PHP Bugs: #40999: mcrypt_create_iv() not using random seed.

Bug #40999	mcrypt_create_iv() not using random seed.
Submitted:	4 Apr 2007 11:57pm UTC	Modified:	8 Apr 2007 3:06pm UTC
From:	john dot hargrove at sellingsource dot com	Assigned to:	iliaa
Status:	Closed	Category:	mcrypt related
Version:	5.2.1	OS:	All

View/Vote Developer Edit Submission

[4 Apr 2007 11:57pm UTC] john dot hargrove at sellingsource dot com

Description:
------------
This bug is only for mcrypt_create_iv() when passing MCRYPT_RAND as the
source. 

I believe this is a bug that has been re-introduced to PHP at some point
after 5.1.4.  This bug is not in 5.1.4, but is currently in PHP 5.2.1,
and it was reported previously in 5.0.X.  So it seems fixed, then
unfixed.  

mcrypt_create_iv() is making a call to php_rand_r(), but is passing an
uninitialized unsigned int as the random seed.

I believe it should be calling php_rand() with no argument (which would
invoke the auto-seeding feature of the php function rand()), or simply
rand().   In 5.1.4, it was rand().

Here is a patch: http://www.fortheloot.com/public/mcrypt.patch

That should fix it.  Additionally, the "expected output" below is from a
version after applying the patch above.

Sorry for the Wall-O-Text, just wanted to make sure this was considered
legit.

Reproduce code:
---------------
srand((double) microtime(true) * 1000000);

$module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, NULL, MCRYPT_MODE_CFB,
NULL);

echo "iv1: " . bin2hex(mcrypt_create_iv(mcrypt_enc_get_iv_size($module),
MCRYPT_RAND)) . "\n";
echo "iv2: " . bin2hex(mcrypt_create_iv(mcrypt_enc_get_iv_size($module),
MCRYPT_RAND)) . "\n";
echo "iv3: " . bin2hex(mcrypt_create_iv(mcrypt_enc_get_iv_size($module),
MCRYPT_RAND)) . "\n";

Expected result:
----------------
3 random hex strings. e.g.,
iv1: 3e280c689f08c1a6e7993e41040eec1b
iv2: caa3b8ae0241995d36a346904b7672bf
iv3: a4d25fe39436d72b96cf68efe7ceb1a5

Actual result:
--------------
iv1: a67ed3dd28eb59be57bbfee36f75df52
iv2: a67ed3dd28eb59be57bbfee36f75df52
iv3: a67ed3dd28eb59be57bbfee36f75df52

[5 Apr 2007 1:49am UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

[7 Apr 2007 11:15am UTC] derick@php.net

Was not committed to HEAD.

[8 Apr 2007 3:06pm UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| login

go to bug id or search bugs for