From 64a0c79a073a788b851555e656318306d7207d41 Mon Sep 17 00:00:00 2001 From: Scott MacVicar Date: Tue, 19 Jul 2011 22:15:56 +0000 Subject: [PATCH] openssl_encrypt() / openssl_decrypt() were flawed and truncated the key to the default size for the case of a variable key length cipher. The result is a key of 448 bits being passed to the blowfish algorithm would be truncated to 128 bit. Also fixed an error in the zend_parse_parameters() having an invalid character being used. --- ext/openssl/openssl.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 06473744b3..b41d04c3bb 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1020,9 +1020,7 @@ PHP_MINIT_FUNCTION(openssl) OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); - ERR_load_ERR_strings(); - ERR_load_crypto_strings(); - ERR_load_EVP_strings(); + SSL_load_error_strings(); /* register a resource id number with OpenSSL so that we can map SSL -> stream structures in * OpenSSL callbacks */ @@ -3043,7 +3041,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file) BIO * bio_out = NULL; const EVP_CIPHER * cipher; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zṕ|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zp|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) { return; } RETVAL_FALSE; @@ -4726,7 +4724,11 @@ PHP_FUNCTION(openssl_encrypt) outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); - EVP_EncryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv); + EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL); + if (password_len > keylen) { + EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); + } + EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); if (options & OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); } @@ -4809,7 +4811,11 @@ PHP_FUNCTION(openssl_decrypt) outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); - EVP_DecryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv); + EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL); + if (password_len > keylen) { + EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); + } + EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); if (options & OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); } -- 2.40.0