I am getting a strange warning while trying to buy via credit card. Am using Cardinity payment gateway. OpenCart version 3.0.2.0. PHP version 7.2.0. Quickcheckout by MarketInSG . Here is warning message:
PHP Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in .../system/library/encryption.php on line 23. My encryption.php looks like this:
Code: Select all
<?php
/**
* @package OpenCart
* @author Daniel Kerr
* @copyright Copyright (c) 2005 - 2017, OpenCart, Ltd. (https://www.opencart.com/)
* @license https://opensource.org/licenses/GPL-3.0
* @link https://www.opencart.com
*/
/**
* Encryption class
*/
final class Encryption {
/**
*
*
* @param string $key
* @param string $value
*
* @return string
*/
public function encrypt($key, $value) {
return strtr(base64_encode(openssl_encrypt($value, 'aes-256-cbc', hash('sha256', $key, true))), '+/=', '-_,');
}
/**
*
*
* @param string $key
* @param string $value
*
* @return string
*/
public function decrypt($key, $value) {
return trim(openssl_decrypt(base64_decode(strtr($value, '-_,', '+/=')), 'aes-256-cbc', hash('sha256', $key, true)));
}
}
Code: Select all
<?php
/**
* @package OpenCart
* @author Daniel Kerr
* @copyright Copyright (c) 2005 - 2017, OpenCart, Ltd. (https://www.opencart.com/)
* @license https://opensource.org/licenses/GPL-3.0
* @link https://www.opencart.com
*/
/**
* Encryption class
*/
final class Encryption {
/**
*
*
* @param string $key
* @param string $value
*
* @return string
*/
public function encrypt($key, $value) {
// Remove the base64 encoding from our key
$encryption_key = base64_decode($value);
// Generate an initialization vector
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-gcm'));
// Encrypt the data using AES 256 encryption in GCM mode using our encryption key and initialization vector.
$encrypted = openssl_encrypt($key, 'aes-256-gcm', $encryption_key, 0, $iv);
// The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)
return base64_encode($encrypted . '::' . $iv);
}
/**
*
*
* @param string $key
* @param string $value
*
* @return string
*/
public function decrypt($key, $value) {
// Remove the base64 encoding from our key
$encryption_key = base64_decode($value);
// To decrypt, split the encrypted data from our IV - our unique separator used was "::"
list($encrypted_data, $iv) = explode('::', base64_decode($key), 2);
return openssl_decrypt($encrypted_data, 'aes-256-gcm', $encryption_key, 0, $iv);
}
}
PHP Warning: openssl_encrypt(): A tag should be provided when using AEAD mode in ...system/library/encryption.php on line 30
When you click on button Pay Now, it loads for a couple of seconds and then button is returned back to initial Pay Now state.
Don't know what else to do? To contact hosting company or Cardinity? Any help will be hugely appreciated. Thank you!