Package: openssl
Version: 1.1.0c-2
Severity: critical
Justification: causes serious data loss

Dear Maintainer,

After upgrading to a newer version of OpenSSL, I cannot decrypt a file that
was encrypted using the OpenSSL in Stable (and had been decryptable until very

To reproduce:

    root@stable:~# echo "test" > file
    root@stable:~# echo "secretes" | openssl enc -aes-256-cbc -in file -out 
file.enc -pass stdin

Then copy the file to a (testing) system and:

    rharwood@thriss:/tmp$  echo "secretes" | openssl enc -d -aes-256-cbc -in 
file.enc -out file -pass stdin
    bad decrypt
    140704872014976:error:06065064:digital envelope 
routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:529:


-- System Information:
Debian Release: stretch/sid
  APT prefers testing-debug
  APT policy: (600, 'testing-debug'), (600, 'testing'), (400, 
'unstable-debug'), (400, 'unstable'), (200, 'experimental'), (1, 
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-rt-amd64 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages openssl depends on:
ii  libc6      2.24-7
ii  libssl1.1  1.1.0c-2

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates  20161102

-- no debconf information

Reply via email to