[Touch-packages] [Bug 1962549] Re: openssl cms -decrypt doesn't work properly when using an engine

Tue, 29 Aug 2023 07:47:03 -0700 

Hi, I've been trying to understand this but I've been unsuccessful so
far.

Does it still happen on Ubuntu 22.04 (and 23.04)? Can you reproduce it
without the engine?

** Changed in: openssl (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1962549

Title:
  openssl cms -decrypt doesn't work properly when using an engine

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  I'm using:

  bsci@ip-10-132-42-225:~/test$ lsb_release -rd
  Description:    Ubuntu 20.04.3 LTS
  Release:        20.04

  bsci@ip-10-132-42-225:~/test$ apt-cache policy openssl
  openssl:
    Installed: 1.1.1f-1ubuntu2.10
    Candidate: 1.1.1f-1ubuntu2.10
    Version table:
   *** 1.1.1f-1ubuntu2.10 500
          500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       1.1.1f-1ubuntu2.8 500
          500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 
Packages
       1.1.1f-1ubuntu2 500
          500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages

  
  I have a private EC key held in a TPM 2.0 platform hierarchy.  I'm encrypting 
a message like this:

  openssl cms -encrypt -in message.txt -out message.cipher transport.pem

  Here, transport.pem is the cert. for the EC key held in the TPM.  I'm
  attempting to decrypt like this:

  openssl cms -decrypt -in message.cipher -out /dev/stdout -inkey
  0x81800001 -keyform engine -engine tpm2tss -recip transport.pem

  Instead of seeing the original message text, I'm getting the following error:
  engine "tpm2tss" set.
  Error decrypting CMS using private key
  139626757388096:error:1010107D:elliptic curve 
routines:ecdh_simple_compute_key:missing private 
key:../crypto/ec/ecdh_ossl.c:61:

  It seems that the code is expecting the actual private key instead of
  using the key held in the TPM?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1962549/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to