CVE-2013-7327). (Tomas Hoger, Remi).
- Hash:
- . Fixed buf #66698 (Missing FNV1a32 and FNV1a64 hash functions).
+ . Fixed bug #66698 (Missing FNV1a32 and FNV1a64 hash functions).
(Michael M Slusarz).
- Mail:
. No longer allow invalid key sizes, invalid IV sizes or missing required IV
in mcrypt_encrypt, mcrypt_decrypt and the deprecated mode functions.
(Nikita)
+ . Use /dev/urandom as the default source for mcrypt_create_iv(). (Nikita)
- MySQLi:
. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
context options, so most users should be unaffected by this transparent
security enhancement. (https://wiki.php.net/rfc/tls-peer-verification)
+- Mcrypt:
+ The mcrypt_encrypt(), mcrypt_decrypt() and mcrypt_{MODE}() functions no
+ longer accept keys or IVs with incorrect sizes. Furthermore an IV is now
+ required if the used block cipher mode requires it.
+
========================================
2. New Features
========================================
crypt() will now raise an E_NOTICE error if the salt parameter is omitted.
See: https://wiki.php.net/rfc/crypt_function_salt
+- Mcrypt:
+ The $source parameter of mcrypt_create_iv() now defaults to
+ MCRYPT_DEV_URANDOM instead of MCRYPT_DEV_RANDOM.
+
- XMLReader:
XMLReader::getAttributeNs and XMLReader::getAttributeNo now return NULL if
the attribute could not be found, just like XMLReader::getAttribute.
ZEND_ARG_INFO(0, iv)
ZEND_END_ARG_INFO()
-ZEND_BEGIN_ARG_INFO_EX(arginfo_mcrypt_create_iv, 0, 0, 2)
+ZEND_BEGIN_ARG_INFO_EX(arginfo_mcrypt_create_iv, 0, 0, 1)
ZEND_ARG_INFO(0, size)
ZEND_ARG_INFO(0, source)
ZEND_END_ARG_INFO()
#define MCRYPT_ENCRYPT 0
#define MCRYPT_DECRYPT 1
+typedef enum {
+ RANDOM = 0,
+ URANDOM,
+ RAND
+} iv_source;
+
#define MCRYPT_GET_INI \
cipher_dir_string = MCG(algorithms_dir); \
module_dir_string = MCG(modes_dir);
REGISTER_LONG_CONSTANT("MCRYPT_DECRYPT", 1, CONST_PERSISTENT);
/* sources for mcrypt_create_iv */
- REGISTER_LONG_CONSTANT("MCRYPT_DEV_RANDOM", 0, CONST_PERSISTENT);
- REGISTER_LONG_CONSTANT("MCRYPT_DEV_URANDOM", 1, CONST_PERSISTENT);
- REGISTER_LONG_CONSTANT("MCRYPT_RAND", 2, CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("MCRYPT_DEV_RANDOM", RANDOM, CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("MCRYPT_DEV_URANDOM", URANDOM, CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("MCRYPT_RAND", RAND, CONST_PERSISTENT);
/* ciphers */
MCRYPT_ENTRY2_2_4(3DES, "tripledes");
}
/* }}} */
-typedef enum {
- RANDOM = 0,
- URANDOM,
- RAND
-} iv_source;
-
/* {{{ proto resource mcrypt_module_open(string cipher, string cipher_directory, string mode, string mode_directory)
Opens the module of the algorithm and the mode to be used */
PHP_FUNCTION(mcrypt_module_open)
PHP_FUNCTION(mcrypt_create_iv)
{
char *iv;
- long source = RANDOM;
+ long source = URANDOM;
long size;
int n = 0;
projects / php / commitdiff