From: Stephen Henson via RT [mailto:r...@openssl.org]
Sent: Thursday, December 30, 2010 2:38 PM
To: Randall Geyer
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2418] BUG: 0.9.8m Can't decrypt a PKCS7 using ECB Cipher
generated from 0.9.7g.
[randy.ge...@oracle.com - Thu Dec 30 21:30:14 2010]:
The issue is encountered in the following function in
src\openssl\openssl-0.9.8m\crypto\evp\evp_lib.c:
There aren't AFAIK any standards for using ECB mode in PKCS#7 largely because
it can be insecure: for example the same plaintext block always produces the
same ciphertext block throughout a message. The fact that OpenSSL support ECB
mode at all in PKCS#7 is more a quirk than by design.
Steve, would you be open to applying the change that Randy included in
the bug report? I appreciate the security concern, but we now have a
backward compatibility issue that we need to address while working with
users to transition to a more secure encryption mode. Interoperability
between the two OpenSSL releases would help to complete such a transition.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
