aes256gcm is not ready for prime time. Stay tuned. Until it is, we're pretty much stuffed unless we go to 3rd party crypto libs.

1 files changed, 5 insertions, 5 deletions

diff --git a/include/crypto.php b/include/crypto.php
index 758cec24f..bcbb3d388 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -81,14 +81,14 @@ function STD_decrypt($data,$key,$iv) {
 
 function AES256GCM_encrypt($data,$key,$iv) {
 	$key = substr($key,0,32);
-	$iv = substr($iv,0,16);
-	return openssl_encrypt($data,'aes-256-gcm',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
+	$iv = substr($iv,0,12);
+	return openssl_encrypt($data,'aes-256-gcm',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,12,"\0"));
 }
 
 function AES256GCM_decrypt($data,$key,$iv) {
 	$key = substr($key,0,32);
-	$iv = substr($iv,0,16);
-	return openssl_decrypt($data,'aes-256-gcm',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
+	$iv = substr($iv,0,12);
+	return openssl_decrypt($data,'aes-256-gcm',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,12,"\0"));
 }
 
 
@@ -165,7 +165,7 @@ function crypto_methods() {
 	// The actual methods are responsible for deriving the actual key/iv from the provided parameters;
 	// possibly by truncation or segmentation - though many other methods could be used.  
 
-	$r = [ 'aes256gcm', 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ];
+	$r = [ 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ];
 	call_hooks('crypto_methods',$r);
 	return $r;