Re: Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The message is first signed then encrypted. Commands are as follows



/usr/bin/openssl cms -encrypt -aes128 -in /tmp/OpenSSL5294490400891792656.eml -out /tmp/OpenSSL3519826551660167644.eml -subject 'subject' -from sender@xxxxxxxxxx -to recipient@xxxxxxxxxxxxx,recipient2@xxxxxxxxxxxxx  -recip cert1.pem -recip cert2.pem -keyopt rsa_padding_mode:oaep
I maybe could provide a problematic e-mail including private keys - off the list - due privacy concerns to investigate - would that be acceptable ? If so - what e-mail address can i sent it to

From: Dr. Stephen Henson <steve@xxxxxxxxxxx>
To: Harakiri <harakiri_23@xxxxxxxxx>; openssl-users@xxxxxxxxxxx
Sent: Tuesday, May 9, 2017 1:04 AM
Subject: Re: Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

On Mon, May 08, 2017, Harakiri via openssl-users wrote:


> Im using the cmd client openssl cms -decrypt with the "debug_decrypt" option to have the same behaviour as before the bleichenbach security patch to use decryption without recipient public keys.
> For some reason, some messages will produce the following error on OpenSSL 1.0.2d and even OpenSSL 1.0.2k
> Error decrypting CMS structure6828:error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length:evp_enc.c:593:6828:error:2E078076:CMS routines:cms_EncryptedContent_init_bio:invalid key length:cms_enc.c:163:
> Calling cms -decrypt without the debug_decrypt option produces no error.
> What is weird, is that its always basically the same source e-mail encrypted using openssl cms with aes-128-cbc and rsaesOaep and sometimes the resulting messagewill produce this error and other times it works.

>
>

That's odd. What command line are you using to create the messages?

Would it be possible to create a test case that reproduces this error?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org





-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux