# openssl-0.9.7d-r1 blowfish and openvpn

## gryph0n

I appears to me that openssl-0.9.7d-r1 that got pushed out this morning has blowfish disabled.  When attempting to use openvpn we get:

Wed Jun 16 10:23:53 2004 1: Cipher algorithm 'BF-CBC' not found (OpenSSL)

Re-emerging openvpn doesn't help and we've verified the ssl connections where we define blowfish as a preference are connecting with something other than blowfish.

Can someone shed some light on this?  I'll be happy to fiddle if someone can point me in a direction.  Thanks!

----------

## gryph0n

I've verified that 0.9.7d does not suffer from this lack of blowfish.  The diffs between the ebuilds look pretty innocuous:

---------------

thoth openssl # diff openssl-0.9.7d-r1.ebuild openssl-0.9.7d.ebuild

3c3

< # $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.7d-r1.ebuild,v 1.1 2004/06/15 18:48:40 aliz Exp $

---

> # $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.7d.ebuild,v 1.14 2004/06/15 18:48:40 aliz Exp $

17c17

< IUSE="emacs"

---

> IUSE="emacs uclibc"

23c23

<       sys-devel/bc"

---

>       !uclibc? ( sys-devel/bc )"

38d37

<       epatch ${FILESDIR}/${P}-smime.patch

---------------------

I don't see what might be here that would disable blowfish... 

Hints?

----------

## tdb

Looks like there may be a problem with OpenSSL. OpenVPN doesn't mess with any encryption; it unloads everything to OpenSSL. Looks like Blowfish got hosed during the SSL upgrade. Try recompiling.

----------

## gryph0n

Recompiling openssl 0.9.7d-r1 has the same results:  anything that requires blowfish fails.  0.9.7.d does not suffer from this behavior.  I've rolled back to 0.9.7d and everything works fine.

----------

## Thrifty

Exact same problem here,

oh well rolling back right now.

----------

## gryph0n

...and he suggested emerging openssl-0.9.7d-r0 and  openssl-0.9.7d-r1 and trying again.  I got the same results.  Rolling back to openssl-0.9.7d still works.  

As a result of all this I submitted bug #56708.  Let me know if you have any other info/results.

Thanks!

----------

## rasto

Same happened to me with version openssl-0.9.7i not sure what openssl i upgraded.

i've changed to gentoo-sources-2.6.15-r1 too

Im going to try to downgrade to openssl-0.9.7g-r1

when i run

```

strings /usr/lib/libcrypto.so.0.9.7 | grep BF

BF_set_key

BF_encrypt

BF_version

BF_options

BF_ecb_encrypt

BF_decrypt

BF_cbc_encrypt

BF_cfb64_encrypt

BF_ofb64_encrypt

BF-CBC

BF-ECB

BF-CFB

BF-OFB

BFUa.X

```

EDIT:

openssl downgrade to openssl-0.9.7e-r2 helped

----------

## jpl888

For anyone still with the BF-CBC problem.

I tried downgrading OpenSSL and got a problem with libcrypto so I unemerged and reemerged OpenSSL (0.9.7i) and that did the trick. 

Not really an answer but a definite work around!

----------

## odessit

Sorry for thread highjack:

What is the difference b/n 0.9.7 and 0.9.8 branches? They seem to be developed at the same time.

----------

## jamapii

 *jpl888 wrote:*   

> I tried downgrading OpenSSL and got a problem with libcrypto so I unemerged and reemerged OpenSSL (0.9.7i) and that did the trick. 

 

I guess openssl (sometimes) uses .h files or something else from the already installed version in compilation - unless there is no installed version.

Another hint is that I recently tried to recompile 0.9.7i which failed, but update from 0.9.7e to 0.9.7i worked a few days before.

----------

## xtlosx

hey guys, i'm having this problem.... new install of openvpn... openssl 0.9.7.i, i tried unmerging and remerging, same error... how can i downgrade via portage?

----------

## odborg

try:

```
MAKEOPTS="-j1" emerge openssl
```

EDIT:

and report your results to https://bugs.gentoo.org/show_bug.cgi?id=138484 to help resolve this bug

----------

