public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
To: git-commits@fedoraproject.org
Subject: [rpms/tss2] rawhide: Add OpenSSL 4.0 compatibility patch
Date: Fri, 12 Jun 2026 19:59:07 GMT [thread overview]
Message-ID: <178129434723.1.17956640380502925972.rpms-tss2-7a0232f181af@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/tss2
Branch : rawhide
Commit : 7a0232f181af38d32ab0b2c5f4737c2d3c973fe6
Author : Pavol Žáčik <pzacik@redhat.com>
Date : 2026-05-12T08:42:24+02:00
Stats : +92/-1 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/tss2/c/7a0232f181af38d32ab0b2c5f4737c2d3c973fe6?branch=rawhide
Log:
Add OpenSSL 4.0 compatibility patch
---
diff --git a/Fix-OpenSSL-4.0-compatibility.patch b/Fix-OpenSSL-4.0-compatibility.patch
new file mode 100644
index 0000000..9ac8449
--- /dev/null
+++ b/Fix-OpenSSL-4.0-compatibility.patch
@@ -0,0 +1,86 @@
+From 037fa75e75bbac369d512f41af639cc707c466d5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <pzacik@redhat.com>
+Date: Mon, 11 May 2026 15:45:47 +0200
+Subject: [PATCH] Fix OpenSSL 4.0 compatibility
+
+Use ASN1_STRING accessor functions and
+const qualifiers for X509_* results.
+---
+ utils/certifyx509.c | 14 ++++++++++++++
+ utils/ekutils.c | 6 +++---
+ 2 files changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/utils/certifyx509.c b/utils/certifyx509.c
+index 607629d..2f2be8e 100644
+--- a/utils/certifyx509.c
++++ b/utils/certifyx509.c
+@@ -1104,11 +1104,18 @@ TPM_RC addSignatureRsa(X509 *x509Certificate,
+ }
+ /* ASN1_BIT_STRING x509Certificate->signature contains a BIT STRING with the RSA signature */
+ if (rc == 0) {
++#if OPENSSL_VERSION_NUMBER >= 0x40000000L
++ irc = ASN1_BIT_STRING_set1(asn1Signature,
++ tSignature->signature.rsassa.sig.t.buffer,
++ tSignature->signature.rsassa.sig.t.size,
++ 0);
++#else
+ irc = ASN1_BIT_STRING_set(asn1Signature,
+ tSignature->signature.rsassa.sig.t.buffer,
+ tSignature->signature.rsassa.sig.t.size);
+ asn1Signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+ asn1Signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
++#endif
+ if (irc == 0) {
+ printf("addSignatureRsa: Error in ASN1_BIT_STRING_set for signature\n");
+ rc = TSS_RC_X509_ERROR;
+@@ -1223,11 +1230,18 @@ TPM_RC addSignatureEcc(X509 *x509Certificate,
+ }
+ /* add the DER signature to the certificate */
+ if (rc == 0) {
++#if OPENSSL_VERSION_NUMBER >= 0x40000000L
++ irc = ASN1_BIT_STRING_set1(asn1Signature,
++ ecdsaSigBin,
++ ecdsaSigBinLength,
++ 0);
++#else
+ irc = ASN1_BIT_STRING_set(asn1Signature,
+ ecdsaSigBin,
+ ecdsaSigBinLength);
+ asn1Signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+ asn1Signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
++#endif
+ if (irc == 0) {
+ printf("addSignatureEcc: Error in ASN1_BIT_STRING_set for signature\n");
+ rc = TSS_RC_X509_ERROR;
+diff --git a/utils/ekutils.c b/utils/ekutils.c
+index add6ae6..365fc68 100644
+--- a/utils/ekutils.c
++++ b/utils/ekutils.c
+@@ -820,7 +820,7 @@ TPM_RC getCaStore(X509_STORE **caStore, /* freed by caller */
+ }
+ }
+ if ((rc == 0) && tssUtilsVerbose) {
+- X509_NAME *x509Name;
++ const X509_NAME *x509Name;
+ char *subject = NULL;
+ x509Name = X509_get_subject_name(caCert[i]);
+ subject = X509_NAME_oneline(x509Name, NULL, 0);
+@@ -941,13 +941,13 @@ TPM_RC verifyKeyUsage(X509 *ekX509Certificate, /* X509 certificate */
+ }
+ }
+ if (rc == 0) {
+- if (keyUsage->length == 0) {
++ if (ASN1_STRING_length(keyUsage) == 0) {
+ printf("verifyKeyUsage: Key usage length 0 bytes\n");
+ rc = TSS_RC_X509_ERROR;
+ }
+ }
+ if (rc == 0) {
+- bitmap = keyUsage->data[0];
++ bitmap = ASN1_STRING_get0_data(keyUsage)[0];
+ keyEncipherment = bitmap & (1<<5); /* bit 2 little endian */
+ keyAgreement = bitmap & (1<<3); /* bit 4 little endian */
+ if (keyEncipherment) { /* bit 2 little endian */
+--
+2.53.0
+
diff --git a/tss2.spec b/tss2.spec
index 9dab25a..6f76f55 100644
--- a/tss2.spec
+++ b/tss2.spec
@@ -9,7 +9,7 @@ Name: tss2
# this is the release of the TSS library
Version: 2.3.2
# this is the release of the fedora package, goes back to 1 when version changes
-Release: 4%{?dist}
+Release: 5%{?dist}
Epoch: 1
Summary: IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities
@@ -17,6 +17,8 @@ License: BSD-3-Clause AND LicenseRef-TCGL
URL: https://sourceforge.net/projects/ibmtpm20tss/
Source0: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
+Patch0: Fix-OpenSSL-4.0-compatibility.patch
+
BuildRequires: automake
BuildRequires: autoconf
BuildRequires: libtool
@@ -79,6 +81,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
%doc ibmtss.docx
%changelog
+* Tue May 12 2026 Pavol Žáčik <pzacik@redhat.com> - 1:2.3.2-5
+- Add OpenSSL 4.0 compatibility patch
+
* Sat Jan 17 2026 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
reply other threads:[~2026-06-12 19:59 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178129434723.1.17956640380502925972.rpms-tss2-7a0232f181af@fedoraproject.org \
--to=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox