Skip to content

Make mcrypt input handling stricter #610

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 6 commits into from
Closed

Make mcrypt input handling stricter #610

wants to merge 6 commits into from

Conversation

nikic
Copy link
Member

@nikic nikic commented Mar 1, 2014

No longer allow invalid IV size, invalid key size or missing IV on modes that require an IV.

nikic added 4 commits March 1, 2014 15:29
@nikic
Abort on invalid IV size
27d75b8 
Previously, if the size of the IV did not match the block size
mcrypt would throw a warning and fall back to a NUL IV. This
behavior is both dangerous and makes no practical sense.

mcrypt_encrypt etc. will now return false if the IV has an incorrect
size.
@nikic
Abort on missing IV if the enc_mode requires it
5480b64 
Previously the code fell back on using a NUL IV if no IV was
passed and the encryption mode required it. This is dangerous and
makes no sense from a practical point of view (as you could just
as well use ECB then).
@nikic
Abort on invalid key size
88d0053 
Previously an incorrectly sized key was either silently padded
with NUL bytes or truncated. Especially the silent nature of this
behavior makes it extremely easy to use weak encryption. A common
mistake - which has also been extensively made in our tests - is
to use a password instead of a key.

Incorrectly sized keys will now be rejected.
@nikic
Clean up do_crypt code
9539d1c 
Avoid unnecessary alloc/copy/free cycles and clean up structure in
general. Add a few extra checks for the key length.
derickr
derickr reviewed Mar 2, 2014
View reviewed changes
ext/mcrypt/mcrypt.c

{
int count, i;
int *key_sizes = mcrypt_enc_get_supported_key_sizes(td, &count);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems a bit pointless to start a new scope here. Just put the definitions at the start?

@php-pulls
Copy link

Comment on behalf of nikic at php.net:

Merged.

@php-pulls php-pulls closed this Mar 6, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nikic @php-pulls @derickr