[Bug 1962549] Re: openssl cms -decrypt doesn't work properly when using an engine

Adrien Nader 1962549 at bugs.launchpad.net
Tue Oct 31 13:40:34 UTC 2023 

I don't know why LP expired this bug since you commented after I changed
the its status...

Anyway, I'm going to mark it as New again. Unfortunately, I haven't had
time to try to reproduce this again and I won't have time before at
least two weeks due to some time off and Canonical events. It would be
tremendously helpful if you manage to directly provide the comments for
the steps.

** Changed in: openssl (Ubuntu)
       Status: Expired => New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1962549

Title:
  openssl cms -decrypt doesn't work properly when using an engine

Status in openssl package in Ubuntu:
  New

Bug description:
  I'm using:

  bsci at ip-10-132-42-225:~/test$ lsb_release -rd
  Description:    Ubuntu 20.04.3 LTS
  Release:        20.04

  bsci at ip-10-132-42-225:~/test$ apt-cache policy openssl
  openssl:
    Installed: 1.1.1f-1ubuntu2.10
    Candidate: 1.1.1f-1ubuntu2.10
    Version table:
   *** 1.1.1f-1ubuntu2.10 500
          500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       1.1.1f-1ubuntu2.8 500
          500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages
       1.1.1f-1ubuntu2 500
          500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages

  
  I have a private EC key held in a TPM 2.0 platform hierarchy.  I'm encrypting a message like this:

  openssl cms -encrypt -in message.txt -out message.cipher transport.pem

  Here, transport.pem is the cert. for the EC key held in the TPM.  I'm
  attempting to decrypt like this:

  openssl cms -decrypt -in message.cipher -out /dev/stdout -inkey
  0x81800001 -keyform engine -engine tpm2tss -recip transport.pem

  Instead of seeing the original message text, I'm getting the following error:
  engine "tpm2tss" set.
  Error decrypting CMS using private key
  139626757388096:error:1010107D:elliptic curve routines:ecdh_simple_compute_key:missing private key:../crypto/ec/ecdh_ossl.c:61:

  It seems that the code is expecting the actual private key instead of
  using the key held in the TPM?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1962549/+subscriptions

More information about the foundations-bugs mailing list