Fix bug #60632: openssl_seal fails with AES

NEWS

@@ -17,6 +17,7 @@ PHP                                                                        NEWS
   . Fixed bug #55259 (openssl extension does not get the DH parameters from 
     DH key resource). (Jakub Zelenka)
   . Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb)
+  . Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka)
 
 - PDO:
   . Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence)

ext/openssl/openssl.c

@@ -4871,6 +4871,10 @@ PHP_FUNCTION(openssl_seal)
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature algorithm.");
 			RETURN_FALSE;
 		}
+		if (EVP_CIPHER_iv_length(cipher) > 0) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Ciphers with modes requiring IV are not supported");
+			RETURN_FALSE;
+		}
 	} else {
 		cipher = EVP_rc4();
 	}

ext/openssl/tests/bug60632.phpt

@@ -0,0 +1,25 @@
+--TEST--
+Bug #60632: openssl_seal fails with AES
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+?>
+--FILE--
+<?php
+$pkey = openssl_pkey_new(array(
+	'digest_alg' => 'sha256',
+	'private_key_bits' => 1024,
+	'private_key_type' => OPENSSL_KEYTYPE_RSA,
+	'encrypt_key' => false
+));
+$details = openssl_pkey_get_details($pkey);
+$test_pubkey = $details['key'];
+$pubkey = openssl_pkey_get_public($test_pubkey);
+$encrypted = null;
+$ekeys = array();
+$result = openssl_seal('test phrase', $encrypted, $ekeys, array($pubkey), 'AES-256-CBC');
+echo "Done";
+?>
+--EXPECTF--
+Warning: openssl_seal(): Ciphers with modes requiring IV are not supported in %s on line %d
+Done