ID: 15140
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: mcrypt related
Operating System: Redhat 7.2
PHP Version: 4.1.1
New Comment:
The Script as it is will work using Triple DES
Uncomment the TWOFISH Line At The Bottom of the code and you will get
the Segmentation Fault.
Previous Comments:
------------------------------------------------------------------------
[2002-01-21 07:03:51] [EMAIL PROTECTED]
// Problem with TWOFISH and mcrypt under PHP 4.0.6 and 4.1.1
// Tested with libmcrypt 2.4.11 2.4.13 2.4.18 2.4.19
// 2.4.19 is Broken as it does not pass "make check" to test
// When Loading This Page you should see the time and a Cookie Number.
// If you test with TWOFISH It give a Segmentation Failure in the
Apache Error Log
// But Will Work With 3DES and BLOWFISH.
//
// I do not have a gdb trace sorry :(
//
// Strange.
Testing Script is following
<?php
// Problem with TWOFISH and mcrypt under PHP 4.0.6 and 4.1.1
// Tested with libmcrypt 2.4.11 2.4.13 2.4.18 2.4.19 (Broken does not
pass make check)
// When Loading This Page you should see the time and a Cookie Number.
// If you test with TWOFISH It give a Segmentation Failure in the
Apache Error Log
// But Will Work With 3DES.
//
// Strange.
// [EMAIL PROTECTED] REMOVE NOSPAM
function T ( $user_id, $Encryption ) {
$session_serial = $user_id.
'-'.time().
'-'.$GLOBALS['REMOTE_ADDR'].
'-'.$GLOBALS['HTTP_USER_AGENT'];
echo "<p>Cypher: " . $Encryption;
$sessionKey="SessionKeyYouChoose"; // Obviously not the one we
use....:)
// Fails with TWOFISH but Works with TripleDES
// Code Fail to produce Code.
//$td = mcrypt_module_open(MCRYPT_TWOFISH, "", MCRYPT_MODE_ECB,
"");
//$td = mcrypt_module_open(MCRYPT_TripleDES, "",
MCRYPT_MODE_ECB, "");
$td = mcrypt_module_open($Encryption, "", MCRYPT_MODE_ECB,
"");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size ($td),
MCRYPT_RAND);
mcrypt_generic_init($td, $sessionKey, $iv);
$encrypted_session_serial = mcrypt_generic($td,
$session_serial);
mcrypt_generic_end($td);
$session_serial_hash =
md5($encrypted_session_serial.$sessionKey);
$session_serial_cookie =
base64_encode($encrypted_session_serial).'-'.$session_serial_h
ash;
return $session_serial_cookie;
}
// If you don't see the time number increasing it is because Apache
child seg fault
// Check your apache/logs/error_log that is the problem.
echo "<p>If you don't see the time number increasing it is because
Apache child seg fault. <br>
";
echo "Check your apache/logs/error_log (tail -f error_log) and you will
see the problem every t
ime you reload.";
echo "<p>Time is: " . time();
$user_id=120804;
//$test = T($user_id, MCRYPT_TWOFISH);
$test = T($user_id, MCRYPT_TripleDES);
echo "<p>Cookie is : $test";
echo "<p>The End";
?>
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=15140&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
