[Bug 1958439] Re: tpm2-tss: builds against OpenSSL 3.0, but fails on execution
Simon Chopin
1958439 at bugs.launchpad.net
Tue Feb 22 17:37:21 UTC 2022
I gave it a fair try but I hit some issues regarding EOL characters. So
given the rapidly approaching deadline, please see the attached debdiff,
or the matching package in this PPA (modulo the PPA changelog entry that
should be removed):
https://launchpad.net/~schopin/+archive/ubuntu/test-
ppa/+sourcepub/13276647/+listing-archive-extra
You can also find the same changes + our delta in my MR upstream:
https://salsa.debian.org/debian/tpm2-tss/-/merge_requests/4
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to tpm2-tss in Ubuntu.
https://bugs.launchpad.net/bugs/1958439
Title:
tpm2-tss: builds against OpenSSL 3.0, but fails on execution
Status in tpm2-tools package in Ubuntu:
New
Status in tpm2-tss package in Ubuntu:
In Progress
Bug description:
In Ubuntu 22.04 the current tpm2-tools are not working correctly
because of an OpenSSL HMAC error (in Ubuntu 20.04 and 21.10 the
problem does not exist):
rire at rire-ThinkPad-T14-Gen-2a:~$ sudo tpm2_createprimary -C o -c prim.ctx
ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:327:iesys_cryptossl_hmac_start() ErrorCode (0x00070001) EVP_PKEY_new_mac_key
ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:185:iesys_crypto_authHmac() Error ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/esys_iutil.c:1244:iesys_compute_hmac() HMAC error ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/esys_iutil.c:1354:iesys_gen_auths() Error while computing hmacs ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:244:Esys_CreatePrimary_Async() Error in computation of auth values ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:110:Esys_CreatePrimary() Error in async function ErrorCode (0x00070001)
ERROR: Esys_CreatePrimary(0x70001) - esapi:Catch all for all errors not otherwise specified
ERROR: Unable to run tpm2_createprimary
rire at rire-ThinkPad-T14-Gen-2a:~$ sudo tpm2_clear
ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:327:iesys_cryptossl_hmac_start() ErrorCode (0x00070001) EVP_PKEY_new_mac_key
ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:185:iesys_crypto_authHmac() Error ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/esys_iutil.c:1244:iesys_compute_hmac() HMAC error ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/esys_iutil.c:1354:iesys_gen_auths() Error while computing hmacs ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/api/Esys_Clear.c:188:Esys_Clear_Async() Error in computation of auth values ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/api/Esys_Clear.c:74:Esys_Clear() Error in async function ErrorCode (0x00070001)
ERROR: Esys_Clear(0x70001) - esapi:Catch all for all errors not otherwise specified
ERROR: Unable to run tpm2_clear
There is a bugreport in Red Hat which seems related:
https://bugzilla.redhat.com/show_bug.cgi?id=1989321
A workaround is possible by compiling tpm2-tss, the dependency of tpm2-tools, with mbedTLS instead of OpenSSL and without FAPI (which I don't need actually):
~/dev/tpm2-tss-3.1.0$ ./configure --with-crypto=mbed --disable-fapi --prefix=/usr
It seems also to be fixed in current master branch of tpm2-tss
already.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tpm2-tools/+bug/1958439/+subscriptions
More information about the foundations-bugs
mailing list