* [tpm2] [RFC] OpenSSL 3.0 Integration (tpm2-openssl) for Review
@ 2021-02-28 22:27 Petr Gotthard
0 siblings, 0 replies; only message in thread
From: Petr Gotthard @ 2021-02-28 22:27 UTC (permalink / raw
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 1625 bytes --]
Hello,
As you probably already know, a new OpenSSL 3.0 is under development, which will heavily change the API for integrating external cipher providers, such as the TPM2. "Engines" will be replaced by "Providers".
To pioneer this change I refactored the tpm2-tss-engine into a Provider, which is now available as a new project:
https://github.com/tpm2-software/tpm2-openssl
It works with the latest OpenSSL master branch (to be openssl-3.0.0-alpha13) only.
The TPM2 Provider retains most functions of the TPM2 Engine (ECC is yet to be implemented) and preserves the 'TSS2 PRIVATE KEY' file format. In addition to that, the new API enabled some cool features, such as signatures using a restricted signing key or a direct usage of handles to persistent keys. A full list of currently available features is in the project README.md file.
Are there any other TPM2 features that should be available via the OpenSSL 3.0?
Right now the OpenSSL 3.0 is in an "alfa" phase, which allows API changes. This is an ongoing opportunity for us to make sure the OpenSSL API has all the functions the TPM2 needs, because the integration is not always straightforward. Once a "beta" phase is reached only bug fixes will be allowed and new features or breaking changes will have to wait. Thus, we should integrate and test as much as we can before the OpenSSL feature freeze.
Please, review the README.md and/or test the Provider (project tpm2-openssl) and create a new GitHub Issue if you are missing something or if something does not work as expected. Of course, other feedback is welcome too.
Kind Regards,
Petr
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-02-28 22:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-02-28 22:27 [tpm2] [RFC] OpenSSL 3.0 Integration (tpm2-openssl) for Review Petr Gotthard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.