News:

Support the VirtueMart project and become a member

Main Menu

Cart error in VM 4.2.0.10905

Started by ViPeS, August 12, 2023, 18:53:43 PM

Previous topic - Next topic

ViPeS

Error message appears when opening cart (Shopping Cart J4)

Warning: openssl_decrypt(): IV passed is only 8 bytes long, cipher expects an IV of precisely 16 bytes, padding with \0 in /home/viinis/domains/virtuvinis.lt/public_html/administrator/components/com_virtuemart/helpers/vmcrypt .php on line 84

It's on a white background, so it's hard to see. At the same time, the cart icon is moved.
When the quantity is changed and updated, a message appears at the top of the page.
VM 4.2.18 11050, Joomla 5.2.1, PHP 8.3.8

Milbo

I wonder which PHP version you are using.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

ViPeS

PHP 8.0.26
On PHP 8.1.13 the same error, but only more errors appear:
1. Custom Filters extensions from Breakdesigns
2. module VirtueMart Products — /home/viinis/domains/virtuvinis.lt/public_html/administrator/components/com_virtuemart/models/product.php
VM 4.2.18 11050, Joomla 5.2.1, PHP 8.3.8

Milbo

lol, what a screenshot. The thing is, we never hat this error and the code is years old. It is also very "generic" code. Wonder what I could change here.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

ViPeS

VM 4.2.18 11050, Joomla 5.2.1, PHP 8.3.8

Milbo

The code uses the length of the set method


$ivlen = openssl_cipher_iv_length(self::VMCIPHER);
$iv = substr($ciphertext_dec, 0, $ivlen);
$original_plaintext = openssl_decrypt($ciphertext_raw, self::VMCIPHER, $key['key'], $options=OPENSSL_RAW_DATA, $iv);


self::VMCIPHER = = "AES-128-OFB";

strange
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

ViPeS

Replacing const VMCIPHER = "AES-128-OFB" with const VMCIPHER = "AES-128-CBC" solves the problem!
class vmCrypt {

const ENCRYPT_SAFEPATH="keys";
//const VMCIPHER = "aes-128-gcm";
//const VMCIPHER = "AES-128-OFB";
const VMCIPHER = "AES-128-CBC";
const VMCIPHER71 = "aes-128-gcm";

static function encrypt ($string) {

$key = self::_getKey (0,true);
VM 4.2.18 11050, Joomla 5.2.1, PHP 8.3.8

Milbo

Hmm, I wonder what happens, when I change that. I mean, with already encrypted data. Maybe better to solve, with an hidden config.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Milbo

Next core it will be added as hidden config, that means open your virtuemart.cfg file and add
VMCIPHER=AES-128-CBC
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

ViPeS

Quote from: Milbo on August 17, 2023, 15:34:33 PM
Hmm, I wonder what happens, when I change that. I mean, with already encrypted data. Maybe better to solve, with an hidden config.
I don't understand encryption.
I understand from posts on the internet that using uppercase AES-128-CBC will give a consistent value which is 16.
https://stackoverflow.com/questions/37439981/openssl-encrypt-randomly-fails-iv-passed-is-only-x-bytes-long-cipher-exp
I tried - it worked.
VM 4.2.18 11050, Joomla 5.2.1, PHP 8.3.8

Milbo

As I said, I cannot change it in the core, because it may break already existing coded values.

But I added an hidden config, so add what I wrote to your config (file), store your vm config (in browser) one time and you dont need to think about it, anylonger.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

ViPeS

Updated to VM 4.2.4.10922
Again error message appears when opening cart (Shopping Cart J4),

Warning: openssl_decrypt(): IV passed is only 8 bytes long, cipher expects an IV of precisely 16 bytes, padding with \0 in /home/viinis/domains/virtuvinis.lt/public_html/administrator/components/com_virtuemart/helpers/vmcrypt .php on line 87

VM 4.2.18 11050, Joomla 5.2.1, PHP 8.3.8

jenkinhill

Check for VMCIPHER=AES-128-CBC in your virtuemart.cfg file
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

ViPeS

Quote from: jenkinhill on October 01, 2023, 13:42:47 PM
Check for VMCIPHER=AES-128-CBC in your virtuemart.cfg file

Milbo wrote what needed to be done.
Quote from: Milbo on August 21, 2023, 20:52:33 PM
But I added an hidden config, so add what I wrote to your config (file), store your vm config (in browser) one time and you dont need to think about it, anylonger.
But I don't know how to do it.
The virtuemart.cfg file cannot be edited in DirectAdmin.
Please write how to do this correctly.
VM 4.2.18 11050, Joomla 5.2.1, PHP 8.3.8

jenkinhill

Edit the file using the server cPanel or use FTP to download & edit the file.
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum