ErrorException thrown during decryption when IV is too short

[phptek]

In some circumstances, OpenSSLCrypto::decrypt() will throw an ErrorException when the IV passed to openssl_decrypt() is of an invalid length as returned from openssl_cipher_iv_length() (PHP will attempt to zero-pad it in this case).

IMO the logic should probably try to pad it prior to being passed to openssl_decrypt().

Warning: openssl_decrypt(): IV passed is only 9 bytes long, cipher expects an IV of precisely 16 bytes, padding with \0

This isn't super-critical given that PHP sends this as a WARNING.

[samandeggs]

Hi @phptek I also have gotten this on and off for some time:

Warning: openssl_decrypt(): IV passed is only 5 bytes long, cipher expects an IV of precisely 16 bytes, padding with \0

It is very occasionally, and it's almost always when some form of search bot is browsing around, though - and never from normal users it appears. Unsure if that's simply a coincidence though.

Would simply adding a base64 encode/decode to ensure that \0 nor : etc be able to be passed in/out here?

Edit: that is, to clarify - an encode/decode on the $iv variable passed into the openssl_encrypt() / openssl_decrypt() functions. I likely have my wires crossed with other real errors people have posted versus this being simply a warning around byte length.