scottmac Tue, 19 Jul 2011 22:15:56 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=313453
Log: openssl_encrypt() / openssl_decrypt() were flawed and truncated the key to the default size for the case of a variable key length cipher. The result is a key of 448 bits being passed to the blowfish algorithm would be truncated to 128 bit. Also fixed an error in the zend_parse_parameters() having an invalid character being used. Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/branches/PHP_5_4/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2011-07-19 22:12:13 UTC (rev 313452) +++ php/php-src/branches/PHP_5_3/NEWS 2011-07-19 22:15:56 UTC (rev 313453) @@ -4,6 +4,10 @@ - Improved core functions: . Updated crypt_blowfish to 1.2. ((CVE-2011-2483) (Solar Designer) +- OpenSSL + . openssl_encrypt()/openssl_decrypt() truncated keys of variable length + ciphers to the OpenSSL default for the algorithm. (Scott) + 14 Jul 2011, PHP 5.3.7 RC3 - Zend Engine: . Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-07-19 22:12:13 UTC (rev 313452) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-07-19 22:15:56 UTC (rev 313453) @@ -4708,7 +4708,11 @@ outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); - EVP_EncryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv); + EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL); + if (password_len > keylen) { + EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); + } + EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); outlen = i; if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { @@ -4788,7 +4792,11 @@ outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); - EVP_DecryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv); + EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL); + if (password_len > keylen) { + EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); + } + EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); outlen = i; if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-07-19 22:12:13 UTC (rev 313452) +++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-07-19 22:15:56 UTC (rev 313453) @@ -1020,9 +1020,7 @@ OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); - ERR_load_ERR_strings(); - ERR_load_crypto_strings(); - ERR_load_EVP_strings(); + SSL_load_error_strings(); /* register a resource id number with OpenSSL so that we can map SSL -> stream structures in * OpenSSL callbacks */ @@ -3043,7 +3041,7 @@ BIO * bio_out = NULL; const EVP_CIPHER * cipher; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zṕ|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zp|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) { return; } RETVAL_FALSE; @@ -4726,7 +4724,11 @@ outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); - EVP_EncryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv); + EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL); + if (password_len > keylen) { + EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); + } + EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); if (options & OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); } @@ -4809,7 +4811,11 @@ outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); - EVP_DecryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv); + EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL); + if (password_len > keylen) { + EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); + } + EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); if (options & OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); } Modified: php/php-src/trunk/ext/openssl/openssl.c =================================================================== --- php/php-src/trunk/ext/openssl/openssl.c 2011-07-19 22:12:13 UTC (rev 313452) +++ php/php-src/trunk/ext/openssl/openssl.c 2011-07-19 22:15:56 UTC (rev 313453) @@ -1016,9 +1016,7 @@ OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); - ERR_load_ERR_strings(); - ERR_load_crypto_strings(); - ERR_load_EVP_strings(); + SSL_load_error_strings(); /* register a resource id number with OpenSSL so that we can map SSL -> stream structures in * OpenSSL callbacks */ @@ -3039,7 +3037,7 @@ BIO * bio_out = NULL; const EVP_CIPHER * cipher; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zṕ|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zp|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) { return; } RETVAL_FALSE; @@ -4722,7 +4720,11 @@ outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); - EVP_EncryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv); + EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL); + if (password_len > keylen) { + EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); + } + EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); if (options & OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); } @@ -4805,7 +4807,11 @@ outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); - EVP_DecryptInit(&cipher_ctx, cipher_type, key, (unsigned char *)iv); + EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL); + if (password_len > keylen) { + EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); + } + EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); if (options & OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php