search

tpm2-software / tpm2-pkcs11

A PKCS#11 interface for TPM2 hardware
https://tpm2-software.github.io
Other
278 stars 104 forks source link

Swap openssl base provider for default provider in integration tests #868

Closed alexleach closed 2 months ago

alexleach commented 4 months ago

Integration tests are failing when built against openssl 3.3.1, e.g:

+ openssl req -provider tpm2 -provider base -new -x509 -days 365 -subj '/CN=my key/' -sha256 -key /tmp/tpm_simulator_Ulvzcd/14.pem --passin pass:756dc95213a46b4249b1d3def6187339 -out /tmp/tpm_simulator_Ulvzcd/cert.pem.ec1
req: Unknown option or message digest: sha256
req: Use -help for summary.

This appears to be because neither the base nor tpm2 providers currently support the sha256 symmetric cipher algorithm, although it can be enabled in tpm2-openssl at compile time.

Using the default provider instead of base fixes tests that are currently failing.

I've submitted this patch to the Arch Linux package as well, where I later realised that it implements a commit already made here: https://github.com/tpm2-software/tpm2-pkcs11/commit/1b3aab90ee5f7debbce82c7e229aa2950a9e8f0d

williamcroberts commented 2 months ago

@alexleach can you sign off your commit and I'll pull it into the next release? I am about to start the release process.

alexleach commented 2 months ago

@alexleach can you sign off your commit and I'll pull it into the next release? I am about to start the release process.

Done! I'd not set that up before, but that was a nice little exercise! 🙂

alexleach commented 2 months ago

I saw a DCO check failed as well, so I've gone through the instructions here and have now signed it off.