Bug 8455 - [Anolis8.9]tpm2-tools 4.1依赖于openssl的ec接口,但anolis8.9的openssl不支持
Summary: [Anolis8.9]tpm2-tools 4.1依赖于openssl的ec接口,但anolis8.9的openssl不支持
Status: RESOLVED BYDESIGN
Alias: None
Product: Anolis OS 8
Classification: Anolis OS
Component: Others (show other bugs) Others
Version: 8.9
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: tj
QA Contact: shuming
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-07 15:41 UTC by fangbaoshun
Modified: 2024-03-15 11:28 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description fangbaoshun hygon_group 2024-03-07 15:41:58 UTC 
Description of problem:
anolis 8.9里面集成的tpm2-tools(4.1)是使用的ec接口解析公钥,但是anolis 8.9中的openssl不支持ec接口。导致海光tpm2测试相关case失败。
有两种解决方案:
1. openssl支持ec接口
2. tpm2-tools升级成5.6以上,此时不再依赖ec接口,而是使用pkey接口

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 tj alibaba_cloud_group 2024-03-15 11:16:17 UTC 
OpenSSL 1.1.1 确实是不支持SM2算法的EC接口,在这个版本上国密的支持本身就很不完善,TSS可信软件栈也类似,旧版本对国密的支持很不完善,这其实是生态的问题,目前两种解决方案在Anolis8中实施都有难度:
1. OpenSSL 1.1.1社区已停止维护,Anolis也不考虑再在这个即将淘汰的版本上做过多投入,新功能支持还是建议在OpenSSL 3.0上去支持
2. tpm2软件栈依赖较多,技术上不允许直接升级到目前最新的 5.6版本,稳定性上考虑也不能这么做
Comment 2 tj alibaba_cloud_group 2024-03-15 11:17:55 UTC 
如果只是测试Case失败,我认为这个问题是可以忽略的
Comment 3 Jacob admin 2024-03-15 11:28:15 UTC 
经过评估,待升级软件包,现阶段复杂度高。不考虑升级。