derick Sat Dec 1 17:20:45 2007 UTC
Added files: (Branch: PHP_5_3)
/php-src/ext/mcrypt/tests bug43143.phpt
Modified files:
/php-src NEWS
/php-src/ext/mcrypt mcrypt.c
Log:
- MFH: Fixed bug #43143 (Warning about empty IV with MCRYPT_MODE_ECB).
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.965.2.54&r2=1.2027.2.547.2.965.2.55&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.965.2.54
php-src/NEWS:1.2027.2.547.2.965.2.55
--- php-src/NEWS:1.2027.2.547.2.965.2.54 Fri Nov 23 11:31:22 2007
+++ php-src/NEWS Sat Dec 1 17:20:44 2007
@@ -59,6 +59,7 @@
- Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf)
+- Fixed bug #43143 (Warning about empty IV with MCRYPT_MODE_ECB). (Derick)
- Fixed bug #43136 (possible crash on script execution timeout.
The EG(function_state_ptr) is completely removed,
EG(current_execute_data)->function_state must be used instead). (Dmitry)
http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.91.2.3.2.11.2.1&r2=1.91.2.3.2.11.2.2&diff_format=u
Index: php-src/ext/mcrypt/mcrypt.c
diff -u php-src/ext/mcrypt/mcrypt.c:1.91.2.3.2.11.2.1
php-src/ext/mcrypt/mcrypt.c:1.91.2.3.2.11.2.2
--- php-src/ext/mcrypt/mcrypt.c:1.91.2.3.2.11.2.1 Thu Sep 27 18:00:40 2007
+++ php-src/ext/mcrypt/mcrypt.c Sat Dec 1 17:20:45 2007
@@ -16,7 +16,7 @@
| Derick Rethans <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: mcrypt.c,v 1.91.2.3.2.11.2.1 2007/09/27 18:00:40 dmitry Exp $ */
+/* $Id: mcrypt.c,v 1.91.2.3.2.11.2.2 2007/12/01 17:20:45 derick Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -993,7 +993,7 @@
{
char *cipher_dir_string;
char *module_dir_string;
- int block_size, max_key_length, use_key_length, i, count, iv_size;
+ int block_size, max_key_length, use_key_length, i, count, iv_size,
req_iv;
unsigned long int data_size;
int *key_length_sizes;
char *key_s = NULL, *iv_s;
@@ -1041,6 +1041,7 @@
/* Check IV */
iv_s = NULL;
iv_size = mcrypt_enc_get_iv_size (td);
+ req_iv = mcrypt_enc_mode_has_iv(td);
if (argc == 5) {
if (iv_size != Z_STRLEN_PP(iv)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING,
MCRYPT_IV_WRONG_SIZE);
@@ -1049,7 +1050,7 @@
memcpy(iv_s, Z_STRVAL_PP(iv), iv_size);
}
} else if (argc == 4) {
- if (iv_size != 0) {
+ if (req_iv == 1) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempt to
use an empty IV, which is NOT recommend");
iv_s = emalloc(iv_size + 1);
memset(iv_s, 0, iv_size + 1);
http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/bug43143.phpt?view=markup&rev=1.1
Index: php-src/ext/mcrypt/tests/bug43143.phpt
+++ php-src/ext/mcrypt/tests/bug43143.phpt
--TEST--
Bug #43143 (Warning about empty IV with MCRYPT_MODE_ECB)
--SKIPIF--
<?php if (!extension_loaded("mcrypt")) print "skip"; ?>
--FILE--
<?php
echo "ECB\n";
$input = 'to be encrypted';
$mkey = hash('sha256', 'secret key', TRUE);
$data = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $mkey, $input, MCRYPT_MODE_ECB);
echo "CFB\n";
$input = 'to be encrypted';
$mkey = hash('sha256', 'secret key', TRUE);
$data = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $mkey, $input, MCRYPT_MODE_CFB);
echo "END\n";
?>
--EXPECTF--
ECB
CFB
Warning: mcrypt_encrypt(): Attempt to use an empty IV, which is NOT recommended
in %sbug43143.php on line 9
END
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
