thanks some detail just in case:
i was actually able to get it to link and invoke the engine functions. when trying to sign data, the call would fail because the pkey structure was not correctly filled out by the engine, the field "ameth" in the structure is left NULL. if i try the same call against the openssl 0.9.8 branch, the call correctly works with the trousers TPM engine. cheers -nicholas *Nicholas Wehr *Senior Software Engineer PRIMA Cinema, Inc. 1903 Wright Pl Suite 320 Carlsbad, CA 92008 email: nicholas.w...@primacinema.com m 616.425.9347 On Tue, May 3, 2011 at 8:04 AM, Kenneth Goldman <kgold...@us.ibm.com> wrote: > I'd try a trousers mailing list as well. > > I just compiled trousers and linked with openssl 1.0.0 and it works. But I > didn't try the TPM engine, which I understand to be a layer on top of > trousers. > > Did you 'discover' that it doesn't work through documentation or did you > try to link. My experience is that most openssl linker errors and runtime > segfaults are due to mixing different versions of openssl on a platform. > openssl releases often break binary compatibility. > > owner-openssl-us...@openssl.org wrote on 05/02/2011 08:32:38 PM: > > > From: Nicholas Wehr <openssl-develop...@primacinema.com> > > To: openssl-users@openssl.org > > Date: 05/02/2011 08:36 PM > > > > We're looking at using the Trousers stack for the backend of openssl > > in order to : > > provide access to an RSA key stored within the TPM > > use the TPM crypto funtions > > We've now discovered that the Trousers engine > > (libengine_tpm_openssl) does not work with the 1.0.0 branch of > > openssl. What are you doing to integrate your TPM? Is there a > > Trousers alternative? Is there a modification/patch available to get > > the 1.0.0 to address the issue? > > > > http://sourceforge.net/projects/trousers/files/OpenSSL%20TPM% > > 20Engine/0.4.1/openssl_tpm_engine-0.4.1.tar.gz/download > > > > Thanks! > > -nicholas >
