|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2017-01-09 18:58 UTC] bukka@php.net
-Status: Open
+Status: Wont fix
[2017-01-09 18:58 UTC] bukka@php.net
[2017-01-09 18:59 UTC] bukka@php.net
-Assigned To:
+Assigned To: bukka
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Wed Apr 24 00:01:32 2024 UTC |
Description: ------------ I'm testing the new features of PHP 7.1 for the support of AEAD using OpenSSL and I noticed that the openssl_error_string() returns an empty string in case of authentication error. It will be nice to have a message here to recognize this new case. Test script: --------------- $iv = random_bytes(openssl_cipher_iv_length('aes-256-gcm')); $key = random_bytes(32); $data = random_bytes(1024); $ciphertext = openssl_encrypt($data, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag); // Change 1 bit in ciphertext $i = rand(0, mb_strlen($ciphertext, '8bit') - 1); $ciphertext[$i] = $ciphertext[$i] ^ chr(1); $decrypt = openssl_decrypt($ciphertext, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag); if (false === $decrypt) { printf("OpenSSL message: %s", openssl_error_string()); } Expected result: ---------------- OpenSSL message: authentication error Actual result: -------------- OpenSSL message: