|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37595 last part of the string is lost at decoding
Submitted: 2006-05-25 23:49 UTC Modified: 2006-05-31 20:11 UTC
From: coditza at cluj dot astral dot ro Assigned:
Status: Not a bug Package: mcrypt related
PHP Version: 4.4.2 OS: windows
Private report: No CVE-ID: None
 [2006-05-25 23:49 UTC] coditza at cluj dot astral dot ro
If the lenght of the encoded string is a multiple of chipher block size, the last blocksize part of the chipher is lost at decoding.

Reproduce code:
Use the script at: to produce an encoded file, then, from shell:

openssl bf-cbc -in out.dat -out out.dec -K 000102030405060708090a0b0c0d0e0f -iv 0102030405060708 -d


cat out.dec

Expected result:

Actual result:
bad decrypt
31976:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/evp/evp_enc.c:450:
coditza@keep$ cat out.dec


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-29 13:07 UTC] coditza at cluj dot astral dot ro
The example is for freebsd 6.0 actually, but the beavior is the same both on windows (with php4) and on freebsd (with php5)
 [2006-05-30 23:35 UTC]
for($i=0;$i<$max;$i++) {
for($i=0;$i<=$max;$i++) {

Not PHP problem, just a user error.

 [2006-05-31 07:44 UTC] coditza at cluj dot astral dot ro
Indeed, your sugestion fixed the thing, but that's just a work around. I added some debuing bits and here are 2 outputs:

string: 12345678qwertyui12345678g
0) Encoding: 12345678 - 7e0dc5b2ff23aca1
1) Encoding: qwertyui - eb3b6b54025c6347
2) Encoding: 12345678 - f258e8a6ab3003af
3) Encoding: g - 20d274568051c4e6
4) Encoding: - 43f92ddf945e42fc

string lenght is 25, ceil(25/8) = 4, the for loop you sugested is "processing" an aditional empty part of the string. 

Again, this is a workaround, not a fix/user error. Please fix the library or point out in the docs that for a succesfull crypt you need to use this thinghy.

 [2006-05-31 08:43 UTC]
Please, fix your code, there is nothing wrong neither with mcrypt library nor with PHP.
 [2006-05-31 12:08 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

Thank you for your resistance.
 [2006-05-31 20:11 UTC]
There was nothing wrong here, so I reverted the patch. Openssl is behaving badly. Try the test vectors from and you will see. I also updated our testcases with this.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Feb 24 07:01:28 2024 UTC