search

tpm2-software / tpm2-tss-engine

OpenSSL Engine for TPM2 devices
https://tpm2-software.github.io
BSD 3-Clause "New" or "Revised" License
150 stars 100 forks source link

tpm2tss-genkey: could not load tpm2tss engine #259

Closed fansari closed 1 year ago

fansari commented 2 years ago

When I run

tpm2tss-genkey --alg=ecdsa mykey --ownerpw=xxxx

I get this error message: 

Could not load tpm2tss engine

Also openssl gives error messages:

[fansari@bat keys]$ openssl engine -t -c tpm2tss
409C3DFBFE7E0000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:118:filename(/usr/lib64/engines-3/tpm2tss.so): /usr/lib64/engines-3/tpm2tss.so: cannot open shared object file: No such file or directory
409C3DFBFE7E0000:error:12800067:DSO support routines:DSO_load:could not load the shared library:crypto/dso/dso_lib.c:152:
409C3DFBFE7E0000:error:13000084:engine routines:dynamic_load:dso not found:crypto/engine/eng_dyn.c:442:
409C3DFBFE7E0000:error:13000074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:430:id=tpm2tss

There is no tpm2tss.so in /usr/lib64/engines-3. Why is it expected there? Is this a misconfiguration or some package missing?

[fansari@bat keys]$ ll /usr/lib64/engines-3/
total 220
-rwxr-xr-x. 3 root root 24688 Jan  1  1970 afalg.so
-rwxr-xr-x. 3 root root 15648 Jan  1  1970 capi.so
lrwxrwxrwx. 3 root root     9 Oct 14  2019 libpkcs11.so -> pkcs11.so
-rwxr-xr-x. 3 root root 54048 Jan  1  1970 loader_attic.so
-rwxr-xr-x. 3 root root 28752 Jan  1  1970 padlock.so
-rwxr-xr-x. 3 root root 89600 Jan  1  1970 pkcs11.so

But I find it in /usr/lib64/engines-1.1.

[fansari@bat keys]$ ll /usr/lib64/engines-1.1/
total 116
-rwxr-xr-x. 3 root root 24792 Jan  1  1970 afalg.so
-rwxr-xr-x. 2 root root 55032 Jan  1  1970 libtpm2tss.so
-rwxr-xr-x. 3 root root 28680 Jan  1  1970 padlock.so
lrwxrwxrwx. 2 root root    13 Oct  1 16:14 tpm2tss.so -> libtpm2tss.so

I noticed that the packages are "fc35". This is strange. 

tpm2-tss-engine-1.1.0-3.fc35.x86_64
tpm2-tss-engine-utilities-1.1.0-3.fc35.x86_64

I have Fedora 36 Silverblue and all other tpm2 pakages have "fc36".

tpm2-tss-3.2.0-3.fc36.x86_64
tpm2-abrmd-selinux-2.3.1-5.fc36.noarch
tpm2-pkcs11-tools-1.7.0-2.fc36.x86_64
tpm2-abrmd-2.4.1-1.fc36.x86_64
tpm2-tools-5.2-2.fc36.x86_64
tpm2-pkcs11-1.7.0-2.fc36.x86_64

These openssl packages are installed:

openssl-pkcs11-0.4.12-2.fc36.x86_64
openssl-libs-3.0.5-1.fc36.x86_64
openssl1.1-1.1.1q-1.fc36.x86_64
openssl-3.0.5-1.fc36.x86_64

tpm2tss-genkey.log

fansari commented 2 years ago

I guess I see the problem now: this is deprecated and was replaced by tpm2-openssl. But I don't find this for fc36.

https://github.com/tpm2-software/tpm2-tss-engine/issues/186

I will uninstall tpm2-tss-engine-utilities and leave this topic for now.

AndreasFuchsTPM commented 1 year ago

Yes, tpm2-tss-engine is an engine for OpenSSL1.1.x OpenSSL3.0 now uses the provider-API with tpm2-openssl