tpm-tools support OpenSSL 1.1.0 since version 1.3.9. Unfortunately, it
lost compatibility to 1.0.2.
tpm_seal and tpm_unseal create a segfault when used with OpenSSL
1.0.2. The breaking change was introduced by the commit
6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2.
After I reverted this commit, seal and unseal worked fine for me.
It looks like before 1.1.0, OpenSSL expected that an EVP_CIPHER_CTX is
not NULL. With the new version it now uses a EVP_CIPHER_CTX pointer
which is set to NULL. This causes the segfault (memset with NULL as
destination).
EVP_CIPHER_CTX seems to be opaque now, which causes the
incompatibility: https://wiki.openssl.org/index.php/1.1_API_Changes
A possible solution could be to check for OPENSSL_VERSION_NUMBER
similarly like in: https://github.com/libssh2/libssh2/pull/70/files
I created a patch which distingush between the OpenSSL versions before 1.1.0 and 1.1.0. I'm going to test it with OpenSSL 1.0.2 tomorrow.
Please see bug #201. "ctx = EVP_CIPHER_CTX_new();" was the missing code.
Do you have automated testcases for tpm_seal and tpm_unseal? I manually tested the tpm_seal, but I found that tpm_unseal doesn't have output.
Can you please share the tpm_unseal output?
version 1.3.9.1 has the fix which will work with both openssl 1.0.x and openss 1.1.x.