#50013 [Opn]: Support for AES-CBC in openssl_pkcs7_encrypt()

michael at stroeder dot com Wed, 28 Oct 2009 02:08:48 -0700

 ID:              50013
 User updated by: michael at stroeder dot com
 Reported By:     michael at stroeder dot com
 Status:          Open
 Bug Type:        Feature/Change Request
-PHP Version:     5.2.11
+PHP Version:     5.2.11 and 5.3.0
 New Comment:


Report applies to any PHP version.


Previous Comments:
------------------------------------------------------------------------

[2009-10-28 09:06:12] michael at stroeder dot com

Another patch for php-5.3.0

--- openssl.c.orig      2009-04-20 11:44:29.000000000 +0200
+++ openssl.c   2009-10-27 14:00:42.000000000 +0100
@@ -83,8 +83,9 @@
        PHP_OPENSSL_CIPHER_RC2_64,
        PHP_OPENSSL_CIPHER_DES,
        PHP_OPENSSL_CIPHER_3DES,
+       PHP_OPENSSL_CIPHER_AES_CBC,
 
-       PHP_OPENSSL_CIPHER_DEFAULT = PHP_OPENSSL_CIPHER_RC2_40
+       PHP_OPENSSL_CIPHER_DEFAULT = PHP_OPENSSL_CIPHER_AES_CBC
 };
 
 PHP_FUNCTION(openssl_get_md_methods);
@@ -940,6 +941,13 @@
                        return EVP_des_ede3_cbc();
                        break;
 #endif
+
+#ifndef OPENSSL_NO_AES
+               case PHP_OPENSSL_CIPHER_AES_CBC:
+                       return EVP_aes_256_cbc();
+                       break;
+#endif
+
                default:
                        return NULL;
                        break;
@@ -1017,6 +1025,9 @@
        REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_DES",
PHP_OPENSSL_CIPHER_DES, CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_3DES",
PHP_OPENSSL_CIPHER_3DES, CONST_CS|CONST_PERSISTENT);
 #endif
+#ifndef OPENSSL_NO_AES
+       REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_AES_CBC",
PHP_OPENSSL_CIPHER_AES_CBC, CONST_CS|CONST_PERSISTENT);
+#endif
 
        /* Values for key types */
        REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_RSA",
OPENSSL_KEYTYPE_RSA, CONST_CS|CONST_PERSISTENT);

------------------------------------------------------------------------

[2009-10-27 10:21:49] michael at stroeder dot com

Description:
------------
openssl_pkcs7_encrypt() cannot generate encrypted S/MIME messages using
symmetric cipher AES-CBC. This patch also sets the default cipher used
which might not be want one want.

--- ext/openssl/openssl.c.orig  2009-10-26 13:46:25.000000000 +0100
+++ ext/openssl/openssl.c       2009-10-26 16:32:56.000000000 +0100
@@ -88,8 +88,9 @@
        PHP_OPENSSL_CIPHER_RC2_64,
        PHP_OPENSSL_CIPHER_DES,
        PHP_OPENSSL_CIPHER_3DES,
+       PHP_OPENSSL_CIPHER_AES_CBC,
 
-       PHP_OPENSSL_CIPHER_DEFAULT = PHP_OPENSSL_CIPHER_RC2_40
+       PHP_OPENSSL_CIPHER_DEFAULT = PHP_OPENSSL_CIPHER_AES_CBC
 };
 
 /* {{{ openssl_functions[]
@@ -730,6 +731,9 @@
        REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_DES",
PHP_OPENSSL_CIPHER_DES, CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_3DES",
PHP_OPENSSL_CIPHER_3DES, CONST_CS|CONST_PERSISTENT);
 #endif
+#ifndef OPENSSL_NO_AES
+       REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_AES_CBC",
PHP_OPENSSL_CIPHER_AES_CBC, CONST_CS|CONST_PERSISTENT);
+#endif
 
        /* Values for key types */
        REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_RSA",
OPENSSL_KEYTYPE_RSA, CONST_CS|CONST_PERSISTENT);
@@ -2998,6 +3002,12 @@
                        break;
 #endif
 
+#ifndef OPENSSL_NO_AES
+               case PHP_OPENSSL_CIPHER_AES_CBC:
+                       cipher = EVP_aes_256_cbc();
+                       break;
+#endif
+
                default:
                        php_error_docref(NULL TSRMLS_CC, E_WARNING,
"Invalid cipher type `%ld'", cipherid);
                        goto clean_exit;




------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=50013&edit=1

#50013 [Opn]: Support for AES-CBC in openssl_pkcs7_encrypt()

Reply via email to