tpm2-tss-engine:func(151):The provided digest value is too large:src/tpm2-tss-engine-digest-sign.c:115:

tpm2-software / tpm2-tss-engine

OpenSSL Engine for TPM2 devices

https://tpm2-software.github.io

BSD 3-Clause "New" or "Revised" License

151 stars 100 forks source link

tpm2-tss-engine:func(151):The provided digest value is too large:src/tpm2-tss-engine-digest-sign.c:115: #248

Closed CIPop closed 2 years ago

CIPop commented 2 years ago

With latest code from master, we're observing a failure in the TPM2 TSS engine:

sudo openssl s_client -connect <hidden>.azure-devices.net:8883 -cert my_cert.pem -key my_tpm_key.tss -keyform engine -engine tpm2tss

<... connects>
140028234097984:error:8009706E:tpm2-tss-engine:func(151):The provided digest value is too large:src/tpm2-tss-engine-digest-sign.c:115:
140028234097984:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:../ssl/statem/statem_lib.c:308:
<connection closed>

The same call works fine with the engine built from v1.1.0.

AndreasFuchsTPM commented 2 years ago

@rshearman Could you say anything about this ?

AndreasFuchsTPM commented 2 years ago

@CIPop can you confirm that latest master solves the issue for you ?

CIPop commented 2 years ago

Thank you for the fix! We'll try it out and report back.

AndreasFuchsTPM commented 2 years ago

Very well. I'll keep this bug open until you report back end then will continue the release process.

AndreasFuchsTPM commented 2 years ago

@CIPop Any news on this running ? I'd like to see if we can get this out soon...

CIPop commented 2 years ago

Everything works as expected with latest (0c663c2abf46941d283d207237b51f421cde35a1)! I have tested both RSA and EC certificates with the scenario above and the server accepts the connection in both cases.

Thank you again for the fix!