From: john dot hargrove at sellingsource dot com Operating system: All PHP version: 5.2.1 PHP Bug Type: mcrypt related Bug description: mcrypt_create_iv() not using random seed.
Description: ------------ This bug is only for mcrypt_create_iv() when passing MCRYPT_RAND as the source. I believe this is a bug that has been re-introduced to PHP at some point after 5.1.4. This bug is not in 5.1.4, but is currently in PHP 5.2.1, and it was reported previously in 5.0.X. So it seems fixed, then unfixed. mcrypt_create_iv() is making a call to php_rand_r(), but is passing an uninitialized unsigned int as the random seed. I believe it should be calling php_rand() with no argument (which would invoke the auto-seeding feature of the php function rand()), or simply rand(). In 5.1.4, it was rand(). Here is a patch: http://www.fortheloot.com/public/mcrypt.patch That should fix it. Additionally, the "expected output" below is from a version after applying the patch above. Sorry for the Wall-O-Text, just wanted to make sure this was considered legit. Reproduce code: --------------- srand((double) microtime(true) * 1000000); $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, NULL, MCRYPT_MODE_CFB, NULL); echo "iv1: " . bin2hex(mcrypt_create_iv(mcrypt_enc_get_iv_size($module), MCRYPT_RAND)) . "\n"; echo "iv2: " . bin2hex(mcrypt_create_iv(mcrypt_enc_get_iv_size($module), MCRYPT_RAND)) . "\n"; echo "iv3: " . bin2hex(mcrypt_create_iv(mcrypt_enc_get_iv_size($module), MCRYPT_RAND)) . "\n"; Expected result: ---------------- 3 random hex strings. e.g., iv1: 3e280c689f08c1a6e7993e41040eec1b iv2: caa3b8ae0241995d36a346904b7672bf iv3: a4d25fe39436d72b96cf68efe7ceb1a5 Actual result: -------------- iv1: a67ed3dd28eb59be57bbfee36f75df52 iv2: a67ed3dd28eb59be57bbfee36f75df52 iv3: a67ed3dd28eb59be57bbfee36f75df52 -- Edit bug report at http://bugs.php.net/?id=40999&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=40999&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=40999&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=40999&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=40999&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=40999&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=40999&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=40999&r=needscript Try newer version: http://bugs.php.net/fix.php?id=40999&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=40999&r=support Expected behavior: http://bugs.php.net/fix.php?id=40999&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=40999&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=40999&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=40999&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=40999&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=40999&r=dst IIS Stability: http://bugs.php.net/fix.php?id=40999&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=40999&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=40999&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=40999&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=40999&r=mysqlcfg
