Skip to content
This repository was archived by the owner on Nov 27, 2023. It is now read-only.

Commit 1e4eb9d

Browse files
captn3m0sergey-shandar
authored andcommitted
Drops mcrypt (#991)
* Adds support for random_bytes (PHP>=7.0) * Remove mcrypt usage from getGuid * Replace mt_rand with random_int implementation - This implementation is same as https://github.com/paragonie/random_compat/blob/master/lib/random_int.php - Fixes #918 * Replace mcrypt_encrypt with openssl_encrypt
1 parent 30d469c commit 1e4eb9d

6 files changed

Lines changed: 90 additions & 55 deletions

File tree

src/Common/Internal/Utilities.php

Lines changed: 81 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -532,35 +532,31 @@ public static function tryGetValueInsensitive($key, array $haystack, $default =
532532
*
533533
* See http://tools.ietf.org/html/rfc4122 for more information.
534534
*
535-
* Note: This function is available on all platforms, while the
536-
* com_create_guid() is only available for Windows.
535+
* Note: See https://stackoverflow.com/a/15875555
537536
*
538537
* @static
539538
*
540539
* @return string A new GUID
541540
*/
542541
public static function getGuid()
543542
{
544-
// @codingStandardsIgnoreStart
545-
546-
return sprintf(
547-
'%04x%04x-%04x-%04x-%02x%02x-%04x%04x%04x',
548-
mt_rand(0, 65535),
549-
mt_rand(0, 65535), // 32 bits for "time_low"
550-
mt_rand(0, 65535), // 16 bits for "time_mid"
551-
mt_rand(0, 4096) + 16384, // 16 bits for "time_hi_and_version", with
552-
// the most significant 4 bits being 0100
553-
// to indicate randomly generated version
554-
mt_rand(0, 64) + 128, // 8 bits for "clock_seq_hi", with
555-
// the most significant 2 bits being 10,
556-
// required by version 4 GUIDs.
557-
mt_rand(0, 256), // 8 bits for "clock_seq_low"
558-
mt_rand(0, 65535), // 16 bits for "node 0" and "node 1"
559-
mt_rand(0, 65535), // 16 bits for "node 2" and "node 3"
560-
mt_rand(0, 65535) // 16 bits for "node 4" and "node 5"
561-
);
543+
$data = self::generateCryptoKey(16);
544+
545+
$data[6] = chr(ord($data[6]) & 0x0f | 0x40); // set version to 0100b = 4
546+
$data[8] = chr(ord($data[8]) & 0x3f | 0x80); // set bits 6-7 to 10
547+
548+
return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
549+
}
550+
562551

563-
// @codingStandardsIgnoreEnd
552+
/**
553+
* Generates a GUID provided a 16 byte pseudo random string
554+
* @param string $data 16 bytes long data string
555+
* @return string A new GUID
556+
*/
557+
private static function generateGuid($data)
558+
{
559+
return $guid;
564560
}
565561

566562
/**
@@ -645,7 +641,59 @@ public static function getEntityId($entity, $type, $method = 'getId')
645641
*/
646642
public static function generateCryptoKey($length)
647643
{
648-
return openssl_random_pseudo_bytes($length);
644+
// PHP>=7.0
645+
if (function_exists('random_bytes')) {
646+
return random_bytes($length);
647+
}
648+
649+
$buf = openssl_random_pseudo_bytes($length, $secure);
650+
651+
if ($buf !== false) {
652+
return $buf;
653+
}
654+
655+
throw new \Exception('PRNG failure');
656+
}
657+
658+
/**
659+
* Fetch a random integer between $min and $max inclusive
660+
* @param int $min
661+
* @param int $max
662+
* @return int
663+
*/
664+
public static function generateRandomInt($min, $max)
665+
{
666+
$range = $max - $min;
667+
$bits = $bytes = $mask = $val = 0;
668+
while ($range > 0) {
669+
if ($bits % 8 === 0) {
670+
++$bytes;
671+
}
672+
++$bits;
673+
$range >>= 1;
674+
$mask = $mask << 1 | 1;
675+
}
676+
$valueShift = $min;
677+
678+
do {
679+
if ($attempts > 128) {
680+
throw new \Exception('Could not generate valid random integer');
681+
}
682+
$randomByteString = self::generateCryptoKey($bytes);
683+
684+
$val = 0;
685+
for ($i = 0; $i < $bytes; ++$i) {
686+
$val |= ord($randomByteString[$i]) << ($i * 8);
687+
}
688+
689+
$val &= $mask;
690+
$val += $valueShift;
691+
692+
++$attempts;
693+
694+
} while (!is_int($val) || $val > $max || $val < $min);
695+
696+
return (int) $val;
649697
}
650698

651699
/**
@@ -673,30 +721,13 @@ public static function ctrCrypt($data, $key, $initializationVector)
673721
sprintf(Resources::INVALID_STRING_LENGTH, 'initializationVector', '16')
674722
);
675723

676-
$blockCount = ceil(strlen($data) / 16);
677-
678-
$ctrData = '';
679-
for ($i = 0; $i < $blockCount; ++$i) {
680-
$ctrData .= $initializationVector;
681-
682-
// increment Initialization Vector
683-
$j = 15;
684-
do {
685-
$digit = ord($initializationVector[$j]) + 1;
686-
$initializationVector[$j] = chr($digit & 0xFF);
687-
688-
--$j;
689-
} while (($digit == 0x100) && ($j >= 0));
690-
}
691-
692-
$encryptCtrData = mcrypt_encrypt(
693-
MCRYPT_RIJNDAEL_128,
724+
return openssl_encrypt(
725+
$data,
726+
'aes-256-ctr',
694727
$key,
695-
$ctrData,
696-
MCRYPT_MODE_ECB
728+
OPENSSL_RAW_DATA,
729+
$initializationVector
697730
);
698-
699-
return $data ^ $encryptCtrData;
700731
}
701732

702733
/**
@@ -720,6 +751,12 @@ public static function base256ToDec($number)
720751
return $result;
721752
}
722753

754+
/**
755+
* Replace all hex characters in a string with lowercase
756+
* and URL encode the resulting string.
757+
* @param string $str input string
758+
* @return string URL Encoded string with 00-FF replaced with 00-ff
759+
*/
723760
public static function lowerUrlencode($str)
724761
{
725762
return preg_replace_callback('/%[0-9A-F]{2}/',

src/MediaServices/Models/ContentKey.php

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -402,12 +402,7 @@ private function _generateChecksum($aesKey, $usePadding = false)
402402
$aesKey = $this->pkcs5_pad($aesKey, 16);
403403
}
404404

405-
$encrypted = mcrypt_encrypt(
406-
MCRYPT_RIJNDAEL_128, // AES
407-
$aesKey,
408-
$this->_id,
409-
MCRYPT_MODE_ECB
410-
);
405+
$encrypted = openssl_encrypt($this->_id, 'aes-256-ecb', $aesKey, OPENSSL_RAW_DATA);
411406

412407
$this->_checksum = base64_encode(substr($encrypted, 0, 8));
413408
}

tests/framework/MediaServicesRestProxyTestBase.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@
4545
use WindowsAzure\Common\Internal\Http\Url;
4646
use WindowsAzure\Common\Internal\Http\HttpClient;
4747
use WindowsAzure\Common\Internal\Resources;
48+
use WindowsAzure\Common\Internal\Utilities;
4849

4950
/**
5051
* TestBase class for each unit test class.
@@ -419,7 +420,7 @@ function startsWith($haystack, $needle) {
419420

420421
protected function createSuffix()
421422
{
422-
return sprintf('-%04x', mt_rand(0, 65535));
423+
return sprintf('-%04x', Utilities::generateRandomInt(0, 65535));
423424
}
424425

425426
protected function createLargeFile()

tests/framework/RestProxyTestBase.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828

2929
use WindowsAzure\Common\Internal\Logger;
3030
use WindowsAzure\Common\Internal\Serialization\XmlSerializer;
31+
use WindowsAzure\Common\Internal\Utilities;
3132
use WindowsAzure\Common\ServicesBuilder;
3233
use PHPUnit\Framework\TestCase;
3334

@@ -52,7 +53,7 @@ class RestProxyTestBase extends TestCase
5253

5354
protected function getTestName()
5455
{
55-
return sprintf('onesdkphp%04x', mt_rand(0, 65535));
56+
return sprintf('onesdkphp%04x', Utilities::generateRandomInt(0, 65535));
5657
}
5758

5859
public static function assertHandler($file, $line, $code)

tests/functional/WindowsAzure/BlobServiceFunctionalTestData.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,7 @@
4747
use MicrosoftAzure\Storage\Common\Models\Metrics;
4848
use MicrosoftAzure\Storage\Common\Models\RetentionPolicy;
4949
use MicrosoftAzure\Storage\Common\Models\ServiceProperties;
50+
use WindowsAzure\Common\Internal\Utilities;
5051

5152
class BlobServiceFunctionalTestData
5253
{
@@ -61,7 +62,7 @@ class BlobServiceFunctionalTestData
6162

6263
public static function setupData($accountName)
6364
{
64-
$rInt = mt_rand(0, 1000000);
65+
$rInt = Utilities::generateRandomInt(0, 1000000);
6566
self::$_accountName = $accountName;
6667
self::$testUniqueId = 'qa-'.$rInt.'-';
6768
self::$nonExistContainerPrefix = 'qa-'.($rInt. 1).'-';

tests/unit/WindowsAzure/Common/Internal/UtilitiesTest.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -605,8 +605,8 @@ public function testCtrCrypt()
605605
$initializationVector = str_pad($efectiveInitializationVector, 16, chr(255));
606606

607607
// Test
608-
$ecnrypted = Utilities::ctrCrypt($data, $key, $initializationVector);
609-
$decrypted = Utilities::ctrCrypt($ecnrypted, $key, $initializationVector);
608+
$encrypted = Utilities::ctrCrypt($data, $key, $initializationVector);
609+
$decrypted = Utilities::ctrCrypt($encrypted, $key, $initializationVector);
610610

611611
// Assert
612612
$this->assertEquals($data, $decrypted);

0 commit comments

Comments
 (0)