openssl_encrypt() / openssl_decrypt() were flawed and truncated the key to the defaul...

The result is a key of 448 bits being passed to the blowfish algorithm would be truncated to 128 bit.

Also fixed an error in the zend_parse_parameters() having an invalid character being used.

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 06473744b36202cc4fee1e12659ec0a18801444c..b41d04c3bb47361c5d1565e126cdce9e12bc44ef 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -1020,9 +1020,7 @@ PHP_MINIT_FUNCTION(openssl)
        OpenSSL_add_all_digests();
        OpenSSL_add_all_algorithms();
 
-       ERR_load_ERR_strings();
-       ERR_load_crypto_strings();
-       ERR_load_EVP_strings();
+       SSL_load_error_strings();
 
        /* register a resource id number with OpenSSL so that we can map SSL -> stream structures in
         * OpenSSL callbacks */
@@ -3043,7 +3041,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
        BIO * bio_out = NULL;
        const EVP_CIPHER * cipher;
        
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zṕ|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zp|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) {
                return;
        }
        RETVAL_FALSE;
@@ -4726,7 +4724,11 @@ PHP_FUNCTION(openssl_encrypt)
        outlen = data_len + EVP_CIPHER_block_size(cipher_type);
        outbuf = emalloc(outlen + 1);
 
-       EVP_EncryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv);
+       EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL);
+       if (password_len > keylen) {
+               EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
+       }
+       EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
        if (options & OPENSSL_ZERO_PADDING) {
                EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
        }
@@ -4809,7 +4811,11 @@ PHP_FUNCTION(openssl_decrypt)
        outlen = data_len + EVP_CIPHER_block_size(cipher_type);
        outbuf = emalloc(outlen + 1);
 
-       EVP_DecryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv);
+       EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL);
+       if (password_len > keylen) {
+               EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
+       }
+       EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
        if (options & OPENSSL_ZERO_PADDING) {
                EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
        }