php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80232 openssl_decrypt() error with aes-128-ocb fail to set openssl_error_string()
Submitted: 2020-10-14 01:27 UTC Modified: 2020-10-14 10:33 UTC
From: divinity76 at gmail dot com Assigned:
Status: Duplicate Package: OpenSSL related
PHP Version: 7.2.34 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: divinity76 at gmail dot com
New email:
PHP Version: OS:

 

 [2020-10-14 01:27 UTC] divinity76 at gmail dot com 
Description:
------------
it seems some openssl_decrypt() decryption error with aes-128-ocb fail to register on openssl_error_string()

Test script:
---------------
<?php
declare(strict_types=1);
ini_set('display_errors','On');
error_reporting(E_ALL);
header("Content-Type: text/plain;charset=utf-8");
ini_set('html_errors','0');
$algo = 'aes-128-ocb';
$data_to_encrypt = $key = $iv = str_repeat("\x00", openssl_cipher_iv_length($algo));
$opts = OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING;
$encrypted = openssl_encrypt($data_to_encrypt, $algo, $key, $opts , $iv);
if(false===$encrypted || openssl_error_string() !== false){
    die("encryption error ".openssl_error_string());
}
$decrypted = openssl_decrypt($encrypted, $algo, $key, $opts, $iv);
if(($encrypted !== $data_to_encrypt) && ($data_to_encrypt === $decrypted)){
    echo "ok";
}else{
    echo "error: ";
    var_dump([
        "original"=>$data_to_encrypt,
        "encrypted"=>$encrypted,
        "decrypted"=>$decrypted,
        "openssl_error_string" => openssl_error_string()
    ]);
}


Expected result:
----------------
i either expected "ok", or expected openssl_error_string() to contain something other than bool(false) 

Actual result:
--------------
error: array(4) {
  ["original"]=>
  string(12) "������������"
  ["encrypted"]=>
  string(12) "{��f�g]�WG�"
  ["decrypted"]=>
  bool(false)
  ["openssl_error_string"]=>
  bool(false)
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-10-14 01:41 UTC] divinity76 at gmail dot com 
(i don't know if the return from openssl_encrypt() is valid or bogus, but the return string looks like ciphertext to me, and _encrypt() doesn't set openssl_error_string() either)
 [2020-10-14 10:33 UTC] nikic@php.net
-Status: Open +Status: Duplicate
 [2020-10-14 10:33 UTC] nikic@php.net 
It's normal that openssl_decrypt() does not provide detailed error information -- providing error information for decryption operations may break the security of the cipher.

However, something is clearly wrong with the handling of OCB here. It's an AEAD mode, but it doesn't accept a tag, and thus decryption will also fail. Apparently this has been previously reported in bug #79983.
 [2020-10-14 16:55 UTC] divinity76 at gmail dot com 
@nikic

> providing error information for decryption operations may break the security of the cipher.

if the oracle provided detailed decryption error information to attackers, i would agree with you, but the oracle itself should have access to that information,
unless openssl_error_string() is explicitly designed to not allow developers shoot themselves in the foot?
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 08:01:30 2024 UTC