summaryrefslogtreecommitdiffstats
path: root/system/libraries/Encryption.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-07-02 18:09:08 +0200
committerAndrey Andreev <narf@devilix.net>2014-07-02 18:09:08 +0200
commitab9971f112c1394db0d0fc963d860479d3ec408b (patch)
treed1b01df4b07c54ba36cc27db333030035812294a /system/libraries/Encryption.php
parent961db7dd3843ee7acba3557d4c82c2cd8ab9e937 (diff)
Remove GCM mode from CI_Encryption (OpenSSL)
While openssl_get_cipher_methods() lists 'aes-<keysize>-gcm' as supported, it appears that this is only half of the story. To be more specific, only the encryption operation of GCM is performed, and the authentication message is completely missing, rendering the whole thing useles.
Diffstat (limited to 'system/libraries/Encryption.php')
-rw-r--r--system/libraries/Encryption.php5
1 files changed, 2 insertions, 3 deletions
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index aa91cd3f9..b85d7da36 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php
@@ -105,7 +105,6 @@ class CI_Encryption {
'cfb8' => 'cfb8',
'ctr' => 'ctr',
'stream' => '',
- 'gcm' => 'gcm',
'xts' => 'xts'
)
);
@@ -628,7 +627,7 @@ class CI_Encryption {
'mode' => $this->_mode,
'key' => NULL,
'base64' => TRUE,
- 'hmac_digest' => ($this->_mode !== 'gcm' ? 'sha512' : NULL),
+ 'hmac_digest' => 'sha512',
'hmac_key' => NULL
)
: FALSE;
@@ -651,7 +650,7 @@ class CI_Encryption {
}
}
- if ($params['mode'] === 'gcm' OR (isset($params['hmac']) && $params['hmac'] === FALSE))
+ if (isset($params['hmac']) && $params['hmac'] === FALSE)
{
$params['hmac_digest'] = $params['hmac_key'] = NULL;
}