RFC 5652, "Cryptographic Message Syntax (CMS)", September 2009

Note: This RFC has been updated by RFC 8933, RFC 9629

Errata ID: 5331
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Thomas Stimm
Date Reported: 2018-04-23
Rejected by: Eric Rescorla
Date Rejected: 2018-04-27

Section 6.1 and 8 says:

EncryptedData ::= SEQUENCE {
   version CMSVersion,
   encryptedContentInfo EncryptedContentInfo,
   unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }

EncryptedContentInfo ::= SEQUENCE {
   contentType ContentType,
   contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
   encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }

It should say:

EncryptedData ::= SEQUENCE {
   version CMSVersion,
   encryptedContentInfo EncryptedContentInfo,
   encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL,
   unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }

EncryptedContentInfo ::= SEQUENCE {
   contentType ContentType,
   contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier }

Notes:

- Wrong enumeration of UnprotectedAttributes OPTIONAL [1] instead of [0].
- ‘UnprotectedAttributes OPTIONAL’ makes only sense, if ‘EncryptedContent OPTIONAL’ is available.
- It seems that OpenSSL and wolfSSL are using the suggested wrapping and are not following the RFC, here.
--VERIFIER NOTES--
Misunderstanding of the specification

Report New Errata