[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#685115: libengine-tpm-openssl: X509 functions fail due to changes in OpenSSL 1.0.0

Package: libengine-tpm-openssl
Version: 0.4.1+20071221-8
Severity: important
Tags: upstream patch

Dear Maintainer,

I am attempting to use the TPM engine to create self-signed x509 certificates.
According to the package-included documentation, this should be possible with:
openssl req -keyform engine -engine tpm -key <keyfilename> -new -x509 -out
The package as it exists in squeeze fails to load the tpm engine.  I noticed
the package is built against OpenSSL 0.9.8.  When I compiled from debian-
source, the command above results in an error regarding ASN1 functions.

David Woodhouse, of Intel, has patched this issue two years ago.  I found this:

I have applied this line of code, and it resulted in being able to create the
self-signed cert that I expected.  Further testing allowed me to use the
s_server of openssl to connect with the key from the tpm.

-- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.5.2tresor+ (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libengine-tpm-openssl depends on:
ii  libc6        2.13-33
ii  libssl1.0.0  1.0.1c-4
ii  libtspi-dev  0.3.9-3
ii  libtspi1     0.3.9-3

libengine-tpm-openssl recommends no packages.

libengine-tpm-openssl suggests no packages.

-- no debconf information
--- libengine-tpm-openssl-0.4.1+20071221.orig/e_tpm.c
+++ libengine-tpm-openssl-0.4.1+20071221/e_tpm.c
@@ -737,6 +737,8 @@
 		return NULL;
+	EVP_PKEY_assign_RSA(pkey, rsa);
 	return pkey;

Reply to: