[Touch-packages] [Bug 1962549] Re: openssl cms -decrypt doesn't work properly when using an engine

[Adrien Nader]

I don't know why LP expired this bug since you commented after I changed
the its status...

Anyway, I'm going to mark it as New again. Unfortunately, I haven't had
time to try to reproduce this again and I won't have time before at
least two weeks due to some time off and Canonical events. It would be
tremendously helpful if you manage to directly provide the comments for
the steps.

** Changed in: openssl (Ubuntu)
       Status: Expired => New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1962549

Title:
  openssl cms -decrypt doesn't work properly when using an engine

Status in openssl package in Ubuntu:
  New

Bug description:
  I'm using:

  bsci@ip-10-132-42-225:~/test$ lsb_release -rd
  Description:    Ubuntu 20.04.3 LTS
  Release:        20.04

  bsci@ip-10-132-42-225:~/test$ apt-cache policy openssl
  openssl:
    Installed: 1.1.1f-1ubuntu2.10
    Candidate: 1.1.1f-1ubuntu2.10
    Version table:
   *** 1.1.1f-1ubuntu2.10 500
          500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       1.1.1f-1ubuntu2.8 500
          500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 
Packages
       1.1.1f-1ubuntu2 500
          500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages

  
  I have a private EC key held in a TPM 2.0 platform hierarchy.  I'm encrypting 
a message like this:

  openssl cms -encrypt -in message.txt -out message.cipher transport.pem

  Here, transport.pem is the cert. for the EC key held in the TPM.  I'm
  attempting to decrypt like this:

  openssl cms -decrypt -in message.cipher -out /dev/stdout -inkey
  0x81800001 -keyform engine -engine tpm2tss -recip transport.pem

  Instead of seeing the original message text, I'm getting the following error:
  engine "tpm2tss" set.
  Error decrypting CMS using private key
  139626757388096:error:1010107D:elliptic curve 
routines:ecdh_simple_compute_key:missing private 
key:../crypto/ec/ecdh_ossl.c:61:

  It seems that the code is expecting the actual private key instead of
  using the key held in the TPM?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1962549/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp