mirror of
https://github.com/php/php-src.git
synced 2024-09-29 22:06:09 +00:00
a861a3a93d
Previously an incorrectly sized key was either silently padded with NUL bytes or truncated. Especially the silent nature of this behavior makes it extremely easy to use weak encryption. A common mistake - which has also been extensively made in our tests - is to use a password instead of a key. Incorrectly sized keys will now be rejected.
18 lines
565 B
PHP
18 lines
565 B
PHP
--TEST--
|
|
Bug #46010 (warnings incorrectly generated for iv in ecb mode)
|
|
--SKIPIF--
|
|
<?php if (!extension_loaded("mcrypt")) print "skip"; ?>
|
|
--FILE--
|
|
<?php
|
|
|
|
$key = "012345678901234567890123";
|
|
var_dump(bin2hex(mcrypt_encrypt(MCRYPT_TRIPLEDES, $key, "data", MCRYPT_MODE_ECB)));
|
|
var_dump(bin2hex(mcrypt_encrypt(MCRYPT_TRIPLEDES, $key, "data", MCRYPT_MODE_ECB, "a")));
|
|
var_dump(bin2hex(mcrypt_encrypt(MCRYPT_TRIPLEDES, $key, "data", MCRYPT_MODE_ECB, "12345678")));
|
|
|
|
?>
|
|
--EXPECTF--
|
|
string(16) "f7a2ce11d4002294"
|
|
string(16) "f7a2ce11d4002294"
|
|
string(16) "f7a2ce11d4002294"
|