2 files changed, 35 insertions, 0 deletions
diff --git a/recipes-support/sbsigntool/sbsigntool-native_git.bb b/recipes-support/sbsigntool/sbsigntool-native_git.bb
index a584f106..58af6349 100644
--- a/recipes-support/sbsigntool/sbsigntool-native_git.bb
+++ b/recipes-support/sbsigntool/sbsigntool-native_git.bb
@@ -22,6 +22,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.GPLv3;md5=9eef91148a9b14ec7f9df333daebc746 \
 SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git;protocol=https;name=sbsigntools;branch=master \
           git://github.com/rustyrussell/ccan.git;protocol=https;destsuffix=git/lib/ccan.git;name=ccan;branch=master \
           file://0001-configure-Fixup-build-dependencies-for-cross-compili.patch \
+           file://0002-fix-openssl-3-0.patch \
          "
 SRCREV_sbsigntools  ?= "f12484869c9590682ac3253d583bf59b890bb826"
@@ -79,3 +80,5 @@ EXTRA_OEMAKE = "\
              -I${STAGING_INCDIR_NATIVE} \
              -I${STAGING_INCDIR_NATIVE}/efi/${@efi_arch(d)}' \
    "
+CFLAGS:append = " -Wno-error"
diff --git a/recipes-support/sbsigntool/sbsigntool/0002-fix-openssl-3-0.patch b/recipes-support/sbsigntool/sbsigntool/0002-fix-openssl-3-0.patch
new file mode 100644
index 00000000..8a277947
--- /dev/null
+++ b/recipes-support/sbsigntool/sbsigntool/0002-fix-openssl-3-0.patch
@@ -0,0 +1,32 @@
+Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it.
+openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to
+`const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind
+OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is
+available. This change should have been transparent to the application, but
+only if the `ASN1_ITEM_rptr()` macro is used.
+This change passes `make check` with both openssl 1.1 and 3.0.
+Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
+Upstream-status: Submited [https://groups.io/g/sbsigntools/topic/patch_fix_openssl_3_0_issue/85903418]
+---
+ src/idc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/idc.c b/src/idc.c
+index 6d87bd4..0a82218 100644
+--- a/src/idc.c
+++ b/src/idc.c
+@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image)
+        idc->data->type = OBJ_nid2obj(peid_nid);
+        idc->data->value = ASN1_TYPE_new();
+-       type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it);
+       type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID));
+         idc->digest->alg->parameter = ASN1_TYPE_new();
+         idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256);
+--
+2.25.1

diff --git a/recipes-support/sbsigntool/sbsigntool-native_git.bb b/recipes-support/sbsigntool/sbsigntool-native_git.bb index a584f106..58af6349 100644 --- a/recipes-support/sbsigntool/sbsigntool-native_git.bb +++ b/recipes-support/sbsigntool/sbsigntool-native_git.bb
@@ -22,6 +22,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.GPLv3;md5=9eef91148a9b14ec7f9df333daebc746 \
22	SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git;protocol=https;name=sbsigntools;branch=master \	22	SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git;protocol=https;name=sbsigntools;branch=master \
23	git://github.com/rustyrussell/ccan.git;protocol=https;destsuffix=git/lib/ccan.git;name=ccan;branch=master \	23	git://github.com/rustyrussell/ccan.git;protocol=https;destsuffix=git/lib/ccan.git;name=ccan;branch=master \
24	file://0001-configure-Fixup-build-dependencies-for-cross-compili.patch \	24	file://0001-configure-Fixup-build-dependencies-for-cross-compili.patch \
		25	file://0002-fix-openssl-3-0.patch \
25	"	26	"
26		27
27	SRCREV_sbsigntools ?= "f12484869c9590682ac3253d583bf59b890bb826"	28	SRCREV_sbsigntools ?= "f12484869c9590682ac3253d583bf59b890bb826"
@@ -79,3 +80,5 @@ EXTRA_OEMAKE = "\
79	-I${STAGING_INCDIR_NATIVE} \	80	-I${STAGING_INCDIR_NATIVE} \
80	-I${STAGING_INCDIR_NATIVE}/efi/${@efi_arch(d)}' \	81	-I${STAGING_INCDIR_NATIVE}/efi/${@efi_arch(d)}' \
81	"	82	"
		83
		84	CFLAGS:append = " -Wno-error"


diff --git a/recipes-support/sbsigntool/sbsigntool/0002-fix-openssl-3-0.patch b/recipes-support/sbsigntool/sbsigntool/0002-fix-openssl-3-0.patch new file mode 100644 index 00000000..8a277947 --- /dev/null +++ b/recipes-support/sbsigntool/sbsigntool/0002-fix-openssl-3-0.patch
@@ -0,0 +1,32 @@
		1	Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it.
		2
		3	openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to
		4	`const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind
		5	OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is
		6	available. This change should have been transparent to the application, but
		7	only if the `ASN1_ITEM_rptr()` macro is used.
		8
		9	This change passes `make check` with both openssl 1.1 and 3.0.
		10
		11	Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
		12	Upstream-status: Submited [https://groups.io/g/sbsigntools/topic/patch_fix_openssl_3_0_issue/85903418]
		13	---
		14	src/idc.c \| 2 +-
		15	1 file changed, 1 insertion(+), 1 deletion(-)
		16
		17	diff --git a/src/idc.c b/src/idc.c
		18	index 6d87bd4..0a82218 100644
		19	--- a/src/idc.c
		20	+++ b/src/idc.c
		21	@@ -189,7 +189,7 @@ int IDC_set(PKCS7 p7, PKCS7_SIGNER_INFO si, struct image *image)
		22
		23	idc->data->type = OBJ_nid2obj(peid_nid);
		24	idc->data->value = ASN1_TYPE_new();
		25	- type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it);
		26	+ type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID));
		27
		28	idc->digest->alg->parameter = ASN1_TYPE_new();
		29	idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256);
		30	--
		31	2.25.1
		32