[BUGFIX] Migrate from mcrypt to openssl 11/54411/4
authorStanislas Rolland <typo3@sjbr.ca>
Tue, 17 Oct 2017 03:19:06 +0000 (23:19 -0400)
committerStanislas Rolland <typo3@sjbr.ca>
Tue, 17 Oct 2017 03:40:52 +0000 (05:40 +0200)
mcrypt is deprecated as of PHP 7.1

Resolves: #82716
Change-Id: I0a58f52309b107571f70a950a28e03aef28fcce7
Reviewed-on: https://review.typo3.org/54411
Reviewed-by: Stanislas Rolland <typo3@sjbr.ca>
Tested-by: Stanislas Rolland <typo3@sjbr.ca>
ChangeLog
Classes/Configuration/ConfigurationHelper.php
Classes/Utility/EncryptionUtility.php
composer.json
ext_conf_template.txt
ext_emconf.php
ext_localconf.php

index d707fef..25fe702 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2017-10-16  Stanislas Rolland  <typo(arobas)sjbr.ca>
+       * Resolves #82716: Migrate from mcrypt to openssl
+
 2017-05-28  Stanislas Rolland  <typo(arobas)sjbr.ca>
        * Resolves #81354: Error code not localized
 
index 1ea8ba8..acef940 100644 (file)
@@ -1,45 +1,50 @@
 <?php
 namespace SJBR\SrFreecap\Configuration;
-/***************************************************************
-*  Copyright notice
-*
-*  (c) 2013 Stanislas Rolland <typo3(arobas)sjbr.ca>
-*  All rights reserved
-*
-*  This script is part of the TYPO3 project. The TYPO3 project is
-*  free software; you can redistribute it and/or modify
-*  it under the terms of the GNU General Public License as published by
-*  the Free Software Foundation; either version 2 of the License, or
-*  (at your option) any later version.
-*
-*  The GNU General Public License can be found at
-*  http://www.gnu.org/copyleft/gpl.html.
-*  A copy is found in the textfile GPL.txt and important notices to the license
-*  from the author is found in LICENSE.txt distributed with these scripts.
-*
-*
-*  This script is distributed in the hope that it will be useful,
-*  but WITHOUT ANY WARRANTY; without even the implied warranty of
-*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-*  GNU General Public License for more details.
-*
-*  This copyright notice MUST APPEAR in all copies of the script!
-***************************************************************/
+
+/*
+ *  Copyright notice
+ *
+ *  (c) 2013-2017 Stanislas Rolland <typo3(arobas)sjbr.ca>
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ */
+
+use TYPO3\CMS\Extensionmanager\ViewHelpers\Form\TypoScriptConstantsViewHelper;
+
 /**
  * Class providing configuration help for extension SrFreecap
  */
-class ConfigurationHelper {
-
+class ConfigurationHelper
+{
        /**
         * Renders a select element that allows to choose the encryption algoritm to be used by the extension
         *
         * @param array $params: Field information to be rendered
-        * @param \TYPO3\CMS\Extensionmanager\ViewHelpers\Form\TypoScriptConstantsViewHelper $pObj: The calling parent object.
+        * @param TypoScriptConstantsViewHelper $pObj: The calling parent object.
         * @return string The HTML select field
         */
-       public function buildEncryptionAlgorithmSelector (array $params, \TYPO3\CMS\Extensionmanager\ViewHelpers\Form\TypoScriptConstantsViewHelper $pObj) {
-               if (in_array('mcrypt', get_loaded_extensions())) {
-                       $encryptionAlgorithms = mcrypt_list_algorithms();
+       public function buildEncryptionAlgorithmSelector (array $params, TypoScriptConstantsViewHelper $pObj)
+       {
+               if (in_array('openssl', get_loaded_extensions())) {
+                       $encryptionAlgorithms = openssl_get_cipher_methods();
                        if (!empty($encryptionAlgorithms)) {
                                $field = '<br /><select id="' . $params['propertyName'] . '" name="' . $params['fieldName'] . '" />' . LF;
                                foreach ($encryptionAlgorithms as $encryptionAlgorithm) {
@@ -48,12 +53,11 @@ class ConfigurationHelper {
                                }
                                $field .= '</select><br /><br />' . LF;
                        } else {
-                               $field = '<br />Available encryption algorithms could not be found. Algorithm blowfish will be used.<br />';
+                               $field = '<br />Available encryption algorithms could not be found. Algorithm AES-256-CBC will be used.<br />';
                        }
                } else {
-                       $field = '<br />PHP mcrypt extension is not available.<br />';
+                       $field = '<br />PHP openssl extension is not available.<br />';
                }
                return $field;
        }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
index 609d068..664f2cc 100644 (file)
@@ -4,7 +4,7 @@ namespace SJBR\SrFreecap\Utility;
 /*
  *  Copyright notice
  *
- *  (c) 2012-2016 Stanislas Rolland <typo3(arobas)sjbr.ca>
+ *  (c) 2012-2017 Stanislas Rolland <typo3(arobas)sjbr.ca>
  *  All rights reserved
  *
  *  This script is part of the TYPO3 project. The TYPO3 project is
@@ -32,6 +32,13 @@ namespace SJBR\SrFreecap\Utility;
 class EncryptionUtility
 {
        /**
+        * Salt
+        *
+        * @var string
+        */
+       private $salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
+
+       /**
         * Encrypts a string
         *
         * @param array $string: the string to be encrypted
@@ -39,13 +46,17 @@ class EncryptionUtility
         */
        public static function encrypt($string)
        {
-               if (in_array('mcrypt', get_loaded_extensions())) {
+               if (in_array('openssl', get_loaded_extensions())) {
                        $encryptionAlgorithm = $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['sr_freecap']['encryptionAlgorithm'];
-                       $availableAlgorithms = mcrypt_list_algorithms();
+                       $availableAlgorithms = openssl_get_cipher_methods();
                        if (in_array($encryptionAlgorithm, $availableAlgorithms)) {
                                $key = md5($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'], true);
-                               $iv = mcrypt_create_iv(mcrypt_get_iv_size($encryptionAlgorithm, MCRYPT_MODE_CBC), MCRYPT_RAND);
-                               $string = mcrypt_encrypt($encryptionAlgorithm, $key, $string, MCRYPT_MODE_CBC, $iv);
+                               $iv_size = openssl_cipher_iv_length($encryptionAlgorithm);
+                               $salt = isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['sr_freecap']['salt']) ? trim($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['sr_freecap']['salt']) : $this->salt;
+                               $hash = hash('sha256', $salt . $key . $salt);
+                               $iv = substr($hash, strlen($hash) - $iv_size);
+                               $key = substr($hash, 0, 32);
+                               $string = openssl_encrypt($string, $encryptionAlgorithm, $key, OPENSSL_RAW_DATA, $iv);
                                $cypher = array(base64_encode($string), base64_encode($iv));
                        } else {
                                $cypher = array(base64_encode($string));
@@ -64,9 +75,13 @@ class EncryptionUtility
         */
        public static function decrypt($cypher)
        {
-               if (in_array('mcrypt', get_loaded_extensions())) {
+               if (in_array('openssl', get_loaded_extensions())) {
+                       $encryptionAlgorithm = $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['sr_freecap']['encryptionAlgorithm'];
                        $key = md5($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'], true);
-                       $string = trim(mcrypt_decrypt($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['sr_freecap']['encryptionAlgorithm'], $key, base64_decode($cypher[0]), MCRYPT_MODE_CBC, base64_decode($cypher[1])));
+                       $salt = isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['sr_freecap']['salt']) ? trim($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['sr_freecap']['salt']) : $this->salt;
+                       $hash = hash('sha256', $salt . $key . $salt);
+                       $key = substr($hash, 0, 32);
+                       $string = trim(openssl_decrypt(base64_decode($cypher[0]), $encryptionAlgorithm, $key, OPENSSL_RAW_DATA, base64_decode($cypher[1])));
                } else {
                        $string = base64_decode($cypher[0]);
                }
index 35b1c49..f8c5927 100644 (file)
@@ -16,7 +16,7 @@
   },
   "replace": {
     "sr_freecap": "self.version",
-    "sjbr/sr_freecap": "self.version",
+    "sjbr/sr-freecap": "self.version",
        "typo3-ter/sr-freecap": "self.version"
   },
   "require": {
index 6579e03..6fefee6 100644 (file)
@@ -1,3 +1,5 @@
 
   # cat=basic; type=# cat=basic; type=user[SJBR\SrFreecap\Configuration\ConfigurationHelper->buildEncryptionAlgorithmSelector]; label=Encryption Algorithm: Select the encryption algorithm to be used by the extension.
-encryptionAlgorithm = blowfish
+encryptionAlgorithm = AES-256-CBC
+  # cat=basic; type=# cat=basic; type=string; label=Salt: Salt
+salt = cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH
index 54cb027..4006ddb 100644 (file)
@@ -17,7 +17,7 @@ $EM_CONF[$_EXTKEY] = array(
        'author_company' => 'SJBR',
        'constraints' => array(
                'depends' => array(
-                       'typo3' => '7.6.0-8.99.99'
+                       'typo3' => '7.6.0-8.7.99'
                ),
                'conflicts' => array(),
                'suggests' => array()
index ad7702f..15a9c30 100644 (file)
@@ -1,45 +1,50 @@
 <?php
 defined('TYPO3_MODE') or die();
 
-// Unserializing the configuration so we can use it here
-$_EXTCONF = unserialize($_EXTCONF);
+call_user_func(
+    function($extKey, $extConf)
+    {
+               // Setting the encryption algorithm
+               $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['sr_freecap']['encryptionAlgorithm'] = isset($extConf['encryptionAlgorithm']) ? $extConf['encryptionAlgorithm'] : 'AES-256-CBC';
+               $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['sr_freecap']['salt'] = isset($extConf['salt']) ? $extConf['salt'] : 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
 
-// Setting the encryption algorithm
-$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['sr_freecap']['encryptionAlgorithm'] = isset($_EXTCONF['encryptionAlgorithm']) ? $_EXTCONF['encryptionAlgorithm'] : 'blowfish';
+               // Dispatching requests to image generator and audio player
+               $GLOBALS['TYPO3_CONF_VARS']['FE']['eID_include']['sr_freecap_EidDispatcher'] = 'EXT:sr_freecap/Resources/Private/Eid/EidDispatcher.php';
 
-// Dispatching requests to image generator and audio player
-$GLOBALS['TYPO3_CONF_VARS']['FE']['eID_include']['sr_freecap_EidDispatcher'] = 'EXT:sr_freecap/Resources/Private/Eid/EidDispatcher.php';
+               // Configuring the captcha image generator
+               \TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin(
+                       // The extension name (in UpperCamelCase) or the extension key (in lower_underscore)
+                       'SJBR' . '.' . $extKey,
+                       // A unique name of the plugin in UpperCamelCase
+                       'ImageGenerator',
+                       // An array holding the controller-action-combinations that are accessible
+                       [
+                               // The first controller and its first action will be the default
+                               'ImageGenerator' => 'show',
+                       ],
+                       // An array of non-cachable controller-action-combinations (they must already be enabled)
+                       [
+                               'ImageGenerator' => 'show',
+                       ]
+               );
 
-// Configuring the captcha image generator
-\TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin(
-       // The extension name (in UpperCamelCase) or the extension key (in lower_underscore)
+               // Configuring the audio captcha player
+               \TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin(
+                       // The extension name (in UpperCamelCase) or the extension key (in lower_underscore)
+                       'SJBR' . '.' . $extKey,
+                       // A unique name of the plugin in UpperCamelCase
+                       'AudioPlayer',
+                       // An array holding the controller-action-combinations that are accessible
+                       [
+                               // The first controller and its first action will be the default
+                               'AudioPlayer' => 'play',
+                       ],
+                       // An array of non-cachable controller-action-combinations (they must already be enabled)
+                       [
+                               'AudioPlayer' => 'play',
+                       ]
+               );
+       },
        'sr_freecap',
-       // A unique name of the plugin in UpperCamelCase
-       'ImageGenerator',
-       // An array holding the controller-action-combinations that are accessible
-       [
-               // The first controller and its first action will be the default
-               'ImageGenerator' => 'show',
-       ],
-       // An array of non-cachable controller-action-combinations (they must already be enabled)
-       [
-               'ImageGenerator' => 'show',
-       ]
-);
-
-// Configuring the audio captcha player
-\TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin(
-       // The extension name (in UpperCamelCase) or the extension key (in lower_underscore)
-       'sr_freecap',
-       // A unique name of the plugin in UpperCamelCase
-       'AudioPlayer',
-       // An array holding the controller-action-combinations that are accessible
-       [
-               // The first controller and its first action will be the default
-               'AudioPlayer' => 'play',
-       ],
-       // An array of non-cachable controller-action-combinations (they must already be enabled)
-       [
-               'AudioPlayer' => 'play',
-       ]
+       unserialize($_EXTCONF)
 );
\ No newline at end of file