-
-
Notifications
You must be signed in to change notification settings - Fork 878
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Undefined offset when using Rijndael with block sizes > 128 #1599
Comments
I'm able to reproduce this. It looks like a bug. I have to get ready for work soon but I'll try to take a look at this evening! |
Actually, it's an error in your code (altho phpseclib ought to fail "better"). $cipher = new phpseclib3\Crypt\Rijndael('cbc');
$cipher->setIV(random_bytes(16));
$cipher->setKey(random_bytes(32));
$cipher->setBlockLength(256);
$e = $cipher->encrypt('test123'); The IV should be equal to the block length BUT you're setting the IV to a 128-bit value. Simply replacing Here's what does work: $cipher = new phpseclib3\Crypt\Rijndael('cbc');
$cipher->setKey(random_bytes(32));
$cipher->setBlockLength(256);
$cipher->setIV(random_bytes(32));
$e = $cipher->encrypt('test123'); I'll work on making phpseclib fail more gracefully! |
Awesome, thank you so much! |
An exception should now be thrown that makes things more clear when this situation arises henceforth!: |
Hi! I'm getting a NOTICE when using Rijndael with a block size greater than 128bits. This is a quick example:
This throws:
AH01071: Got error 'PHP message: PHP Notice: Undefined offset: 5 in /var/www/external/phpseclib/Crypt/Common/SymmetricKey.php(3092) : eval()'d code on line 24
I'm using PHP 7.3.19-1~deb10u1 and phpseclib 3.0.4.
It works fine with a block size of 128bit, but anything bigger than that (160, 192, 224 or 256) throws that notice.
Am I doing something wrong or is this a bug?
Thanks!
The text was updated successfully, but these errors were encountered: