Public bug reported:
The version of OpenSSL in Jammy (3.0.2) is affected by this issue:
https://github.com/openssl/openssl/issues/18359. The upshot is that
ciphertext created in Jammy cannot be decrypted by unaffected versions
of OpenSSL and vice versa. For example, here we encrypt a plaintext in
Jammy:
$ cat plaintext.txt
The quick brown fox jumps over the lazy dog
$ openssl enc -provider legacy -bf-cfb -e -in plaintext.txt -out
ciphertext.asc -a -K d5cca2db098c2ea2 -iv da5638ace83dcde1
$ cat ciphertext.asc
tBL52uAegjMw+DQLL1ipaXQjDnX0KK72QyqMxU1MbuSIfchivPj/JOGWUOU=
$ openssl enc -provider legacy -bf-cfb -d -in ciphertext.asc -a -K
d5cca2db098c2ea2 -iv da5638ace83dcde1
The quick brown fox jumps over the lazy dog
If we then try to decrypt it in Debian Sid, we get:
$ openssl enc -provider legacy -bf-cfb -d -in ciphertext.asc -a -K
d5cca2db098c2ea2 -iv da5638ace83dcde1
hex string is too short, padding with zero bytes to length
�;S��\h<�Vɦyʄ(�g`Hrm^�[��u �"f�S�-9�u
This has been fixed upstream here:
https://github.com/openssl/openssl/commit/1b8ef23e68b273bb5e59f60df62251153f24768d
** Affects: openssl (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2044391
Title:
Blowfish decryption failure because of incorrect key length
Status in openssl package in Ubuntu:
New
Bug description:
The version of OpenSSL in Jammy (3.0.2) is affected by this issue:
https://github.com/openssl/openssl/issues/18359. The upshot is that
ciphertext created in Jammy cannot be decrypted by unaffected versions
of OpenSSL and vice versa. For example, here we encrypt a plaintext
in Jammy:
$ cat plaintext.txt
The quick brown fox jumps over the lazy dog
$ openssl enc -provider legacy -bf-cfb -e -in plaintext.txt -out
ciphertext.asc -a -K d5cca2db098c2ea2 -iv da5638ace83dcde1
$ cat ciphertext.asc
tBL52uAegjMw+DQLL1ipaXQjDnX0KK72QyqMxU1MbuSIfchivPj/JOGWUOU=
$ openssl enc -provider legacy -bf-cfb -d -in ciphertext.asc -a -K
d5cca2db098c2ea2 -iv da5638ace83dcde1
The quick brown fox jumps over the lazy dog
If we then try to decrypt it in Debian Sid, we get:
$ openssl enc -provider legacy -bf-cfb -d -in ciphertext.asc -a -K
d5cca2db098c2ea2 -iv da5638ace83dcde1
hex string is too short, padding with zero bytes to length
�;S��\h<�Vɦyʄ(�g`Hrm^�[��u �"f�S�-9�u
This has been fixed upstream here:
https://github.com/openssl/openssl/commit/1b8ef23e68b273bb5e59f60df62251153f24768d
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2044391/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
