php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #50013 Support for AES-CBC in openssl_pkcs7_encrypt()
Submitted: 2009-10-27 10:21 UTC Modified: 2010-06-21 11:10 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: michael at stroeder dot com Assigned: pajoye (profile)
Status: Not a bug Package: *General Issues
PHP Version: 5.2.11 and 5.3.0 OS:
Private report: No CVE-ID: None
 [2009-10-27 10:21 UTC] michael at stroeder dot com
Description:
------------
openssl_pkcs7_encrypt() cannot generate encrypted S/MIME messages using symmetric cipher AES-CBC. This patch also sets the default cipher used which might not be want one want.

--- ext/openssl/openssl.c.orig  2009-10-26 13:46:25.000000000 +0100
+++ ext/openssl/openssl.c       2009-10-26 16:32:56.000000000 +0100
@@ -88,8 +88,9 @@
        PHP_OPENSSL_CIPHER_RC2_64,
        PHP_OPENSSL_CIPHER_DES,
        PHP_OPENSSL_CIPHER_3DES,
+       PHP_OPENSSL_CIPHER_AES_CBC,
 
-       PHP_OPENSSL_CIPHER_DEFAULT = PHP_OPENSSL_CIPHER_RC2_40
+       PHP_OPENSSL_CIPHER_DEFAULT = PHP_OPENSSL_CIPHER_AES_CBC
 };
 
 /* {{{ openssl_functions[]
@@ -730,6 +731,9 @@
        REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_DES", PHP_OPENSSL_CIPHER_DES, CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_3DES", PHP_OPENSSL_CIPHER_3DES, CONST_CS|CONST_PERSISTENT);
 #endif
+#ifndef OPENSSL_NO_AES
+       REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_AES_CBC", PHP_OPENSSL_CIPHER_AES_CBC, CONST_CS|CONST_PERSISTENT);
+#endif
 
        /* Values for key types */
        REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_RSA", OPENSSL_KEYTYPE_RSA, CONST_CS|CONST_PERSISTENT);
@@ -2998,6 +3002,12 @@
                        break;
 #endif
 
+#ifndef OPENSSL_NO_AES
+               case PHP_OPENSSL_CIPHER_AES_CBC:
+                       cipher = EVP_aes_256_cbc();
+                       break;
+#endif
+
                default:
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid cipher type `%ld'", cipherid);
                        goto clean_exit;



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-10-28 09:06 UTC] michael at stroeder dot com
Another patch for php-5.3.0

--- openssl.c.orig      2009-04-20 11:44:29.000000000 +0200
+++ openssl.c   2009-10-27 14:00:42.000000000 +0100
@@ -83,8 +83,9 @@
        PHP_OPENSSL_CIPHER_RC2_64,
        PHP_OPENSSL_CIPHER_DES,
        PHP_OPENSSL_CIPHER_3DES,
+       PHP_OPENSSL_CIPHER_AES_CBC,
 
-       PHP_OPENSSL_CIPHER_DEFAULT = PHP_OPENSSL_CIPHER_RC2_40
+       PHP_OPENSSL_CIPHER_DEFAULT = PHP_OPENSSL_CIPHER_AES_CBC
 };
 
 PHP_FUNCTION(openssl_get_md_methods);
@@ -940,6 +941,13 @@
                        return EVP_des_ede3_cbc();
                        break;
 #endif
+
+#ifndef OPENSSL_NO_AES
+               case PHP_OPENSSL_CIPHER_AES_CBC:
+                       return EVP_aes_256_cbc();
+                       break;
+#endif
+
                default:
                        return NULL;
                        break;
@@ -1017,6 +1025,9 @@
        REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_DES", PHP_OPENSSL_CIPHER_DES, CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_3DES", PHP_OPENSSL_CIPHER_3DES, CONST_CS|CONST_PERSISTENT);
 #endif
+#ifndef OPENSSL_NO_AES
+       REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_AES_CBC", PHP_OPENSSL_CIPHER_AES_CBC, CONST_CS|CONST_PERSISTENT);
+#endif
 
        /* Values for key types */
        REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_RSA", OPENSSL_KEYTYPE_RSA, CONST_CS|CONST_PERSISTENT);
 [2009-10-28 09:08 UTC] michael at stroeder dot com
Report applies to any PHP version.
 [2009-10-28 09:37 UTC] pajoye@php.net
I will apply it to 5.3+.
 [2010-06-21 11:10 UTC] pajoye@php.net
-Status: Assigned +Status: Bogus -Package: Feature/Change Request +Package: *General Issues
 [2010-06-21 11:10 UTC] pajoye@php.net
See #48632
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 01 20:01:29 2024 UTC