#1006586 tpm2-pkcs11: FTBFS with OpenSSL 3.0

Package:
src:tpm2-pkcs11
Source:
tpm2-pkcs11
Submitter:
Sebastian Andrzej Siewior
Date:
2022-05-21 09:21:07 UTC
Severity:
serious
Tags:
#1006586#5
Date:
2022-02-27 22:58:38 UTC
From:
To:
Your package is failing to build using OpenSSL 3.0 with the
following error:

| libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I./src/lib -Wdate-time -D_FORTIFY_SOURCE=2 -I./src -I./src/lib -Wall -Wextra -Werror -Wformat -Wformat-security -Wstack-protector -fstack-protector-all -Wstrict-overflow=5 -O2 -fPIC -I/usr/include/tss2 -I/usr/include/tss2 -I/usr/include/tss2 -I/usr/include/tss2 -pthread -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -g -c src/lib/mech.c  -fPIC -DPIC -o src/lib/.libs/mech.o
| src/lib/mech.c: In function ‘rsa_pkcs_synthesizer’:
| src/lib/mech.c:860:5: error: ‘RSA_padding_add_PKCS1_type_1’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
|   860 |     int rc = RSA_padding_add_PKCS1_type_1(outbuf, padded_len,
|       |     ^~~
| In file included from src/lib/mech.c:10:
| /usr/include/openssl/rsa.h:376:5: note: declared here
|   376 | int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
|       |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
| src/lib/mech.c: In function ‘rsa_pkcs_unsynthesizer’:
| src/lib/mech.c:896:5: error: ‘RSA_padding_check_PKCS1_type_2’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
|   896 |     int rc = RSA_padding_check_PKCS1_type_2(buf, sizeof(buf),
|       |     ^~~
| In file included from src/lib/mech.c:10:
| /usr/include/openssl/rsa.h:386:5: note: declared here
|   386 | int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|       |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| src/lib/mech.c: In function ‘rsa_pss_synthesizer’:
| src/lib/mech.c:972:5: error: ‘RSA_new’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
|   972 |     RSA *rsa = RSA_new();
|       |     ^~~
| In file included from src/lib/mech.c:10:
| /usr/include/openssl/rsa.h:201:28: note: declared here
|   201 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
|       |                            ^~~~~~~
| src/lib/mech.c:978:5: error: ‘RSA_set0_key’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
|   978 |     int rc = RSA_set0_key(rsa, n, e, NULL);
|       |     ^~~
| In file included from src/lib/mech.c:10:
| /usr/include/openssl/rsa.h:207:27: note: declared here
|   207 | OSSL_DEPRECATEDIN_3_0 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
|       |                           ^~~~~~~~~~~~
| src/lib/mech.c:983:9: error: ‘RSA_free’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
|   983 |         RSA_free(rsa);
|       |         ^~~~~~~~
| In file included from src/lib/mech.c:10:
| /usr/include/openssl/rsa.h:293:28: note: declared here
|   293 | OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
|       |                            ^~~~~~~~
| src/lib/mech.c:987:5: error: ‘RSA_padding_add_PKCS1_PSS’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
|   987 |     rc = RSA_padding_add_PKCS1_PSS(rsa, outbuf,
|       |     ^~
| In file included from src/lib/mech.c:10:
| /usr/include/openssl/rsa.h:428:5: note: declared here
|   428 | int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
|       |     ^~~~~~~~~~~~~~~~~~~~~~~~~
| src/lib/mech.c:989:5: error: ‘RSA_free’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
|   989 |     RSA_free(rsa);
|       |     ^~~~~~~~
| In file included from src/lib/mech.c:10:
| /usr/include/openssl/rsa.h:293:28: note: declared here
|   293 | OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
|       |                            ^~~~~~~~
| cc1: all warnings being treated as errors
| make[1]: *** [Makefile:2009: src/lib/mech.lo] Error 1

For more information see:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html

Sebastian
#1006586#10
Date:
2022-04-29 17:15:43 UTC
From:
To:
"Add support for OpenSSL 3. Note that calls through engine are no longer supported on OpenSSL3."
#1006586#21
Date:
2022-05-21 09:08:24 UTC
From:
To:
I uploaded a NMU with the enclosed changes to unblock the openssl migration.
#1006586#26
Date:
2022-05-21 09:19:06 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
tpm2-pkcs11, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1006586@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Germann <bage@debian.org> (supplier of updated tpm2-pkcs11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 21 May 2022 10:49:57 +0200
Source: tpm2-pkcs11
Architecture: source
Version: 1.7.0-1.1
Distribution: unstable
Urgency: medium
Maintainer: Alvin Chen <sonoma001@gmail.com>
Changed-By: Bastian Germann <bage@debian.org>
Closes: 1006586
Changes:
 tpm2-pkcs11 (1.7.0-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload
   * Correct version number patch (disables -Werror, Closes: #1006586)
Checksums-Sha1:
 f8bd4f4af9a17bf220d301213b375f1360fd6a23 3053 tpm2-pkcs11_1.7.0-1.1.dsc
 902a6770d6d31f6b6c99e282733ebd47447c3c8c 11372 tpm2-pkcs11_1.7.0-1.1.debian.tar.xz
 a0d7e38990120f6cdbf85b18de3088db8a1707ae 10445 tpm2-pkcs11_1.7.0-1.1_source.buildinfo
Checksums-Sha256:
 268190ea2f36cf5a9caf955f1b233ad0c9435a5f4169ef924f8ec573639b01de 3053 tpm2-pkcs11_1.7.0-1.1.dsc
 653639542b59acd0880d9574ed30ece6d7df217f25fe568cee5ffb788af7d63c 11372 tpm2-pkcs11_1.7.0-1.1.debian.tar.xz
 59e33b505f622f03657617f5acda7627c11e455151a520e1b8b24a4fba844bf0 10445 tpm2-pkcs11_1.7.0-1.1_source.buildinfo
Files:
 b97f95ae11b86524dfaafaf0a43566a6 3053 libs optional tpm2-pkcs11_1.7.0-1.1.dsc
 49382966a038d5f3a700cc4d601db69c 11372 libs optional tpm2-pkcs11_1.7.0-1.1.debian.tar.xz
 23032e99318e21f9ea0d7323d38bd719 10445 libs optional tpm2-pkcs11_1.7.0-1.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmKIqxcQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFFFXDACpb883inh4T+Y7ovP8eNKdFxC3KPrkBdDL
iMqrUacK/Z3O+IONHNvNiGSVJm5bWthp71SJjAK/+A16eUw7Ig9EVyh0Nevtp46v
5ytt4baa2n2S9PPYonY9cY6U6pyxPMbQiQovpvqYMchV2h2M5bNZqQCg5rA7bf8M
Aj+O7tPOIMhU77CRWMWFkR05yYhjTmikuVsj5oI5tYTySYKGgQN8/tWsWfYLEIoW
C6lYkhKxRhEfjiimC+7+tAXFpXLZ5zhWTirPktoNz3BBC6J8u6OWFBgXEwj7j3yQ
k9CHLqqGRQas7KOjeNVp0iYeKns+WQAKns+UvYcOKFgU/tuTkSuzI6FfIPUEQfR5
kLPh2gLLMVoomX7l0QtAGKrqUPNwGrbZd6HrSUlrT4BqirEpCk7rnGOBBSkmY+Mr
HfLw3k+wmrVaeCqkdZ0iLJqEbxcu6l6FPagAsjzt5zPli8+Phfbr80kA6h6r1TW1
atFi+IQw7nL8FW/IvpcqI7/WrEGwY9U=
=21Zy
-----END PGP SIGNATURE-----