Bug#412979: [Pkg-openssl-devel] Bug#412979: encfs fails when openssl
is upgraded to 0.9.8e-2
Kurt Roeckx
kurt at roeckx.be
Sat Mar 3 13:48:52 CET 2007
On Fri, Mar 02, 2007 at 09:31:04PM +0100, Kurt Roeckx wrote:
> On Thu, Mar 01, 2007 at 02:34:11PM +0100, maf at appgate.com wrote:
> > Package: encfs
> > Version: 1.2.5-1-1
> > Severity: grave
> > Justification: renders package unusable
> >
> > Encfs stopped working after I upgraded my system today. The symptom was
> > that it complained "Error decoding volume key, password incorrect" even
> > through the password was correct. Running with the -v flag gave:
> >
> > 14:04:08 (main.cpp:518) Root directory: [deleted]
> > 14:04:08 (main.cpp:519) Fuse arguments: (daemon) (threaded) encfs [deleted]
> > 14:04:08 (Interface.cpp:165) checking if ssl/aes(2:1:1) implements ssl/blowfish(
> > 2:1:1)
> > 14:04:08 (Interface.cpp:165) checking if ssl/blowfish(2:1:1) implements ssl/blow
> > fish(2:1:1)
> > 14:04:08 (SSL_Cipher.cpp:322) allocated cipher ssl/blowfish, keySize 20, ivlengt
> > h 8
> > EncFS Password:
> > 14:04:14 (FileUtils.cpp:1231) configuration key size = 32
> > 14:04:14 (FileUtils.cpp:1232) cipher key size = 32
> > 14:04:14 (SSL_Cipher.cpp:524) checksum mismatch: expected 403434338, got 1157830
> > 156
> > 14:04:14 (SSL_Cipher.cpp:525) on decode of 28 bytes
> > Error decoding volume key, password incorrect
> >
> > Downgrading openssl to 0.9.8c-4 solved the problem.
>
> Hi,
>
> I've been trying encrypting/decrypting things using blowfish in
> cbc and cfb mode using both versions. All my tests passed without
> any problems. I also don't see any problems in the output of the
> regression tests.
>
> I didn't try using encfs yet since I've never used this before. It's
> also alot easier if you can get a test case which is easy to reproduce.
>
> I haven't tried with encfs yet since I don't know it. I have to guess
> that for some reason it's passing a different key to the openssl
> library.
>
> encfs seems to be using it's own algorithms to get to the key and iv
> BytesToKey(). Can you verify that key and iv contain the same thing
> when BytesToKey() returns using both version of the library? You
> need to check them for keySize (20) and ivLength (8) bytes each.
>
> (Please don't show the contents of those buffers if you really care
> about your data.)
I see that you're using fuse 2.6.2-1, so you might want to look at
http://bugs.debian.org/409554 too.
Kurt
More information about the Pkg-openssl-devel
mailing list