Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-54173

Please stop using OpenSSL ENGINE API in tpm2-tss

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • rhel-10.0
    • None
    • tpm2-tss
    • None
    • tpm2-tss-4.1.3-4.el10
    • No
    • Important
    • 1
    • rhel-kernel-security
    • ssg_core_kernel
    • 9
    • 12
    • 2
    • QE ack, Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • CK-October-2024
    • Unspecified Release Note Type - Unknown
    • All
    • None

      Dear colleagues,

      We got aware that your component relies on openssl/engine.h header that is not shipped with OpenSSL in CentOS 10/RHEL 10 any more.

      Engines are not FIPS compatible and corresponding API is deprecated since OpenSSL 3.0. The engine functionality we are aware of (PKCS#11, TPM) is either covered by providers maintained by Crypto Team now or will be covered soon.

      As we removed the header some time ago, we kindly ask you to check that your component is buildable without it and if necessary implement patches to eliminate the dependency. Looks like your code doesn't rely on on ENGINE API so the headeer seems redundant. The compilation of applications using the ENGINE API or the header is now impossible.

      Feel free to reach the Crypto team, Dmitry Belyavskiy, Sahana Prasad, or Clemens Lang directly if you have any problems with the necessary changes.

              shoracek@redhat.com Štěpán Horáček
              autobot-jira-api pme bot
              Štěpán Horáček Štěpán Horáček
              Vilem Marsik Vilem Marsik
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: