On Tue, 06 Dec 2016 17:38:01 -0500 "Hon Ching(Vicky) Lo" <hon...@linux.vnet.ibm.com> wrote: > On Sun, 2016-11-20 at 18:04 +0100, Pierre Chifflier wrote: > > On Thu, Nov 17, 2016 at 07:47:56PM -0500, Hon Ching(Vicky) Lo wrote: > > > On Thu, 2016-11-17 at 16:29 -0500, Hon Ching(Vicky) Lo wrote: > > > > Hi > > > > > > > > The patch is upstream: > > > > https://sourceforge.net/p/trousers/tpm-tools/ci/6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2/ > > > > > > > > > > > > Thanks, > > > > Vicky > > > > > > The patch above is based off the latest code in tpm-tools 1.3.9. Please > > > rebase to tpm-tools 1.3.9 to pick up the patch instead. Thanks! > > > > > > > Hi, > > > > Version 1.3.9 does not fix the build with OpenSSL 1.1. It still fails > > with the following error: > > > > gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include -D_LINUX -Wdate-time > > -D_FORTIFY_SOURCE=2 -g -O2 > > -fdebug-prefix-map=/home/pollux/DEBIAN/TPM-TOOLS/tpm-tools=. > > -fstack-protector-strong -Wformat -Werror=format-security -m64 -Wall > > -Wno-unused -Wno-implicit-function-declaration -Wreturn-type -Wsign-compare > > -c -o data_import.o data_import.c > > data_import.c: In function ‘readX509Cert’: > > data_import.c:375:26: error: dereferencing pointer to incomplete type > > ‘EVP_PKEY {aka struct evp_pkey_st}’ > > if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) { > > ^~ > > In file included from /usr/include/openssl/asn1.h:24:0, > > from /usr/include/openssl/rsa.h:16, > > from data_import.c:34: > > data_import.c: In function ‘createRsaPubKeyObject’: > > data_import.c:694:34: error: dereferencing pointer to incomplete type > > ‘RSA {aka struct rsa_st}’ > > int nLen = BN_num_bytes( a_pRsa->n ); > > ^ > > Makefile:524: recipe for target 'data_import.o' failed > > > > OpenSSL decided not to allow access to these fields anymore. At this > > point, I have no idea on how to fix this. > > > > Best regards, > > Pierre > > > Hi Pierre, > > > OpenCryptoki builds the TPM token that can communicate with a TPM. > Thus, the PKCS#11 support in tpm-tools wasn't necessary. The build > in version 1.3.9 does not include the pkcs#11 support by default. > If Debian enables that support by default, please disable it. >
I have cherry-picked upstream patches for opencryptoki into experimental and it builds against openssl 1.1 there. Could you please update tpm-tools to 1.3.9 in experimental, and if everything buids and is fine it should be good to go into unstable too, no? Or is there more porting to do in the optional code? Note, Debian by default, enables as many features in packages as practically useful and possible. Why should we regress feature parity in the new release? Regards, Dimitri.
