rpms/tboot
7
0
Fork 0
Code Issues Pull Requests Releases Activity

tboot-1.11.3-2: Stop using OpenSSL ENGINE API in tboot

Browse Source 
Openssl/engine.h header is not shipped with OpenSSL in CentOS-10 or
RHEL-10.

Engines are not FIPS compatible and corresponding API is deprecated
since OpenSSL 3.0.

Resloves: RHEL-54172

Signed-off-by: Tony Camuso <tcamuso@redhat.com>
This commit is contained in:
Tony Camuso 2024-08-13 14:16:39 -04:00
parent 6c5883c7b8
commit fb5160f702
2 changed files with 63 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
tboot-no-engine.patch Normal file
View File

@ -0,0 +1,57 @@
diff -up tboot-1.11.3/lcptools-v2/crtpol.c.no-engine tboot-1.11.3/lcptools-v2/crtpol.c
--- tboot-1.11.3/lcptools-v2/crtpol.c.no-engine 2024-08-13 18:03:43.003697657 +0200
+++ tboot-1.11.3/lcptools-v2/crtpol.c 2024-08-13 18:04:49.315001612 +0200
@@ -43,7 +43,10 @@
#include <errno.h>
#include <string.h>
#include <openssl/rsa.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/bn.h>
diff -up tboot-1.11.3/lcptools-v2/crtpollist.c.no-engine tboot-1.11.3/lcptools-v2/crtpollist.c
--- tboot-1.11.3/lcptools-v2/crtpollist.c.no-engine 2024-08-13 18:03:43.005697697 +0200
+++ tboot-1.11.3/lcptools-v2/crtpollist.c 2024-08-13 18:04:58.324178771 +0200
@@ -44,7 +44,10 @@
#include <errno.h>
#include <string.h>
#include <openssl/rsa.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/bn.h>
diff -up tboot-1.11.3/lcptools-v2/lcputils.c.no-engine tboot-1.11.3/lcptools-v2/lcputils.c
--- tboot-1.11.3/lcptools-v2/lcputils.c.no-engine 2024-08-13 18:03:43.004697677 +0200
+++ tboot-1.11.3/lcptools-v2/lcputils.c 2024-08-13 18:04:53.293079838 +0200
@@ -43,7 +43,10 @@
#include <errno.h>
#include <string.h>
#include <openssl/rsa.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/bn.h>
diff -up tboot-1.11.3/lcptools-v2/pollist2.c.no-engine tboot-1.11.3/lcptools-v2/pollist2.c
--- tboot-1.11.3/lcptools-v2/pollist2.c.no-engine 2024-08-13 18:03:43.002697637 +0200
+++ tboot-1.11.3/lcptools-v2/pollist2.c 2024-08-13 18:04:45.813932767 +0200
@@ -41,7 +41,10 @@
#include <string.h>
#include <safe_lib.h>
#include <openssl/rsa.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/bn.h>

7
tboot.spec
View File

@ -1,13 +1,14 @@
Summary: Performs a verified launch using Intel TXT Summary: Performs a verified launch using Intel TXT
Name: tboot Name: tboot
Version: 1.11.3 Version: 1.11.3
Release: 1%{?dist} Release: 2%{?dist}
Epoch: 1 Epoch: 1
License: BSD-3-Clause License: BSD-3-Clause
URL: http://sourceforge.net/projects/tboot/ URL: http://sourceforge.net/projects/tboot/
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
Patch0: tboot-gcc14.patch Patch0: tboot-gcc14.patch
Patch1: tboot-no-engine.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
@ -96,6 +97,10 @@ grub2-mkconfig -o /etc/grub2.cfg
/boot/tboot-syms /boot/tboot-syms
%changelog %changelog
* Tue Aug 13 2024 Tony Camuso <tcamuso@redhat.com> - 1:1.11.3-2
- Stop using OpenSSL ENGINE API in tboot
Resloves: RHEL-54172
* Tue Jun 25 2024 Tony Camuso <tcamuso@redhat.com> - 1:1.11.3-1 * Tue Jun 25 2024 Tony Camuso <tcamuso@redhat.com> - 1:1.11.3-1
- Latest version of tboot. - Latest version of tboot.
Resolves: RHEL-34500 Resolves: RHEL-34500