CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviMail (Moderator: Piotr Szotkowski) »
  • Warnings from crypt.php during install and some mailings
Pages: [1]

Author Topic: Warnings from crypt.php during install and some mailings  (Read 2593 times)

khapeman

  • Guest
Warnings from crypt.php during install and some mailings
March 13, 2010, 09:57:47 am
We upgraded from 3.0.2 to 3.1.1 in early February on our windows server (apache 2.2.11, php 5.2.8, mysql 5.1.30) and although the upgrade was successful there were 2 warnings from module CRM/utils/crypt.php.  I'm attaching a screenshot of the warnings from the install.  Everything seemed to be ok until we started entering contributions and again similar warnings appeared whenever we checked the box for sending an email thank you message.  I just now looked at crypt.php in civicrm 3.1.3 and the same problem still exists.  I'm reposting this to see if anyone has a response.

I found and fixed the problem that caused the warnings in crypt.php, but I would like to be sure my fixes are correct.  Identical lines 46 and 68 (or 47 and 69 in 3.1.3) in crypt.php ($iv = mcrypt_create_iv( 32 ) are responsible for these errors:

warning: mcrypt_create_iv() function.mcrypt-create-iv  Cannot open source device in C:\indigoampp\apache-2.2.11\htdocs\drupal\sites\all\modules\civicrm\CRM\Utils\Crypt.php on line 68.

The problem seems to be explained on this php documentation page:
http://www.php.net/manual/en/function.mcrypt-create-iv.php
In particular note the following:
string mcrypt_create_iv  ( int $size  [, int $source = MCRYPT_DEV_RANDOM  ] )
The source can be MCRYPT_RAND (system random number generator), MCRYPT_DEV_RANDOM  (read data from /dev/random) and MCRYPT_DEV_URANDOM (read data from /dev/urandom). Prior to 5.3.0, MCRYPT_RAND was the only one supported on Windows.

That page further suggests that a call to srand() is required for php prior to php 5.3, so here's what I did:

Added the following line twice to crypt.php prior immediately after existing lines 44 and 66 (or 45 and 67 in 3.1.3):
srand((double) microtime() * 1000000); //for sake of MCRYPT_RAND
and changed existing lines 46 and 68 to the following:
$iv = mcrypt_create_iv( 32, MCRYPT_RAND);
That gets rid of the warnings, but I wondered if it was good form to use mcrypt_create_iv() for the decrypt part of this - looking further down in the php manual page I referenced above shows the following approach to decrypting:
  $iv_size = mcrypt_enc_get_iv_size($td);
  $iv = substr($string,0,$iv_size);
Which is the best approach?  Any ideas would be greatly appreciated!
Thanks!
Ken H.

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Warnings from crypt.php during install and some mailings
March 22, 2010, 02:31:26 pm

Can you please file an issue for this. We'll investigate and fix on a future release. Hopefully we'll have input from folks who know a bit more about windows and security and can provide some more guidance

thanx

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

khapeman

  • Guest
Re: Warnings from crypt.php during install and some mailings
March 23, 2010, 06:06:44 am
Done - issue has been posted as CRM-5998.
Ken H.
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviMail (Moderator: Piotr Szotkowski) »
  • Warnings from crypt.php during install and some mailings

This forum was archived on 2017-11-26.