This function works in exactly the same way as openssl_cipher_iv_length
but for a key length. This is especially useful to make sure that the
right key length is provided to openssl_encrypt and openssl_decrypt.
In addtion the change also updates implementation of
openssl_cipher_iv_length and adds a test for it.
Allow $tag to be null. This is the value that openssl_encrypt()
sets it to for non-AEAD ciphers, so we should also accept this
as an input to openssl_decrypt().
Prior to PHP 8.1, null was accepted in weak mode due to the special
treatment of null arguments to internal functions.
Switch default cipher for openssl_pkcs7_encrypt() and
openssl_cms_encrypt() from RC2-40 to AES-128-CBC.
The RC2-40 cipher is considered insecure and is not loaded by
default in OpenSSL 3, which means that these functions will
always fail with default arguments.
As the used algorithm is embedded in the result (which makes this
different from the openssl_encrypt() case) changing the default
algorithm should be safe.
Closes GH-7357.
RC4 is considered insecure, and it's not possible to change the
default of these functions. As such, require the method to be
passed explicitly.
Closes GH-6093.
It add CMS (RFC 5652) support, which is an update to PKCS7. The functions
are analogous BUT NOT IDENTICAL to openssl_pkcs7*. In particular, support for
different encodings (PEM, DER, SMIME) is now available.
Jakub Zelenka