PHP :: Request #68962 :: No way to retrieve or supply tag when GCM is used

Request #68962	No way to retrieve or supply tag when GCM is used
Submitted:	2015-01-30 17:04 UTC	Modified:	2015-01-30 20:39 UTC
From:	php-mark at zedwood dot com	Assigned:
Status:	Duplicate	Package:	OpenSSL related
PHP Version:	5.6.5	OS:	ubuntu 14.04
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	php-mark at zedwood dot com
New email:
PHP Version:		OS:

New Comment:

[2015-01-30 17:04 UTC] php-mark at zedwood dot com

Description:
------------
When I use:
 $method = 'id-aes128-GCM';
the openssl_decrypt returns false.

However, when I use a different cipher method like 'AES-128-CBC' (like used in 011.phpt) it returns the input string (correct behavior).

So I want to use aes128-GCM because GCM mode is recommended for authenticated encryption.





Test script:
---------------
<?php
error_reporting(E_ALL);
$data = '1234567890ABCDEF';
$method = 'id-aes128-GCM';
$password = 'dCoD........Eu39';
$iv_size = openssl_cipher_iv_length($method);
$iv = openssl_random_pseudo_bytes($iv_size);
$encrypted = openssl_encrypt($data, $method, $password, $options = 0, $iv);
$output = openssl_decrypt($encrypted, $method, $password, $options = 0, $iv);
echo in_array($method, openssl_get_cipher_methods()) ? $method."\n" : "";
echo var_dump($encrypted);
echo var_dump($output);
exit(0);

Expected result:
----------------
id-aes128-GCM
string(24) "lIn8CH5BBWWR/q1WdSf7Pw=="
string(16) "1234567890ABCDEF"

Actual result:
--------------
id-aes128-GCM
string(24) "lIn8CH5BBWWR/q1WdSf7Pw=="
bool(false)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-01-30 19:01 UTC] leigh@php.net

-Summary: openssl_decrypt aes 128 GCM fails +Summary: No way to retrieve or supply tag when GCM is used -Type: Bug +Type: Feature/Change Request

[2015-01-30 19:01 UTC] leigh@php.net

This isn't a bug as such.

PHP doesn't have a method to retrieve (or use) the GCM tag.

If you try the encryption with a really short plaintext, you can see that the output is far too small to have a GCM tag appended to it.

Changing this to a feature request, and updating the title to better reflect what is required.

[2015-01-30 19:44 UTC] php-mark at zedwood dot com

This bug was filed for AES-128-GCM, but the fix will probably work for AES-256-GCM, see: https://bugs.php.net/bug.php?id=67304 

When this gets patched, maybe we can test and close both...

[2015-01-30 20:39 UTC] leigh@php.net

-Status: Open +Status: Duplicate

[2015-01-30 20:39 UTC] leigh@php.net

Thanks for searching (and making me look bad!) :)

No point having two reports for the same thing, going to close as a duplicate.

Thanks for taking the time to report it.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Feb 05 08:01:30 2025 UTC