Hi Roberts, Yes , I have loaded the engine. I have doubt that the issue might be due to abrmd resource management ? on reinitialize TCTI device (ref: shared below links) Scenario : I am doing two operation in single application tpm2tss-rsa-genkey and then creatingCsr() . Here tpm2tss-rsa-genkey is working fine , then am covering the genkey to EVP_PKEY and giving it to createcsr. Even inside createcsr app getting crash when the sign API is get called. *Look in to how to reinitialize TCTI device* https://github.com/tpm2-software/tpm2-tss/issues/1395 https://github.com/tpm2-software/tpm2-tss/issues/1499 "Device or resource busy" usually means that some other process has it open. try lsof | grep tpm to catch the sneaky program. On Fri, May 8, 2020, 9:45 PM Roberts, William C > > > -----Original Message----- > > From: muthu.smk(a)gmail.com [mailto:muthu.smk(a)gmail.com] > > Sent: Friday, May 8, 2020 3:01 AM > > To: tpm2(a)lists.01.org > > Subject: [tpm2] How CreateCsr using openssl API flow works , when is > passes via > > tpm2-tss-engine > > > > I have below openssl command with tpmengine which generate csr using the > > private key generated using tpm2tss-genkey. > > > > /* Generating private using below tpm2tss-genkey API*/ tpm2tss-genkey -a > rsa - > > s 2048 tpm2tss_rsa_genkey_2048 > > /* using below openssl API creating a csr with input key (private key > generated > > by tpm2tss) , via engine tpm2tss */ openssl req -new -engine tpm2tss > -keyform > > engine -out openssl_created_mod_rsa_key.csr -key tpm2tss_rsa_genkey_2048 > > Did you load the engine so the API hits the tss engine versus normal > openssl? > IIRC the last time I saw your code snippets you never loaded the engine. > > > > While creating the similar application what the above tpm2-genkey > creation and > > openssl does using tpm2/tpm2-tss api , am getting my app crash in below > signing > > API . I tried checking the tpm2-tss-engine code which works for openssl > to > > perform tpm2 tss task . But i could not able to get any clue regarding > where this > > "sign" is happening . Since this "sign" is part of csr generation , am > not sure how > > come the command line above openssl api works . Can any one give me some > > inputs on this . > > > > X509_REQ_sign () > > > > Thanks > > _______________________________________________ > > tpm2 mailing list -- tpm2(a)lists.01.org > > To unsubscribe send an email to tpm2-leave(a)lists.01.org > > %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s >