Fix bug #73978 (openssl_decrypt triggers bug in PDO)

diff --git a/NEWS b/NEWS
index 425a90e2a4914497e41d09ecb735aadc960242bd..3ed0ca1a6ceb4ad70d8cb4b7fd48483f376d02c6 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -50,6 +50,7 @@ PHP                                                                        NEWS
 - OpenSSL:
   . Fixed bug #71519 (add serial hex to return value array). (xrobau)
   . Fixed bug #73692 (Compile ext/openssl with openssl 1.1.0 on Win). (Anatol)
+  . Fixed bug #73978 (openssl_decrypt triggers bug in PDO). (Jakub Zelenka)
 
 - PDO_Firebird:
   . Implemented FR #72583 (All data are fetched as strings). (Dorin Marcoci)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 643ac26fd435853390fe9142a211bbc29082e88f..47a28a111174485d2205e2b351bd6e718b1898a2 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -6256,6 +6256,7 @@ static int php_openssl_cipher_init(const EVP_CIPHER *cipher_type,
        }
 
        if (!EVP_CipherInit_ex(cipher_ctx, cipher_type, NULL, NULL, NULL, enc)) {
+               php_openssl_store_errors();
                return FAILURE;
        }
        if (php_openssl_validate_iv(piv, piv_len, max_iv_len, free_iv, cipher_ctx, mode) == FAILURE) {
@@ -6271,10 +6272,11 @@ static int php_openssl_cipher_init(const EVP_CIPHER *cipher_type,
                        return FAILURE;
                }
        }
-       if (password_len > key_len) {
-               EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len);
+       if (password_len > key_len && !EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len)) {
+               php_openssl_store_errors();
        }
        if (!EVP_CipherInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)*piv, enc)) {
+               php_openssl_store_errors();
                return FAILURE;
        }
        if (options & OPENSSL_ZERO_PADDING) {
@@ -6293,11 +6295,13 @@ static int php_openssl_cipher_update(const EVP_CIPHER *cipher_type,
        int i = 0;
 
        if (mode->is_single_run_aead && !EVP_EncryptUpdate(cipher_ctx, NULL, &i, NULL, (int)data_len)) {
+               php_openssl_store_errors();
                php_error_docref(NULL, E_WARNING, "Setting of data length failed");
                return FAILURE;
        }
 
        if (mode->is_aead && !EVP_CipherUpdate(cipher_ctx, NULL, &i, (unsigned char *)aad, (int)aad_len)) {
+               php_openssl_store_errors();
                php_error_docref(NULL, E_WARNING, "Setting of additional application data failed");
                return FAILURE;
        }
@@ -6314,6 +6318,7 @@ static int php_openssl_cipher_update(const EVP_CIPHER *cipher_type,
                        php_error_docref(NULL, E_WARNING, enc ? "Encryption failed" : "Decryption failed");
                }
                */
+               php_openssl_store_errors();
                zend_string_release(*poutbuf);
                return FAILURE;
        }
@@ -6363,7 +6368,6 @@ PHP_FUNCTION(openssl_encrypt)
 
        php_openssl_load_cipher_mode(&mode, cipher_type);
 
-
        if (php_openssl_cipher_init(cipher_type, cipher_ctx, &mode,
                                &password, &password_len, &free_password,
                                &iv, &iv_len, &free_iv, NULL, tag_len, options, 1) == FAILURE ||