php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #41015 decrypt doesn't work with web, CLI does!
Submitted: 2007-04-07 07:21 UTC Modified: 2007-04-08 08:42 UTC
From: johannes dot guentert at gutedel dot com Assigned:
Status: Closed Package: mcrypt related
PHP Version: 5.2.1 OS: Windows XP Home, SP2, updated.
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2007-04-07 07:21 UTC] johannes dot guentert at gutedel dot com 
Description:
------------
libmcrypt.dll and php_mcrypt.dll are the versions shipped with php 5.2.1, there are no other active dll's of this stuff in the system.

In the browser, encrypting does work without problems, decrypting doesn't work at all. In CLI there is no problem.

The "decrypted" string is the same as encrypted (binary confused stuff shown). mcrypt_decrypt() doesn't change the string.

No XAMPP, installed Apache is 2.0.55 in this case.


Reproduce code:
---------------
<?php
$text = "boggles the inivisble monkey will rule the world";
$key = "This is a very secret key";

$iv_size = mcrypt_get_iv_size(MCRYPT_XTEA, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
echo strlen($text) . "<br>";

$enc = mcrypt_encrypt(MCRYPT_XTEA, $key, $text, MCRYPT_MODE_ECB, $iv);
echo strlen($enc) . "<br>";
  
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$key = "This is a very secret key";
$text = "Meet me at 11 o'clock behind the monument.";
echo strlen($text) . "<br>";

$crypttext = mcrypt_decrypt(MCRYPT_XTEA, $key, $enc, MCRYPT_MODE_ECB, $iv);
echo "$crypttext<br>";
?>

Expected result:
----------------
Browser:

48
48
42
boggles the inivisble monkey will rule the world


Actual result:
--------------
Browser:

48
48
42
:????ea?0:?^i???U???L? ?z ???t?D?Ђ?–??R???R

CLI:

C:\eigene_dateien>php -q test.php
48<br>48<br>42<br>boggles the inivisble monkey will rule the world<br>
C:\eigene_dateien>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-04-07 08:35 UTC] derick@php.net 
You need the same IV for encrypting and decrypting - you're generating a new one for the decrypt process.
 [2007-04-07 08:54 UTC] johannes dot guentert at gutedel dot com 
that doesn't matter, i uncommented the line for the new iv in the source, same effect.

If this would matter, the CLI-Call wouldn't work also.
 [2007-04-07 09:32 UTC] johannes dot guentert at gutedel dot com 
I took the above code from http://de3.php.net/mcrypt_decrypt originally.

php.ini in C:\<php_dir>, the only one in the system-path:
---------------------------------------------------------
extension_dir = c:\<php_dir>\ext
extension=php_mcrypt.dll

It's the only extension i've loaded.

New, simplified code, with blowfish instead of XTEA (test.php):
---------------------------------------------------------------
<?php
$text = "boggles the inivisble monkey will rule the world";
$key = "This is a very secret key";

$iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

$enc = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $text, MCRYPT_MODE_ECB, $iv);
$crypttext = mcrypt_decrypt(MCRYPT_BLOWFISH, $key, $enc, MCRYPT_MODE_ECB, $iv);
echo $crypttext."<br>";
?>

CLI-result (correct):
---------------------
C:\eigene_dateien>php -q test.php
boggles the inivisble monkey will rule the world<br>
C:\eigene_dateien>

Browser-result:
---------------
g?????@???|M(M???\1N?9l??9???y?<??P?o??b8ր{


It's still the same problem.
 [2007-04-07 11:08 UTC] derick@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

It works fine for me on Linux both in the browser and on CLI with PHP-5.2.2dev
 [2007-04-07 13:13 UTC] johannes dot guentert at gutedel dot com 
Yes, on linux, it's fine on my systems too. It seems to be a specific windows problem. libmbcrypt.dll?
 [2007-04-07 13:32 UTC] johannes dot guentert at gutedel dot com 
The latest windows-snapshot causes the same problem, I copied the original php.ini-recommended from this snapshot and only uncomment an set following:

extension_dir = c:\<php_dir>\ext
extension=php_mcrypt.dll

the rest is original.

My apache-configs for php:

LoadModule php5_module "C:/<php_dir>/php5apache2.dll"
AddType application/x-httpd-php .php
PHPIniDir "C:/<php_dir>/php"

the php.ini is loaded in both cases, cli and browser (test with renamed php.ini)

Thanks for your help in advance!
 [2007-04-07 14:00 UTC] johannes dot guentert at gutedel dot com 
sorry, PHPiniDir is of course:

PHPIniDir "C:/<php_dir>"
 [2007-04-08 02:01 UTC] webmaster at wiedmann-online dot de 
No Problem here on Windows XP Pro SP2 with standard PHP Version 5.2.1.
But with Apache 2.2.3 and not 2.0.55 (Both apache2handler and CGI are ok).
 [2007-04-08 08:31 UTC] johannes dot guentert at gutedel dot com 
Perfect!

Switching to Apache 2.2 solves the problem! Thanks!

I'll try to catch the problem switching to Apache 2.0.59, too.
 [2007-04-08 08:42 UTC] johannes dot guentert at gutedel dot com 
Ok, updating the Apache from 2.0.55 to 2.0.59 solves the problem, too. It's running with my original httpd.conf.

Thanks again for your help to find this easter egg and Happy Easter to all... and don't work too much ;)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu May 02 19:01:29 2024 UTC