PHP :: Bug #73127 :: gost-crypto hash incorrect if input data contains long 0xFF sequence

Bug #73127

gost-crypto hash incorrect if input data contains long 0xFF sequence

Submitted:

2016-09-20 12:11 UTC

Modified:

Votes:	6
Avg. Score:	4.2 ± 0.9
Reproduced:	6 of 6 (100.0%)
Same Version:	2 (33.3%)
Same OS:	6 (100.0%)

From:

grundik at ololo dot cc

Assigned:

Status:

Closed

Package:

hash related

PHP Version:

7.0.11

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	grundik at ololo dot cc
New email:
PHP Version:		OS:

New Comment:

[2016-09-20 12:11 UTC] grundik at ololo dot cc

Description:
------------
If input data contains long sequence of 0xFF bytes (40+ bytes), then calculated hash using gost-crypto algorithm becomes incorrect. That affects at least these functions:
* hash;
* hash_file;
* hash_stream.

Test script:
---------------
$test = str_repeat("\xFF", 40);
echo hash('gost-crypto', $test);


Expected result:
----------------
231d8bb980d3faa30fee6ec475df5669cf6c24bbce22f46d6737470043a99f8e

Actual result:
--------------
8e0be2995864c40f8111feaa9df6fc4830632fdf61e365d9feca87f1e485d1f7

Patches

Pull Requests

Pull requests:

Fix: gost-crypto hash incorrect if input data contains long 0xFF sequence (php-src/2391)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-10-31 15:17 UTC] iofeed at yandex dot ru

This problem is easily reproduced when you try to create hash for an XLS file.

[2017-02-03 09:13 UTC] grundik at ololo dot cc

Same issue in gost hash:

Test script:
---------------
$test = str_repeat("\xFF", 40);
echo hash('gost', $test);


Expected result:
----------------
9eaf96ba62f90fae6707f1d4274d1a9d6680f5a121d4387815aa3a6ec42439c5

Actual result:
--------------
140da043c3c8c9355b73de375ba23ce82cd0aa7c2ba334a25b7058fbe3efaba2

[2017-02-03 12:54 UTC] grundik at ololo dot cc

Examples of tools, which gives correct output for gost-crypto algorithm:
* openssl with GOST engine: "openssl dgst -engine gost -md_gost94 -hex <file>";
* rhash: "rhash --gost-cryptopro <file>" (or "rhash --gost <file>" for "gost" S-blocks);
* CryptoPro CSP: "cryptcp -hash <file>".

[2017-02-24 22:23 UTC] nikic@php.net

Automatic comment on behalf of grundik@ololo.cc
Revision: http://git.php.net/?p=php-src.git;a=commit;h=eac8166bd468a3c7c00b5163f6f86804911b660d
Log: Fix bug #73127

[2017-02-24 22:23 UTC] nikic@php.net

-Status: Open +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 12:01:29 2024 UTC