Bug 1958030

Summary: tpm2-pkcs11: Port to OpenSSL 3.0
Product: Red Hat Enterprise Linux 9 Reporter: Sahana Prasad <sahana>
Component: tpm2-pkcs11Assignee: Jerry Snitselaar <jsnitsel>
Status: CLOSED CURRENTRELEASE QA Contact: Vilém Maršík <vmarsik>
Severity: unspecified Docs Contact:
Priority: high    
Version: CentOS StreamCC: bhu, bstinson, fweimer, jwboyer, kcarcia, rvr, williams
Target Milestone: betaKeywords: Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-12-07 21:52:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1958021    

Description Sahana Prasad 2021-05-07 04:47:07 UTC 
This bug is used to track the readiness of tpm2-pkcs11 with OpenSSL 3.0

currently the build fails due to the usage of deprecated functions:
https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=217675

Kindly fix them to ensure this package builds with OpenSSL 3.0, as we will introduce OpenSSL 3.0 in RHEL-9 very soon.
You can treat the deprecated warnings not as errors if you want to continue to use deprecated functions, but it is encouraged to use the new APIs, and this migration could be done sooner than later.

OpenSSL 3.0 and compat-openssl11 packages are built and available with side-tag c9s-build-ssl3
Kindly try to build tpm2-pkcs11 with this side-tag.

(centpkg build --srpm --target c9s-build-ssl3)

If you ave any further queries, kindly mail

rhel-crypto 

Thank you
Comment 3 Vilém Maršík 2021-05-24 22:20:14 UTC 
Running existing TPM2 tests (without any OpenSSL part) should be enough here.
Comment 9 Vilém Maršík 2021-06-29 17:37:33 UTC 
TPM2 still working:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   TEST PROTOCOL
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

    Package       : crypto
    beakerlib RPM : beakerlib-1.27-1.el9.noarch
    Test name     : /kernel/crypto/tpm/tpm2
    Test version  : 0.1
    Test started  : 2021-06-29 11:31:08 EDT
    Test finished : 2021-06-29 11:31:14 EDT (still running)
    Test duration : 6 seconds
    Distro        : Red Hat Enterprise Linux release 9.0 Beta (Plow)
    Hostname      : dell-per640-02.dell2.lab.eng.bos.redhat.com
    Architecture  : x86_64
    CPUs          : 48 x Intel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz
    RAM size      : 31628 MB
    HDD size      : 319.13 GB

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Test description
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Runs different tpm2-tools tests against a TPM2 HW.


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Setup
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 11:31:08 ] :: [   PASS   ] :: Command 'udevadm trigger --action=change' (Expected 0, got 0)
:: [ 11:31:08 ] :: [   PASS   ] :: starting tpm2-abrmd (Expected 0, got 0)
:: [ 11:31:10 ] :: [   PASS   ] :: Command 'journalctl -xe' (Expected 0, got 0)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 3s
::   Assertions: 3 good, 0 bad
::   RESULT: PASS (Setup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Presence
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 11:31:11 ] :: [   PASS   ] :: Command 'tpm2_pcrread -T tabrmd' (Expected 0, got 0)
:: [ 11:31:11 ] :: [   PASS   ] :: 24 PCRS (Assert: "24" should be >= "24")
:: [ 11:31:11 ] :: [   PASS   ] :: File /dev/tpm0 should exist
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 3 good, 0 bad
::   RESULT: PASS (Presence)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Functionality
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 11:31:13 ] :: [   PASS   ] :: Command 'tpm2_nvreadpublic -T tabrmd' (Expected 0, got 0)
:: [ 11:31:13 ] :: [   PASS   ] :: random number generator (Expected 0, got 0)
:: [ 11:31:13 ] :: [   PASS   ] :: random number count (Assert: '20' should equal '20')
:: [ 11:31:13 ] :: [   PASS   ] :: hashing (Expected 0, got 0)
:: [ 11:31:14 ] :: [   PASS   ] :: extending PCR (Expected 0, got 0)
:: [ 11:31:14 ] :: [   PASS   ] :: PCR value changed (Assert: "  4 : 0x741A62284CCAE1D59D8EFD49497B6356D3CA83FD" should not equal "  4 : 0xFCA182EB0AB2FDF4CF9428A7981B77F39C7908F0")
:: [ 11:31:14 ] :: [   PASS   ] :: tpm2_rc_decode 0x9a2 -> authorization failure (Assert: '1' should equal '1')
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 3s
::   Assertions: 7 good, 0 bad
::   RESULT: PASS (Functionality)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Data RW
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 0 good, 0 bad
::   RESULT: PASS (Data RW)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Cleanup
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 0 good, 0 bad
::   RESULT: PASS (Cleanup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   /kernel/crypto/tpm/tpm2
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 11:31:14 ] :: [   LOG    ] :: JOURNAL XML: /var/tmp/beakerlib-UdhIp7s/journal.xml
:: [ 11:31:14 ] :: [   LOG    ] :: JOURNAL TXT: /var/tmp/beakerlib-UdhIp7s/journal.txt
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 6s
::   Phases: 5 good, 0 bad
::   OVERALL RESULT: PASS (/kernel/crypto/tpm/tpm2)

[root@dell-per640-02 tpm2-tools]# uname -r
5.13.0-0.rc7.51.el9.x86_64
[root@dell-per640-02 tpm2-tools]# rpm -qa | grep tpm2
tpm2-tss-3.0.3-4.el9.x86_64
tpm2-abrmd-selinux-2.3.1-5.el9.noarch
tpm2-abrmd-2.4.0-2.el9.x86_64
tpm2-tools-5.0-6.el9.x86_64
Comment 12 Vilém Maršík 2021-07-22 20:54:11 UTC 
Still working:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   TEST PROTOCOL
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

    Package       : crypto
    beakerlib RPM : beakerlib-1.27-1.el9.noarch
    Test name     : /kernel/crypto/tpm/tpm2
    Test version  : 0.1
    Test started  : 2021-07-22 16:38:35 EDT
    Test finished : 2021-07-22 16:39:53 EDT (still running)
    Test duration : 78 seconds
    Distro        : Red Hat Enterprise Linux release 9.0 Beta (Plow)
    Hostname      : dell-per7425-02.khw.lab.eng.bos.redhat.com
    Architecture  : x86_64
    CPUs          : 96 x AMD EPYC 7401 24-Core Processor
    RAM size      : 64049 MB
    HDD size      : 340.47 GB

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Test description
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Runs different tpm2-tools tests against a TPM2 HW.


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Setup
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 16:38:35 ] :: [   PASS   ] :: Command 'udevadm trigger --action=change' (Expected 0, got 0)
:: [ 16:38:35 ] :: [   PASS   ] :: starting tpm2-abrmd (Expected 0, got 0)
:: [ 16:39:49 ] :: [   PASS   ] :: Command 'journalctl -xe' (Expected 0, got 0)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 75s
::   Assertions: 3 good, 0 bad
::   RESULT: PASS (Setup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Presence
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 16:39:50 ] :: [   PASS   ] :: Command 'tpm2_pcrread -T tabrmd' (Expected 0, got 0)
:: [ 16:39:50 ] :: [   PASS   ] :: 24 PCRS (Assert: "24" should be >= "24")
:: [ 16:39:50 ] :: [   PASS   ] :: File /dev/tpm0 should exist
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 3 good, 0 bad
::   RESULT: PASS (Presence)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Functionality
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 16:39:52 ] :: [   PASS   ] :: Command 'tpm2_nvreadpublic -T tabrmd' (Expected 0, got 0)
:: [ 16:39:53 ] :: [   PASS   ] :: random number generator (Expected 0, got 0)
:: [ 16:39:53 ] :: [   PASS   ] :: random number count (Assert: '20' should equal '20')
:: [ 16:39:53 ] :: [   PASS   ] :: hashing (Expected 0, got 0)
:: [ 16:39:53 ] :: [   PASS   ] :: extending PCR (Expected 0, got 0)
:: [ 16:39:53 ] :: [   PASS   ] :: PCR value changed (Assert: "  4 : 0x770D94BE31DC5EF1B807283D29AF56FDEA2328C4" should not equal "  4 : 0x70DE2C23AB72FC5A0AA1C481DD8958987292571C")
:: [ 16:39:53 ] :: [   PASS   ] :: tpm2_rc_decode 0x9a2 -> authorization failure (Assert: '1' should equal '1')
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 3s
::   Assertions: 7 good, 0 bad
::   RESULT: PASS (Functionality)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Data RW
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 0 good, 0 bad
::   RESULT: PASS (Data RW)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Cleanup
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 0 good, 0 bad
::   RESULT: PASS (Cleanup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   /kernel/crypto/tpm/tpm2
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 16:39:53 ] :: [   LOG    ] :: JOURNAL XML: /var/tmp/beakerlib-MtT4kvf/journal.xml
:: [ 16:39:53 ] :: [   LOG    ] :: JOURNAL TXT: /var/tmp/beakerlib-MtT4kvf/journal.txt
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 78s
::   Phases: 5 good, 0 bad
::   OVERALL RESULT: PASS (/kernel/crypto/tpm/tpm2)

# uname -r
5.14.0-0.rc2.23.el9.x86_64
# rpm -qa | grep tpm2
tpm2-tss-3.0.3-4.el9.x86_64
tpm2-abrmd-selinux-2.3.1-5.el9.noarch
tpm2-abrmd-2.4.0-2.el9.x86_64
tpm2-tools-5.0-6.el9.x86_64