Hi, with the attached patch, the conversion works on buster. The script uses php-mcrypt for no reason - the first use always returns an constant 16, the second returns random bytes. With the applied patch, the script works without php-mcrypt. -nik
--- gosa-mcrypt-to-openssl-passwords.orig 2019-04-18 19:38:43.665650068 +0200 +++ gosa-mcrypt-to-openssl-passwords.new 2019-04-18 19:55:39.708586849 +0200 @@ -25,8 +25,7 @@ } function cred_decrypt($input, $password) { - $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); - $iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM); + $iv = random_bytes(16); return rtrim(@openssl_decrypt( pack("H*", $input), "aes-256-ecb" , $password, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv ), "\0\3\4\n"); }
Attachment:
signature.asc
Description: PGP signature