[openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object
Stephen Henson via RT
rt at openssl.org
Fri May 6 12:10:26 UTC 2016
The bug was that to support CMS a cipher needs to be able to handle the ASN.1
associated with the cipher and (AFAIK) no standard exists for RC4. The decrypt
code checked to see if ASN.1 handling was supported and threw the error because
it was not. The encrypt side only tried to use ASN.1 if the IV length was
non-zero, which is a bug.
So this has been fixed to check properly on encrypt too. The result is that you
get an error when trying to encrypt with RC4 as well as decrypt because the
operation isn't supported.
If anyone does know of a CMS standard to support RC4 (or just a way of using it
with ASN.1 as a symmetric cipher) then please let us know.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4429
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list