Hi, with the attached patch, the conversion works on buster. The script uses php-mcrypt for no reason - the first use always returns an constant 16, the second returns random bytes. With the applied patch, the script works without php-mcrypt. -nik
--- gosa-mcrypt-to-openssl-passwords.orig 2019-04-18 19:38:43.665650068 +0200
+++ gosa-mcrypt-to-openssl-passwords.new 2019-04-18 19:55:39.708586849 +0200
@@ -25,8 +25,7 @@
}
function cred_decrypt($input, $password) {
- $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
- $iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
+ $iv = random_bytes(16);
return rtrim(@openssl_decrypt( pack("H*", $input), "aes-256-ecb" , $password, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv ), "\0\3\4\n");
}
Attachment:
signature.asc
Description: PGP signature