Openssl 0.9.7g encrypt/decrypt incompatable with Openssl 0.9.6m

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Openssl 0.9.7g encrypt/decrypt incompatable with Openssl 0.9.6m

Belliappa, Ashith Muddiana (STSD)
Hi All,

I am facing a problem while performing encryption and decryption using 0.9.7g. Here I am encrypting data using openssl 0.9.7g and decrypting using 0.9.6m., and vice versa. Basically, I find the incompatibility is broken between the 2 versions. Any major changes have been done to the Code which has changed the behavior of the Output of Cipher Encryption which has not been tested?

I am using Blowfish algorithm in CBC Mode with 128bit key.
Could anyone give a clue why there is a difference in the encrypted outputs of 2 versions? This obviously, will break the compatible with the Openssl 0.9.6m.

Input File Size: 38 bytes
Output File Size: After encryption with Blowfish
With 0.9.6m ----> 48 bytes
With 0.9.7g ----> 56 bytes

Now if we try to decrypt using 0.9.7g the output of 48 bytes obtained with 0.9.6m encryption then first 16 bytes are not been decrypted correctly and obtained remaining bytes are ok

Similarly, if we try to decrypt using 0.9.6m the output of 56 bytes obtained with 0.9.7g encryption then first 8 bytes are not been decrypted correctly and obtained remaining bytes are ok.

Sample input value
--------------------
Hellowelcometonewopensslversion0.9.7g

With 0.9.6m decryption  
----------------------
Yè'r½'cometonewopensslversion0.9.7g

With 0.9.7g decryption
----------------------
Yè'r½'r½ewopensslversion0.9.7g

TIA. Rgds,
Ashith





______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Openssl 0.9.7g encrypt/decrypt incompatable with Openssl 0.9.6m

Dr. Stephen Henson
On Wed, Jun 15, 2005, Belliappa, Ashith Muddiana (STSD) wrote:

> Hi All,
>
> I am facing a problem while performing encryption and decryption using 0.9.7g. Here I am encrypting data using openssl 0.9.7g and decrypting using 0.9.6m., and vice versa. Basically, I find the incompatibility is broken between the 2 versions. Any major changes have been done to the Code which has changed the behavior of the Output of Cipher Encryption which has not been tested?
>
> I am using Blowfish algorithm in CBC Mode with 128bit key.
> Could anyone give a clue why there is a difference in the encrypted outputs of 2 versions? This obviously, will break the compatible with the Openssl 0.9.6m.
>
> Input File Size: 38 bytes
> Output File Size: After encryption with Blowfish
> With 0.9.6m ----> 48 bytes
> With 0.9.7g ----> 56 bytes
>
> Now if we try to decrypt using 0.9.7g the output of 48 bytes obtained with 0.9.6m encryption then first 16 bytes are not been decrypted correctly and obtained remaining bytes are ok
>
> Similarly, if we try to decrypt using 0.9.6m the output of 56 bytes obtained with 0.9.7g encryption then first 8 bytes are not been decrypted correctly and obtained remaining bytes are ok.
>
> Sample input value
> --------------------
> Hellowelcometonewopensslversion0.9.7g
>
> With 0.9.6m decryption  
> ----------------------
> Yè'r½'cometonewopensslversion0.9.7g
>
> With 0.9.7g decryption
> ----------------------
> Yè'r½'r½ewopensslversion0.9.7g
>

It looks like one is using salting and the other not but IIRC salting was made
the default earlier than 0.9.6X. Try the -nosalt in 0.9.7X or -salt in the
earlier version.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]