diff options
| -rw-r--r-- | ext/openssl/openssl.c | 9 | ||||
| -rw-r--r-- | ext/openssl/tests/openssl_encrypt_gcm.phpt | 8 |
2 files changed, 15 insertions, 2 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 1deb01db22..6c9204d5aa 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -6294,6 +6294,7 @@ PHP_FUNCTION(openssl_encrypt) base64_str = php_base64_encode((unsigned char*)ZSTR_VAL(outbuf), outlen); zend_string_release(outbuf); + outbuf = base64_str; RETVAL_STR(base64_str); } if (mode.is_aead && tag) { @@ -6305,14 +6306,20 @@ PHP_FUNCTION(openssl_encrypt) ZSTR_LEN(tag_str) = tag_len; ZVAL_NEW_STR(tag, tag_str); } else { - zend_string_release(tag_str); php_error_docref(NULL, E_WARNING, "Retrieving verification tag failed"); + zend_string_release(tag_str); + zend_string_release(outbuf); + RETVAL_FALSE; } } else if (tag) { zval_dtor(tag); ZVAL_NULL(tag); php_error_docref(NULL, E_WARNING, "The authenticated tag cannot be provided for cipher that doesn not support AEAD"); + } else if (mode.is_aead) { + php_error_docref(NULL, E_WARNING, "A tag should be provided when using AEAD mode"); + zend_string_release(outbuf); + RETVAL_FALSE; } } else { php_openssl_store_errors(); diff --git a/ext/openssl/tests/openssl_encrypt_gcm.phpt b/ext/openssl/tests/openssl_encrypt_gcm.phpt index 6c55404b50..91fe23a637 100644 --- a/ext/openssl/tests/openssl_encrypt_gcm.phpt +++ b/ext/openssl/tests/openssl_encrypt_gcm.phpt @@ -26,6 +26,9 @@ var_dump(openssl_encrypt('data', $method, 'password', 0, NULL, $tag, '')); // Failing to retrieve tag (max is 16 bytes) var_dump(openssl_encrypt('data', $method, 'password', 0, str_repeat('x', 32), $tag, '', 20)); + +// Failing when no tag supplied +var_dump(openssl_encrypt('data', $method, 'password', 0, str_repeat('x', 32))); ?> --EXPECTF-- TEST 0 @@ -51,4 +54,7 @@ Warning: openssl_encrypt(): Setting of IV length for AEAD mode failed, the expec bool(false) Warning: openssl_encrypt(): Retrieving verification tag failed in %s on line %d -string(8) "S6+N0w==" +bool(false) + +Warning: openssl_encrypt(): A tag should be provided when using AEAD mode in %s on line %d +bool(false) |