RFC Errata
RFC 5652, "Cryptographic Message Syntax (CMS)", September 2009
Note: This RFC has been updated by RFC 8933
Source of RFC: smime (sec)
Errata ID: 5331
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Thomas Stimm
Date Reported: 2018-04-23
Rejected by: Eric Rescorla
Date Rejected: 2018-04-27
Section 6.1 and 8 says:
EncryptedData ::= SEQUENCE {
version CMSVersion,
encryptedContentInfo EncryptedContentInfo,
unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
EncryptedContentInfo ::= SEQUENCE {
contentType ContentType,
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
It should say:
EncryptedData ::= SEQUENCE {
version CMSVersion,
encryptedContentInfo EncryptedContentInfo,
encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL,
unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
EncryptedContentInfo ::= SEQUENCE {
contentType ContentType,
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier }
Notes:
- Wrong enumeration of UnprotectedAttributes OPTIONAL [1] instead of [0].
- ‘UnprotectedAttributes OPTIONAL’ makes only sense, if ‘EncryptedContent OPTIONAL’ is available.
- It seems that OpenSSL and wolfSSL are using the suggested wrapping and are not following the RFC, here.
--VERIFIER NOTES--
Misunderstanding of the specification