3 files changed, 17 insertions, 5 deletions

diff --git a/ext/openssl/tests/011.phpt b/ext/openssl/tests/011.phpt
index 927360900..fdcc5e296 100644
--- a/ext/openssl/tests/011.phpt
+++ b/ext/openssl/tests/011.phpt
@@ -8,11 +8,16 @@ $data = "openssl_encrypt() and openssl_decrypt() tests";
 $method = "AES-128-CBC";
 $password = "openssl";
 
-$encrypted = openssl_encrypt($data, $method, $password);
-$output = openssl_decrypt($encrypted, $method, $password);
+$ivlen = openssl_cipher_iv_length($method);
+$iv    = '';
+srand(time() + ((microtime(true) * 1000000) % 1000000));
+while(strlen($iv) < $ivlen) $iv .= chr(rand(0,255));
+
+$encrypted = openssl_encrypt($data, $method, $password, false, $iv);
+$output = openssl_decrypt($encrypted, $method, $password, false, $iv);
 var_dump($output);
-$encrypted = openssl_encrypt($data, $method, $password, true);
-$output = openssl_decrypt($encrypted, $method, $password, true);
+$encrypted = openssl_encrypt($data, $method, $password, true, $iv);
+$output = openssl_decrypt($encrypted, $method, $password, true, $iv);
 var_dump($output);
 ?>
 --EXPECT--
diff --git a/ext/openssl/tests/bug48182.phpt b/ext/openssl/tests/bug48182.phpt
index 7471c4c5d..146c4c922 100644
--- a/ext/openssl/tests/bug48182.phpt
+++ b/ext/openssl/tests/bug48182.phpt
@@ -51,7 +51,7 @@ function ssl_async_client($port) {
 	$socket = stream_socket_client($host, $errno, $errstr, 10, $flags);
 	stream_set_blocking($socket, 0);
 
-	while ($data) {
+	while ($socket && $data) {
 		$wrote = fwrite($socket, $data, strlen($data));
 		$data = substr($data, $wrote);
 	}
diff --git a/ext/openssl/tests/openssl_decrypt_error.phpt b/ext/openssl/tests/openssl_decrypt_error.phpt
index ea9cce2f0..233fa0c5b 100644
--- a/ext/openssl/tests/openssl_decrypt_error.phpt
+++ b/ext/openssl/tests/openssl_decrypt_error.phpt
@@ -8,8 +8,11 @@ $data = "openssl_decrypt() tests";
 $method = "AES-128-CBC";
 $password = "openssl";
 $wrong = "wrong";
+$iv = str_repeat("\0", openssl_cipher_iv_length($method));
 
 $encrypted = openssl_encrypt($data, $method, $password);
+var_dump($encrypted); /* Not passing $iv should be the same as all-NULL iv, but with a warning */
+var_dump(openssl_encrypt($data, $method, $password, false, $iv)); 
 var_dump(openssl_decrypt($encrypted, $method, $wrong));
 var_dump(openssl_decrypt($encrypted, $wrong, $password));
 var_dump(openssl_decrypt($wrong, $method, $password));
@@ -21,6 +24,10 @@ var_dump(openssl_decrypt($encrypted, array(), $password));
 var_dump(openssl_decrypt($encrypted, $method, array()));
 ?>
 --EXPECTF--
+
+Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in %s on line %d
+string(44) "yof6cPPH4mLee6TOc0YQSrh4dvywMqxGUyjp0lV6+aM="
+string(44) "yof6cPPH4mLee6TOc0YQSrh4dvywMqxGUyjp0lV6+aM="
 bool(false)
 
 Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d