Remove GCM mode from CI_Encryption (OpenSSL)

While openssl_get_cipher_methods() lists 'aes-<keysize>-gcm' as supported, it appears that this is only half of the story. To be more specific, only the encryption operation of GCM is performed, and the authentication message is completely missing, rendering the whole thing useles.
author: Andrey Andreev <narf@devilix.net> 2014-07-02 18:09:08 +0200
committer: Andrey Andreev <narf@devilix.net> 2014-07-02 18:09:08 +0200
commit: ab9971f112c1394db0d0fc963d860479d3ec408b (patch)
tree: d1b01df4b07c54ba36cc27db333030035812294a /system/libraries/Encryption.php
parent: 961db7dd3843ee7acba3557d4c82c2cd8ab9e937 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index aa91cd3f9..b85d7da36 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php
@@ -105,7 +105,6 @@ class CI_Encryption {
 			'cfb8' => 'cfb8',
 			'ctr' => 'ctr',
 			'stream' => '',
-			'gcm' => 'gcm',
 			'xts' => 'xts'
 		)
 	);
@@ -628,7 +627,7 @@ class CI_Encryption {
 					'mode' => $this->_mode,
 					'key' => NULL,
 					'base64' => TRUE,
-					'hmac_digest' => ($this->_mode !== 'gcm' ? 'sha512' : NULL),
+					'hmac_digest' => 'sha512',
 					'hmac_key' => NULL
 				)
 				: FALSE;
@@ -651,7 +650,7 @@ class CI_Encryption {
 			}
 		}
 
-		if ($params['mode'] === 'gcm' OR (isset($params['hmac']) && $params['hmac'] === FALSE))
+		if (isset($params['hmac']) && $params['hmac'] === FALSE)
 		{
 			$params['hmac_digest'] = $params['hmac_key'] = NULL;
 		}
author	Andrey Andreev <narf@devilix.net>	2014-07-02 18:09:08 +0200
committer	Andrey Andreev <narf@devilix.net>	2014-07-02 18:09:08 +0200
commit	ab9971f112c1394db0d0fc963d860479d3ec408b (patch)
tree	d1b01df4b07c54ba36cc27db333030035812294a /system/libraries/Encryption.php
parent	961db7dd3843ee7acba3557d4c82c2cd8ab9e937 (diff)