[openssl-users] Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

Dr. Stephen Henson steve at openssl.org
Mon May 8 23:04:34 UTC 2017

On Mon, May 08, 2017, Harakiri via openssl-users wrote:

> Im using the cmd client openssl cms -decrypt with the "debug_decrypt" option to have the same behaviour as before the bleichenbach security patch to use decryption without recipient public keys.
> For some reason, some messages will produce the following error on OpenSSL 1.0.2d and even OpenSSL 1.0.2k
> Error decrypting CMS structure6828:error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length:evp_enc.c:593:6828:error:2E078076:CMS routines:cms_EncryptedContent_init_bio:invalid key length:cms_enc.c:163:
> Calling cms -decrypt without the debug_decrypt option produces no error.
> What is weird, is that its always basically the same source e-mail encrypted using openssl cms with aes-128-cbc and rsaesOaep and sometimes the resulting messagewill produce this error and other times it works.

That's odd. What command line are you using to create the messages?

Would it be possible to create a test case that reproduces this error?

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list