[PHP-DEV] Bug #15140: mcrypt fails for twofish but work properly for all other type of encryption

[bguillot]

From:             [EMAIL PROTECTED]
Operating system: Redhat 7.2
PHP version:      4.1.1
PHP Bug Type:     mcrypt related
Bug description:  mcrypt fails for twofish but work properly for all other type of 
encryption

// Problem with TWOFISH and mcrypt under PHP 4.0.6 and 4.1.1
// Tested with libmcrypt 2.4.11 2.4.13 2.4.18 2.4.19
// 2.4.19 is Broken as it does not pass "make check" to test
// When Loading This Page you should see the time and a Cookie Number.
// If you test with TWOFISH It give a Segmentation Failure in the Apache
Error Log
// But Will Work With 3DES and BLOWFISH.
//
// I do not have a gdb trace sorry :(
//
// Strange.

Testing Script is following
<?php
// Problem with TWOFISH and mcrypt under PHP 4.0.6 and 4.1.1
// Tested with libmcrypt 2.4.11 2.4.13 2.4.18 2.4.19 (Broken does not pass
make check)
// When Loading This Page you should see the time and a Cookie Number.
// If you test with TWOFISH It give a Segmentation Failure in the Apache
Error Log
// But Will Work With 3DES.
//
// Strange.
// [EMAIL PROTECTED] REMOVE NOSPAM

function T ( $user_id, $Encryption ) {
        $session_serial = $user_id.
           '-'.time().
           '-'.$GLOBALS['REMOTE_ADDR'].
           '-'.$GLOBALS['HTTP_USER_AGENT'];

        echo "<p>Cypher: " . $Encryption;

        $sessionKey="SessionKeyYouChoose"; // Obviously not the one we
use....:)

        // Fails with TWOFISH but Works with TripleDES
        // Code Fail to produce Code.
        //$td = mcrypt_module_open(MCRYPT_TWOFISH, "", MCRYPT_MODE_ECB,
"");
        //$td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB,
"");
        $td = mcrypt_module_open($Encryption, "", MCRYPT_MODE_ECB, "");

        $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size ($td),
MCRYPT_RAND);
        mcrypt_generic_init($td, $sessionKey, $iv);
        $encrypted_session_serial = mcrypt_generic($td, $session_serial);
        mcrypt_generic_end($td);
        $session_serial_hash =
md5($encrypted_session_serial.$sessionKey);
        $session_serial_cookie =
base64_encode($encrypted_session_serial).'-'.$session_serial_h
ash;

        return $session_serial_cookie;
}

// If you don't see the time number increasing it is because Apache child
seg fault
// Check your apache/logs/error_log that is the problem.


echo "<p>If you don't see the time number increasing it is because Apache
child seg fault. <br>
";
echo "Check your apache/logs/error_log (tail -f error_log) and you will
see the problem every t
ime you reload.";
echo "<p>Time is: " . time();
$user_id=120804;

//$test  = T($user_id, MCRYPT_TWOFISH);
$test  = T($user_id, MCRYPT_TripleDES);

echo "<p>Cookie is : $test";
echo "<p>The End";
?>



-- 
Edit bug report at: http://bugs.php.net/?id=15140&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]