openssl_encrypt() / openssl_decrypt() were flawed and truncated the key to the defaul...

The result is a key of 448 bits being passed to the blowfish algorithm would be truncated to 128 bit.

Also fixed an error in the zend_parse_parameters() having an invalid character being used.

diff --git a/NEWS b/NEWS
index 801e01ec289ba2d40561d9bc9269c3a4e6585f2a..df5f277fff8f5b829f313d75626448de8fc3ff8f 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,10 @@ PHP                                                                        NEWS
 - Improved core functions:
   . Updated crypt_blowfish to 1.2. ((CVE-2011-2483) (Solar Designer)
 
+- OpenSSL
+  . openssl_encrypt()/openssl_decrypt() truncated keys of variable length
+    ciphers to the OpenSSL default for the algorithm. (Scott)
+
 14 Jul 2011, PHP 5.3.7 RC3
 - Zend Engine:
   . Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index bf77247b53ad9ba73aec1a463a0a772aba0f0571..66136bd25f234abd1594657ea90d04ed7bc4412f 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -4708,7 +4708,11 @@ PHP_FUNCTION(openssl_encrypt)
        outlen = data_len + EVP_CIPHER_block_size(cipher_type);
        outbuf = emalloc(outlen + 1);
 
-       EVP_EncryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv);
+       EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL);
+       if (password_len > keylen) {
+               EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
+       }
+       EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
        EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
        outlen = i;
        if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
@@ -4788,7 +4792,11 @@ PHP_FUNCTION(openssl_decrypt)
        outlen = data_len + EVP_CIPHER_block_size(cipher_type);
        outbuf = emalloc(outlen + 1);
 
-       EVP_DecryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv);
+       EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL);
+       if (password_len > keylen) {
+               EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
+       }
+       EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
        EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
        outlen = i;
        if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {