mirror of
https://github.com/php/php-src.git
synced 2025-08-18 23:18:56 +02:00
a861a3a93d
Previously an incorrectly sized key was either silently padded with NUL bytes or truncated. Especially the silent nature of this behavior makes it extremely easy to use weak encryption. A common mistake - which has also been extensively made in our tests - is to use a password instead of a key. Incorrectly sized keys will now be rejected.
27 lines
890 B
PHP
27 lines
890 B
PHP
--TEST--
|
|
mcrypt_ecb
|
|
--SKIPIF--
|
|
<?php if (!extension_loaded("mcrypt")) print "skip"; ?>
|
|
--FILE--
|
|
<?php
|
|
$key = "0123456789012345";
|
|
$secret = "PHP Testfest 2008";
|
|
$cipher = MCRYPT_RIJNDAEL_128;
|
|
|
|
$iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher, MCRYPT_MODE_ECB), MCRYPT_RAND);
|
|
$enc_data = mcrypt_ecb($cipher, $key, $secret, MCRYPT_ENCRYPT, $iv);
|
|
|
|
// we have to trim as AES rounds the blocks and decrypt doesnt detect that
|
|
echo trim(mcrypt_ecb($cipher, $key, $enc_data, MCRYPT_DECRYPT, $iv)) . "\n";
|
|
|
|
// a warning must be issued if we don't use a IV on a AES cipher, that usually requires an IV
|
|
mcrypt_ecb($cipher, $key, $enc_data, MCRYPT_DECRYPT);
|
|
|
|
--EXPECTF--
|
|
|
|
Deprecated: Function mcrypt_ecb() is deprecated in %s on line %d
|
|
|
|
Deprecated: Function mcrypt_ecb() is deprecated in %s on line %d
|
|
PHP Testfest 2008
|
|
|
|
Deprecated: Function mcrypt_ecb() is deprecated in %s on line %d
|