PHP :: Bug #73463 :: openssl_encrypt aes-128-gcm fails

Bug #73463	openssl_encrypt aes-128-gcm fails
Submitted:	2016-11-04 21:45 UTC	Modified:	2016-11-09 11:49 UTC
From:	mjones@php.net	Assigned:	bukka (profile)
Status:	Closed	Package:	OpenSSL related
PHP Version:	7.1.0RC5	OS:	Ubuntu
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mjones@php.net
New email:
PHP Version:		OS:

New Comment:

[2016-11-04 21:45 UTC] mjones@php.net

Description:
------------
openssl_decrypt fails to decrypt the result from openssl_encrypt for GCM based authenticated encryption methods supported in openssl like 'aes-128-gcm'.

The below example works for aes-128-cbc and other cipher methods, but not 'aes-128-gcm','aes-192-gcm','aes-256-gcm', despite all of those being listed as supported in openssl_get_cipher_methods().

The reason it fails, is because openssl_encrypt does not insert the "authenticated encryption tag" into the encrypted string.

This affects PHP 5.6, 7.0, 7.1.0RC5.


Test script:
---------------
<?php
$methods = openssl_get_cipher_methods();
$method='aes-128-gcm';
//$method='aes-128-cbc';

$data = 'junk data';
$key = openssl_random_pseudo_bytes(16);
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($method));
$encrypted = openssl_encrypt($data, $method, $key, $options=0, $iv);
$decrypted = openssl_decrypt($encrypted, $method, $key, $options=0, $iv);
echo $data."\n";
echo $encrypted."\n";
echo $decrypted."\n";


Expected result:
----------------
junk data
iu8Ijn2SndGXJll4qpxLWL0rsEsTiNoAMw==
junk data


Actual result:
--------------
junk data
iu8Ijn2SndGX

Patches

Pull Requests

Pull requests:

Bug #73463 fix openssl_encrypt/decrypt for GCM mode (php-src/2184)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-11-09 11:49 UTC] bukka@php.net

Closing as this is duplicate already fixed bug.

See https://wiki.php.net/rfc/openssl_aead for more info

[2016-11-09 11:49 UTC] bukka@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: bukka

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 12 05:01:33 2025 UTC