From 17c404e9407abd78b3c72711ca1af9ae1311af18 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 24 Aug 2022 23:41:26 +0200 Subject: [PATCH] Support Initialisation vector in crypt/decrypt --- htdocs/core/lib/security.lib.php | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 5678d1553aa..62c0a22e76b 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -124,8 +124,14 @@ function dolEncrypt($chain, $key = '', $ciphering = "AES-256-CTR") if (!function_exists('openssl_encrypt')) { return $chain; } else { - $newchain = openssl_encrypt($chain, $ciphering, $key); - return 'dolcrypt:'.$ciphering.':'.$newchain; + $ivlen = openssl_cipher_iv_length($ciphering); + if ($ivlen < 0 || $ivlen > 32) { + $ivlen = 32; + } + $ivseed = mt_rand(0, pow(2, $ivlen) - 1); + + $newchain = openssl_encrypt($chain, $ciphering, $key, null, $ivseed); + return 'dolcrypt:'.$ciphering.':'.$ivseed.':'.$newchain; } } @@ -154,7 +160,12 @@ function dolDecrypt($chain, $key = '') if (preg_match('/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) { $ciphering = $reg[1]; if (function_exists('openssl_decrypt')) { - $newchain = openssl_decrypt($reg[2], $ciphering, $key); + $tmpexplode = explode(':', $reg[2]); + if (!empty($tmpexplode[1]) && is_numeric($tmpexplode[0])) { + $newchain = openssl_decrypt($tmpexplode[1], $ciphering, $key, null, $tmpexplode[0]); + } else { + $newchain = openssl_decrypt($tmpexplode[0], $ciphering, $key, null, null); + } } else { $newchain = 'Error function openssl_decrypt() not available'; }