Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.1.0RC2

Bug #10162 Algorithm does not work correctly on a Linux server
Submitted: 2007-02-23 09:37 UTC
From: jausions at php dot net Assigned:
Status: No Feedback Package: Crypt_Blowfish (version 1.1.0RC1)
PHP Version: 4.3.10 OS: Linux 2.4.32
Roadmaps: (Not assigned)    
Subscription  


 [2007-02-23 09:37 UTC] jausions at php dot net (Janusz Nykiel)
Description: ------------ ECB test fails on a specific server. It's a shared hosting server, so I cannot provide all the details. There is no mcrypt extension loaded (the test doesn't use it anyway). The configure line, as reported by phpinfo(), is as follows: './configure' '--host=i686-pc-linux-gnu' '--build=i686-pc-linux-gnu' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--enable-force-cgi-redirect' '--disable-debug' '--enable-pic' '--disable-rpath' '--enable-inline-optimization' '--with-bz2' '--with-db4=/usr' '--with-curl' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-gd=shared' '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-ncurses=shared' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--with-xml' '--with-expat-dir=/usr' '--with-dom=shared,/usr' '--with-dom-xslt=/usr' '--with-dom-exslt=/usr' '--with-xmlrpc=shared' '--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-bcmath' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-track-vars' '--enable-trans-sid' '--enable-yp' '--enable-wddx' '--with-pear=/usr/share/pear' '--with-imap=shared' '--with-imap-ssl' '--with-kerberos' '--with-ldap=shared' '--with-mysql=shared,/usr' '--with-pgsql=shared' '--with-snmp=shared,/usr' '--with-snmp=shared' '--enable-ucd-snmp-hack' '--with-unixODBC=shared,/usr' '--enable-memory-limit' '--enable-shmop' '--enable-calendar' '--enable-dbx' '--enable-dio' '--enable-mbstring=shared' '--enable-mbstr-enc-trans' '--enable-mbregex' '--enable-xslt' '--with-xslt-sablot=/usr' '--with-mime-magic=/usr/share/file/magic.mime' '--with-apxs=/usr/sbin/apxs' Test script: --------------- The ECB test in the package itself. Actual result: -------------- The test result of the 1.1.0RC1 version: key plain expected crypt actual crypt actual decrypt encrypt decrypt 0000000000000000 0000000000000000 4ef997456198dd78 258ef89263ad5abc 59eed0361e7d5d81 BAD BAD FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF 51866fd5b85ecb8a 5733a08107f54774 6122a9d76b69ced1 BAD BAD 3000000000000000 1000000000000001 7d856f9a613063f2 0a82c53b1c36c6d8 4f2613b13bf9a116 BAD BAD 1111111111111111 1111111111111111 2466dd878b963c9d 5c4ccaf71424d8d7 0355c7965fc051e4 BAD BAD 0123456789ABCDEF 1111111111111111 61f9c3802281b096 6d9258855a78b9e1 7368db772e599e02 BAD BAD 1111111111111111 0123456789ABCDEF 7d0cc630afda1ec7 54db06cf6af970fa 069d7b07239b4013 BAD BAD FEDCBA9876543210 0123456789ABCDEF 0aceab0fc6a0a28d 7f5c050551ccccf6 0b9b3f5513c1f746 BAD BAD 7CA110454A1A6E57 01A1D6D039776742 59c68245eb05282b 4a907ff47b6fac08 5d2d5f8e6f6244be BAD BAD 0131D9619DC1376E 5CD54CA83DEF57DA b1b8cc0b250f09a0 2e4512f960ebe32b 3c4db41a6238b406 BAD BAD 07A1133E4A0B2686 0248D43806F67172 1730e5778bea1da4 7f80608311b0f85c 0d66052c10e7ce39 BAD BAD 3849674C2602319E 51454B582DDF440A a25e7856cf2651eb 3cf0af314a3a94a7 623368df14b6be20 BAD BAD 04B915BA43FEB5B6 42FD443059577FA2 353882b109ce8f1a 2f3aea7465e9be15 12dffa2f1d7456bd BAD BAD 0113B970FD34F2CE 059B5E0851CF143A 48f4d0884c379918 1281c1907137b21d 1fc6d54b1d04ece4 BAD BAD 0170F175468FB5E6 0756D8E0774761D2 432193b78951fc98 3d34c91749b62ee7 0186f00418441675 BAD BAD 43297FAD38E373FE 762514B829BF486A 13f04154d69d1ae5 764806fe68406fcc 2ace11176d8f6127 BAD BAD 07A7137045DA2A16 3BDD119049372802 2eedda93ffd39c79 3c7d30412c76137e 75052ef546c89cdf BAD BAD 04689104C2FD3B2F 26955F6835AF609A d887e0393c2da6e3 661c458b1ad3bd7b 15393fef217913f1 BAD BAD 37D06BB516CB7546 164D5E404F275232 5f99d04f5b163969 35efdf817a5c771e 0c24c44f123dcd1c BAD BAD 1F08260D1AC2465E 6B056E18759F5CCA 4a057a3b24d3977b 22e370546d1bf3d9 2f75425134a0088b BAD BAD 584023641ABA6176 004BD6EF09176062 452031c1e4fada8e 2bd8c5216ef73689 76058b7a1ffcdeb7 BAD BAD 025816164629B007 480D39006EE762F2 7555ae39f59b87bd 18d2ad0f2c769357 3cb9c22042fcd381 BAD BAD 49793EBC79B3258F 437540C8698F3CFA 53c55f9cb49fc019 40a6af9533a88bca 08ca46892ad2cec1 BAD BAD 4FB05E1515AB73A7 072D43A077075292 7a8e7bfa937e89a3 22f4acb05cd03d0a 6c6f88f263ec492c BAD BAD 49E95D6D4CA229BF 02FE55778117F12A cf9c5d7a4986adb5 03b5b17c0912e99f 7dd063ba36f57465 BAD BAD 018310DC409B26D6 1D9D5C5018F728C2 d1abb290658bc778 4042c69511504026 71daa5dc49480e35 BAD BAD 1C587F1C13924FEF 305532286D6F295A 55cb3774d13ef201 4ce060187d3cb7b6 2d86166c1dbedc33 BAD BAD 0101010101010101 0123456789ABCDEF fa34ec4847b268b2 4da4087a4319c893 05b42c682674dea6 BAD BAD 1F1F1F1F0E0E0E0E 0123456789ABCDEF a790795108ea3cae 12fa3b106b3706c5 0c79dd2149adb7c5 BAD BAD E0FEE0FEF1FEF1FE 0123456789ABCDEF c39e072d9fac631d 6db8c4f7350c0315 0001ed867dd474ae BAD BAD 0000000000000000 FFFFFFFFFFFFFFFF 014933e0cdaff6e4 680ee71248f2f8d5 2c7ffd3d104a2720 BAD BAD FFFFFFFFFFFFFFFF 0000000000000000 f21e9a77b71c49bc 6e5d7a2a11c02f34 0001ed867dd474ae BAD BAD 0123456789ABCDEF 0000000000000000 245946885754369a 36642a9610338b94 757a117d7b006973 BAD BAD FEDCBA9876543210 FFFFFFFFFFFFFFFF 6b5c5a9c5d9e0a5a 776060382a8c1e59 47c3f230252b89cd BAD BAD Seeing that a relevant bug (#6159) was fixed for 1.1.0RC1, I tried the test with the 1.0.0 release (modifying it so that it doesn't use factory()): key plain expected crypt actual crypt actual decrypt encrypt decrypt 0000000000000000 0000000000000000 4ef997456198dd78 258ef89263ad5abc 59eed0361e7d5d81 BAD BAD FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF 51866fd5b85ecb8a da62dd7840f57dc7 c2321b9269be28f6 BAD BAD 3000000000000000 1000000000000001 7d856f9a613063f2 0a82c53b1c36c6d8 4f2613b13bf9a116 BAD BAD 1111111111111111 1111111111111111 2466dd878b963c9d 5c4ccaf71424d8d7 8739f6833e79acbb BAD BAD 0123456789ABCDEF 1111111111111111 61f9c3802281b096 6ede8813c0a4423f 0ceded0d30dd2f54 BAD BAD 1111111111111111 0123456789ABCDEF 7d0cc630afda1ec7 ae28a7ef2ee58161 be012a8e11ea89ac BAD BAD FEDCBA9876543210 0123456789ABCDEF 0aceab0fc6a0a28d ecd0562933e60a0c 8e47addfdbe2e4db BAD BAD 7CA110454A1A6E57 01A1D6D039776742 59c68245eb05282b 4a907ff47b6fac08 fb5403a07bc61090 BAD BAD 0131D9619DC1376E 5CD54CA83DEF57DA b1b8cc0b250f09a0 bd4674838c537253 b2aef280cc9f0c7c BAD BAD 07A1133E4A0B2686 0248D43806F67172 1730e5778bea1da4 7f80608311b0f85c b67025941945ffec BAD BAD 3849674C2602319E 51454B582DDF440A a25e7856cf2651eb 3cf0af314a3a94a7 a1df59e7a80c47da BAD BAD 04B915BA43FEB5B6 42FD443059577FA2 353882b109ce8f1a 2f3aea7465e9be15 12dffa2f1d7456bd BAD BAD 0113B970FD34F2CE 059B5E0851CF143A 48f4d0884c379918 408f2bf66f4ebf4a 7bf28b0048329c80 BAD BAD 0170F175468FB5E6 0756D8E0774761D2 432193b78951fc98 3d34c91749b62ee7 e586d8e55c629271 BAD BAD 43297FAD38E373FE 762514B829BF486A 13f04154d69d1ae5 764806fe68406fcc c86283bc084abbbd BAD BAD 07A7137045DA2A16 3BDD119049372802 2eedda93ffd39c79 3c7d30412c76137e 83b8465a1216cf2e BAD BAD 04689104C2FD3B2F 26955F6835AF609A d887e0393c2da6e3 39c9c92bcfbe6062 7590572e72c6d846 BAD BAD 37D06BB516CB7546 164D5E404F275232 5f99d04f5b163969 35efdf817a5c771e 0c24c44f123dcd1c BAD BAD 1F08260D1AC2465E 6B056E18759F5CCA 4a057a3b24d3977b 22e370546d1bf3d9 2f75425134a0088b BAD BAD 584023641ABA6176 004BD6EF09176062 452031c1e4fada8e 2bd8c5216ef73689 f8ecae7f35cab8bd BAD BAD 025816164629B007 480D39006EE762F2 7555ae39f59b87bd 18d2ad0f2c769357 a1e7368e1453aee4 BAD BAD 49793EBC79B3258F 437540C8698F3CFA 53c55f9cb49fc019 40a6af9533a88bca d78506e04f5d032a BAD BAD 4FB05E1515AB73A7 072D43A077075292 7a8e7bfa937e89a3 22f4acb05cd03d0a f6c1c64d64dbfd01 BAD BAD 49E95D6D4CA229BF 02FE55778117F12A cf9c5d7a4986adb5 b307af1302de838f 6570031b99bb6583 BAD BAD 018310DC409B26D6 1D9D5C5018F728C2 d1abb290658bc778 4042c69511504026 6f5e3b8d869a4b46 BAD BAD 1C587F1C13924FEF 305532286D6F295A 55cb3774d13ef201 4ce060187d3cb7b6 edf5e67039c67fad BAD BAD 0101010101010101 0123456789ABCDEF fa34ec4847b268b2 f149a7f328990b44 6fcf811dd714bb55 BAD BAD 1F1F1F1F0E0E0E0E 0123456789ABCDEF a790795108ea3cae b2528801049bc132 71a7377ad4e5b9e5 BAD BAD E0FEE0FEF1FEF1FE 0123456789ABCDEF c39e072d9fac631d 799edc16f5d76cbe 7017e72f6f0dca57 BAD BAD 0000000000000000 FFFFFFFFFFFFFFFF 014933e0cdaff6e4 ab9154d6a3bd1315 d2390e717b46ec6c BAD BAD FFFFFFFFFFFFFFFF 0000000000000000 f21e9a77b71c49bc 6b8cc2921ee22950 eb26e0621aa66943 BAD BAD 0123456789ABCDEF 0000000000000000 245946885754369a 1cf30ee5bf425244 ac278a84cbf7af7c BAD BAD FEDCBA9876543210 FFFFFFFFFFFFFFFF 6b5c5a9c5d9e0a5a 01751a3c67ea48d8 49a67d72455f53d7 BAD BAD

Comments

 [2007-02-23 09:56 UTC] cynic at poczta dot onet dot pl
Here's the output of the script modified from http://www.php.net/manual/en/language.operators.bitwise.php#56382 , mentioned in bug #6159 Code: $a = 3851235679 XOR 43814; $b = 3851235679 ^ 43814; //integer result $c = (float)3851235679 ^ (float)43814; //same as $b $d = binxor(3851235679, 43814); //same as Perl!! Results: $a: 3851235679 $b: 2147439833 $c: 2147439833 $d: 2147439833
 [2007-02-23 16:15 UTC] jausions (Philippe Jausions)
The "proper" results for the script sample should be: A: 3851235679 B: -443704711 C: -443704711 D: 3851262585 So your values are way off... I'd suggest you run some basic bitwise xor tests so see where you server breaks. In particular with just lower and above 2147439833. BTW: "XOR" operator is a binary operator not a bitwise one, so it has no relevance to the topic. Bitwise xor is "^".
 [2007-02-23 19:51 UTC] cynic at poczta dot onet dot pl
On this particular server, XOR operator ("^") and some type conversions work correctly only with signed 32-bit integers. The solution that works for me - on this particular server, my 32-bit Windows XP development machine with PHP 5.2 and another Linux shared hosting server with PHP 4.4 (on which 1.1.0RC1 worked fine but 1.0 did not) - is to do as much internal algorithm operations on 32-bit signed integer as possible. There are following changes to the 1.1.0RC1 code: In class Crypt_Blowfish_PHP: Replaced methods: function _binxor($l, $r) { while ($l > 2147483647) { $l -= 4294967296; } while ($l < -2147483648) { $l += 4294967296; } $l = (int) $l; while ($r > 2147483647) { $r = $r - 4294967296; } while ($r < -2147483648) { $r += 4294967296; } $r = (int) $r; return $l ^ $r; } function _encipher(&$Xl, &$Xr) { for ($i = 0; $i < 16; $i++) { $temp = $this->_binxor($Xl, $this->_P[$i]); $Xl = $this->_binxor( $this->_binxor( $this->_S[0][($temp >> 24) & 255] + $this->_S[1][($temp >> 16) & 255], $this->_S[2][($temp >> 8) & 255] ) + $this->_S[3][$temp & 255], $Xr); $Xr = $temp; } $Xr = $this->_binxor($Xl, $this->_P[16]); $Xl = $this->_binxor($temp, $this->_P[17]); } function _decipher(&$Xl, &$Xr) { for ($i = 17; $i > 1; $i--) { $temp = $this->_binxor($Xl, $this->_P[$i]); $Xl = $this->_binxor( $this->_binxor( ($this->_S[0][($temp >> 24) & 255] + $this->_S[1][($temp >> 16) & 255]), $this->_S[2][($temp >> 8) & 255] ) + $this->_S[3][$temp & 255], $Xr); $Xr = $temp; } $Xr = $this->_binxor($Xl, $this->_P[1]); $Xl = $this->_binxor($temp, $this->_P[0]); } In method setKey: Replaced line: $this->_P[$i] ^= $data; with: $this->_P[$i] = $this->_binxor($this->_P[$i], $data);
 [2007-02-23 19:54 UTC] cynic at poczta dot onet dot pl
Also, in the heat of the moment I missed the "If you are able to reproduce the bug with the latest CVS, please change the status back to "Open". " fragment in one of the comments in #6159. I'm sorry for that.
 [2007-02-23 20:20 UTC] cynic at poczta dot onet dot pl
Another thing: for my changes to work correctly, you need a version of the Crypt_Blowfish_DefaultKey class with the internal array elements initialized with signed decimal literals (so that they are all of the integer datatype), not unsigned hexadecimal.
 [2008-08-31 15:00 UTC] jausions (Philippe Jausions)
Thank you for taking the time to report a problem with the package. Unfortunately you are not using a current version of the package -- the problem might already be fixed. Please download a new version from http://pear.php.net/packages.php If you are able to reproduce the bug with one of the latest versions, please change the package version on this bug report to the version you tested and change the status back to "Open". Again, thank you for your continued support of PEAR.
 [2009-03-23 21:05 UTC] doconnor (Daniel O'Connor)
-Status: Feedback +Status: No Feedback