[mcrypt_encrypt] PHP5.4 Despite producing warning error, mcrypt still produce a result for mcrypt_encrypt, phpseclib_mcrypt_encrypt does not.

[evaisse]

Despite producing warning error, mcrypt still produce a result for mcrypt_encrypt on php5.4, phpseclib_mcrypt_encrypt does not.

In short the following code does not produce the same result :

<?php
$input = ""; // empty string 
$iv = str_repeat('a', mcrypt_get_iv_size(MCRYPT_3DES, MCRYPT_MODE_CBC));
$key = "someKeyThatDoesNot"; // empty 
mcrypt_encrypt(MCRYPT_3DES, $key, $input, MCRYPT_MODE_CBC, $iv);
phpseclib_mcrypt_encrypt(MCRYPT_3DES, $key, $input, MCRYPT_MODE_CBC, $iv);

Results here : http://sandbox.onlinephpfunctions.com/code/931a527873bfcaca5a1837993cb180c7b6843716

[terrafrost]

Just saw this lol. I'll try to take a look at it later today.

Thanks!

[terrafrost]

Quoting https://github.com/phpseclib/mcrypt_compat/blob/master/lib/mcrypt.php#L889,

// PHP 5.6 made mcrypt_encrypt() a lot less tolerant of bad input but it neglected to change
// anything about mcrypt_generic(). and despite the changes insufficiently long plaintext
// is still accepted.