel.com>

On 07/10/20 04:27, Guomin Jiang wrote:
> Upgrade openssl to 1.1.1g. the directory have been reorganized,
> openssl moved crypto/include/internal to include/crypto folder.
> So we change directory to match the re-organization.

Right, the relevant OpenSSL commit seems to be 0c994d54afbb ("Reorganize
private crypto header files", 2019-09-27), from release tag
"OpenSSL_1_1_1e".

>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Signed-off-by: GuoMinJ <newexplorerj@gmail.com>
> ---
>  CryptoPkg/CryptoPkg.dec                       |  1 -
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 58 +++++++++----------
>  .../Library/OpensslLib/OpensslLibCrypto.inf   | 50 ++++++++--------
>  .../Include/{internal => crypto}/dso_conf.h   | 32 +++++-----
>  .../Library/Include/openssl/opensslconf.h     |  3 -
>  .../Library/BaseCryptLib/Hash/CryptSm3.c      |  2 +-
>  .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c     |  4 +-
>  CryptoPkg/Library/OpensslLib/rand_pool.c      |  2 +-
>  CryptoPkg/Library/OpensslLib/openssl          |  2 +-
>  CryptoPkg/Library/OpensslLib/process_files.pl | 10 ++--
>  10 files changed, 80 insertions(+), 84 deletions(-)
>  rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (76%)
>
> diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
> index 4d1a1368a8d4..5888941bab4c 100644
> --- a/CryptoPkg/CryptoPkg.dec
> +++ b/CryptoPkg/CryptoPkg.dec
> @@ -23,7 +23,6 @@ [Includes.Common.Private]
>    Private
>    Library/Include
>    Library/OpensslLib/openssl/include
> -  Library/OpensslLib/openssl/crypto/include
>
>  [LibraryClasses]
>    ##  @libraryclass  Provides basic library functions for cryptographic primitives.
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> index c8ec9454bd90..dbbe5386a10c 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> @@ -477,45 +477,45 @@ [Sources]
>    $(OPENSSL_PATH)/crypto/s390x_arch.h
>    $(OPENSSL_PATH)/crypto/sparc_arch.h
>    $(OPENSSL_PATH)/crypto/vms_rms.h
> -  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
> +  $(OPENSSL_PATH)/crypto/aes/aes_local.h
>    $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
> -  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
> +  $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
>    $(OPENSSL_PATH)/crypto/asn1/charmap.h
>    $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
>    $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
> -  $(OPENSSL_PATH)/crypto/async/async_locl.h
> +  $(OPENSSL_PATH)/crypto/async/async_local.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_null.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_win.h
> -  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
> -  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
> +  $(OPENSSL_PATH)/crypto/bio/bio_local.h
> +  $(OPENSSL_PATH)/crypto/bn/bn_local.h
>    $(OPENSSL_PATH)/crypto/bn/bn_prime.h
>    $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> -  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
> +  $(OPENSSL_PATH)/crypto/comp/comp_local.h
>    $(OPENSSL_PATH)/crypto/conf/conf_def.h
> -  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
> -  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
> -  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
> -  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
> -  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
> -  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
> -  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
> -  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
> +  $(OPENSSL_PATH)/crypto/conf/conf_local.h
> +  $(OPENSSL_PATH)/crypto/dh/dh_local.h
> +  $(OPENSSL_PATH)/crypto/dso/dso_local.h
> +  $(OPENSSL_PATH)/crypto/evp/evp_local.h
> +  $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> +  $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> +  $(OPENSSL_PATH)/crypto/md5/md5_local.h
> +  $(OPENSSL_PATH)/crypto/modes/modes_local.h
>    $(OPENSSL_PATH)/crypto/objects/obj_dat.h
> -  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
> +  $(OPENSSL_PATH)/crypto/objects/obj_local.h
>    $(OPENSSL_PATH)/crypto/objects/obj_xref.h
> -  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
> -  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
> -  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
> -  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
> -  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
> +  $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
> +  $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
> +  $(OPENSSL_PATH)/crypto/rand/rand_local.h
> +  $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
> +  $(OPENSSL_PATH)/crypto/sha/sha_local.h
>    $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
> -  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
> -  $(OPENSSL_PATH)/crypto/store/store_locl.h
> -  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
> -  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
> +  $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
> +  $(OPENSSL_PATH)/crypto/store/store_local.h
> +  $(OPENSSL_PATH)/crypto/ui/ui_local.h
> +  $(OPENSSL_PATH)/crypto/x509/x509_local.h
>    $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
> -  $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
> +  $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
>    $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
>    $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
>    $(OPENSSL_PATH)/ssl/bio_ssl.c
> @@ -562,13 +562,13 @@ [Sources]
>    $(OPENSSL_PATH)/ssl/t1_trce.c
>    $(OPENSSL_PATH)/ssl/tls13_enc.c
>    $(OPENSSL_PATH)/ssl/tls_srp.c
> -  $(OPENSSL_PATH)/ssl/packet_locl.h
> +  $(OPENSSL_PATH)/ssl/packet_local.h
>    $(OPENSSL_PATH)/ssl/ssl_cert_table.h
> -  $(OPENSSL_PATH)/ssl/ssl_locl.h
> +  $(OPENSSL_PATH)/ssl/ssl_local.h
>    $(OPENSSL_PATH)/ssl/record/record.h
> -  $(OPENSSL_PATH)/ssl/record/record_locl.h
> +  $(OPENSSL_PATH)/ssl/record/record_local.h
>    $(OPENSSL_PATH)/ssl/statem/statem.h
> -  $(OPENSSL_PATH)/ssl/statem/statem_locl.h
> +  $(OPENSSL_PATH)/ssl/statem/statem_local.h
>  # Autogenerated files list ends here
>    buildinf.h
>    rand_pool_noise.h
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> index 2f232e3e1289..616ccd9f62d1 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> @@ -477,45 +477,45 @@ [Sources]
>    $(OPENSSL_PATH)/crypto/s390x_arch.h
>    $(OPENSSL_PATH)/crypto/sparc_arch.h
>    $(OPENSSL_PATH)/crypto/vms_rms.h
> -  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
> +  $(OPENSSL_PATH)/crypto/aes/aes_local.h
>    $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
> -  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
> +  $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
>    $(OPENSSL_PATH)/crypto/asn1/charmap.h
>    $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
>    $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
> -  $(OPENSSL_PATH)/crypto/async/async_locl.h
> +  $(OPENSSL_PATH)/crypto/async/async_local.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_null.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
>    $(OPENSSL_PATH)/crypto/async/arch/async_win.h
> -  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
> -  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
> +  $(OPENSSL_PATH)/crypto/bio/bio_local.h
> +  $(OPENSSL_PATH)/crypto/bn/bn_local.h
>    $(OPENSSL_PATH)/crypto/bn/bn_prime.h
>    $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> -  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
> +  $(OPENSSL_PATH)/crypto/comp/comp_local.h
>    $(OPENSSL_PATH)/crypto/conf/conf_def.h
> -  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
> -  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
> -  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
> -  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
> -  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
> -  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
> -  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
> -  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
> +  $(OPENSSL_PATH)/crypto/conf/conf_local.h
> +  $(OPENSSL_PATH)/crypto/dh/dh_local.h
> +  $(OPENSSL_PATH)/crypto/dso/dso_local.h
> +  $(OPENSSL_PATH)/crypto/evp/evp_local.h
> +  $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> +  $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> +  $(OPENSSL_PATH)/crypto/md5/md5_local.h
> +  $(OPENSSL_PATH)/crypto/modes/modes_local.h
>    $(OPENSSL_PATH)/crypto/objects/obj_dat.h
> -  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
> +  $(OPENSSL_PATH)/crypto/objects/obj_local.h
>    $(OPENSSL_PATH)/crypto/objects/obj_xref.h
> -  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
> -  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
> -  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
> -  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
> -  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
> +  $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
> +  $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
> +  $(OPENSSL_PATH)/crypto/rand/rand_local.h
> +  $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
> +  $(OPENSSL_PATH)/crypto/sha/sha_local.h
>    $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
> -  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
> -  $(OPENSSL_PATH)/crypto/store/store_locl.h
> -  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
> -  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
> +  $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
> +  $(OPENSSL_PATH)/crypto/store/store_local.h
> +  $(OPENSSL_PATH)/crypto/ui/ui_local.h
> +  $(OPENSSL_PATH)/crypto/x509/x509_local.h
>    $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
> -  $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
> +  $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
>    $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
>    $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
>  # Autogenerated files list ends here

> diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h
> similarity index 76%
> rename from CryptoPkg/Library/Include/internal/dso_conf.h
> rename to CryptoPkg/Library/Include/crypto/dso_conf.h
> index 43c891588bc2..95f4db2b1586 100644
> --- a/CryptoPkg/Library/Include/internal/dso_conf.h
> +++ b/CryptoPkg/Library/Include/crypto/dso_conf.h
> @@ -1,16 +1,16 @@
> -/* WARNING: do not edit! */
> -/* Generated from crypto/include/internal/dso_conf.h.in */
> -/*
> - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
> - *
> - * Licensed under the OpenSSL license (the "License").  You may not use
> - * this file except in compliance with the License.  You can obtain a copy
> - * in the file LICENSE in the source distribution or at
> - * https://www.openssl.org/source/license.html
> - */
> -
> -#ifndef HEADER_DSO_CONF_H
> -# define HEADER_DSO_CONF_H
> -# define DSO_NONE
> -# define DSO_EXTENSION ".so"
> -#endif
> +/* WARNING: do not edit! */
> +/* Generated from include/crypto/dso_conf.h.in */
> +/*
> + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
> + *
> + * Licensed under the OpenSSL license (the "License").  You may not use
> + * this file except in compliance with the License.  You can obtain a copy
> + * in the file LICENSE in the source distribution or at
> + * https://www.openssl.org/source/license.html
> + */
> +
> +#ifndef OSSL_CRYPTO_DSO_CONF_H
> +# define OSSL_CRYPTO_DSO_CONF_H
> +# define DSO_NONE
> +# define DSO_EXTENSION ".so"
> +#endif

(1) I don't understand why this hunk is formatted like this. The diff
for this file should look as follows:

> diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h
> similarity index 78%
> rename from CryptoPkg/Library/Include/internal/dso_conf.h
> rename to CryptoPkg/Library/Include/crypto/dso_conf.h
> index 43c891588bc2..abbbf62caae1 100644
> --- a/CryptoPkg/Library/Include/internal/dso_conf.h
> +++ b/CryptoPkg/Library/Include/crypto/dso_conf.h
> @@ -1,5 +1,5 @@
>  /* WARNING: do not edit! */
> -/* Generated from crypto/include/internal/dso_conf.h.in */
> +/* Generated from include/crypto/dso_conf.h.in */
>  /*
>   * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
>   *
> @@ -9,8 +9,8 @@
>   * https://www.openssl.org/source/license.html
>   */
>
> -#ifndef HEADER_DSO_CONF_H
> -# define HEADER_DSO_CONF_H
> +#ifndef OSSL_CRYPTO_DSO_CONF_H
> +# define OSSL_CRYPTO_DSO_CONF_H
>  # define DSO_NONE
>  # define DSO_EXTENSION ".so"
>  #endif

Is it perhaps that your patch converts this source file to CRLF, for
some reason?

(Because, as an exception, this generated file currently has LF
terminators in the repository.)

I'm not saying the hunk is "wrong" in your patch; ultimately, the result
looks identical, modulo LF vs. CRLF. I just wonder why the CRLF
conversion of this generated header file is occurring at this specific
moment.

Anyway, if we want to do this, then I'd suggest briefly mentioning it in
the commit message. (No need to repost just for this.)


On 07/10/20 04:27, Guomin Jiang wrote:
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 62c2736cb0b5..3a2544ea5ccc 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -247,9 +247,6 @@ extern "C" {
>  #ifndef OPENSSL_NO_DYNAMIC_ENGINE
>  # define OPENSSL_NO_DYNAMIC_ENGINE
>  #endif
> -#ifndef OPENSSL_NO_AFALGENG
> -# define OPENSSL_NO_AFALGENG
> -#endif

Is this change intentional?

The INSTALL file in OpenSSL says:

>   no-afalgeng
>                    Don't build the AFALG engine. This option will be forced if
>                    on a platform that does not support AFALG.

Should we add "no-afalgeng" to "process_files.pl"?

... Hm, wait a minute, "process_files.pl" already contains
"no-afalgeng"!

So, there are two things I don't understand: (a) why OPENSSL_NO_AFALGENG
disappears, and (b) why the disappearance of OPENSSL_NO_AFALGENG does
not cause a build issue.

Namely:

- we build "crypto/init.c",

- "crypto/init.c" seems to reference engine_load_afalg_int() *unless*
the OPENSSL_NO_AFALGENG is defined,

- the engine_load_afalg_int() function is defined in "engines/e_afalg.c",

- but we don't build "engines/e_afalg.c".

... But, I think this should be OK, after all. We set "no-engine" in
"process_files.pl". According to INSTALL, that means "Don't build
support for loading engines."

And "opensslconf.h" defines, as a consequence, OPENSSL_NO_ENGINE.

In turn, OPENSSL_NO_AFALGENG is only checked in "crypto/init.c" if
OPENSSL_NO_ENGINE is *missing*.

That is, if OPENSSL_NO_ENGINE is defined, then the AFALG engine is never
enabled, regardless of OPENSSL_NO_AFALGENG:

#ifndef OPENSSL_NO_ENGINE
# ifndef OPENSSL_NO_STATIC_ENGINE
#  if !defined(OPENSSL_NO_AFALGENG)
...

OK, then!

On 07/10/20 04:27, Guomin Jiang wrote:
>
>
>  /*
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
> index eacf4826c4f7..235331c2a038 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
> @@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  **/
>
>  #include "InternalCryptLib.h"
> -#include "internal/sm3.h"
> +#include "crypto/sm3.h"
>
>  /**
>    Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> index 229c244b2657..c9fdb65b99d1 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> @@ -15,13 +15,13 @@
>  #include <openssl/asn1.h>
>  #include <openssl/x509.h>
>  #include <openssl/bio.h>
> -#include <internal/x509_int.h>
> +#include <crypto/x509.h>
>  #include <openssl/pkcs7.h>
>  #include <openssl/bn.h>
>  #include <openssl/x509_vfy.h>
>  #include <openssl/pem.h>
>  #include <openssl/evp.h>
> -#include <internal/asn1_int.h>
> +#include <crypto/asn1.h>
>
>  /**
>    This function will return the leaf signer certificate in a chain.  This is
> diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c
> index 9f3983f7c35b..9e0179b03490 100644
> --- a/CryptoPkg/Library/OpensslLib/rand_pool.c
> +++ b/CryptoPkg/Library/OpensslLib/rand_pool.c
> @@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>
>  **/
>
> -#include "internal/rand_int.h"
> +#include "crypto/rand.h"
>  #include <openssl/aes.h>
>
>  #include <Uefi.h>
> diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl
> index c3656cc594da..e2e09d9fba11 160000
> --- a/CryptoPkg/Library/OpensslLib/openssl
> +++ b/CryptoPkg/Library/OpensslLib/openssl
> @@ -1 +1 @@
> -Subproject commit c3656cc594daac8167721dde7220f0e59ae146fc
> +Subproject commit e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72
> diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
> index 65d07a2aed44..4ca81ce4fc50 100755
> --- a/CryptoPkg/Library/OpensslLib/process_files.pl
> +++ b/CryptoPkg/Library/OpensslLib/process_files.pl
> @@ -111,8 +111,8 @@ BEGIN {
>              # Generate dso_conf.h per config data
>              system(
>                  "perl -I. -Mconfigdata util/dofile.pl " .
> -                "crypto/include/internal/dso_conf.h.in " .
> -                "> include/internal/dso_conf.h"
> +                "include/crypto/dso_conf.h.in " .
> +                "> include/crypto/dso_conf.h"
>                  ) == 0 ||
>                      die "Failed to generate dso_conf.h!\n";
>
> @@ -267,9 +267,9 @@ copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
>       $OPENSSL_PATH . "/../../Include/openssl/") ||
>     die "Cannot copy opensslconf.h!";
>  print "Done!";
> -print "\n--> Duplicating dso_conf.h into Include/internal ... ";
> -copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
> -     $OPENSSL_PATH . "/../../Include/internal/") ||
> +print "\n--> Duplicating dso_conf.h into Include/crypto ... ";
> +copy($OPENSSL_PATH . "/include/crypto/dso_conf.h",
> +     $OPENSSL_PATH . "/../../Include/crypto/") ||
>     die "Cannot copy dso_conf.h!";
>  print "Done!\n";
>
>

So I didn't understand the new destination pathname
"CryptoPkg/Library/Include/crypto/dso_conf.h", at first.

But, again from OpenSSL commit 0c994d54afbb ("Reorganize private crypto
header files", 2019-09-27), the "crypto/init.c" file now contains:

#include "crypto/dso_conf.h"

So the new pathname seems reasonable to me -- "crypto/dso_conf.h" now
sits alongside "CrtLibSupport.h" (for example).

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>

(I used Secure Boot, EnrollDefaultKeys, and also HTTPSv4 boot for testing.)

Thanks!
Laszlo


  reply	other threads:[~2020-07-13 10:57 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-10  2:27 [PATCH 1/1] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g Guomin Jiang
2020-07-13 10:57 ` Laszlo Ersek [this message]
2020-07-16  8:12 ` Wang, Jian J
2020-07-16 13:09   ` [edk2-devel] " Laszlo Ersek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9eafd38b-8dc0-823e-c207-0eba3ca58670@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox