php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37595 last part of the string is lost at decoding
Submitted: 2006-05-25 23:49 UTC Modified: 2006-05-31 20:11 UTC
From: coditza at cluj dot astral dot ro Assigned:
Status: Not a bug Package: mcrypt related
PHP Version: 4.4.2 OS: windows
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: coditza at cluj dot astral dot ro
New email:
PHP Version: OS:

 

 [2006-05-25 23:49 UTC] coditza at cluj dot astral dot ro
Description:
------------
If the lenght of the encoded string is a multiple of chipher block size, the last blocksize part of the chipher is lost at decoding.

Reproduce code:
---------------
Use the script at: http://www.coada.net/develop/crypt.phps to produce an encoded file, then, from shell:

openssl bf-cbc -in out.dat -out out.dec -K 000102030405060708090a0b0c0d0e0f -iv 0102030405060708 -d

and

cat out.dec

Expected result:
----------------
coditza@keep$
12345678qwertyui12345678coditza@keep$

Actual result:
--------------
bad decrypt
31976:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/evp/evp_enc.c:450:
coditza@keep$ cat out.dec
12345678qwertyuicoditza@keep$


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-29 13:07 UTC] coditza at cluj dot astral dot ro
The example is for freebsd 6.0 actually, but the beavior is the same both on windows (with php4) and on freebsd (with php5)
 [2006-05-30 23:35 UTC] tony2001@php.net
Change
for($i=0;$i<$max;$i++) {
to
for($i=0;$i<=$max;$i++) {

Not PHP problem, just a user error.

 [2006-05-31 07:44 UTC] coditza at cluj dot astral dot ro
Indeed, your sugestion fixed the thing, but that's just a work around. I added some debuing bits and here are 2 outputs:

string: 12345678qwertyui12345678g
0) Encoding: 12345678 - 7e0dc5b2ff23aca1
1) Encoding: qwertyui - eb3b6b54025c6347
2) Encoding: 12345678 - f258e8a6ab3003af
3) Encoding: g - 20d274568051c4e6
4) Encoding: - 43f92ddf945e42fc

string lenght is 25, ceil(25/8) = 4, the for loop you sugested is "processing" an aditional empty part of the string. 

Again, this is a workaround, not a fix/user error. Please fix the library or point out in the docs that for a succesfull crypt you need to use this thinghy.

Thanks
 [2006-05-31 08:43 UTC] tony2001@php.net
Please, fix your code, there is nothing wrong neither with mcrypt library nor with PHP.
 [2006-05-31 12:08 UTC] tony2001@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Thank you for your resistance.
 [2006-05-31 20:11 UTC] derick@php.net
There was nothing wrong here, so I reverted the patch. Openssl is behaving badly. Try the test vectors from http://www.schneier.com/code/vectors.txt and you will see. I also updated our testcases with this.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Oct 06 13:01:27 2024 UTC