php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 08:12:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix error return check of EVP_CIPHER_CTX_ctrl()

Browse Source 
OpenSSL can return -1 on error [1, 2], and OpenBSD's docs confirm this
[3]. Change all checks to <= 0.

[1] b3161bd9a9/crypto/evp/evp_enc.c (L1530-L1531)
[2] b3161bd9a9/crypto/evp/evp_enc.c (L1611)
[3] https://man.openbsd.org/EVP_CIPHER_CTX_ctrl.3

Closes GH-18987.
This commit is contained in:
Niels Dossche
2025-07-01 00:07:22 +02:00
parent b495ce0371
commit cd8722304c
2 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@@ -42,6 +42,7 @@ PHP NEWS
stream_socket_server). (Jakub Zelenka)
. Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file()
return value check). (nielsdos, botovq)
. Fix error return check of EVP_CIPHER_CTX_ctrl(). (nielsdos)
- PCNTL:
. Fixed bug GH-18958 (Fatal error during shutdown after pcntl_rfork() or

8
ext/openssl/openssl.c
View File

@@ -7475,7 +7475,7 @@ static int php_openssl_validate_iv(const char **piv, size_t *piv_len, size_t iv_
char *iv_new;
if (mode->is_aead) {
if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_ivlen_flag, *piv_len, NULL) != 1) {
if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_ivlen_flag, *piv_len, NULL) <= 0) {
php_error_docref(NULL, E_WARNING, "Setting of IV length for AEAD mode failed");
return FAILURE;
}
@@ -7547,7 +7547,7 @@ static int php_openssl_cipher_init(const EVP_CIPHER *cipher_type,
return FAILURE;
}
if (mode->set_tag_length_always || (enc && mode->set_tag_length_when_encrypting)) {
if (!EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_set_tag_flag, tag_len, NULL)) {
if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_set_tag_flag, tag_len, NULL) <= 0) {
php_error_docref(NULL, E_WARNING, "Setting tag length for AEAD cipher failed");
return FAILURE;
}
@@ -7555,7 +7555,7 @@ static int php_openssl_cipher_init(const EVP_CIPHER *cipher_type,
if (!enc && tag && tag_len > 0) {
if (!mode->is_aead) {
php_error_docref(NULL, E_WARNING, "The tag cannot be used because the cipher algorithm does not support AEAD");
} else if (!EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_set_tag_flag, tag_len, (unsigned char *) tag)) {
} else if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_set_tag_flag, tag_len, (unsigned char *) tag) <= 0) {
php_error_docref(NULL, E_WARNING, "Setting tag for AEAD cipher decryption failed");
return FAILURE;
}
@@ -7693,7 +7693,7 @@ PHP_OPENSSL_API zend_string* php_openssl_encrypt(
if (mode.is_aead && tag) {
zend_string *tag_str = zend_string_alloc(tag_len, 0);
if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode.aead_get_tag_flag, tag_len, ZSTR_VAL(tag_str)) == 1) {
if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode.aead_get_tag_flag, tag_len, ZSTR_VAL(tag_str)) > 0) {
ZSTR_VAL(tag_str)[tag_len] = '\0';
ZSTR_LEN(tag_str) = tag_len;
ZEND_TRY_ASSIGN_REF_NEW_STR(tag, tag_str);