Comments (11)
wtps0n
commented on August 25, 2024
I've found disscusion on Stack Overflow about openssl_encrypt:
https://stackoverflow.com/questions/52477247/trying-to-decrypt-with-aes-256-gcm-with-php
Maybe this URL will be helpful?
https://www.php.net/manual/en/function.openssl-encrypt.php
from phpldapadmin.
nick-oconnor
commented on August 25, 2024
Same issue here with v1.2.6.5 containerized with php:8.1-apache.
from phpldapadmin.
vpushkar
commented on August 25, 2024
What is your fix @wtps0n?
from phpldapadmin.
wtps0n
commented on August 25, 2024
Well, I have no fix yet :-)
I have no unix box with openssl 3.x availabe so I don't know how to write checking 'openssl version' inside php (which number version will be returned).
So maybe it is much easier to define (pseudo code) config->session_cipher = ''. And inside lib/functions php set SESSION_CIPHER to aes-256-gcm as default or seeting from config.
If it is good, I will try to make patch till the end of week.
from phpldapadmin.
vpushkar
commented on August 25, 2024
I made it work:
--- functions.php.bak 2023-03-01 12:14:14.142130000 +0200
+++ functions.php 2023-03-01 23:40:49.134927000 +0200
@@ -793,8 +793,10 @@
return $data;
if (! empty($data) && function_exists('openssl_encrypt') && in_array(SESSION_CIPHER, openssl_get_cipher_methods())) {
+ $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(SESSION_CIPHER));
$keylen = openssl_cipher_iv_length(SESSION_CIPHER) * 2;
- return openssl_encrypt($data, SESSION_CIPHER, substr($secret,0,$keylen));
+ $encrypted = openssl_encrypt($data, SESSION_CIPHER, substr($secret,0,$keylen), $options=0, $iv, $tag);
+ return base64_encode($encrypted . '::' . $iv . '::' . $tag);
}
if (function_exists('mcrypt_module_open') && ! empty($data)) {
@@ -855,7 +857,8 @@
if (! empty($encdata) && function_exists('openssl_encrypt') && in_array(SESSION_CIPHER, openssl_get_cipher_methods())) {
$keylen = openssl_cipher_iv_length(SESSION_CIPHER) * 2;
- return trim(openssl_decrypt($encdata, SESSION_CIPHER, substr($secret,0,$keylen)));
+ list($encryptedData, $iv, $tag) = explode('::', base64_decode($encdata), 3);
+ return trim(openssl_decrypt($encryptedData, SESSION_CIPHER, substr($secret,0,$keylen), $options=0, $iv, $tag));
}
if (function_exists('mcrypt_module_open') && ! empty($encdata)) {
from phpldapadmin.
wtps0n
commented on August 25, 2024
Great work. Yes it is working with Openssl 1.1.1. I've just checked it. Thank you very much.
from phpldapadmin.
el-piewie
commented on August 25, 2024
works with SLES 12SP5 (openssl-1.0.2p), too.
@vpushkar Thank you for the patch.
from phpldapadmin.
vpushkar
commented on August 25, 2024
@wtps0n one more fix for php 8.1 is in #193
from phpldapadmin.
brenard
commented on August 25, 2024
The @vpushkar solution works great. @leenooks do you need a PR for that?
from phpldapadmin.
williamdes
commented on August 25, 2024
The @vpushkar solution works great. @leenooks do you need a PR for that?
Please open a PR for this.
You can see my patch for Debian on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033163 (Fix-openssl-3-cipher-name-PHP-8.patch)
from phpldapadmin.
leenooks
commented on August 25, 2024
Thanks @vpushkar fixed with 85f8c61.
from phpldapadmin.
Related Issues (20)
- Consider adding support for argon2 password hasing HOT 3
- openssl_cipher_iv_length and openssl 3.0 HOT 10
- nginx+phpldapadmin ERR_TOO_MANY_REDIRECTS!!! HOT 1
- Could NOT login if OpenLDAP-Server disallow anonymous_bind and login auth_type is session or cookie. HOT 1
- openssl_* function errors are not handled HOT 2
- PHP8.1 on Ubuntu 22 PHP message: PHP Fatal error: Uncaught TypeError: ldap_get_entries(): Argument #2 ($result) must be of type LDAP\\Result, bool given in /var/www/phpLDAPadmin/lib/ds_ldap.php HOT 2
- Where to report security vulnerability? HOT 1
- Cannot login on AlmaLinux HOT 2
- broken .png files HOT 2
- Parse error: systax error, unexpected '=' in /srv/www/phpLDAPadmin-1.2.6.5/lib/functions.php on line 361 HOT 4
- openssl_cipher_iv_length and SLES 12 HOT 1
- PHP Deprecated: Implicit conversion from float 0.75 to int loses precision in createlm.php
- groupOfUniqueNames with more than 500 members begins to remove memberships when editing HOT 7
- Move out of osixia/openldap HOT 2
- new patches to import into 1.2 branch for PHP 8.2 support HOT 2
- rendering issues with FF & Chrome HOT 12
- Wrong variable in Docker readme.md HOT 2
- get_magic_quotes_gpc() error HOT 7
- dns_get_record(): A temporary server error occurred. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from phpldapadmin.