From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"kraxel@redhat.com" <kraxel@redhat.com>,
"Li, Yi1" <yi1.li@intel.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
Pawel Polawski <ppolawsk@redhat.com>,
"Lu, Xiaoyu1" <xiaoyu1.lu@intel.com>,
"Jiang, Guomin" <guomin.jiang@intel.com>,
"Oliver Steffen" <osteffen@redhat.com>,
"Justen, Jordan L" <jordan.l.justen@intel.com>
Subject: Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8
Date: Fri, 2 Jun 2023 14:29:11 +0000 [thread overview]
Message-ID: <MW4PR11MB58725CCB41727BB2B08009CA8C4EA@MW4PR11MB5872.namprd11.prod.outlook.com> (raw)
In-Reply-To: <CAMj1kXHbg84VS30nX5Es_iHaaM=MdN6wTX9K1iCCgmjS+rCPBg@mail.gmail.com>
Thanks Ard. That is good news.
We may try the patch to see if that will break X86.
Current blocking issue seems IA32 intrinsic and OVMF size. I am not sure if Gerd has any idea on that.
Thank you
Yao, Jiewen
> -----Original Message-----
> From: Ard Biesheuvel <ardb@kernel.org>
> Sent: Friday, June 2, 2023 5:15 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>
> Cc: devel@edk2.groups.io; kraxel@redhat.com; Li, Yi1 <yi1.li@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Pawel Polawski
> <ppolawsk@redhat.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin
> <guomin.jiang@intel.com>; Oliver Steffen <osteffen@redhat.com>; Justen,
> Jordan L <jordan.l.justen@intel.com>
> Subject: Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule
> to openssl-3.0.8
>
> On Fri, 2 Jun 2023 at 04:53, Yao, Jiewen <jiewen.yao@intel.com> wrote:
> >
> > Hi Ard
> > Would you please take a look at https://github.com/tianocore/edk2-
> staging/tree/OpenSSL30, which is our current working version? If you have any
> idea, please propose patch.
> >
> > Also, could you please try that on ARM/AARCH64 platform to see if there is
> anything broken?
> >
> > I think those are important to make sure we have a working version for next
> stable tag.
> >
>
> Agreed.
>
> With GCC5 and the tweak below [0], that branch builds OVMF/ArmVirtQemu
> fine for me on {X64,AARCH64,ARM} x {DEBUG,RELEASE,NOOPT}.
>
> I also built DeveloperBox.dsc and DeveloperBoxMm.dsc from
> edk2-platforms without problems, with SECURE_BOOT_ENABLE and
> TPM2_ENABLE both set.
>
> Clang seemed to work fine as well, but the branch still uses CLANG3x
> so we need to rebase this branch onto the latest stable tag first and
> retest.
>
> I did only a quick boot test to check whether secure boot verification
> was working, but all seemed to work fine.
>
> In any case, if we want to make the next stable tag, I think we should
> move quickly, so that we have enough time to fix any issues that may
> arise.
>
>
>
> [0] first hunk is based on 7880536fe17c2b54 in openssl upstream
>
> --- a/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h
> +++ b/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h
> @@ -177,7 +177,7 @@ typedef struct GENERAL_NAME_st {
> OTHERNAME *otherName; /* otherName */
> ASN1_IA5STRING *rfc822Name;
> ASN1_IA5STRING *dNSName;
> - ASN1_TYPE *x400Address;
> + ASN1_STRING *x400Address;
> X509_NAME *directoryName;
> EDIPARTYNAME *ediPartyName;
> ASN1_IA5STRING *uniformResourceIdentifier;
> diff --git a/CryptoPkg/Library/OpensslLib/SslExtServNull.c
> b/CryptoPkg/Library/OpensslLib/SslExtServNull.c
> index c256f17667668866..a736dca8b73d27d5 100644
> --- a/CryptoPkg/Library/OpensslLib/SslExtServNull.c
> +++ b/CryptoPkg/Library/OpensslLib/SslExtServNull.c
> @@ -177,12 +177,6 @@ int tls_parse_ctos_early_data(SSL *s, PACKET
> *pkt, unsigned int context,
> return 0;
> }
>
> -static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
> - SSL_SESSION **sess)
> -{
> - return SSL_TICKET_NO_DECRYPT;
> -}
> -
> int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
> size_t chainidx)
> {
next prev parent reply other threads:[~2023-06-02 14:29 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-13 8:29 [PATCH 00/22] [edk2-staging] CryptoPkg/openssl: switch to openssl-3.0 Gerd Hoffmann
2023-03-13 8:29 ` [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8 Gerd Hoffmann
2023-03-13 15:13 ` [edk2-devel] " Li, Yi
2023-03-14 8:16 ` Gerd Hoffmann
2023-03-14 8:45 ` Ard Biesheuvel
2023-03-14 9:04 ` Gerd Hoffmann
2023-06-02 2:53 ` Yao, Jiewen
2023-06-02 9:14 ` Ard Biesheuvel
2023-06-02 14:29 ` Yao, Jiewen [this message]
2023-06-19 8:12 ` Gerd Hoffmann
2023-06-19 8:37 ` Li, Yi
2023-08-03 4:40 ` Li, Yi
2023-03-13 8:29 ` [PATCH 02/22] CryptoPkg/openssl: remove openssl 1.1.1 header files Gerd Hoffmann
2023-03-13 8:29 ` [PATCH 03/22] CryptoPkg/openssl: remove generated file lists Gerd Hoffmann
2023-03-13 8:29 ` [PATCH 04/22] CryptoPkg/openssl: add openssl3 configure scripts Gerd Hoffmann
2023-03-13 8:29 ` [PATCH 05/22] CryptoPkg/openssl: UefiAsm.conf update for openssl 3.0, add aarch64 Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 06/22] CryptoPkg/openssl: update Openssl*.inf files for openssl 3.0 Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 07/22] CryptoPkg/BaseCryptLib: no openssl deprecation warnings please Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 08/22] CryptoPkg/BaseCryptLib; adapt CryptSm3.c to openssl 3.0 changes Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 09/22] CryptoPkg/BaseCryptLib: drop BIO_* dummy functions Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 10/22] CryptoPkg/TlsLib: ERR_GET_FUNC is gone Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 11/22] CryptoPkg/TlsLib: use unsigned long for ErrorCode Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 12/22] CryptoPkg/openssl: adapt rand_pool.c to openssl 3.0 changes Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 13/22] CryptoPkg/openssl: move compiler_flags to buildinf.c Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 14/22] CryptoPkg/openssl: store dummy update for openssl 3.0 Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 15/22] CryptoPkg/openssl: adapt EcSm2Null.c " Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 16/22] [hash] CryptoPkg/openssl: add OpensslLibHash.inf Gerd Hoffmann
2023-03-13 15:46 ` [edk2-devel] " Li, Yi
2023-03-14 7:45 ` Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 17/22] [hash] OvmfPkg: wire up OpensslLibHash.inf Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 18/22] [provider] CryptoPkg/openssl: use our own predefined providers Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 19/22] CryptoPkg/openssl: update *.inf, add generated files Gerd Hoffmann
2023-03-13 15:26 ` [edk2-devel] " Li, Yi
2023-03-14 7:55 ` Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 20/22] CryptoPkg/openssl: update CI config for openssl 3.0 Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 21/22] CryptoPkg/openssl: cleanup remaining openssl-1.1.1 files Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 22/22] CryptoPkg/openssl: update HOWTO file Gerd Hoffmann
2023-06-01 16:40 ` [edk2-devel] [PATCH 00/22] [edk2-staging] CryptoPkg/openssl: switch to openssl-3.0 Michael D Kinney
2023-06-02 2:51 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW4PR11MB58725CCB41727BB2B08009CA8C4EA@MW4PR11MB5872.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox