* [tpm2] tpm2-tools, tpm2-pkcs11, and OpenSSL 3.0
@ 2021-05-24 21:34 Jerry Snitselaar
0 siblings, 0 replies; only message in thread
From: Jerry Snitselaar @ 2021-05-24 21:34 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 1073 bytes --]
Both tpm2-tools and tpm2-pkcs11 make use of some functions that are
being deprecated in openssl 3.0. Are there plans to move away from using
those deprecated functions? Currently tpm2-tools will build with
-Wno-error=deprecated-declarations, but tpm2-pkcs11 trips over
EVP_PKEY_get0_EC_KEY now returning a const EC_KEY *, and ECDSA_do_verify
taking a non const parameter. Someone suggested doing something like:
EVP_PKEY_CTX *pctx = NULL;
if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
goto fail;
}
if (EVP_PKEY_verify_init(pctx) != 1 ||
EVP_PKEY_verify(pctx, sigbuf, siglen,
dgstbuf, dgstlen) != 1) {
goto fail;
}
fail:
EVP_PKEY_CTX_free(pctx);
but I imagine the ASN.1 framing stuff mentioned in do_sig_verify_ec()
would still be an issue, yes? I don't know openssl, so I don't know
if you could get away with casting the pointer to EC_KEY *.
There is work going on to support openssl 3.0 in RHEL9, so this came up.
Regards,
Jerry
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-05-24 21:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-05-24 21:34 [tpm2] tpm2-tools, tpm2-pkcs11, and OpenSSL 3.0 Jerry Snitselaar
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.