diff options
| author | Jakub Zelenka <bukka@php.net> | 2016-08-14 19:34:03 +0100 |
|---|---|---|
| committer | Jakub Zelenka <bukka@php.net> | 2016-08-14 19:34:03 +0100 |
| commit | c3c90abb17017af83133f57ec5d7663c0b33fdff (patch) | |
| tree | 7f7a1dbc0a39f69abc85f57c064a63d3e717db51 | |
| parent | e6536b9d6f720a03b513c1224169ab82ef053f25 (diff) | |
| download | php-git-c3c90abb17017af83133f57ec5d7663c0b33fdff.tar.gz | |
Return false if tag is not supplied or cannot be retrieved in AEAD
It doesn't make sense to return just encoded string as it cannot be
used anyway (decryption without a tag will not work).
| -rw-r--r-- | ext/openssl/openssl.c | 9 | ||||
| -rw-r--r-- | ext/openssl/tests/openssl_encrypt_gcm.phpt | 8 |
2 files changed, 15 insertions, 2 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 1deb01db22..6c9204d5aa 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -6294,6 +6294,7 @@ PHP_FUNCTION(openssl_encrypt) base64_str = php_base64_encode((unsigned char*)ZSTR_VAL(outbuf), outlen); zend_string_release(outbuf); + outbuf = base64_str; RETVAL_STR(base64_str); } if (mode.is_aead && tag) { @@ -6305,14 +6306,20 @@ PHP_FUNCTION(openssl_encrypt) ZSTR_LEN(tag_str) = tag_len; ZVAL_NEW_STR(tag, tag_str); } else { - zend_string_release(tag_str); php_error_docref(NULL, E_WARNING, "Retrieving verification tag failed"); + zend_string_release(tag_str); + zend_string_release(outbuf); + RETVAL_FALSE; } } else if (tag) { zval_dtor(tag); ZVAL_NULL(tag); php_error_docref(NULL, E_WARNING, "The authenticated tag cannot be provided for cipher that doesn not support AEAD"); + } else if (mode.is_aead) { + php_error_docref(NULL, E_WARNING, "A tag should be provided when using AEAD mode"); + zend_string_release(outbuf); + RETVAL_FALSE; } } else { php_openssl_store_errors(); diff --git a/ext/openssl/tests/openssl_encrypt_gcm.phpt b/ext/openssl/tests/openssl_encrypt_gcm.phpt index 6c55404b50..91fe23a637 100644 --- a/ext/openssl/tests/openssl_encrypt_gcm.phpt +++ b/ext/openssl/tests/openssl_encrypt_gcm.phpt @@ -26,6 +26,9 @@ var_dump(openssl_encrypt('data', $method, 'password', 0, NULL, $tag, '')); // Failing to retrieve tag (max is 16 bytes) var_dump(openssl_encrypt('data', $method, 'password', 0, str_repeat('x', 32), $tag, '', 20)); + +// Failing when no tag supplied +var_dump(openssl_encrypt('data', $method, 'password', 0, str_repeat('x', 32))); ?> --EXPECTF-- TEST 0 @@ -51,4 +54,7 @@ Warning: openssl_encrypt(): Setting of IV length for AEAD mode failed, the expec bool(false) Warning: openssl_encrypt(): Retrieving verification tag failed in %s on line %d -string(8) "S6+N0w==" +bool(false) + +Warning: openssl_encrypt(): A tag should be provided when using AEAD mode in %s on line %d +bool(false) |