openssl-users  

Re: 0.9.8e changes BF cfb encryption

Nils Larsch
Wed, 11 Apr 2007 12:25:16 -0700

Valient Gough wrote:
My previous mail doesn't seem to have appeared on the list, so sending again: 


Hello,
As the maintainer of a package which uses OpenSSL, I've received some reports of 0.9.8e failing to decrypt data which was encrypted by previous versions of 
OpenSSL.
Attached is a small bit of C++ code which demonstrates the problem. It uses 
the EVP interface with EVP_bf_cfb as the cipher and a 256 bit key (the
reports all point to Blowfish with key length > 128 bits).  What it does is
set a key, an IV, and run an encryption pass, then a decryption and compute
checksums of the three arrays (original, encrypted, decrypted).

When built against 0.9.8c, I get:
ort:tmp> g++ -Wall -g -o ssltest ssltest.cpp -lssl -lcrypto -lz
ort:tmp> ./ssltest
src chksum = 698614540
stage2 chksum = 2266501868
final chksum = 698614540

Another machine with 0.9.7a gives an identical result.  On a machine I
upgraded to 0.9.8e, I get the following output:

src chksum = 698614540
stage2 chksum = 2108297998
final chksum = 698614540
"stage2" is the encrypted data, and it differs on 0.9.8e. What this means in 
practice is that the program I'm using can encrypt/decrypt data just fine
when run in either version of OpenSSL, but if data is encrypted in an earlier 
version and then OpenSSL is upgraded to 0.9.8e, then decryption fails.

The nearest I've narrowed down is to something changing between 0.9.8c and
0.9.8e, but I've received reports that 0.9.8d -> 0.9.8e also fails.  I've
been looking at the diffs between 0.9.8d -> 0.9.8e, but I'm not seeing any
obvious problem.  Reports are that only Blowfish with key > 128 bits has a
problem, and AES users are not affected.

Any ideas what's wrong, and if there's a way to get 0.9.8e output to match
earlier versions?


it's a bug in openssl 0.9.8e (see [1]).

Nils

[1] http://cvs.openssl.org/chngview?cn=15978

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]