Mcrypt problem on PHP 4.3.1 / FreeBSD 5.3

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • sylvian stone
    #1

    Mcrypt problem on PHP 4.3.1 / FreeBSD 5.3

    Hi,

    I'm getting some strange errors that I cannot pin down:

    Warning: mcrypt_generic_ init(): Iv size incorrect; supplied length: 7,
    needed: 8 in......

    This is strange because the data is encrypted, inserted into the
    databse, then later retrieved and decrypted with the necessary hash and
    ivector keys.

    The data itself is decrypted OK. But the error comes up.

    The error does not occur when I run the same code on another machine
    running on Mac OS X.

    Is this a known bug on this FreeBSD build ?

    As this is for a production site, I'm just tempted to set the
    error_reporting directive in php.ini to off, as this looks bad when the
    error flashes up, but is actually not causing any errors.

    I did change alter the initialisation function to:

    @mcrypt_generic _init()

    but it still displays the error regardless.

    This may be a bit obscure, but has anybody else encountered a similar
    problem ?

    Thanks
    SS.

    Tags: None
    • Steve
      #2
      Re: Mcrypt problem on PHP 4.3.1 / FreeBSD 5.3

      [color=blue]
      > Warning: mcrypt_generic_ init(): Iv size incorrect; supplied length: 7,
      > needed: 8 in......[/color]

      Can you post a minimal example of code that produces the warning
      message.

      ---
      Steve

        Comment

        • sylvian stone
          #3
          Re: Mcrypt problem on PHP 4.3.1 / FreeBSD 5.3

          OK,

          I use the following settings:

          $cipher = MCRYPT_GOST;
          $mode = MCRYPT_MODE_ECB ;
          $rand_src = MCRYPT_RAND;

          I then randomly generate a hash and assign it to variable $hash, run it
          through addslashes(), and use the following to encrypt:



          $handle = mcrypt_module_o pen ($cipher, '', $mode, '');

          if (!$handle)
          die ("Couldn't locate open mcrypt module.");
          $ivector =
          mcrypt_create_i v(mcrypt_get_iv _size($cipher,$ mode),$rand_src );

          if (mcrypt_generic _init ($handle, $hash, $ivector) == -1)
          die ("Error: mcrypt failure.");

          $address1 = addslashes(mcry pt_generic($han dle,$address1)) ;
          $address2 = addslashes(mcry pt_generic($han dle,$address2)) ;
          $address3 = addslashes(mcry pt_generic($han dle,$address3)) ;
          $address4 = addslashes(mcry pt_generic($han dle,$address4)) ;
          $address5 = addslashes(mcry pt_generic($han dle,$address5)) ;
          $postcode = addslashes(mcry pt_generic($han dle,$postcode)) ;
          $firstname = addslashes(mcry pt_generic($han dle,$firstname) );
          $surname = addslashes(mcry pt_generic($han dle,$surname));
          $telephone = addslashes(mcry pt_generic($han dle,$telephone) );
          $em = addslashes(mcry pt_generic($han dle,$email));
          $ivector = addslashes($ive ctor);
          $username = addslashes($ema il);

          mcrypt_generic_ deinit($handle) ;


          These are inserted into the database tables, then I later decrypt with:


          $site_sql="SELE CT * FROM security WHERE client_id ='$client_id' LIMIT
          1";

          $site_get = mysql_query($si te_sql) or die (mysql_error()) ;


          while ($row = mysql_fetch_arr ay($site_get))
          {
          $hash_temp = stripslashes($r ow['hash']);
          $iv_temp = stripslashes($r ow['iv']);
          }

          $site_sql="SELE CT * FROM client WHERE client_id ='$client_id' LIMIT 1";
          $site_get = mysql_query($si te_sql) or die (mysql_error()) ;
          while ($row = mysql_fetch_arr ay($site_get))
          {
          $handle = @mcrypt_module_ open ($cipher, '', $mode, '');
          if (!$handle)
          die ("Couldn't locate open mcrypt module.");
          if (@mcrypt_generi c_init ($handle, $hash_temp, $iv_temp) == -1)
          die ("Error: mcrypt failure.");
          $title = $row['title'];
          $firstname = trim(stripslash es(@mdecrypt_ge neric($handle,
          $row['firstname'])));
          $surname = trim(stripslash es(@mdecrypt_ge neric($handle,
          $row['surname'])));
          $address1 = trim(stripslash es(@mdecrypt_ge neric($handle,
          $row['address1'])));
          $address2 = trim(stripslash es(@mdecrypt_ge neric($handle,
          $row['address2'])));
          $address3 = trim(stripslash es(@mdecrypt_ge neric($handle,
          $row['address3'])));
          $address4 = trim(stripslash es(@mdecrypt_ge neric($handle,
          $row['address4'])));
          $address5 = trim(stripslash es(@mdecrypt_ge neric($handle,
          $row['address5'])));
          $postcode = trim(stripslash es(@mdecrypt_ge neric($handle,
          $row['postcode'])));
          $telephone = trim(stripslash es(@mdecrypt_ge neric($handle,
          $row['telephone'])));
          $email = trim(stripslash es(@mdecrypt_ge neric($handle,
          $row['email'])));
          @mcrypt_generic _deinit($handle );
          }

          As I said, the data is decrypted fine. But this error keeps popping
          up...

          Very obscure....

          Thanks
          SS

            Comment

            • Steve
              #4
              Re: Mcrypt problem on PHP 4.3.1 / FreeBSD 5.3

              [color=blue]
              > As I said, the data is decrypted fine. But this error keeps popping
              > up...[/color]

              Suggestions:
              [color=blue]
              > $ivector = mcrypt_create_i v(mcrypt_get_iv _size($cipher,$ mode),$rand_src );[/color]

              Break this down into two calls, and check that the size returned from
              the first call is what you expect.

              $ivsize = mcrypt_get_iv_s ize($cipher,$mo de);
              // [ check/debug $ivsize before use ]
              $ivector = mcrypt_create_i v($ivsize,$rand _src);

              Use <http://www.php.net/manual/en/function.mcrypt-enc-get-iv-size.php>
              instead to see if it makes a difference.

              $handle = mcrypt_module_o pen($cipher, '', $mode, '');
              if(!$handle) die ("Couldn't locate open mcrypt module.");
              $ivsize = mcrypt_enc_get_ iv_size($handle );
              // [ check/debug $ivsize before use ]
              $ivector = mcrypt_create_i v($ivsize,$rand _src);

              Or suppress the warning as you suggest, as it seems harmless 8-)

              ---
              Steve

                Comment

                • sylvian stone
                  #5
                  Re: Mcrypt problem on PHP 4.3.1 / FreeBSD 5.3

                  I may just try and surpress the error.

                  I'm probably getting off the point here, but will the following
                  command:

                  ini_set('displa y_errors','0');

                  surpress ALL errors, or just some errors.

                  I ask, because on the code I posted above, adding a @ before the mcrypt
                  functions still caused the error to appear.....

                    Comment

                    • Steve
                      #6
                      Re: Mcrypt problem on PHP 4.3.1 / FreeBSD 5.3

                      [color=blue]
                      > ini_set('displa y_errors','0');[/color]

                      You could try turning error reporting off just before the rogue
                      statement and back on again immediately after:


                      $oldsetting = ini_set( 'error_reportin g', E_NONE );
                      // ...rogue statment(s) here...
                      ini_set( 'error_reportin g', $oldsetting );


                      ---
                      Steve

                        Comment

                        Previous template Next
                        Working...