diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c index 89ad83f6bf721..ac16b68f499b9 100644 --- a/ext/mcrypt/mcrypt.c +++ b/ext/mcrypt/mcrypt.c @@ -49,6 +49,13 @@ typedef struct _php_mcrypt { zend_bool init; } php_mcrypt; +typedef enum { + RANDOM = 0, + URANDOM, + RAND, + ARANDOM +} iv_source; + /* {{{ arginfo */ ZEND_BEGIN_ARG_INFO_EX(arginfo_mcrypt_module_open, 0, 0, 4) ZEND_ARG_INFO(0, cipher) @@ -425,9 +432,10 @@ static PHP_MINIT_FUNCTION(mcrypt) /* {{{ */ REGISTER_LONG_CONSTANT("MCRYPT_DECRYPT", 1, CONST_PERSISTENT); /* sources for mcrypt_create_iv */ - REGISTER_LONG_CONSTANT("MCRYPT_DEV_RANDOM", 0, CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("MCRYPT_DEV_URANDOM", 1, CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("MCRYPT_RAND", 2, CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("MCRYPT_DEV_RANDOM", RANDOM, CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("MCRYPT_DEV_URANDOM", URANDOM, CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("MCRYPT_RAND", RAND, CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("MCRYPT_DEV_ARANDOM", ARANDOM, CONST_PERSISTENT); /* ciphers */ MCRYPT_ENTRY2_2_4(3DES, "tripledes"); @@ -536,11 +544,6 @@ PHP_MINFO_FUNCTION(mcrypt) /* {{{ */ } /* }}} */ -typedef enum { - RANDOM = 0, - URANDOM, - RAND -} iv_source; /* {{{ proto resource mcrypt_module_open(string cipher, string cipher_directory, string mode, string mode_directory) Opens the module of the algorithm and the mode to be used */ @@ -1372,7 +1375,7 @@ PHP_FUNCTION(mcrypt_ofb) Create an initialization vector (IV) */ PHP_FUNCTION(mcrypt_create_iv) { - char *iv; + char *iv, *random_source; long source = RANDOM; long size; int n = 0; @@ -1387,8 +1390,26 @@ PHP_FUNCTION(mcrypt_create_iv) } iv = ecalloc(size + 1, 1); - - if (source == RANDOM || source == URANDOM) { + + switch(source) { + case RAND: + random_source = NULL; + break; + case URANDOM: + random_source = "/dev/urandom"; + break; + case ARANDOM: + random_source = "/dev/arandom"; + break; + case RANDOM: + random_source = "/dev/random"; + break; + default: + random_source = "/dev/random"; + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid random source specified(%dl)", source); + } + + if (random_source) { #if PHP_WIN32 /* random/urandom equivalent on Windows */ BYTE *iv_b = (BYTE *) iv; @@ -1402,10 +1423,10 @@ PHP_FUNCTION(mcrypt_create_iv) int fd; size_t read_bytes = 0; - fd = open(source == RANDOM ? "/dev/random" : "/dev/urandom", O_RDONLY); + fd = open(random_source, O_RDONLY); if (fd < 0) { efree(iv); - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot open source device"); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot open source device(%s)", random_source); RETURN_FALSE; } while (read_bytes < size) { @@ -1428,6 +1449,7 @@ PHP_FUNCTION(mcrypt_create_iv) while (size) { iv[--size] = (char) (255.0 * php_rand(TSRMLS_C) / RAND_MAX); } + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "RAND is not safe"); } RETURN_STRINGL(iv, n, 0); } diff --git a/ext/mcrypt/tests/mcrypt_cbc.phpt b/ext/mcrypt/tests/mcrypt_cbc.phpt index 27cc5b2224404..384b6a649e7e1 100644 --- a/ext/mcrypt/tests/mcrypt_cbc.phpt +++ b/ext/mcrypt/tests/mcrypt_cbc.phpt @@ -18,6 +18,7 @@ echo trim(mcrypt_cbc($cipher, $key, $enc_data, MCRYPT_DECRYPT, $iv)) . "\n"; mcrypt_cbc($cipher, $key, $enc_data, MCRYPT_DECRYPT); --EXPECTF-- +Notice: mcrypt_create_iv(): RAND is not safe in %s on line %d Deprecated: Function mcrypt_cbc() is deprecated in %s on line %d diff --git a/ext/mcrypt/tests/mcrypt_cfb.phpt b/ext/mcrypt/tests/mcrypt_cfb.phpt index 11120633a5e82..af498f8754820 100644 --- a/ext/mcrypt/tests/mcrypt_cfb.phpt +++ b/ext/mcrypt/tests/mcrypt_cfb.phpt @@ -18,6 +18,7 @@ echo trim(mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT, $iv)) . "\n"; mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT); --EXPECTF-- +Notice: mcrypt_create_iv(): RAND is not safe in %s on line %d Deprecated: Function mcrypt_cfb() is deprecated in %s on line %d diff --git a/ext/mcrypt/tests/mcrypt_create_iv.phpt b/ext/mcrypt/tests/mcrypt_create_iv.phpt index 1aa48868b04ba..f87e9098f1916 100644 --- a/ext/mcrypt/tests/mcrypt_create_iv.phpt +++ b/ext/mcrypt/tests/mcrypt_create_iv.phpt @@ -11,7 +11,8 @@ $iv3 = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB) echo strlen($iv1) . "\n"; echo strlen($iv2) . "\n"; echo strlen($iv3) . "\n"; ---EXPECT-- +--EXPECTF-- +Notice: mcrypt_create_iv(): RAND is not safe in %s on line %d 16 16 16 diff --git a/ext/mcrypt/tests/mcrypt_decrypt.phpt b/ext/mcrypt/tests/mcrypt_decrypt.phpt index b4e628401e11b..56dba75fa07af 100644 --- a/ext/mcrypt/tests/mcrypt_decrypt.phpt +++ b/ext/mcrypt/tests/mcrypt_decrypt.phpt @@ -20,6 +20,7 @@ mcrypt_decrypt($cipher, $key, $enc_data, MCRYPT_MODE_CBC); var_dump(strpos(mcrypt_decrypt(MCRYPT_BLOWFISH, "FooBar", $enc_data, MCRYPT_MODE_CBC, $iv), "Testfest") !== false); --EXPECTF-- +Notice: mcrypt_create_iv(): RAND is not safe in %s on line %d PHP Testfest 2008 Warning: mcrypt_decrypt(): Attempt to use an empty IV, which is NOT recommend in %s on line %d diff --git a/ext/mcrypt/tests/mcrypt_ecb.phpt b/ext/mcrypt/tests/mcrypt_ecb.phpt index b6d0a227865ab..c445c4518ee25 100644 --- a/ext/mcrypt/tests/mcrypt_ecb.phpt +++ b/ext/mcrypt/tests/mcrypt_ecb.phpt @@ -18,6 +18,7 @@ echo trim(mcrypt_ecb($cipher, $key, $enc_data, MCRYPT_DECRYPT, $iv)) . "\n"; mcrypt_ecb($cipher, $key, $enc_data, MCRYPT_DECRYPT); --EXPECTF-- +Notice: mcrypt_create_iv(): RAND is not safe in %s on line %d Deprecated: Function mcrypt_ecb() is deprecated in %s on line %d diff --git a/ext/mcrypt/tests/mcrypt_ofb.phpt b/ext/mcrypt/tests/mcrypt_ofb.phpt index 942035306035a..6ffc2975f398e 100644 --- a/ext/mcrypt/tests/mcrypt_ofb.phpt +++ b/ext/mcrypt/tests/mcrypt_ofb.phpt @@ -18,6 +18,7 @@ echo trim(mcrypt_ofb($cipher, $key, $enc_data, MCRYPT_DECRYPT, $iv)) . "\n"; mcrypt_ofb($cipher, $key, $enc_data, MCRYPT_DECRYPT, $iv); --EXPECTF-- +Notice: mcrypt_create_iv(): RAND is not safe in %s on line %d Deprecated: Function mcrypt_ofb() is deprecated in %s on line %d