[prev in list] [next in list] [prev in thread] [next in thread]
List: php-qa
Subject: [PHP-QA] Bug #68238 [Opn]: mcrypt_encode tests are broken
From: "gm dot outside+php at gmail dot com" <php-bugs () lists ! php ! net>
Date: 2014-10-15 17:32:24
Message-ID: 201410151732.s9FHWOno027684 () sgrv20 ! php ! net
[Download RAW message or body]
Edit report at https://bugs.php.net/bug.php?id=68238&edit=1
ID: 68238
User updated by: gm dot outside+php at gmail dot com
Reported by: gm dot outside+php at gmail dot com
Summary: mcrypt_encode tests are broken
Status: Open
Type: Bug
Package: Testing related
Operating System: Linux
PHP Version: 5.6.1
Block user comment: N
Private report: N
New Comment:
I did more testing, and I was a bit wrong about the strlen() part. Manually padding \
the keys with '\0' actually works, but the result does not match the ciphertext \
provided in RFC-2144 B.1 anymore. Additionally to that I was wrong re: the keysize \
requirement for that cipher should be 16 bytes (128-bit) as cipher's name 'cast-128' \
suggests.
Once the keys are properly padded with '\0' to be 128-bit the test returns the \
following differences:
002+ 80-bit: 753de29f5d167d03
003+ 40-bit: f00b0530833d7444
002- 80-bit: eb6a711a2c02271b
003- 40-bit: 7ac816d16e9b302e
So, something else was also changed that the mcrypt extension no longer conforms to \
RFC-2144 B.1.
Previous Comments:
------------------------------------------------------------------------
[2014-10-15 17:16:27] gm dot outside+php at gmail dot com
Description:
------------
There was a recent commit \
(http://git.php.net/?p=php-src.git;a=commit;h=a861a3a93d89a50ce58e1ab1abef1eb501f97483) \
that changed behaviour of the mcrypt_encode() function. After that commit the key is \
required to be at least the expected key length long, otherwise a warning message is \
issued and the mcrypt_encode() routine returns a failure.
The corresponding test in ext/mcrypt/tests/bug62102_rfc2144.php supplies 10 bytes key \
instead of 16 for cast-128 80-bit encryption and 5 bytes key instead of 10 for \
cast-128 40-bit encryption.
A quick fix to the test would be to pad the keys with '\0' manually (RFC-2144 B.1), \
e.g.
mcrypt_encrypt('cast-128', "\x01\x23\x45\x67\x12\x34\x56\x78\x23\x45\0\0\0\0\0\0", \
$plaintext, 'ecb')
but unfortunately due to the way changed code treats key data (as a null terminated \
string) and due to calculating the key size as strlen() of that string there is no \
way to satisfy the RFC-2144 B.1 since all trailing '\0' will be ignored.
Expected result:
----------------
That the RFC-2144 test would be passed with the explicitly specified vector and that \
mcrypt_encrypt() would honour the key argument as a binary string that can include \
'\0' anywhere in the string.
Actual result:
--------------
All trailing '\0' in the key argument are ignored, therefore it's impossible to pass \
RFC-2144 test to match section B.1.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=68238&edit=1
--
PHP Quality Assurance Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic