From: d_kelsey at uk dot ibm dot com Operating system: Windows XP PHP version: 5.2.6 PHP Bug Type: mcrypt related Bug description: warnings incorrectly generated for iv in ecb mode
Description: ------------ With the functions mcrypt_encrypt, mcrypt_decrypt with MCRYPT_MODE_ECB and mcrypt_ecb, by not providing an initial vector or providing one that isn't at the correct block size results in a warning being generated. ECB mode never uses the initial vector, so a warning is irrelevant. Reproduce code: --------------- <?php // the same type of results can also be seen with mcrypt_ecb, mcrypt_decrypt var_dump(bin2hex(mcrypt_encrypt(MCRYPT_TRIPLEDES, "key", "data", MCRYPT_MODE_ECB))); var_dump(bin2hex(mcrypt_encrypt(MCRYPT_TRIPLEDES, "key", "data", MCRYPT_MODE_ECB, "a"))); var_dump(bin2hex(mcrypt_encrypt(MCRYPT_TRIPLEDES, "key", "data", MCRYPT_MODE_ECB, "12345678"))); ?> Expected result: ---------------- string(16) "372eeb4a524b8d31" string(16) "372eeb4a524b8d31" string(16) "372eeb4a524b8d31" Actual result: -------------- Warning: mcrypt_encrypt(): Attempt to use an empty IV, which is NOT recommend in C:\udata-eclipse\p8\a.phpcode\mcrypt_ecb.php on line 2 string(16) "372eeb4a524b8d31" Warning: mcrypt_encrypt(): The IV parameter must be as long as the blocksize in C:\udata-eclipse\p8\a.phpcode\mcrypt_ecb.php on line 3 string(16) "372eeb4a524b8d31" string(16) "372eeb4a524b8d31" -- Edit bug report at http://bugs.php.net/?id=46010&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=46010&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=46010&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=46010&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=46010&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=46010&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=46010&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=46010&r=needscript Try newer version: http://bugs.php.net/fix.php?id=46010&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=46010&r=support Expected behavior: http://bugs.php.net/fix.php?id=46010&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=46010&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=46010&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=46010&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=46010&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=46010&r=dst IIS Stability: http://bugs.php.net/fix.php?id=46010&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=46010&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=46010&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=46010&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=46010&r=mysqlcfg
