[PHP-BUG] Bug #61852 [NEW]: crypt() function incorrectly falls back to CRYPT_STD_DES

Wed, 25 Apr 2012 13:27:56 -0700 

From:             
Operating system: CentOS 5
PHP version:      5.3.10
Package:          *Encryption and hash functions
Bug Type:         Bug
Bug description:crypt() function incorrectly falls back to CRYPT_STD_DES

Description:
------------
The crypt() method fails bcrypt test vectors given by Openwall's crypt
v1.2. 
Specifically, when given an invalid identifier, crypt() falls back to 
CRYPT_STD_DES, even though the first two bytes of the salt do not match the

documented "./0-9A-Za-z" range for CRYPT_STD_DES. The expected behavior
would be 
to return *0.

I've tested this under PHP 5.3.10 on Zend Server on CentOS 5 and Windows 7.

Test script:
---------------
<?php
// Expect *0, returns $2OahnOya9Dwg
echo crypt('', '$2`$05$CCCCCCCCCCCCCCCCCCCCC.') . PHP_EOL;

// Expect *0, returns $2OahnOya9Dwg
echo crypt('', '$2{$05$CCCCCCCCCCCCCCCCCCCCC.') . PHP_EOL;

// Expect *1, returns *0Vh7kctua2ww
echo crypt('', '*0') . PHP_EOL;

Expected result:
----------------
*0
*0
*1


Actual result:
--------------
$2OahnOya9Dwg
$2OahnOya9Dwg
*0Vh7kctua2ww


-- 
Edit bug report at https://bugs.php.net/bug.php?id=61852&edit=1
-- 
Try a snapshot (PHP 5.4):            
https://bugs.php.net/fix.php?id=61852&r=trysnapshot54
Try a snapshot (PHP 5.3):            
https://bugs.php.net/fix.php?id=61852&r=trysnapshot53
Try a snapshot (trunk):              
https://bugs.php.net/fix.php?id=61852&r=trysnapshottrunk
Fixed in SVN:                        
https://bugs.php.net/fix.php?id=61852&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=61852&r=needdocs
Fixed in release:                    
https://bugs.php.net/fix.php?id=61852&r=alreadyfixed
Need backtrace:                      
https://bugs.php.net/fix.php?id=61852&r=needtrace
Need Reproduce Script:               
https://bugs.php.net/fix.php?id=61852&r=needscript
Try newer version:                   
https://bugs.php.net/fix.php?id=61852&r=oldversion
Not developer issue:                 
https://bugs.php.net/fix.php?id=61852&r=support
Expected behavior:                   
https://bugs.php.net/fix.php?id=61852&r=notwrong
Not enough info:                     
https://bugs.php.net/fix.php?id=61852&r=notenoughinfo
Submitted twice:                     
https://bugs.php.net/fix.php?id=61852&r=submittedtwice
register_globals:                    
https://bugs.php.net/fix.php?id=61852&r=globals
PHP 4 support discontinued:          
https://bugs.php.net/fix.php?id=61852&r=php4
Daylight Savings:                    https://bugs.php.net/fix.php?id=61852&r=dst
IIS Stability:                       
https://bugs.php.net/fix.php?id=61852&r=isapi
Install GNU Sed:                     
https://bugs.php.net/fix.php?id=61852&r=gnused
Floating point limitations:          
https://bugs.php.net/fix.php?id=61852&r=float
No Zend Extensions:                  
https://bugs.php.net/fix.php?id=61852&r=nozend
MySQL Configuration Error:           
https://bugs.php.net/fix.php?id=61852&r=mysqlcfg

Reply via email to