Get answers quicker by searching

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

  • Ben April 2013
  • dwu April 2013
All Links Were Breaking (had to patch includes/helpers/short.php file!)
  • Vote Up0Vote Down dwudwu
    Posts: 5Sendy user

    hi my openssl_decrypt / encrypt was complaining about the following in the logs:

    stderr: PHP Warning: openssl_encrypt() expects at most 4 parameters, 5 given

    i tracked this down and noticed every single one of my links were not being decrypted correctly. afterwards i started looking into short.php and realized if i combined the api key with the salt when encrypting / decrypting, it seemed to work (to satisfy the error in the log while trying to combine the api key with the salt to encrypt / decrypt).

    im wondering why my openssl_encrypt wont work with the default sendy way. please take a look at my script here:

    http://pastie.org/private/ni0afgdxxzwwe8jxpe2fqg

    my php version:

    PHP 5.3.6-13ubuntu3.1 with Suhosin-Patch (cli) (built: Aug 29 2011 23:39:16)

    running on ubuntu 10.06

    according to http://php.net/manual/en/function.openssl-decrypt.php i should be able to use the 5 params, as iv parameter was added in php 5.3.3

  • 3 Comments
  • Vote Up0Vote Down BenBen
    Posts: 3,484Sendy support

    Hi Dennis,

    Did this happen out of a sudden?

    I tested your script, if I used your method with only 4 parameters (without the iv), I'll get this warning:

    openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended

    Which means Sendy's current way of encryption is correct and secure. I'm not sure why yours does not work even though you're using PHP 5.3.6 (higher than 5.3.0).

    What do you get when you decrypt using 5 parameters (with vi) using your test script?

    Thanks.

    Ben

  • Vote Up0Vote Down dwudwu
    Posts: 5Sendy user

    its blank when i use the 5 parameters.

    im wondering if my php is updated, but somehow my openssl library is outdated?

    i just checked my version of openssl: OpenSSL 0.9.8k 25 Mar 2009

  • Vote Up0Vote Down BenBen
    Posts: 3,484Sendy support

    Could be. My version of OpenSSL is → OpenSSL 1.0.1e-fips 11 Feb 2013

This discussion has been closed.
All Discussions