PHP :: Bug #52409 :: Wrong hash

Bug #52409	Wrong hash_hmac result
Submitted:	2010-07-22 19:48 UTC	Modified:	2010-07-23 00:12 UTC
From:	blackakula at gmail dot com	Assigned:
Status:	Not a bug	Package:	OpenSSL related
PHP Version:	5.3.3	OS:	Ubuntu 10.04
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2010-07-22 19:48 UTC] blackakula at gmail dot com

Description:
------------
I've tried many other ways to calculate this SHA-256. All sources gave me expected result (string(64) "88e0d97d68acf161407af5965ae1e33b1743dbc400af1cc8a2020d47f45ca83e"), except PHP.
Source 1: http://hash.online-convert.com/sha256-generator (online sha256-generator)
Source 2: ruby code: OpenSSL::HMAC.hexdigest('sha256','49a40e1d5c24be8a6e7d566a05d346d0','eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEyNzk4MTgwMDAsIm9hdXRoX3Rva2VuIjoiMTIxMTc2NDk3OTEwMTg5fDIuNlBKWkFNTFozOGcxaUZYMXdraUZwZ19fLjM2MDAuMTI3OTgxODAwMC02MjAzMDc1NDJ8UXd5MHVuZEJ2YVlSYnJWcDBFSkN4eGdVRjQ4LiIsInVzZXJfaWQiOiI2MjAzMDc1NDIifQ')

PHP code example (gave me string(64) "61c9a97bd820052765e1291708352acadb397ea15489bf8be18bd34f775cda1a"):
<?php
var_dump(hash_hmac('sha256','eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEyNzk4MTA4MDAsIm9hdXRoX3Rva2VuIjoiMTIxMTc2NDk3OTEwMTg5fDIuNENNcl9UWV9OVnNKTmpSQlNzOGQ1QV9fLjM2MDAuMTI3OTgxMDgwMC02MjAzMDc1NDJ8eFg5QTBLRzRKbnNHNXZmQ2VaSGJpQmNJeE9vLiIsInVzZXJfaWQiOiI2MjAzMDc1NDIifQ','49a40e1d5c24be8a6e7d566a05d346d0',false));
?>

Test script:
---------------
<?php
var_dump(hash_hmac('sha256','eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEyNzk4MTA4MDAsIm9hdXRoX3Rva2VuIjoiMTIxMTc2NDk3OTEwMTg5fDIuNENNcl9UWV9OVnNKTmpSQlNzOGQ1QV9fLjM2MDAuMTI3OTgxMDgwMC02MjAzMDc1NDJ8eFg5QTBLRzRKbnNHNXZmQ2VaSGJpQmNJeE9vLiIsInVzZXJfaWQiOiI2MjAzMDc1NDIifQ','49a40e1d5c24be8a6e7d566a05d346d0',false));
?>

Expected result:
----------------
string(64) "88e0d97d68acf161407af5965ae1e33b1743dbc400af1cc8a2020d47f45ca83e"

Actual result:
--------------
string(64) "61c9a97bd820052765e1291708352acadb397ea15489bf8be18bd34f775cda1a"

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-07-23 00:12 UTC] pollita@php.net

-Status: Open +Status: Bogus

[2010-07-23 00:12 UTC] pollita@php.net

The outputs don't agree because the inputs are different.  Look closely at the values you're passing in for each:

Ruby: eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEyNzk4MTgwMDAsIm9hdXRoX3Rva2VuIjoiMTIxMTc2NDk3OTEwMTg5fDIuNlBKWkFNTFozOGcxaUZYMXdraUZwZ19fLjM2MDAuMTI3OTgxODAwMC02MjAzMDc1NDJ8UXd5MHVuZEJ2YVlSYnJWcDBFSkN4eGdVRjQ4LiIsInVzZXJfaWQiOiI2MjAzMDc1NDIifQ

PHP: eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEyNzk4MTA4MDAsIm9hdXRoX3Rva2VuIjoiMTIxMTc2NDk3OTEwMTg5fDIuNENNcl9UWV9OVnNKTmpSQlNzOGQ1QV9fLjM2MDAuMTI3OTgxMDgw
MC02MjAzMDc1NDJ8eFg5QTBLRzRKbnNHNXZmQ2VaSGJpQmNJeE9vLiIsInVzZXJfaWQiOiI2MjAzMDc1
NDIifQ

They're identical up to ...EwMTg5fDIuN    but then the Ruby version continues with lBKWkFN... while the PHP version continues with ENNcl9...

The hash of two different values will be different.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 23:01:27 2024 UTC