openssl: cms decrypt failures
OpenSSL fails to fetch ciphers from engine:
OPENSSL_CONF=gost.conf openssl cms -decrypt -debug_decrypt -in P1323565.1.025-2019K.pdf.cms.kuznyechik-ctracpkm.agree -out out -inform DER -inkey Recipient_G2012_256_TK26_A.key -recip Recipient_G2012_256_TK26_A.crt -originator Originator_G2012_256_TK26_A.crt
The output is
Error decrypting CMS structure
00713D2FDF7F0000:error::CMS routines:cms_get0_signed:content type not signed data:crypto/cms/cms_sd.c:35:
00713D2FDF7F0000:error::digital envelope routines:evp_generic_fetch:fetch failed:crypto/evp/evp_fetch.c:319:Global default library context, Algorithm (kuznyechik-ctr-acpkm), Properties (<null>)
00713D2FDF7F0000:error::CMS routines:cms_EncryptedContent_init_bio:unknown cipher:crypto/cms/cms_enc.c:62:
The diagnostics about the content type seems not relevant at all, and the cipher is not fetched. It’s a CMS-specific bug: enc command works well.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 15 (15 by maintainers)
Commits related to this issue
- Fix CMS so that it still works with non fetchable algorithms. Fixes #12633 For CMS the Gost engine still requires calls to EVP_get_digestbyname() and EVP_get_cipherbyname() when EVP_MD_fetch() and E... — committed to slontis/openssl by slontis 4 years ago
- Fix CMS so that it still works with non fetchable algorithms. Fixes #12633 For CMS the Gost engine still requires calls to EVP_get_digestbyname() and EVP_get_cipherbyname() when EVP_MD_fetch() and E... — committed to swenkeratmicrosoft/openssl by slontis 4 years ago
It makes the situation much better: only 633 failed tests instead of 710 😃
I will try to look at this tomorrow… it is in my queue 😃