[openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object
Dr. Stephen Henson
steve at openssl.org
Mon Mar 14 22:34:17 UTC 2016
On Mon, Mar 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote:
> On 3/14/16, 14:45, "openssl-dev on behalf of Viktor Dukhovni"
> <openssl-dev-bounces at openssl.org on behalf of openssl-users at dukhovni.org>
> wrote:
>
> >On Mon, Mar 14, 2016 at 05:45:34PM +0000, Stephan Mühlstrasser via RT
> >wrote:
> >> I had written a message about this issue to openssl-users, but received
> >> no reaction.
> >
> >IIRC RC4 (more generally all stream ciphers) are not supported with
> >CMS, and the bug is that OpenSSL allowed you to use RC4, not that
> >the result failed to decrypt.
>
> Is there any reason why stream ciphers are not supported with CMS?
>
Well one reason is that I'm not aware of any standard which defines how to use
stream ciphers with CMS.
OpenSSL should really reject these with an appropriate error.
> Along the same line, is there any reason why AE(AD) ciphers are not
> supported with ???openssl enc????
>
The require additional handling such setting parameters and how to handle the
tag. That functionality is not currently present in the enc utility.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list