diff options
| author | Remi Collet <remi@php.net> | 2017-06-26 17:22:01 +0200 |
|---|---|---|
| committer | Remi Collet <remi@php.net> | 2017-06-26 17:22:01 +0200 |
| commit | 85c32322acfc07628140bf631e7c52b12e6050b4 (patch) | |
| tree | ae79035283e68957177407123d7d342278e021d9 /ext/openssl/openssl.c | |
| parent | 4ed8ff509001b35e0cb971a1d6a294345c5d7673 (diff) | |
| parent | caaeb4849aa56cbbdc66ea015c11a58bd47a43ff (diff) | |
| download | php-git-85c32322acfc07628140bf631e7c52b12e6050b4.tar.gz | |
Merge branch 'master' of git.php.net:php-src
* 'master' of git.php.net:php-src: (24 commits)
Removed EG(valid_symbol_table). Used EG(active) instead.
Release temporary string reference
Remove superfluous semicolons
Fix tests on Windows
Produce a better exception message when IntlDateFormatter constructor fails.
Fix format arguments
Remove unused variable op2. It is redeclared later.
Fix typo
Implement object type annotation
Fixed bug #73173
Expose inflate_get_status() and inflate_get_read_len() functions
Add more constants, improve comments, and add tests
Fixed bug #73900
Add OPENSSL_DONT_ZERO_PAD_KEY constant to prevent key padding
Drop soap_hash_str_find_deref()
Only compute callback name in error cases
Extract zend_get_callable_name() API
Move va_copy compatibility code into zend_portability.h
Remove unnecessary string copy
Fix FE_FETCH_* exception check
...
Diffstat (limited to 'ext/openssl/openssl.c')
| -rw-r--r-- | ext/openssl/openssl.c | 39 |
1 files changed, 23 insertions, 16 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index b78e41cb28..81456207bd 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1517,6 +1517,7 @@ PHP_MINIT_FUNCTION(openssl) REGISTER_LONG_CONSTANT("OPENSSL_RAW_DATA", OPENSSL_RAW_DATA, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("OPENSSL_ZERO_PADDING", OPENSSL_ZERO_PADDING, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("OPENSSL_DONT_ZERO_PAD_KEY", OPENSSL_DONT_ZERO_PAD_KEY, CONST_CS|CONST_PERSISTENT); #ifndef OPENSSL_NO_TLSEXT /* SNI support included */ @@ -6410,20 +6411,7 @@ static int php_openssl_cipher_init(const EVP_CIPHER *cipher_type, int key_len, password_len; size_t max_iv_len; - /* check and set key */ - password_len = (int) *ppassword_len; - key_len = EVP_CIPHER_key_length(cipher_type); - if (key_len > password_len) { - key = emalloc(key_len); - memset(key, 0, key_len); - memcpy(key, *ppassword, password_len); - *ppassword = (char *) key; - *ppassword_len = key_len; - *free_password = 1; - } else { - key = (unsigned char*)*ppassword; - *free_password = 0; - } + *free_password = 0; max_iv_len = EVP_CIPHER_iv_length(cipher_type); if (enc && *piv_len == 0 && max_iv_len > 0 && !mode->is_aead) { @@ -6448,9 +6436,28 @@ static int php_openssl_cipher_init(const EVP_CIPHER *cipher_type, return FAILURE; } } - if (password_len > key_len && !EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len)) { - php_openssl_store_errors(); + /* check and set key */ + password_len = (int) *ppassword_len; + key_len = EVP_CIPHER_key_length(cipher_type); + if (key_len > password_len) { + if ((OPENSSL_DONT_ZERO_PAD_KEY & options) && !EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len)) { + php_openssl_store_errors(); + php_error_docref(NULL, E_WARNING, "Key length cannot be set for the cipher method"); + return FAILURE; + } + key = emalloc(key_len); + memset(key, 0, key_len); + memcpy(key, *ppassword, password_len); + *ppassword = (char *) key; + *ppassword_len = key_len; + *free_password = 1; + } else { + if (password_len > key_len && !EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len)) { + php_openssl_store_errors(); + } + key = (unsigned char*)*ppassword; } + if (!EVP_CipherInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)*piv, enc)) { php_openssl_store_errors(); return FAILURE; |