[openssl-dev] openssl enc changed behaviour between 1.1.0 and earlear
Richard Levitte
levitte at openssl.org
Sat Nov 5 02:58:02 UTC 2016
In message <20161104205933.gw7pyvclnmdkvd73 at breakpoint.cc> on Fri, 4 Nov 2016 21:59:33 +0100, Sebastian Andrzej Siewior <openssl-dev at ml.breakpoint.cc> said:
openssl-dev> On 2016-11-03 22:12:44 [+0100], Richard Levitte wrote:
openssl-dev> >
openssl-dev> > That would be quite a job. The correctness of the key can't be
openssl-dev> > discovered before the last encrypted block, where the decrypted
openssl-dev> > padding will either be correct (because it was the right key) or not
openssl-dev> > (because it was the wrong key). Take into account a pipe with a 10MB
openssl-dev> > file, I'm sure you see where that takes us.
openssl-dev> >
openssl-dev> > The solution in that bug report seems sane, even though unfortunate.
openssl-dev> okay. And since the encrypted file has no header there is nothing we
openssl-dev> could hide. And if we add one now then it won't work with older openssl.
openssl-dev>
openssl-dev> So I will try to put this in the release notes for the Debian package.
openssl-dev> Do you have an idea where this would fit best in the Wiki? A new page
openssl-dev> with one entry does not make sense and it does not look like it belongs
openssl-dev> to
openssl-dev> https://wiki.openssl.org/index.php/1.1_API_Changes
Actually, I would think that a parallell page for the openssl app
(program?) would be the perfect place. It shouldn't matter if it
starts with just one item, it has to start somewhere (if you look at
the history of 1.1_API_Changes, you'll notice that it started small as
well).
Other things I can think of putting on such a page is the that the
1.1.0 'openssl' app takes all options before all non-option arguments,
there's no mixing them like there was in versions before 1.1.0. I.e.,
this doesn't work any more:
openssl ciphers AES -V
while this does:
openssl ciphers -V AES
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list