From: Jakub Zelenka <bukka@php.net>
Date: Wed, 25 Jan 2017 19:55:05 +0000 (+0000)
Subject: Fix bug #73978 (openssl_decrypt triggers bug in PDO)
X-Git-Tag: php-7.1.2RC1~24
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=519b0dc886aed287e5c3472df9c879186f5112c2;p=php

Fix bug #73978 (openssl_decrypt triggers bug in PDO)
---

diff --git a/NEWS b/NEWS
index 425a90e2a4..3ed0ca1a6c 100644
--- a/NEWS
+++ b/NEWS
@@ -50,6 +50,7 @@ PHP                                                                        NEWS
 - OpenSSL:
   . Fixed bug #71519 (add serial hex to return value array). (xrobau)
   . Fixed bug #73692 (Compile ext/openssl with openssl 1.1.0 on Win). (Anatol)
+  . Fixed bug #73978 (openssl_decrypt triggers bug in PDO). (Jakub Zelenka)
 
 - PDO_Firebird:
   . Implemented FR #72583 (All data are fetched as strings). (Dorin Marcoci)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 643ac26fd4..47a28a1111 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -6256,6 +6256,7 @@ static int php_openssl_cipher_init(const EVP_CIPHER *cipher_type,
 	}
 
 	if (!EVP_CipherInit_ex(cipher_ctx, cipher_type, NULL, NULL, NULL, enc)) {
+		php_openssl_store_errors();
 		return FAILURE;
 	}
 	if (php_openssl_validate_iv(piv, piv_len, max_iv_len, free_iv, cipher_ctx, mode) == FAILURE) {
@@ -6271,10 +6272,11 @@ static int php_openssl_cipher_init(const EVP_CIPHER *cipher_type,
 			return FAILURE;
 		}
 	}
-	if (password_len > key_len) {
-		EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len);
+	if (password_len > key_len && !EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len)) {
+		php_openssl_store_errors();
 	}
 	if (!EVP_CipherInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)*piv, enc)) {
+		php_openssl_store_errors();
 		return FAILURE;
 	}
 	if (options & OPENSSL_ZERO_PADDING) {
@@ -6293,11 +6295,13 @@ static int php_openssl_cipher_update(const EVP_CIPHER *cipher_type,
 	int i = 0;
 
 	if (mode->is_single_run_aead && !EVP_EncryptUpdate(cipher_ctx, NULL, &i, NULL, (int)data_len)) {
+		php_openssl_store_errors();
 		php_error_docref(NULL, E_WARNING, "Setting of data length failed");
 		return FAILURE;
 	}
 
 	if (mode->is_aead && !EVP_CipherUpdate(cipher_ctx, NULL, &i, (unsigned char *)aad, (int)aad_len)) {
+		php_openssl_store_errors();
 		php_error_docref(NULL, E_WARNING, "Setting of additional application data failed");
 		return FAILURE;
 	}
@@ -6314,6 +6318,7 @@ static int php_openssl_cipher_update(const EVP_CIPHER *cipher_type,
 			php_error_docref(NULL, E_WARNING, enc ? "Encryption failed" : "Decryption failed");
 		}
 		*/
+		php_openssl_store_errors();
 		zend_string_release(*poutbuf);
 		return FAILURE;
 	}
@@ -6363,7 +6368,6 @@ PHP_FUNCTION(openssl_encrypt)
 
 	php_openssl_load_cipher_mode(&mode, cipher_type);
 
-
 	if (php_openssl_cipher_init(cipher_type, cipher_ctx, &mode,
 				&password, &password_len, &free_password,
 				&iv, &iv_len, &free_iv, NULL, tag_len, options, 1) == FAILURE ||