[openssl-users] Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option
Harakiri
harakiri_23 at yahoo.com
Fri May 12 05:52:34 UTC 2017
The message is first signed then encrypted. Commands are as follows
/usr/bin/openssl cms -encrypt -aes128 -in /tmp/OpenSSL5294490400891792656.eml -out /tmp/OpenSSL3519826551660167644.eml -subject 'subject' -from sender at sender.com -to recipient at recipient.com,recipient2 at recipient.com -recip cert1.pem -recip cert2.pem -keyopt rsa_padding_mode:oaepI maybe could provide a problematic e-mail including private keys - off the list - due privacy concerns to investigate - would that be acceptable ? If so - what e-mail address can i sent it to
From: Dr. Stephen Henson <steve at openssl.org>
To: Harakiri <harakiri_23 at yahoo.com>; openssl-users at openssl.org
Sent: Tuesday, May 9, 2017 1:04 AM
Subject: Re: [openssl-users] Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option
On Mon, May 08, 2017, Harakiri via openssl-users wrote:
> Im using the cmd client openssl cms -decrypt with the "debug_decrypt" option to have the same behaviour as before the bleichenbach security patch to use decryption without recipient public keys.
> For some reason, some messages will produce the following error on OpenSSL 1.0.2d and even OpenSSL 1.0.2k
> Error decrypting CMS structure6828:error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length:evp_enc.c:593:6828:error:2E078076:CMS routines:cms_EncryptedContent_init_bio:invalid key length:cms_enc.c:163:
> Calling cms -decrypt without the debug_decrypt option produces no error.
> What is weird, is that its always basically the same source e-mail encrypted using openssl cms with aes-128-cbc and rsaesOaep and sometimes the resulting messagewill produce this error and other times it works.
>
>
That's odd. What command line are you using to create the messages?
Would it be possible to create a test case that reproduces this error?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170512/0001b42b/attachment.html>
More information about the openssl-users
mailing list