[openssl-dev] [openssl.org #3974] The IV used by the 'openssl cms -encrypt -aes-256-gcm' command is not random (all zeroes).
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Jul 31 17:40:33 UTC 2015
On Fri, Jul 31, 2015 at 05:35:51PM +0000, Laetitia Baudoin via RT wrote:
> When encrypting using the 'openssl cms -encrypt -aes-256-gcm' command an
> all zero IV is used, this breaks any guarantees provided by the GCM
> mode (see NIST Special Publication 800-38D).
>
https://mta.openssl.org/pipermail/openssl-dev/2015-April/001177.html
> - If AES-GCM is not supported by the 'openssl cms' command (there is no
> clear RFC for it when generating enveloped data, RFC 5084 is for
> authenticated enveloped data) the command should show an error.
Yes, it should return an error.
--
Viktor.
More information about the openssl-dev
mailing list