php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #27455 mdecrypt_generic() fails all but 'ecb' with mcrypt_module_close()
Submitted: 2004-03-02 03:14 UTC Modified: 2004-03-02 14:57 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: robert at peakepro dot com Assigned:
Status: Not a bug Package: mcrypt related
PHP Version: 4.3.4 OS: RH Linux, Mac OS X
Private report: No CVE-ID: None
View Developer Edit
 [2004-03-02 03:14 UTC] robert at peakepro dot com 
Description:
------------
I noticed all the examples in the online documentation 
do not actually close out the mcrypt module, they simply 
deinit. This is not an accurate simulation of a real-
world use, where an encrypted string may be stored and 
later retreived long after the module has been closed. 

I encountered this potential bug when running the loop I 
posted on the mcrypt main page. It seems that in all 
modes except ecb, mcrypt fails to decrypt encrypted 
strings after the module has been closed. At first I 
thought it was just my system or my libmcrypt, but I 
have tried this on multiple machines with the same 
results.

Reproduce code:
---------------
http://www.peakepro.com/workbench/mcrypt

Expected result:
----------------
The same results as in the source code posted in 
mcrypt_module_open() i.e. the original string.

Actual result:
--------------
Garbled output that varies with each new call.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-02 03:31 UTC] derick@php.net 
This is not a bug at all; you HAVE to use the same IV for both encrypting and decrypting otherwise the algorithm is pointed in the wrong way. The reason why it works with ECB is because that is the only mode not using an IV.

See also:
http://talks.php.net/show/encryption-vancouver/14
and further slides, and
http://talks.php.net/show/encryption-vancouver/24
 [2004-03-02 14:51 UTC] robert at peakepro dot com 
Thanks for the quick reply. I'll look into this and 
ammend my contribution to the manual as appropriate. I'm 
guessing if this wasn't clear to me it may not have been 
clear to a lot of people.
 [2004-03-02 14:57 UTC] derick@php.net 
Yup, it's something mistaken by a lot of people. (I set the status back to bogus, as this is not a bug in PHP).
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Oct 30 23:00:01 2025 UTC