[rpms/tss2] rawhide: Add OpenSSL 4.0 compatibility patch

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/tss2] rawhide: Add OpenSSL 4.0 compatibility patch
@ 2026-06-12 19:59 
  0 siblings, 0 replies; only message in thread
From:  @ 2026-06-12 19:59 UTC (permalink / raw)
  To: git-commits

A new commit has been pushed.

Repo   : rpms/tss2
Branch : rawhide
Commit : 7a0232f181af38d32ab0b2c5f4737c2d3c973fe6
Author : Pavol Žáčik <pzacik@redhat.com>
Date   : 2026-05-12T08:42:24+02:00
Stats  : +92/-1 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/tss2/c/7a0232f181af38d32ab0b2c5f4737c2d3c973fe6?branch=rawhide

Log:
Add OpenSSL 4.0 compatibility patch

---
diff --git a/Fix-OpenSSL-4.0-compatibility.patch b/Fix-OpenSSL-4.0-compatibility.patch
new file mode 100644
index 0000000..9ac8449
--- /dev/null
+++ b/Fix-OpenSSL-4.0-compatibility.patch
@@ -0,0 +1,86 @@
+From 037fa75e75bbac369d512f41af639cc707c466d5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <pzacik@redhat.com>
+Date: Mon, 11 May 2026 15:45:47 +0200
+Subject: [PATCH] Fix OpenSSL 4.0 compatibility
+
+Use ASN1_STRING accessor functions and
+const qualifiers for X509_* results.
+---
+ utils/certifyx509.c | 14 ++++++++++++++
+ utils/ekutils.c     |  6 +++---
+ 2 files changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/utils/certifyx509.c b/utils/certifyx509.c
+index 607629d..2f2be8e 100644
+--- a/utils/certifyx509.c
++++ b/utils/certifyx509.c
+@@ -1104,11 +1104,18 @@ TPM_RC addSignatureRsa(X509 		*x509Certificate,
+     }
+     /* ASN1_BIT_STRING x509Certificate->signature contains a BIT STRING with the RSA signature */
+     if (rc == 0) {
++#if OPENSSL_VERSION_NUMBER >= 0x40000000L
++	irc = ASN1_BIT_STRING_set1(asn1Signature,
++				   tSignature->signature.rsassa.sig.t.buffer,
++				   tSignature->signature.rsassa.sig.t.size,
++				   0);
++#else
+ 	irc = ASN1_BIT_STRING_set(asn1Signature,
+ 				  tSignature->signature.rsassa.sig.t.buffer,
+ 				  tSignature->signature.rsassa.sig.t.size);
+ 	asn1Signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+ 	asn1Signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
++#endif
+ 	if (irc == 0) {
+ 	    printf("addSignatureRsa: Error in ASN1_BIT_STRING_set for signature\n");
+ 	    rc = TSS_RC_X509_ERROR;
+@@ -1223,11 +1230,18 @@ TPM_RC addSignatureEcc(X509 		*x509Certificate,
+     }
+     /* add the DER signature to the certificate */
+     if (rc == 0) {
++#if OPENSSL_VERSION_NUMBER >= 0x40000000L
++	irc = ASN1_BIT_STRING_set1(asn1Signature,
++				   ecdsaSigBin,
++				   ecdsaSigBinLength,
++				   0);
++#else
+ 	irc = ASN1_BIT_STRING_set(asn1Signature,
+ 				  ecdsaSigBin,
+ 				  ecdsaSigBinLength);
+ 	asn1Signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+ 	asn1Signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
++#endif
+ 	if (irc == 0) {
+ 	    printf("addSignatureEcc: Error in ASN1_BIT_STRING_set for signature\n");
+ 	    rc = TSS_RC_X509_ERROR;
+diff --git a/utils/ekutils.c b/utils/ekutils.c
+index add6ae6..365fc68 100644
+--- a/utils/ekutils.c
++++ b/utils/ekutils.c
+@@ -820,7 +820,7 @@ TPM_RC getCaStore(X509_STORE **caStore,		/* freed by caller */
+ 	    } 
+ 	}
+ 	if ((rc == 0) && tssUtilsVerbose) {
+-	    X509_NAME *x509Name;
++	    const X509_NAME *x509Name;
+ 	    char *subject = NULL;
+ 	    x509Name = X509_get_subject_name(caCert[i]);
+ 	    subject = X509_NAME_oneline(x509Name, NULL, 0);
+@@ -941,13 +941,13 @@ TPM_RC verifyKeyUsage(X509 *ekX509Certificate,		/* X509 certificate */
+ 	}
+     }
+     if (rc == 0) {
+-	if (keyUsage->length == 0) {
++	if (ASN1_STRING_length(keyUsage) == 0) {
+ 	    printf("verifyKeyUsage: Key usage length 0 bytes\n");
+ 	    rc = TSS_RC_X509_ERROR;
+ 	}
+     }
+     if (rc == 0) {
+-	bitmap = keyUsage->data[0];
++	bitmap = ASN1_STRING_get0_data(keyUsage)[0];
+ 	keyEncipherment = bitmap & (1<<5);		/* bit 2 little endian */
+ 	keyAgreement = bitmap & (1<<3);			/* bit 4 little endian */
+ 	if (keyEncipherment) {		/* bit 2 little endian */
+-- 
+2.53.0
+

diff --git a/tss2.spec b/tss2.spec
index 9dab25a..6f76f55 100644
--- a/tss2.spec
+++ b/tss2.spec
@@ -9,7 +9,7 @@ Name:           tss2
 # this is the release of the TSS library
 Version:        2.3.2
 # this is the release of the fedora package, goes back to 1 when version changes
-Release:        4%{?dist}
+Release:        5%{?dist}
 Epoch:          1
 Summary:        IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities
 
@@ -17,6 +17,8 @@ License:        BSD-3-Clause AND LicenseRef-TCGL
 URL:            https://sourceforge.net/projects/ibmtpm20tss/
 Source0:        https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
 
+Patch0:         Fix-OpenSSL-4.0-compatibility.patch
+
 BuildRequires:  automake
 BuildRequires:  autoconf
 BuildRequires:  libtool
@@ -79,6 +81,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %doc ibmtss.docx
 
 %changelog
+* Tue May 12 2026 Pavol Žáčik <pzacik@redhat.com> - 1:2.3.2-5
+- Add OpenSSL 4.0 compatibility patch
+
 * Sat Jan 17 2026 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.2-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
 

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-12 19:59 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-12 19:59 [rpms/tss2] rawhide: Add OpenSSL 4.0 compatibility patch

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox