PHP :: Bug #73127 :: gost-crypto hash incorrect if input data contains long 0xFF sequence

Bug #73127

gost-crypto hash incorrect if input data contains long 0xFF sequence

Submitted:

2016-09-20 12:11 UTC

Modified:

Votes:	6
Avg. Score:	4.2 ± 0.9
Reproduced:	6 of 6 (100.0%)
Same Version:	2 (33.3%)
Same OS:	6 (100.0%)

From:

grundik at ololo dot cc

Assigned:

Status:

Closed

Package:

hash related

PHP Version:

7.0.11

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

[2016-09-20 12:11 UTC] grundik at ololo dot cc

Description:
------------
If input data contains long sequence of 0xFF bytes (40+ bytes), then calculated hash using gost-crypto algorithm becomes incorrect. That affects at least these functions:
* hash;
* hash_file;
* hash_stream.

Test script:
---------------
$test = str_repeat("\xFF", 40);
echo hash('gost-crypto', $test);


Expected result:
----------------
231d8bb980d3faa30fee6ec475df5669cf6c24bbce22f46d6737470043a99f8e

Actual result:
--------------
8e0be2995864c40f8111feaa9df6fc4830632fdf61e365d9feca87f1e485d1f7

Patches

Pull Requests

Pull requests:

Fix: gost-crypto hash incorrect if input data contains long 0xFF sequence (php-src/2391)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-10-31 15:17 UTC] iofeed at yandex dot ru

This problem is easily reproduced when you try to create hash for an XLS file.

[2017-02-03 09:13 UTC] grundik at ololo dot cc

Same issue in gost hash:

Test script:
---------------
$test = str_repeat("\xFF", 40);
echo hash('gost', $test);


Expected result:
----------------
9eaf96ba62f90fae6707f1d4274d1a9d6680f5a121d4387815aa3a6ec42439c5

Actual result:
--------------
140da043c3c8c9355b73de375ba23ce82cd0aa7c2ba334a25b7058fbe3efaba2

[2017-02-03 12:54 UTC] grundik at ololo dot cc

Examples of tools, which gives correct output for gost-crypto algorithm:
* openssl with GOST engine: "openssl dgst -engine gost -md_gost94 -hex <file>";
* rhash: "rhash --gost-cryptopro <file>" (or "rhash --gost <file>" for "gost" S-blocks);
* CryptoPro CSP: "cryptcp -hash <file>".

[2017-02-24 22:23 UTC] nikic@php.net

Automatic comment on behalf of grundik@ololo.cc
Revision: http://git.php.net/?p=php-src.git;a=commit;h=eac8166bd468a3c7c00b5163f6f86804911b660d
Log: Fix bug #73127

[2017-02-24 22:23 UTC] nikic@php.net

-Status: Open +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Oct 26 04:00:01 2025 UTC