Your message dated Fri, 2 Dec 2016 00:12:45 +0100 with message-id <20161201231244.r7ngveykqypw2...@roeckx.be> and subject line Re: [Pkg-openssl-devel] Bug#846535: openssl: 1.1.0c cannot decrypt files created by older versions of openssl has caused the Debian Bug report #846535, regarding openssl: 1.1.0c cannot decrypt files created by older versions of openssl to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 846535: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846535 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: openssl Version: 1.1.0c-2 Severity: critical Justification: causes serious data loss Dear Maintainer, After upgrading to a newer version of OpenSSL, I cannot decrypt a file that was encrypted using the OpenSSL in Stable (and had been decryptable until very recently). To reproduce: root@stable:~# echo "test" > file root@stable:~# echo "secretes" | openssl enc -aes-256-cbc -in file -out file.enc -pass stdin Then copy the file to a (testing) system and: rharwood@thriss:/tmp$ echo "secretes" | openssl enc -d -aes-256-cbc -in file.enc -out file -pass stdin bad decrypt 140704872014976:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:529: Thanks! -- System Information: Debian Release: stretch/sid APT prefers testing-debug APT policy: (600, 'testing-debug'), (600, 'testing'), (400, 'unstable-debug'), (400, 'unstable'), (200, 'experimental'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.8.0-1-rt-amd64 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages openssl depends on: ii libc6 2.24-7 ii libssl1.1 1.1.0c-2 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20161102 -- no debconf information
--- End Message ---
--- Begin Message ---On Thu, Dec 01, 2016 at 05:50:20PM -0500, Robbie Harwood wrote: > Package: openssl > Version: 1.1.0c-2 > Severity: critical > Justification: causes serious data loss > > Dear Maintainer, > > After upgrading to a newer version of OpenSSL, I cannot decrypt a file that > was encrypted using the OpenSSL in Stable (and had been decryptable until very > recently). > > To reproduce: > > root@stable:~# echo "test" > file > root@stable:~# echo "secretes" | openssl enc -aes-256-cbc -in file -out > file.enc -pass stdin > > Then copy the file to a (testing) system and: > > rharwood@thriss:/tmp$ echo "secretes" | openssl enc -d -aes-256-cbc -in > file.enc -out file -pass stdin > bad decrypt > 140704872014976:error:06065064:digital envelope > routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:529: This is because the default digest change between 1.0.2 and 1.1.0, as documented in the enc manpage. You need to use the -md option to have both use the same. Kurt
--- End Message ---
