https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234028
--- Comment #1 from Conrad Meyer <c...@freebsd.org> --- When I do the same thing on 11.2ish with a 16-byte plaintext file, it uses aes-256-cbc and produces a 48 byte output. I am able to reproduce, sort of — I don't get bogus output, but a decryption error instead. Because it may be useful, here is the output with '-v -v -v -debug' too: ENCRYPT, 11.x: ============== BIO[0x801816070]: ctrl(108) - FILE pointer BIO[0x801816070]: ctrl return 1 enter aes-256-cbc encryption password: Verifying - enter aes-256-cbc encryption password: BIO[0x8018160e0]: ctrl(108) - FILE pointer BIO[0x8018160e0]: ctrl return 1 BIO[0x8018160e0]: write(0,8) - FILE pointer BIO[0x8018160e0]: write return 8 BIO[0x8018160e0]: write(0,8) - FILE pointer BIO[0x8018160e0]: write return 8 BIO[0x801816150]: ctrl(6) - cipher BIO[0x8018160e0]: ctrl(6) - FILE pointer BIO[0x8018160e0]: ctrl return 0 BIO[0x801816150]: ctrl return 0 BIO[0x801816070]: read(0,8192) - FILE pointer BIO[0x801816070]: read return 16 BIO[0x801816150]: write(0,16) - cipher BIO[0x8018160e0]: write(0,16) - FILE pointer BIO[0x8018160e0]: write return 16 BIO[0x801816150]: write return 16 BIO[0x801816070]: read(0,8192) - FILE pointer BIO[0x801816070]: read return 0 BIO[0x801816150]: ctrl(11) - cipher BIO[0x8018160e0]: write(0,16) - FILE pointer BIO[0x8018160e0]: write return 16 BIO[0x8018160e0]: ctrl(11) - FILE pointer BIO[0x8018160e0]: ctrl return 1 BIO[0x801816150]: ctrl return 1 bytes read : 16 bytes written: 48 BIO[0x801816070]: Free - FILE pointer BIO[0x8018160e0]: Free - FILE pointer BIO[0x801816150]: Free - cipher DECRYPT, CURRENT: ================= bufsize=8192 enter aes-256-cbc decryption password: BIO[0x800aea180]: read(0,8) - FILE pointer BIO[0x800aea180]: read return 8 BIO[0x800aea180]: read(0,8) - FILE pointer BIO[0x800aea180]: read return 8 *** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better. BIO[0x800aea280]: ctrl(6) - cipher BIO[0x800aea200]: ctrl(6) - FILE pointer BIO[0x800aea200]: ctrl return 0 BIO[0x800aea280]: ctrl return 0 BIO[0x800aea180]: read(0,8192) - FILE pointer BIO[0x800aea180]: read return 32 BIO[0x800aea280]: write(0,32) - cipher BIO[0x800aea200]: write(0,16) - FILE pointer BIO[0x800aea200]: write return 16 BIO[0x800aea280]: write return 32 BIO[0x800aea180]: read(0,8192) - FILE pointer BIO[0x800aea180]: read return 0 BIO[0x800aea280]: ctrl(11) - cipher BIO[0x800aea280]: ctrl return 0 bad decrypt 34371153920:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:/usr/home/conrad/src/freebsd/crypto/openssl/crypto/evp/evp_enc.c:537: BIO[0x800aea180]: Free - FILE pointer BIO[0x800aea200]: Free - FILE pointer BIO[0x800aea280]: Free - cipher Additionally, running the same encryption command on CURRENT with the same plaintext produces a different ciphertext. But result is salted, so that isn't very surprising. CURRENT openssl is able to decrypt the output from the enc command on CURRENT. The debug output is identical, up to this point: BIO[0x800aea280]: write return 32 BIO[0x800aea180]: read(0,8192) - FILE pointer BIO[0x800aea180]: read return 0 BIO[0x800aea280]: ctrl(11) - cipher -------------------------------------- diverges BIO[0x800aea200]: ctrl(11) - FILE pointer BIO[0x800aea200]: ctrl return 1 BIO[0x800aea280]: ctrl return 1 bytes read : 48 bytes written: 16 -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
