Package: phpldapadmin / 1.2.6.3-0.3+deb12u1

Fix-openssl-IV-length-PHP-8.patch Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
From: William Desportes <williamdes@wdes.fr>
Date: Sat, 18 Mar 2023 17:21:40 +0100
Subject: Fix openssl IV "openssl_encrypt(): Setting of IV length for AEAD
 mode failed"

Origin: upstream
Forwarded: https://github.com/leenooks/phpLDAPadmin/issues/183#issuecomment-1450893271
---
 lib/functions.php | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/lib/functions.php b/lib/functions.php
index eb5b5dd..9d38cdf 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -21,6 +21,7 @@ define('TMPLDIR',sprintf('%s/',realpath(LIBDIR.'../templates/')));
 define('DOCDIR',sprintf('%s/',realpath(LIBDIR.'../doc/')));
 define('HOOKSDIR',sprintf('%s/',realpath(LIBDIR.'../hooks/')));
 define('JSDIR','js/');
+define('SESSION_CIPHER', 'aes-256-gcm');
 
 /**
  * Supplimental functions
@@ -792,9 +793,11 @@ function blowfish_encrypt($data,$secret=null) {
 	if (! trim($secret))
 		return $data;
 
-	if (! empty($data) && function_exists('openssl_encrypt') && in_array('aes-256-gcm', openssl_get_cipher_methods())) {
-		$keylen = openssl_cipher_iv_length('aes-256-gcm') * 2;
-		return openssl_encrypt($data, 'aes-256-gcm', substr($secret,0,$keylen));
+	if (! empty($data) && function_exists('openssl_encrypt') && in_array(SESSION_CIPHER, openssl_get_cipher_methods())) {
+		$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(SESSION_CIPHER));
+		$keylen = openssl_cipher_iv_length(SESSION_CIPHER) * 2;
+		$encrypted = openssl_encrypt($data, SESSION_CIPHER, substr($secret,0,$keylen), $options=0, $iv, $tag);
+		return base64_encode($encrypted . '::' . $iv . '::' . $tag);
 	}
 
 	if (function_exists('mcrypt_module_open') && ! empty($data)) {
@@ -853,9 +856,10 @@ function blowfish_decrypt($encdata,$secret=null) {
 	if (! trim($secret))
 		return $encdata;
 
-	if (! empty($encdata) && function_exists('openssl_encrypt') && in_array('aes-256-gcm', openssl_get_cipher_methods())) {
-		$keylen = openssl_cipher_iv_length('aes-256-gcm') * 2;
-		return trim(openssl_decrypt($encdata, 'aes-256-gcm', substr($secret,0,$keylen)));
+	if (! empty($encdata) && function_exists('openssl_encrypt') && in_array(SESSION_CIPHER, openssl_get_cipher_methods())) {
+		$keylen = openssl_cipher_iv_length(SESSION_CIPHER) * 2;
+		list($encryptedData, $iv, $tag) = explode('::', base64_decode($encdata), 3);
+		return trim(openssl_decrypt($encryptedData, SESSION_CIPHER, substr($secret,0,$keylen), $options=0, $iv, $tag));
 	}
 
 	if (function_exists('mcrypt_module_open') && ! empty($encdata)) {