2

PHP no longer supports mcrypt. I have to make an OpenSSL alternative that has the exact same output as I only have access to half the code base. My attempts have all failed. As you can see below OS doesn't match MC. I've tried different $methods and combinations of OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING.

Where am I going wrong?

const n = "\n";
$text= 'hello my friends';
$method = 'AES-128-CBC';
$key = base64_decode('AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA');
$text = base64_decode('MDEyMzQ1Njc4OUFCQ0RFRgAAAAYxMjM0NTYxMjMDAwM=');
$size = openssl_cipher_iv_length($method);
$iv = substr($key, 0, $size);

// MCRYPT METHOD
$module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init($module, $key, $iv);
$mcrypt = mcrypt_generic($module, $text);

// OPENSSL METHOD
$method = 'AES-128-CBC';
$openssl = openssl_encrypt($text, $method, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv);

echo "MC: " . base64_encode($mcrypt) . n;
echo "OS: " . base64_encode($openssl) . n;

/*
MC: 9+gMhSSAHhJ4g4rdjwP02YQJTfU2qEThBco+W9ob9UU=
OS: Qsz5HitF4X+2DV48wh7ExCjWjGEOAl88MKXk/g24Z/I=
*/
jww
  • 97,681
  • 90
  • 411
  • 885
J. Smith
  • 141
  • 7
  • Also see [Use openssl_encrypt to replace Mcrypt for 3DES-ECB encryption](http://stackoverflow.com/q/39467008), [Can't decrypt using pgcrypto from AES-256-CBC but AES-128-CBC is OK](http://stackoverflow.com/q/43550818/608639), [MCrypt rijndael-128 to OpenSSL aes-128-ecb conversion](http://stackoverflow.com/q/45218465/608639), etc. Also see [Upgrading my encryption library from Mcrypt to OpenSSL](http://stackoverflow.com/q/43329513), [Replace Mcrypt with OpenSSL](http://stackoverflow.com/q/9993909/608639) and [Preparing for removal of Mcrypt in PHP 7.2](http://stackoverflow.com/q/42696657), etc. – jww Feb 15 '18 at 06:16
  • @jww Thanks, though I was skeptical at finding an answer after about a day of troubleshooting this and searching all over the internet I found the solution here: https://stackoverflow.com/questions/45218465/mcrypt-rijndael-128-to-openssl-aes-128-ecb-conversion Michael Butler: "In your specific example I've found that by changing aes-128-ecb to aes-256-ecb, it produces the same output as the legacy mcrypt_encrypt." Appreciate it! – J. Smith Feb 15 '18 at 06:54
  • Not sure if this helps anyone else, but I am converting an old library and my problem was missing the OPENSSL_RAW_DATA option on openssl_encrypt. – Ben Dec 01 '20 at 14:23

1 Answers1

4

Mcrypts: MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC

is equivalent to:

OPENSSL: AES-256-CBC

I have no idea why there's the difference, but changing the 128 to 256 solved it for me.

Aftab H.
  • 1,517
  • 4
  • 13
  • 25
J. Smith
  • 141
  • 7
  • I believe Mcrypt provides *block sizes* of 128, 192 and 256 bits. AES only provides the 128 block size. My guess is, `MCRYPT_RIJNDAEL_128` is probably referring to Rijndael with 128-bit block size, which is AES. The key size is a different matter, and that is what the `256` denotes in OpenSSL's `AES-256-CBC`. If using a Standard Cryptographic Algorithm Name (SCAN), then the Mcrypt algorithm name for the cipher instance would be similar to `Rijndael-128(256)/CBC`. – jww Feb 15 '18 at 08:56