Control: forwarded -1 https://github.com/gosa-project/gosa-core/pull/33
Hi, On Do 09 Jul 2020 21:54:34 CEST, Wolfgang Schweer wrote:
On Mon, Jul 06, 2020 at 12:05:44PM +0200, Wolfgang Schweer wrote:In both encrypt and decrypt cases, the chosen cipher method seems to return 0.This is the case because the chosen method (aes-256-ecb) doesn't use an initialization vector ($iv) at all, causing its length ($ivlen) to be 0, see e.g. https://usr.ed48.com/php/ssl/?xf=7 So the encrypt/decrypt implementation seems to have been sort of wrong before (and only now with PHP 7.4 an error is thrown). Please check and test the attached changes to /usr/share/gosa/include/functions.inc and /usr/sbin/gosa-encrypt-passwords; works for me, but then my skills are low level and this is a quite sensitive issue. Wolfgang
patch submitted upstream. https://github.com/gosa-project/gosa-core/pull/33 Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de
pgpO_IaXRLe8T.pgp
Description: Digitale PGP-Signatur
