PKCS7_decrypt vs RSA OAEP padding
Jakob Bohm
jb-openssl at wisemo.com
Thu Apr 15 12:01:59 UTC 2021
On 2021-04-15 12:57, Michal Moravec wrote:
> Follow-up on my previous email:
>
> I modified my proof-of-problem program to load PKCS7 file into PKCS7
> and convert it to CMS_ContentInfo using the BIO (See convert.c in the
> attachment). It is similar to this:
>
>> handle_encrypted_content(SCEP *handle, SCEP_DATA *data, PKCS7 *p7env,
>> X509 *dec_cert, EVP_PKEY *dec_key) {
>> ...
>> CMS_ContentInfo *cmsMessage = NULL;
>> BIO *convert = NULL;
>> conversion = BIO_new(BIO_s_mem());
>> PEM_write_bio_PKCS7(conversion, p7env);
>> cmsEnv = PEM_read_bio_CMS(conversion, NULL, NULL, NULL);
>> CMS_decrypt(cmsEnv, dec_key, dec_cert, NULL, decData, 0);
>
> convert.c works well with my test data and CMS_decrypt successfully
> decrypts the CMS_ContentInfo.
>
> When I put this code into practice = using it in the actual library ->
> https://github.com/EtneteraLogicworks/libscep/commit/d94a24b28fcf3a1c1f0dc5e48e274627eed2b3f6
> Calling CMS_decrypt results in segfault inside libcrypto library:
>> Apr 15 12:08:36 scepdev kernel: openxpkid (main[759]: segfault at
>> ffffffffac6d8cd0 ip 00007f6b4d3040a0 sp 00007ffde9477738 error 5 in
>> libcrypto.so.1.1[7f6b4d29c000+19e000]
>
> I have no idea how to debug this :-( Way out of my league here.
>
>
Try linking libcrypto.so.1.1 with debug symbols included (not
stripped). This should make the error message point to the
function, maybe even show the call stack.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210415/d3af4fc9/attachment.html>
More information about the openssl-users
mailing list