|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77156 Useless warning for AEAD
Submitted: 2018-11-14 22:56 UTC Modified: -
Avg. Score:2.6 ± 1.5
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:2 (50.0%)
From: obreham at gmail dot com Assigned:
Status: Open Package: OpenSSL related
PHP Version: 7.1.24 OS: Windows
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-11-14 22:56 UTC] obreham at gmail dot com
PHP version: 7.1.9

The documentation for openssl_encrypt() indicates that the default &$tag = NULL, which should be true for any case.

But if a $tag is deliberately passed - even when set to NULL - with a cipher that does not support AEAD, a warning is triggered.  This warning is not even mentioned in the documentation.

There are no needs for this warning, especially when it is the default value (NULL).  The function does set the $tag to NULL (no matter its initial value) and the correct encrypted data is returned.  Nothing unexpected happens.

As an aside, there is also a typo in the error message, it should read "does not" and not "doesn not".

Test script:
$tag = null;
$encrypted = openssl_encrypt(
var_dump($tag, $encrypted);

Expected result:
string(8) "/fQItQ=="

Actual result:
Warning:  openssl_encrypt(): The authenticated tag cannot be provided for cipher that doesn not support AEAD in C:\wamp\www\test\test.php on line 8

string(8) "/fQItQ=="


Add a Patch

Pull Requests

Add a Pull Request

PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Oct 28 14:01:23 2020 UTC