Cart error in VM 4.2.0.10905

[ViPeS]

Error message appears when opening cart (Shopping Cart J4)

Warning: openssl_decrypt(): IV passed is only 8 bytes long, cipher expects an IV of precisely 16 bytes, padding with \0 in /home/viinis/domains/virtuvinis.lt/public_html/administrator/components/com_virtuemart/helpers/vmcrypt .php on line 84

It's on a white background, so it's hard to see. At the same time, the cart icon is moved.
When the quantity is changed and updated, a message appears at the top of the page.

[Milbo]

I wonder which PHP version you are using.

[ViPeS]

PHP 8.0.26
On PHP 8.1.13 the same error, but only more errors appear:
1. Custom Filters extensions from Breakdesigns
2. module VirtueMart Products — /home/viinis/domains/virtuvinis.lt/public_html/administrator/components/com_virtuemart/models/product.php

[Milbo]

lol, what a screenshot. The thing is, we never hat this error and the code is years old. It is also very "generic" code. Wonder what I could change here.

[ViPeS]

Maybe this will help
https://www.php.net/manual/en/function.openssl-encrypt.php

[Milbo]

The code uses the length of the set method

Code Select Expand


$ivlen = openssl_cipher_iv_length(self::VMCIPHER);
$iv = substr($ciphertext_dec, 0, $ivlen);
$original_plaintext = openssl_decrypt($ciphertext_raw, self::VMCIPHER, $key['key'], $options=OPENSSL_RAW_DATA, $iv);


self::VMCIPHER = = "AES-128-OFB";

strange

[ViPeS]

Replacing const VMCIPHER = "AES-128-OFB" with const VMCIPHER = "AES-128-CBC" solves the problem!

Code Select Expand

class vmCrypt {

const ENCRYPT_SAFEPATH="keys";
//const VMCIPHER = "aes-128-gcm";
//const VMCIPHER = "AES-128-OFB";
const VMCIPHER = "AES-128-CBC";
const VMCIPHER71 = "aes-128-gcm";

static function encrypt ($string) {

$key = self::_getKey (0,true);

[Milbo]

Hmm, I wonder what happens, when I change that. I mean, with already encrypted data. Maybe better to solve, with an hidden config.

[Milbo]

Next core it will be added as hidden config, that means open your virtuemart.cfg file and add
VMCIPHER=AES-128-CBC

[ViPeS]

Hmm, I wonder what happens, when I change that. I mean, with already encrypted data. Maybe better to solve, with an hidden config.

I don't understand encryption.
I understand from posts on the internet that using uppercase AES-128-CBC will give a consistent value which is 16.
https://stackoverflow.com/questions/37439981/openssl-encrypt-randomly-fails-iv-passed-is-only-x-bytes-long-cipher-exp
I tried - it worked.

[Milbo]

As I said, I cannot change it in the core, because it may break already existing coded values.

But I added an hidden config, so add what I wrote to your config (file), store your vm config (in browser) one time and you dont need to think about it, anylonger.

[ViPeS]

Updated to VM 4.2.4.10922
Again error message appears when opening cart (Shopping Cart J4),

Warning: openssl_decrypt(): IV passed is only 8 bytes long, cipher expects an IV of precisely 16 bytes, padding with \0 in /home/viinis/domains/virtuvinis.lt/public_html/administrator/components/com_virtuemart/helpers/vmcrypt .php on line 87

[jenkinhill]

Check for VMCIPHER=AES-128-CBC in your virtuemart.cfg file

[ViPeS]

Check for VMCIPHER=AES-128-CBC in your virtuemart.cfg file

Milbo wrote what needed to be done.

But I added an hidden config, so add what I wrote to your config (file), store your vm config (in browser) one time and you dont need to think about it, anylonger.

But I don't know how to do it.
The virtuemart.cfg file cannot be edited in DirectAdmin.
Please write how to do this correctly.

[jenkinhill]

Edit the file using the server cPanel or use FTP to download & edit the file.