subject:"\[Bug 1958439\] Re\: OpenSSL HMAC mismatch"

[Bug 1958439] Re: OpenSSL HMAC mismatch

2022-02-02 Thread Christian Ehrhardt 

Thanks for the report,
to me that seems to be a consequence of the openssl3 transition [0]

Your hint that upstream master has this fixed seems right to me, I found
these to most likely be related:

https://github.com/tpm2-software/tpm2-tss/commit/e5bb5fb9 Remove
deprecated OpenSSL_add_all_algorithms

https://github.com/tpm2-software/tpm2-tss/commit/362fda1d Implement EVP_PKEY 
export/import for OpenSSL 3.0
https://github.com/tpm2-software/tpm2-tss/commit/73d25d68 Drop support for 
OpenSSL < 1.1.0
https://github.com/tpm2-software/tpm2-tss/commit/aeb5ae44 Test: Use EVP_MAC_xxx 
with OpenSSL 3.0
https://github.com/tpm2-software/tpm2-tss/commit/f4f528ff FAPI: Change 
SHA256_Update to EVP_DigestUpdate
https://github.com/tpm2-software/tpm2-tss/commit/fdc4f481 Require OpenSSL >= 
1.1.0
https://github.com/tpm2-software/tpm2-tss/commit/8fdfadd2 FAPI Test: Change 
RSA_sign to EVP_PKEY_sign
https://github.com/tpm2-software/tpm2-tss/commit/0b24bc2d FAPI Test: Use 
EVP_PKEY_base_id to detect key type
https://github.com/tpm2-software/tpm2-tss/commit/c73be98c FAPI Test: Call 
EVP_DigestSignInit in the correct order

https://github.com/tpm2-software/tpm2-tss/commit/c0a0d376 Test: Remove
unused configuration fields

So it is about picking that OR going to 3.2 directly which right now is
only on -rc0 :-/


[0]: https://lists.ubuntu.com/archives/ubuntu-devel/2021-November/041676.html
[1]: https://github.com/tpm2-software/tpm2-tss
[2]: https://github.com/tpm2-software/tpm2-tss/releases/tag/3.2.0-rc0

** Summary changed:

- OpenSSL HMAC mismatch
+ tpm2-tss: builds against OpenSSL 3.0, but fails on execution

** Tags added: transition-openssl3-jj

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1958439

Title:
  tpm2-tss: builds against OpenSSL 3.0, but fails on execution

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tpm2-tools/+bug/1958439/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1958439] Re: OpenSSL HMAC mismatch

2022-01-19 Thread Robert Reitz

** Description changed:

  In Ubuntu 22.04 the current tpm2-tools are not working correctly because
  of an OpenSSL HMAC error (in Ubuntu 20.04 and 21.10 the problem does not
  exist):
  
  rire@rire-ThinkPad-T14-Gen-2a:~$ sudo tpm2_createprimary -C o -c prim.ctx
  
ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:327:iesys_cryptossl_hmac_start()
 ErrorCode (0x00070001) EVP_PKEY_new_mac_key
  ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:185:iesys_crypto_authHmac() 
Error ErrorCode (0x00070001)
  ERROR:esys:src/tss2-esys/esys_iutil.c:1244:iesys_compute_hmac() HMAC error 
ErrorCode (0x00070001)
  ERROR:esys:src/tss2-esys/esys_iutil.c:1354:iesys_gen_auths() Error while 
computing hmacs ErrorCode (0x00070001)
  
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:244:Esys_CreatePrimary_Async()
 Error in computation of auth values ErrorCode (0x00070001)
  ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:110:Esys_CreatePrimary() 
Error in async function ErrorCode (0x00070001)
  ERROR: Esys_CreatePrimary(0x70001) - esapi:Catch all for all errors not 
otherwise specified
  ERROR: Unable to run tpm2_createprimary
  
  rire@rire-ThinkPad-T14-Gen-2a:~$ sudo tpm2_clear
  
ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:327:iesys_cryptossl_hmac_start()
 ErrorCode (0x00070001) EVP_PKEY_new_mac_key
  ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:185:iesys_crypto_authHmac() 
Error ErrorCode (0x00070001)
  ERROR:esys:src/tss2-esys/esys_iutil.c:1244:iesys_compute_hmac() HMAC error 
ErrorCode (0x00070001)
  ERROR:esys:src/tss2-esys/esys_iutil.c:1354:iesys_gen_auths() Error while 
computing hmacs ErrorCode (0x00070001)
  ERROR:esys:src/tss2-esys/api/Esys_Clear.c:188:Esys_Clear_Async() Error in 
computation of auth values ErrorCode (0x00070001)
  ERROR:esys:src/tss2-esys/api/Esys_Clear.c:74:Esys_Clear() Error in async 
function ErrorCode (0x00070001)
  ERROR: Esys_Clear(0x70001) - esapi:Catch all for all errors not otherwise 
specified
  ERROR: Unable to run tpm2_clear
  
  There is a bugreport in Red Hat which seems related:
  https://bugzilla.redhat.com/show_bug.cgi?id=1989321
  
  A workaround is possible by compiling tpm2-tss, the dependency of tpm2-tools, 
with mbedTLS instead of OpenSSL and without FAPI (which I don't need actually):
  ~/dev/tpm2-tss-3.1.0$ ./configure --with-crypto=mbed --disable-fapi 
--prefix=/usr
+ 
+ It seems also to be fixed in current master branch of tpm2-tss already.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1958439

Title:
  OpenSSL HMAC mismatch

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tpm2-tools/+bug/1958439/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1958439] Re: OpenSSL HMAC mismatch

[Bug 1958439] Re: OpenSSL HMAC mismatch

2 matches

Site Navigation

Mail list logo

Footer information