Skip to content
Permalink
Browse files

Remove Security::engine()

We disscussed and decided to avoid auto selecting which extension to use.
Instead, call Configure::write('Security.useOpenSsl', true) manually.
  • Loading branch information...
chinpei215 committed Feb 24, 2018
1 parent fc397bd commit a6b0271560a41f5dbc52b4484491a6b3700bac52
Showing with 10 additions and 54 deletions.
  1. +8 −27 lib/Cake/Test/Case/Utility/SecurityTest.php
  2. +2 −27 lib/Cake/Utility/Security.php
@@ -36,7 +36,7 @@ class SecurityTest extends CakeTestCase {
*/
public function setUp() {
parent::setUp();
Security::engine(null);
Configure::delete('Security.useOpenSsl');
}
/**
@@ -46,26 +46,7 @@ public function setUp() {
*/
public function tearDown() {
parent::tearDown();
Security::engine(null);
}
/**
* Tests that Security::engine() works
*
* @return void
*/
public function testEngine() {
if (extension_loaded('mcrypt')) {
$this->assertEquals('mcrypt', Security::engine());
}
$this->assertContains(Security::engine(), array('mcrypt', 'openssl'));
Security::engine('mcrypt');
$this->assertEquals('mcrypt', Security::engine());
Security::engine('openssl');
$this->assertEquals('openssl', Security::engine());
Configure::delete('Security.useOpenSsl');
}
/**
@@ -385,24 +366,24 @@ public function testEncryptDecrypt() {
*/
public function testEncryptDecryptCompatibility($txt) {
$this->skipIf(!extension_loaded('mcrypt'), 'This test requires mcrypt to be installed');
$this->skipIf(!extension_loaded('openssl'), 'This test requires oepnssl to be installed');
$this->skipIf(version_compare(PHP_VERSION, '5.3.3', '<'), 'This test requires PHP 5.3.3 or grater');
$this->skipIf(!extension_loaded('openssl'), 'This test requires openssl to be installed');
$this->skipIf(version_compare(PHP_VERSION, '5.3.3', '<'), 'This test requires PHP 5.3.3 or greater');
$key = '12345678901234567890123456789012';
Security::engine('mcrypt');
Configure::write('Security.useOpenSsl', false);
$mcrypt = Security::encrypt($txt, $key);
Security::engine('openssl');
Configure::write('Security.useOpenSsl', true);
$openssl = Security::encrypt($txt, $key);
$this->assertEquals(strlen($mcrypt), strlen($openssl));
Security::engine('mcrypt');
Configure::write('Security.useOpenSsl', false);
$this->assertEquals($txt, Security::decrypt($mcrypt, $key));
$this->assertEquals($txt, Security::decrypt($openssl, $key));
Security::engine('openssl');
Configure::write('Security.useOpenSsl', true);
$this->assertEquals($txt, Security::decrypt($mcrypt, $key));
$this->assertEquals($txt, Security::decrypt($openssl, $key));
}
@@ -25,13 +25,6 @@
*/
class Security {
/**
* The encryption engine
*
* @var string
*/
protected static $_engine = null;
/**
* Default hash method
*
@@ -359,7 +352,7 @@ public static function encrypt($plain, $key, $hmacSalt = null) {
// Generate the encryption and hmac key.
$key = substr(hash('sha256', $key . $hmacSalt), 0, 32);
if (static::engine() === 'openssl') {
if (Configure::read('Security.useOpenSsl')) {
$method = 'AES-256-CBC';
$ivSize = openssl_cipher_iv_length($method);
$iv = openssl_random_pseudo_bytes($ivSize);
@@ -426,7 +419,7 @@ public static function decrypt($cipher, $key, $hmacSalt = null) {
return false;
}
if (static::engine() === 'openssl') {
if (Configure::read('Security.useOpenSsl')) {
$method = 'AES-256-CBC';
$ivSize = openssl_cipher_iv_length($method);
$iv = substr($cipher, 0, $ivSize);
@@ -446,22 +439,4 @@ public static function decrypt($cipher, $key, $hmacSalt = null) {
return rtrim($plain, "\0");
}
/**
* Set or get the encryption engine
*
* @param string $engine The encryption engine to use
* @return string
*/
public static function engine($engine = null) {
if (func_num_args() > 0) {
static::$_engine = $engine;
} elseif (static::$_engine === null) {
static::$_engine = 'mcrypt';
if (!extension_loaded('mcrypt') && extension_loaded('openssl') && version_compare(PHP_VERSION, '5.3.3', '>=')) {
static::$_engine = 'openssl';
}
}
return static::$_engine;
}
}

0 comments on commit a6b0271

Please sign in to comment.
You can’t perform that action at this time.