Remove the custom IV option from CI_Encryption
It serves for no practical purpose and can only do harm.
diff --git a/tests/codeigniter/libraries/Encryption_test.php b/tests/codeigniter/libraries/Encryption_test.php
index 759d7cd..f457fe3 100644
--- a/tests/codeigniter/libraries/Encryption_test.php
+++ b/tests/codeigniter/libraries/Encryption_test.php
@@ -141,7 +141,6 @@
$this->assertTrue(is_array($this->encryption->__get_params($params)));
- $params['iv'] = NULL;
$params['base64'] = TRUE;
$params['hmac_digest'] = 'sha512';
@@ -150,7 +149,6 @@
'cipher' => 'aes-128',
'mode' => 'cbc',
'key' => str_repeat("\x0", 16),
- 'iv' => str_repeat("\x0", 16),
'raw_data' => TRUE,
'hmac_key' => str_repeat("\x0", 16),
'hmac_digest' => 'sha256'
@@ -216,22 +214,17 @@
$this->assertFalse($this->encryption->encrypt($message, array('foo')));
$this->assertFalse($this->encryption->decrypt($message, array('foo')));
- // Custom IV (we'll check it), no HMAC, binary output
+ // No HMAC, binary output
$params = array(
'cipher' => 'tripledes',
'mode' => 'cfb',
'key' => str_repeat("\x1", 16),
- 'iv' => str_repeat("\x2", 8),
'base64' => FALSE,
'hmac' => FALSE
);
$ciphertext = $this->encryption->encrypt($message, $params);
- $this->assertEquals(0, strncmp($params['iv'], $ciphertext, 8));
- // IV should be found in the cipher-text, no matter if it was supplied or not
- $this->assertEquals($message, $this->encryption->decrypt($ciphertext, $params));
- unset($params['iv']);
$this->assertEquals($message, $this->encryption->decrypt($ciphertext, $params));
}