EC keys do not provide OSSL_PKEY_PARAM_MANDATORY_DIGEST
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tpm2-openssl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Luca Boccassi | ||
Kinetic |
Fix Released
|
Undecided
|
Luca Boccassi | ||
Lunar |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
Mandatory digest is not provided by the library
[ Test Plan ]
The upstream fix includes a test script:
[ Where problems could occur ]
The fix adds a small change in the core of the library, so basic functionality like signing might be affected. However, the fix has been upstream and released for half a year and no regressions have been reported.
[ Original Description ]
$ lsb_release -rd
Description: Ubuntu 22.04 LTS
Release: 22.04
$ apt-cache policy tpm2-openssl
tpm2-openssl:
Installed: 1.0.1-1
Candidate: 1.0.1-1
Version table:
*** 1.0.1-1 500
500 http://
100 /var/lib/
Please see: https:/
Essentially, any mandatory digest in a public key is ignored by tpm2-openssl.
summary: |
- xxx + EC keys do not provide OSSL_PKEY_PARAM_MANDATORY_DIGEST |
Changed in tpm2-openssl (Ubuntu): | |
status: | New → Confirmed |
description: | updated |
Changed in tpm2-openssl (Ubuntu Lunar): | |
status: | Confirmed → Fix Released |
Changed in tpm2-openssl (Ubuntu Kinetic): | |
status: | New → Confirmed |
Changed in tpm2-openssl (Ubuntu Jammy): | |
status: | New → Confirmed |
Changed in tpm2-openssl (Ubuntu Jammy): | |
status: | Confirmed → In Progress |
Changed in tpm2-openssl (Ubuntu Kinetic): | |
status: | Confirmed → In Progress |
Changed in tpm2-openssl (Ubuntu Jammy): | |
assignee: | nobody → Luca Boccassi (bluca) |
Changed in tpm2-openssl (Ubuntu Kinetic): | |
assignee: | nobody → Luca Boccassi (bluca) |
tags: |
added: verification-done verification-done-jammy verification-done-kinetic removed: verification-needed verification-needed-jammy verification-needed-kinetic |
tags: | removed: verification-done |
tags: |
added: verification-needed-kinetic removed: verification-done-kinetic |
tags: |
added: verification-done-kinetic removed: verification-needed-kinetic |
Fixed and tested package available on ubuntu/jammy on Salsa: https:/ /salsa. debian. org/debian/ tpm2-openssl/ -/tree/ ubuntu/ jammy