|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80232 openssl_decrypt() error with aes-128-ocb fail to set openssl_error_string()
Submitted: 2020-10-14 01:27 UTC Modified: 2020-10-14 10:33 UTC
From: divinity76 at gmail dot com Assigned:
Status: Duplicate Package: OpenSSL related
PHP Version: 7.2.34 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: divinity76 at gmail dot com
New email:
PHP Version: OS:


 [2020-10-14 01:27 UTC] divinity76 at gmail dot com
it seems some openssl_decrypt() decryption error with aes-128-ocb fail to register on openssl_error_string()

Test script:
header("Content-Type: text/plain;charset=utf-8");
$algo = 'aes-128-ocb';
$data_to_encrypt = $key = $iv = str_repeat("\x00", openssl_cipher_iv_length($algo));
$encrypted = openssl_encrypt($data_to_encrypt, $algo, $key, $opts , $iv);
if(false===$encrypted || openssl_error_string() !== false){
    die("encryption error ".openssl_error_string());
$decrypted = openssl_decrypt($encrypted, $algo, $key, $opts, $iv);
if(($encrypted !== $data_to_encrypt) && ($data_to_encrypt === $decrypted)){
    echo "ok";
    echo "error: ";
        "openssl_error_string" => openssl_error_string()

Expected result:
i either expected "ok", or expected openssl_error_string() to contain something other than bool(false) 

Actual result:
error: array(4) {
  string(12) "������������"
  string(12) "{��f�g]�WG�"


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2020-10-14 01:41 UTC] divinity76 at gmail dot com
(i don't know if the return from openssl_encrypt() is valid or bogus, but the return string looks like ciphertext to me, and _encrypt() doesn't set openssl_error_string() either)
 [2020-10-14 10:33 UTC]
-Status: Open +Status: Duplicate
 [2020-10-14 10:33 UTC]
It's normal that openssl_decrypt() does not provide detailed error information -- providing error information for decryption operations may break the security of the cipher.

However, something is clearly wrong with the handling of OCB here. It's an AEAD mode, but it doesn't accept a tag, and thus decryption will also fail. Apparently this has been previously reported in bug #79983.
 [2020-10-14 16:55 UTC] divinity76 at gmail dot com

> providing error information for decryption operations may break the security of the cipher.

if the oracle provided detailed decryption error information to attackers, i would agree with you, but the oracle itself should have access to that information,
unless openssl_error_string() is explicitly designed to not allow developers shoot themselves in the foot?
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Mar 03 06:01:30 2024 UTC