tboot-1.11.3-2: Stop using OpenSSL ENGINE API in tboot

Openssl/engine.h header is not shipped with OpenSSL in CentOS-10 or RHEL-10. Engines are not FIPS compatible and corresponding API is deprecated since OpenSSL 3.0. Resloves: RHEL-54172 Signed-off-by: Tony Camuso <tcamuso@redhat.com>
2024-08-13 14:16:39 -04:00 · 2024-08-13 14:16:39 -04:00 · fb5160f702
commit fb5160f702
parent 6c5883c7b8
2 changed files with 63 additions and 1 deletions
--- a/tboot-no-engine.patch
+++ b/tboot-no-engine.patch
@ -0,0 +1,57 @@
+diff -up tboot-1.11.3/lcptools-v2/crtpol.c.no-engine tboot-1.11.3/lcptools-v2/crtpol.c
+--- tboot-1.11.3/lcptools-v2/crtpol.c.no-engine	2024-08-13 18:03:43.003697657 +0200
+++ tboot-1.11.3/lcptools-v2/crtpol.c	2024-08-13 18:04:49.315001612 +0200
+@@ -43,7 +43,10 @@
+ #include <errno.h>
+ #include <string.h>
+ #include <openssl/rsa.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_ENGINE
+ #include <openssl/engine.h>
+#endif
+ #include <openssl/pem.h>
+ #include <openssl/err.h>
+ #include <openssl/bn.h>
+diff -up tboot-1.11.3/lcptools-v2/crtpollist.c.no-engine tboot-1.11.3/lcptools-v2/crtpollist.c
+--- tboot-1.11.3/lcptools-v2/crtpollist.c.no-engine	2024-08-13 18:03:43.005697697 +0200
+++ tboot-1.11.3/lcptools-v2/crtpollist.c	2024-08-13 18:04:58.324178771 +0200
+@@ -44,7 +44,10 @@
+ #include <errno.h>
+ #include <string.h>
+ #include <openssl/rsa.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_ENGINE
+ #include <openssl/engine.h>
+#endif
+ #include <openssl/pem.h>
+ #include <openssl/err.h>
+ #include <openssl/bn.h>
+diff -up tboot-1.11.3/lcptools-v2/lcputils.c.no-engine tboot-1.11.3/lcptools-v2/lcputils.c
+--- tboot-1.11.3/lcptools-v2/lcputils.c.no-engine	2024-08-13 18:03:43.004697677 +0200
+++ tboot-1.11.3/lcptools-v2/lcputils.c	2024-08-13 18:04:53.293079838 +0200
+@@ -43,7 +43,10 @@
+ #include <errno.h>
+ #include <string.h>
+ #include <openssl/rsa.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_ENGINE
+ #include <openssl/engine.h>
+#endif
+ #include <openssl/pem.h>
+ #include <openssl/err.h>
+ #include <openssl/bn.h>
+diff -up tboot-1.11.3/lcptools-v2/pollist2.c.no-engine tboot-1.11.3/lcptools-v2/pollist2.c
+--- tboot-1.11.3/lcptools-v2/pollist2.c.no-engine	2024-08-13 18:03:43.002697637 +0200
+++ tboot-1.11.3/lcptools-v2/pollist2.c	2024-08-13 18:04:45.813932767 +0200
+@@ -41,7 +41,10 @@
+ #include <string.h>
+ #include <safe_lib.h>
+ #include <openssl/rsa.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_ENGINE
+ #include <openssl/engine.h>
+#endif
+ #include <openssl/pem.h>
+ #include <openssl/err.h>
+ #include <openssl/bn.h>
+
--- a/tboot.spec
+++ b/tboot.spec
@ -1,13 +1,14 @@
 Summary:       Performs a verified launch using Intel TXT
 Name:          tboot
 Version:       1.11.3
-Release:       1%{?dist}
+Release:       2%{?dist}
 Epoch:         1

 License:       BSD-3-Clause
 URL:           http://sourceforge.net/projects/tboot/
 Source0:       http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 Patch0: tboot-gcc14.patch
+Patch1: tboot-no-engine.patch

 BuildRequires: make
 BuildRequires: gcc
@ -96,6 +97,10 @@ grub2-mkconfig -o /etc/grub2.cfg
 /boot/tboot-syms

 %changelog
+* Tue Aug 13 2024 Tony Camuso <tcamuso@redhat.com> - 1:1.11.3-2
+- Stop using OpenSSL ENGINE API in tboot
+  Resloves: RHEL-54172
+
 * Tue Jun 25 2024 Tony Camuso <tcamuso@redhat.com> - 1:1.11.3-1
 - Latest version of tboot.
  Resolves: RHEL-34500