From 412d15168192fdd3afafca5cff034bb5b451942f Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Thu, 7 Oct 2010 12:32:00 +0000 Subject: [PATCH] Fixed extrenous warning inside openssl_encrypt() for cases where iv not provided, but algo does not require an iv --- ext/openssl/openssl.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index ac2fcd4bfc..c6fc05da5e 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4683,7 +4683,7 @@ PHP_FUNCTION(openssl_encrypt) { zend_bool raw_output = 0; char *data, *method, *password, *iv = ""; - int data_len, method_len, password_len, iv_len = 0; + int data_len, method_len, password_len, iv_len = 0, max_iv_len; const EVP_CIPHER *cipher_type; EVP_CIPHER_CTX cipher_ctx; int i, outlen, keylen; @@ -4708,10 +4708,11 @@ PHP_FUNCTION(openssl_encrypt) key = (unsigned char*)password; } - if (iv_len <= 0) { + max_iv_len = EVP_CIPHER_iv_length(cipher_type); + if (iv_len <= 0 && max_iv_len > 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Using an empty Initialization Vector (iv) is potentially insecure and not recommended"); } - free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC); + free_iv = php_openssl_validate_iv(&iv, &iv_len, max_iv_len TSRMLS_CC); outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); -- 2.40.0