PKCS7_decrypt vs RSA OAEP padding

Michal Moravec michal.moravec at
Wed Apr 28 07:07:38 UTC 2021

I reported the issue here ->

I guess this is a final message from me. Nothing more to add.


On 15. 4. 2021, at 17:40, Michal Moravec <michal.moravec at<mailto:michal.moravec at>> wrote:


After replacing the PEM_write_bio_PKCS7/PEM_read_bio_CMS methods for i2d_PKCS7_bio/d2i_CMS_bio
PCKS7 (In this case CMS) decryption now works!

Code now looks like:

handle_encrypted_content(SCEP *handle, SCEP_DATA *data, PKCS7 *p7env, X509 *dec_cert, EVP_PKEY *dec_key) {
CMS_ContentInfo *cmsMessage = NULL;
BIO *convert = NULL;
conversion = BIO_new(BIO_s_mem());
i2d_PKCS7_bio(conversion, p7env);
cmsEnv = d2i_CMS_bio(conversion, NULL);
CMS_decrypt(cmsEnv, dec_key, dec_cert, NULL, decData, 0);


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list