On Wed Apr 16 10:55:57 2014, harakiri...@yahoo.com wrote: > > In this case the bleichenbacher attack does not even apply to > encryption/decryption gateways if they work per user/recipient > basis so the change makes no sense. >
In general the attack is very real. To perform the attack an attacker needs to be able to determine if the RSA decrypt operation has succeeded for a larger number of carefully crafted messages. The old behaviour would halt and return an error immediately if RSA decrypt failed for all recipients and continue and perform a symmetric decrypt operation is at least one RSA decrypt succeeded. The timing difference between the two is significant and an attacker could easily distinguish between the two. In specific cases the attack may not be significant which is why there is a flag to disable this behaviour. the default is to be safe. > Since the -debug_decrypt is not documented on the CMS page it is most > likely not supported and will be removed in the near future. > Compatibility is very important: options are not simply "removed in the near future". The -debug_decrypt option is currently simply undocumented due to an omission which I will shortly correct. It will remain supported for the foreseeable future. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org