- MFH: Fixed bug #43143 (Warning about empty IV with MCRYPT_MODE_ECB).

Derick Rethans · Derick Rethans · commit fd73296bf2ec · 2007-12-01T17:20:45.000Z
diff --git a/NEWS b/NEWS
@@ -59,6 +59,7 @@ PHP                                                                        NEWS
 
 - Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf)
 
+- Fixed bug #43143 (Warning about empty IV with MCRYPT_MODE_ECB). (Derick)
 - Fixed bug #43136 (possible crash on script execution timeout.
   The EG(function_state_ptr) is completely removed,
   EG(current_execute_data)->function_state must be used instead). (Dmitry)
diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c
@@ -993,7 +993,7 @@ static void php_mcrypt_do_crypt (char* cipher, zval **key, zval **data, char *mo
 {
 	char *cipher_dir_string;
 	char *module_dir_string;
-	int block_size, max_key_length, use_key_length, i, count, iv_size;
+	int block_size, max_key_length, use_key_length, i, count, iv_size, req_iv;
 	unsigned long int data_size;
 	int *key_length_sizes;
 	char *key_s = NULL, *iv_s;
@@ -1041,6 +1041,7 @@ static void php_mcrypt_do_crypt (char* cipher, zval **key, zval **data, char *mo
 	/* Check IV */
 	iv_s = NULL;
 	iv_size = mcrypt_enc_get_iv_size (td);
+	req_iv = mcrypt_enc_mode_has_iv(td);
 	if (argc == 5) {
 		if (iv_size != Z_STRLEN_PP(iv)) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, MCRYPT_IV_WRONG_SIZE);
@@ -1049,7 +1050,7 @@ static void php_mcrypt_do_crypt (char* cipher, zval **key, zval **data, char *mo
 			memcpy(iv_s, Z_STRVAL_PP(iv), iv_size);
 		}
 	} else if (argc == 4) {
-		if (iv_size != 0) {
+		if (req_iv == 1) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempt to use an empty IV, which is NOT recommend");
 			iv_s = emalloc(iv_size + 1);
 			memset(iv_s, 0, iv_size + 1);
diff --git a/ext/mcrypt/tests/bug43143.phpt b/ext/mcrypt/tests/bug43143.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Bug #43143 (Warning about empty IV with MCRYPT_MODE_ECB)
+--SKIPIF--
+<?php if (!extension_loaded("mcrypt")) print "skip"; ?>
+--FILE--
+<?php
+echo "ECB\n";
+$input = 'to be encrypted';
+$mkey = hash('sha256', 'secret key', TRUE);
+$data = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $mkey, $input, MCRYPT_MODE_ECB);
+echo "CFB\n";
+$input = 'to be encrypted';
+$mkey = hash('sha256', 'secret key', TRUE);
+$data = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $mkey, $input, MCRYPT_MODE_CFB);
+echo "END\n";
+?>
+--EXPECTF--
+ECB
+CFB
+
+Warning: mcrypt_encrypt(): Attempt to use an empty IV, which is NOT recommend in %sbug43143.php on line 9
+END
