Need help ->TPM out of memory for object contexts problem after porting test from engine(openssl_1.1.1) to providers(openssl3.0.2) tpm2-openssl #116
Labels
question
Further information is requested
I am using tmp through Engine for openssl_1.1.1w
Hi team,
we work in a ubuntu 20.04 environment
we installed following packages :
tpm2-tss-3.2.0.tar.gz
tpm2-abrmd-2.4.1.tar.gz
tpm2-tools-5.3.tar.gz
tpm2-tss-engine-1.1.0.tar.gz
we make a lot of tests during which
All works fine
We ported our application on ubuntu 22.04 with openssl 3.0:
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
This time we use providers ands installed the following packages :
tpm2-tss-4.0.1.tar.gz
tpm2-abrmd-3.0.0.tar.gz
tpm2-tools-5.5.tar.gz
tpm2-openssl version 1.2.0
we do exactly the same tests
this works until a certain point after some tests :
[8823.180][52509]:[INFO ]********************************* TEST 95 *****************************
[8823.180][52509]:[INFO ]
[CPPTest]: ASSERT OK in test_cs_certmgt_intCert_start_end_enroll at line 7345[CPPTest]: file ../../../../../tests/integration_tests/crypto_agent/integration_cs_crypto_cert_mgt.c, line 7345
[CPPTest]: Assert OK
[8823.180][52509]:[INFO ] Asked = CS_KEYPAIR_TPM : Result = CS_KEYPAIR_TPM return message Operation successful RSA GEN INIT rsa 3
RSA GEN_SET_PARAMS [ bits ]
RSA GEN 2048 bits
RSA GEN parent: primary 0x40000001
RSA GET_PARAMS [ bits security-bits max-size ]
RSA CLEANUP
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x87
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x87
ENCODER rsa pkcs1/der DOES_SELECTION 0x87
ENCODER rsa pkcs1/der DOES_SELECTION 0x87
ENCODER rsa pkcs1/der DOES_SELECTION 0x87
ENCODER rsa pkcs1/der DOES_SELECTION 0x87
ENCODER rsa pkcs1/pem DOES_SELECTION 0x87
ENCODER rsa pkcs1/pem DOES_SELECTION 0x87
ENCODER rsa pkcs1/pem DOES_SELECTION 0x87
ENCODER rsa pkcs1/pem DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/der DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/der DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/der DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/der DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/pem DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/pem DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/pem DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/pem DOES_SELECTION 0x87
ENCODER tss PrivateKeyInfo/pem ENCODE 0x87
DER DECODER DECODE
TSS2 DECODER DECODE 0x87
TSS2 DECODER LOAD parent: primary 0x40000001
TSS2 DECODER DECODE 0x87
TSS2 DECODER LOAD parent: primary 0x40000001
TSS2 DECODER DECODE found RSA
RSA LOAD
RSA GET_PARAMS [ bits security-bits max-size ]
RSA HAS 87
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x86
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x86
ENCODER rsa pkcs1/der DOES_SELECTION 0x86
ENCODER rsa pkcs1/pem DOES_SELECTION 0x86
ENCODER rsa SubjectPublicKeyInfo/der DOES_SELECTION 0x86
ENCODER rsa SubjectPublicKeyInfo/pem DOES_SELECTION 0x86
ENCODER rsa SubjectPublicKeyInfo/der ENCODE 0x86
RSA EXPORT 87
SIGN DIGEST_INIT rsa MD=SHA2-256
SIGN GET_CTX_PARAMS [ algorithm-id ]
SIGN DIGEST_SIGN estimate
SIGN DIGEST_SIGN
RSA FREE
[8826.780][52509]:[INFO ]The { cn = myMagnificientSAN1,c = CN,o = Shanghai,ou = =SE=,sn = 012345678910 } certificate has been successfully generated and added to the store as internal certificate
[8826.780][52509]:[INFO ]
[CPPTest] Operation successful : ASSERT OK in test_cs_certmgt_intCert_start_end_enroll at line 7360 [CPPTest]: file ../../../../../tests/integration_tests/crypto_agent/integration_cs_crypto_cert_mgt.c, line 7360
[CPPTest]: Operation successful Assert OK
DER DECODER DECODE
TSS2 DECODER DECODE 0x87
TSS2 DECODER LOAD parent: primary 0x40000001
TSS2 DECODER DECODE 0x87
TSS2 DECODER LOAD parent: primary 0x40000001
TSS2 DECODER DECODE found RSA
RSA LOAD
RSA GET_PARAMS [ bits security-bits max-size ]
RSA HAS 87
[8828.610][52509]:[INFO ]
[CPPTest] Operation successful : ASSERT OK in test_cs_certmgt_intCert_start_end_enroll at line 7361 [CPPTest]: file ../../../../../tests/integration_tests/crypto_agent/integration_cs_crypto_cert_mgt.c, line 7361
[CPPTest]: Operation successful Assert OK
[8828.610][52509]:[INFO ]
[CPPTest] Operation successful : ASSERT OK in test_cs_certmgt_intCert_start_end_enroll at line 7362 [CPPTest]: file ../../../../../tests/integration_tests/crypto_agent/integration_cs_crypto_cert_mgt.c, line 7362
[CPPTest]: Operation successful Assert OK
[8828.610][52509]:[INFO ]
[CPPTest] src cs_certmgt_get_keyPairType : ASSERT OK in test_cs_certmgt_intCert_start_end_enroll at line 7366 [CPPTest]: file ../../../../../tests/integration_tests/crypto_agent/integration_cs_crypto_cert_mgt.c, line 7366
[CPPTest]: src cs_certmgt_get_keyPairType Assert OK
RSA GEN INIT rsa 3
RSA GEN_SET_PARAMS [ bits ]
RSA GEN 2048 bits
RSA GEN parent: primary 0x40000001
RSA GET_PARAMS [ bits security-bits max-size ]
RSA CLEANUP
ENCODER tss PrivateKeyInfo/der DOES_SELECTION 0x87
ENCODER tss PrivateKeyInfo/pem DOES_SELECTION 0x87
ENCODER rsa pkcs1/der DOES_SELECTION 0x87
ENCODER rsa pkcs1/der DOES_SELECTION 0x87
ENCODER rsa pkcs1/der DOES_SELECTION 0x87
ENCODER rsa pkcs1/der DOES_SELECTION 0x87
ENCODER rsa pkcs1/pem DOES_SELECTION 0x87
ENCODER rsa pkcs1/pem DOES_SELECTION 0x87
ENCODER rsa pkcs1/pem DOES_SELECTION 0x87
ENCODER rsa pkcs1/pem DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/der DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/der DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/der DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/der DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/pem DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/pem DOES_SELECTION 0x87
ENCODER rsa SubjectPublicKeyInfo/pem DOES_SELECTION 0x87
� 0x87
ENCODER tss PrivateKeyInfo/pem ENCODE 0x87
DER DECODER DECODE
TSS2 DECODER DECODE 0x87
TSS2 DECODER LOAD parent: primary 0x40000001
WARNING:esys:src/tss2-esys/api/Esys_Load.c:324:Esys_Load_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Load.c:112:Esys_Load() Esys Finish ErrorCode (0x000b0902)
TSS2 DECODER DECODE 0x87
TSS2 DECODER LOAD parent: primary 0x40000001
WARNING:esys:src/tss2-esys/api/Esys_Load.c:324:Esys_Load_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Load.c:112:Esys_Load() Esys Finish ErrorCode (0x000b0902)
TSS2 DECODER DECODE found (null)
[8830.640][52509]:[ERROR]TPM2TSS_R_CANNOT_MAKE_KEY in /home/tpm/GIT/cs-brick/libs/cryptoAl/ptf/gnu/linux/cryptoAl_openssl/../../../../src/cryptoAl_openssl/cs_cryptoAl_openssl.c at line 6486
[8830.640][52509]:[ERROR]CHECK_PARAM failed in function cs_tlsal_genCertFromKeypair (../../../../../src/tlsal/cs_crypto_tlsal.c:826) for parameter: keyCtx->kctx
[8830.640][52509]:[ERROR]newRemainingTpmKPSlots incorrect at 6239 in cs_openssl_cryptoAl_set_remainingTpmKPSlots
[8830.640][52509]:[INFO ]
[CPPTest] Certificate file creation failed : ASSERT Failed in test_cs_certmgt_intCert_start_end_enroll at line 7379 [CPPTest]: file ../../../../../tests/integration_tests/crypto_agent/integration_cs_crypto_cert_mgt.c, line 7379
[CPPTest]: Certificate file creation failed Assert Failed
According to tpm2_rc_decode it seems related to memory :
tpm@tpm-ossl3:~ tpm2_rc_decode 0x000b0902
rmt:warn(2.0): out of memory for object contexts
tpm@tpm-ossl3:~$
I dont understand why we have not the same problem with engines as the tests are exactly the same and that we dont use any flush function
EVP_KEY objects are destroyed after the signing process
What am i missing?
Thanks for your help
The text was updated successfully, but these errors were encountered: