[Bug 1962549] [NEW] openssl cms -decrypt doesn't work properly when using an engine
Jim Sievert
1962549 at bugs.launchpad.net
Tue Mar 1 09:07:46 UTC 2022
Public bug reported:
I'm using:
bsci at ip-10-132-42-225:~/test$ lsb_release -rd
Description: Ubuntu 20.04.3 LTS
Release: 20.04
bsci at ip-10-132-42-225:~/test$ apt-cache policy openssl
openssl:
Installed: 1.1.1f-1ubuntu2.10
Candidate: 1.1.1f-1ubuntu2.10
Version table:
*** 1.1.1f-1ubuntu2.10 500
500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
100 /var/lib/dpkg/status
1.1.1f-1ubuntu2.8 500
500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages
1.1.1f-1ubuntu2 500
500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
I have a private EC key held in a TPM 2.0 platform hierarchy. I'm encrypting a message like this:
openssl cms -encrypt -in message.txt -out message.cipher transport.pem
Here, transport.pem is the cert. for the EC key held in the TPM. I'm
attempting to decrypt like this:
openssl cms -decrypt -in message.cipher -out /dev/stdout -inkey
0x81800001 -keyform engine -engine tpm2tss -recip transport.pem
Instead of seeing the original message text, I'm getting the following error:
engine "tpm2tss" set.
Error decrypting CMS using private key
139626757388096:error:1010107D:elliptic curve routines:ecdh_simple_compute_key:missing private key:../crypto/ec/ecdh_ossl.c:61:
It seems that the code is expecting the actual private key instead of
using the key held in the TPM?
** Affects: openssl (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1962549
Title:
openssl cms -decrypt doesn't work properly when using an engine
Status in openssl package in Ubuntu:
New
Bug description:
I'm using:
bsci at ip-10-132-42-225:~/test$ lsb_release -rd
Description: Ubuntu 20.04.3 LTS
Release: 20.04
bsci at ip-10-132-42-225:~/test$ apt-cache policy openssl
openssl:
Installed: 1.1.1f-1ubuntu2.10
Candidate: 1.1.1f-1ubuntu2.10
Version table:
*** 1.1.1f-1ubuntu2.10 500
500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
100 /var/lib/dpkg/status
1.1.1f-1ubuntu2.8 500
500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages
1.1.1f-1ubuntu2 500
500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
I have a private EC key held in a TPM 2.0 platform hierarchy. I'm encrypting a message like this:
openssl cms -encrypt -in message.txt -out message.cipher transport.pem
Here, transport.pem is the cert. for the EC key held in the TPM. I'm
attempting to decrypt like this:
openssl cms -decrypt -in message.cipher -out /dev/stdout -inkey
0x81800001 -keyform engine -engine tpm2tss -recip transport.pem
Instead of seeing the original message text, I'm getting the following error:
engine "tpm2tss" set.
Error decrypting CMS using private key
139626757388096:error:1010107D:elliptic curve routines:ecdh_simple_compute_key:missing private key:../crypto/ec/ecdh_ossl.c:61:
It seems that the code is expecting the actual private key instead of
using the key held in the TPM?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1962549/+subscriptions
More information about the foundations-bugs
mailing list