RFC Errata
RFC 5652, "Cryptographic Message Syntax (CMS)", September 2009
Note: This RFC has been updated by RFC 8933, RFC 9629
Source of RFC: smime (sec)
Errata ID: 5331
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Thomas Stimm
Date Reported: 2018-04-23
Rejected by: Eric Rescorla
Date Rejected: 2018-04-27
Section 6.1 and 8 says:
EncryptedData ::= SEQUENCE { version CMSVersion, encryptedContentInfo EncryptedContentInfo, unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL } EncryptedContentInfo ::= SEQUENCE { contentType ContentType, contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
It should say:
EncryptedData ::= SEQUENCE { version CMSVersion, encryptedContentInfo EncryptedContentInfo, encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL, unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL } EncryptedContentInfo ::= SEQUENCE { contentType ContentType, contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier }
Notes:
- Wrong enumeration of UnprotectedAttributes OPTIONAL [1] instead of [0].
- ‘UnprotectedAttributes OPTIONAL’ makes only sense, if ‘EncryptedContent OPTIONAL’ is available.
- It seems that OpenSSL and wolfSSL are using the suggested wrapping and are not following the RFC, here.
--VERIFIER NOTES--
Misunderstanding of the specification