Bug#685115: libengine-tpm-openssl: X509 functions fail due to changes in OpenSSL 1.0.0
Package: libengine-tpm-openssl
Version: 0.4.1+20071221-8
Severity: important
Tags: upstream patch
Dear Maintainer,
I am attempting to use the TPM engine to create self-signed x509 certificates.
According to the package-included documentation, this should be possible with:
openssl req -keyform engine -engine tpm -key <keyfilename> -new -x509 -out
<certfilename>
The package as it exists in squeeze fails to load the tpm engine. I noticed
the package is built against OpenSSL 0.9.8. When I compiled from debian-
source, the command above results in an error regarding ASN1 functions.
David Woodhouse, of Intel, has patched this issue two years ago. I found this:
https://github.com/ThomasHabets/openssl-tpm-
engine/commit/415a9d95144ae8fd160ac5948a140aba5a110767
I have applied this line of code, and it resulted in being able to create the
self-signed cert that I expected. Further testing allowed me to use the
s_server of openssl to connect with the key from the tpm.
-- System Information:
Debian Release: wheezy/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.5.2tresor+ (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libengine-tpm-openssl depends on:
ii libc6 2.13-33
ii libssl1.0.0 1.0.1c-4
ii libtspi-dev 0.3.9-3
ii libtspi1 0.3.9-3
libengine-tpm-openssl recommends no packages.
libengine-tpm-openssl suggests no packages.
-- no debconf information
--- libengine-tpm-openssl-0.4.1+20071221.orig/e_tpm.c
+++ libengine-tpm-openssl-0.4.1+20071221/e_tpm.c
@@ -737,6 +737,8 @@
return NULL;
}
+ EVP_PKEY_assign_RSA(pkey, rsa);
+
return pkey;
}
Reply to: