tpm2-software / tpm2-tss-engine

OpenSSL Engine for TPM2 devices
https://tpm2-software.github.io
BSD 3-Clause "New" or "Revised" License
151 stars 100 forks source link

Can I use the tpm2tss engine with OpenSSL 3 on Ubuntu 22.04? If so, what's the configuration magic? #287

Open GuyWithDogs opened 1 month ago

GuyWithDogs commented 1 month ago

I'm trying to use the tpm2tss engine on Ubuntu 22.04 that has OpenSSL 3 as the default. The libengine-tpm2-tss-openssl_1.1.0-2_amd64.deb will install. The libengine-tpm2-tss-openssl_1.2.0-2build2_amd64.deb package will NOT install - complains that libssl3t64 is missing, and trying to fix that got me into a system that was unusable. That's probably (l)user error (the 'l' is silent), but I'm back at the 1.1.0 version.

I've tried following various installation guides on adding an [engine_section] to /etc/ssl/openssl.cnf,

`[openssl_init] engines = engine_section providers = provider_sect ssl_conf = ssl_sect

[provider_sect] default = default_sect

[engine_section] tpm2tss = tpm2tss_section

[tpm2tss_section] engine_id = tpm2tss dynamic_path = /usr/lib/x86_64-linux-gnu/engines-1.1/tpm2tss.so default_algorithms = RSA `

But when I do that, an 'openssl engine' command gets results of "engine routines:dynamic_load:version incompatibility"

root@machine:/home/dfs/tpm2tsssetup# openssl engine FATAL: Startup failure (dev note: apps_startup()) for openssl 402778B9797F0000:error:13000091:engine routines:dynamic_load:version incompatibility:../crypto/engine/eng_dyn.c:470: 402778B9797F0000:error:13000066:engine routines:int_engine_configure:engine configuration error:../crypto/engine/eng_cnf.c:139:section=tpm2tss_section, name=dynamic_path, value=/usr/lib/x86_64-linux-gnu/engines-1.1/tpm2tss.so 402778B9797F0000:error:0700006D:configuration file routines:module_run:module initialization error:../crypto/conf/conf_mod.c:243:module=engines, value=engine_section retcode=-1

Is there a way to get this working with OpenSSL 3? Thanks.