Skip to content

Commit 02581a0

Browse files
author
Scott MacVicar
committed
openssl_encrypt() / openssl_decrypt() were flawed and truncated the key to the default size for the case of a variable key length cipher.
The result is a key of 448 bits being passed to the blowfish algorithm would be truncated to 128 bit. Also fixed an error in the zend_parse_parameters() having an invalid character being used.
1 parent e97b0d7 commit 02581a0

File tree

1 file changed

+12
-6
lines changed

1 file changed

+12
-6
lines changed

ext/openssl/openssl.c

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1016,9 +1016,7 @@ PHP_MINIT_FUNCTION(openssl)
10161016
OpenSSL_add_all_digests();
10171017
OpenSSL_add_all_algorithms();
10181018

1019-
ERR_load_ERR_strings();
1020-
ERR_load_crypto_strings();
1021-
ERR_load_EVP_strings();
1019+
SSL_load_error_strings();
10221020

10231021
/* register a resource id number with OpenSSL so that we can map SSL -> stream structures in
10241022
* OpenSSL callbacks */
@@ -3039,7 +3037,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
30393037
BIO * bio_out = NULL;
30403038
const EVP_CIPHER * cipher;
30413039

3042-
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zṕ|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) {
3040+
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zp|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) {
30433041
return;
30443042
}
30453043
RETVAL_FALSE;
@@ -4722,7 +4720,11 @@ PHP_FUNCTION(openssl_encrypt)
47224720
outlen = data_len + EVP_CIPHER_block_size(cipher_type);
47234721
outbuf = emalloc(outlen + 1);
47244722

4725-
EVP_EncryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv);
4723+
EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL);
4724+
if (password_len > keylen) {
4725+
EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
4726+
}
4727+
EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
47264728
if (options & OPENSSL_ZERO_PADDING) {
47274729
EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
47284730
}
@@ -4805,7 +4807,11 @@ PHP_FUNCTION(openssl_decrypt)
48054807
outlen = data_len + EVP_CIPHER_block_size(cipher_type);
48064808
outbuf = emalloc(outlen + 1);
48074809

4808-
EVP_DecryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv);
4810+
EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL);
4811+
if (password_len > keylen) {
4812+
EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
4813+
}
4814+
EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
48094815
if (options & OPENSSL_ZERO_PADDING) {
48104816
EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
48114817
}

0 commit comments

Comments
 (0)