PHP :: Doc Bug #78628 :: AES-256-XTS cipher method does not work

Doc Bug #78628	AES-256-XTS cipher method does not work
Submitted:	2019-10-03 11:10 UTC	Modified:	2019-12-08 18:47 UTC
From:	alec@php.net	Assigned:
Status:	Open	Package:	OpenSSL related
PHP Version:	7.3.10	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	alec@php.net
New email:
PHP Version:		OS:

New Comment:

[2019-10-03 11:10 UTC] alec@php.net

Description:
------------
Tested with various PHP versions (7.3.9 and 7.4.0beta4 and some older 7.x) on Ubuntu 18.04. This originates from on of our users using PHP 7.3 on Debian Stable.

$php -r "print_r(openssl_get_cipher_methods());" | grep -i xts
    [12] => aes-128-xts
    [35] => aes-256-xts

However, if you see the test script openssl_enrypt() does not work, returns false. No error/warning. The same for AES-128-XTS.

I'm not sure what is expected from OpenSSL in the system, but `openssl ciphers -v | grep XTS` returns nothing.

Maybe that's not a bug, but I'd like to hear some explanation for this behavior.

Test script:
---------------
$iv = random_bytes(openssl_cipher_iv_length("aes-256-XTS"));
echo openssl_encrypt("test", "aes-256-XTS", "key", OPENSSL_RAW_DATA, $iv) === false;

Expected result:
----------------
0

Actual result:
--------------
1

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-10-04 11:06 UTC] alec@php.net

Additional info:
$ openssl list -cipher-algorithms | grep XTS
AES-128-XTS
AES-256-XTS

[2019-12-01 19:44 UTC] bukka@php.net

I think XTS needs a bit more handling so it's not fully supported. We could change this to the request to add support for it but wondering what the actual use case for XTS is in PHP world? It's mainly meant for disk encryption from what I know about this mode.

[2019-12-02 09:07 UTC] alec@php.net

I don't really have a use-case, but documentation says that openssl_encrypt() accepts methods returned from openssl_get_cipher_methods(). No mention about some being not implemented or buggy.

The function throws E_WARNING in some cases, maybe that's another case for E_WARNING. Or maybe you have to just make it working.

[2019-12-08 18:47 UTC] bukka@php.net

-Type: Bug +Type: Documentation Problem

[2019-12-08 18:47 UTC] bukka@php.net

Yeah I think this is more documentation issue. Some ciphers require different handling so we shouldn't state that "penssl_encrypt() accepts methods returned from openssl_get_cipher_methods()". In a similar way chacha20-poly1305 doesn't work as AEAD - requested in https://bugs.php.net/bug.php?id=76935 .

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 02:01:29 2024 UTC