Valient Gough wrote:
> My previous mail doesn't seem to have appeared on the list, so sending
> again:
> Hello,
> As the maintainer of a package which uses OpenSSL, I've received some
> reports
> of 0.9.8e failing to decrypt data which was encrypted by previous
> versions of
> OpenSSL.
> Attached is a small bit of C++ code which demonstrates the problem. It
> uses
> the EVP interface with EVP_bf_cfb as the cipher and a 256 bit key (the
> reports all point to Blowfish with key length > 128 bits). What it does is
> set a key, an IV, and run an encryption pass, then a decryption and compute
> checksums of the three arrays (original, encrypted, decrypted).
> When built against 0.9.8c, I get:
> ort:tmp> g++ -Wall -g -o ssltest ssltest.cpp -lssl -lcrypto -lz
> ort:tmp> ./ssltest
> src chksum = 698614540
> stage2 chksum = 2266501868
> final chksum = 698614540
> Another machine with 0.9.7a gives an identical result. On a machine I
> upgraded to 0.9.8e, I get the following output:
> src chksum = 698614540
> stage2 chksum = 2108297998
> final chksum = 698614540
> "stage2" is the encrypted data, and it differs on 0.9.8e. What this
> means in
> practice is that the program I'm using can encrypt/decrypt data just fine
> when run in either version of OpenSSL, but if data is encrypted in an
> earlier
> version and then OpenSSL is upgraded to 0.9.8e, then decryption fails.
> The nearest I've narrowed down is to something changing between 0.9.8c and
> 0.9.8e, but I've received reports that 0.9.8d -> 0.9.8e also fails. I've
> been looking at the diffs between 0.9.8d -> 0.9.8e, but I'm not seeing any
> obvious problem. Reports are that only Blowfish with key > 128 bits has a
> problem, and AES users are not affected.
> Any ideas what's wrong, and if there's a way to get 0.9.8e output to match
> earlier versions?

it's a bug in openssl 0.9.8e (see [1]).



__________________________________________________ ____________________
OpenSSL Project
User Support Mailing List
Automated List Manager