Skip to content
This repository has been archived by the owner on Jan 30, 2020. It is now read-only.

Bugfix Version jump probably has a BC (from 2.7.1 to 2.7.2) #57

Open
null9beta opened this issue May 30, 2017 · 4 comments
Open

Bugfix Version jump probably has a BC (from 2.7.1 to 2.7.2) #57

null9beta opened this issue May 30, 2017 · 4 comments
Labels
bug

Comments

@null9beta
Copy link

Hi Zend-Filter Team,

unfortunately the last bugfix update seems to contain a BC.

This is the diff i am talking about.
76a6967#diff-d178b1651bd6efe807b184425f956970

The commit message actually just says "Ensure tests run against all PHP versions" but in fact in the file src/Encrypt/BlockCipher.php in line 66 and then 68 there is a breaking change.

Background:

  • we are using Zend-Crypt v3.1.0 already for quite a while.
  • we are using Zend-Filter as well (lastest before the update in v2.7.1)
  • we are using mcrypt to encrypt strings (with rijndael-128 as the algorithm)

The Problem:

  • with the v2.7.2 (bugfix version) the $cipherType was changed from hardcoded mcrypt to a value that is fetched from the SymmetricPluginManager in the file mentioned above
  • i am talking about those lines
$cipherPluginManager = CryptBlockCipher::getSymmetricPluginManager();
$cipherType = $cipherPluginManager->has('openssl') ? 'openssl' : 'mcrypt';
  • the problem is that $cipherPluginManager->has('openssl') will always return true if you use Zend-Crypt > v3
  • the real problem derives from that because there is no setting to tell the SymmetricPluginManager or the BlockChiper class which cipherType to use but it is implicitly set

The Result:

  • as a result whenever the Crypt class is loaded with the algorithm we use (rijndael-128) it will fail because the openssl implementation does not contain this algo in the $encryptionAlgosproperty
  • it fails because this particular algo can only be found in the mcrypt class

Possible Solution:

  • have a possibility to let the user decide which cipherType to use
  • the default might still be set to openssl but it would be really helpful to have the possibility to override that, e.g. from within the global config

Thats my report for now. Shall i create a PullRequest for a potential change including setting the desired cipherType from the config?

Thanks in advance.
@froschdesign froschdesign added this to the 2.7.3 milestone May 30, 2017
@froschdesign
Copy link
Member

froschdesign commented May 30, 2017
edited
Loading

@null9beta

the problem is that $cipherPluginManager->has('openssl') will always return true if you use Zend-Crypt > v3

Right.

the real problem derives from that because there is no setting to tell the SymmetricPluginManager or the BlockChiper class which cipherType to use but it is implicitly set

You can set your own SymmetricPluginManager.

Thanks for reporting!

@null9beta
Copy link
Author

@froschdesign
First of all thanks for getting back that quick. You are right. I did not recognize it can explicitly set the SymmetricPluginManager like that. Thanks. That definitely will solve it for the moment.

@michalbundyra
Copy link
Member

@froschdesign What about this issue? It has milestone 2.7.3 but I don't think so it's going to be released as we already have 2.8.0 and this problem seems to be not resolved there...

@froschdesign froschdesign removed this from the 2.7.3 milestone Dec 13, 2018
@weierophinney weierophinney mentioned this issue Dec 31, 2019
Closed
@weierophinney
Copy link
Member

This repository has been closed and moved to laminas/laminas-filter; a new issue has been opened at laminas/laminas-filter#8.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@weierophinney @froschdesign @null9beta @michalbundyra