From cb9eac9047186ba062679341869e59e8aa9b3519 Mon Sep 17 00:00:00 2001 From: atm-florian Date: Wed, 31 May 2023 12:13:50 +0200 Subject: [PATCH] FIX: dol_trunc may not have the desired behaviour for truncating a cryptographic initialiszation vector, for instance when MAIN_DISABLE_TRUNC is used --- htdocs/core/lib/security.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 97abd91d8b2..52e7a975338 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -152,7 +152,7 @@ function dolEncrypt($chain, $key = '', $ciphering = 'AES-256-CTR', $forceseed = if (empty($forceseed)) { $ivseed = dolGetRandomBytes($ivlen); } else { - $ivseed = dol_trunc(md5($forceseed), $ivlen, 'right', 'UTF-8', 1); + $ivseed = dol_substr(md5($forceseed), 0, $ivlen, 'ascii', 1); } $newchain = openssl_encrypt($chain, $ciphering, $key, 0, $ivseed);