Blowfish decryption failure because of incorrect key length
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
The version of OpenSSL in Jammy (3.0.2) is affected by this issue: https:/
$ cat plaintext.txt
The quick brown fox jumps over the lazy dog
$ openssl enc -provider legacy -bf-cfb -e -in plaintext.txt -out ciphertext.asc -a -K d5cca2db098c2ea2 -iv da5638ace83dcde1
$ cat ciphertext.asc
tBL52uAegjM
$ openssl enc -provider legacy -bf-cfb -d -in ciphertext.asc -a -K d5cca2db098c2ea2 -iv da5638ace83dcde1
The quick brown fox jumps over the lazy dog
If we then try to decrypt it in Debian Sid, we get:
$ openssl enc -provider legacy -bf-cfb -d -in ciphertext.asc -a -K d5cca2db098c2ea2 -iv da5638ace83dcde1
hex string is too short, padding with zero bytes to length
�;S�
This has been fixed upstream here: https:/
I'm going to mark this as duplicate of another bug which I have an overdue answer to provide.
But one important question: what is your actual usecase that is negatively impacted?