diff options
author | Andrey Andreev <narf@devilix.net> | 2014-07-02 18:09:08 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2014-07-02 18:09:08 +0200 |
commit | ab9971f112c1394db0d0fc963d860479d3ec408b (patch) | |
tree | d1b01df4b07c54ba36cc27db333030035812294a /system/libraries/Encryption.php | |
parent | 961db7dd3843ee7acba3557d4c82c2cd8ab9e937 (diff) |
Remove GCM mode from CI_Encryption (OpenSSL)
While openssl_get_cipher_methods() lists 'aes-<keysize>-gcm' as supported,
it appears that this is only half of the story. To be more specific, only
the encryption operation of GCM is performed, and the authentication message
is completely missing, rendering the whole thing useles.
Diffstat (limited to 'system/libraries/Encryption.php')
-rw-r--r-- | system/libraries/Encryption.php | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php index aa91cd3f9..b85d7da36 100644 --- a/system/libraries/Encryption.php +++ b/system/libraries/Encryption.php @@ -105,7 +105,6 @@ class CI_Encryption { 'cfb8' => 'cfb8', 'ctr' => 'ctr', 'stream' => '', - 'gcm' => 'gcm', 'xts' => 'xts' ) ); @@ -628,7 +627,7 @@ class CI_Encryption { 'mode' => $this->_mode, 'key' => NULL, 'base64' => TRUE, - 'hmac_digest' => ($this->_mode !== 'gcm' ? 'sha512' : NULL), + 'hmac_digest' => 'sha512', 'hmac_key' => NULL ) : FALSE; @@ -651,7 +650,7 @@ class CI_Encryption { } } - if ($params['mode'] === 'gcm' OR (isset($params['hmac']) && $params['hmac'] === FALSE)) + if (isset($params['hmac']) && $params['hmac'] === FALSE) { $params['hmac_digest'] = $params['hmac_key'] = NULL; } |