Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8

Fri, 02 Jun 2023 02:14:57 -0700 

On Fri, 2 Jun 2023 at 04:53, Yao, Jiewen <jiewen....@intel.com> wrote:
>
> Hi Ard
> Would you please take a look at 
> https://github.com/tianocore/edk2-staging/tree/OpenSSL30, which is our 
> current working version? If you have any idea, please propose patch.
>
> Also, could you please try that on ARM/AARCH64 platform to see if there is 
> anything broken?
>
> I think those are important to make sure we have a working version for next 
> stable tag.
>

Agreed.

With GCC5 and the tweak below [0], that branch builds OVMF/ArmVirtQemu
fine for me on {X64,AARCH64,ARM} x {DEBUG,RELEASE,NOOPT}.

I also built DeveloperBox.dsc and DeveloperBoxMm.dsc from
edk2-platforms without problems, with SECURE_BOOT_ENABLE and
TPM2_ENABLE both set.

Clang seemed to work fine as well, but the branch still uses CLANG3x
so we need to rebase this branch onto the latest stable tag first and
retest.

I did only a quick boot test to check whether secure boot verification
was working, but all seemed to work fine.

In any case, if we want to make the next stable tag, I think we should
move quickly, so that we have enough time to fix any issues that may
arise.



[0] first hunk is based on 7880536fe17c2b54 in openssl upstream

--- a/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h
+++ b/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h
@@ -177,7 +177,7 @@ typedef struct GENERAL_NAME_st {
         OTHERNAME *otherName;   /* otherName */
         ASN1_IA5STRING *rfc822Name;
         ASN1_IA5STRING *dNSName;
-        ASN1_TYPE *x400Address;
+        ASN1_STRING *x400Address;
         X509_NAME *directoryName;
         EDIPARTYNAME *ediPartyName;
         ASN1_IA5STRING *uniformResourceIdentifier;
diff --git a/CryptoPkg/Library/OpensslLib/SslExtServNull.c
b/CryptoPkg/Library/OpensslLib/SslExtServNull.c
index c256f17667668866..a736dca8b73d27d5 100644
--- a/CryptoPkg/Library/OpensslLib/SslExtServNull.c
+++ b/CryptoPkg/Library/OpensslLib/SslExtServNull.c
@@ -177,12 +177,6 @@ int tls_parse_ctos_early_data(SSL *s, PACKET
*pkt, unsigned int context,
     return 0;
 }

-static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
-                                                 SSL_SESSION **sess)
-{
-    return SSL_TICKET_NO_DECRYPT;
-}
-
 int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
                        size_t chainidx)
 {


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105641): https://edk2.groups.io/g/devel/message/105641
Mute This Topic: https://groups.io/mt/97576405/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to