diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | ext/openssl/openssl.c | 4 | ||||
| -rw-r--r-- | ext/openssl/tests/bug60632.phpt | 25 |
3 files changed, 30 insertions, 0 deletions
@@ -11,6 +11,7 @@ PHP NEWS - OpenSSL: . Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb) + . Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka) - Streams: . Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections). diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 63958ac571..4ec4c4f4ed 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4917,6 +4917,10 @@ PHP_FUNCTION(openssl_seal) php_error_docref(NULL, E_WARNING, "Unknown signature algorithm."); RETURN_FALSE; } + if (EVP_CIPHER_iv_length(cipher) > 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Ciphers with modes requiring IV are not supported"); + RETURN_FALSE; + } } else { cipher = EVP_rc4(); } diff --git a/ext/openssl/tests/bug60632.phpt b/ext/openssl/tests/bug60632.phpt new file mode 100644 index 0000000000..c718fed6db --- /dev/null +++ b/ext/openssl/tests/bug60632.phpt @@ -0,0 +1,25 @@ +--TEST-- +Bug #60632: openssl_seal fails with AES +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +?> +--FILE-- +<?php +$pkey = openssl_pkey_new(array( + 'digest_alg' => 'sha256', + 'private_key_bits' => 1024, + 'private_key_type' => OPENSSL_KEYTYPE_RSA, + 'encrypt_key' => false +)); +$details = openssl_pkey_get_details($pkey); +$test_pubkey = $details['key']; +$pubkey = openssl_pkey_get_public($test_pubkey); +$encrypted = null; +$ekeys = array(); +$result = openssl_seal('test phrase', $encrypted, $ekeys, array($pubkey), 'AES-256-CBC'); +echo "Done"; +?> +--EXPECTF-- +Warning: openssl_seal(): Ciphers with modes requiring IV are not supported in %s on line %d +Done |