archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 14:08:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
php-src/ext/openssl/tests/openssl_decrypt_basic.phpt
Nikita Popov 6c6a58e930 Allow passing $tag for non-authenticated encryption 
openssl_encrypt() currently throws a warning if the $tag out
parameter is passed for a non-authenticated cipher. This violates
the principle that a function should behave the same if a parameter
is not passed, and if the default value is passed for the parameter.

I believe this warning should simply be dropped and the $tag be
populated with null, as is already the case. Otherwise, it is not
possible to use openssl_encrypt() in generic wrapper APIs, that are
compatible with both authenticated and non-authenticated encryption.

Closes GH-6333.
2020-10-14 10:54:06 +02:00

43 lines
1.7 KiB
PHP
Raw Permalink Blame History

--TEST--
openssl_decrypt() tests dependent on openssl_encrypt
--SKIPIF--
<?php if (!extension_loaded("openssl")) print "skip"; ?>
--FILE--
<?php
$data = "openssl_encrypt() and openssl_decrypt() tests";
$method = "AES-128-CBC";
$password = "openssl";
$ivlen = openssl_cipher_iv_length($method);
$iv = '';
srand(time() + ((microtime(true) * 1000000) % 1000000));
while(strlen($iv) < $ivlen) $iv .= chr(rand(0,255));
$encrypted = openssl_encrypt($data, $method, $password, 0, $iv);
$output = openssl_decrypt($encrypted, $method, $password, 0, $iv);
var_dump($output);
$encrypted = openssl_encrypt($data, $method, $password, OPENSSL_RAW_DATA, $iv);
$output = openssl_decrypt($encrypted, $method, $password, OPENSSL_RAW_DATA, $iv);
var_dump($output);
// if we want to manage our own padding
$padded_data = $data . str_repeat(' ', 16 - (strlen($data) % 16));
$encrypted = openssl_encrypt($padded_data, $method, $password, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
$output = openssl_decrypt($encrypted, $method, $password, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
var_dump(rtrim($output));
// if we want to prefer variable length cipher setting
$encrypted = openssl_encrypt($data, "bf-ecb", $password, OPENSSL_DONT_ZERO_PAD_KEY);
$output = openssl_decrypt($encrypted, "bf-ecb", $password, OPENSSL_DONT_ZERO_PAD_KEY);
var_dump($output);
// It's okay to pass $tag for a non-authenticated cipher.
// It will be populated with null in that case.
openssl_encrypt($data, $method, $password, 0, $iv, $tag);
var_dump($tag);
?>
--EXPECT--
string(45) "openssl_encrypt() and openssl_decrypt() tests"
string(45) "openssl_encrypt() and openssl_decrypt() tests"
string(45) "openssl_encrypt() and openssl_decrypt() tests"
string(45) "openssl_encrypt() and openssl_decrypt() tests"
NULL
Reference in a new issue View git blame Copy permalink