All of lore.kernel.org
 help / color / mirror / Atom feed
* [tpm2] CMP error: cannot duplicate context:2306 tpm:warn(2.0): out of memory for object contexts
@ 2021-10-03 23:40 Chris Newman
  0 siblings, 0 replies; only message in thread
From: Chris Newman @ 2021-10-03 23:40 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 2025 bytes --]

Hi,

I create an EK and AK using tpm2_createek, tpm2_createak and 
tpm2_evictcontrol to persist the AK in 0x81010002. The I use the 
following command with DigiCert's CMPv2 server:

openssl cmp -config /opt/sdk/openssl/current/ssl/openssl.cnf -provider 
tpm2 -provider default -propquery ?provider=tpm2,tpm2.digest!=yes -cmd 
ir -server https://demo.one.digicert.com/iot/api/v1/cmp/IOT_1234 -ref 
1234 -secret pass:1234 -recipient "/CN=mode51.software" -key 
handle:0x81010002 -subject "/CN=TestTest" -cacertsout ./capubs.pem 
-certout ./cl_cert.pem -tls_used -verbosity 8

I get the following error:

DIGEST NEW
DIGEST INIT
DIGEST UPDATE
DIGEST DUP
DIGEST FINAL
DIGEST FREE
DIGEST NEW
DIGEST INIT
DIGEST UPDATE
DIGEST NEW
DIGEST INIT
DIGEST UPDATE
DIGEST DUP
WARNING:esys:src/tss2-esys/api/Esys_ContextLoad.c:279:Esys_ContextLoad_Finish() 
Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_ContextLoad.c:93:Esys_ContextLoad() 
Esys Finish ErrorCode (0x00000902)
DIGEST FREE
DIGEST FREE
DIGEST FREE
CMP DEBUG: disconnected from CMP server
*CMP error: cannot duplicate context:2306 tpm:warn(2.0): out of memory 
for object contexts*
CMP error: not able to copy ctx
CMP error: internal error
CMP error: error sending
CMP error: shutdown while in init
CMP error: transfer error:request sent: IR, expected response: IP
RSA FREE
RAND FREE
RAND FREE
RAND FREE
PROVIDER TEARDOWN


I've tried tpm2_flushcontext -t.

I recompiled tpm2-openssl with the following option and that appears to 
have worked around the issue:

--disable-op-digest

Is this what "?provider=tpm2,tpm2.digest!=yes" should effectively do?


-- 

Chris Newman
https://mode51.software <https://mode51.software>
@mode51software <https://twitter.com/mode51software>




mode51 Software Ltd is registered in England and Wales
Company Number 13007792 Registered Office 3 Orchard Way, CB24 1AG, UK

GPG Encryption key 
<https://mode51.software/downloads/chrisnewman-mode51-pub-20201111.asc>

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 3046 bytes --]

[-- Attachment #3: hbofnihajndifnfn.png --]
[-- Type: image/png, Size: 7041 bytes --]

[-- Attachment #4: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 4007 bytes --]

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2021-10-03 23:40 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-03 23:40 [tpm2] CMP error: cannot duplicate context:2306 tpm:warn(2.0): out of memory for object contexts Chris Newman

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.