mirror of
https://github.com/php/php-src.git
synced 2025-08-16 14:08:47 +02:00
6c6a58e930
openssl_encrypt() currently throws a warning if the $tag out parameter is passed for a non-authenticated cipher. This violates the principle that a function should behave the same if a parameter is not passed, and if the default value is passed for the parameter. I believe this warning should simply be dropped and the $tag be populated with null, as is already the case. Otherwise, it is not possible to use openssl_encrypt() in generic wrapper APIs, that are compatible with both authenticated and non-authenticated encryption. Closes GH-6333.
43 lines
1.7 KiB
PHP
43 lines
1.7 KiB
PHP
--TEST--
|
|
openssl_decrypt() tests dependent on openssl_encrypt
|
|
--SKIPIF--
|
|
<?php if (!extension_loaded("openssl")) print "skip"; ?>
|
|
--FILE--
|
|
<?php
|
|
$data = "openssl_encrypt() and openssl_decrypt() tests";
|
|
$method = "AES-128-CBC";
|
|
$password = "openssl";
|
|
|
|
$ivlen = openssl_cipher_iv_length($method);
|
|
$iv = '';
|
|
srand(time() + ((microtime(true) * 1000000) % 1000000));
|
|
while(strlen($iv) < $ivlen) $iv .= chr(rand(0,255));
|
|
|
|
$encrypted = openssl_encrypt($data, $method, $password, 0, $iv);
|
|
$output = openssl_decrypt($encrypted, $method, $password, 0, $iv);
|
|
var_dump($output);
|
|
$encrypted = openssl_encrypt($data, $method, $password, OPENSSL_RAW_DATA, $iv);
|
|
$output = openssl_decrypt($encrypted, $method, $password, OPENSSL_RAW_DATA, $iv);
|
|
var_dump($output);
|
|
// if we want to manage our own padding
|
|
$padded_data = $data . str_repeat(' ', 16 - (strlen($data) % 16));
|
|
$encrypted = openssl_encrypt($padded_data, $method, $password, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
|
|
$output = openssl_decrypt($encrypted, $method, $password, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
|
|
var_dump(rtrim($output));
|
|
// if we want to prefer variable length cipher setting
|
|
$encrypted = openssl_encrypt($data, "bf-ecb", $password, OPENSSL_DONT_ZERO_PAD_KEY);
|
|
$output = openssl_decrypt($encrypted, "bf-ecb", $password, OPENSSL_DONT_ZERO_PAD_KEY);
|
|
var_dump($output);
|
|
|
|
// It's okay to pass $tag for a non-authenticated cipher.
|
|
// It will be populated with null in that case.
|
|
openssl_encrypt($data, $method, $password, 0, $iv, $tag);
|
|
var_dump($tag);
|
|
|
|
?>
|
|
--EXPECT--
|
|
string(45) "openssl_encrypt() and openssl_decrypt() tests"
|
|
string(45) "openssl_encrypt() and openssl_decrypt() tests"
|
|
string(45) "openssl_encrypt() and openssl_decrypt() tests"
|
|
string(45) "openssl_encrypt() and openssl_decrypt() tests"
|
|
NULL
|