Date: Sat, 15 Dec 2018 05:27:08 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 234028] Openssl cannot decrypt properly Message-ID: <bug-234028-227-XlrgYIHqXr@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-234028-227@https.bugs.freebsd.org/bugzilla/> References: <bug-234028-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234028 --- Comment #6 from Conrad Meyer <cem@freebsd.org> --- (In reply to bc979 from comment #5) > However, I point out that the -md parameter is not documented in the man page for enc on 11.1 or earlier. Yep. It's mentioned, but usage and default are totally undocumented (and on 11.2 as well). $ openssl enc -h unknown option '-h' ... -md the next argument is the md to use to create a key from a passphrase. One of md2, md5, sha or sha1 Helpfully, none of the *listed* options in 1.0.2o enc are the 1.1.0 default (sha256). /s However, '-md sha256' can be provided manually and seems to decode correctly on 12. NAME openssl-enc, enc - symmetric cipher routines SYNOPSIS openssl enc -ciphername [-in filename] [-out filename] [-pass arg] [-e] [-d] [-a/-base64] [-A] [-k password] [-kfile filename] [-K key] [-iv IV] [-S salt] [-salt] [-nosalt] [-z] [-md] [-p] [-P] [-bufsize number] ^^^ (-md not documented anywhere else in the page) Generating gibberish makes sense, unfortunately — enc has no way of knowing that the wrong KDF function was used to turn password into key, and AES-256-CBC does not have any sort of integrity MAC to verify the correct key was used. So you get gibberish. I suspect the only reason a bad decrypt was noticed in my (short) input was that the final padding byte(s) didn't match up with PKCS expectations. You might see the same message (but only at the very end of the "decrypted" contents). -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-234028-227-XlrgYIHqXr>