[Bug 1962549] Re: openssl cms -decrypt doesn't work properly when using an engine

Simon Chopin 1962549 at bugs.launchpad.net
Tue Oct 31 15:46:21 UTC 2023 

> I don't know why LP expired this bug since you commented after I changed
> the its status...

AFAIK, LP will not switch back the status to anything after a comment has been
left. That makes sense, as it wouldn't know what the new status is
supposed to be.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1962549

Title:
  openssl cms -decrypt doesn't work properly when using an engine

Status in openssl package in Ubuntu:
  New

Bug description:
  I'm using:

  bsci at ip-10-132-42-225:~/test$ lsb_release -rd
  Description:    Ubuntu 20.04.3 LTS
  Release:        20.04

  bsci at ip-10-132-42-225:~/test$ apt-cache policy openssl
  openssl:
    Installed: 1.1.1f-1ubuntu2.10
    Candidate: 1.1.1f-1ubuntu2.10
    Version table:
   *** 1.1.1f-1ubuntu2.10 500
          500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       1.1.1f-1ubuntu2.8 500
          500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages
       1.1.1f-1ubuntu2 500
          500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages

  
  I have a private EC key held in a TPM 2.0 platform hierarchy.  I'm encrypting a message like this:

  openssl cms -encrypt -in message.txt -out message.cipher transport.pem

  Here, transport.pem is the cert. for the EC key held in the TPM.  I'm
  attempting to decrypt like this:

  openssl cms -decrypt -in message.cipher -out /dev/stdout -inkey
  0x81800001 -keyform engine -engine tpm2tss -recip transport.pem

  Instead of seeing the original message text, I'm getting the following error:
  engine "tpm2tss" set.
  Error decrypting CMS using private key
  139626757388096:error:1010107D:elliptic curve routines:ecdh_simple_compute_key:missing private key:../crypto/ec/ecdh_ossl.c:61:

  It seems that the code is expecting the actual private key instead of
  using the key held in the TPM?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1962549/+subscriptions

More information about the foundations-bugs mailing list