Abort on missing IV if the enc_mode requires it

Previously the code fell back on using a NUL IV if no IV was
passed and the encryption mode required it. This is dangerous and
makes no sense from a practical point of view (as you could just
as well use ECB then).

3 files changed, 11 insertions, 8 deletions

diff --git a/ext/mcrypt/tests/mcrypt_cbc.phpt b/ext/mcrypt/tests/mcrypt_cbc.phpt
index 27cc5b2224..fb74df9322 100644
--- a/ext/mcrypt/tests/mcrypt_cbc.phpt
+++ b/ext/mcrypt/tests/mcrypt_cbc.phpt
@@ -15,7 +15,7 @@ $enc_data = mcrypt_cbc($cipher, $key, $secret, MCRYPT_ENCRYPT, $iv);
 echo trim(mcrypt_cbc($cipher, $key, $enc_data, MCRYPT_DECRYPT, $iv)) . "\n";
 
 // a warning must be issued if we don't use a IV on a AES cipher, that usually requires an IV
-mcrypt_cbc($cipher, $key, $enc_data, MCRYPT_DECRYPT);
+var_dump(mcrypt_cbc($cipher, $key, $enc_data, MCRYPT_DECRYPT));
 
 --EXPECTF--
 
@@ -26,4 +26,5 @@ PHP Testfest 2008
 
 Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d
 
-Warning: mcrypt_cbc(): Attempt to use an empty IV, which is NOT recommend in %s on line %d
+Warning: mcrypt_cbc(): Encryption mode requires an initialization vector in %s on line %d
+bool(false)
diff --git a/ext/mcrypt/tests/mcrypt_cfb.phpt b/ext/mcrypt/tests/mcrypt_cfb.phpt
index 11120633a5..1c7b9c12ff 100644
--- a/ext/mcrypt/tests/mcrypt_cfb.phpt
+++ b/ext/mcrypt/tests/mcrypt_cfb.phpt
@@ -15,7 +15,7 @@ $enc_data = mcrypt_cfb($cipher, $key, $secret, MCRYPT_ENCRYPT, $iv);
 echo trim(mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT, $iv)) . "\n";
 
 // a warning must be issued if we don't use a IV on a AES cipher, that usually requires an IV
-mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT);
+var_dump(mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT));
 
 --EXPECTF--
 
@@ -26,4 +26,5 @@ PHP Testfest 2008
 
 Deprecated: Function mcrypt_cfb() is deprecated in %s on line %d
 
-Warning: mcrypt_cfb(): Attempt to use an empty IV, which is NOT recommend in %s on line %d
+Warning: mcrypt_cfb(): Encryption mode requires an initialization vector in %s on line %d
+bool(false)
diff --git a/ext/mcrypt/tests/mcrypt_decrypt.phpt b/ext/mcrypt/tests/mcrypt_decrypt.phpt
index b4e628401e..ebf95cde17 100644
--- a/ext/mcrypt/tests/mcrypt_decrypt.phpt
+++ b/ext/mcrypt/tests/mcrypt_decrypt.phpt
@@ -16,13 +16,14 @@ $enc_data = mcrypt_encrypt($cipher, $key, $secret, $mode, $iv);
 echo trim(mcrypt_decrypt($cipher, $key, $enc_data, $mode, $iv)) . "\n";
 
 // a warning must be issued if we don't use a IV on a AES cipher, that usually requires an IV
-mcrypt_decrypt($cipher, $key, $enc_data, MCRYPT_MODE_CBC);
+var_dump(mcrypt_decrypt($cipher, $key, $enc_data, MCRYPT_MODE_CBC));
 
-var_dump(strpos(mcrypt_decrypt(MCRYPT_BLOWFISH, "FooBar", $enc_data, MCRYPT_MODE_CBC, $iv), "Testfest") !== false);
+var_dump(mcrypt_decrypt(MCRYPT_BLOWFISH, "FooBar", $enc_data, MCRYPT_MODE_CBC, $iv));
 --EXPECTF--
 PHP Testfest 2008
 
-Warning: mcrypt_decrypt(): Attempt to use an empty IV, which is NOT recommend in %s on line %d
+Warning: mcrypt_decrypt(): Encryption mode requires an initialization vector in %s on line %d
+bool(false)
 
 Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in %s on line %d
-bool(false)
\ No newline at end of file
+bool(false)