ID: 15140
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Assigned
Bug Type: mcrypt related
Operating System: Redhat 7.2
PHP Version: 4.1.1
Assigned To: derick
New Comment:
Yeap,
It is already coded in the internal_init_mcrypt function but a
small bug in libmcrypt seem to be present. The free(sizes) is too high
up it should be moved down to out of the if/else/else/... I submitted a
patch to libmcrypt and wainting for a comment from Nickos.
Thanks again
Previous Comments:
------------------------------------------------------------------------
[2002-02-01 02:51:56] [EMAIL PROTECTED]
Well, PHP works around a lot of those issues in libmcrypt, and
actually, the extension should work around it in this case too IMO. I
guess mcrypt_enc_get_supported_key_sizes should be used in
mcrypt_generic_init in some way.
Can you see if this is feasable?
Derick
------------------------------------------------------------------------
[2002-02-01 02:35:03] [EMAIL PROTECTED]
Problem found in libmcrypt...
The cause of the SEGFAULT is due to the key being of the wrong length.
The only accepted values for key length are 16,24 and 32 bytes.
Otherwise this cause libmcrypt to generate a segfault for twofish.
Hope to find a way to correct libmcrypt to report gracefully that the
key length is wrong. If not it may need to be implemented in php (That
would be the BAD Way of doing it).
BG
------------------------------------------------------------------------
[2002-02-01 01:17:16] [EMAIL PROTECTED]
Derick,
Closer to a solution...
Mcrypt Bug is found but not fixed.
OK Here is the symptoms:
In The PHP Code the function mcrypt_generic_init (td, key_s,
key_size,iv_s) is called with key_size=19. (should be 16 and I don't
know why yet)
This will gives the segfault.
Try it in mcrypt-2.4.18/doc/example.c
change the line at the beginning of the main
int keysize=16; /* 128 bits */ to
int keysize=19; /* 128 bits */
Compile and BOOM Crash Segfault.
Ok Now why is php thinks the keysize should be 19.....
to test check this code:
The Culprit code is in <yourphpsource>/ext/mcrypt/mcrypt.c line 494
php-4.1.1
add the two line. You will see that Part 12 will never get executed for
twofish.
and keysize is 19.
added>>> fprintf(stderr, "MCRYPT Debug Part 11\nKey_s:%s,
\nKey_Size:%d,\nIV:%s, \nIV_S:%s, \n",key_s, key_size, iv_s);
result = mcrypt_generic_init (td, key_s, key_size, iv_s);
added>>> fprintf(stderr, "MCRYPT Debug Part 12\n");
Will come back with an answer
BG
------------------------------------------------------------------------
[2002-01-21 09:48:24] [EMAIL PROTECTED]
To be completely clear, Derick asked to file a bugreport in the
PHP-bugs-system about mcrypt not passing some PHP-tests, not to send
the mcrypt-folks a bugreport.
------------------------------------------------------------------------
[2002-01-21 07:22:12] [EMAIL PROTECTED]
That was quick.
I am also sending a Bug Report to mcrypt.
Testing with GOST Fail in the Same Way.
Works for the others listed below.
//T($user_id, MCRYPT_TWOFISH); // Generates Seg Fault.
//T($user_id, MCRYPT_GOST); // Crash The System like TWOFISH
T($user_id, MCRYPT_TripleDES); // Good
T($user_id, MCRYPT_BLOWFISH); // Good
T($user_id, MCRYPT_DES); // Good
T($user_id, MCRYPT_RC2); // Good
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15140
Edit this bug report at http://bugs.php.net/?id=15140&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
