On 2016-11-03 22:12:44 [+0100], Richard Levitte wrote:
>
> That would be quite a job. The correctness of the key can't be
> discovered before the last encrypted block, where the decrypted
> padding will either be correct (because it was the right key) or not
> (because it was the wrong key). Take into account a pipe with a 10MB
> file, I'm sure you see where that takes us.
>
> The solution in that bug report seems sane, even though unfortunate.
okay. And since the encrypted file has no header there is nothing we
could hide. And if we add one now then it won't work with older openssl.
So I will try to put this in the release notes for the Debian package.
Do you have an idea where this would fit best in the Wiki? A new page
with one entry does not make sense and it does not look like it belongs
to
https://wiki.openssl.org/index.php/1.1_API_Changes
Sebastian
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
