Tickets :: [#14026] Use of raw_data in Horde_Crypt_Blowfish_Openssl

6.0.0-alpha10

5/14/25

Summary	Use of raw_data in Horde_Crypt_Blowfish_Openssl
Queue	Horde Framework Packages
Type	Bug
State	Assigned
Priority	1. Low
Owners	Horde Developers (at)
Requester	almarin (at) um (dot) es
Created	06/24/2015 (3612 days ago)
Due
Updated	03/08/2016 (3354 days ago)
Assigned	03/08/2016 (3354 days ago)
Resolved
Milestone
Patch	No

03/08/2016 10:54:15 AM	Jan Schneider	Assigned to Horde Developers State ⇒ Assigned

01/25/2016 05:30:50 PM	Jan Schneider	Comment #3	Reply to this comment
Ping?

09/17/2015 06:43:50 PM	Jan Schneider	Comment #2 State ⇒ Feedback	Reply to this comment
Can be replaced with $raw_data = false to force the use of base64 format? Of course in both encrypt/decrypt operations No, because the API of Horde_Crypt_Blowfish defines the input and output to be binary and portable. We can probably change the logic in Horde_Session#get() to first check if the data is encrypted, and only check for the NOT_SERIALIZED flag if it is not. Do you by chance have some example data that produces leading NULs during encryption, so we can create a unit test?

06/24/2015 12:58:27 PM	almarin (at) um (dot) es	Comment #1 Priority ⇒ 1. Low Type ⇒ Bug Summary ⇒ Use of raw_data in Horde_Crypt_Blowfish_Openssl Queue ⇒ Horde Framework Packages Milestone ⇒ Patch ⇒ No State ⇒ Unconfirmed	Reply to this comment
Horde_Crypt_Blowfish_Openssl uses $raw_data = true in encrypt/decrypt operations, so the result can be any binary string, even a string starting with \0 at the beginning. That causes issues like in Horde_Session, where values starting with \0 are considered NOT_SERIALIZED and are returned unencrypted (https://github.com/horde/horde/blob/master/framework/Core/lib/Horde/Session.php#L355) Can be replaced with $raw_data = false to force the use of base64 format? Of course in both encrypt/decrypt operations