[openssl-users] Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

Harakiri harakiri_23 at yahoo.com
Mon May 8 08:48:20 UTC 2017

Im using the cmd client openssl cms -decrypt with the "debug_decrypt" option to have the same behaviour as before the bleichenbach security patch to use decryption without recipient public keys.
For some reason, some messages will produce the following error on OpenSSL 1.0.2d and even OpenSSL 1.0.2k
Error decrypting CMS structure6828:error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length:evp_enc.c:593:6828:error:2E078076:CMS routines:cms_EncryptedContent_init_bio:invalid key length:cms_enc.c:163:
Calling cms -decrypt without the debug_decrypt option produces no error.
What is weird, is that its always basically the same source e-mail encrypted using openssl cms with aes-128-cbc and rsaesOaep and sometimes the resulting messagewill produce this error and other times it works.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170508/4230e103/attachment-0001.html>

More information about the openssl-users mailing list