[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c

Tue, 19 Jul 2011 15:16:13 -0700 

scottmac                                 Tue, 19 Jul 2011 22:15:56 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=313453

Log:
openssl_encrypt() / openssl_decrypt() were flawed and truncated the key to the 
default size for the case of a variable key length cipher.

The result is a key of 448 bits being passed to the blowfish algorithm would be 
truncated to 128 bit.

Also fixed an error in the zend_parse_parameters() having an invalid character 
being used.

Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
    U   php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
    U   php/php-src/trunk/ext/openssl/openssl.c

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2011-07-19 22:12:13 UTC (rev 313452)
+++ php/php-src/branches/PHP_5_3/NEWS   2011-07-19 22:15:56 UTC (rev 313453)
@@ -4,6 +4,10 @@
 - Improved core functions:
   . Updated crypt_blowfish to 1.2. ((CVE-2011-2483) (Solar Designer)

+- OpenSSL
+  . openssl_encrypt()/openssl_decrypt() truncated keys of variable length
+    ciphers to the OpenSSL default for the algorithm. (Scott)
+
 14 Jul 2011, PHP 5.3.7 RC3
 - Zend Engine:
   . Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even

Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c  2011-07-19 22:12:13 UTC 
(rev 313452)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c  2011-07-19 22:15:56 UTC 
(rev 313453)
@@ -4708,7 +4708,11 @@
        outlen = data_len + EVP_CIPHER_block_size(cipher_type);
        outbuf = emalloc(outlen + 1);

-       EVP_EncryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv);
+       EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL);
+       if (password_len > keylen) {
+               EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
+       }
+       EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
        EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, 
data_len);
        outlen = i;
        if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
@@ -4788,7 +4792,11 @@
        outlen = data_len + EVP_CIPHER_block_size(cipher_type);
        outbuf = emalloc(outlen + 1);

-       EVP_DecryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv);
+       EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL);
+       if (password_len > keylen) {
+               EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
+       }
+       EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
        EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, 
data_len);
        outlen = i;
        if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {

Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c  2011-07-19 22:12:13 UTC 
(rev 313452)
+++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c  2011-07-19 22:15:56 UTC 
(rev 313453)
@@ -1020,9 +1020,7 @@
        OpenSSL_add_all_digests();
        OpenSSL_add_all_algorithms();

-       ERR_load_ERR_strings();
-       ERR_load_crypto_strings();
-       ERR_load_EVP_strings();
+       SSL_load_error_strings();

        /* register a resource id number with OpenSSL so that we can map SSL -> 
stream structures in
         * OpenSSL callbacks */
@@ -3043,7 +3041,7 @@
        BIO * bio_out = NULL;
        const EVP_CIPHER * cipher;

-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zṕ|s!a!", &zpkey, 
&filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zp|s!a!", &zpkey, 
&filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) {
                return;
        }
        RETVAL_FALSE;
@@ -4726,7 +4724,11 @@
        outlen = data_len + EVP_CIPHER_block_size(cipher_type);
        outbuf = emalloc(outlen + 1);

-       EVP_EncryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv);
+       EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL);
+       if (password_len > keylen) {
+               EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
+       }
+       EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
        if (options & OPENSSL_ZERO_PADDING) {
                EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
        }
@@ -4809,7 +4811,11 @@
        outlen = data_len + EVP_CIPHER_block_size(cipher_type);
        outbuf = emalloc(outlen + 1);

-       EVP_DecryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv);
+       EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL);
+       if (password_len > keylen) {
+               EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
+       }
+       EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
        if (options & OPENSSL_ZERO_PADDING) {
                EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
        }

Modified: php/php-src/trunk/ext/openssl/openssl.c
===================================================================
--- php/php-src/trunk/ext/openssl/openssl.c     2011-07-19 22:12:13 UTC (rev 
313452)
+++ php/php-src/trunk/ext/openssl/openssl.c     2011-07-19 22:15:56 UTC (rev 
313453)
@@ -1016,9 +1016,7 @@
        OpenSSL_add_all_digests();
        OpenSSL_add_all_algorithms();

-       ERR_load_ERR_strings();
-       ERR_load_crypto_strings();
-       ERR_load_EVP_strings();
+       SSL_load_error_strings();

        /* register a resource id number with OpenSSL so that we can map SSL -> 
stream structures in
         * OpenSSL callbacks */
@@ -3039,7 +3037,7 @@
        BIO * bio_out = NULL;
        const EVP_CIPHER * cipher;

-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zṕ|s!a!", &zpkey, 
&filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zp|s!a!", &zpkey, 
&filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) {
                return;
        }
        RETVAL_FALSE;
@@ -4722,7 +4720,11 @@
        outlen = data_len + EVP_CIPHER_block_size(cipher_type);
        outbuf = emalloc(outlen + 1);

-       EVP_EncryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv);
+       EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL);
+       if (password_len > keylen) {
+               EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
+       }
+       EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
        if (options & OPENSSL_ZERO_PADDING) {
                EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
        }
@@ -4805,7 +4807,11 @@
        outlen = data_len + EVP_CIPHER_block_size(cipher_type);
        outbuf = emalloc(outlen + 1);

-       EVP_DecryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv);
+       EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL);
+       if (password_len > keylen) {
+               EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
+       }
+       EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
        if (options & OPENSSL_ZERO_PADDING) {
                EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
        }


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to