Recent testing found an incompatibility between libtpms and the SymCrypt provider. Version 0.9.6 of libtpms is using the old OpenSSL APIs and does not export the RSA key primes as part of RSA private key export. SymCrypt expects these primes to import the RSA private key. This PR adds a patch to libtpms to export the expected primes.
The latest changes to libtpms appear to fix this issue and update to the OpenSSL 3 APIs, so this patch is only necessary until those changes make it to release.
Change Log
Add patch to fix compatibility between libtpms and the SymCrypt provider
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-static
subpackages, etc.) have had theirRelease
tag incremented../cgmanifest.json
,./toolkit/scripts/toolchain/cgmanifest.json
,.github/workflows/cgmanifest.json
)./SPECS/LICENSES-AND-NOTICES/data/licenses.json
,./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
,./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON
)*.signatures.json
filessudo make go-tidy-all
andsudo make go-test-coverage
passSummary
Recent testing found an incompatibility between libtpms and the SymCrypt provider. Version 0.9.6 of libtpms is using the old OpenSSL APIs and does not export the RSA key primes as part of RSA private key export. SymCrypt expects these primes to import the RSA private key. This PR adds a patch to libtpms to export the expected primes.
The latest changes to libtpms appear to fix this issue and update to the OpenSSL 3 APIs, so this patch is only necessary until those changes make it to release.
Change Log
Does this affect the toolchain?
NO
Test Methodology