Bug 2021901 - tboot: FTBFS with OpenSSL 3.0.0
Summary: tboot: FTBFS with OpenSSL 3.0.0
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: tboot
Version: 36
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Gang Wei
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: OpenSSL3.0 F36FTBFS F37FTBFS
TreeView+ depends on / blocked
 
Reported: 2021-11-10 12:10 UTC by Sahana Prasad
Modified: 2022-04-21 14:59 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-04-21 14:59:46 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
tboot openssl3 support patch (41.87 KB, patch)
2021-12-01 02:18 UTC, Yunying Sun 		no flags Details | Diff
View All

Description Sahana Prasad 2021-11-10 12:10:30 UTC 
This bug is used to track the readiness of tboot with OpenSSL 3.0.0.

Currently the build fails to build with OpenSSL 3.0.0 with the following logs
Task info: https://koji.fedoraproject.org/koji/taskinfo?taskID=78020254

Kindly fix them to ensure this package builds with OpenSSL 3.0.0

You can treat the deprecated warnings not as errors if you want to continue to use deprecated functions, but it is encouraged to use the new APIs, and this migration could be done sooner than later.

To not treat deprecated warnings as errors, you may use
-Wno-error=deprecated-declarations

To port to new APIs, kindly refer to the OpenSSL upstream migration guide:
https://www.openssl.org/docs/manmaster/man7/migration_guide.html

Thank you
Comment 1 Yunying Sun 2021-12-01 02:11:12 UTC 
Tboot build still fails with OpenSSL 3.0 on Fedora rawhide:
https://kojipkgs.fedoraproject.org//work/tasks/4213/79454213/build.log

With attached fix patch(from Lukasz), most build errors are fixed, but there're still some errors remain:
https://kojipkgs.fedoraproject.org//work/tasks/4889/79454889/build.log

Remaining errors from log:
lcputils.c: In function 'verify_ec_signature':
lcputils.c:1007:17: error: 'curveName' may be used uninitialized [-Werror=maybe-uninitialized]
 1007 |                 OPENSSL_free((void *) curveName);
      |                 ^
lcputils.c:794:21: note: 'curveName' was declared here
  794 |         const char *curveName;
      |                     ^
lcputils.c: In function 'verify_ec_signature':
lcputils.c:1007:17: error: 'curveName' may be used uninitialized [-Werror=maybe-uninitialized]
 1007 |                 OPENSSL_free((void *) curveName);
      |                 ^
lcputils.c:794:21: note: 'curveName' was declared here
  794 |         const char *curveName;
      |                     ^
lto1: all warnings being treated as errors

+ tboot upstream owner Pawel.
@Pawel, please check if more fixes needed in upstream code. Thanks.
Comment 2 Yunying Sun 2021-12-01 02:18:29 UTC 
Created attachment 1844283 [details]
tboot openssl3 support patch
Comment 3 Yunying Sun 2021-12-23 07:24:13 UTC 
New tboot release 1.10.3 has added adaptions for OpenSSL 3.0. 

Fedora tboot package has been updated to 1.10.3 for rawhide and build works fine:
https://koji.fedoraproject.org/koji/buildinfo?buildID=1869766
Comment 4 Ben Cotton 2022-02-08 21:19:18 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 36 development cycle.
Changing version to 36.
Comment 5 Tomáš Hrnčiar 2022-04-21 14:59:46 UTC 
The following builds were made after this report was opened: tboot-1.10.4-2.fc37 tboot-1.10.5-1.fc37
Note You need to log in before you can comment on or make changes to this bug.