Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use OpenSSL functions if mcrypt is not available #6826

Merged
merged 24 commits into from
Mar 12, 2018
Merged

Use OpenSSL functions if mcrypt is not available #6826

merged 24 commits into from
Mar 12, 2018

Conversation

jessp01
Copy link

@jessp01 jessp01 commented Feb 28, 2018
edited
Loading

This is the server side follow up of kaltura/clients-generator#278

Starting from PHP 7.1, the Mcrypt extension is deprecated.
There is a good underlying reason for that, to wit: libmcrypt's last update was back in 2007. This is bad for any piece of code but especially troubling for security sensitive ones.

The pulls above will ensure compatibility with KS strings generated using Mcrypt because we set the OPENSSL_ZERO_PADDING bit and do our own padding thus making it compatible with mcrypt's zero padding, as opposed to OpenSSL's default which is PKCS#7.

More info about this can be found here:
http://thefsb.tumblr.com/post/110749271235/using-opensslendecrypt-in-php-instead-of
and in particular under the "Encoding, padding and OPENSSL_RAW_DATA vs.
OPENSSL_ZERO_PADDING" section.

Jess Portnoy added 20 commits February 28, 2018 11:57
work in progress...
8b4ed75
.
8e7fe8f
.
db2a36a
.
36f090b
.
ebb827d
.
086064e
.
501352f
use extension_loaded('mcrypt') rather than function_exists()
f9d7d7b
use extension_loaded('mcrypt') since that block requires several Mcrypt
a06b838 
funcs.
Refactoring
e729456 
Introduce a helper class called KCryptoWrapper that will determine
whether to use OpenSSL or Mcrypt based on the value of the php_crypto_ext
"kConf" directive
.
3956ae4
a comment about padding.
944fb0f
remove debug prints.
565b2b9
- use '\0' instead of 0 when padding
e615134 
- add whitespaces to adhere to the general coding style
- as requested by Erans, avoid use of kConf to determine which extension to use, if mcrypt is
loaded use it, otherwise, use openssl
.
0c52e0f
remove unneeded kConf require()
865d00e
only pad if strlen($str) % BLOCK_SIZE
ac941b8
In testme context, app/infra/general is not autoloaded and thus, an
23aaa32 
attempt to use the KCryptoWrapper class fails
typo.
f60bd39
typo
0567d1a
MosheMaorKaltura
MosheMaorKaltura reviewed Mar 6, 2018
View reviewed changes
infra/general/KCryptoWrapper.class.php Outdated
const AES_METHOD = 'AES-128-CBC';
const DES3_METHOD = 'DES-EDE3';

public static function random_pseudo_bytes($bytes)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rename bytes to length or size, since it may be confusing.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's confusing but renamed it to $length anyhow since it's not worth arguing about.

@jessp01 jessp01 changed the base branch from Mercury-13.15.0 to Mercury-13.16.0 March 12, 2018 09:51
@jessp01 jessp01 merged commit e82ab3b into Mercury-13.16.0 Mar 12, 2018
@MosheMaorKaltura MosheMaorKaltura deleted the openssl-fallback branch April 30, 2018 12:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MosheMaorKaltura MosheMaorKaltura MosheMaorKaltura left review comments

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jessp01 @MosheMaorKaltura