php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #73432 openssl_error_string() returns empty for authentication error using GCM or CCM
Submitted: 2016-10-31 17:07 UTC Modified: 2017-01-09 18:59 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:4 of 4 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: enrico at zimuel dot it Assigned: bukka (profile)
Status: Wont fix Package: OpenSSL related
PHP Version: 7.1.0RC5 OS: Ubuntu
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: enrico at zimuel dot it
New email:
PHP Version: OS:

 

 [2016-10-31 17:07 UTC] enrico at zimuel dot it
Description:
------------
I'm testing the new features of PHP 7.1 for the support of AEAD using OpenSSL and I noticed that the openssl_error_string() returns an empty string in case of authentication error. It will be nice to have a message here to recognize this new case.

Test script:
---------------
$iv = random_bytes(openssl_cipher_iv_length('aes-256-gcm'));
$key = random_bytes(32);
$data = random_bytes(1024);
$ciphertext = openssl_encrypt($data, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag);
// Change 1 bit in ciphertext
$i = rand(0, mb_strlen($ciphertext, '8bit') - 1);
$ciphertext[$i] = $ciphertext[$i] ^ chr(1);
$decrypt = openssl_decrypt($ciphertext, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag);
if (false === $decrypt) {
  printf("OpenSSL message: %s", openssl_error_string());
}

Expected result:
----------------
OpenSSL message: authentication error

Actual result:
--------------
OpenSSL message:

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-09 18:58 UTC] bukka@php.net
-Status: Open +Status: Wont fix
 [2017-01-09 18:58 UTC] bukka@php.net
openssl_error_string is meant just for OpenSSL errors. Basically the empty case without warning is always an authentication error.
 [2017-01-09 18:59 UTC] bukka@php.net
-Assigned To: +Assigned To: bukka
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 17:01:32 2024 UTC