From 27d75b81401db352048cf63ddf26b29fd649a8db Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Sat, 1 Mar 2014 15:29:20 +0100 Subject: [PATCH 1/6] Abort on invalid IV size Previously, if the size of the IV did not match the block size mcrypt would throw a warning and fall back to a NUL IV. This behavior is both dangerous and makes no practical sense. mcrypt_encrypt etc. will now return false if the IV has an incorrect size. --- ext/mcrypt/mcrypt.c | 2 + ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt | 4 +- ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt | 4 +- ext/mcrypt/tests/mcrypt_cbc_variation5.phpt | 40 +++++++++---------- ext/mcrypt/tests/mcrypt_decrypt_3des_cbc.phpt | 4 +- .../tests/mcrypt_decrypt_variation5.phpt | 40 +++++++++---------- ext/mcrypt/tests/mcrypt_encrypt_3des_cbc.phpt | 4 +- .../tests/mcrypt_encrypt_variation5.phpt | 40 +++++++++---------- .../tests/mcrypt_rijndael128_128BitKey.phpt | 16 ++++---- 9 files changed, 78 insertions(+), 76 deletions(-) diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c index 89ad83f6bf721..83b3765f74c83 100644 --- a/ext/mcrypt/mcrypt.c +++ b/ext/mcrypt/mcrypt.c @@ -1223,6 +1223,8 @@ static void php_mcrypt_do_crypt(char* cipher, const char *key, int key_len, cons if (argc == 5) { if (iv_size != iv_len) { php_error_docref(NULL TSRMLS_CC, E_WARNING, MCRYPT_IV_WRONG_SIZE); + efree(key_s); + RETURN_FALSE; } else { iv_s = emalloc(iv_size + 1); memcpy(iv_s, iv, iv_size); diff --git a/ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt b/ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt index 67799a3fdd976..f65123bc429b1 100644 --- a/ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt @@ -100,7 +100,7 @@ iv length=4 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d Warning: mcrypt_cbc(): The IV parameter must be as long as the blocksize in %s on line %d -string(32) "736563726574206d6573736167650000" +string(0) "" iv length=8 @@ -112,5 +112,5 @@ iv length=9 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d Warning: mcrypt_cbc(): The IV parameter must be as long as the blocksize in %s on line %d -string(32) "736563726574206d6573736167650000" +string(0) "" ===DONE=== diff --git a/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt b/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt index 1af094c27b04c..962d4091a2f3c 100644 --- a/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt @@ -83,7 +83,7 @@ iv length=4 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d Warning: mcrypt_cbc(): The IV parameter must be as long as the blocksize in %s on line %d -string(112) "440a6f54601969b127aad3c217ce7583c7f7b29989693130645569301db0020b29a34a3dcd104b2d0e3ba19d6cbd8a33d352b9c27cc34ef1" +string(0) "" iv length=8 @@ -95,5 +95,5 @@ iv length=9 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d Warning: mcrypt_cbc(): The IV parameter must be as long as the blocksize in %s on line %d -string(112) "440a6f54601969b127aad3c217ce7583c7f7b29989693130645569301db0020b29a34a3dcd104b2d0e3ba19d6cbd8a33d352b9c27cc34ef1" +string(0) "" ===DONE=== diff --git a/ext/mcrypt/tests/mcrypt_cbc_variation5.phpt b/ext/mcrypt/tests/mcrypt_cbc_variation5.phpt index 0c75c97934104..d3a6d9c12d96a 100644 --- a/ext/mcrypt/tests/mcrypt_cbc_variation5.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc_variation5.phpt @@ -126,47 +126,47 @@ fclose($fp); --int 0-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --int 1-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --int 12345-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --int -12345-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --float 10.5-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --float -10.5-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --float 12.3456789000e10-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --float -12.3456789000e10-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --float .5-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --empty array-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) @@ -191,47 +191,47 @@ string(0) "" --uppercase NULL-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --lowercase null-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --lowercase true-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --lowercase false-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --uppercase TRUE-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --uppercase FALSE-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --empty string DQ-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --empty string SQ-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --instance of classWithToString-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --instance of classWithoutToString-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) @@ -241,12 +241,12 @@ string(0) "" --undefined var-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --unset var-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) Error: 2 - mcrypt_cbc(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --resource-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) diff --git a/ext/mcrypt/tests/mcrypt_decrypt_3des_cbc.phpt b/ext/mcrypt/tests/mcrypt_decrypt_3des_cbc.phpt index 30d0c2bafaa43..9c4f30d8ad170 100644 --- a/ext/mcrypt/tests/mcrypt_decrypt_3des_cbc.phpt +++ b/ext/mcrypt/tests/mcrypt_decrypt_3des_cbc.phpt @@ -89,7 +89,7 @@ string(32) "736563726574206d6573736167650000" iv length=4 Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in %s on line %d -string(32) "736563726574206d6573736167650000" +string(0) "" iv length=8 string(32) "736563726574206d6573736167650000" @@ -97,5 +97,5 @@ string(32) "736563726574206d6573736167650000" iv length=9 Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in %s on line %d -string(32) "736563726574206d6573736167650000" +string(0) "" ===DONE=== diff --git a/ext/mcrypt/tests/mcrypt_decrypt_variation5.phpt b/ext/mcrypt/tests/mcrypt_decrypt_variation5.phpt index f1541bdaeaa34..aeda9efd0c1e2 100644 --- a/ext/mcrypt/tests/mcrypt_decrypt_variation5.phpt +++ b/ext/mcrypt/tests/mcrypt_decrypt_variation5.phpt @@ -125,39 +125,39 @@ fclose($fp); --int 0-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --int 1-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --int 12345-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --int -12345-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --float 10.5-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --float -10.5-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --float 12.3456789000e10-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --float -12.3456789000e10-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --float .5-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --empty array-- Error: 2 - mcrypt_decrypt() expects parameter 5 to be string, array given, %s(%d) @@ -177,39 +177,39 @@ string(0) "" --uppercase NULL-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --lowercase null-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --lowercase true-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --lowercase false-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --uppercase TRUE-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --uppercase FALSE-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --empty string DQ-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --empty string SQ-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --instance of classWithToString-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --instance of classWithoutToString-- Error: 2 - mcrypt_decrypt() expects parameter 5 to be string, object given, %s(%d) @@ -217,11 +217,11 @@ string(0) "" --undefined var-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --unset var-- Error: 2 - mcrypt_decrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "a80c6cef6b42c875e2372a0339dc22b0" +string(0) "" --resource-- Error: 2 - mcrypt_decrypt() expects parameter 5 to be string, resource given, %s(%d) diff --git a/ext/mcrypt/tests/mcrypt_encrypt_3des_cbc.phpt b/ext/mcrypt/tests/mcrypt_encrypt_3des_cbc.phpt index f86bd3925ce39..21b3cee63b411 100644 --- a/ext/mcrypt/tests/mcrypt_encrypt_3des_cbc.phpt +++ b/ext/mcrypt/tests/mcrypt_encrypt_3des_cbc.phpt @@ -82,7 +82,7 @@ string(112) "b85e21072239d60c63a80e7c9ae493cb741a1cd407e52f451c5f43a0d103f55a7b6 iv length=4 Warning: mcrypt_encrypt(): The IV parameter must be as long as the blocksize in %s on line %d -string(112) "440a6f54601969b127aad3c217ce7583c7f7b29989693130645569301db0020b29a34a3dcd104b2d0e3ba19d6cbd8a33d352b9c27cc34ef1" +string(0) "" iv length=8 string(112) "bac347506bf092c5557c4363c301745d78f047028e2953e84fd66b30aeb6005812dadbe8baa871b83278341599b0c448ddaaa52b5a378ce5" @@ -90,5 +90,5 @@ string(112) "bac347506bf092c5557c4363c301745d78f047028e2953e84fd66b30aeb6005812d iv length=9 Warning: mcrypt_encrypt(): The IV parameter must be as long as the blocksize in %s on line %d -string(112) "440a6f54601969b127aad3c217ce7583c7f7b29989693130645569301db0020b29a34a3dcd104b2d0e3ba19d6cbd8a33d352b9c27cc34ef1" +string(0) "" ===DONE=== diff --git a/ext/mcrypt/tests/mcrypt_encrypt_variation5.phpt b/ext/mcrypt/tests/mcrypt_encrypt_variation5.phpt index ecadb7651cf70..8d1cf86ef0b13 100644 --- a/ext/mcrypt/tests/mcrypt_encrypt_variation5.phpt +++ b/ext/mcrypt/tests/mcrypt_encrypt_variation5.phpt @@ -126,39 +126,39 @@ fclose($fp); --int 0-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --int 1-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --int 12345-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --int -12345-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --float 10.5-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --float -10.5-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --float 12.3456789000e10-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --float -12.3456789000e10-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --float .5-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --empty array-- Error: 2 - mcrypt_encrypt() expects parameter 5 to be string, array given, %s(%d) @@ -178,39 +178,39 @@ string(0) "" --uppercase NULL-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --lowercase null-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --lowercase true-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --lowercase false-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --uppercase TRUE-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --uppercase FALSE-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --empty string DQ-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --empty string SQ-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --instance of classWithToString-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --instance of classWithoutToString-- Error: 2 - mcrypt_encrypt() expects parameter 5 to be string, object given, %s(%d) @@ -218,11 +218,11 @@ string(0) "" --undefined var-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --unset var-- Error: 2 - mcrypt_encrypt(): The IV parameter must be as long as the blocksize, %s(%d) -string(32) "6438db90653c4d3080c3ceab43618c05" +string(0) "" --resource-- Error: 2 - mcrypt_encrypt() expects parameter 5 to be string, resource given, %s(%d) diff --git a/ext/mcrypt/tests/mcrypt_rijndael128_128BitKey.phpt b/ext/mcrypt/tests/mcrypt_rijndael128_128BitKey.phpt index e450a69047e1d..7a12da87f0f2c 100644 --- a/ext/mcrypt/tests/mcrypt_rijndael128_128BitKey.phpt +++ b/ext/mcrypt/tests/mcrypt_rijndael128_128BitKey.phpt @@ -105,30 +105,30 @@ iv length=0 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d Warning: mcrypt_cbc(): The IV parameter must be as long as the blocksize in %s on line %d -string(128) "c082b3fabaae4c8c410eb8dba64bae10e48d79b5241fb8f24462cad43bd0b35ad2746b00817e9dcbc636b44df0ec60b46a57e7a310a308a0947724e3817a13b4" +string(0) "" Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in %s on line %d -string(128) "546869732069732074686520736563726574206d657373616765207768696368206d75737420626520656e637279707465640000000000000000000000000000" +string(0) "" iv length=0 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d Warning: mcrypt_cbc(): The IV parameter must be as long as the blocksize in %s on line %d -string(128) "c082b3fabaae4c8c410eb8dba64bae10e48d79b5241fb8f24462cad43bd0b35ad2746b00817e9dcbc636b44df0ec60b46a57e7a310a308a0947724e3817a13b4" +string(0) "" Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in %s on line %d -string(128) "546869732069732074686520736563726574206d657373616765207768696368206d75737420626520656e637279707465640000000000000000000000000000" +string(0) "" iv length=8 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d Warning: mcrypt_cbc(): The IV parameter must be as long as the blocksize in %s on line %d -string(128) "c082b3fabaae4c8c410eb8dba64bae10e48d79b5241fb8f24462cad43bd0b35ad2746b00817e9dcbc636b44df0ec60b46a57e7a310a308a0947724e3817a13b4" +string(0) "" Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in %s on line %d -string(128) "546869732069732074686520736563726574206d657373616765207768696368206d75737420626520656e637279707465640000000000000000000000000000" +string(0) "" iv length=16 @@ -141,8 +141,8 @@ iv length=17 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d Warning: mcrypt_cbc(): The IV parameter must be as long as the blocksize in %s on line %d -string(128) "c082b3fabaae4c8c410eb8dba64bae10e48d79b5241fb8f24462cad43bd0b35ad2746b00817e9dcbc636b44df0ec60b46a57e7a310a308a0947724e3817a13b4" +string(0) "" Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in %s on line %d -string(128) "546869732069732074686520736563726574206d657373616765207768696368206d75737420626520656e637279707465640000000000000000000000000000" +string(0) "" ===DONE=== From 5480b64168ad3c6efbc2fa93ff05ea854b87ea0d Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Sat, 1 Mar 2014 15:42:07 +0100 Subject: [PATCH 2/6] Abort on missing IV if the enc_mode requires it Previously the code fell back on using a NUL IV if no IV was passed and the encryption mode required it. This is dangerous and makes no sense from a practical point of view (as you could just as well use ECB then). --- ext/mcrypt/mcrypt.c | 6 +++--- ext/mcrypt/tests/mcrypt_cbc.phpt | 5 +++-- ext/mcrypt/tests/mcrypt_cfb.phpt | 5 +++-- ext/mcrypt/tests/mcrypt_decrypt.phpt | 9 +++++---- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c index 83b3765f74c83..889dce397f19f 100644 --- a/ext/mcrypt/mcrypt.c +++ b/ext/mcrypt/mcrypt.c @@ -1230,9 +1230,9 @@ static void php_mcrypt_do_crypt(char* cipher, const char *key, int key_len, cons memcpy(iv_s, iv, iv_size); } } else if (argc == 4) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempt to use an empty IV, which is NOT recommend"); - iv_s = emalloc(iv_size + 1); - memset(iv_s, 0, iv_size + 1); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Encryption mode requires an initialization vector"); + efree(key_s); + RETURN_FALSE; } } diff --git a/ext/mcrypt/tests/mcrypt_cbc.phpt b/ext/mcrypt/tests/mcrypt_cbc.phpt index 27cc5b2224404..fb74df9322817 100644 --- a/ext/mcrypt/tests/mcrypt_cbc.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc.phpt @@ -15,7 +15,7 @@ $enc_data = mcrypt_cbc($cipher, $key, $secret, MCRYPT_ENCRYPT, $iv); echo trim(mcrypt_cbc($cipher, $key, $enc_data, MCRYPT_DECRYPT, $iv)) . "\n"; // a warning must be issued if we don't use a IV on a AES cipher, that usually requires an IV -mcrypt_cbc($cipher, $key, $enc_data, MCRYPT_DECRYPT); +var_dump(mcrypt_cbc($cipher, $key, $enc_data, MCRYPT_DECRYPT)); --EXPECTF-- @@ -26,4 +26,5 @@ PHP Testfest 2008 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -Warning: mcrypt_cbc(): Attempt to use an empty IV, which is NOT recommend in %s on line %d +Warning: mcrypt_cbc(): Encryption mode requires an initialization vector in %s on line %d +bool(false) diff --git a/ext/mcrypt/tests/mcrypt_cfb.phpt b/ext/mcrypt/tests/mcrypt_cfb.phpt index 11120633a5e82..1c7b9c12ff3a8 100644 --- a/ext/mcrypt/tests/mcrypt_cfb.phpt +++ b/ext/mcrypt/tests/mcrypt_cfb.phpt @@ -15,7 +15,7 @@ $enc_data = mcrypt_cfb($cipher, $key, $secret, MCRYPT_ENCRYPT, $iv); echo trim(mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT, $iv)) . "\n"; // a warning must be issued if we don't use a IV on a AES cipher, that usually requires an IV -mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT); +var_dump(mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT)); --EXPECTF-- @@ -26,4 +26,5 @@ PHP Testfest 2008 Deprecated: Function mcrypt_cfb() is deprecated in %s on line %d -Warning: mcrypt_cfb(): Attempt to use an empty IV, which is NOT recommend in %s on line %d +Warning: mcrypt_cfb(): Encryption mode requires an initialization vector in %s on line %d +bool(false) diff --git a/ext/mcrypt/tests/mcrypt_decrypt.phpt b/ext/mcrypt/tests/mcrypt_decrypt.phpt index b4e628401e11b..ebf95cde178a8 100644 --- a/ext/mcrypt/tests/mcrypt_decrypt.phpt +++ b/ext/mcrypt/tests/mcrypt_decrypt.phpt @@ -16,13 +16,14 @@ $enc_data = mcrypt_encrypt($cipher, $key, $secret, $mode, $iv); echo trim(mcrypt_decrypt($cipher, $key, $enc_data, $mode, $iv)) . "\n"; // a warning must be issued if we don't use a IV on a AES cipher, that usually requires an IV -mcrypt_decrypt($cipher, $key, $enc_data, MCRYPT_MODE_CBC); +var_dump(mcrypt_decrypt($cipher, $key, $enc_data, MCRYPT_MODE_CBC)); -var_dump(strpos(mcrypt_decrypt(MCRYPT_BLOWFISH, "FooBar", $enc_data, MCRYPT_MODE_CBC, $iv), "Testfest") !== false); +var_dump(mcrypt_decrypt(MCRYPT_BLOWFISH, "FooBar", $enc_data, MCRYPT_MODE_CBC, $iv)); --EXPECTF-- PHP Testfest 2008 -Warning: mcrypt_decrypt(): Attempt to use an empty IV, which is NOT recommend in %s on line %d +Warning: mcrypt_decrypt(): Encryption mode requires an initialization vector in %s on line %d +bool(false) Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in %s on line %d -bool(false) \ No newline at end of file +bool(false) From 88d0053afaa741d84b116d1e9d628e7d8b269631 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Sat, 1 Mar 2014 23:51:03 +0100 Subject: [PATCH 3/6] Abort on invalid key size Previously an incorrectly sized key was either silently padded with NUL bytes or truncated. Especially the silent nature of this behavior makes it extremely easy to use weak encryption. A common mistake - which has also been extensively made in our tests - is to use a password instead of a key. Incorrectly sized keys will now be rejected. --- ext/mcrypt/mcrypt.c | 32 ++++------ ext/mcrypt/tests/bug46010.phpt | 13 ++-- ext/mcrypt/tests/mcrypt_cbc.phpt | 3 +- ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt | 18 +++--- ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt | 18 +++--- ext/mcrypt/tests/mcrypt_cbc_variation2.phpt | 60 ++++++++++++------- ext/mcrypt/tests/mcrypt_cbc_variation3.phpt | 2 +- ext/mcrypt/tests/mcrypt_cbc_variation4.phpt | 2 +- ext/mcrypt/tests/mcrypt_cbc_variation5.phpt | 2 +- ext/mcrypt/tests/mcrypt_cfb.phpt | 2 +- ext/mcrypt/tests/mcrypt_decrypt.phpt | 2 +- ext/mcrypt/tests/mcrypt_decrypt_3des_cbc.phpt | 18 +++--- ext/mcrypt/tests/mcrypt_decrypt_3des_ecb.phpt | 22 ++++--- .../tests/mcrypt_decrypt_variation2.phpt | 60 ++++++++++++------- .../tests/mcrypt_decrypt_variation3.phpt | 2 +- .../tests/mcrypt_decrypt_variation5.phpt | 2 +- ext/mcrypt/tests/mcrypt_ecb.phpt | 2 +- ext/mcrypt/tests/mcrypt_ecb_3des_decrypt.phpt | 20 ++++--- ext/mcrypt/tests/mcrypt_ecb_3des_encrypt.phpt | 14 +++-- ext/mcrypt/tests/mcrypt_ecb_variation2.phpt | 60 ++++++++++++------- ext/mcrypt/tests/mcrypt_ecb_variation3.phpt | 2 +- ext/mcrypt/tests/mcrypt_ecb_variation4.phpt | 2 +- ext/mcrypt/tests/mcrypt_ecb_variation5.phpt | 2 +- ext/mcrypt/tests/mcrypt_encrypt_3des_cbc.phpt | 16 +++-- ext/mcrypt/tests/mcrypt_encrypt_3des_ecb.phpt | 20 ++++--- .../tests/mcrypt_encrypt_variation2.phpt | 60 ++++++++++++------- .../tests/mcrypt_encrypt_variation3.phpt | 2 +- .../tests/mcrypt_encrypt_variation5.phpt | 2 +- ext/mcrypt/tests/mcrypt_ofb.phpt | 2 +- .../tests/mcrypt_rijndael128_128BitKey.phpt | 26 +++++--- .../tests/mcrypt_rijndael128_256BitKey.phpt | 28 +++++---- 31 files changed, 322 insertions(+), 194 deletions(-) diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c index 889dce397f19f..d3dc5c2040809 100644 --- a/ext/mcrypt/mcrypt.c +++ b/ext/mcrypt/mcrypt.c @@ -1169,7 +1169,7 @@ static void php_mcrypt_do_crypt(char* cipher, const char *key, int key_len, cons { char *cipher_dir_string; char *module_dir_string; - int block_size, max_key_length, use_key_length, i, count, iv_size; + int block_size, use_key_length, i, count, iv_size; unsigned long int data_size; int *key_length_sizes; char *key_s = NULL, *iv_s; @@ -1184,33 +1184,27 @@ static void php_mcrypt_do_crypt(char* cipher, const char *key, int key_len, cons RETURN_FALSE; } /* Checking for key-length */ - max_key_length = mcrypt_enc_get_key_size(td); - if (key_len > max_key_length) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Size of key is too large for this algorithm"); - } key_length_sizes = mcrypt_enc_get_supported_key_sizes(td, &count); if (count == 0 && key_length_sizes == NULL) { /* all lengths 1 - k_l_s = OK */ use_key_length = key_len; key_s = emalloc(use_key_length); memset(key_s, 0, use_key_length); memcpy(key_s, key, use_key_length); - } else if (count == 1) { /* only m_k_l = OK */ - key_s = emalloc(key_length_sizes[0]); - memset(key_s, 0, key_length_sizes[0]); - memcpy(key_s, key, MIN(key_len, key_length_sizes[0])); - use_key_length = key_length_sizes[0]; - } else { /* dertermine smallest supported key > length of requested key */ - use_key_length = max_key_length; /* start with max key length */ + } else { for (i = 0; i < count; i++) { - if (key_length_sizes[i] >= key_len && - key_length_sizes[i] < use_key_length) - { - use_key_length = key_length_sizes[i]; + if (key_length_sizes[i] == key_len) { + use_key_length = key_len; + key_s = emalloc(use_key_length); + memcpy(key_s, key, use_key_length); + break; } } - key_s = emalloc(use_key_length); - memset(key_s, 0, use_key_length); - memcpy(key_s, key, MIN(key_len, use_key_length)); + + if (!key_s) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Key of length %d not supported by this algorithm", key_len); + mcrypt_free(key_length_sizes); + RETURN_FALSE; + } } mcrypt_free (key_length_sizes); diff --git a/ext/mcrypt/tests/bug46010.phpt b/ext/mcrypt/tests/bug46010.phpt index ddb691e362d5f..1f0fe40a3d757 100644 --- a/ext/mcrypt/tests/bug46010.phpt +++ b/ext/mcrypt/tests/bug46010.phpt @@ -5,12 +5,13 @@ Bug #46010 (warnings incorrectly generated for iv in ecb mode) --FILE-- --EXPECTF-- -string(16) "372eeb4a524b8d31" -string(16) "372eeb4a524b8d31" -string(16) "372eeb4a524b8d31" +string(16) "f7a2ce11d4002294" +string(16) "f7a2ce11d4002294" +string(16) "f7a2ce11d4002294" diff --git a/ext/mcrypt/tests/mcrypt_cbc.phpt b/ext/mcrypt/tests/mcrypt_cbc.phpt index fb74df9322817..cf723e3803258 100644 --- a/ext/mcrypt/tests/mcrypt_cbc.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc.phpt @@ -4,7 +4,7 @@ mcrypt_cbc --FILE-- --EXPECTF-- Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d diff --git a/ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt b/ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt index f65123bc429b1..775c153643778 100644 --- a/ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt @@ -21,7 +21,7 @@ $cipher = MCRYPT_TRIPLEDES; $data = b"This is the secret message which must be encrypted"; $mode = MCRYPT_DECRYPT; -// tripledes uses keys upto 192 bits (24 bytes) +// tripledes uses keys with exactly 192 bits (24 bytes) $keys = array( b'12345678', b'12345678901234567890', @@ -54,7 +54,7 @@ for ($i = 0; $i < sizeof($keys); $i++) { special_var_dump(mcrypt_cbc($cipher, $keys[$i], base64_decode($data1[$i]), $mode, $iv)); } -$key = b'1234567890123456'; +$key = b'123456789012345678901234'; echo "\n--- testing different iv lengths\n"; for ($i = 0; $i < sizeof($ivs); $i++) { echo "\niv length=".strlen($ivs[$i])."\n"; @@ -74,12 +74,16 @@ function special_var_dump($str) { key length=8 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -string(32) "736563726574206d6573736167650000" + +Warning: mcrypt_cbc(): Key of length 8 not supported by this algorithm in %s on line %d +string(0) "" key length=20 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -string(32) "736563726574206d6573736167650000" + +Warning: mcrypt_cbc(): Key of length 20 not supported by this algorithm in %s on line %d +string(0) "" key length=24 @@ -90,8 +94,8 @@ key length=26 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -Warning: mcrypt_cbc(): Size of key is too large for this algorithm in %s on line %d -string(32) "736563726574206d6573736167650000" +Warning: mcrypt_cbc(): Key of length 26 not supported by this algorithm in %s on line %d +string(0) "" --- testing different iv lengths @@ -105,7 +109,7 @@ string(0) "" iv length=8 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -string(32) "736563726574206d6573736167650000" +string(32) "659ec947f4dc3a3b9c50de744598d3c8" iv length=9 diff --git a/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt b/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt index 962d4091a2f3c..2e8dd5fd50993 100644 --- a/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt @@ -21,7 +21,7 @@ $cipher = MCRYPT_TRIPLEDES; $data = b"This is the secret message which must be encrypted"; $mode = MCRYPT_ENCRYPT; -// tripledes uses keys upto 192 bits (24 bytes) +// tripledes uses keys with exactly 192 bits (24 bytes) $keys = array( b'12345678', b'12345678901234567890', @@ -41,7 +41,7 @@ foreach ($keys as $key) { var_dump(bin2hex(mcrypt_cbc($cipher, $key, $data, $mode, $iv))); } -$key = b'1234567890123456'; +$key = b'123456789012345678901234'; echo "\n--- testing different iv lengths\n"; foreach ($ivs as $iv) { echo "\niv length=".strlen($iv)."\n"; @@ -57,12 +57,16 @@ foreach ($ivs as $iv) { key length=8 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -string(112) "082b437d039d09418e20dc9de1dafa7ed6da5c6335b78950968441da1faf40c1f886e04da8ca177b80b376811e138c1bf51cb48dae2e7939" + +Warning: mcrypt_cbc(): Key of length 8 not supported by this algorithm in %s on line %d +string(0) "" key length=20 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -string(112) "0627351e0f8a082bf7981ae2c700a43fd3d44b270ac67b00fded1c5796eea935be0fef2a23da0b3f5e243929e62ac957bf0bf463aa90fc4f" + +Warning: mcrypt_cbc(): Key of length 20 not supported by this algorithm in %s on line %d +string(0) "" key length=24 @@ -73,8 +77,8 @@ key length=26 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -Warning: mcrypt_cbc(): Size of key is too large for this algorithm in %s on line %d -string(112) "b85e21072239d60c63a80e7c9ae493cb741a1cd407e52f451c5f43a0d103f55a7b62617eb2e44213c2d44462d388bc0b8f119384b12c84ac" +Warning: mcrypt_cbc(): Key of length 26 not supported by this algorithm in %s on line %d +string(0) "" --- testing different iv lengths @@ -88,7 +92,7 @@ string(0) "" iv length=8 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -string(112) "bac347506bf092c5557c4363c301745d78f047028e2953e84fd66b30aeb6005812dadbe8baa871b83278341599b0c448ddaaa52b5a378ce5" +string(112) "b85e21072239d60c63a80e7c9ae493cb741a1cd407e52f451c5f43a0d103f55a7b62617eb2e44213c2d44462d388bc0b8f119384b12c84ac" iv length=9 diff --git a/ext/mcrypt/tests/mcrypt_cbc_variation2.phpt b/ext/mcrypt/tests/mcrypt_cbc_variation2.phpt index 3d2a0614722d4..6a1624127b2b4 100644 --- a/ext/mcrypt/tests/mcrypt_cbc_variation2.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc_variation2.phpt @@ -125,39 +125,48 @@ fclose($fp); --int 0-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "bc27b3a4e33b531d5983fc7df693cd09" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --int 1-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "bc27b3a4e33b531d5983fc7df693cd09" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --int 12345-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "d109b7973383127002474ae731c4b3a8" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --int -12345-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "3e82a931cedb03a38b91a637ff8c9f9e" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --float 10.5-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "de71833586c1d7132a289960ebeeca7a" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --float -10.5-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "7d0489dd2e99ae910ecc015573f3dd16" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --float 12.3456789000e10-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "978055b42c0506a8947e3c3c8d994baf" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --float -12.3456789000e10-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "4aa84ba400c2b8ef467d4d98372b4f4e" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --float .5-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "e731dc5059b84e0c8774ac490f77d6e6" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --empty array-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) @@ -181,39 +190,48 @@ string(0) "" --uppercase NULL-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "be722a5ffc361d721fbcab1eacc6acf5" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --lowercase null-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "be722a5ffc361d721fbcab1eacc6acf5" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --lowercase true-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "bc27b3a4e33b531d5983fc7df693cd09" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --lowercase false-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "be722a5ffc361d721fbcab1eacc6acf5" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --uppercase TRUE-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "bc27b3a4e33b531d5983fc7df693cd09" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --uppercase FALSE-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "be722a5ffc361d721fbcab1eacc6acf5" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --empty string DQ-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "be722a5ffc361d721fbcab1eacc6acf5" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --empty string SQ-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "be722a5ffc361d721fbcab1eacc6acf5" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --instance of classWithToString-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "19420fa26f561ee82ed84abbcd2d284b" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --instance of classWithoutToString-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) @@ -222,11 +240,13 @@ string(0) "" --undefined var-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "be722a5ffc361d721fbcab1eacc6acf5" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --unset var-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -string(32) "be722a5ffc361d721fbcab1eacc6acf5" +Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +string(0) "" --resource-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) diff --git a/ext/mcrypt/tests/mcrypt_cbc_variation3.phpt b/ext/mcrypt/tests/mcrypt_cbc_variation3.phpt index 9a1464b1122cc..f9098a4221b2b 100644 --- a/ext/mcrypt/tests/mcrypt_cbc_variation3.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc_variation3.phpt @@ -27,7 +27,7 @@ set_error_handler('test_error_handler'); // Initialise function arguments not being substituted (if any) $cipher = MCRYPT_TRIPLEDES; -$key = b'string_val'; +$key = b"string_val\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; $mode = MCRYPT_ENCRYPT; $iv = b'01234567'; diff --git a/ext/mcrypt/tests/mcrypt_cbc_variation4.phpt b/ext/mcrypt/tests/mcrypt_cbc_variation4.phpt index a3dd29ba41b05..a13e4ffb7c3cf 100644 --- a/ext/mcrypt/tests/mcrypt_cbc_variation4.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc_variation4.phpt @@ -27,7 +27,7 @@ set_error_handler('test_error_handler'); // Initialise function arguments not being substituted (if any) $cipher = MCRYPT_TRIPLEDES; -$key = b'string_val'; +$key = b"string_val\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; $data = b'string_val'; $iv = b'01234567'; diff --git a/ext/mcrypt/tests/mcrypt_cbc_variation5.phpt b/ext/mcrypt/tests/mcrypt_cbc_variation5.phpt index d3a6d9c12d96a..24d518d096e48 100644 --- a/ext/mcrypt/tests/mcrypt_cbc_variation5.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc_variation5.phpt @@ -27,7 +27,7 @@ set_error_handler('test_error_handler'); // Initialise function arguments not being substituted (if any) $cipher = MCRYPT_TRIPLEDES; -$key = b'string_val'; +$key = b"string_val\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; $data = b'string_val'; $mode = MCRYPT_ENCRYPT; diff --git a/ext/mcrypt/tests/mcrypt_cfb.phpt b/ext/mcrypt/tests/mcrypt_cfb.phpt index 1c7b9c12ff3a8..a82ea46d115f4 100644 --- a/ext/mcrypt/tests/mcrypt_cfb.phpt +++ b/ext/mcrypt/tests/mcrypt_cfb.phpt @@ -4,7 +4,7 @@ mcrypt_cfb --FILE-- --FILE-- --FILE-- --FILE-- Date: Sun, 2 Mar 2014 00:42:13 +0100 Subject: [PATCH 4/6] Clean up do_crypt code Avoid unnecessary alloc/copy/free cycles and clean up structure in general. Add a few extra checks for the key length. --- ext/mcrypt/mcrypt.c | 118 +++++++++++++++++++++----------------------- 1 file changed, 57 insertions(+), 61 deletions(-) diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c index d3dc5c2040809..7ede8e6f6ffee 100644 --- a/ext/mcrypt/mcrypt.c +++ b/ext/mcrypt/mcrypt.c @@ -658,7 +658,7 @@ PHP_FUNCTION(mcrypt_generic) char *data; int data_len; php_mcrypt *pm; - unsigned char* data_s; + char* data_s; int block_size, data_size; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs", &mcryptind, &data, &data_len) == FAILURE) { @@ -1165,14 +1165,43 @@ PHP_FUNCTION(mcrypt_get_cipher_name) } /* }}} */ -static void php_mcrypt_do_crypt(char* cipher, const char *key, int key_len, const char *data, int data_len, char *mode, const char *iv, int iv_len, int argc, int dencrypt, zval* return_value TSRMLS_DC) /* {{{ */ +static zend_bool php_mcrypt_is_valid_key_size(MCRYPT td, int key_len) /* {{{ */ +{ + if (key_len <= 0) { + return 0; + } + + if (key_len > mcrypt_enc_get_key_size(td)) { + return 0; + } + + { + int count, i; + int *key_sizes = mcrypt_enc_get_supported_key_sizes(td, &count); + + if (!key_sizes) { + /* All key sizes are valid */ + return 1; + } + + for (i = 0; i < count; i++) { + if (key_sizes[i] == key_len) { + mcrypt_free(key_sizes); + return 1; + } + } + + mcrypt_free(key_sizes); + return 0; + } +} +/* }}} */ + +static void php_mcrypt_do_crypt(char* cipher, const char *key, int key_len, const char *data, int data_len, char *mode, const char *iv, int iv_len, int dencrypt, zval* return_value TSRMLS_DC) /* {{{ */ { char *cipher_dir_string; char *module_dir_string; - int block_size, use_key_length, i, count, iv_size; unsigned long int data_size; - int *key_length_sizes; - char *key_s = NULL, *iv_s; char *data_s; MCRYPT td; @@ -1183,88 +1212,55 @@ static void php_mcrypt_do_crypt(char* cipher, const char *key, int key_len, cons php_error_docref(NULL TSRMLS_CC, E_WARNING, MCRYPT_OPEN_MODULE_FAILED); RETURN_FALSE; } - /* Checking for key-length */ - key_length_sizes = mcrypt_enc_get_supported_key_sizes(td, &count); - if (count == 0 && key_length_sizes == NULL) { /* all lengths 1 - k_l_s = OK */ - use_key_length = key_len; - key_s = emalloc(use_key_length); - memset(key_s, 0, use_key_length); - memcpy(key_s, key, use_key_length); - } else { - for (i = 0; i < count; i++) { - if (key_length_sizes[i] == key_len) { - use_key_length = key_len; - key_s = emalloc(use_key_length); - memcpy(key_s, key, use_key_length); - break; - } - } - if (!key_s) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Key of length %d not supported by this algorithm", key_len); - mcrypt_free(key_length_sizes); - RETURN_FALSE; - } + /* Checking for key-length */ + if (!php_mcrypt_is_valid_key_size(td, key_len)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Key of length %d not supported by this algorithm", key_len); + RETURN_FALSE; } - mcrypt_free (key_length_sizes); - - /* Check IV */ - iv_s = NULL; - iv_size = mcrypt_enc_get_iv_size (td); /* IV is required */ if (mcrypt_enc_mode_has_iv(td) == 1) { - if (argc == 5) { - if (iv_size != iv_len) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, MCRYPT_IV_WRONG_SIZE); - efree(key_s); - RETURN_FALSE; - } else { - iv_s = emalloc(iv_size + 1); - memcpy(iv_s, iv, iv_size); - } - } else if (argc == 4) { + if (!iv) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Encryption mode requires an initialization vector"); - efree(key_s); + RETURN_FALSE; + } + + if (iv_len != mcrypt_enc_get_iv_size(td)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, MCRYPT_IV_WRONG_SIZE); RETURN_FALSE; } } /* Check blocksize */ if (mcrypt_enc_is_block_mode(td) == 1) { /* It's a block algorithm */ - block_size = mcrypt_enc_get_block_size(td); + int block_size = mcrypt_enc_get_block_size(td); data_size = (((data_len - 1) / block_size) + 1) * block_size; - data_s = emalloc(data_size); + data_s = emalloc(data_size + 1); memset(data_s, 0, data_size); memcpy(data_s, data, data_len); } else { /* It's not a block algorithm */ data_size = data_len; - data_s = emalloc(data_size); - memset(data_s, 0, data_size); + data_s = emalloc(data_size + 1); memcpy(data_s, data, data_len); } - if (mcrypt_generic_init(td, key_s, use_key_length, iv_s) < 0) { + if (mcrypt_generic_init(td, (void *) key, key_len, (void *) iv) < 0) { php_error_docref(NULL TSRMLS_CC, E_RECOVERABLE_ERROR, "Mcrypt initialisation failed"); RETURN_FALSE; } + if (dencrypt == MCRYPT_ENCRYPT) { mcrypt_generic(td, data_s, data_size); } else { mdecrypt_generic(td, data_s, data_size); } - RETVAL_STRINGL(data_s, data_size, 1); + data_s[data_size] = 0; + RETVAL_STRINGL(data_s, data_size, 0); /* freeing vars */ mcrypt_generic_end(td); - if (key_s != NULL) { - efree (key_s); - } - if (iv_s != NULL) { - efree (iv_s); - } - efree (data_s); } /* }}} */ @@ -1280,7 +1276,7 @@ PHP_FUNCTION(mcrypt_encrypt) convert_to_string_ex(mode); - php_mcrypt_do_crypt(cipher, key, key_len, data, data_len, Z_STRVAL_PP(mode), iv, iv_len, ZEND_NUM_ARGS(), MCRYPT_ENCRYPT, return_value TSRMLS_CC); + php_mcrypt_do_crypt(cipher, key, key_len, data, data_len, Z_STRVAL_PP(mode), iv, iv_len, MCRYPT_ENCRYPT, return_value TSRMLS_CC); } /* }}} */ @@ -1296,7 +1292,7 @@ PHP_FUNCTION(mcrypt_decrypt) convert_to_string_ex(mode); - php_mcrypt_do_crypt(cipher, key, key_len, data, data_len, Z_STRVAL_PP(mode), iv, iv_len, ZEND_NUM_ARGS(), MCRYPT_DECRYPT, return_value TSRMLS_CC); + php_mcrypt_do_crypt(cipher, key, key_len, data, data_len, Z_STRVAL_PP(mode), iv, iv_len, MCRYPT_DECRYPT, return_value TSRMLS_CC); } /* }}} */ @@ -1312,7 +1308,7 @@ PHP_FUNCTION(mcrypt_ecb) convert_to_long_ex(mode); - php_mcrypt_do_crypt(cipher, key, key_len, data, data_len, "ecb", iv, iv_len, ZEND_NUM_ARGS(), Z_LVAL_PP(mode), return_value TSRMLS_CC); + php_mcrypt_do_crypt(cipher, key, key_len, data, data_len, "ecb", iv, iv_len, Z_LVAL_PP(mode), return_value TSRMLS_CC); } /* }}} */ @@ -1328,7 +1324,7 @@ PHP_FUNCTION(mcrypt_cbc) convert_to_long_ex(mode); - php_mcrypt_do_crypt(cipher, key, key_len, data, data_len, "cbc", iv, iv_len, ZEND_NUM_ARGS(), Z_LVAL_PP(mode), return_value TSRMLS_CC); + php_mcrypt_do_crypt(cipher, key, key_len, data, data_len, "cbc", iv, iv_len, Z_LVAL_PP(mode), return_value TSRMLS_CC); } /* }}} */ @@ -1344,7 +1340,7 @@ PHP_FUNCTION(mcrypt_cfb) convert_to_long_ex(mode); - php_mcrypt_do_crypt(cipher, key, key_len, data, data_len, "cfb", iv, iv_len, ZEND_NUM_ARGS(), Z_LVAL_PP(mode), return_value TSRMLS_CC); + php_mcrypt_do_crypt(cipher, key, key_len, data, data_len, "cfb", iv, iv_len, Z_LVAL_PP(mode), return_value TSRMLS_CC); } /* }}} */ @@ -1360,7 +1356,7 @@ PHP_FUNCTION(mcrypt_ofb) convert_to_long_ex(mode); - php_mcrypt_do_crypt(cipher, key, key_len, data, data_len, "ofb", iv, iv_len, ZEND_NUM_ARGS(), Z_LVAL_PP(mode), return_value TSRMLS_CC); + php_mcrypt_do_crypt(cipher, key, key_len, data, data_len, "ofb", iv, iv_len, Z_LVAL_PP(mode), return_value TSRMLS_CC); } /* }}} */ From c7f4ffe467e643fdccd67c130b0c39c1c3c9bb8c Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Sun, 2 Mar 2014 23:23:12 +0100 Subject: [PATCH 5/6] Print supported key sizes in error message --- ext/mcrypt/mcrypt.c | 88 +++++++++++++++---- ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt | 6 +- ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt | 6 +- ext/mcrypt/tests/mcrypt_cbc_variation2.phpt | 40 ++++----- ext/mcrypt/tests/mcrypt_decrypt_3des_cbc.phpt | 6 +- ext/mcrypt/tests/mcrypt_decrypt_3des_ecb.phpt | 6 +- .../tests/mcrypt_decrypt_variation2.phpt | 40 ++++----- ext/mcrypt/tests/mcrypt_ecb_3des_decrypt.phpt | 6 +- ext/mcrypt/tests/mcrypt_ecb_3des_encrypt.phpt | 6 +- ext/mcrypt/tests/mcrypt_ecb_variation2.phpt | 40 ++++----- ext/mcrypt/tests/mcrypt_encrypt_3des_cbc.phpt | 6 +- ext/mcrypt/tests/mcrypt_encrypt_3des_ecb.phpt | 6 +- .../tests/mcrypt_encrypt_variation2.phpt | 40 ++++----- .../tests/mcrypt_rijndael128_128BitKey.phpt | 12 +-- .../tests/mcrypt_rijndael128_256BitKey.phpt | 12 +-- 15 files changed, 186 insertions(+), 134 deletions(-) diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c index 7ede8e6f6ffee..a9f34d77f5835 100644 --- a/ext/mcrypt/mcrypt.c +++ b/ext/mcrypt/mcrypt.c @@ -40,6 +40,7 @@ #include "php_globals.h" #include "ext/standard/info.h" #include "ext/standard/php_rand.h" +#include "ext/standard/php_smart_str.h" #include "php_mcrypt_filter.h" static int le_mcrypt; @@ -1165,35 +1166,87 @@ PHP_FUNCTION(mcrypt_get_cipher_name) } /* }}} */ -static zend_bool php_mcrypt_is_valid_key_size(MCRYPT td, int key_len) /* {{{ */ +static char *php_mcrypt_get_key_size_str( + int max_key_size, const int *key_sizes, int key_size_count) /* {{{ */ { - if (key_len <= 0) { - return 0; + if (key_size_count == 0) { + char *str; + spprintf(&str, 0, "Only keys of size 1 to %d supported", max_key_size); + return str; + } else if (key_size_count == 1) { + char *str; + spprintf(&str, 0, "Only keys of size %d supported", key_sizes[0]); + return str; + } else { + int i; + smart_str str = {0}; + smart_str_appends(&str, "Only keys of sizes "); + + for (i = 0; i < key_size_count; ++i) { + if (i == key_size_count - 1) { + smart_str_appends(&str, " or "); + } else if (i != 0) { + smart_str_appends(&str, ", "); + } + + smart_str_append_long(&str, key_sizes[i]); + } + + smart_str_appends(&str, " supported"); + smart_str_0(&str); + return str.c; } +} +/* }}} */ - if (key_len > mcrypt_enc_get_key_size(td)) { +static zend_bool php_mcrypt_is_valid_key_size( + int key_size, int max_key_size, int *key_sizes, int key_size_count) /* {{{ */ +{ + int i; + + if (key_size <= 0 || key_size > max_key_size) { return 0; } - { - int count, i; - int *key_sizes = mcrypt_enc_get_supported_key_sizes(td, &count); + if (key_size_count == 0) { + /* All key sizes are valid */ + return 1; + } - if (!key_sizes) { - /* All key sizes are valid */ + for (i = 0; i < key_size_count; i++) { + if (key_sizes[i] == key_size) { return 1; } + } - for (i = 0; i < count; i++) { - if (key_sizes[i] == key_len) { - mcrypt_free(key_sizes); - return 1; - } - } + return 0; +} +/* }}} */ + +static int php_mcrypt_ensure_valid_key_size(MCRYPT td, int key_size TSRMLS_DC) /* {{{ */ +{ + int key_size_count; + int max_key_size = mcrypt_enc_get_key_size(td); + int *key_sizes = mcrypt_enc_get_supported_key_sizes(td, &key_size_count); + + zend_bool is_valid_key_size = php_mcrypt_is_valid_key_size( + key_size, max_key_size, key_sizes, key_size_count + ); + if (!is_valid_key_size) { + char *key_size_str = php_mcrypt_get_key_size_str( + max_key_size, key_sizes, key_size_count + ); + php_error_docref(NULL TSRMLS_CC, E_WARNING, + "Key of size %d not supported by this algorithm. %s", key_size, key_size_str + ); + efree(key_size_str); + } + if (key_sizes) { mcrypt_free(key_sizes); - return 0; } + + return is_valid_key_size ? SUCCESS : FAILURE; } /* }}} */ @@ -1214,8 +1267,7 @@ static void php_mcrypt_do_crypt(char* cipher, const char *key, int key_len, cons } /* Checking for key-length */ - if (!php_mcrypt_is_valid_key_size(td, key_len)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Key of length %d not supported by this algorithm", key_len); + if (php_mcrypt_ensure_valid_key_size(td, key_len TSRMLS_CC) == FAILURE) { RETURN_FALSE; } diff --git a/ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt b/ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt index 775c153643778..c3559231be474 100644 --- a/ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc_3des_decrypt.phpt @@ -75,14 +75,14 @@ key length=8 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -Warning: mcrypt_cbc(): Key of length 8 not supported by this algorithm in %s on line %d +Warning: mcrypt_cbc(): Key of size 8 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=20 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -Warning: mcrypt_cbc(): Key of length 20 not supported by this algorithm in %s on line %d +Warning: mcrypt_cbc(): Key of size 20 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=24 @@ -94,7 +94,7 @@ key length=26 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -Warning: mcrypt_cbc(): Key of length 26 not supported by this algorithm in %s on line %d +Warning: mcrypt_cbc(): Key of size 26 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" --- testing different iv lengths diff --git a/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt b/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt index 2e8dd5fd50993..978e263588b6b 100644 --- a/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt @@ -58,14 +58,14 @@ key length=8 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -Warning: mcrypt_cbc(): Key of length 8 not supported by this algorithm in %s on line %d +Warning: mcrypt_cbc(): Key of size 8 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=20 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -Warning: mcrypt_cbc(): Key of length 20 not supported by this algorithm in %s on line %d +Warning: mcrypt_cbc(): Key of size 20 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=24 @@ -77,7 +77,7 @@ key length=26 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -Warning: mcrypt_cbc(): Key of length 26 not supported by this algorithm in %s on line %d +Warning: mcrypt_cbc(): Key of size 26 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" --- testing different iv lengths diff --git a/ext/mcrypt/tests/mcrypt_cbc_variation2.phpt b/ext/mcrypt/tests/mcrypt_cbc_variation2.phpt index 6a1624127b2b4..8efbf82f740c9 100644 --- a/ext/mcrypt/tests/mcrypt_cbc_variation2.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc_variation2.phpt @@ -125,47 +125,47 @@ fclose($fp); --int 0-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --int 1-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --int 12345-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --int -12345-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float 10.5-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float -10.5-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float 12.3456789000e10-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float -12.3456789000e10-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float .5-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --empty array-- @@ -190,47 +190,47 @@ string(0) "" --uppercase NULL-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --lowercase null-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --lowercase true-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --lowercase false-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --uppercase TRUE-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --uppercase FALSE-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --empty string DQ-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --empty string SQ-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --instance of classWithToString-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --instance of classWithoutToString-- @@ -240,12 +240,12 @@ string(0) "" --undefined var-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --unset var-- Error: 8192 - Function mcrypt_cbc() is deprecated, %s(%d) -Error: 2 - mcrypt_cbc(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_cbc(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --resource-- diff --git a/ext/mcrypt/tests/mcrypt_decrypt_3des_cbc.phpt b/ext/mcrypt/tests/mcrypt_decrypt_3des_cbc.phpt index 0a366dc14aa99..f044908034456 100644 --- a/ext/mcrypt/tests/mcrypt_decrypt_3des_cbc.phpt +++ b/ext/mcrypt/tests/mcrypt_decrypt_3des_cbc.phpt @@ -72,12 +72,12 @@ function special_var_dump($str) { key length=8 -Warning: mcrypt_decrypt(): Key of length 8 not supported by this algorithm in %s on line %d +Warning: mcrypt_decrypt(): Key of size 8 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=20 -Warning: mcrypt_decrypt(): Key of length 20 not supported by this algorithm in %s on line %d +Warning: mcrypt_decrypt(): Key of size 20 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=24 @@ -85,7 +85,7 @@ string(32) "736563726574206d6573736167650000" key length=26 -Warning: mcrypt_decrypt(): Key of length 26 not supported by this algorithm in %s on line %d +Warning: mcrypt_decrypt(): Key of size 26 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" --- testing different iv lengths diff --git a/ext/mcrypt/tests/mcrypt_decrypt_3des_ecb.phpt b/ext/mcrypt/tests/mcrypt_decrypt_3des_ecb.phpt index a5a0e7279285d..c54e6e50986a9 100644 --- a/ext/mcrypt/tests/mcrypt_decrypt_3des_ecb.phpt +++ b/ext/mcrypt/tests/mcrypt_decrypt_3des_ecb.phpt @@ -71,12 +71,12 @@ function special_var_dump($str) { key length=8 -Warning: mcrypt_decrypt(): Key of length 8 not supported by this algorithm in %s on line %d +Warning: mcrypt_decrypt(): Key of size 8 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=20 -Warning: mcrypt_decrypt(): Key of length 20 not supported by this algorithm in %s on line %d +Warning: mcrypt_decrypt(): Key of size 20 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=24 @@ -84,7 +84,7 @@ string(32) "736563726574206d6573736167650000" key length=26 -Warning: mcrypt_decrypt(): Key of length 26 not supported by this algorithm in %s on line %d +Warning: mcrypt_decrypt(): Key of size 26 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" --- testing different iv lengths diff --git a/ext/mcrypt/tests/mcrypt_decrypt_variation2.phpt b/ext/mcrypt/tests/mcrypt_decrypt_variation2.phpt index ce907bf696a4f..985029c8ba89f 100644 --- a/ext/mcrypt/tests/mcrypt_decrypt_variation2.phpt +++ b/ext/mcrypt/tests/mcrypt_decrypt_variation2.phpt @@ -124,39 +124,39 @@ fclose($fp); *** Testing mcrypt_decrypt() : usage variation *** --int 0-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --int 1-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --int 12345-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --int -12345-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float 10.5-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float -10.5-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float 12.3456789000e10-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float -12.3456789000e10-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float .5-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --empty array-- @@ -176,39 +176,39 @@ Error: 2 - mcrypt_decrypt() expects parameter 2 to be string, array given, %s(%d string(0) "" --uppercase NULL-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --lowercase null-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --lowercase true-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --lowercase false-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --uppercase TRUE-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --uppercase FALSE-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --empty string DQ-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --empty string SQ-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --instance of classWithToString-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --instance of classWithoutToString-- @@ -216,11 +216,11 @@ Error: 2 - mcrypt_decrypt() expects parameter 2 to be string, object given, %s(% string(0) "" --undefined var-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --unset var-- -Error: 2 - mcrypt_decrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_decrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --resource-- diff --git a/ext/mcrypt/tests/mcrypt_ecb_3des_decrypt.phpt b/ext/mcrypt/tests/mcrypt_ecb_3des_decrypt.phpt index 29772e9a708c7..e718107b9be96 100644 --- a/ext/mcrypt/tests/mcrypt_ecb_3des_decrypt.phpt +++ b/ext/mcrypt/tests/mcrypt_ecb_3des_decrypt.phpt @@ -74,12 +74,12 @@ function special_var_dump($str) { key length=8 -Warning: mcrypt_ecb(): Key of length 8 not supported by this algorithm in %s on line %d +Warning: mcrypt_ecb(): Key of size 8 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=20 -Warning: mcrypt_ecb(): Key of length 20 not supported by this algorithm in %s on line %d +Warning: mcrypt_ecb(): Key of size 20 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=24 @@ -87,7 +87,7 @@ string(32) "736563726574206d6573736167650000" key length=26 -Warning: mcrypt_ecb(): Key of length 26 not supported by this algorithm in %s on line %d +Warning: mcrypt_ecb(): Key of size 26 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" --- testing different iv lengths diff --git a/ext/mcrypt/tests/mcrypt_ecb_3des_encrypt.phpt b/ext/mcrypt/tests/mcrypt_ecb_3des_encrypt.phpt index 7a21df3d0bcc3..7e29579779301 100644 --- a/ext/mcrypt/tests/mcrypt_ecb_3des_encrypt.phpt +++ b/ext/mcrypt/tests/mcrypt_ecb_3des_encrypt.phpt @@ -59,12 +59,12 @@ foreach ($ivs as $iv) { key length=8 -Warning: mcrypt_ecb(): Key of length 8 not supported by this algorithm in %s on line %d +Warning: mcrypt_ecb(): Key of size 8 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=20 -Warning: mcrypt_ecb(): Key of length 20 not supported by this algorithm in %s on line %d +Warning: mcrypt_ecb(): Key of size 20 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=24 @@ -72,7 +72,7 @@ string(112) "923eedcb20e18e3efa466a6ca1b842b34e6ac46aa3690ef739d0d68a26eb64e1a6a key length=26 -Warning: mcrypt_ecb(): Key of length 26 not supported by this algorithm in %s on line %d +Warning: mcrypt_ecb(): Key of size 26 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" --- testing different iv lengths diff --git a/ext/mcrypt/tests/mcrypt_ecb_variation2.phpt b/ext/mcrypt/tests/mcrypt_ecb_variation2.phpt index ea3af842f5310..246533b722bda 100644 --- a/ext/mcrypt/tests/mcrypt_ecb_variation2.phpt +++ b/ext/mcrypt/tests/mcrypt_ecb_variation2.phpt @@ -126,39 +126,39 @@ fclose($fp); *** Testing mcrypt_ecb() : usage variation *** --int 0-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --int 1-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --int 12345-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --int -12345-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float 10.5-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float -10.5-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float 12.3456789000e10-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float -12.3456789000e10-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float .5-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --empty array-- @@ -178,39 +178,39 @@ Error: 2 - mcrypt_ecb() expects parameter 2 to be string, array given, %s(%d) string(0) "" --uppercase NULL-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --lowercase null-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --lowercase true-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --lowercase false-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --uppercase TRUE-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --uppercase FALSE-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --empty string DQ-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --empty string SQ-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --instance of classWithToString-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --instance of classWithoutToString-- @@ -218,11 +218,11 @@ Error: 2 - mcrypt_ecb() expects parameter 2 to be string, object given, %s(%d) string(0) "" --undefined var-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --unset var-- -Error: 2 - mcrypt_ecb(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_ecb(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --resource-- diff --git a/ext/mcrypt/tests/mcrypt_encrypt_3des_cbc.phpt b/ext/mcrypt/tests/mcrypt_encrypt_3des_cbc.phpt index 9c9f926167eac..8f635a786915c 100644 --- a/ext/mcrypt/tests/mcrypt_encrypt_3des_cbc.phpt +++ b/ext/mcrypt/tests/mcrypt_encrypt_3des_cbc.phpt @@ -65,12 +65,12 @@ foreach ($ivs as $iv) { key length=8 -Warning: mcrypt_encrypt(): Key of length 8 not supported by this algorithm in %s on line %d +Warning: mcrypt_encrypt(): Key of size 8 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=20 -Warning: mcrypt_encrypt(): Key of length 20 not supported by this algorithm in %s on line %d +Warning: mcrypt_encrypt(): Key of size 20 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=24 @@ -78,7 +78,7 @@ string(112) "b85e21072239d60c63a80e7c9ae493cb741a1cd407e52f451c5f43a0d103f55a7b6 key length=26 -Warning: mcrypt_encrypt(): Key of length 26 not supported by this algorithm in %s on line %d +Warning: mcrypt_encrypt(): Key of size 26 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" --- testing different iv lengths diff --git a/ext/mcrypt/tests/mcrypt_encrypt_3des_ecb.phpt b/ext/mcrypt/tests/mcrypt_encrypt_3des_ecb.phpt index 0531dcb27a44f..941eb7935f57b 100644 --- a/ext/mcrypt/tests/mcrypt_encrypt_3des_ecb.phpt +++ b/ext/mcrypt/tests/mcrypt_encrypt_3des_ecb.phpt @@ -57,12 +57,12 @@ foreach ($ivs as $iv) { key length=8 -Warning: mcrypt_encrypt(): Key of length 8 not supported by this algorithm in %s on line %d +Warning: mcrypt_encrypt(): Key of size 8 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=20 -Warning: mcrypt_encrypt(): Key of length 20 not supported by this algorithm in %s on line %d +Warning: mcrypt_encrypt(): Key of size 20 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" key length=24 @@ -70,7 +70,7 @@ string(112) "923eedcb20e18e3efa466a6ca1b842b34e6ac46aa3690ef739d0d68a26eb64e1a6a key length=26 -Warning: mcrypt_encrypt(): Key of length 26 not supported by this algorithm in %s on line %d +Warning: mcrypt_encrypt(): Key of size 26 not supported by this algorithm. Only keys of size 24 supported in %s on line %d string(0) "" --- testing different iv lengths diff --git a/ext/mcrypt/tests/mcrypt_encrypt_variation2.phpt b/ext/mcrypt/tests/mcrypt_encrypt_variation2.phpt index 286fbea463301..b1bf7f74bd421 100644 --- a/ext/mcrypt/tests/mcrypt_encrypt_variation2.phpt +++ b/ext/mcrypt/tests/mcrypt_encrypt_variation2.phpt @@ -124,39 +124,39 @@ fclose($fp); *** Testing mcrypt_encrypt() : usage variation *** --int 0-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --int 1-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --int 12345-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --int -12345-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float 10.5-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float -10.5-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float 12.3456789000e10-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float -12.3456789000e10-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --float .5-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --empty array-- @@ -176,39 +176,39 @@ Error: 2 - mcrypt_encrypt() expects parameter 2 to be string, array given, %s(%d string(0) "" --uppercase NULL-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --lowercase null-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --lowercase true-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --lowercase false-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --uppercase TRUE-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --uppercase FALSE-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --empty string DQ-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --empty string SQ-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --instance of classWithToString-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --instance of classWithoutToString-- @@ -216,11 +216,11 @@ Error: 2 - mcrypt_encrypt() expects parameter 2 to be string, object given, %s(% string(0) "" --undefined var-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --unset var-- -Error: 2 - mcrypt_encrypt(): Key of length %d not supported by this algorithm, %s(%d) +Error: 2 - mcrypt_encrypt(): Key of size %d not supported by this algorithm. Only keys of size 24 supported, %s(%d) string(0) "" --resource-- diff --git a/ext/mcrypt/tests/mcrypt_rijndael128_128BitKey.phpt b/ext/mcrypt/tests/mcrypt_rijndael128_128BitKey.phpt index ee1fceede515a..decbff2e3a822 100644 --- a/ext/mcrypt/tests/mcrypt_rijndael128_128BitKey.phpt +++ b/ext/mcrypt/tests/mcrypt_rijndael128_128BitKey.phpt @@ -76,32 +76,32 @@ foreach ($ivs as $iv) { key length=0 -Warning: mcrypt_encrypt(): Key of length 0 not supported by this algorithm in %s on line %d +Warning: mcrypt_encrypt(): Key of size 0 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in %s on line %d string(0) "" Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -Warning: mcrypt_cbc(): Key of length 0 not supported by this algorithm in %s on line %d +Warning: mcrypt_cbc(): Key of size 0 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in %s on line %d string(0) "" key length=0 -Warning: mcrypt_encrypt(): Key of length 0 not supported by this algorithm in %s on line %d +Warning: mcrypt_encrypt(): Key of size 0 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in %s on line %d string(0) "" Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -Warning: mcrypt_cbc(): Key of length 0 not supported by this algorithm in %s on line %d +Warning: mcrypt_cbc(): Key of size 0 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in %s on line %d string(0) "" key length=8 -Warning: mcrypt_encrypt(): Key of length 8 not supported by this algorithm in %s on line %d +Warning: mcrypt_encrypt(): Key of size 8 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in %s on line %d string(0) "" Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d -Warning: mcrypt_cbc(): Key of length 8 not supported by this algorithm in %s on line %d +Warning: mcrypt_cbc(): Key of size 8 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in %s on line %d string(0) "" key length=16 diff --git a/ext/mcrypt/tests/mcrypt_rijndael128_256BitKey.phpt b/ext/mcrypt/tests/mcrypt_rijndael128_256BitKey.phpt index 7f6ad5ddf401c..672e1ee1b7d55 100644 --- a/ext/mcrypt/tests/mcrypt_rijndael128_256BitKey.phpt +++ b/ext/mcrypt/tests/mcrypt_rijndael128_256BitKey.phpt @@ -63,10 +63,10 @@ foreach ($keys as $key) { key length=20 -Warning: mcrypt_encrypt(): Key of length 20 not supported by this algorithm in %s on line %d +Warning: mcrypt_encrypt(): Key of size 20 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in %s on line %d string(0) "" -Warning: mcrypt_decrypt(): Key of length 20 not supported by this algorithm in %s on line %d +Warning: mcrypt_decrypt(): Key of size 20 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in %s on line %d string(0) "" key length=24 @@ -75,10 +75,10 @@ string(128) "546869732069732074686520736563726574206d657373616765207768696368206 key length=30 -Warning: mcrypt_encrypt(): Key of length 30 not supported by this algorithm in %s on line %d +Warning: mcrypt_encrypt(): Key of size 30 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in %s on line %d string(0) "" -Warning: mcrypt_decrypt(): Key of length 30 not supported by this algorithm in %s on line %d +Warning: mcrypt_decrypt(): Key of size 30 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in %s on line %d string(0) "" key length=32 @@ -87,9 +87,9 @@ string(128) "546869732069732074686520736563726574206d657373616765207768696368206 key length=40 -Warning: mcrypt_encrypt(): Key of length 40 not supported by this algorithm in %s on line %d +Warning: mcrypt_encrypt(): Key of size 40 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in %s on line %d string(0) "" -Warning: mcrypt_decrypt(): Key of length 40 not supported by this algorithm in %s on line %d +Warning: mcrypt_decrypt(): Key of size 40 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in %s on line %d string(0) "" ===DONE=== From b2925ed41a84a688dd87718fc68649e249b8fcfc Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Sun, 2 Mar 2014 23:26:46 +0100 Subject: [PATCH 6/6] Call mcrypt_module_close on error --- ext/mcrypt/mcrypt.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c index a9f34d77f5835..a8dbc4203ab4d 100644 --- a/ext/mcrypt/mcrypt.c +++ b/ext/mcrypt/mcrypt.c @@ -1268,6 +1268,7 @@ static void php_mcrypt_do_crypt(char* cipher, const char *key, int key_len, cons /* Checking for key-length */ if (php_mcrypt_ensure_valid_key_size(td, key_len TSRMLS_CC) == FAILURE) { + mcrypt_module_close(td); RETURN_FALSE; } @@ -1275,11 +1276,13 @@ static void php_mcrypt_do_crypt(char* cipher, const char *key, int key_len, cons if (mcrypt_enc_mode_has_iv(td) == 1) { if (!iv) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Encryption mode requires an initialization vector"); + mcrypt_module_close(td); RETURN_FALSE; } if (iv_len != mcrypt_enc_get_iv_size(td)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, MCRYPT_IV_WRONG_SIZE); + mcrypt_module_close(td); RETURN_FALSE; } } @@ -1299,6 +1302,7 @@ static void php_mcrypt_do_crypt(char* cipher, const char *key, int key_len, cons if (mcrypt_generic_init(td, (void *) key, key_len, (void *) iv) < 0) { php_error_docref(NULL TSRMLS_CC, E_RECOVERABLE_ERROR, "Mcrypt initialisation failed"); + mcrypt_module_close(td); RETURN_FALSE; }