On Mon, Jul 25, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > I confess I did not test this with 1.1.x. But in 1.0.2h there???s a problem. > > CMS man page says: > > If the -decrypt option is used without a recipient certificate then an > attempt is made to locate the > recipient by trying each potential recipient in turn using the supplied > private key. To thwart the MMA > attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients > are tried whether they > succeed or not and if no recipients match the message is "decrypted" using a > random key which will > typically output garbage. The -debug_decrypt option can be used to disable > the MMA attack protection > and return an error if no recipient can be found: this option should be used > with caution.
That's a bug in the documentation. Currently that only works for RSA keys, not EC or DH. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
