#170 - issue - openssl 3.0 patch

[tachtler]

On archlinux, php7 has been updated with openssl 3.0 and now it's impossible to open a connection in phpldapadmin: connection is anonymous and is rejected by ldap server. #170 - solution was made by https://github.com/bendem and solves the issue #175 too, Thank you!

[tachtler]

Please, can you merge the pull request? Thank you in advance!

[exi]

+1 I need this fix and for now applied it locally on my ubuntu package.

[tachtler]

Hi Reno,

I'm happy to hear, that someone else find it useful, thank you!

Greetings
Klaus (also from Munich)

[TPXP]

This MR has a typo, openssl_get_cipher_methods() reports aes-256-gcm. Using it without the dash after aes fails and emits a warning

$keylen = openssl_cipher_iv_length("aes256-gcm") * 2;
PHP Warning:  openssl_cipher_iv_length(): Unknown cipher algorithm in php shell code on line 1

Besides, AES is not Blowfish, thus this is most likely not compatible with the other implementations in use. We should add a marker at the beginning of the string to explicitely state we're using a new encryption scheme here.

Also, it'd be awesome if we could handle cases when openssl_encrypt returns false and show an error somewhere, since this has serious consequences on the behaviour of the app

BTW, it seems Blowfish encryption with OpenSSL is broken currently: openssl_cipher_iv_length('bf-ecb') is 0 (we're asking for IV, not key size), which means $keylen = openssl_cipher_iv_length('bf-ecb') * 2; sets keylen to 0, thus substr($secret,0,$keylen) gives the empty strying, and openssl_encrypt($data, 'bf-ecb', substr($secret,0,$keylen)); encrypts data with an empty secret 🙌

[TPXP]

This is aes-256-gcm on my side. I think you're just skipping the OpenSSL part since in_array(SESSION_CIPHER, openssl_get_cipher_methods()) is falsy?

[williamdes]

That's true for me too, on Debian PHP 8.2 !
cc @tachtler

[williamdes]

Okay, fixed by ef8d0ce

[jpasher-lazor]

I concur that the fix for this is actually just masking the problem.

When SESSION_CIPHER is incorrectly set to aes256-gcm, it actually bypasses the openssl_* functions altogether, which makes it fall through to mcrypt_* functions (which are deprecated), and then the PHP-based blowfish library (which probably uses the ECB mode that openssl 3.0 deprecated because it's insecure).

As previously stated, the AES cipher method is called aes-256-gcm, but that requires an IV for the encryption and decryption, which is not being provided. This generates a PHP warning:

openssl_encrypt(): Setting of IV length for AEAD mode failed

There are other blowfish cipher modes that OpenSSL 3.0 still supports, but they require an IV or nonce. As far as which is best, I really don't know that much about encryption, although I know CBC should be avoided.

This page provides some good details on the different Blowfish cipher modes.

https://pycryptodome.readthedocs.io/en/latest/src/cipher/classic.html

Summary:

• When SESSION_CIPHER = aes256-gcm, it doesn't use openssl at all
• When SESSION_CIPHER = aes-256-gcm, it actually fails because an IV is not provided
• Using the alternate blowfish cipher modes in openssl require an IV/nonce

If you concatenate the IV with the encrypted string, you can extract it when doing the decryption without requiring you to store it (kind of like storing the salt for a hashed password).