[openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

Viktor Dukhovni openssl-users at dukhovni.org
Mon Mar 14 21:39:13 UTC 2016

On Mon, Mar 14, 2016 at 07:03:04PM +0000, Blumenthal, Uri - 0553 - MITLL wrote:

> >IIRC RC4 (more generally all stream ciphers) are not supported with
> >CMS, and the bug is that OpenSSL allowed you to use RC4, not that
> >the result failed to decrypt.
> Is there any reason why stream ciphers are not supported with CMS?

At least in part because code does not write itself, and support
was never implemented.

The main issue seems to be related to handling of "parameters",
such as the IV for CBC ciphers.  With RC4 there is no IV, nor any
other parameters, but the CMS decoder expects parameters to be

Would it work if the requirement were relaxed?  Perhaps, but that
requires someone to implement said change.

As for GCM/CCM ciphers with CMS that's described in


and someone would have to implement that.


More information about the openssl-dev mailing list