Your message dated Fri, 2 Dec 2016 00:12:45 +0100
with message-id <20161201231244.r7ngveykqypw2...@roeckx.be>
and subject line Re: [Pkg-openssl-devel] Bug#846535: openssl: 1.1.0c cannot
decrypt files created by older versions of openssl
has caused the Debian Bug report #846535,
regarding openssl: 1.1.0c cannot decrypt files created by older versions of
openssl
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
846535: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846535
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openssl
Version: 1.1.0c-2
Severity: critical
Justification: causes serious data loss
Dear Maintainer,
After upgrading to a newer version of OpenSSL, I cannot decrypt a file that
was encrypted using the OpenSSL in Stable (and had been decryptable until very
recently).
To reproduce:
root@stable:~# echo "test" > file
root@stable:~# echo "secretes" | openssl enc -aes-256-cbc -in file -out
file.enc -pass stdin
Then copy the file to a (testing) system and:
rharwood@thriss:/tmp$ echo "secretes" | openssl enc -d -aes-256-cbc -in
file.enc -out file -pass stdin
bad decrypt
140704872014976:error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:529:
Thanks!
-- System Information:
Debian Release: stretch/sid
APT prefers testing-debug
APT policy: (600, 'testing-debug'), (600, 'testing'), (400,
'unstable-debug'), (400, 'unstable'), (200, 'experimental'), (1,
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-1-rt-amd64 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages openssl depends on:
ii libc6 2.24-7
ii libssl1.1 1.1.0c-2
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20161102
-- no debconf information
--- End Message ---
--- Begin Message ---
On Thu, Dec 01, 2016 at 05:50:20PM -0500, Robbie Harwood wrote:
> Package: openssl
> Version: 1.1.0c-2
> Severity: critical
> Justification: causes serious data loss
>
> Dear Maintainer,
>
> After upgrading to a newer version of OpenSSL, I cannot decrypt a file that
> was encrypted using the OpenSSL in Stable (and had been decryptable until very
> recently).
>
> To reproduce:
>
> root@stable:~# echo "test" > file
> root@stable:~# echo "secretes" | openssl enc -aes-256-cbc -in file -out
> file.enc -pass stdin
>
> Then copy the file to a (testing) system and:
>
> rharwood@thriss:/tmp$ echo "secretes" | openssl enc -d -aes-256-cbc -in
> file.enc -out file -pass stdin
> bad decrypt
> 140704872014976:error:06065064:digital envelope
> routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:529:
This is because the default digest change between 1.0.2 and 1.1.0,
as documented in the enc manpage. You need to use the -md option
to have both use the same.
Kurt
--- End Message ---