search

tpm2-software / tpm2-openssl

OpenSSL Provider for TPM2 integration
BSD 3-Clause "New" or "Revised" License
87 stars 37 forks source link

Error when used in Fedora 38 #63

Closed hoinmic closed 1 year ago

hoinmic commented 1 year ago

I am currently trying to get tpm2-openssl to work under fedora 38. I run into the following problem:

openssl version
OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)

sudo tpm2_createek -G ecc -c ek_ecc.ctx

sudo tpm2_createak -C ek_ecc.ctx -G ecc -g sha256 -s ecdsa -c ak_ecc.ctx
loaded-key:
  name: 000b596d27be6c88d78281a72ae656e294aaf9f81c33d404d9269f967eca7e06ba53
  qualified name: 000b62b800819a6035aaf0ae4d014bd2a9913f02d943372172829e8380d9100ab88e

sudo tpm2_evictcontrol -c ak_ecc.ctx 0x81000000
persistent-handle: 0x81000000
action: persisted

sudo tpm2_getcap handles-persistent
- 0x81000000
- 0x81010001
- 0x81010016

sudo openssl req -provider tpm2 -new \
        -subj "/DC=org/DC=simple/O=Simple Inc/CN=www.simple.org" \
        -addext "subjectAltName = DNS:localhost" \
        -key handle:0x81000000 \
        -out testcsr.pem \
        -verbose
Using configuration from /etc/pki/tls/openssl.cnf
Using additional configuration from -addext options
400C7769657F0000:error:0800007D:elliptic curve routines:ossl_ecdsa_simple_sign_sig:missing private key:crypto/ec/ecdsa_ossl.c:224:
400C7769657F0000:error:06880006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:crypto/asn1/a_sign.c:284:

Does anyone have an idea what triggers the error?

Thanks

(Note: Everything works fine with Fedora 36/37)

gotthardp commented 1 year ago

Please try adding the -provider default parameter to the openssl req command.

hoinmic commented 1 year ago

Thank you for your suggestion. Has unfortunately brought nothing.

sudo openssl req -provider tpm2 -provider default -new \
        -subj "/DC=org/DC=simple/O=Simple Inc/CN=www.simple.org" \
        -addext "subjectAltName = DNS:localhost" \
        -key handle:0x81000000 \
        -out testcsr.pem \
        -verbose
Using configuration from /etc/pki/tls/openssl.cnf
Using additional configuration from -addext options
40ACC3E60D7F0000:error:0800007D:elliptic curve routines:ossl_ecdsa_simple_sign_sig:missing private key:crypto/ec/ecdsa_ossl.c:224:
40ACC3E60D7F0000:error:06880006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:crypto/asn1/a_sign.c:284:
gotthardp commented 1 year ago

Strange. And simple key retrieval works? openssl pkey -provider tpm2 -in handle:0x81000000 -text -noout

hoinmic commented 1 year ago

Yes, this works perfectly.

sudo openssl pkey -provider tpm2 -in handle:0x81000000 -text -noout
Private-Key: (EC P-256, TPM 2.0)
pub:
    04:78:14:d5:86:2e:e5:e8:8e:0c:bf:5d:ee:19:6d:
    de:b4:92:16:1e:c6:54:59:f5:c3:97:8d:3e:82:53:
    64:da:e8:db:4c:d2:b2:10:4e:53:a7:e1:9c:fd:34:
    1c:6b:49:4b:25:4e:59:9e:ec:60:57:e3:24:03:f6:
    64:f6:ca:19:7a
ASN1 OID: prime256v1
Object Attributes:
  fixedTPM
  fixedParent
  sensitiveDataOrigin
  userWithAuth
  restricted
  sign / encrypt

I don't understand what component has changed in Fedora 38 compared to Fedora 36 and Fedora 37 (openssl 3 has been used since version 36).

gotthardp commented 1 year ago

The tpm2-openssl is not an official package for Fedora, is it? What does openssl list -providers -provider tpm2 say, please?

hoinmic commented 1 year ago

The first version of the package (F36/F37/F38) is now in the making :-)

sudo openssl list -providers -provider tpm2
Providers:
  default
    name: OpenSSL Default Provider
    version: 3.0.8
    status: active
  tpm2
    name: TPM 2.0 Provider
    version: 1.2.0-rc0
    status: active
gotthardp commented 1 year ago

And could you build it with --enable-debug, please and send me the extra logs it prints during the openssl req command?

hoinmic commented 1 year ago

Here is the log with the debug option enabled. As a base I took the specification of https://download.copr.fedorainfracloud.org/results/afreof/tpm2-openssl/fedora-38-x86_64/05728992-tpm2-openssl/tpm2-openssl.spec and added the option --enable-debug.

sudo openssl req -provider tpm2 -provider default -new \
        -subj "/DC=org/DC=simple/O=Simple Inc/CN=www.simple.org" \
        -addext "subjectAltName = DNS:localhost" \
        -key handle:0x81000004 \
        -out testcsr.pem \
        -verbose
PROVIDER INIT
Using configuration from /etc/pki/tls/openssl.cnf
Using additional configuration from -addext options
STORE/OBJECT OPEN handle:0x81000004
STORE/OBJECT SET_PARAMS [ expect ]
STORE/OBJECT LOAD
STORE/OBJECT LOAD pkey
STORE/OBJECT LOAD found EC
EC LOAD
EC GET_PARAMS [ bits security-bits max-size ]
EC HAS 0x1
STORE/OBJECT CLOSE
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x86
ENCODER ec SubjectPublicKeyInfo/der DOES_SELECTION 0x86
ENCODER ec SubjectPublicKeyInfo/pem DOES_SELECTION 0x86
ENCODER ec SubjectPublicKeyInfo/der ENCODE 0x86
EC GET_PARAMS [ default-digest mandatory-digest ]
EC EXPORT 87
404C47A53D7F0000:error:0800007D:elliptic curve routines:ossl_ecdsa_simple_sign_sig:missing private key:crypto/ec/ecdsa_ossl.c:224:
404C47A53D7F0000:error:06880006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:crypto/asn1/a_sign.c:284:
EC FREE
PROVIDER TEARDOWN
gotthardp commented 1 year ago

Thanks. I know what happened, but I have no clue why it did happen. I added a new test with exactly the same commands and it did pass with all openssl branches https://github.com/tpm2-software/tpm2-openssl/commit/5f633a457b90b4ca182556d98dbb11abaa12464a.

Your machine tries to export the private key, which is not possible with TPM and therefore it fails:

ENCODER ec SubjectPublicKeyInfo/der ENCODE 0x86
EC GET_PARAMS [ default-digest mandatory-digest ]
EC EXPORT 87
404C47A53D7F0000:error:0800007D:elliptic curve routines:ossl_ecdsa_simple_sign_sig:missing private key:crypto/ec/ecdsa_ossl.c:224:
404C47A53D7F0000:error:06880006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:crypto/asn1/a_sign.c:284:
EC FREE
PROVIDER TEARDOWN

However, on my machine it does not attempt the export, but it simply signs:

ENCODER ec SubjectPublicKeyInfo/der ENCODE 0x86
EC GET_PARAMS [ default-digest mandatory-digest ]
EC GET_PARAMS [ default-digest mandatory-digest ]
SIGN DIGEST_INIT ecdsa MD=SHA256
SIGN GET_CTX_PARAMS [ algorithm-id ]
SIGN DIGEST_SIGN estimate
SIGN DIGEST_SIGN
EC FREE
PROVIDER TEARDOWN

Now the question is what made openssl to attempt the export...

gotthardp commented 1 year ago

So, I did install Fedora 38 and was able to reproduce the issue. Then, I built my own OpenSSL 3.0.8 and all tests passed. I used the same configuration flags as used in Fedora, even the same list of patches.

./Configure zlib enable-camellia enable-seed enable-rfc3779 enable-sctp enable-cms enable-md2 enable-rc5 \
enable-fips no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++ shared -DREDHAT_FIPS_VERSION='"\"3.0.8-aaaa\""'

The problem seems to be somewhere around the Fedora's extra files and/or extra configuration. Would you be able to help investigating this further, please?

hoinmic commented 1 year ago

Thanks for reproducing. I will try it. It seems to me to be a non-trivial problem.

hoinmic commented 1 year ago

I am currently comparing the two trees: https://src.fedoraproject.org/rpms/openssl/tree/f37 https://src.fedoraproject.org/rpms/openssl/tree/f38

From the file point of view, these are the differences: +0010-Add-changes-to-ectest-and-eccurve.patch +0013-skipped-tests-EC-curves.patch +0025-for-tests.patch +0031-tmp-Fix-test-names.patch +0032-Force-fips.patch +0033-FIPS-embed-hmac.patch +0034.fipsinstall_disable.patch +0035-speed-skip-unavailable-dgst.patch +0044-FIPS-140-3-keychecks.patch +0045-FIPS-services-minimize.patch +0047-FIPS-early-KATS.patch +0058-FIPS-limit-rsa-encrypt.patch +0060-FIPS-KAT-signature-tests.patch +0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch +0062-fips-Expose-a-FIPS-indicator.patch +0071-AES-GCM-performance-optimization.patch +0072-ChaCha20-performance-optimizations-for-ppc64le.patch +0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch +0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +0075-FIPS-Use-FFDHE2048-in-self-test.patch +0076-FIPS-140-3-DRBG.patch +0077-FIPS-140-3-zeroization.patch +0078-Add-FIPS-indicator-parameter-to-HKDF.patch +0079-Fix-AES-GCM-on-Power-8-CPUs.patch +0100-RSA-PKCS15-implicit-rejection.patch -ec_curve.c -ectest.c -hobble-openssl

Not sure if I am looking in the right place.

gotthardp commented 1 year ago

Thank you. I applied the patches and it worked, so I suspect it is either something in the .spec file directly, or in some other file. The customization looks pretty complicated.

hoinmic commented 1 year ago

Unfortunately, I did not get any further with bisect either. I can not localize the TPM2 problem until now.

Any ideas from Red Hat openssl f38 contributors? @beldmit @neverpanic

beldmit commented 1 year ago

Could you please check whether it works with f37? Recently in F38 we removed hobbling and enabled Brainpool curves so it could affect you.

hoinmic commented 1 year ago

@beldmit Thank you for the quick reply. I have set up a new VM with Fedora 37, the tpm2-openssl spec https://download.copr.fedorainfracloud.org/results/afreof/tpm2-openssl/fedora-38-x86_64/05728992-tpm2-openssl/tpm2-openssl.spec and added the option --enable-debug. In Fedora 37 everything is running fine. The Certificate Signing Request can be created without any problems.

sudo tpm2_createek -G ecc -c ek_ecc.ctx

sudo tpm2_createak -C ek_ecc.ctx -G ecc -g sha256 -s ecdsa -c ak_ecc.ctx
loaded-key:
  name: 000b5200a3d18845eeb5bd844e980550fcdf7439550c232335339515133942ee7970
  qualified name: 000b2d6c0fc9db0e0b57f9f3706a53f27c670737043fbb14f640c64fd490dc574703

sudo tpm2_evictcontrol -c ak_ecc.ctx 0x81000004
persistent-handle: 0x81000004
action: persisted

sudo tpm2_getcap handles-persistent
- 0x81000004
- 0x81010001
- 0x81010016

sudo openssl pkey -provider tpm2 -in handle:0x81000004 -text -noout
PROVIDER INIT
STORE/OBJECT OPEN handle:0x81000004
STORE/OBJECT SET_PARAMS [ expect ]
STORE/OBJECT LOAD
STORE/OBJECT LOAD pkey
STORE/OBJECT LOAD found EC
EC LOAD
EC GET_PARAMS [ bits security-bits max-size ]
EC HAS 0x1
STORE/OBJECT CLOSE
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x87
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x87
ENCODER ec SubjectPublicKeyInfo/der DOES_SELECTION 0x87
ENCODER ec SubjectPublicKeyInfo/der DOES_SELECTION 0x87
ENCODER ec SubjectPublicKeyInfo/der DOES_SELECTION 0x87
ENCODER ec SubjectPublicKeyInfo/pem DOES_SELECTION 0x87
ENCODER ec SubjectPublicKeyInfo/pem DOES_SELECTION 0x87
ENCODER ec SubjectPublicKeyInfo/pem DOES_SELECTION 0x87
ENCODER ENCODE ec text
Private-Key: (EC P-256, TPM 2.0)
pub:
    04:e3:fe:02:c5:d2:d6:4b:9f:40:7b:ba:ff:a4:6c:
    dc:fb:d4:84:81:a7:a7:49:9c:b1:0d:75:82:01:54:
    20:4a:4c:77:b8:d8:4a:f2:89:ec:37:a5:61:bf:08:
    fa:63:11:0b:e2:35:b4:b9:80:90:27:ba:52:4e:94:
    ab:62:63:c6:cd
ASN1 OID: prime256v1
Object Attributes:
  fixedTPM
  fixedParent
  sensitiveDataOrigin
  userWithAuth
  restricted
  sign / encrypt
EC FREE
PROVIDER TEARDOWN

sudo openssl req -provider tpm2 -provider default -new \
        -subj "/DC=org/DC=simple/O=Simple Inc/CN=www.simple.org" \
        -addext "subjectAltName = DNS:localhost" \
        -key handle:0x81000004 \
        -out testcsr.pem \
        -verbose
PROVIDER INIT
Using configuration from /etc/pki/tls/openssl.cnf
Using additional configuration from -addext options
STORE/OBJECT OPEN handle:0x81000004
STORE/OBJECT SET_PARAMS [ expect ]
STORE/OBJECT LOAD
STORE/OBJECT LOAD pkey
STORE/OBJECT LOAD found EC
EC LOAD
EC GET_PARAMS [ bits security-bits max-size ]
EC HAS 0x1
STORE/OBJECT CLOSE
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x86
ENCODER ec SubjectPublicKeyInfo/der DOES_SELECTION 0x86
ENCODER ec SubjectPublicKeyInfo/pem DOES_SELECTION 0x86
ENCODER ec SubjectPublicKeyInfo/der ENCODE 0x86
EC GET_PARAMS [ default-digest mandatory-digest ]
SIGN DIGEST_INIT ecdsa MD=sha256
SIGN GET_CTX_PARAMS [ algorithm-id ]
SIGN DIGEST_SIGN estimate
SIGN DIGEST_SIGN
EC FREE
PROVIDER TEARDOWN

ls -la
total 16
drwxr-xr-x. 1 michaelhaener michaelhaener   96 Apr  3 14:10 .
drwx------. 1 michaelhaener michaelhaener  302 Apr  3 13:56 ..
-rw-rw----. 1 root          root           574 Apr  3 14:09 ak_ecc.ctx
-rw-rw----. 1 root          root           674 Apr  3 14:09 ek_ecc.ctx
-rw-r--r--. 1 root          root           509 Apr  3 14:10 testcsr.pem
-rw-r--r--. 1 michaelhaener michaelhaener 2119 Apr  3 14:01 tpm2-openssl.spec

Conclusion: Fedora 36 and Fedora 37 seem to work fine with "tpm2-openssl".

beldmit commented 1 year ago

Is the problem reproducible with vanilla OpenSSL?

beldmit commented 1 year ago

And if you have any ideas how we could help you, please let us know

hoinmic commented 1 year ago

@beldmit I have cloned and built the master branch of the "openssl" component in Fedora 38 (according to https://github.com/openssl/openssl/blob/master/INSTALL.md). I am not sure, but I hope this is understood under vanilla OpenSSL :-)

Access to the TPM2 works fine and CSR can be created. Now we have the first executable version in Fedora 38. How could the error be narrowed down even further?

sudo LD_LIBRARY_PATH=/usr/local/lib64 /usr/local/bin/openssl version
OpenSSL 3.2.0-dev  (Library: OpenSSL 3.2.0-dev )

sudo LD_LIBRARY_PATH=/usr/local/lib64 /usr/local/bin/openssl req -provider tpm2 -provider default -new \
        -subj "/DC=org/DC=simple/O=Simple Inc/CN=www.simple.org" \
        -addext "subjectAltName = DNS:localhost" \
        -key handle:0x81000004 \
        -out testcsr.pem \
        -verbose
PROVIDER INIT
Using configuration from /usr/local/ssl/openssl.cnf
Using additional configuration from -addext options
STORE/OBJECT OPEN handle:0x81000004
STORE/OBJECT SET_PARAMS [ expect ]
STORE/OBJECT LOAD
STORE/OBJECT LOAD pkey
STORE/OBJECT LOAD found EC
EC LOAD
EC GET_PARAMS [ bits security-bits max-size ]
EC HAS 0x1
STORE/OBJECT CLOSE
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x86
ENCODER ec SubjectPublicKeyInfo/der DOES_SELECTION 0x86
ENCODER ec SubjectPublicKeyInfo/pem DOES_SELECTION 0x86
ENCODER ec SubjectPublicKeyInfo/der ENCODE 0x86
EC GET_PARAMS [ default-digest mandatory-digest ]
EC GET_PARAMS [ default-digest mandatory-digest ]
SIGN DIGEST_INIT ecdsa MD=SHA256
SIGN GET_CTX_PARAMS [ algorithm-id ]
SIGN DIGEST_SIGN estimate
SIGN DIGEST_SIGN
EC FREE
PROVIDER TEARDOWN

ls -la
total 8
drwxr-xr-x. 1 michaelhaener michaelhaener   70 Apr  3 22:18 .
drwx------. 1 michaelhaener michaelhaener  326 Apr  3 15:21 ..
drwxr-xr-x. 1 michaelhaener michaelhaener 4408 Apr  3 15:12 openssl
-rw-r--r--. 1 root          root           509 Apr  3 22:18 testcsr.pem
-rw-r--r--. 1 michaelhaener michaelhaener 2119 Apr  2 08:36 tpm2-openssl.spec
beldmit commented 1 year ago

Can I reproduce it on a generic laptop?

hoinmic commented 1 year ago

Yes. I did it with a Fedora 38 VM with emulated TPM2, but should work with any Fedora 38 laptop (with TPM2 installed).

I used the following specification: https://download.copr.fedorainfracloud.org/results/afreof/tpm2-openssl/fedora-38-x86_64/05728992-tpm2-openssl/tpm2-openssl.spec

I built the package like this:

spectool -g -R tpm2-openssl.spec
rpmbuild -bs tpm2-openssl.spec
sudo mock -r fedora-38-x86_64 rebuild /home/michaelhaener/rpmbuild/SRPMS/tpm2-openssl-1.2.0-2.rc0.fc38.src.rpm
sudo dnf install /var/lib/mock/fedora-38-x86_64/result/tpm2-openssl-1.2.0-2.rc0.fc38.x86_64.rpm

After that, the key generation with CSR (in TPM2) can be done as follows:

sudo tpm2_createek -G ecc -c ek_ecc.ctx
sudo tpm2_createak -C ek_ecc.ctx -G ecc -g sha256 -s ecdsa -c ecc.ctx
sudo tpm2_evictcontrol -c ak_ecc.ctx 0x81000004
sudo openssl req -provider tpm2 -provider default -new \
        -subj "/DC=org/DC=simple/O=Simple Inc/CN=www.simple.org" \
        -addext "subjectAltName = DNS:localhost" \
        -key handle:0x81000004 \
        -out testcsr.pem \
        -verbose
sahanaprasad07 commented 1 year ago

@hoinmic Hello, do you know which ecc curves tpm2 is configured to use?

hoinmic commented 1 year ago

@sahanaprasad07 I'm not sure, if I understand the question correctly. Do you mean this:

sudo tpm2_getcap ecc-curves
TPM2_ECC_NIST_P192: 0x1
TPM2_ECC_NIST_P224: 0x2
TPM2_ECC_NIST_P256: 0x3
TPM2_ECC_NIST_P384: 0x4
TPM2_ECC_NIST_P521: 0x5
TPM2_ECC_BN_P256: 0x10
TPM2_ECC_BN_P638: 0x11
TPM2_ECC_SM2_P256: 0x20
hoinmic commented 1 year ago

@beldmit @sahanaprasad07 What is the best way to proceed with this problem so that this provider also runs under fedora 38?

I see it as very central that under fedora the TPM runs flawlessly with openssl.

beldmit commented 1 year ago

Could you please take a look why we get into ossl_ecdsa_simple_sign_sig ? It's an openssl default implementation, and your provider should be used instead, so the question is - why we don't get in your provider

gotthardp commented 1 year ago

Could you please take a look why we get into ossl_ecdsa_simple_sign_sig ? It's an openssl default implementation, and your provider should be used instead, so the question is - why we don't get in your provider

How could I reproduce this behaviour?

In general, the tpm2 does not have priority over the default provider. To provide additional prioritization you may need the -propquery ?provider=tpm2 argument.

sahanaprasad07 commented 1 year ago

Is there a possibility to test on openssl-3.0.8-1.fc38 if it is not too difficult/time consuming? (I introduced hobbling in openssl-3.0.8-2.fc38, it enables and removes support for some ecc curves, but I doubt this is causing a problem - as the logs point to a different function. We could then eliminate many patches from comparing the two trees: https://src.fedoraproject.org/rpms/openssl/tree/f37 https://src.fedoraproject.org/rpms/openssl/tree/f38)

hoinmic commented 1 year ago

@sahanaprasad07 I can try testing the 3.0.8-1.fc38 specification. But I don't know how to change such a central component without other components failing.

This is how I would build the component:

spectool -g -R openssl.spec
rpmbuild -bs openssl.spec
sudo mock -r fedora-38-x86_64 rebuild .../rpmbuild/SRPMS/openssl-3.0.8-1.fc38.src.rpm

Install (I don't know how to do this):

sudo dnf remove openssl
sudo dnf install /var/lib/mock/fedora-38-x86_64/result/openssl-3.0.8-1.fc38.x86_64.rpm

Or how should I proceed (I suspect "dnf remove openssl" will not work)? Or how can I downgrade openssl to 3.0.8-1?

traxtopel commented 1 year ago

Maybe this is related - https://github.com/tpm2-software/tpm2-pkcs11/issues/813

traxtopel commented 1 year ago

Tested this tonight, same "issue". Using the Fedora < 38 openssl.cnf works without issue.

gotthardp commented 1 year ago

@traxtopel you had Fedora 38, just copied the openssl.cnf from an earlier Fedora and it works? Could you confirm this? That would mean the trouble may be somewhere in the openssl.cnf.

traxtopel commented 1 year ago

I am running Fedora 38. Confirm that using an older openssl.cnf works.

This appears to be causing the issue. [provider_sect] -##default = default_sect +default = default_sect

legacy = legacy_sect

-##[default_sect] -##activate = 1 -## +[default_sect] +activate = 1 +

[legacy_sect]

activate = 1

Workaround is prefix openssl command with path to working openssl.cnf OPENSSL_CONF=/root/openssl.cnf openssl

Diff between Fedora 37 and Fedora 38 openssl.cnf I upped the working file here https://pastebin.com/9NxDVZjn

gotthardp commented 1 year ago

You are brilliant, @traxtopel. Thank you very much!

The problem can now be reproduced on Ubuntu as well. The trouble is caused by an activation of the default provider. It was disabled on Fedora 37 and it is disabled on Ubuntu 22.04.

[default_sect]
activate = 1
gotthardp commented 1 year ago

Hmmm, 40% tests fail with this setting. The mechanism that is failing has always been a mystery for me, so I asked openssl for some advice or help https://github.com/openssl/openssl/issues/20747

hoinmic commented 1 year ago

@traxtopel I was also able to reproduce it with Fedora 38. Thank you.

gotthardp commented 1 year ago

Alright: adding activate = 1 to openssl.cnf changes the order in which the providers are loaded. This may change the behaviour because different algorithms may be found. This is an expected behaviour.

If you have no control over the openssl.cnf the safe way is to always use -propquery '?provider=tpm2'. This will make sure the tpm2 algorithms are always used and the behaviour will not depend on the openssl.cnf.

I will update the documentation to highlight this fact.