Quantcast

Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

OpenSSL - User mailing list
Im using the cmd client openssl cms -decrypt with the "debug_decrypt" option to have the same behaviour as before the bleichenbach security patch to use decryption without recipient public keys.

For some reason, some messages will produce the following error on OpenSSL 1.0.2d and even OpenSSL 1.0.2k

Error decrypting CMS structure
6828:error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length:evp_enc.c:593:
6828:error:2E078076:CMS routines:cms_EncryptedContent_init_bio:invalid key length:cms_enc.c:163:

Calling cms -decrypt without the debug_decrypt option produces no error.

What is weird, is that its always basically the same source e-mail encrypted using openssl cms with aes-128-cbc and rsaesOaep and sometimes the resulting message
will produce this error and other times it works.





--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

Dr. Stephen Henson
On Mon, May 08, 2017, Harakiri via openssl-users wrote:

> Im using the cmd client openssl cms -decrypt with the "debug_decrypt" option to have the same behaviour as before the bleichenbach security patch to use decryption without recipient public keys.
> For some reason, some messages will produce the following error on OpenSSL 1.0.2d and even OpenSSL 1.0.2k
> Error decrypting CMS structure6828:error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length:evp_enc.c:593:6828:error:2E078076:CMS routines:cms_EncryptedContent_init_bio:invalid key length:cms_enc.c:163:
> Calling cms -decrypt without the debug_decrypt option produces no error.
> What is weird, is that its always basically the same source e-mail encrypted using openssl cms with aes-128-cbc and rsaesOaep and sometimes the resulting messagewill produce this error and other times it works.
>
>

That's odd. What command line are you using to create the messages?

Would it be possible to create a test case that reproduces this error?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

OpenSSL - User mailing list
The message is first signed then encrypted. Commands are as follows



/usr/bin/openssl cms -encrypt -aes128 -in /tmp/OpenSSL5294490400891792656.eml -out /tmp/OpenSSL3519826551660167644.eml -subject 'subject' -from [hidden email] -to [hidden email],[hidden email]  -recip cert1.pem -recip cert2.pem -keyopt rsa_padding_mode:oaep
I maybe could provide a problematic e-mail including private keys - off the list - due privacy concerns to investigate - would that be acceptable ? If so - what e-mail address can i sent it to


From: Dr. Stephen Henson <[hidden email]>
To: Harakiri <[hidden email]>; [hidden email]
Sent: Tuesday, May 9, 2017 1:04 AM
Subject: Re: [openssl-users] Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

On Mon, May 08, 2017, Harakiri via openssl-users wrote:


> Im using the cmd client openssl cms -decrypt with the "debug_decrypt" option to have the same behaviour as before the bleichenbach security patch to use decryption without recipient public keys.
> For some reason, some messages will produce the following error on OpenSSL 1.0.2d and even OpenSSL 1.0.2k
> Error decrypting CMS structure6828:error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length:evp_enc.c:593:6828:error:2E078076:CMS routines:cms_EncryptedContent_init_bio:invalid key length:cms_enc.c:163:
> Calling cms -decrypt without the debug_decrypt option produces no error.
> What is weird, is that its always basically the same source e-mail encrypted using openssl cms with aes-128-cbc and rsaesOaep and sometimes the resulting messagewill produce this error and other times it works.

>
>

That's odd. What command line are you using to create the messages?

Would it be possible to create a test case that reproduces this error?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org






--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...