Am 07.07.16 um 00:16 schrieb Dr. Stephen Henson:
On Wed, Jul 06, 2016, Stephan M?hlstrasser wrote:While doing research on this, we found one thing that looks suspicious in the CMS objects generated by OpenSSL 1.0.2. When dumping the CMS object with dumpasn1, the key wrap algorithm is encoded as follows: SEQUENCE { OBJECT IDENTIFIER '1 3 132 1 11 3' SEQUENCE { OBJECT IDENTIFIER aes256-wrap (2 16 840 1 101 3 4 1 45) NULL } }That's strange: I just tried OpenSSL 1.0.2 and the master branch and I don't get a NULL in either case.
I apologize, you are right. I tracked this down to the fact that the CMS object was created with an OpenSSL 1.0.2 beta version. Sorry for the confusion.
Also that algorithm isn't something you'd get by default with OpenSSL. Has it been modified in some way?
It has not been modified. The algorithm is set with the EVP_PKEY_CTX_ctrl_str() function:
EVP_PKEY_CTX_ctrl_str(ctx, "ecdh_kdf_md", "sha256"); -- Stephan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
