Bug 1470942 - Files encrypted with Fedora 24 openssl cannot be decrypted with Fedora 26 openssl
Files encrypted with Fedora 24 openssl cannot be decrypted with Fedora 26 ope...
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
x86_64 Linux
unspecified Severity urgent
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2017-07-14 01:55 EDT by David Levner
Modified: 2017-07-14 03:48 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-07-14 03:48:20 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Contains all files need to reproduce the problem. (8.12 KB, application/zip)
2017-07-14 01:55 EDT, David Levner
no flags Details

  None (edit)
Description David Levner 2017-07-14 01:55:29 EDT
Created attachment 1298119 [details]
Contains all files need to reproduce the problem.

Description of problem: I get an error when I use F26's openssl to decrypt a file that I encrypted with F24's openssl. Although the decrypted file is created, it is not useable.

Version-Release number of selected component (if applicable):

Fedora 24: openssl Version 1.0.2k, Release 1.fc24
Fedora 26: openssl Version 1.1.0f, Release 4.fc26

How reproducible: Every time

Steps to Reproduce:
1. Create a zip file on a Fedora 24 computer (may happen with other files--I have only tried zip files).
2. Create a password file.
3. Encrypt the zip file. Here is the command I used:

openssl enc -e -aes-256-cbc -pass file:easy-password.txt -in temp.zip -out temp.zip.enc

4. Copy the encrypted file and password file to a Fedora 26 computer.
5. Attempt to decrypt the encrypted file. Here is my command:

openssl enc -d -aes-256-cbc -pass file:easy-password.txt -in temp.zip.enc -out temp.zip

Actual results:

bad decrypt
139723542062848:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:573:

Although the output file, temp.zip, is created, it cannot be unzipped.

Expected results:

No error message from the 'openssl enc -d ...' command.
The output of the openssl command is a valid zip file that can be unzipped.

Additional info: The attachment contains temp.zip, temp.zip.enc and easy-password.txt, all the files referenced in the commands above. These files (and this bug report) were created on an F24 system.
Comment 1 Tomas Mraz 2017-07-14 03:48:20 EDT
Please see the enc(1) manual page. "The default digest was changed from MD5 to SHA256 in Openssl 1.1"

To decode the files encrypted with OpenSSL 1.0 simply add -md md5 option.

Note You need to log in before you can comment on or make changes to this bug.