#11883 closed defect (fixed)
BUG: OpenSSL 0.9.8e produces incorrect ciphertext with varible block size ciphers
| Reported by: | ecronin (Eric Cronin) | Owned by: | mww@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 1.4.3 |
| Keywords: | Cc: | mww@…, ecronin (Eric Cronin) | |
| Port: |
Description
OpenSSL 0.9.8e introduced an error in how EVP encryption/decryption operates with ciphers which can have variable block sizes. A fix was committed a few days later but no update has been released. The patch is at <http://cvs.openssl.org/chngview?cn=15978> and when applied fixes this bug.
The bug only tends to pop up in applications doing their own EVP encryption/decryption (e.g. going through libssl does not exercise the bug), primarily encrypted filesystems and the like. In particular I know that BoxBackup in darwinports breaks due to this bug, since blocks encrypted using OpenSSL 0.9.8d are not decryptable by OpenSSL 0.9.8e.
Note: See
TracTickets for help on using
tickets.
the most recent version -- meanwhile -- is 0.9.8g