Switch to OpenSSL (mcrypt deprecated in PHP 7.1)

leith · leith · commit 640beb7491b1 · 2020-10-29T21:45:18.000+13:00
diff --git a/composer.json b/composer.json
@@ -38,7 +38,7 @@
         "squizlabs/php_codesniffer": "^3.5"
     },
     "suggest": {
-        "ext-mcrypt": "Required for hashing functions to check message signatures"
+        "ext-openssl": "Required for hashing functions to check message signatures"
     },
     "extra": {
         "branch-alias": {
diff --git a/src/Message/Security.php b/src/Message/Security.php
@@ -58,7 +58,11 @@ protected function encryptMessage($message, $key)
         $iv = implode(array_map('chr', array(0, 0, 0, 0, 0, 0, 0, 0)));
 
         if ($this->hasValidEncryptionMethod()) {
-            $ciphertext = mcrypt_encrypt(MCRYPT_3DES, $key, $message, MCRYPT_MODE_CBC, $iv);
+            // OpenSSL needs to manually pad $message length to be mod 8 = 0; OPENSSL_ZERO_PADDING option doens't work
+            if (strlen($message) % 8) {
+                $message = str_pad($message, strlen($message) + 8 - strlen($message) % 8, "\0");
+            }
+            $ciphertext = openssl_encrypt($message, 'des-ede3-cbc', $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, $iv);
         } else {
             throw new RuntimeException('No valid encryption extension installed');
         }
@@ -73,7 +77,7 @@ protected function encryptMessage($message, $key)
      */
     public function hasValidEncryptionMethod()
     {
-        return extension_loaded('mcrypt') && function_exists('mcrypt_encrypt');
+        return extension_loaded('openssl') && function_exists('openssl_encrypt');
     }
 
     /**
diff --git a/tests/Message/SecurityTest.php b/tests/Message/SecurityTest.php
@@ -38,14 +38,14 @@ public function testDecodeMerchantParameters()
     }
 
     /**
-     * Confirm that the mcrypt extension is loaded and we have the appropriate method
+     * Confirm that the openssl extension is loaded and we have the appropriate method
      *
      * Checks are split out in case only one is failing, rather than the blanket true/false for both
      */
     public function testHasValidEncryptionMethod()
     {
-        $this->assertTrue(extension_loaded('mcrypt'));
-        $this->assertTrue(function_exists('mcrypt_encrypt'));
+        $this->assertTrue(extension_loaded('openssl'));
+        $this->assertTrue(function_exists('openssl_encrypt'));
         $this->assertTrue($this->security->hasValidEncryptionMethod());
     }
 

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,11 @@ protected function encryptMessage($message, $key)`
`58`	`58`	`$iv = implode(array_map('chr', array(0, 0, 0, 0, 0, 0, 0, 0)));`
`59`	`59`
`60`	`60`	`if ($this->hasValidEncryptionMethod()) {`
`61`		`- $ciphertext = mcrypt_encrypt(MCRYPT_3DES, $key, $message, MCRYPT_MODE_CBC, $iv);`
	`61`	`+ // OpenSSL needs to manually pad $message length to be mod 8 = 0; OPENSSL_ZERO_PADDING option doens't work`
	`62`	`+ if (strlen($message) % 8) {`
	`63`	`+ $message = str_pad($message, strlen($message) + 8 - strlen($message) % 8, "\0");`
	`64`	`+ }`
	`65`	`+ $ciphertext = openssl_encrypt($message, 'des-ede3-cbc', $key, OPENSSL_RAW_DATA \| OPENSSL_NO_PADDING, $iv);`
`62`	`66`	`} else {`
`63`	`67`	`throw new RuntimeException('No valid encryption extension installed');`
`64`	`68`	`}`
`@@ -73,7 +77,7 @@ protected function encryptMessage($message, $key)`
`73`	`77`	`*/`
`74`	`78`	`public function hasValidEncryptionMethod()`
`75`	`79`	`{`
`76`		`- return extension_loaded('mcrypt') && function_exists('mcrypt_encrypt');`
	`80`	`+ return extension_loaded('openssl') && function_exists('openssl_encrypt');`
`77`	`81`	`}`
`78`	`82`
`79`	`83`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -38,14 +38,14 @@ public function testDecodeMerchantParameters()`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`/**`
`41`		`- * Confirm that the mcrypt extension is loaded and we have the appropriate method`
	`41`	`+ * Confirm that the openssl extension is loaded and we have the appropriate method`
`42`	`42`	`*`
`43`	`43`	`* Checks are split out in case only one is failing, rather than the blanket true/false for both`
`44`	`44`	`*/`
`45`	`45`	`public function testHasValidEncryptionMethod()`
`46`	`46`	`{`
`47`		`- $this->assertTrue(extension_loaded('mcrypt'));`
`48`		`- $this->assertTrue(function_exists('mcrypt_encrypt'));`
	`47`	`+ $this->assertTrue(extension_loaded('openssl'));`
	`48`	`+ $this->assertTrue(function_exists('openssl_encrypt'));`
`49`	`49`	`$this->assertTrue($this->security->hasValidEncryptionMethod());`
`50`	`50`	`}`
`51`	`51`