php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #74116 AES-256-GCM not working with uppercase cipher name
Submitted: 2017-02-17 06:15 UTC Modified: 2017-02-17 12:52 UTC
From: er dot haridarshan at gmail dot com Assigned:
Status: Not a bug Package: OpenSSL related
PHP Version: 7.1Git-2017-02-17 (snap) OS: Fedora 24
Private report: No CVE-ID: None
View Developer Edit
 [2017-02-17 06:15 UTC] er dot haridarshan at gmail dot com 
Description:
------------
As of 7.1.0, when trying to use AES-256-GCM algorithm with openssl_cipher_iv_length getting warning as 

PHP Warning:  openssl_cipher_iv_length(): Unknown cipher algorithm

And as mentioned in changelog of 7.1.0 

OpenSSL:
   Implemented FR #67304 (Added AEAD support [CCM and GCM modes] to openssl_encrypt and openssl_decrypt).

this should work but its not working

Test script:
---------------
function encrypt($algo = 'AES-256-GCM')
{
    $key = random_bytes(32);    // 256 bits
    $iv = random_bytes(openssl_cipher_iv_length($algo));

    $ciphertext = openssl_encrypt(
        random_bytes(1024 * 1024 * 10), 
        $algo, 
        $key, 
        OPENSSL_RAW_DATA, 
        $iv,
        $tag
    );
        
    return $ciphertext;
}

$cipherText = encrypt();


Expected result:
----------------
Exepected Result is the cipherText

Actual result:
--------------
PHP Warning:  openssl_cipher_iv_length(): Unknown cipher algorithm in /var/www/test/aes.php on line 13

Warning: openssl_cipher_iv_length(): Unknown cipher algorithm in /var/www/test/aes.php on line 13
PHP Fatal error:  Uncaught Error: Length must be greater than 0 in /var/www/test/aes.php:13
Stack trace:
#0 /var/www/test/aes.php(13): random_bytes(false)
#1 /var/www/test/aes.php(41): encrypt('Hello')
#2 {main}
  thrown in /var/www/test/aes.php on line 13

Fatal error: Uncaught Error: Length must be greater than 0 in /var/www/test/aes.php:13
Stack trace:
#0 /var/www/test/aes.php(13): random_bytes(false)
#1 /var/www/test/aes.php(41): encrypt('Hello')
#2 {main}
  thrown in /var/www/test/aes.php on line 13

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-02-17 06:21 UTC] er dot haridarshan at gmail dot com 
Sorry didn't noticed algorithm names are case-sensitive. But aren't they supposed to case-insensitive?
 [2017-02-17 08:28 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2017-02-17 08:28 UTC] requinix@php.net 
I assume using a lowercase name works, then? Does openssl_get_cipher_methods() also return the uppercase version?
 [2017-02-17 12:22 UTC] er dot haridarshan at gmail dot com
-Status: Feedback +Status: Open
 [2017-02-17 12:22 UTC] er dot haridarshan at gmail dot com 
Yeah lowercase works. 

openssl_get_cipher_methods();

returns values algorithm names in capital as well as lower-case but not of aes-256-gcm and few others.

Here is the sample output 
    [16] => AES-256-CBC
    [17] => AES-256-CBC-HMAC-SHA1
    [18] => AES-256-CFB
    [19] => AES-256-CFB1
    [20] => AES-256-CFB8
    [21] => AES-256-CTR
    [22] => AES-256-ECB
    [23] => AES-256-OFB
    [24] => AES-256-XTS
---------------------------------
    [101] => aes-256-cbc
    [102] => aes-256-cbc-hmac-sha1
    [103] => aes-256-ccm
    [104] => aes-256-cfb
    [105] => aes-256-cfb1
    [106] => aes-256-cfb8
    [107] => aes-256-ctr
    [108] => aes-256-ecb
    [109] => aes-256-gcm
    [110] => aes-256-ofb
    [111] => aes-256-xts

As you can see aes-256-cbc is returned both in lower-case and upper-case then why not AES-256-GCM
 [2017-02-17 12:52 UTC] requinix@php.net
-Summary: AES-256-GCM not working +Summary: AES-256-GCM not working with uppercase cipher name -Status: Open +Status: Not a bug
 [2017-02-17 12:52 UTC] requinix@php.net 
PHP returns whatever OpenSSL says says without any processing so that would be a question for their project.

If you look in their source they have a list of all the ciphers they support
  https://github.com/openssl/openssl/blob/master/crypto/objects/obj_dat.h
and each has two names it can be referenced by:
  {"AES-256-CBC", "aes-256-cbc", NID_aes_256_cbc, 9, &so[3132]},
  {"id-aes256-GCM", "aes-256-gcm", NID_aes_256_gcm, 9, &so[5886]},

The RFC which defined AES-GCM
  https://tools.ietf.org/html/rfc5084
uses an identifier "id-aes256-GCM" in the spec so I would guess that OpenSSL borrowed that as an official name and created the lowercase "aes-256-gcm" as a nicer alternative.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Oct 28 00:00:02 2025 UTC