Re: [1.0.1] Nested CMS structures

Tue, 06 May 2014 06:18:13 -0700 

On Sat, May 03, 2014, Kevin Le Gouguec wrote:

> Thank you for your input!
> 
> 
> > No; I???d be concerned if it didn???t show up that way ??? that???s how CMS 
> > is defined
> > to work.
> 
> Just took another look at RFC 5652 and indeed, EncapsulatedContentInfo is a 
> SEQUENCE of { ContentType, EXPLICIT OCTET STRING OPTIONAL }.
> 
> 
> 
> > I???ll let someone else answer that; I would have expected version to be set
> > properly.  I don???t recall seeing anything that would suggest you need to 
> > set
> > the version yourself, since as you point out, the structures are opaque.
> 
> Using asn1parse, I got this:
> 
>     0:d=0  hl=4 l=3980 cons: SEQUENCE          
>     4:d=1  hl=2 l=   9 prim:  OBJECT            :pkcs7-envelopedData
>    15:d=1  hl=4 l=3965 cons:  cont [ 0 ]        
>    19:d=2  hl=4 l=3961 cons:   SEQUENCE          
>    23:d=3  hl=2 l=   1 prim:    INTEGER           :00
>    26:d=3  hl=4 l= 304 cons:    SET               
>    30:d=4  hl=4 l= 300 cons:     SEQUENCE          
>    34:d=5  hl=2 l=   1 prim:      INTEGER           :02
>    37:d=5  hl=2 l=  20 prim:      cont [ 0 ]        
>    59:d=5  hl=2 l=  13 cons:      SEQUENCE          
>    61:d=6  hl=2 l=   9 prim:       OBJECT            :rsaEncryption
>    72:d=6  hl=2 l=   0 prim:       NULL              
>    74:d=5  hl=4 l= 256 prim:      OCTET STRING      [HEX DUMP]:<SNIP 
> ENCRYPTED KEY>
>   334:d=3  hl=4 l=3646 cons:    SEQUENCE          
>   338:d=4  hl=2 l=   9 prim:     OBJECT            :pkcs7-data
>   349:d=4  hl=2 l=  29 cons:     SEQUENCE          
>   351:d=5  hl=2 l=   9 prim:      OBJECT            :aes-256-cbc
>   362:d=5  hl=2 l=  16 prim:      OCTET STRING      [HEX DUMP]:<SNIP IV>
>   380:d=4  hl=4 l=3600 prim:     cont [ 0 ]        
> 
> >From the RFC an EnvelopedData should start with { Version, 
> >(Optional)Originator
> Info, SET of Recipient Info, ... }. So I guess here the version number is 0?
> This is weird, since I'm using a Subject Key Identifier: this condition "must"
> set the RecipientInfo's version field to 2 (which is happening), which in 
> turn should
> make the EnvelopedData's version also 2 (which is not happening).
> 
> ... Weird.
> 

That's a bug. I've just committed fixes to the various branches. 

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to