From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.120]) by mx.groups.io with SMTP id smtpd.web10.16952.1594637866544141926 for ; Mon, 13 Jul 2020 03:57:47 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=aHtJqgpN; spf=pass (domain: redhat.com, ip: 205.139.110.120, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1594637865; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ba3ktjO6zwkolGBNKYtT9eHswpA6m0FYqWZpntv8uhM=; b=aHtJqgpNNad0PeZm/cSOhGTtVFBtUt5Sbf5RGgBXjVRHz4xDEL6zO+n1+yKEANqYbuffmI /oN/wpTOrMUoIuhnmwwxAYskcpHWKC28ed/7b5Mpq3ofJmtyFwUgHknDwGjR2wRyw9B3yE VS73uiHa9nyoDhGWnxqZ+kqpnsb+SIY= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-162-DpJoqmReN46KUbYOBG6D9g-1; Mon, 13 Jul 2020 06:57:42 -0400 X-MC-Unique: DpJoqmReN46KUbYOBG6D9g-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id CA5ED8027E2; Mon, 13 Jul 2020 10:57:39 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-114-183.ams2.redhat.com [10.36.114.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3E1705C6C0; Mon, 13 Jul 2020 10:57:38 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g To: devel@edk2.groups.io, guomin.jiang@intel.com Cc: Jian J Wang , Xiaoyu Lu , GuoMinJ References: <20200710022736.408-1-guomin.jiang@intel.com> From: "Laszlo Ersek" Message-ID: <9eafd38b-8dc0-823e-c207-0eba3ca58670@redhat.com> Date: Mon, 13 Jul 2020 12:57:37 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20200710022736.408-1-guomin.jiang@intel.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 07/10/20 04:27, Guomin Jiang wrote: > Upgrade openssl to 1.1.1g. the directory have been reorganized, > openssl moved crypto/include/internal to include/crypto folder. > So we change directory to match the re-organization. Right, the relevant OpenSSL commit seems to be 0c994d54afbb ("Reorganize private crypto header files", 2019-09-27), from release tag "OpenSSL_1_1_1e". > > Cc: Jian J Wang > Cc: Xiaoyu Lu > Signed-off-by: GuoMinJ > --- > CryptoPkg/CryptoPkg.dec | 1 - > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 58 +++++++++---------- > .../Library/OpensslLib/OpensslLibCrypto.inf | 50 ++++++++-------- > .../Include/{internal => crypto}/dso_conf.h | 32 +++++----- > .../Library/Include/openssl/opensslconf.h | 3 - > .../Library/BaseCryptLib/Hash/CryptSm3.c | 2 +- > .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 +- > CryptoPkg/Library/OpensslLib/rand_pool.c | 2 +- > CryptoPkg/Library/OpensslLib/openssl | 2 +- > CryptoPkg/Library/OpensslLib/process_files.pl | 10 ++-- > 10 files changed, 80 insertions(+), 84 deletions(-) > rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (76%) > > diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec > index 4d1a1368a8d4..5888941bab4c 100644 > --- a/CryptoPkg/CryptoPkg.dec > +++ b/CryptoPkg/CryptoPkg.dec > @@ -23,7 +23,6 @@ [Includes.Common.Private] > Private > Library/Include > Library/OpensslLib/openssl/include > - Library/OpensslLib/openssl/crypto/include > > [LibraryClasses] > ## @libraryclass Provides basic library functions for cryptographic primitives. > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index c8ec9454bd90..dbbe5386a10c 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -477,45 +477,45 @@ [Sources] > $(OPENSSL_PATH)/crypto/s390x_arch.h > $(OPENSSL_PATH)/crypto/sparc_arch.h > $(OPENSSL_PATH)/crypto/vms_rms.h > - $(OPENSSL_PATH)/crypto/aes/aes_locl.h > + $(OPENSSL_PATH)/crypto/aes/aes_local.h > $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h > - $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h > + $(OPENSSL_PATH)/crypto/asn1/asn1_local.h > $(OPENSSL_PATH)/crypto/asn1/charmap.h > $(OPENSSL_PATH)/crypto/asn1/standard_methods.h > $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h > - $(OPENSSL_PATH)/crypto/async/async_locl.h > + $(OPENSSL_PATH)/crypto/async/async_local.h > $(OPENSSL_PATH)/crypto/async/arch/async_null.h > $(OPENSSL_PATH)/crypto/async/arch/async_posix.h > $(OPENSSL_PATH)/crypto/async/arch/async_win.h > - $(OPENSSL_PATH)/crypto/bio/bio_lcl.h > - $(OPENSSL_PATH)/crypto/bn/bn_lcl.h > + $(OPENSSL_PATH)/crypto/bio/bio_local.h > + $(OPENSSL_PATH)/crypto/bn/bn_local.h > $(OPENSSL_PATH)/crypto/bn/bn_prime.h > $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h > - $(OPENSSL_PATH)/crypto/comp/comp_lcl.h > + $(OPENSSL_PATH)/crypto/comp/comp_local.h > $(OPENSSL_PATH)/crypto/conf/conf_def.h > - $(OPENSSL_PATH)/crypto/conf/conf_lcl.h > - $(OPENSSL_PATH)/crypto/dh/dh_locl.h > - $(OPENSSL_PATH)/crypto/dso/dso_locl.h > - $(OPENSSL_PATH)/crypto/evp/evp_locl.h > - $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h > - $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h > - $(OPENSSL_PATH)/crypto/md5/md5_locl.h > - $(OPENSSL_PATH)/crypto/modes/modes_lcl.h > + $(OPENSSL_PATH)/crypto/conf/conf_local.h > + $(OPENSSL_PATH)/crypto/dh/dh_local.h > + $(OPENSSL_PATH)/crypto/dso/dso_local.h > + $(OPENSSL_PATH)/crypto/evp/evp_local.h > + $(OPENSSL_PATH)/crypto/hmac/hmac_local.h > + $(OPENSSL_PATH)/crypto/lhash/lhash_local.h > + $(OPENSSL_PATH)/crypto/md5/md5_local.h > + $(OPENSSL_PATH)/crypto/modes/modes_local.h > $(OPENSSL_PATH)/crypto/objects/obj_dat.h > - $(OPENSSL_PATH)/crypto/objects/obj_lcl.h > + $(OPENSSL_PATH)/crypto/objects/obj_local.h > $(OPENSSL_PATH)/crypto/objects/obj_xref.h > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h > - $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h > - $(OPENSSL_PATH)/crypto/rand/rand_lcl.h > - $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h > - $(OPENSSL_PATH)/crypto/sha/sha_locl.h > + $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h > + $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h > + $(OPENSSL_PATH)/crypto/rand/rand_local.h > + $(OPENSSL_PATH)/crypto/rsa/rsa_local.h > + $(OPENSSL_PATH)/crypto/sha/sha_local.h > $(OPENSSL_PATH)/crypto/siphash/siphash_local.h > - $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h > - $(OPENSSL_PATH)/crypto/store/store_locl.h > - $(OPENSSL_PATH)/crypto/ui/ui_locl.h > - $(OPENSSL_PATH)/crypto/x509/x509_lcl.h > + $(OPENSSL_PATH)/crypto/sm3/sm3_local.h > + $(OPENSSL_PATH)/crypto/store/store_local.h > + $(OPENSSL_PATH)/crypto/ui/ui_local.h > + $(OPENSSL_PATH)/crypto/x509/x509_local.h > $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h > - $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h > + $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h > $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h > $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h > $(OPENSSL_PATH)/ssl/bio_ssl.c > @@ -562,13 +562,13 @@ [Sources] > $(OPENSSL_PATH)/ssl/t1_trce.c > $(OPENSSL_PATH)/ssl/tls13_enc.c > $(OPENSSL_PATH)/ssl/tls_srp.c > - $(OPENSSL_PATH)/ssl/packet_locl.h > + $(OPENSSL_PATH)/ssl/packet_local.h > $(OPENSSL_PATH)/ssl/ssl_cert_table.h > - $(OPENSSL_PATH)/ssl/ssl_locl.h > + $(OPENSSL_PATH)/ssl/ssl_local.h > $(OPENSSL_PATH)/ssl/record/record.h > - $(OPENSSL_PATH)/ssl/record/record_locl.h > + $(OPENSSL_PATH)/ssl/record/record_local.h > $(OPENSSL_PATH)/ssl/statem/statem.h > - $(OPENSSL_PATH)/ssl/statem/statem_locl.h > + $(OPENSSL_PATH)/ssl/statem/statem_local.h > # Autogenerated files list ends here > buildinf.h > rand_pool_noise.h > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index 2f232e3e1289..616ccd9f62d1 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -477,45 +477,45 @@ [Sources] > $(OPENSSL_PATH)/crypto/s390x_arch.h > $(OPENSSL_PATH)/crypto/sparc_arch.h > $(OPENSSL_PATH)/crypto/vms_rms.h > - $(OPENSSL_PATH)/crypto/aes/aes_locl.h > + $(OPENSSL_PATH)/crypto/aes/aes_local.h > $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h > - $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h > + $(OPENSSL_PATH)/crypto/asn1/asn1_local.h > $(OPENSSL_PATH)/crypto/asn1/charmap.h > $(OPENSSL_PATH)/crypto/asn1/standard_methods.h > $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h > - $(OPENSSL_PATH)/crypto/async/async_locl.h > + $(OPENSSL_PATH)/crypto/async/async_local.h > $(OPENSSL_PATH)/crypto/async/arch/async_null.h > $(OPENSSL_PATH)/crypto/async/arch/async_posix.h > $(OPENSSL_PATH)/crypto/async/arch/async_win.h > - $(OPENSSL_PATH)/crypto/bio/bio_lcl.h > - $(OPENSSL_PATH)/crypto/bn/bn_lcl.h > + $(OPENSSL_PATH)/crypto/bio/bio_local.h > + $(OPENSSL_PATH)/crypto/bn/bn_local.h > $(OPENSSL_PATH)/crypto/bn/bn_prime.h > $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h > - $(OPENSSL_PATH)/crypto/comp/comp_lcl.h > + $(OPENSSL_PATH)/crypto/comp/comp_local.h > $(OPENSSL_PATH)/crypto/conf/conf_def.h > - $(OPENSSL_PATH)/crypto/conf/conf_lcl.h > - $(OPENSSL_PATH)/crypto/dh/dh_locl.h > - $(OPENSSL_PATH)/crypto/dso/dso_locl.h > - $(OPENSSL_PATH)/crypto/evp/evp_locl.h > - $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h > - $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h > - $(OPENSSL_PATH)/crypto/md5/md5_locl.h > - $(OPENSSL_PATH)/crypto/modes/modes_lcl.h > + $(OPENSSL_PATH)/crypto/conf/conf_local.h > + $(OPENSSL_PATH)/crypto/dh/dh_local.h > + $(OPENSSL_PATH)/crypto/dso/dso_local.h > + $(OPENSSL_PATH)/crypto/evp/evp_local.h > + $(OPENSSL_PATH)/crypto/hmac/hmac_local.h > + $(OPENSSL_PATH)/crypto/lhash/lhash_local.h > + $(OPENSSL_PATH)/crypto/md5/md5_local.h > + $(OPENSSL_PATH)/crypto/modes/modes_local.h > $(OPENSSL_PATH)/crypto/objects/obj_dat.h > - $(OPENSSL_PATH)/crypto/objects/obj_lcl.h > + $(OPENSSL_PATH)/crypto/objects/obj_local.h > $(OPENSSL_PATH)/crypto/objects/obj_xref.h > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h > - $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h > - $(OPENSSL_PATH)/crypto/rand/rand_lcl.h > - $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h > - $(OPENSSL_PATH)/crypto/sha/sha_locl.h > + $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h > + $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h > + $(OPENSSL_PATH)/crypto/rand/rand_local.h > + $(OPENSSL_PATH)/crypto/rsa/rsa_local.h > + $(OPENSSL_PATH)/crypto/sha/sha_local.h > $(OPENSSL_PATH)/crypto/siphash/siphash_local.h > - $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h > - $(OPENSSL_PATH)/crypto/store/store_locl.h > - $(OPENSSL_PATH)/crypto/ui/ui_locl.h > - $(OPENSSL_PATH)/crypto/x509/x509_lcl.h > + $(OPENSSL_PATH)/crypto/sm3/sm3_local.h > + $(OPENSSL_PATH)/crypto/store/store_local.h > + $(OPENSSL_PATH)/crypto/ui/ui_local.h > + $(OPENSSL_PATH)/crypto/x509/x509_local.h > $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h > - $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h > + $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h > $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h > $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h > # Autogenerated files list ends here > diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h > similarity index 76% > rename from CryptoPkg/Library/Include/internal/dso_conf.h > rename to CryptoPkg/Library/Include/crypto/dso_conf.h > index 43c891588bc2..95f4db2b1586 100644 > --- a/CryptoPkg/Library/Include/internal/dso_conf.h > +++ b/CryptoPkg/Library/Include/crypto/dso_conf.h > @@ -1,16 +1,16 @@ > -/* WARNING: do not edit! */ > -/* Generated from crypto/include/internal/dso_conf.h.in */ > -/* > - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. > - * > - * Licensed under the OpenSSL license (the "License"). You may not use > - * this file except in compliance with the License. You can obtain a copy > - * in the file LICENSE in the source distribution or at > - * https://www.openssl.org/source/license.html > - */ > - > -#ifndef HEADER_DSO_CONF_H > -# define HEADER_DSO_CONF_H > -# define DSO_NONE > -# define DSO_EXTENSION ".so" > -#endif > +/* WARNING: do not edit! */ > +/* Generated from include/crypto/dso_conf.h.in */ > +/* > + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. > + * > + * Licensed under the OpenSSL license (the "License"). You may not use > + * this file except in compliance with the License. You can obtain a copy > + * in the file LICENSE in the source distribution or at > + * https://www.openssl.org/source/license.html > + */ > + > +#ifndef OSSL_CRYPTO_DSO_CONF_H > +# define OSSL_CRYPTO_DSO_CONF_H > +# define DSO_NONE > +# define DSO_EXTENSION ".so" > +#endif (1) I don't understand why this hunk is formatted like this. The diff for this file should look as follows: > diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h > similarity index 78% > rename from CryptoPkg/Library/Include/internal/dso_conf.h > rename to CryptoPkg/Library/Include/crypto/dso_conf.h > index 43c891588bc2..abbbf62caae1 100644 > --- a/CryptoPkg/Library/Include/internal/dso_conf.h > +++ b/CryptoPkg/Library/Include/crypto/dso_conf.h > @@ -1,5 +1,5 @@ > /* WARNING: do not edit! */ > -/* Generated from crypto/include/internal/dso_conf.h.in */ > +/* Generated from include/crypto/dso_conf.h.in */ > /* > * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. > * > @@ -9,8 +9,8 @@ > * https://www.openssl.org/source/license.html > */ > > -#ifndef HEADER_DSO_CONF_H > -# define HEADER_DSO_CONF_H > +#ifndef OSSL_CRYPTO_DSO_CONF_H > +# define OSSL_CRYPTO_DSO_CONF_H > # define DSO_NONE > # define DSO_EXTENSION ".so" > #endif Is it perhaps that your patch converts this source file to CRLF, for some reason? (Because, as an exception, this generated file currently has LF terminators in the repository.) I'm not saying the hunk is "wrong" in your patch; ultimately, the result looks identical, modulo LF vs. CRLF. I just wonder why the CRLF conversion of this generated header file is occurring at this specific moment. Anyway, if we want to do this, then I'd suggest briefly mentioning it in the commit message. (No need to repost just for this.) On 07/10/20 04:27, Guomin Jiang wrote: > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h > index 62c2736cb0b5..3a2544ea5ccc 100644 > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > @@ -247,9 +247,6 @@ extern "C" { > #ifndef OPENSSL_NO_DYNAMIC_ENGINE > # define OPENSSL_NO_DYNAMIC_ENGINE > #endif > -#ifndef OPENSSL_NO_AFALGENG > -# define OPENSSL_NO_AFALGENG > -#endif Is this change intentional? The INSTALL file in OpenSSL says: > no-afalgeng > Don't build the AFALG engine. This option will be forced if > on a platform that does not support AFALG. Should we add "no-afalgeng" to "process_files.pl"? ... Hm, wait a minute, "process_files.pl" already contains "no-afalgeng"! So, there are two things I don't understand: (a) why OPENSSL_NO_AFALGENG disappears, and (b) why the disappearance of OPENSSL_NO_AFALGENG does not cause a build issue. Namely: - we build "crypto/init.c", - "crypto/init.c" seems to reference engine_load_afalg_int() *unless* the OPENSSL_NO_AFALGENG is defined, - the engine_load_afalg_int() function is defined in "engines/e_afalg.c", - but we don't build "engines/e_afalg.c". ... But, I think this should be OK, after all. We set "no-engine" in "process_files.pl". According to INSTALL, that means "Don't build support for loading engines." And "opensslconf.h" defines, as a consequence, OPENSSL_NO_ENGINE. In turn, OPENSSL_NO_AFALGENG is only checked in "crypto/init.c" if OPENSSL_NO_ENGINE is *missing*. That is, if OPENSSL_NO_ENGINE is defined, then the AFALG engine is never enabled, regardless of OPENSSL_NO_AFALGENG: #ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_STATIC_ENGINE # if !defined(OPENSSL_NO_AFALGENG) ... OK, then! On 07/10/20 04:27, Guomin Jiang wrote: > > > /* > diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c > index eacf4826c4f7..235331c2a038 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c > +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c > @@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > **/ > > #include "InternalCryptLib.h" > -#include "internal/sm3.h" > +#include "crypto/sm3.h" > > /** > Retrieves the size, in bytes, of the context buffer required for SM3 hash operations. > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > index 229c244b2657..c9fdb65b99d1 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > @@ -15,13 +15,13 @@ > #include > #include > #include > -#include > +#include > #include > #include > #include > #include > #include > -#include > +#include > > /** > This function will return the leaf signer certificate in a chain. This is > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c > index 9f3983f7c35b..9e0179b03490 100644 > --- a/CryptoPkg/Library/OpensslLib/rand_pool.c > +++ b/CryptoPkg/Library/OpensslLib/rand_pool.c > @@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > > -#include "internal/rand_int.h" > +#include "crypto/rand.h" > #include > > #include > diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl > index c3656cc594da..e2e09d9fba11 160000 > --- a/CryptoPkg/Library/OpensslLib/openssl > +++ b/CryptoPkg/Library/OpensslLib/openssl > @@ -1 +1 @@ > -Subproject commit c3656cc594daac8167721dde7220f0e59ae146fc > +Subproject commit e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72 > diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl > index 65d07a2aed44..4ca81ce4fc50 100755 > --- a/CryptoPkg/Library/OpensslLib/process_files.pl > +++ b/CryptoPkg/Library/OpensslLib/process_files.pl > @@ -111,8 +111,8 @@ BEGIN { > # Generate dso_conf.h per config data > system( > "perl -I. -Mconfigdata util/dofile.pl " . > - "crypto/include/internal/dso_conf.h.in " . > - "> include/internal/dso_conf.h" > + "include/crypto/dso_conf.h.in " . > + "> include/crypto/dso_conf.h" > ) == 0 || > die "Failed to generate dso_conf.h!\n"; > > @@ -267,9 +267,9 @@ copy($OPENSSL_PATH . "/include/openssl/opensslconf.h", > $OPENSSL_PATH . "/../../Include/openssl/") || > die "Cannot copy opensslconf.h!"; > print "Done!"; > -print "\n--> Duplicating dso_conf.h into Include/internal ... "; > -copy($OPENSSL_PATH . "/include/internal/dso_conf.h", > - $OPENSSL_PATH . "/../../Include/internal/") || > +print "\n--> Duplicating dso_conf.h into Include/crypto ... "; > +copy($OPENSSL_PATH . "/include/crypto/dso_conf.h", > + $OPENSSL_PATH . "/../../Include/crypto/") || > die "Cannot copy dso_conf.h!"; > print "Done!\n"; > > So I didn't understand the new destination pathname "CryptoPkg/Library/Include/crypto/dso_conf.h", at first. But, again from OpenSSL commit 0c994d54afbb ("Reorganize private crypto header files", 2019-09-27), the "crypto/init.c" file now contains: #include "crypto/dso_conf.h" So the new pathname seems reasonable to me -- "crypto/dso_conf.h" now sits alongside "CrtLibSupport.h" (for example). Reviewed-by: Laszlo Ersek Tested-by: Laszlo Ersek (I used Secure Boot, EnrollDefaultKeys, and also HTTPSv4 boot for testing.) Thanks! Laszlo