From e049e9b117d58676fb032adb83aa36a1620f81f2 Mon Sep 17 00:00:00 2001 From: tom-- Date: Wed, 11 Feb 2015 11:14:11 -0500 Subject: [PATCH] use OPENSSL_RAW_DATA, in which openssl adds/strips padding https://en.wikipedia.org/wiki/Padding_%28cryptography%29#PKCS7 --- framework/base/Security.php | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/framework/base/Security.php b/framework/base/Security.php index ff73eaa268..d78c30f159 100644 --- a/framework/base/Security.php +++ b/framework/base/Security.php @@ -172,11 +172,14 @@ class Security extends Component $key = $this->hkdf(self::KDF_HASH, $secret, $keySalt, $info, self::KEY_SIZE); } - $data = $this->addPadding($data); $ivSize = 16; $iv = $this->generateRandomKey($ivSize); - $encrypted = openssl_encrypt($data, $this->opensslCipher(), $key, OPENSSL_ZERO_PADDING, $iv); - $encrypted = base64_decode($encrypted); + +// $data = $this->addPadding($data); +// $encrypted = openssl_encrypt($data, $this->opensslCipher(), $key, OPENSSL_ZERO_PADDING, $iv); +// $encrypted = base64_decode($encrypted); + + $encrypted = openssl_encrypt($data, $this->opensslCipher(), $key, OPENSSL_RAW_DATA, $iv); $authKey = $this->hkdf(self::KDF_HASH, $key, null, self::AUTH_KEY_INFO, self::KEY_SIZE); $hashed = $this->hashData($iv . $encrypted, $authKey); @@ -216,10 +219,15 @@ class Security extends Component $ivSize = 16; $iv = StringHelper::byteSubstr($data, 0, $ivSize); - $encrypted = base64_encode(StringHelper::byteSubstr($data, $ivSize, null)); - $decrypted = openssl_decrypt($encrypted, $this->opensslCipher(), $key, OPENSSL_ZERO_PADDING, $iv); + $encrypted = StringHelper::byteSubstr($data, $ivSize, null); - return $this->stripPadding($decrypted); +// $encrypted = base64_encode($encrypted); +// $decrypted = openssl_decrypt($encrypted, $this->opensslCipher(), $key, OPENSSL_ZERO_PADDING, $iv); +// $decrypted = $this->stripPadding($decrypted); + + $decrypted = openssl_decrypt($encrypted, $this->opensslCipher(), $key, OPENSSL_RAW_DATA, $iv); + + return $decrypted; } /**