Reputation: 129
OpenSSL 3.0 command fail to setting cipher
Starting with OpenSSL 3.0 the following command (which work on OpenSSL 1.1)
openssl bf-cbc -d -nopad -bufsize 2048 -K 000102030405060708090A0B0C0D0E0F -iv 0001020304050607 < enc
now fail with
Error setting cipher BF-CBC 40CCA0B4217F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (BF-CBC : 13), Properties ()
Looking at evp_fetch.c:349 I think I got a NULL method
But the -help screen don't provide anything related to specify a method
Usage: bf-cbc [options]
General options:
-help Display this summary
-list List ciphers
-ciphers Alias for -list
-e Encrypt
-d Decrypt
-p Print the iv/key
-P Print the iv/key and exit
-engine val Use engine, possibly a hardware device
Input options:
-in infile Input file
-k val Passphrase
-kfile infile Read passphrase from file
Output options:
-out outfile Output file
-pass val Passphrase source
-v Verbose output
-a Base64 encode/decode, depending on encryption flag
-base64 Same as option -a
-A Used with -[base64|a] to specify base64 buffer as a single line
Encryption options:
-nopad Disable standard block padding
-salt Use salt in the KDF (default)
-nosalt Do not use salt in the KDF
-debug Print debug info
-bufsize val Buffer size
-K val Raw key, in hex
-S val Salt, in hex
-iv val IV in hex
-md val Use specified digest to create a key from the passphrase
-iter +int Specify the iteration count and force use of PBKDF2
-pbkdf2 Use password-based key derivation function 2
-none Don't encrypt
-z Compress or decompress encrypted data using zlib
-* Any supported cipher
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
According to the wiki, the 1.1 -> 3.0 migration shall be backward compatible https://wiki.openssl.org/index.php/OpenSSL_3.0#Upgrading_to_OpenSSL_3.0_from_OpenSSL_1.1.1
Also, the -debug flags show that the OpenSSL3.0 cannot even create a cypher
Error setting cipher BF-CBC
407C4A7BB27F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (BF-CBC : 13), Properties ()
BIO[0x55a2269514d0]: Free - FILE pointer
BIO[0x55a2269515a0]: Free - FILE pointer
while OpenSSL 1.1 can
BIO[0x55d62a675ff0]: ctrl(6) - FILE pointer
BIO[0x55d62a675ff0]: ctrl return 0
BIO[0x55d62a673990]: ctrl return 0
BIO[0x55d62a670ab0]: ctrl(10) - FILE pointer
BIO[0x55d62a670ab0]: ctrl return 0
BIO[0x55d62a670ab0]: ctrl(2) - FILE pointer
BIO[0x55d62a670ab0]: ctrl return 0
BIO[0x55d62a670ab0]: read(0,2048) - FILE pointer
BIO[0x55d62a670ab0]: read return 2048
BIO[0x55d62a673990]: write(0,2048) - cipher
BIO[0x55d62a675ff0]: write(0,2048) - FILE pointer
...
BIO[0x55d62a675ff0]: write return 2048
BIO[0x55d62a673990]: write return 2048
BIO[0x55d62a670ab0]: ctrl(10) - FILE pointer
BIO[0x55d62a670ab0]: ctrl return 0
BIO[0x55d62a670ab0]: ctrl(2) - FILE pointer
BIO[0x55d62a670ab0]: ctrl return 0
BIO[0x55d62a670ab0]: read(0,2048) - FILE pointer
BIO[0x55d62a670ab0]: read return 0
BIO[0x55d62a673990]: ctrl(11) - cipher
BIO[0x55d62a675ff0]: ctrl(11) - FILE pointer
BIO[0x55d62a675ff0]: ctrl return 1
BIO[0x55d62a673990]: ctrl return 1
BIO[0x55d62a670ab0]: Free - FILE pointer
BIO[0x55d62a675ff0]: Free - FILE pointer
BIO[0x55d62a673990]: Free - cipher
What missing argument shall I provide to make this new "method" context work ?
Upvotes: 7
Views: 7761
Answers (1)
Reputation: 9392
One of the key differences between OpenSSL 3.0 and earlier versions is that crypto algorithms are now supplied through "providers". Most commonly used ciphers are available in the "default" provider - which gets loaded by default. You are trying to use the blowfish cipher. That cipher is implemented in the "legacy" OpenSSL 3.0 provider:
https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html
The legacy provider does not get loaded by default. You can load it explicitly by adding -provider legacy -provider default onto your command line, i.e.
openssl bf-cbc -d -nopad -bufsize 2048 -K 000102030405060708090A0B0C0D0E0F -iv 0001020304050607 -provider legacy -provider default < enc
Upvotes: 18
Related Questions
- des command on openssl 3.0 unsupported crypto error
- Inconsistent Blowfish encrypted data with OpenSSL C++ library and PHP
- openssl ciphers command showing cipher as SSL not TLS
- How to make Ubuntu's crypt(3) support Blowfish?
- OPENSSL Blowfish CBC encryption differs from PHP to C++
- EVP_CIPHER_CTX_set_key_length accepts bad sizes for blowfish
- Assistance with openssl blowfish simple example inserting garbage characters
- Encrypting and decrypting a message with Blowfish
- Decrypting openssl blowfish with Java
- Error decrypting file