php
runtime_error
ai_generated
true
Warning: openssl_encrypt(): IV passed is 16 bytes long which is longer than the 8 bytes expected by selected cipher, truncating in /var/www/app/src/Crypto/Encryptor.php on line 23
ID: php/openssl-iv-length-mismatch
90%Fix Rate
87%Confidence
1Evidence
2024-01-10First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| php 8.1 | active | — | — | — |
| php 8.2 | active | — | — | — |
| php 8.3 | active | — | — | — |
| OpenSSL 3.0 | active | — | — | — |
Root Cause
The initialization vector (IV) length provided to `openssl_encrypt` or `openssl_decrypt` does not match the block size required by the selected cipher method (e.g., AES-128-CBC expects 16 bytes, but DES expects 8 bytes).
generic中文
提供给 `openssl_encrypt` 或 `openssl_decrypt` 的初始化向量(IV)长度与所选密码方法所需的块大小不匹配(例如,AES-128-CBC 需要 16 字节,而 DES 需要 8 字节)。
Official Documentation
https://www.php.net/manual/en/function.openssl-encrypt.phpWorkarounds
-
95% success Use `openssl_cipher_iv_length($cipher)` to determine the correct IV length, then generate the IV accordingly: `$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));`
Use `openssl_cipher_iv_length($cipher)` to determine the correct IV length, then generate the IV accordingly: `$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));` -
90% success Explicitly set the cipher method to match the IV length, e.g., change from `'des'` to `'aes-128-cbc'` if the IV is 16 bytes.
Explicitly set the cipher method to match the IV length, e.g., change from `'des'` to `'aes-128-cbc'` if the IV is 16 bytes.
中文步骤
Use `openssl_cipher_iv_length($cipher)` to determine the correct IV length, then generate the IV accordingly: `$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));`Explicitly set the cipher method to match the IV length, e.g., change from `'des'` to `'aes-128-cbc'` if the IV is 16 bytes.
Dead Ends
Common approaches that don't work:
-
Ignoring the warning and continuing execution
95% fail
Truncation of the IV can cause decryption failures or security vulnerabilities; the data may not be recoverable or may be improperly encrypted.
-
Using `openssl_random_pseudo_bytes` without specifying the correct length
70% fail
The function defaults to 16 bytes, which may be incorrect for ciphers like DES (8 bytes) or RC4 (no IV); the length must match the cipher's block size.