RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1958030 - tpm2-pkcs11: Port to OpenSSL 3.0
Summary: tpm2-pkcs11: Port to OpenSSL 3.0
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: tpm2-pkcs11
Version: CentOS Stream
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: beta
: ---
Assignee: Jerry Snitselaar
QA Contact: Vilém Maršík
URL:
Whiteboard:
Depends On:
Blocks: 1958021
TreeView+ depends on / blocked
 
Reported: 2021-05-07 04:47 UTC by Sahana Prasad
Modified: 2021-12-07 21:55 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-12-07 21:52:33 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Sahana Prasad 2021-05-07 04:47:07 UTC 
This bug is used to track the readiness of tpm2-pkcs11 with OpenSSL 3.0

currently the build fails due to the usage of deprecated functions:
https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=217675

Kindly fix them to ensure this package builds with OpenSSL 3.0, as we will introduce OpenSSL 3.0 in RHEL-9 very soon.
You can treat the deprecated warnings not as errors if you want to continue to use deprecated functions, but it is encouraged to use the new APIs, and this migration could be done sooner than later.

OpenSSL 3.0 and compat-openssl11 packages are built and available with side-tag c9s-build-ssl3
Kindly try to build tpm2-pkcs11 with this side-tag.

(centpkg build --srpm --target c9s-build-ssl3)

If you ave any further queries, kindly mail

rhel-crypto 

Thank you
Comment 3 Vilém Maršík 2021-05-24 22:20:14 UTC 
Running existing TPM2 tests (without any OpenSSL part) should be enough here.
Comment 9 Vilém Maršík 2021-06-29 17:37:33 UTC 
TPM2 still working:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   TEST PROTOCOL
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

    Package       : crypto
    beakerlib RPM : beakerlib-1.27-1.el9.noarch
    Test name     : /kernel/crypto/tpm/tpm2
    Test version  : 0.1
    Test started  : 2021-06-29 11:31:08 EDT
    Test finished : 2021-06-29 11:31:14 EDT (still running)
    Test duration : 6 seconds
    Distro        : Red Hat Enterprise Linux release 9.0 Beta (Plow)
    Hostname      : dell-per640-02.dell2.lab.eng.bos.redhat.com
    Architecture  : x86_64
    CPUs          : 48 x Intel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz
    RAM size      : 31628 MB
    HDD size      : 319.13 GB

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Test description
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Runs different tpm2-tools tests against a TPM2 HW.


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Setup
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 11:31:08 ] :: [   PASS   ] :: Command 'udevadm trigger --action=change' (Expected 0, got 0)
:: [ 11:31:08 ] :: [   PASS   ] :: starting tpm2-abrmd (Expected 0, got 0)
:: [ 11:31:10 ] :: [   PASS   ] :: Command 'journalctl -xe' (Expected 0, got 0)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 3s
::   Assertions: 3 good, 0 bad
::   RESULT: PASS (Setup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Presence
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 11:31:11 ] :: [   PASS   ] :: Command 'tpm2_pcrread -T tabrmd' (Expected 0, got 0)
:: [ 11:31:11 ] :: [   PASS   ] :: 24 PCRS (Assert: "24" should be >= "24")
:: [ 11:31:11 ] :: [   PASS   ] :: File /dev/tpm0 should exist
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 3 good, 0 bad
::   RESULT: PASS (Presence)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Functionality
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 11:31:13 ] :: [   PASS   ] :: Command 'tpm2_nvreadpublic -T tabrmd' (Expected 0, got 0)
:: [ 11:31:13 ] :: [   PASS   ] :: random number generator (Expected 0, got 0)
:: [ 11:31:13 ] :: [   PASS   ] :: random number count (Assert: '20' should equal '20')
:: [ 11:31:13 ] :: [   PASS   ] :: hashing (Expected 0, got 0)
:: [ 11:31:14 ] :: [   PASS   ] :: extending PCR (Expected 0, got 0)
:: [ 11:31:14 ] :: [   PASS   ] :: PCR value changed (Assert: "  4 : 0x741A62284CCAE1D59D8EFD49497B6356D3CA83FD" should not equal "  4 : 0xFCA182EB0AB2FDF4CF9428A7981B77F39C7908F0")
:: [ 11:31:14 ] :: [   PASS   ] :: tpm2_rc_decode 0x9a2 -> authorization failure (Assert: '1' should equal '1')
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 3s
::   Assertions: 7 good, 0 bad
::   RESULT: PASS (Functionality)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Data RW
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 0 good, 0 bad
::   RESULT: PASS (Data RW)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Cleanup
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 0 good, 0 bad
::   RESULT: PASS (Cleanup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   /kernel/crypto/tpm/tpm2
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 11:31:14 ] :: [   LOG    ] :: JOURNAL XML: /var/tmp/beakerlib-UdhIp7s/journal.xml
:: [ 11:31:14 ] :: [   LOG    ] :: JOURNAL TXT: /var/tmp/beakerlib-UdhIp7s/journal.txt
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 6s
::   Phases: 5 good, 0 bad
::   OVERALL RESULT: PASS (/kernel/crypto/tpm/tpm2)

[root@dell-per640-02 tpm2-tools]# uname -r
5.13.0-0.rc7.51.el9.x86_64
[root@dell-per640-02 tpm2-tools]# rpm -qa | grep tpm2
tpm2-tss-3.0.3-4.el9.x86_64
tpm2-abrmd-selinux-2.3.1-5.el9.noarch
tpm2-abrmd-2.4.0-2.el9.x86_64
tpm2-tools-5.0-6.el9.x86_64
Comment 12 Vilém Maršík 2021-07-22 20:54:11 UTC 
Still working:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   TEST PROTOCOL
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

    Package       : crypto
    beakerlib RPM : beakerlib-1.27-1.el9.noarch
    Test name     : /kernel/crypto/tpm/tpm2
    Test version  : 0.1
    Test started  : 2021-07-22 16:38:35 EDT
    Test finished : 2021-07-22 16:39:53 EDT (still running)
    Test duration : 78 seconds
    Distro        : Red Hat Enterprise Linux release 9.0 Beta (Plow)
    Hostname      : dell-per7425-02.khw.lab.eng.bos.redhat.com
    Architecture  : x86_64
    CPUs          : 96 x AMD EPYC 7401 24-Core Processor
    RAM size      : 64049 MB
    HDD size      : 340.47 GB

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Test description
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Runs different tpm2-tools tests against a TPM2 HW.


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Setup
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 16:38:35 ] :: [   PASS   ] :: Command 'udevadm trigger --action=change' (Expected 0, got 0)
:: [ 16:38:35 ] :: [   PASS   ] :: starting tpm2-abrmd (Expected 0, got 0)
:: [ 16:39:49 ] :: [   PASS   ] :: Command 'journalctl -xe' (Expected 0, got 0)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 75s
::   Assertions: 3 good, 0 bad
::   RESULT: PASS (Setup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Presence
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 16:39:50 ] :: [   PASS   ] :: Command 'tpm2_pcrread -T tabrmd' (Expected 0, got 0)
:: [ 16:39:50 ] :: [   PASS   ] :: 24 PCRS (Assert: "24" should be >= "24")
:: [ 16:39:50 ] :: [   PASS   ] :: File /dev/tpm0 should exist
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 3 good, 0 bad
::   RESULT: PASS (Presence)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Functionality
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 16:39:52 ] :: [   PASS   ] :: Command 'tpm2_nvreadpublic -T tabrmd' (Expected 0, got 0)
:: [ 16:39:53 ] :: [   PASS   ] :: random number generator (Expected 0, got 0)
:: [ 16:39:53 ] :: [   PASS   ] :: random number count (Assert: '20' should equal '20')
:: [ 16:39:53 ] :: [   PASS   ] :: hashing (Expected 0, got 0)
:: [ 16:39:53 ] :: [   PASS   ] :: extending PCR (Expected 0, got 0)
:: [ 16:39:53 ] :: [   PASS   ] :: PCR value changed (Assert: "  4 : 0x770D94BE31DC5EF1B807283D29AF56FDEA2328C4" should not equal "  4 : 0x70DE2C23AB72FC5A0AA1C481DD8958987292571C")
:: [ 16:39:53 ] :: [   PASS   ] :: tpm2_rc_decode 0x9a2 -> authorization failure (Assert: '1' should equal '1')
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 3s
::   Assertions: 7 good, 0 bad
::   RESULT: PASS (Functionality)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Data RW
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 0 good, 0 bad
::   RESULT: PASS (Data RW)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Cleanup
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 0 good, 0 bad
::   RESULT: PASS (Cleanup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   /kernel/crypto/tpm/tpm2
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 16:39:53 ] :: [   LOG    ] :: JOURNAL XML: /var/tmp/beakerlib-MtT4kvf/journal.xml
:: [ 16:39:53 ] :: [   LOG    ] :: JOURNAL TXT: /var/tmp/beakerlib-MtT4kvf/journal.txt
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 78s
::   Phases: 5 good, 0 bad
::   OVERALL RESULT: PASS (/kernel/crypto/tpm/tpm2)

# uname -r
5.14.0-0.rc2.23.el9.x86_64
# rpm -qa | grep tpm2
tpm2-tss-3.0.3-4.el9.x86_64
tpm2-abrmd-selinux-2.3.1-5.el9.noarch
tpm2-abrmd-2.4.0-2.el9.x86_64
tpm2-tools-5.0-6.el9.x86_64
Note You need to log in before you can comment on or make changes to this bug.