On Thu May 08 09:48:31 2014, [email protected] wrote: > Hello Openssl Team, > > I've got a problem with CMS key agreement support. > The command line I use is > > openssl cms -decrypt -inkey seckey.pem -in enc.agree -inform der > > When we enter the CMS_decrypt_set1_pkey() and do not have the cert, it > iterates all the recipient structs, but skips all that is NOT key > transport. So we skip everything and output contains random data. > > I think that if the key agreement is not supported here it is better to > return error when no key transport structs are found. >
Agreed. In general if the key type does not match any recipient then it should return an error. I've applied a fix: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0bcb17a7776b7f740e855932890edfb7acfd7124 Thanks for the report, Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
