summaryrefslogtreecommitdiff
path: root/ext/openssl/openssl.c
diff options
context:
space:
mode:
authorJakub Zelenka <bukka@php.net>2016-08-14 19:34:03 +0100
committerJakub Zelenka <bukka@php.net>2016-08-14 19:34:03 +0100
commitc3c90abb17017af83133f57ec5d7663c0b33fdff (patch)
tree7f7a1dbc0a39f69abc85f57c064a63d3e717db51 /ext/openssl/openssl.c
parente6536b9d6f720a03b513c1224169ab82ef053f25 (diff)
downloadphp-git-c3c90abb17017af83133f57ec5d7663c0b33fdff.tar.gz
Return false if tag is not supplied or cannot be retrieved in AEAD
It doesn't make sense to return just encoded string as it cannot be used anyway (decryption without a tag will not work).
Diffstat (limited to 'ext/openssl/openssl.c')
-rw-r--r--ext/openssl/openssl.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 1deb01db22..6c9204d5aa 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -6294,6 +6294,7 @@ PHP_FUNCTION(openssl_encrypt)
base64_str = php_base64_encode((unsigned char*)ZSTR_VAL(outbuf), outlen);
zend_string_release(outbuf);
+ outbuf = base64_str;
RETVAL_STR(base64_str);
}
if (mode.is_aead && tag) {
@@ -6305,14 +6306,20 @@ PHP_FUNCTION(openssl_encrypt)
ZSTR_LEN(tag_str) = tag_len;
ZVAL_NEW_STR(tag, tag_str);
} else {
- zend_string_release(tag_str);
php_error_docref(NULL, E_WARNING, "Retrieving verification tag failed");
+ zend_string_release(tag_str);
+ zend_string_release(outbuf);
+ RETVAL_FALSE;
}
} else if (tag) {
zval_dtor(tag);
ZVAL_NULL(tag);
php_error_docref(NULL, E_WARNING,
"The authenticated tag cannot be provided for cipher that doesn not support AEAD");
+ } else if (mode.is_aead) {
+ php_error_docref(NULL, E_WARNING, "A tag should be provided when using AEAD mode");
+ zend_string_release(outbuf);
+ RETVAL_FALSE;
}
} else {
php_openssl_store_errors();
View Lorry Controller Status