[openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

The bug was that to support CMS a cipher needs to be able to handle the ASN.1 associated with the cipher and (AFAIK) no standard exists for RC4. The decrypt code checked to see if ASN.1 handling was supported and threw the error because it was not. The encrypt side only tried to use ASN.1 if the

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

My apologies - it appears that the patch was screwed up on my system. When I just replaced the EVP_CIPHER_asn1_to_param() with your new code, the tests passed OK. . . . . . . ../test/recipes/70-test_verify_extra.t ok ../test/recipes/80-test_ca.t .. ok

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

On 3/15/16, 15:29 , "openssl-dev on behalf of Viktor Dukhovni" wrote: >These days, most people recommend encrypt then sign. CMS and S/MIME >natively support sign-then-encrypt, but encapsulating encrypted >content as signed

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

On Tue, Mar 15, 2016 at 07:29:04PM +, Viktor Dukhovni wrote: > ok 24 - encrypted content test streaming PEM format, 128 bit RC2 key > ok 25 - encrypted content test streaming PEM format, 40 bit RC2 key The underlying test commands amount to: $ cd test $ openssl cms

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

On Tue, Mar 15, 2016 at 07:09:36PM +, Blumenthal, Uri - 0553 - MITLL wrote: > First of all - thank you! It is great to see useful capabilities added (I > consider stream ciphers and AEAD modes very useful :). I fully agree that > unsigned CMS is an invitation to trouble. If I understand

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

First of all - thank you! It is great to see useful capabilities added (I consider stream ciphers and AEAD modes very useful :). I fully agree that unsigned CMS is an invitation to trouble. If I understand correctly, the intended openssl use is “openssl cms -encrypt … | openssl cms -sign …” (or

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

On Tue, Mar 15, 2016 at 06:33:32AM +, Viktor Dukhovni wrote: > This is completely untested, may not even compile! Enjoy. It does seem to work, so one key remaining questions is whether it is interoperable: $ ./util/shlib_wrap.sh ./apps/openssl req -config apps/openssl.cnf -new -x509

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

On Mon, Mar 14, 2016 at 10:34:17PM +, Dr. Stephen Henson wrote: > > Is there any reason why stream ciphers are not supported with CMS? > > Well one reason is that I'm not aware of any standard which defines how to use > stream ciphers with CMS. > > OpenSSL should really reject these with an

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

On Mon, Mar 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > On 3/14/16, 14:45, "openssl-dev on behalf of Viktor Dukhovni" > > wrote: > > >On Mon, Mar 14, 2016 at 05:45:34PM +, Stephan Mühlstrasser via RT > >wrote: >

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

On Mon, Mar 14, 2016 at 3:24 PM, Blumenthal, Uri - 0553 - MITLL wrote: > In that bug description I see a reference to code in “enc.c” that aborts > if the cipher is AEAD or XTS (and an offer to submit PR that hasn’t > materialized so far). > > Would you be able to elaborate why

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

On Mon, Mar 14, 2016 at 07:03:04PM +, Blumenthal, Uri - 0553 - MITLL wrote: > >IIRC RC4 (more generally all stream ciphers) are not supported with > >CMS, and the bug is that OpenSSL allowed you to use RC4, not that > >the result failed to decrypt. > > Is there any reason why stream ciphers

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

> Would you be able to elaborate why those checks that forbid AEAD were put > in? Because it doesn't work. I don't know the details why; probably around setting the IV or such. But before that the program would just crash. -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

In that bug description I see a reference to code in “enc.c” that aborts if the cipher is AEAD or XTS (and an offer to submit PR that hasn’t materialized so far). Would you be able to elaborate why those checks that forbid AEAD were put in? -- Regards, Uri Blumenthal On 3/14/16, 15:09,

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

> Is there any reason why stream ciphers are not supported with CMS? Go ask CMS folks? :) > Along the same line, is there any reason why AE(AD) ciphers are not > supported with “openssl enc”? A known bug. https://rt.openssl.org/Ticket/Display.html?id=4228 user guess / pass guest if needed.

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

On 3/14/16, 14:45, "openssl-dev on behalf of Viktor Dukhovni" wrote: >On Mon, Mar 14, 2016 at 05:45:34PM +, Stephan Mühlstrasser via RT >wrote: >> I had written a message about this issue to openssl-users, but received

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

On Mon, Mar 14, 2016 at 05:45:34PM +, Stephan Mühlstrasser via RT wrote: > I had written a message about this issue to openssl-users, but received > no reaction. IIRC RC4 (more generally all stream ciphers) are not supported with CMS, and the bug is that OpenSSL allowed you to use RC4, not

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

> Otherwise it would not have been possible to encrypt with RC4 with "openssl > cms -rc4 -encrypt", would it? It wasn't clear that it was the same version of openssl :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4429 Please log in as guest with password guest if prompted --

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

Am 14.03.2016 um 18:48 schrieb Salz, Rich via RT: > Did you enable RC4 when you built openssl? Yes, more specifically I did not disable it. Otherwise it would not have been possible to encrypt with RC4 with "openssl cms -rc4 -encrypt", would it? -- Ticket here:

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

Did you enable RC4 when you built openssl? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4429 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

I had written a message about this issue to openssl-users, but received no reaction. As OpenSSL cannot decrypt data encrypted by itself, this looks like a defect. It is also not possible to decrypt RC4-encrypted CMS objects created by third-party software. This was reproduced with the current