[edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8

Yao, Jiewen jiewen.yao at intel.com
Fri Jun 2 14:29:11 UTC 2023 

Thanks Ard. That is good news.
We may try the patch to see if that will break X86.

Current blocking issue seems IA32 intrinsic and OVMF size. I am not sure if Gerd has any idea on that.

Thank you
Yao, Jiewen

> -----Original Message-----
> From: Ard Biesheuvel <ardb at kernel.org>
> Sent: Friday, June 2, 2023 5:15 PM
> To: Yao, Jiewen <jiewen.yao at intel.com>
> Cc: devel at edk2.groups.io; kraxel at redhat.com; Li, Yi1 <yi1.li at intel.com>;
> Wang, Jian J <jian.j.wang at intel.com>; Pawel Polawski
> <ppolawsk at redhat.com>; Lu, Xiaoyu1 <xiaoyu1.lu at intel.com>; Jiang, Guomin
> <guomin.jiang at intel.com>; Oliver Steffen <osteffen at redhat.com>; Justen,
> Jordan L <jordan.l.justen at intel.com>
> Subject: Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule
> to openssl-3.0.8
> 
> On Fri, 2 Jun 2023 at 04:53, Yao, Jiewen <jiewen.yao at intel.com> wrote:
> >
> > Hi Ard
> > Would you please take a look at https://github.com/tianocore/edk2-
> staging/tree/OpenSSL30, which is our current working version? If you have any
> idea, please propose patch.
> >
> > Also, could you please try that on ARM/AARCH64 platform to see if there is
> anything broken?
> >
> > I think those are important to make sure we have a working version for next
> stable tag.
> >
> 
> Agreed.
> 
> With GCC5 and the tweak below [0], that branch builds OVMF/ArmVirtQemu
> fine for me on {X64,AARCH64,ARM} x {DEBUG,RELEASE,NOOPT}.
> 
> I also built DeveloperBox.dsc and DeveloperBoxMm.dsc from
> edk2-platforms without problems, with SECURE_BOOT_ENABLE and
> TPM2_ENABLE both set.
> 
> Clang seemed to work fine as well, but the branch still uses CLANG3x
> so we need to rebase this branch onto the latest stable tag first and
> retest.
> 
> I did only a quick boot test to check whether secure boot verification
> was working, but all seemed to work fine.
> 
> In any case, if we want to make the next stable tag, I think we should
> move quickly, so that we have enough time to fix any issues that may
> arise.
> 
> 
> 
> [0] first hunk is based on 7880536fe17c2b54 in openssl upstream
> 
> --- a/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h
> +++ b/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h
> @@ -177,7 +177,7 @@ typedef struct GENERAL_NAME_st {
>          OTHERNAME *otherName;   /* otherName */
>          ASN1_IA5STRING *rfc822Name;
>          ASN1_IA5STRING *dNSName;
> -        ASN1_TYPE *x400Address;
> +        ASN1_STRING *x400Address;
>          X509_NAME *directoryName;
>          EDIPARTYNAME *ediPartyName;
>          ASN1_IA5STRING *uniformResourceIdentifier;
> diff --git a/CryptoPkg/Library/OpensslLib/SslExtServNull.c
> b/CryptoPkg/Library/OpensslLib/SslExtServNull.c
> index c256f17667668866..a736dca8b73d27d5 100644
> --- a/CryptoPkg/Library/OpensslLib/SslExtServNull.c
> +++ b/CryptoPkg/Library/OpensslLib/SslExtServNull.c
> @@ -177,12 +177,6 @@ int tls_parse_ctos_early_data(SSL *s, PACKET
> *pkt, unsigned int context,
>      return 0;
>  }
> 
> -static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
> -                                                 SSL_SESSION **sess)
> -{
> -    return SSL_TICKET_NO_DECRYPT;
> -}
> -
>  int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
>                         size_t chainidx)
>  {


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105648): https://edk2.groups.io/g/devel/message/105648
Mute This Topic: https://groups.io/mt/97576405/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list