Hi,
We found a problem in EVP which apparently affects padding in des3-cbc.
This problem is in the current 9.7 snapshot as well as in beta 3. The
9.7 library is unable to decrypt DES-EDE3-CBC documents encrypted using
0.9.6 or any other crypto library. You can demonstrate easily as follows:
openssl-9.6g> openssl enc -des3 -in plaintext -out ciphertext
[supply an eight-character ascii encryption key at the command line]
openssl-9.7> openssl enc -d -des3 -in ciphertext -out plaintext2
This dumps out an error in DecryptFinal_ex. The error return is line 426
of crypto/evp/evp_enc.c, which deals with padding. Is this a known
issue? I noticed that there have been other posts over the last few days
related to padding problems, but not specifically this.
The problem also shows up in SSL from browsers that negotiate des3-based
ciphers. Thanks,
-francis cianfrocca
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
- Re: possible padding bug in des3 Francis Cianfrocca
- Re: possible padding bug in des3 Lutz Jaenicke
- Re: possible padding bug in des3 Francis Cianfrocca
- Re: possible padding bug in des3 Francis Cianfrocca
