|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73127 gost-crypto hash incorrect if input data contains long 0xFF sequence
Submitted: 2016-09-20 12:11 UTC Modified: -
Avg. Score:4.2 ± 0.9
Reproduced:6 of 6 (100.0%)
Same Version:2 (33.3%)
Same OS:6 (100.0%)
From: grundik at ololo dot cc Assigned:
Status: Closed Package: hash related
PHP Version: 7.0.11 OS: Linux
Private report: No CVE-ID: None
 [2016-09-20 12:11 UTC] grundik at ololo dot cc
If input data contains long sequence of 0xFF bytes (40+ bytes), then calculated hash using gost-crypto algorithm becomes incorrect. That affects at least these functions:
* hash;
* hash_file;
* hash_stream.

Test script:
$test = str_repeat("\xFF", 40);
echo hash('gost-crypto', $test);

Expected result:

Actual result:


Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-10-31 15:17 UTC] iofeed at yandex dot ru
This problem is easily reproduced when you try to create hash for an XLS file.
 [2017-02-03 09:13 UTC] grundik at ololo dot cc
Same issue in gost hash:

Test script:
$test = str_repeat("\xFF", 40);
echo hash('gost', $test);

Expected result:

Actual result:
 [2017-02-03 12:54 UTC] grundik at ololo dot cc
Examples of tools, which gives correct output for gost-crypto algorithm:
* openssl with GOST engine: "openssl dgst -engine gost -md_gost94 -hex <file>";
* rhash: "rhash --gost-cryptopro <file>" (or "rhash --gost <file>" for "gost" S-blocks);
* CryptoPro CSP: "cryptcp -hash <file>".
 [2017-02-24 22:23 UTC]
Automatic comment on behalf of
Log: Fix bug #73127
 [2017-02-24 22:23 UTC]
-Status: Open +Status: Closed
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC