Page MenuHomePhabricator
Create Task
Maniphest T136587

Login no longer working - throws fatal MediaWiki\Session\UnexpectedValueException
Closed, ResolvedPublic
Actions

Description

Warning: openssl_encrypt(): Unknown cipher algorithm in /Users/jrobson/git/core/includes/session/Session.php on line 429

Fatal error: Class 'MediaWiki\Session\UnexpectedValueException' not found in /Users/jrobson/git/core/includes/session/Session.php on line 431

Details

SubjectRepoBranchLines +/-
Session: Improvements to encryption functionalitymediawiki/coreREL1_27+49 -18
Session: Improvements to encryption functionalitymediawiki/coremaster+49 -18
Fix encryption code in Sessionmediawiki/coreREL1_27+82 -57
Fix encryption code in Sessionmediawiki/coremaster+82 -57
Customize query in gerrit

Related Objects

Event Timeline

Jdlrobson created this task.May 30 2016, 9:16 PM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptMay 30 2016, 9:16 PM
Jdlrobson renamed this task from Login no longer working to Login no longer working - throws fatal MediaWiki\Session\UnexpectedValueException.May 30 2016, 9:16 PM
Tgr subscribed.May 30 2016, 9:21 PM

From the release notes change in 0b8b539a00226fb381a5c760bfc377a43fed558f:

If the openssl and mcrypt PHP extensions are both unavailable, secure session storage (soon to be used for login) will raise an exception. This exception may be bypassed by setting $wgSessionInsecureSecrets = true.

Tgr added a comment.May 30 2016, 9:26 PM

The algorithm is aes-256-ctr, FWIW.

Jdlrobson added a comment.May 30 2016, 9:37 PM

This sounds like a breaking change?

Wikis when updating to a new version of MediaWiki will find their login form throws a fatal when their users login? It took me a couple of days to notice.

Surely we could do something better than a PHP fatal here? ie. a message with instructions on what the admin needs to do?

gerritbot subscribed.May 30 2016, 10:06 PM

Change 291835 had a related patch set uploaded (by Gergő Tisza):
Fix encryption code in Session

https://gerrit.wikimedia.org/r/291835

gerritbot added a project: Patch-For-Review.May 30 2016, 10:06 PM
Tgr added a comment.May 30 2016, 10:11 PM
In T136587#2339884, @Jdlrobson wrote:

This sounds like a breaking change?

Added to MediaWiki 1.27#Breaking_changes (and it's already in the release notes). Do you know of any other place where it should be mentioned?

Wikis when updating to a new version of MediaWiki will find their login form throws a fatal when their users login? It took me a couple of days to notice.
Surely we could do something better than a PHP fatal here? ie. a message with instructions on what the admin needs to do?

Sure, the fatal is a bug in the code.

gerritbot added a comment.May 31 2016, 4:17 PM

Change 291835 merged by jenkins-bot:
Fix encryption code in Session

https://gerrit.wikimedia.org/r/291835

ReleaseTaggerBot added projects: MW-1.28-release (WMF-deploy-2016-06-07_(1.28.0-wmf.5)), MW-1.28-release-notes.Jun 1 2016, 3:01 AM
RacingRalf subscribed.Jun 1 2016, 9:25 AM

After applying the path and trying to create a new user, I get

PHP Warning:  hash_pbkdf2(): Iterations must be a positive integer: 0 in /srv/www/vhosts/wiki127/includes/session/Session.php on line 401

using OpenSSL 0.9.8j-fips

Tgr added a comment.Jun 1 2016, 9:52 AM

It sounds like you have set $wgSessionPbkdf2Iterations to 0.

RacingRalf added a comment.Jun 1 2016, 9:57 AM
In T136587#2344295, @Tgr wrote:

It sounds like you have set $wgSessionPbkdf2Iterations to 0.

No.
But I added

$wgSessionPbkdf2Iterations = 10001;

and now it's working.
Thx!

RobLa-WMF subscribed.EditedJun 17 2016, 6:19 AM

I'm going to respond here to a comment that @Tgr made in T137926

In T137926#2385551, @Tgr wrote:

FWIW, besides the five extensions mentioned in the task description, we sort of require openssl or mcrypt as well for core (since 0b8b539).

$wgSessionInsecureSecrets = true is a puzzling compromise at first glance, since I gather that's how "required" became "sort of required". Is this config option something y'all are planning to quickly deprecate?

Tgr added a comment.Jun 17 2016, 9:43 AM

The plan was to pull in a crypto library which has pure-PHP fallback (phpseclib being the obvious choice there) and remove the option at the time. Doing that is very simple, doing the security review for it is probably a massive amount of work. Not sure where that puts us wrt quickly.

RacingRalf added a comment.Jun 29 2016, 8:46 AM

Any news on this? Tried again with a fresh installation of 1.27 and still can't login. No matter, if I use `$wgSessionInsecureSecrets = true`` and/or `$wgSessionPbkdf2Iterations = 10001;``

gerritbot added a comment.Jun 29 2016, 10:06 AM

Change 296534 had a related patch set uploaded (by Gergő Tisza):
Fix encryption code in Session

https://gerrit.wikimedia.org/r/296534

gerritbot added a comment.Jun 29 2016, 10:18 AM

Change 296534 merged by jenkins-bot:
Fix encryption code in Session

https://gerrit.wikimedia.org/r/296534

Tgr added a subscriber: demon.Jun 29 2016, 10:23 AM

Backported fix to 1.27. @demon is this worth a point release? Affects people who

  • have php-openssl, but it does not support aes-256-ctr mode
  • do not have php-openssl, do have php-mcrypt, but it does not support rijndael-128 mode

No clue how common those conditions are.

ReleaseTaggerBot added a project: MW-1.27-release-notes.Jun 29 2016, 11:00 AM
RobLa-WMF added a project: acl*security.Jun 29 2016, 2:42 PM

I'm adding Security to make sure this is on the Security team's radar.

Restricted Application added a subscriber: Malyacko. · View Herald TranscriptJun 29 2016, 2:42 PM
RacingRalf added a comment.Jun 29 2016, 2:49 PM

No clue how common those conditions are.

We are using SLES11 SP4 and MW1.27.0. No idea if this is a common combination.

demon added a comment.Jun 29 2016, 3:56 PM
In T136587#2414114, @Tgr wrote:

Backported fix to 1.27. @demon is this worth a point release? Affects people who

  • have php-openssl, but it does not support aes-256-ctr mode
  • do not have php-openssl, do have php-mcrypt, but it does not support rijndael-128 mode

No clue how common those conditions are.

Probably should tbh.

csteipp subscribed.Jun 29 2016, 4:29 PM

have php-openssl, but it does not support aes-256-ctr mode

Because of the way we're doing encrypt-then-mac with a random IV for each use, we could change aes-256-ctr to aes-256-cbc (that should be slightly more supported). I think the php api into openssl automatically sets up pkcs7 padding option with cbc. So that would basically make our token the same as python's fernet tokens. So I would feel comfortable with that.

gerritbot added a comment.Jul 1 2016, 3:14 PM

Change 296925 had a related patch set uploaded (by Anomie):
Session: Improvements to encryption functionality

https://gerrit.wikimedia.org/r/296925

Bawolff added a parent task: T133070: MediaWiki 1.27.1 security release.Jul 7 2016, 8:53 PM
dpatrick triaged this task as Medium priority.Jul 7 2016, 8:53 PM
Bawolff mentioned this in T133070: MediaWiki 1.27.1 security release.Jul 18 2016, 8:45 AM
gerritbot added a comment.Jul 24 2016, 1:56 PM

Change 296925 merged by jenkins-bot:
Session: Improvements to encryption functionality

https://gerrit.wikimedia.org/r/296925

ReleaseTaggerBot added a project: MW-1.28-release (WMF-deploy-2016-07-26_(1.28.0-wmf.12)).Jul 24 2016, 2:00 PM
Anomie closed this task as Resolved.Jul 25 2016, 1:53 PM
Anomie claimed this task.
dpatrick subscribed.Aug 1 2016, 6:37 PM
In T136587#2421582, @gerritbot wrote:

Change 296925 had a related patch set uploaded (by Anomie):
Session: Improvements to encryption functionality

https://gerrit.wikimedia.org/r/296925

This needs to be backported to 1.27.

gerritbot added a comment.Aug 1 2016, 7:05 PM

Change 302297 had a related patch set uploaded (by Gergő Tisza):
Session: Improvements to encryption functionality

https://gerrit.wikimedia.org/r/302297

gerritbot added a comment.Aug 1 2016, 8:00 PM

Change 302297 merged by jenkins-bot:
Session: Improvements to encryption functionality

https://gerrit.wikimedia.org/r/302297

dpatrick added a comment.Aug 1 2016, 8:57 PM

Woah, that was fast. Thanks @Tgr.

demon removed a parent task: T133070: MediaWiki 1.27.1 security release.Aug 10 2016, 9:14 PM
chasemp edited projects, added Security; removed MW-1.28-release (WMF-deploy-2016-07-26_(1.28.0-wmf.12)).Feb 10 2020, 10:59 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL