PHP :: Bug #46010 :: warnings incorrectly generated for iv in ecb mode

Bug #46010	warnings incorrectly generated for iv in ecb mode
Submitted:	2008-09-06 15:36 UTC	Modified:	2008-09-07 23:10 UTC
From:	d_kelsey at uk dot ibm dot com	Assigned:
Status:	Closed	Package:	mcrypt related
PHP Version:	5.2.6	OS:	Windows XP
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	d_kelsey at uk dot ibm dot com
New email:
PHP Version:		OS:

New Comment:

[2008-09-06 15:36 UTC] d_kelsey at uk dot ibm dot com

Description:
------------
With the functions 
mcrypt_encrypt, mcrypt_decrypt with MCRYPT_MODE_ECB and mcrypt_ecb, by not providing an initial vector or providing one that isn't at the correct block size results in a warning being generated. 

ECB mode never uses the initial vector, so a warning is irrelevant. 

Reproduce code:
---------------
<?php
// the same type of results can also be seen with mcrypt_ecb, mcrypt_decrypt
var_dump(bin2hex(mcrypt_encrypt(MCRYPT_TRIPLEDES, "key", "data", MCRYPT_MODE_ECB)));
var_dump(bin2hex(mcrypt_encrypt(MCRYPT_TRIPLEDES, "key", "data", MCRYPT_MODE_ECB, "a")));
var_dump(bin2hex(mcrypt_encrypt(MCRYPT_TRIPLEDES, "key", "data", MCRYPT_MODE_ECB, "12345678")));
?> 

Expected result:
----------------
string(16) "372eeb4a524b8d31"
string(16) "372eeb4a524b8d31"
string(16) "372eeb4a524b8d31"

Actual result:
--------------
Warning: mcrypt_encrypt(): Attempt to use an empty IV, which is NOT recommend in C:\udata-eclipse\p8\a.phpcode\mcrypt_ecb.php on line 2
string(16) "372eeb4a524b8d31"

Warning: mcrypt_encrypt(): The IV parameter must be as long as the blocksize in C:\udata-eclipse\p8\a.phpcode\mcrypt_ecb.php on line 3
string(16) "372eeb4a524b8d31"
string(16) "372eeb4a524b8d31"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-09-07 23:10 UTC] felipe@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 15:01:30 2024 UTC