[Bug 1958439] Re: OpenSSL HMAC mismatch
Thanks for the report, to me that seems to be a consequence of the openssl3 transition [0] Your hint that upstream master has this fixed seems right to me, I found these to most likely be related: https://github.com/tpm2-software/tpm2-tss/commit/e5bb5fb9 Remove deprecated OpenSSL_add_all_algorithms https://github.com/tpm2-software/tpm2-tss/commit/362fda1d Implement EVP_PKEY export/import for OpenSSL 3.0 https://github.com/tpm2-software/tpm2-tss/commit/73d25d68 Drop support for OpenSSL < 1.1.0 https://github.com/tpm2-software/tpm2-tss/commit/aeb5ae44 Test: Use EVP_MAC_xxx with OpenSSL 3.0 https://github.com/tpm2-software/tpm2-tss/commit/f4f528ff FAPI: Change SHA256_Update to EVP_DigestUpdate https://github.com/tpm2-software/tpm2-tss/commit/fdc4f481 Require OpenSSL >= 1.1.0 https://github.com/tpm2-software/tpm2-tss/commit/8fdfadd2 FAPI Test: Change RSA_sign to EVP_PKEY_sign https://github.com/tpm2-software/tpm2-tss/commit/0b24bc2d FAPI Test: Use EVP_PKEY_base_id to detect key type https://github.com/tpm2-software/tpm2-tss/commit/c73be98c FAPI Test: Call EVP_DigestSignInit in the correct order https://github.com/tpm2-software/tpm2-tss/commit/c0a0d376 Test: Remove unused configuration fields So it is about picking that OR going to 3.2 directly which right now is only on -rc0 :-/ [0]: https://lists.ubuntu.com/archives/ubuntu-devel/2021-November/041676.html [1]: https://github.com/tpm2-software/tpm2-tss [2]: https://github.com/tpm2-software/tpm2-tss/releases/tag/3.2.0-rc0 ** Summary changed: - OpenSSL HMAC mismatch + tpm2-tss: builds against OpenSSL 3.0, but fails on execution ** Tags added: transition-openssl3-jj -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958439 Title: tpm2-tss: builds against OpenSSL 3.0, but fails on execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tools/+bug/1958439/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958439] Re: OpenSSL HMAC mismatch
** Description changed: In Ubuntu 22.04 the current tpm2-tools are not working correctly because of an OpenSSL HMAC error (in Ubuntu 20.04 and 21.10 the problem does not exist): rire@rire-ThinkPad-T14-Gen-2a:~$ sudo tpm2_createprimary -C o -c prim.ctx ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:327:iesys_cryptossl_hmac_start() ErrorCode (0x00070001) EVP_PKEY_new_mac_key ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:185:iesys_crypto_authHmac() Error ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/esys_iutil.c:1244:iesys_compute_hmac() HMAC error ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/esys_iutil.c:1354:iesys_gen_auths() Error while computing hmacs ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:244:Esys_CreatePrimary_Async() Error in computation of auth values ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:110:Esys_CreatePrimary() Error in async function ErrorCode (0x00070001) ERROR: Esys_CreatePrimary(0x70001) - esapi:Catch all for all errors not otherwise specified ERROR: Unable to run tpm2_createprimary rire@rire-ThinkPad-T14-Gen-2a:~$ sudo tpm2_clear ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:327:iesys_cryptossl_hmac_start() ErrorCode (0x00070001) EVP_PKEY_new_mac_key ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:185:iesys_crypto_authHmac() Error ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/esys_iutil.c:1244:iesys_compute_hmac() HMAC error ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/esys_iutil.c:1354:iesys_gen_auths() Error while computing hmacs ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/api/Esys_Clear.c:188:Esys_Clear_Async() Error in computation of auth values ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/api/Esys_Clear.c:74:Esys_Clear() Error in async function ErrorCode (0x00070001) ERROR: Esys_Clear(0x70001) - esapi:Catch all for all errors not otherwise specified ERROR: Unable to run tpm2_clear There is a bugreport in Red Hat which seems related: https://bugzilla.redhat.com/show_bug.cgi?id=1989321 A workaround is possible by compiling tpm2-tss, the dependency of tpm2-tools, with mbedTLS instead of OpenSSL and without FAPI (which I don't need actually): ~/dev/tpm2-tss-3.1.0$ ./configure --with-crypto=mbed --disable-fapi --prefix=/usr + + It seems also to be fixed in current master branch of tpm2-tss already. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958439 Title: OpenSSL HMAC mismatch To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tools/+bug/1958439/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs