Page MenuHomePhabricator
Create Task
Maniphest T5545

Exception "openssl_random_pseudo_bytes() returned an unexpected number of bytes (got %d, expected %d)"
Closed, ResolvedPublic
Actions

Description

I have installed the phabricator, and when browser form browser, encounter exception "openssl_random_pseudo_bytes() returned an unexpected number of bytes (got %d, expected %d)". after verification it happened in" /libphutil/src/filesysem/Filesysem.php in method readRandomBytes (line 392)

$data = openssl_random_pseudo_bytes($number_of_bytes, $strong);

if (!$strong) {
  // NOTE: This indicates we're using a weak random source. This is
  // probably OK, but maybe we should be more strict here.
}

if ($data === false) {
  throw new Exception(
    pht('openssl_random_pseudo_bytes() failed to generate entropy!'));
}

if (strlen($data) != $number_of_bytes) {
  throw new Exception(
    pht(
      'openssl_random_pseudo_bytes() returned an unexpected number of '.
      'bytes (got %d, expected %d)!',
      strlen($data),
      $number_of_bytes));
}

Is it a bug here, strlen will return string's length, not the bytes length, so it always return exception.
I tried to comment out the lines, the issue gone. but hit another issue to connect with my mysql which should not relate with this.

Can anyone have a look? thanks.

Revisions and Commits

rP Phabricator
D9811rP04d5402e2fdd Fatal during setup for "mbstring.func_overload"

Event Timeline

taoqiping created this task.Jul 3 2014, 4:46 AM
taoqiping raised the priority of this task from to Needs Triage.
taoqiping updated the task description. (Show Details)
taoqiping added a subscriber: taoqiping.
taoqiping added a project: libphutil.Jul 3 2014, 5:02 AM
chad added a subscriber: chad.Jul 3 2014, 5:04 AM

I am not able to reproduce this bug, can you tell us more about your install?

taoqiping assigned this task to gabeguz.Jul 3 2014, 5:05 AM
chad removed gabeguz as the assignee of this task.Jul 3 2014, 5:14 AM
taoqiping added a comment.Jul 3 2014, 5:49 AM
In T5545#4, @chad wrote:

I am not able to reproduce this bug, can you tell us more about your install?

I just use the provided script to install, no special operation. below is my server information.

[dbsrvusr@TKEAPSIPMH01 ~]$ lsb_release -a
LSB Version: :core-3.1-amd64:core-3.1-ia32:core-3.1-noarch:graphics-3.1-amd64:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: RedHatEnterpriseServer
Description: Red Hat Enterprise Linux Server release 5.1 (Tikanga)
Release: 5.1
Codename: Tikanga

As a test I print all the contents in page as below:

Expected number_of_bytes: 8
strlen($data): 7
$data(hex): 18af83dbff4a95d2

Is it related with any encoding setting in Apache or PHP?
I am not familiar with PHP and Linux Server, but I think Phabricator is a great tool, and want to push in my team.

chad added a comment.Jul 3 2014, 5:58 AM

What does php -v show? This feature is PHP 5.3 or greater.

taoqiping added a comment.Jul 3 2014, 6:02 AM
In T5545#9, @chad wrote:

What does php -v show? This feature is PHP 5.3 or greater.

It is PHP 5.3.3

[dbsrvusr@TKEAPSIPMH01 ~]$ php -v
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/openssl.so' - /usr/lib64/php/modules/openssl.so: cannot open shared object file: No such file or directory in Unknown on line 0
PHP 5.3.3 (cli) (built: Dec 10 2013 22:12:52)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies

And I found that my connection error is also related with this root cause. when system get password from configuration, a wrong password will be returned by method $pass = $pass->openEnvelope(); so denied by database server.

By the way, the encoding of those files shows as ANSI in editor (notepad2).

chad added a comment.Jul 3 2014, 6:08 AM

It looks like OpenSSL isn't installed. I am not super good at this, but:

yum install openssl

and restart and try php -v again?

I don't know if you might also have to rebuild php to know where openssl is.

taoqiping added a comment.Jul 3 2014, 6:11 AM

yes, I notified this, this is because I tried to add extension in php.ini. not the root cause.

because the method is work, and can get some random string back, just the length compare issue. I am not sure if it is related with encoding of those files.

chad added a comment.Jul 3 2014, 6:34 AM

Does the issue persist after you've resolved PHP's OpenSSL warning?

taoqiping added a comment.Jul 3 2014, 6:53 AM

I think I found the root cause.

src file download by git clone is with ANSI encode while I have below setting in my PHP.ini. It will lead strlen wrong.

mbstring.internal_encoding = UTF-8
mbstring.http_output = UTF-8

It leads to both issues I hit. I comment out the two lines in PHP.ini, and seems work now.
Let me keep eyes on it. :).

Thanks Chad.

taoqiping closed this task as Resolved.Jul 3 2014, 7:39 AM
taoqiping claimed this task.

Closed as fixed already.
But just not sure how to post this others to reference.

epriestley added a subscriber: epriestley.Jul 3 2014, 6:18 PM

Are you using mbstring.func_overload? We assume this setting is off, but do not explicitly check for it or disable it. We expect strlen() to always return a byte length, never a character length.

epriestley edited this Maniphest Task.Jul 3 2014, 6:32 PM
epriestley edited this Maniphest Task.Jul 4 2014, 2:59 PM
Phabricator · Built by Phacility