PHP :: Bug #80232 :: openssl_decrypt() error with aes-128-ocb fail to set openssl_error

Bug #80232	openssl_decrypt() error with aes-128-ocb fail to set openssl_error_string()
Submitted:	2020-10-14 01:27 UTC	Modified:	2020-10-14 10:33 UTC
From:	divinity76 at gmail dot com	Assigned:
Status:	Duplicate	Package:	OpenSSL related
PHP Version:	7.2.34	OS:
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2020-10-14 01:27 UTC] divinity76 at gmail dot com

Description:
------------
it seems some openssl_decrypt() decryption error with aes-128-ocb fail to register on openssl_error_string()

Test script:
---------------
<?php
declare(strict_types=1);
ini_set('display_errors','On');
error_reporting(E_ALL);
header("Content-Type: text/plain;charset=utf-8");
ini_set('html_errors','0');
$algo = 'aes-128-ocb';
$data_to_encrypt = $key = $iv = str_repeat("\x00", openssl_cipher_iv_length($algo));
$opts = OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING;
$encrypted = openssl_encrypt($data_to_encrypt, $algo, $key, $opts , $iv);
if(false===$encrypted || openssl_error_string() !== false){
    die("encryption error ".openssl_error_string());
}
$decrypted = openssl_decrypt($encrypted, $algo, $key, $opts, $iv);
if(($encrypted !== $data_to_encrypt) && ($data_to_encrypt === $decrypted)){
    echo "ok";
}else{
    echo "error: ";
    var_dump([
        "original"=>$data_to_encrypt,
        "encrypted"=>$encrypted,
        "decrypted"=>$decrypted,
        "openssl_error_string" => openssl_error_string()
    ]);
}


Expected result:
----------------
i either expected "ok", or expected openssl_error_string() to contain something other than bool(false) 

Actual result:
--------------
error: array(4) {
  ["original"]=>
  string(12) "������������"
  ["encrypted"]=>
  string(12) "{��f�g]�WG�"
  ["decrypted"]=>
  bool(false)
  ["openssl_error_string"]=>
  bool(false)
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-10-14 01:41 UTC] divinity76 at gmail dot com

(i don't know if the return from openssl_encrypt() is valid or bogus, but the return string looks like ciphertext to me, and _encrypt() doesn't set openssl_error_string() either)

[2020-10-14 10:33 UTC] nikic@php.net

-Status: Open +Status: Duplicate

[2020-10-14 10:33 UTC] nikic@php.net

It's normal that openssl_decrypt() does not provide detailed error information -- providing error information for decryption operations may break the security of the cipher.

However, something is clearly wrong with the handling of OCB here. It's an AEAD mode, but it doesn't accept a tag, and thus decryption will also fail. Apparently this has been previously reported in bug #79983.

[2020-10-14 16:55 UTC] divinity76 at gmail dot com

@nikic

> providing error information for decryption operations may break the security of the cipher.

if the oracle provided detailed decryption error information to attackers, i would agree with you, but the oracle itself should have access to that information,
unless openssl_error_string() is explicitly designed to not allow developers shoot themselves in the foot?

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 07:01:31 2024 UTC