On Mon, Sep 16, 2013, Dmitry Belyavsky wrote: > Greetings! > > I found a peace of code I can not understand in crypto/pkcs7/pk7_doit.c. > > We always return 0 from pkcs7_decrypt_rinfo (line 238). > > But one level higher (line 563) we see the following: > ==== > /* Only exit on fatal errors, not decrypt failure */ > if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) > ==== > > Why do we not regard the decryption error as fatal there? Wouldn't it be > better if we return the result of EVP_PKEY_decrypt call instead? > > The cms code seems to have the same problem but I cannot show the exact > line. >
The reason for that code is to counter the Bleichenbacher's attack on PKCS #1 v1.5 RSA padding, though it only really appplies to RSA. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
