|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22828 Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize
Submitted: 2003-03-22 13:50 UTC Modified: 2003-04-29 10:19 UTC
Avg. Score:3.8 ± 1.1
Reproduced:5 of 6 (83.3%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: cbair at dragonmagic dot net Assigned:
Status: No Feedback Package: mcrypt related
PHP Version: 4.3.2RC1 OS: Red Hat Linux/Cobalt RaQ3
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2003-03-22 13:50 UTC] cbair at dragonmagic dot net
A payment script I wrote up for simplicity has worked throughout 4.2 and up to 4.3.1. I recently installed 4.3.2RC1 on my RaQ3 server with mcrypt, and now the payment script, upon trying to retrieve a credit card number, reveals:

Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize

There have been no changes to the script since 4.2. It retrieves information from a MySQL database, which also has not changed or been upgraded, except extra rows added as people pay.

I cannot retrieve any payment information now with this. If you need sample code, please let me know.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-03-22 13:59 UTC] cbair at dragonmagic dot net
I apologize. I went back through and payments made before upgrading to 4.3.2RC1 show fine still. So it must be when inputting the CC number into the database.

Again, this script hasn't been upgraded since 4.2, so it should still work the same if the mcrypt functions haven't changed.

Code here as is for inserting:

$algo = MCRYPT_RIJNDAEL_192;
$iv = mcrypt_create_iv(mcrypt_get_iv_size($algo, MCRYPT_MODE_ECB), MCRYPT_RAND);
$enc_str = mcrypt_encrypt($algo, $salt, $cc_num, MCRYPT_MODE_CBC, $iv);
$new_cc = addslashes($enc_str);

$construct = "INSERT INTO `payment` (`payee`,`amount`,`bill_name`,`bill_add`,`bill_city`,`bill_state`,`bill_code`,`bill_country`,`ship_name`,`ship_add`,`ship_city`,`ship_state`,`ship_code`,`ship_country`,`email`,`phone_home`,`phone_work`,`cc_type`,`cc_exp`,`cc_name`,`cc_num`,`cc_cvv2`,`description`,`date`,`iv`) VALUES ('$endorsee','$total','$bill_name','$bill_add','$bill_city','$bill_state','$bill_code','$bill_country','$ship_name','$ship_add','$ship_city','$ship_state','$ship_code','$ship_country','$email','$phone_home','$phone_work','$cc_type','$cc_exp','$cc_name','$new_cc','$cc_cvv2','$description','$date','$iv')";
$set_mysql = mysql_query($construct) or die("Could not insert your information into the database. Your information was not stored or sent. Please try again later. If you feel this is in error, please contact <a href=\"mailto:$admin\">$admin</a>.");
 [2003-04-24 03:18 UTC]
The code you pasted is not complete and doesn't generate any error for  me. Also, you're creating an IV for an ECB mode and you're using CBC to encrypt? That's not correct either. Please provide a full script that demonstrates the problem (so that I can copy & paste it) and ad your libmcrypt version to this bugreport.

 [2003-04-29 10:19 UTC]
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Sep 21 13:01:25 2020 UTC