php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #71992 The $iv parameter should be required since E_WARNING is thrown without it
Submitted: 2016-04-08 16:44 UTC Modified: 2016-05-02 14:29 UTC
From: markreodica at gmail dot com Assigned: bukka (profile)
Status: Wont fix Package: OpenSSL related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: markreodica at gmail dot com
New email:
PHP Version: OS:

 

 [2016-04-08 16:44 UTC] markreodica at gmail dot com 
Description:
------------
---
From manual page: http://www.php.net/function.openssl-encrypt
---

The manual says: "Emits an E_WARNING level error if an empty value is passed in via the iv parameter."

Because of this behavior, the $iv parameter should be required. The parameter should not be labeled as optional if it's throwing an E_WARNING if not used.

Test script:
---------------
Test script is not really needed.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-05-02 14:26 UTC] bukka@php.net
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: bukk
 [2016-05-02 14:29 UTC] bukka@php.net
-Assigned To: bukk +Assigned To: bukka
 [2016-05-02 14:29 UTC] bukka@php.net 
This is just an incorrect documentation. The IV parameter depends on cipher mode. It means that it's not required for ECB mode or some weak ciphers like RC4. The function is marked as not documented but we will hopefully improve it at some point.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 19:01:29 2024 UTC