Remove GCM mode from CI_Encryption (OpenSSL)
While openssl_get_cipher_methods() lists 'aes-<keysize>-gcm' as supported,
it appears that this is only half of the story. To be more specific, only
the encryption operation of GCM is performed, and the authentication message
is completely missing, rendering the whole thing useles.
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index aa91cd3..b85d7da 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php
@@ -105,7 +105,6 @@
'cfb8' => 'cfb8',
'ctr' => 'ctr',
'stream' => '',
- 'gcm' => 'gcm',
'xts' => 'xts'
)
);
@@ -628,7 +627,7 @@
'mode' => $this->_mode,
'key' => NULL,
'base64' => TRUE,
- 'hmac_digest' => ($this->_mode !== 'gcm' ? 'sha512' : NULL),
+ 'hmac_digest' => 'sha512',
'hmac_key' => NULL
)
: FALSE;
@@ -651,7 +650,7 @@
}
}
- if ($params['mode'] === 'gcm' OR (isset($params['hmac']) && $params['hmac'] === FALSE))
+ if (isset($params['hmac']) && $params['hmac'] === FALSE)
{
$params['hmac_digest'] = $params['hmac_key'] = NULL;
}