From: Jakub Zelenka <bukka@php.net>
Date: Sun, 2 Jun 2019 18:10:56 +0000 (+0100)
Subject: Fix bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c)
X-Git-Tag: php-7.2.20RC1~15
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2e025794745e09f7d0c72822ad0238bf6d67b2e8;p=php

Fix bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c)

It also fixes invalid setting of tag length
---

diff --git a/NEWS b/NEWS
index 8478a5ce82..438c962759 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,10 @@ PHP                                                                        NEWS
   . Fixed bug #77956 (When mysqli.allow_local_infile = Off, use a meaningful
     error message). (Sjon Hortensius)
 
+- OpenSSL:
+  . Fixed bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).
+    (Jakub Zelenka)
+
 - Sockets:
   . Fixed bug #78038 (Socket_select fails when resource array contains
     references). (Nikita)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 7df50720eb..91df229c3d 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -6444,7 +6444,10 @@ static int php_openssl_cipher_init(const EVP_CIPHER *cipher_type,
 		return FAILURE;
 	}
 	if (mode->is_single_run_aead && enc) {
-		EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_set_tag_flag, tag_len, NULL);
+		if (!EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_set_tag_flag, tag_len, NULL)) {
+			php_error_docref(NULL, E_WARNING, "Setting tag length for AEAD cipher failed");
+			return FAILURE;
+		}
 	} else if (!enc && tag && tag_len > 0) {
 		if (!mode->is_aead) {
 			php_error_docref(NULL, E_WARNING, "The tag cannot be used because the cipher method does not support AEAD");
diff --git a/ext/openssl/tests/openssl_encrypt_ccm.phpt b/ext/openssl/tests/openssl_encrypt_ccm.phpt
index c8610bc96b..fb5dbbc849 100644
--- a/ext/openssl/tests/openssl_encrypt_ccm.phpt
+++ b/ext/openssl/tests/openssl_encrypt_ccm.phpt
@@ -24,9 +24,12 @@ foreach ($tests as $idx => $test) {
 // Empty IV error
 var_dump(openssl_encrypt('data', $method, 'password', 0, NULL, $tag, ''));
 
-// Test setting different IV length and unlimeted tag
-var_dump(openssl_encrypt('data', $method, 'password', 0, str_repeat('x', 10), $tag, '', 1024));
+// Test setting different IV length and tag length
+var_dump(openssl_encrypt('data', $method, 'password', 0, str_repeat('x', 10), $tag, '', 14));
 var_dump(strlen($tag));
+
+// Test setting invalid tag length
+var_dump(openssl_encrypt('data', $method, 'password', 0, str_repeat('x', 16), $tag, '', 1024));
 ?>
 --EXPECTF--
 TEST 0
@@ -36,4 +39,7 @@ bool(true)
 Warning: openssl_encrypt(): Setting of IV length for AEAD mode failed in %s on line %d
 bool(false)
 string(8) "p/lvgA=="
-int(1024)
+int(14)
+
+Warning: openssl_encrypt(): Setting of IV length for AEAD mode failed in %s on line %d
+bool(false)