Bug 1207940 - [Build 20230205] openssl-3: tpm unable to enable public key encoding
Summary: [Build 20230205] openssl-3: tpm unable to enable public key encoding
Status: NEW
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Basesystem (show other bugs)
Version: Current
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Pedro Monreal Gonzalez
QA Contact: E-mail List
URL: https://openqa.opensuse.org/tests/310...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-02-06 13:52 UTC by Dominique Leuenberger
Modified: 2024-07-03 13:09 UTC (History)
5 users (show)

See Also:
Found By: openQA
Services Priority:
Business Priority:
Blocker: Yes
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dominique Leuenberger 2023-02-06 13:52:45 UTC 
## Observation

With the switch to openssl-3, the tpm tests started failing in openQA:

# Test died:

command 'openssl ec -engine tpm2tss -inform engine -in mykey -pubout -outform pem -out mykey.pub' failed at /usr/lib/os-autoinst/autotest.pm line 387.


# Result:

Engine "tpm2tss" set.
read EC key
unable to enable public key encoding
40576458237F0000:error:030000A3:digital envelope routines:EVP_PKEY_set_params:invalid key:crypto/evp/p_lib.c:2353:
XHqhV-1-

## openQA references

openQA test in scenario opensuse-Tumbleweed-DVD-x86_64-security_tpm2_swtpm@64bit fails in
[tpm2_engine_ecdsa_operation](https://openqa.opensuse.org/tests/3101026/modules/tpm2_engine_ecdsa_operation/steps/15)

## Test suite description
The base test suite is used for job templates defined in YAML documents. It has no settings of its own.


## Reproducible

Fails since (at least) Build [20230205](https://openqa.opensuse.org/tests/3101026) (current job)


## Expected result

Last good: [20230201](https://openqa.opensuse.org/tests/3089306) (or more recent)


## Further details

Always latest result in this scenario: [latest](https://openqa.opensuse.org/tests/latest?arch=x86_64&distri=opensuse&flavor=DVD&machine=64bit&test=security_tpm2_swtpm&version=Tumbleweed)
Comment 1 Pedro Monreal Gonzalez 2023-02-06 14:55:39 UTC 
I have submitted the recently released update to version 1.2.0, just in case this is solved upstream, here:
   * https://build.opensuse.org/request/show/1063432

I'm adding Otto in CC also.
Comment 2 Pedro Monreal Gonzalez 2023-02-08 13:34:50 UTC 
Assigning back to the OpenSSL maintainer.
Comment 3 Dominique Leuenberger 2023-02-11 07:16:20 UTC 
(In reply to Pedro Monreal Gonzalez from comment #1)
> I have submitted the recently released update to version 1.2.0, just in case
> this is solved upstream, here:
>    * https://build.opensuse.org/request/show/1063432

This has been in TW for a few days now, but the openQA tests still fail the same, so we can conclude it did not help
Comment 4 Dominique Leuenberger 2023-02-15 13:41:24 UTC 
Simarizing what the test does:

tpm2tss-genkey -a ecdsa -s 2048 mykey
openssl ec -engine tpm2tss -inform engine -in mykey -pubout -outform pem -out mykey.pub

the 2nd command fails with:

Engine "tpm2tss" set.
read EC key
unable to enable public key encoding
4027EA812D7F0000:error:030000A3:digital envelope routines:EVP_PKEY_set_params:invalid key:crypto/evp/p_lib.c:2353:
Comment 5 Fabian Vogt 2023-05-03 14:43:01 UTC 
Ping, still broken the same way. Looks like an OpenSSL 3.x bug.
Comment 6 Lubos Kocman 2024-05-13 07:26:11 UTC 
This affects 15.6 as well https://openqa.opensuse.org/tests/4170847