From ab9971f112c1394db0d0fc963d860479d3ec408b Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Wed, 2 Jul 2014 19:09:08 +0300
Subject: Remove GCM mode from CI_Encryption (OpenSSL)

While openssl_get_cipher_methods() lists 'aes-<keysize>-gcm' as supported,
it appears that this is only half of the story. To be more specific, only
the encryption operation of GCM is performed, and the authentication message
is completely missing, rendering the whole thing useles.
---
 system/libraries/Encryption.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'system/libraries/Encryption.php')

diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index aa91cd3f9..b85d7da36 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php
@@ -105,7 +105,6 @@ class CI_Encryption {
 			'cfb8' => 'cfb8',
 			'ctr' => 'ctr',
 			'stream' => '',
-			'gcm' => 'gcm',
 			'xts' => 'xts'
 		)
 	);
@@ -628,7 +627,7 @@ class CI_Encryption {
 					'mode' => $this->_mode,
 					'key' => NULL,
 					'base64' => TRUE,
-					'hmac_digest' => ($this->_mode !== 'gcm' ? 'sha512' : NULL),
+					'hmac_digest' => 'sha512',
 					'hmac_key' => NULL
 				)
 				: FALSE;
@@ -651,7 +650,7 @@ class CI_Encryption {
 			}
 		}
 
-		if ($params['mode'] === 'gcm' OR (isset($params['hmac']) && $params['hmac'] === FALSE))
+		if (isset($params['hmac']) && $params['hmac'] === FALSE)
 		{
 			$params['hmac_digest'] = $params['hmac_key'] = NULL;
 		}
-- 
cgit v1.2.3-24-g4f1b