We recently upgraded a server to PHP7 which interacts via a client API with an older server running PHP 5.5. One of the authentication mechanisms utilizes the functions mcrypt_encrypt
. An interesting problem arose in the client library, as the mcrypt module was deprecated in PHP 5.6 with breaking changes:
Invalid
key
andiv
sizes are no longer accepted. mcrypt_encrypt() will now throw a warning and returnFALSE
if the inputs are invalid. Previously keys and IVs were padded with ‘\0‘ bytes to the next valid size