Hello, They have a bad verification of argument "pass" between in openssl command.
I discovered this because i use a passphrase of more than 4000 chars (interest can be discussed). All following information about souce code is based on OpenSSL 0.9.8k. When the pass argument is givent by command line $ /usr/bin/openssl enc -p -d -a -bf -pass pass:<big pass of 4000 chars> -in mlvs or by environment size of passphrase is unlimited $ /usr/bin/openssl enc -p -d -a -bf -pass env:pass -in mlvs decoding occur correctly. But if i use: $ /usr/bin/openssl enc -p -d -a -bf -kfile /path/to/my/pass -in mlvs $ /usr/bin/openssl enc -p -d -a -bf -pass file:/path/to/my/pass -in mlvs i have something like this: bad decrypt 16246:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:330: After reading source code, i think this append because with openssl enc command with option kfile read only 128 first chars of the file (enc.c line 228). So it's unable to read correctly the complete passphrase. With the -pass option, same issu, reding is done in apps.c of a contant size APP_PASS_LEN define in apps.h with value of 1024. Same issue, unable to read complete pass file, so failure in decyphring. The issue is $ /usr/bin/openssl enc -p -d -a -bf -pass pass:<big pass of 4000 chars> -in $ /usr/bin/openssl enc -p -d -a -bf -pass env:pass -in mlvs $ /usr/bin/openssl enc -p -d -a -bf -kfile /path/to/my/pass -in mlvs $ /usr/bin/openssl enc -p -d -a -bf -pass file:/path/to/my/pass -in mlvs have not the same bahaviour with more than 128 chars in passphrase. And this is blocking when we want a passphrase with chars than cannot be passed by env or command line (with non ascii chars) and with size more than 1024 chars. Best regards, -- Sebastien "Seblu" Luttringer - IT Engineer Smartjog - TDF Pole Multimedia 27 bd Hippolyte Marques, 94200 Ivry sur Seine, France Phone: +33.1.58.68.62.32 Fax: +33.1.58.68.62.05 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org