engine bug?

[JumboJa]

Unable to create certificate using TPM+openssl generated cert request.

Whatever scheme was used (pkcs1, pss, rsa_pss_saltlen:32 or rsa_pss_saltlen:-1), when feeding cert request file (pem) to the CA, ALWAYS getting error:

Check that the request matches the signature
Signature did not match the certificate request

STEPS WERE:

1. create primary (OK)
2. create daughter AIK (OK)
3. load context as key.ctx (OK)
4. persist key.ctx as 0x81010001 (OK)
5. get pubkey from key.ctx as PEM (OK)
6. openssl req -engine libtpm2tss -keyform engine -new -key 0x81010001 -passin pass:000000 -config openssl.cnf -out csr.pem -sigopt rsa_padding_mode:pkcs1
   (btw, can't load -key key.ctx, only -key 0x81010001 works) (but I suppose it's OK)
7. check (just in case) openssl req -in csr.pem -text -noout (OK)
8. transfer csr file to CA
9. CHECK AGAIN openssl req -in csr.pem -text -noout (SAME OUTPUT, seems ALSO OK)
10. openssl ca -config CA/CA.cnf -extensions v3_ca -days 365 -notext -md sha256 -in csr.pem -out enduser.crt -sigopt rsa_padding_mode:pkcs1

Check that the request matches the signature
Signature did not match the certificate request
4027FC2EE27F0000:error:02000068:rsa routines:ossl_rsa_verify:bad signature:../crypto/rsa/rsa_sign.c:430:
4027FC2EE27F0000:error:1C880004:Provider routines:rsa_verify:RSA lib:../providers/implementations/signature/rsa_sig.c:774:
4027FC2EE27F0000:error:06880006:asn1 encoding routines:ASN1_item_verify_ctx:EVP lib:../crypto/asn1/a_verify.c:217:

[JumboJa]

ADDITION:

If AIK was created like
tpm2 create -C primary.ctx -g sha256 -Grsa2048:rsapss:null -u key.pub -r key.priv -a 'fixedtpm|fixedparent|sensitivedataorigin|userwithauth|sign' -p '000000'
(notice -Grsa2048:rsapss:null)

then error is:
(notice RSA_verify_PKCS1_PSS_mgf1:salt length check failed:crypto/rsa/rsa_pss.c:116:expected: 222 retrieved: 32)

openssl ca -config openssl.cnf -extensions v3_ca -days 365 -notext -md sha256 -in ../csr.pem -out enduser.crt
Using configuration from openssl.cnf
Check that the request matches the signature
Signature did not match the certificate request
48CBB606287F0000:error:02000088:rsa routines:RSA_verify_PKCS1_PSS_mgf1:salt length check failed:crypto/rsa/rsa_pss.c:116:expected: 222 retrieved: 32
48CBB606287F0000:error:1C880004:Provider routines:rsa_verify:RSA lib:providers/implementations/signature/rsa_sig.c:815:
48CBB606287F0000:error:06880006:asn1 encoding routines:ASN1_item_verify_ctx:EVP lib:crypto/asn1/a_verify.c:219:

So,
If csr.pem is signed by TPM itself using tpm2 sign -c key.ctx -g sha256 --scheme=rsapss ... then openssl dgst ... -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 verification is OK. So rsapss is supported.

But if csr is signed using openssl req -engine libtpm2tss ..., no matter with -sigopt rsa_padding_mode pkcs1 or pss - same openssl (CA on the same machine!) issues the errors above...

[JumboJa]

UPDATE

Seems padding issue gone by setting attributes to primary (fixedtpm|fixedparent|sensitivedataorigin|userwithauth|restricted|decrypt) and child (fixedtpm|fixedparent|sensitivedataorigin|userwithauth|restricted|sign).

However can't get engine (tpm2-tss-engine) worked anyways:

# openssl req -engine libtpm2tss -keyform engine -new -key 0x81000000 -config ../openssl_req.conf -out csr.pem -passin pass:000
Engine "tpm2tss" set.
WARNING:esys:src/tss2-esys/api/Esys_Sign.c:311:Esys_Sign_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Sign.c:105:Esys_Sign() Esys Finish ErrorCode (0x0000098e)
483BE2087F7F0000:error:4080006D:tpm2-tss-engine:ERR_error:Unknown TPM error occurred. Please check tpm2tss logs:src/tpm2-tss-engine-rsa.c:726:
483BE2087F7F0000:error:06880006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:crypto/asn1/a_sign.c:284:

and engine requests password, even if EK and AK keys were created without any password.

WHILE openssl provider (had to compile and install tpm2-openssl) does the job, even with segmentation fault.

# openssl req -provider tpm2 -provider default -propquery '?provider=tpm2' -new -config ../openssl_req.conf -key handle:0x81000000 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out csr.pem
Segmentation fault

Same system, same script, same keys, same absolutely everything. ...and request is created. No even password asking from openssl-provider.
What makes me think there's a problem (bug?) exactly with the engine. (Still need it)