0579e8278d
bump year
2015-01-15 23:26:37 +08:00
278c38165c
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Fixed possible read after end of buffer and use after free.
2014-12-08 12:24:16 +03:00
e6ad29ae96
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Fixed possible read after end of buffer and use after free.
2014-12-08 12:20:01 +03:00
dd791cd717
Fixed possible read after end of buffer and use after free.
2014-12-08 12:18:27 +03:00
fd5fbba98c
Use /dev/urandom as the default mcrypt_create_iv() source
...
Also fixes the ARGINFO for mcrypt_create_iv() and adds missing
UPGRADING entries.
2014-03-11 14:06:13 +01:00
d8ed84e4c4
Use zpp for accepting encryption mode string
...
Leaving the non-zpp usage for the mcrypt_{MODE} functions, as
they're deprecated and I'm too lazy to update all their tests.
2014-03-05 15:32:32 +01:00
eb0eac75ef
Remove a number of macros that are no longer used
2014-03-05 15:32:32 +01:00
e5738d3bc9
Provide expected IV length in IV error messages
2014-03-05 15:32:32 +01:00
b9737aa08e
Call mcrypt_module_close on error
2014-03-05 15:32:32 +01:00
e4876ecbfb
Print supported key sizes in error message
2014-03-05 15:32:32 +01:00
32333abe3e
Clean up do_crypt code
...
Avoid unnecessary alloc/copy/free cycles and clean up structure in
general. Add a few extra checks for the key length.
2014-03-05 15:32:32 +01:00
a861a3a93d
Abort on invalid key size
...
Previously an incorrectly sized key was either silently padded
with NUL bytes or truncated. Especially the silent nature of this
behavior makes it extremely easy to use weak encryption. A common
mistake - which has also been extensively made in our tests - is
to use a password instead of a key.
Incorrectly sized keys will now be rejected.
2014-03-05 15:32:32 +01:00
25d801f97e
Abort on missing IV if the enc_mode requires it
...
Previously the code fell back on using a NUL IV if no IV was
passed and the encryption mode required it. This is dangerous and
makes no sense from a practical point of view (as you could just
as well use ECB then).
2014-03-05 15:32:31 +01:00
c4b7cdb41e
Abort on invalid IV size
...
Previously, if the size of the IV did not match the block size
mcrypt would throw a warning and fall back to a NUL IV. This
behavior is both dangerous and makes no practical sense.
mcrypt_encrypt etc. will now return false if the IV has an incorrect
size.
2014-03-05 15:32:31 +01:00
c081ce628f
Bump year
2014-01-03 11:08:10 +08:00
47c9027772
Bump year
2014-01-03 11:06:16 +08:00
c0d060f5c0
Bump year
2014-01-03 11:04:26 +08:00
a666285bc2
Happy New Year
2013-01-01 16:37:09 +08:00
0a7395e009
Happy New Year
2013-01-01 16:28:54 +08:00
7014a0eb6d
Fixed Mcrypt deprecated functions and related tests
2012-08-16 10:21:22 -04:00
29a0efccef
Fixes mcrypt_ecb not issuing an E_DEPRECATED level notice, despite having been deprecated for some time. Please reference bug #62374 as well.
2012-07-21 19:38:03 -04:00
8775a37559
- Year++
2012-01-01 13:15:04 +00:00
4e19825281
- Year++
2012-01-01 13:15:04 +00:00
4b30846b50
- Make usage of new PHP_FE_END macro
2011-07-25 11:35:02 +00:00
da376383e8
- Make usage of new PHP_FE_END macro
2011-07-25 11:35:02 +00:00
9805e1674a
- remove magic quotes support, functions are kept (see the NEWS entry for the details) for BC reasons but do not allow to set enable MQ
2011-07-22 11:25:30 +00:00
b8dd53b713
- use warning here to match unix behavior
2011-07-10 14:19:51 +00:00
8a18b29d23
- use warning here to match unix behavior
2011-07-10 14:19:51 +00:00
0203cc3d44
- Year++
2011-01-01 02:17:06 +00:00
cdaa87f57e
- use new function to get random bytes
2010-06-08 18:27:23 +00:00
b03678348c
- fix leak on error in mcrypt_create_iv on windows
2010-06-02 15:27:38 +00:00
8296e705bf
- WS
2010-06-02 10:07:26 +00:00
932e276c0b
add filters to mcrypt
...
# trunk will follow soon
2010-01-15 21:02:20 +00:00
9ba1e81665
sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php
2010-01-03 09:23:27 +00:00
0f57b15e23
- Fixed bug #49738 (calling mcrypt after mcrypt_generic_deinit crashes).
2009-10-02 00:13:53 +00:00
1fa3b21c15
MFH: Fixed error message grammar:
...
- "cannot" instead of "can not" (meaning "also can")
- "than" instead of "then" (Hint: "then" should hardly be needed;
you're not telling the order in which to do something)
... plus removed a couple ending. dots
2009-06-06 02:40:49 +00:00
6068ce7469
MFH: Fixed compiler warning
2009-05-19 17:47:06 +00:00
08659c2dcd
MFH: Bump copyright year, 3 of 3.
2008-12-31 11:15:49 +00:00
fc2fb50d09
- MFH: Added 'static' into ZEND_BEGIN_ARG_INFO_EX macro
2008-11-17 11:28:01 +00:00
7a37fa2d6b
- Revert ZEND_BEGIN_ARG_INFO change
2008-11-02 21:19:39 +00:00
df10005563
- MFH: Added 'static' into ZEND_BEGIN_ARG_INFO_EX macro
2008-10-24 14:35:40 +00:00
49fc9c9e13
- MFH: Fixed bug #46010 (warnings incorrectly generated for iv in ecb mode)
2008-09-07 22:57:37 +00:00
af7918cf0f
- New parameter parsing API
2008-08-10 05:38:07 +00:00
597d411627
- MFH: Port mcrypt_create_iv to windows (aka fix it on windows)
2008-07-15 17:05:02 +00:00
3657b0ab5c
- Revert that crap.
2008-07-04 07:47:18 +00:00
74bc652de8
fix key container access
2008-07-03 19:40:15 +00:00
f0ec9b9475
- fix mcrypt_iv on windows, use urandom equivalent
...
- MFH, code cleaning and reorganisation
2008-07-03 13:50:14 +00:00
7294562366
- Added arginfo
2008-07-01 19:43:42 +00:00
fbc29e2848
Revert.
2008-05-18 19:48:40 +00:00
472b883cc6
Make mcrypt_enc_self_test() return value compatible with documentation and mcrypt _module_self_test()
2008-05-18 17:08:56 +00:00
Xinchen Hui