Re: PKCS7_decrypt vs RSA OAEP padding

2021-04-28 Thread Michal Moravec
I reported the issue here -> https://github.com/openssl/openssl/issues/14927 I guess this is a final message from me. Nothing more to add. MM On 15. 4. 2021, at 17:40, Michal Moravec mailto:michal.mora...@logicworks.cz>> wrote: VICTORY! After replacing the PEM_write_bio_PKCS7/PEM_read_bio_CMS

Re: PKCS7_decrypt vs RSA OAEP padding

2021-04-15 Thread Michal Moravec
VICTORY! After replacing the PEM_write_bio_PKCS7/PEM_read_bio_CMS methods for i2d_PKCS7_bio/d2i_CMS_bio https://github.com/EtneteraLogicworks/libscep/commit/b16cd6a97c979abd6ca0ab7af7a944ef553cf17d PCKS7 (In this case CMS) decryption now works! Code now looks like: handle_encrypted_content(SCE

Re: PKCS7_decrypt vs RSA OAEP padding

2021-04-15 Thread Michal Moravec
Thank you for the tip. I replaced the Debian 1.1.1d with 1.1.1.k built from source using ./config -d Using file on the libcrypto.so.1.1 library now shows "with debug_info, not stripped". ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=29204b7f7a988f750cd

Re: PKCS7_decrypt vs RSA OAEP padding

2021-04-15 Thread Jakob Bohm via openssl-users
On 2021-04-15 12:57, Michal Moravec wrote: Follow-up on my previous email: I modified my proof-of-problem program to load PKCS7 file into PKCS7 and convert it to CMS_ContentInfo using the BIO (See convert.c in the attachment). It is similar to this: handle_encrypted_content(SCEP *handle, SC

Re: PKCS7_decrypt vs RSA OAEP padding

2021-04-15 Thread Michal Moravec
Follow-up on my previous email: I modified my proof-of-problem program to load PKCS7 file into PKCS7 and convert it to CMS_ContentInfo using the BIO (See convert.c in the attachment). It is similar to this: handle_encrypted_content(SCEP *handle, SCEP_DATA *data, PKCS7 *p7env, X509 *dec_cert, E

Re: PKCS7_decrypt vs RSA OAEP padding

2021-04-13 Thread Michal Moravec
Hey Eliot, Thank you for the PKCS7 vs CMS info. # The test you might try wrapping this stuff in PHP I don't use PHP so I decided to do it C. I was able to confirm my suspicion about PKCS7_decrypt not being able to decrypt message where RSA is used with OAEP padding! There are two programs att

Re: PKCS7_decrypt vs RSA OAEP padding

2021-04-12 Thread Eliot Lear
Hi Michal, CMS has limited backward compatibility with PKCS#7.  This is discussed in RFC 5652 , and includes some suggestions as to how to some issues that might crop up.   At least the old draft of SCEP very specifically does NOT specify CMS, bu