php AES-128-CBC mcrypt & openssl

gistfile1.php

<?php 
function encrypt_mcrypt($msg, $key, $iv = null) {
	$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
	if (!$iv) {
		$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
	}
	$pad = $iv_size - (strlen($msg) % $iv_size);
	$msg .= str_repeat(chr($pad), $pad);
	$encryptedMessage = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $msg, MCRYPT_MODE_CBC, $iv);
	return base64_encode($iv . $encryptedMessage);
}
function decrypt_mcrypt($payload, $key) {
	$raw = base64_decode($payload);
	$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
	$iv = substr($raw, 0, $iv_size);
	$data = substr($raw, $iv_size);
	$result = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv);
	$ctrlchar = substr($result, -1);
	$ord = ord($ctrlchar);
	if ($ord < $iv_size && substr($result, -ord($ctrlchar)) === str_repeat($ctrlchar, $ord)) {
		$result = substr($result, 0, -ord($ctrlchar));
	}
	return $result;
}

function encrypt_openssl($msg, $key, $iv = null) {
	$iv_size = openssl_cipher_iv_length('AES-128-CBC');
	if (!$iv) {
		$iv = openssl_random_pseudo_bytes($iv_size);
	}
	$encryptedMessage = openssl_encrypt($msg, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
	return base64_encode($iv . $encryptedMessage);
}
function decrypt_openssl($payload, $key) {
	$raw = base64_decode($payload);
	$iv_size = openssl_cipher_iv_length('AES-128-CBC');
	$iv = substr($raw, 0, $iv_size);
	$data = substr($raw, $iv_size);
	return openssl_decrypt($data, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
}

AES-256 refers to the key size, where the 256 in RIJNDAEL refers to block size
The above code work only if the MCRYPT_RIJNDAEL_128 encryption is made using a 128bit keysize.

Below the code to be able to decrypt MCRYPT_RIJNDAEL_128 encrypted using a 256 bit keylen

// ZERO Padding ISO/IEC 9797-1, ISO/IEC 10118-1
function pad_zero($data) {
$len = mcrypt_get_block_size (MCRYPT_RIJNDAEL_128,MCRYPT_MODE_CBC);
if (strlen($data) % $len) {
$padLength = $len - strlen($data) % $len;
$data .= str_repeat("\0", $padLength);
}
return $data;
}

function encrypt_openssl($msg, $key, $iv) {
$encryptedMessage = openssl_encrypt(pad_zero($msg), 'AES-256-CBC', $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING , $iv);
return $iv . $encryptedMessage;
}

function decrypt_openssl($data, $key) {
$iv_size = openssl_cipher_iv_length('AES-256-CBC');
$iv = substr($data, 0, $iv_size);
$data = substr($data, $iv_size);
$decrypted = openssl_decrypt($data, 'AES-256-CBC', $key,OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING , $iv);
$decrypted = rtrim($decrypted, chr(0));
return $decrypted;

@waltzie thx.

I migrate from php 7.0 to 7.2 and remove mcrypt extension.
For correct encrypting data by openssl AES-128-CBC your example work fine

$json = ''; // your data for encrypt
$key = ''; // your key for encrypt

$cipher = "AES-128-CBC";
$options = OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING;

$ivSize = openssl_cipher_iv_length($cipher);`
$iv = openssl_random_pseudo_bytes($ivSize);

$cipherText = openssl_encrypt(pad_zero($json), $cipher, $this->key, $options, $iv);
$cipherText = $iv . $cipherText;

public function pad_zero($data)
 {
        $len = 16;
        if (strlen($data) % $len) {
            $padLength = $len - strlen($data) % $len;
            $data .= str_repeat("\0", $padLength);
         }
        return $data;
 }

$pad = $ivSize - (strlen($plainText) % $ivSize); $plainText .= str_repeat(chr($pad), $pad);
Very helpful for me. Thank you!

thanks @pzhuchkov.

Was able to replace the old mcrypt with some small changes!

Using "AES-256-CBC" instad of the 128 to replace the MCRYPT_RIJNDAEL_128.

Thanks for the @srsbiz and @oliverdotbecker! That last clue (AES-256-CBC) was instrumental to help my problem!

It worked for me, thank you so much @srsbiz