Description
The following code:
<?php
$algo = 'chacha20-poly1305';
$data = 'plain text'; // 10 bytes
$pass = random_bytes(32);
$iv = str_repeat("\0", 12);
$enc = openssl_encrypt($data, $algo, $pass, OPENSSL_RAW_DATA | OPENSSL_DONT_ZERO_PAD_KEY, $iv, $tag);
var_dump(bin2hex($enc), $tag);Resulted in this output:
string(20) "cyphertext hex"
NULL
But I expected this output instead:
According to the AEAD contract, when the $tag parameter is provided, the ciphertext should contain only the encrypted data (same length as the plaintext), and the 16‑byte authentication tag should be written to $tag.
Fixed in PHP 8.2.0 and later.
PHP Version
PHP 8.1.34 (cli) (built: Dec 29 2025 23:35:21) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.34, Copyright (c) Zend Technologies
with Zend OPcache v8.1.34, Copyright (c), by Zend Technologies
OpenSSL 3.5.4 30 Sep 2025
Operating System
No response
Description
The following code:
Resulted in this output:
But I expected this output instead:
According to the AEAD contract, when the
$tagparameter is provided, the ciphertext should contain only the encrypted data (same length as the plaintext), and the 16‑byte authentication tag should be written to$tag.Fixed in PHP 8.2.0 and later.
PHP Version
Operating System
No response