Are OpenSSL and Mcrypt incompatible?

Question

I have a project involving a client encrypting data with AES-256 using the OpenSSL library and then passing it to a web server where it's decrypted and put into a database. I started out using Mcrypt on the PHP side since it's better-documented. I quickly found that I had a DB full of garbage data. I put together a little script that illustrates the problem:

<?php

header("Content-Type: text/plain; charset=utf-8");

$originalText = "The quick brown fox jumped over the lazy dog.";

$aesKey = pack('H*', "503592474D07C14B1997FB690A981F5DBF7D10A95C812D9F0A5F62B551B89970");
$aesIV = pack('H*', "FF964346DB1F2A65B19E67F4F3CA032E");

$cipherText = openssl_encrypt($originalText, "AES-256-OFB", $aesKey, 0, $aesIV);

$plainText = mcrypt_decrypt("rijndael-128", $aesKey, $cipherText, "ofb", $aesIV);
echo $plainText;

?>

Theoretically, this should simply return the original text, but instead I get a garbage string.

I!��/����m�y`Ac��_ UE0o�8*��*B"<[�߲�NM�ʚ�:ľH��|

I was able to work around the problem for now by using openssl_decrypt(), but I'd still like to know what's wrong with the original code. Aren't different AES implementations supposed to be interoperable?

Answer 1

My guess: you need to be doing 'nofb' instead of 'ofb'. See https://bugs.php.net/bug.php?id=51146 .