On Tue, 2016-02-23 at 21:57 +0100, Laszlo Ersek wrote: > > Anyway, for runtime testing, I used the OvmfIa32X64 build: > > > (1a) Enroll keys, and confirm SB being active in the Fedora guest, > > using my current build. > > (1b) Rebuild the firmware binary with your patches & instructions. > Do > > not touch the VM's varstore. > > (1c) Confirm SB is still active in the Fedora guest. > > This step failed, with the OVMF debug output ending with:
Just to confirm: After your excellent diagnostics and your much- appreciated help getting me set up to test this for myself, and your fix for the free() function, this is now working correctly for both the OpenSSL 1.0.2f and OpenSSL 1.1 builds. Someone offline (whose name I don't see on the list so I won't break his/her cover, but thanks) also pointed me at the Cryptest application. UEFI-OpenSSL Wrapper Cryptosystem Testing: -------------------------------------------- UEFI-OpenSSL Hash Engine Testing: - MD4: Init... Update... Finalize... Check Value... [Pass] - MD5: Init... Update... Finalize... Check Value... [Pass] - SHA1: Init... Update... Finalize... Check Value... [Pass] - SHA256: Init... Update... Finalize... Check Value... [Pass] - SHA384: Init... Update... Finalize... Check Value... [Pass] - SHA512: Init... Update... Finalize... Check Value... [Pass] UEFI-OpenSSL HMAC Engine Testing: - HMAC-MD5: Init... Update... Finalize... Check Value... [Pass] - HMAC-SHA1: Init... Update... Finalize... Check Value... [Pass] UEFI-OpenSSL Block Cipher Engine Testing: - TDES Validation: ECB... EDE2 ECB... EDE3 CBC... [Pass] - AES Validation: ECB-128... ECB-192... ECB-256... CBC-128... [Pass] - ARC4 Validation: [Pass] UEFI-OpenSSL RSA Key Retrieving Testing: - Retrieve RSA Private Key for PEM ...[Pass] - Retrieve RSA Public Key from X509 ... [Pass] - PKCS#1 Signature ... [Pass] - PKCS#1 Signature Verification ... [Pass] - X509 Certificate Subject Bytes Retrieving ... [Pass] - X509 Certificate Verification with Trusted CA ...[Pass] UEFI-OpenSSL PKCS#7 Signing & Verification Testing: - Create PKCS#7 signedData ...[Pass][Pass] - Verify PKCS#7 signedData ...[Pass] UEFI-OpenSSL Authenticode Testing: - PE/COFF Authenticode (Digested by SHA-1) Verification ... [Pass] - PE/COFF Authenticode (Digested by SHA-256) Verification ... [Pass] UEFI-OpenSSL RFC3161 Timestamp Signature Testing: - Verify RFC3161 TimeStamp CounterSignature in PE/COFF Authenticode ... [Pass] --> The PE/COFF was signed at <07/28/2014 08:50> UEFI-OpenSSL DH Engine Testing: - Context1 ... Context2 ... Parameter1 ... Parameter2 ... Generate key1 ... Generate key2 ... Compute key1 ... Compute key2 ... Compare Keys ... [Pass] UEFI-OpenSSL PRNG Engine Testing: - Random Generation...[Pass] -- David Woodhouse Open Source Technology Centre [email protected] Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
