Re: [openssl-users] Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

Thu, 11 May 2017 22:54:07 -0700 

The message is first signed then encrypted. Commands are as follows



/usr/bin/openssl cms -encrypt -aes128 -in /tmp/OpenSSL5294490400891792656.eml 
-out /tmp/OpenSSL3519826551660167644.eml -subject 'subject' -from 
sen...@sender.com -to recipi...@recipient.com,recipie...@recipient.com  -recip 
cert1.pem -recip cert2.pem -keyopt rsa_padding_mode:oaepI maybe could provide a 
problematic e-mail including private keys - off the list - due privacy concerns 
to investigate - would that be acceptable ? If so - what e-mail address can i 
sent it to

      From: Dr. Stephen Henson <st...@openssl.org>
 To: Harakiri <harakiri...@yahoo.com>; openssl-users@openssl.org 
 Sent: Tuesday, May 9, 2017 1:04 AM
 Subject: Re: [openssl-users] Some S/MIME CMS encrypted messages produce 
invalid key length when using the debug_decrypt option
  
On Mon, May 08, 2017, Harakiri via openssl-users wrote:

> Im using the cmd client openssl cms -decrypt with the "debug_decrypt" option 
> to have the same behaviour as before the bleichenbach security patch to use 
> decryption without recipient public keys.
> For some reason, some messages will produce the following error on OpenSSL 
> 1.0.2d and even OpenSSL 1.0.2k
> Error decrypting CMS structure6828:error:0607A082:digital envelope 
> routines:EVP_CIPHER_CTX_set_key_length:invalid key 
> length:evp_enc.c:593:6828:error:2E078076:CMS 
> routines:cms_EncryptedContent_init_bio:invalid key length:cms_enc.c:163:
> Calling cms -decrypt without the debug_decrypt option produces no error.
> What is weird, is that its always basically the same source e-mail encrypted 
> using openssl cms with aes-128-cbc and rsaesOaep and sometimes the resulting 
> messagewill produce this error and other times it works.
> 
> 

That's odd. What command line are you using to create the messages?

Would it be possible to create a test case that reproduces this error?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


   

   
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to