Greetings!
I found a peace of code I can not understand in crypto/pkcs7/pk7_doit.c.
We always return 0 from pkcs7_decrypt_rinfo (line 238).
But one level higher (line 563) we see the following:
====
/* Only exit on fatal errors, not decrypt failure */
if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
====
Why do we not regard the decryption error as fatal there? Wouldn't it be
better if we return the result of EVP_PKEY_decrypt call instead?
The cms code seems to have the same problem but I cannot show the exact
line.
Thank you!
--
SY, Dmitry Belyavsky
