Post by daveydave » Mon May 28, 2018 7:04 pm

Hi,

I'm setting up Paypal Pro Iframe (redirect) on a shop site and get this error when I attempt to put a test payment through:

Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in /home/site/public_html/system/library/encryption.php on line 23


I've googled this error and nobody else seems to have experienced it on OpenCart 3.0.2.0, so I can only assume I've set up my server incorrectly to work with this plugin. Has anyone got any idea what the problem may be?

Newbie

Posts

Joined
Fri Aug 28, 2015 10:26 pm

Post by straightlight » Tue May 29, 2018 3:08 am


The most generated errors being found on Opencart forum originates from contributed programming.

Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by daveydave » Tue May 29, 2018 5:07 am

I saw that post. I'm already running PHP 7

Newbie

Posts

Joined
Fri Aug 28, 2015 10:26 pm

Post by straightlight » Tue May 29, 2018 11:21 pm

An interesting concept I may have found on this site: https://bhoover.com/using-php-openssl_e ... rypt-data/ since Opencart also uses the openssl random pseudo bytes as an encryption method.

See if by replacing your entire system/library/encryption.php file will solve the issue with these modifications:

Code: Select all

<?php
/**
 * @package		OpenCart
 * @author		Daniel Kerr
 * @copyright	Copyright (c) 2005 - 2017, OpenCart, Ltd. (https://www.opencart.com/)
 * @license		https://opensource.org/licenses/GPL-3.0
 * @link		https://www.opencart.com
*/

/**
* Encryption class
*/
final class Encryption {
	/**
     * 
     *
     * @param	string	$key
	 * @param	string	$value
	 * 
	 * @return	string
     */	
	public function encrypt($key, $value) {
		// Remove the base64 encoding from our key
		$encryption_key = base64_decode($value);
		
		// Generate an initialization vector		
		$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
		
		// Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector.		
		$encrypted = openssl_encrypt($key, 'aes-256-cbc', $encryption_key, 0, $iv);
		
		// The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)		
		return base64_encode($encrypted . '::' . $iv);
	}
	
	/**
     * 
     *
     * @param	string	$key
	 * @param	string	$value
	 * 
	 * @return	string
     */
	public function decrypt($key, $value) {
		// Remove the base64 encoding from our key
		$encryption_key = base64_decode($value);
		
		// To decrypt, split the encrypted data from our IV - our unique separator used was "::"
		list($encrypted_data, $iv) = explode('::', base64_decode($key), 2);
		
		return openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);
	}
}
Then, ensure to follow these steps before testing your store: viewtopic.php?f=176&p=721388#p718325 . Since this procedure is also about modifying encryption and decryption methods, better to make a backup of your entire store as well.

The most generated errors being found on Opencart forum originates from contributed programming.

Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by daveydave » Sat Jun 02, 2018 5:34 pm

Thanks for this. It seems to work.
Sorry for the late reply, after this started working, Paypal started generating errors so I needed to communicate with their tech support department.

Newbie

Posts

Joined
Fri Aug 28, 2015 10:26 pm

Post by straightlight » Sat Jun 02, 2018 7:34 pm

Outstanding. Thanks for confirming this. I will address this solution on GitHub since this issue seem to be related to untested OpenSSL length even though, in the past on the forum, it has been discussed that programmers needs to ensure that the vector's parameter is properly defined. From now on, this should no longer be a concern other than viewing the logs when testing transactions.

The most generated errors being found on Opencart forum originates from contributed programming.

Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Who is online

Users browsing this forum: No registered users and 6 guests