[openssl-dev] [openssl.org #3975] The CMS encrypt command uses the wrong ASN.1 encoding for the AES-GCM algorithm parameter.

Laetitia Baudoin via RT Fri, 31 Jul 2015 10:46:06 -0700

When using 'openssl cms -encrypt -aes-256-gcm' the algorithm generated is
encoded as:


SEQUENCE(2 elem)
  OBJECT IDENTIFIER2.16.840.1.101.3.4.1.46
  OCTET STRING(12 byte) 000000000000000000000000

But RFC 5084 (Using AES-CCM and AES-GCM Authenticated Encryption in the
Cryptographic Message Syntax (CMS)) specifies the algorithm parameters as:

GCMParameters ::= SEQUENCE {
   aes-nonce        OCTET STRING, -- recommended size is 12 octets
   aes-ICVlen       AES-GCM-ICVlen DEFAULT 12 }

   AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16)

So the openssl version is missing the SEQUENCE tag.

Version tested: openssl 1.0.2d on linux x86_64
Example:
openssl cms -encrypt -in message.txt -out encrypted-openssl-aes-256-gcm.msg
-recip user1_no_cn.pem -aes-256-gcm

encrypted-openssl-aes-256-gcm.msg
Description: Binary data

_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3975] The CMS encrypt command uses the wrong ASN.1 encoding for the AES-GCM algorithm parameter.

Reply via email to