php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77156 Useless warning for AEAD
Submitted: 2018-11-14 22:56 UTC Modified: -
Votes:5
Avg. Score:2.6 ± 1.5
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:2 (50.0%)
From: obreham at gmail dot com Assigned:
Status: Open Package: OpenSSL related
PHP Version: 7.1.24 OS: Windows
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-11-14 22:56 UTC] obreham at gmail dot com 
Description:
------------
PHP version: 7.1.9

The documentation for openssl_encrypt() indicates that the default &$tag = NULL, which should be true for any case.

But if a $tag is deliberately passed - even when set to NULL - with a cipher that does not support AEAD, a warning is triggered.  This warning is not even mentioned in the documentation.

There are no needs for this warning, especially when it is the default value (NULL).  The function does set the $tag to NULL (no matter its initial value) and the correct encrypted data is returned.  Nothing unexpected happens.

As an aside, there is also a typo in the error message, it should read "does not" and not "doesn not".

Test script:
---------------
$tag = null;
$encrypted = openssl_encrypt(
	'data',
	'aes-256-ctr',
	'password',
	0,
	'1234567812345467',
	$tag
);
var_dump($tag, $encrypted);

Expected result:
----------------
NULL
string(8) "/fQItQ=="

Actual result:
--------------
Warning:  openssl_encrypt(): The authenticated tag cannot be provided for cipher that doesn not support AEAD in C:\wamp\www\test\test.php on line 8

NULL
string(8) "/fQItQ=="

Patches

Add a Patch

Pull Requests

Add a Pull Request
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved. 		Last updated: Sun Jan 24 22:01:25 2021 UTC