Package: libengine-tpm-openssl Version: 0.4.1+20071221-8 Severity: important Tags: upstream patch
Dear Maintainer, I am attempting to use the TPM engine to create self-signed x509 certificates. According to the package-included documentation, this should be possible with: openssl req -keyform engine -engine tpm -key <keyfilename> -new -x509 -out <certfilename> The package as it exists in squeeze fails to load the tpm engine. I noticed the package is built against OpenSSL 0.9.8. When I compiled from debian- source, the command above results in an error regarding ASN1 functions. David Woodhouse, of Intel, has patched this issue two years ago. I found this: https://github.com/ThomasHabets/openssl-tpm- engine/commit/415a9d95144ae8fd160ac5948a140aba5a110767 I have applied this line of code, and it resulted in being able to create the self-signed cert that I expected. Further testing allowed me to use the s_server of openssl to connect with the key from the tpm. -- System Information: Debian Release: wheezy/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.5.2tresor+ (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libengine-tpm-openssl depends on: ii libc6 2.13-33 ii libssl1.0.0 1.0.1c-4 ii libtspi-dev 0.3.9-3 ii libtspi1 0.3.9-3 libengine-tpm-openssl recommends no packages. libengine-tpm-openssl suggests no packages. -- no debconf information
--- libengine-tpm-openssl-0.4.1+20071221.orig/e_tpm.c +++ libengine-tpm-openssl-0.4.1+20071221/e_tpm.c @@ -737,6 +737,8 @@ return NULL; } + EVP_PKEY_assign_RSA(pkey, rsa); + return pkey; }
