<div dir="ltr"><div class="gmail_default" style="font-family:courier new,monospace;color:rgb(76,17,48)">Hello,<br><br></div><div class="gmail_default" style="font-family:courier new,monospace;color:rgb(76,17,48)">is there a support for aes-gcm in openSSL CMS implementaion?<br></div><div class="gmail_default" style="font-family:courier new,monospace;color:rgb(76,17,48)">Following code works when EVP_aes_128_cbc is used as CMS_encrypt param but fails with EVP_aes_128_gcm. Am I missing something (like setting the gcm header/tag) or authenticated encryption is not supported in CMS?<br><br>void cmsTest()<br>{<br>  OPENSSL_init();<br>  SSL_library_init();<br>  SSL_load_error_strings();<br><br>  OpenSSL_add_all_algorithms();<br>  OpenSSL_add_all_ciphers();<br>  OpenSSL_add_all_digests();<br>  <br>  auto certFileBio = BIO_new_file("c:\\a\\advancedbr256r1_noPem.cer", "rb");<br>  auto prvKeyFileBio = BIO_new_file("c:\\a\\advancedbr256r1_pkey.pkcs8", "rb");<br>  <br>  auto evpPkey = d2i_PrivateKey_bio(prvKeyFileBio, 0);<br>  auto cert = d2i_X509_bio(certFileBio, 0);<br>  stack_st_X509* certStack = sk_X509_new_null();<br>  sk_X509_push(certStack, cert);<br>  X509_STORE* store = X509_STORE_new();<br>  X509_STORE_add_cert(store, cert);<br><br>  //sign<br>  auto inFileBio = BIO_new_file("c:\\tmp2\\0_inContent.txt", "rb");<br>  CMS_ContentInfo *cms = CMS_sign(cert, evpPkey, 0, inFileBio, 0);<br>  auto cmsOutFileBio = BIO_new_file("c:\\tmp2\\1_signedCms.txt", "wb");<br>  auto res = PEM_write_bio_CMS(cmsOutFileBio, cms);<br>  BIO_free(inFileBio);<br>  BIO_free(cmsOutFileBio);<br><br>  //encrypt<br>  inFileBio = BIO_new_file("c:\\tmp2\\1_signedCms.txt", "rb");<br><br> //cms = CMS_encrypt(certStack, inFileBio, EVP_aes_128_cbc(), 0); this would work**********************<br>  cms = CMS_encrypt(certStack, inFileBio, EVP_aes_128_gcm(), 0);<br><br>  auto ecnryptedCmsOutFileBio = BIO_new_file("c:\\tmp2\\2_encryptedSignedCmsOut.txt", "wb");<br>  res = PEM_write_bio_CMS(ecnryptedCmsOutFileBio, cms);<br>  BIO_free(inFileBio);<br>  BIO_free(ecnryptedCmsOutFileBio);<br><br>  //decrypt<br>  inFileBio = BIO_new_file("c:\\tmp2\\2_encryptedSignedCmsOut.txt", "rb");<br>  cms = PEM_read_bio_CMS(inFileBio, 0, 0, 0);<br>  auto decryptedCmsOutFileBio = BIO_new_file("c:\\tmp2\\3_decryptedSignedCmsOut.txt", "wb");<br>  res = CMS_decrypt(cms, evpPkey, cert, 0, decryptedCmsOutFileBio, 0);<br>  BIO_free(decryptedCmsOutFileBio);<br>  BIO_free(inFileBio);<br><br>  //verify/read content CMS<br>  inFileBio = BIO_new_file("c:\\tmp2\\3_decryptedSignedCmsOut.txt", "rb");<br>  cms = PEM_read_bio_CMS(inFileBio, 0, 0, 0);<br>  auto decodedCmsOutFileBio = BIO_new_file("c:\\tmp2\\4_inContext.txt", "wb");<br>  res = CMS_verify(cms, certStack, store, 0, decodedCmsOutFileBio, 0);<br>  auto signers = CMS_get0_signers(cms);<br>  BIO_free(inFileBio);<br>  BIO_free(decodedCmsOutFileBio);<br>  <br>  //deinit<br>  EVP_PKEY_free(evpPkey);<br>  sk_X509_free(certStack);<br>  X509_STORE_free(store);<br>  BIO_free(certFileBio);<br>  BIO_free(prvKeyFileBio);<br>}<br></div></div>