Abort on missing IV if the enc_mode requires it

Previously the code fell back on using a NUL IV if no IV was
passed and the encryption mode required it. This is dangerous and
makes no sense from a practical point of view (as you could just
as well use ECB then).

diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c
index 83b3765f74c83340341aed10f0b5dea6f0f0ce5f..889dce397f19f6aba9e6aa9a1b9d402831afc98a 100644 (file)
--- a/ext/mcrypt/mcrypt.c
+++ b/ext/mcrypt/mcrypt.c
@@ -1230,9 +1230,9 @@ static void php_mcrypt_do_crypt(char* cipher, const char *key, int key_len, cons
                                memcpy(iv_s, iv, iv_size);
                        }
                } else if (argc == 4) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempt to use an empty IV, which is NOT recommend");
-                       iv_s = emalloc(iv_size + 1);
-                       memset(iv_s, 0, iv_size + 1);
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Encryption mode requires an initialization vector");
+                       efree(key_s);
+                       RETURN_FALSE;
                }
        }
 

diff --git a/ext/mcrypt/tests/mcrypt_cbc.phpt b/ext/mcrypt/tests/mcrypt_cbc.phpt
index 27cc5b222440433c024dd672f46affc826cea8c0..fb74df93228175510073678dbf7f82c359430f56 100644 (file)
--- a/ext/mcrypt/tests/mcrypt_cbc.phpt
+++ b/ext/mcrypt/tests/mcrypt_cbc.phpt
@@ -15,7 +15,7 @@ $enc_data = mcrypt_cbc($cipher, $key, $secret, MCRYPT_ENCRYPT, $iv);
 echo trim(mcrypt_cbc($cipher, $key, $enc_data, MCRYPT_DECRYPT, $iv)) . "\n";
 
 // a warning must be issued if we don't use a IV on a AES cipher, that usually requires an IV
-mcrypt_cbc($cipher, $key, $enc_data, MCRYPT_DECRYPT);
+var_dump(mcrypt_cbc($cipher, $key, $enc_data, MCRYPT_DECRYPT));
 
 --EXPECTF--
 
@@ -26,4 +26,5 @@ PHP Testfest 2008
 
 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d
 
-Warning: mcrypt_cbc(): Attempt to use an empty IV, which is NOT recommend in %s on line %d
+Warning: mcrypt_cbc(): Encryption mode requires an initialization vector in %s on line %d
+bool(false)

diff --git a/ext/mcrypt/tests/mcrypt_cfb.phpt b/ext/mcrypt/tests/mcrypt_cfb.phpt
index 11120633a5e82ed5ec0398cae16f31e0aaa029b0..1c7b9c12ff3a894d0eb6a72b761ff152e280bf13 100644 (file)
--- a/ext/mcrypt/tests/mcrypt_cfb.phpt
+++ b/ext/mcrypt/tests/mcrypt_cfb.phpt
@@ -15,7 +15,7 @@ $enc_data = mcrypt_cfb($cipher, $key, $secret, MCRYPT_ENCRYPT, $iv);
 echo trim(mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT, $iv)) . "\n";
 
 // a warning must be issued if we don't use a IV on a AES cipher, that usually requires an IV
-mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT);
+var_dump(mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT));
 
 --EXPECTF--
 
@@ -26,4 +26,5 @@ PHP Testfest 2008
 
 Deprecated: Function mcrypt_cfb() is deprecated in %s on line %d
 
-Warning: mcrypt_cfb(): Attempt to use an empty IV, which is NOT recommend in %s on line %d
+Warning: mcrypt_cfb(): Encryption mode requires an initialization vector in %s on line %d
+bool(false)

diff --git a/ext/mcrypt/tests/mcrypt_decrypt.phpt b/ext/mcrypt/tests/mcrypt_decrypt.phpt
index b4e628401e11b84d0d508424cfe9deb73e53b404..ebf95cde178a8191505d6c5a2b976b3a771b3e57 100644 (file)
--- a/ext/mcrypt/tests/mcrypt_decrypt.phpt
+++ b/ext/mcrypt/tests/mcrypt_decrypt.phpt
@@ -16,13 +16,14 @@ $enc_data = mcrypt_encrypt($cipher, $key, $secret, $mode, $iv);
 echo trim(mcrypt_decrypt($cipher, $key, $enc_data, $mode, $iv)) . "\n";
 
 // a warning must be issued if we don't use a IV on a AES cipher, that usually requires an IV
-mcrypt_decrypt($cipher, $key, $enc_data, MCRYPT_MODE_CBC);
+var_dump(mcrypt_decrypt($cipher, $key, $enc_data, MCRYPT_MODE_CBC));
 
-var_dump(strpos(mcrypt_decrypt(MCRYPT_BLOWFISH, "FooBar", $enc_data, MCRYPT_MODE_CBC, $iv), "Testfest") !== false);
+var_dump(mcrypt_decrypt(MCRYPT_BLOWFISH, "FooBar", $enc_data, MCRYPT_MODE_CBC, $iv));
 --EXPECTF--
 PHP Testfest 2008
 
-Warning: mcrypt_decrypt(): Attempt to use an empty IV, which is NOT recommend in %s on line %d
+Warning: mcrypt_decrypt(): Encryption mode requires an initialization vector in %s on line %d
+bool(false)
 
 Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in %s on line %d
-bool(false)
\ No newline at end of file
+bool(false)