diff options
author | Roberts Lataria <roberts.lataria@zabbix.com> | 2021-12-17 18:46:42 +0300 |
---|---|---|
committer | Andrejs Verza <andrejs.verza@zabbix.com> | 2021-12-17 18:46:42 +0300 |
commit | eea1f70ac668d297b02ab5df93451bd170900ef2 (patch) | |
tree | 05c405a06757d51eb8366e6c6bdbb4762617fb0d | |
parent | 5220e72e3ed006f7f2ab82c56d7757d5f97f5db3 (diff) | |
parent | 373a2ddb9b8b4736976d7090b2481e572f98cc4b (diff) |
A.F....... [ZBX-20350] changed hash algo for encrypted cookies
Merge in ZBX/zabbix from feature/ZBX-20350-5.4 to release/5.4
* commit '373a2ddb9b8b4736976d7090b2481e572f98cc4b':
A.F....... [ZBX-20350] changed hash algo for encrypted cookies
-rw-r--r-- | ChangeLog.d/bugfix/ZBX-20350 | 1 | ||||
-rw-r--r-- | ui/include/classes/core/CEncryptedCookieSession.php | 2 | ||||
-rw-r--r-- | ui/include/classes/helpers/CEncryptHelper.php | 15 | ||||
-rw-r--r-- | ui/index_sso.php | 4 |
4 files changed, 6 insertions, 16 deletions
diff --git a/ChangeLog.d/bugfix/ZBX-20350 b/ChangeLog.d/bugfix/ZBX-20350 new file mode 100644 index 00000000000..b5905bdff79 --- /dev/null +++ b/ChangeLog.d/bugfix/ZBX-20350 @@ -0,0 +1 @@ +A.F....... [ZBX-20350] changed hash algo for encrypted cookies (rlataria) diff --git a/ui/include/classes/core/CEncryptedCookieSession.php b/ui/include/classes/core/CEncryptedCookieSession.php index afb0790ac69..3f5fce54f37 100644 --- a/ui/include/classes/core/CEncryptedCookieSession.php +++ b/ui/include/classes/core/CEncryptedCookieSession.php @@ -52,7 +52,7 @@ class CEncryptedCookieSession extends CCookieSession { /** * Prepare session data. * - * @param string $data + * @param array $data * * @return string */ diff --git a/ui/include/classes/helpers/CEncryptHelper.php b/ui/include/classes/helpers/CEncryptHelper.php index 64c27ff5266..7563cf648c3 100644 --- a/ui/include/classes/helpers/CEncryptHelper.php +++ b/ui/include/classes/helpers/CEncryptHelper.php @@ -27,7 +27,7 @@ class CEncryptHelper { /** * Signature algorithm. */ - public const SIGN_ALGO = 'aes-256-ecb'; + public const SIGN_ALGO = 'sha256'; /** * Session secret key. @@ -82,7 +82,7 @@ class CEncryptHelper { public static function sign(string $data): string { $key = self::getKey(); - return openssl_encrypt($data, self::SIGN_ALGO, $key); + return hash_hmac(self::SIGN_ALGO, $data, $key, false); } /** @@ -110,15 +110,4 @@ class CEncryptHelper { ' WHERE '.dbConditionInt('configid', [$db_config['configid']]) ); } - - /** - * Generate a hash value. - * - * @param string $message - * - * @return string - */ - public static function hash(string $message): string { - return hash('sha256', $message, false); - } } diff --git a/ui/index_sso.php b/ui/index_sso.php index de42a21221f..45130e7cd8a 100644 --- a/ui/index_sso.php +++ b/ui/index_sso.php @@ -204,7 +204,7 @@ try { 'nameid_sp_name_qualifier' => $auth->getNameIdSPNameQualifier(), 'session_index' => $auth->getSessionIndex() ]; - $saml_data['sign'] = CEncryptHelper::hash(json_encode($saml_data)); + $saml_data['sign'] = CEncryptHelper::sign(json_encode($saml_data)); CSessionHelper::set('saml_data', $saml_data); @@ -243,7 +243,7 @@ try { } $saml_data_sign = $saml_data['sign']; - $saml_data_sign_check = CEncryptHelper::hash(json_encode(array_diff_key($saml_data, array_flip(['sign'])))); + $saml_data_sign_check = CEncryptHelper::sign(json_encode(array_diff_key($saml_data, array_flip(['sign'])))); if (!CEncryptHelper::checkSign($saml_data_sign, $saml_data_sign_check)) { throw new Exception(_('Session initialization error.')); |