Problem
CMS decryption with kuznyechik-ctr-acpkm produces corrupted plaintext for payloads larger than 4096 bytes.
The command exits successfully, but the decrypted output is incorrect. In the reproducer below, the 1024-byte file decrypts correctly, while the 8192-byte file differs from the original starting at byte 4097.
Reproducer
Assumption: OpenSSL with GOST engine support is already installed and configured.
tmpdir="$(mktemp -d)"
cd "$tmpdir"
Generate a fresh GOST private key and a self-signed certificate.
openssl req -x509 \
-newkey gost2012_256 \
-pkeyopt paramset:A \
-keyout key.pem \
-out cert.pem \
-nodes \
-subj "/CN=acpkm-repro" \
-days 1
Create two plaintext files: one below the 4096-byte boundary and one above it.
head -c 1024 /dev/zero > text_1024.bin
head -c 8192 /dev/zero > text_8192.bin
Encrypt both files with CMS using Kuznyechik CTR-ACPKM.
openssl cms -encrypt \
-binary \
-outform DER \
-kuznyechik-ctr-acpkm \
-in text_1024.bin \
-out text_1024.bin.p7e \
cert.pem
openssl cms -encrypt \
-binary \
-outform DER \
-kuznyechik-ctr-acpkm \
-in text_8192.bin \
-out text_8192.bin.p7e \
cert.pem
Decrypt both CMS files.
openssl cms -decrypt \
-binary \
-inform DER \
-inkey key.pem \
-in text_1024.bin.p7e \
-out decrypted_1024.bin
openssl cms -decrypt \
-binary \
-inform DER \
-inkey key.pem \
-in text_8192.bin.p7e \
-out decrypted_8192.bin
Compare original and decrypted files.
sha256sum text_1024.bin decrypted_1024.bin
sha256sum text_8192.bin decrypted_8192.bin
cmp -s text_1024.bin decrypted_1024.bin && echo "1024 OK"
cmp -s text_8192.bin decrypted_8192.bin && echo "8192 OK" || echo "8192 corrupted"
Show the first corrupted bytes.
cmp -l text_8192.bin decrypted_8192.bin | head
Expected result: both decrypted files match the original files.
Actual result: the 1024-byte file matches, but the 8192-byte file does not. The first difference starts at byte 4097.
I created pr which fixes this issue: #528
Problem
CMS decryption with
kuznyechik-ctr-acpkmproduces corrupted plaintext for payloads larger than 4096 bytes.The command exits successfully, but the decrypted output is incorrect. In the reproducer below, the 1024-byte file decrypts correctly, while the 8192-byte file differs from the original starting at byte 4097.
Reproducer
Assumption: OpenSSL with GOST engine support is already installed and configured.
Generate a fresh GOST private key and a self-signed certificate.
openssl req -x509 \ -newkey gost2012_256 \ -pkeyopt paramset:A \ -keyout key.pem \ -out cert.pem \ -nodes \ -subj "/CN=acpkm-repro" \ -days 1Create two plaintext files: one below the 4096-byte boundary and one above it.
Encrypt both files with CMS using Kuznyechik CTR-ACPKM.
Decrypt both CMS files.
Compare original and decrypted files.
Show the first corrupted bytes.
cmp -l text_8192.bin decrypted_8192.bin | headExpected result: both decrypted files match the original files.
Actual result: the 1024-byte file matches, but the 8192-byte file does not. The first difference starts at byte 4097.
I created pr which fixes this issue: #528