[openssl-dev] [openssl.org #3975] The CMS encrypt command uses the wrong ASN.1 encoding for the AES-GCM algorithm parameter.
Laetitia Baudoin via RT
rt at openssl.org
Fri Jul 31 17:44:41 UTC 2015
When using 'openssl cms -encrypt -aes-256-gcm' the algorithm generated is
encoded as:
SEQUENCE(2 elem)
OBJECT IDENTIFIER2.16.840.1.101.3.4.1.46
OCTET STRING(12 byte) 000000000000000000000000
But RFC 5084 (Using AES-CCM and AES-GCM Authenticated Encryption in the
Cryptographic Message Syntax (CMS)) specifies the algorithm parameters as:
GCMParameters ::= SEQUENCE {
aes-nonce OCTET STRING, -- recommended size is 12 octets
aes-ICVlen AES-GCM-ICVlen DEFAULT 12 }
AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16)
So the openssl version is missing the SEQUENCE tag.
Version tested: openssl 1.0.2d on linux x86_64
Example:
openssl cms -encrypt -in message.txt -out encrypted-openssl-aes-256-gcm.msg
-recip user1_no_cn.pem -aes-256-gcm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: encrypted-openssl-aes-256-gcm.msg
Type: application/octet-stream
Size: 905 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150731/b834e78f/attachment.obj>
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list