PHP :: Request #71992 :: The $iv parameter should be required since E

Request #71992	The $iv parameter should be required since E_WARNING is thrown without it
Submitted:	2016-04-08 16:44 UTC	Modified:	2016-05-02 14:29 UTC
From:	markreodica at gmail dot com	Assigned:	bukka (profile)
Status:	Wont fix	Package:	OpenSSL related
PHP Version:	Irrelevant	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

[2016-04-08 16:44 UTC] markreodica at gmail dot com

Description:
------------
---
From manual page: http://www.php.net/function.openssl-encrypt
---

The manual says: "Emits an E_WARNING level error if an empty value is passed in via the iv parameter."

Because of this behavior, the $iv parameter should be required. The parameter should not be labeled as optional if it's throwing an E_WARNING if not used.

Test script:
---------------
Test script is not really needed.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-05-02 14:26 UTC] bukka@php.net

-Status: Open +Status: Wont fix -Assigned To: +Assigned To: bukk

[2016-05-02 14:29 UTC] bukka@php.net

-Assigned To: bukk +Assigned To: bukka

[2016-05-02 14:29 UTC] bukka@php.net

This is just an incorrect documentation. The IV parameter depends on cipher mode. It means that it's not required for ECB mode or some weak ciphers like RC4. The function is marked as not documented but we will hopefully improve it at some point.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 14:01:30 2024 UTC