Data structures for CMS password-encrypted data complete?

[jjedele]

Hey,

I'm currently trying to use this library to create a password-encrypted CMS structure, which is following the standard and can be decrypted again using e.g. OpenSSL.

My reference data generated using OpenSSL (echo "test" | openssl cms -aes-256-cbc -encrypt -pwri_password password -outform DER > test.der) looks like this:

What I manage to create using this library is the following:

Note the additional nesting of the password encryption algorithm in a pwriKEK sequence in the first example generated by OpenSSL. I have to say I find the RFCs defining CMS pretty confusing, but according to https://datatracker.ietf.org/doc/html/rfc3211#section-2.2 , what OpenSSL does seems to be correct to me, and I don't find any equivalent for this part in this library.

Is this something which should be added, or am I missing it somewhere?