зеркало из
1
0
Форкнуть 0
* Adds support for random_bytes (PHP>=7.0)

* Remove mcrypt usage from getGuid

* Replace mt_rand with random_int implementation

- This implementation is same as https://github.com/paragonie/random_compat/blob/master/lib/random_int.php
- Fixes Azure/azure-sdk-for-php#918

* Replace mcrypt_encrypt with openssl_encrypt
This commit is contained in:
Nemo 2018-12-04 04:00:37 +05:30 коммит произвёл Sergey Shandar
Родитель 30d469c163
Коммит 1e4eb9d083
6 изменённых файлов: 89 добавлений и 54 удалений

Просмотреть файл

@ -532,8 +532,7 @@ class Utilities
*
* See http://tools.ietf.org/html/rfc4122 for more information.
*
* Note: This function is available on all platforms, while the
* com_create_guid() is only available for Windows.
* Note: See https://stackoverflow.com/a/15875555
*
* @static
*
@ -541,26 +540,23 @@ class Utilities
*/
public static function getGuid()
{
// @codingStandardsIgnoreStart
$data = self::generateCryptoKey(16);
return sprintf(
'%04x%04x-%04x-%04x-%02x%02x-%04x%04x%04x',
mt_rand(0, 65535),
mt_rand(0, 65535), // 32 bits for "time_low"
mt_rand(0, 65535), // 16 bits for "time_mid"
mt_rand(0, 4096) + 16384, // 16 bits for "time_hi_and_version", with
// the most significant 4 bits being 0100
// to indicate randomly generated version
mt_rand(0, 64) + 128, // 8 bits for "clock_seq_hi", with
// the most significant 2 bits being 10,
// required by version 4 GUIDs.
mt_rand(0, 256), // 8 bits for "clock_seq_low"
mt_rand(0, 65535), // 16 bits for "node 0" and "node 1"
mt_rand(0, 65535), // 16 bits for "node 2" and "node 3"
mt_rand(0, 65535) // 16 bits for "node 4" and "node 5"
);
$data[6] = chr(ord($data[6]) & 0x0f | 0x40); // set version to 0100b = 4
$data[8] = chr(ord($data[8]) & 0x3f | 0x80); // set bits 6-7 to 10
// @codingStandardsIgnoreEnd
return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
}
/**
* Generates a GUID provided a 16 byte pseudo random string
* @param string $data 16 bytes long data string
* @return string A new GUID
*/
private static function generateGuid($data)
{
return $guid;
}
/**
@ -645,7 +641,59 @@ class Utilities
*/
public static function generateCryptoKey($length)
{
return openssl_random_pseudo_bytes($length);
// PHP>=7.0
if (function_exists('random_bytes')) {
return random_bytes($length);
}
$buf = openssl_random_pseudo_bytes($length, $secure);
if ($buf !== false) {
return $buf;
}
throw new \Exception('PRNG failure');
}
/**
* Fetch a random integer between $min and $max inclusive
* @param int $min
* @param int $max
* @return int
*/
public static function generateRandomInt($min, $max)
{
$range = $max - $min;
$bits = $bytes = $mask = $val = 0;
while ($range > 0) {
if ($bits % 8 === 0) {
++$bytes;
}
++$bits;
$range >>= 1;
$mask = $mask << 1 | 1;
}
$valueShift = $min;
do {
if ($attempts > 128) {
throw new \Exception('Could not generate valid random integer');
}
$randomByteString = self::generateCryptoKey($bytes);
$val = 0;
for ($i = 0; $i < $bytes; ++$i) {
$val |= ord($randomByteString[$i]) << ($i * 8);
}
$val &= $mask;
$val += $valueShift;
++$attempts;
} while (!is_int($val) || $val > $max || $val < $min);
return (int) $val;
}
/**
@ -673,30 +721,13 @@ class Utilities
sprintf(Resources::INVALID_STRING_LENGTH, 'initializationVector', '16')
);
$blockCount = ceil(strlen($data) / 16);
$ctrData = '';
for ($i = 0; $i < $blockCount; ++$i) {
$ctrData .= $initializationVector;
// increment Initialization Vector
$j = 15;
do {
$digit = ord($initializationVector[$j]) + 1;
$initializationVector[$j] = chr($digit & 0xFF);
--$j;
} while (($digit == 0x100) && ($j >= 0));
}
$encryptCtrData = mcrypt_encrypt(
MCRYPT_RIJNDAEL_128,
return openssl_encrypt(
$data,
'aes-256-ctr',
$key,
$ctrData,
MCRYPT_MODE_ECB
OPENSSL_RAW_DATA,
$initializationVector
);
return $data ^ $encryptCtrData;
}
/**
@ -720,6 +751,12 @@ class Utilities
return $result;
}
/**
* Replace all hex characters in a string with lowercase
* and URL encode the resulting string.
* @param string $str input string
* @return string URL Encoded string with 00-FF replaced with 00-ff
*/
public static function lowerUrlencode($str)
{
return preg_replace_callback('/%[0-9A-F]{2}/',

Просмотреть файл

@ -402,12 +402,7 @@ class ContentKey
$aesKey = $this->pkcs5_pad($aesKey, 16);
}
$encrypted = mcrypt_encrypt(
MCRYPT_RIJNDAEL_128, // AES
$aesKey,
$this->_id,
MCRYPT_MODE_ECB
);
$encrypted = openssl_encrypt($this->_id, 'aes-256-ecb', $aesKey, OPENSSL_RAW_DATA);
$this->_checksum = base64_encode(substr($encrypted, 0, 8));
}

Просмотреть файл

@ -45,6 +45,7 @@ use WindowsAzure\MediaServices\Models\ProgramState;
use WindowsAzure\Common\Internal\Http\Url;
use WindowsAzure\Common\Internal\Http\HttpClient;
use WindowsAzure\Common\Internal\Resources;
use WindowsAzure\Common\Internal\Utilities;
/**
* TestBase class for each unit test class.
@ -419,7 +420,7 @@ class MediaServicesRestProxyTestBase extends ServiceRestProxyTestBase
protected function createSuffix()
{
return sprintf('-%04x', mt_rand(0, 65535));
return sprintf('-%04x', Utilities::generateRandomInt(0, 65535));
}
protected function createLargeFile()

Просмотреть файл

@ -28,6 +28,7 @@ namespace Tests\framework;
use WindowsAzure\Common\Internal\Logger;
use WindowsAzure\Common\Internal\Serialization\XmlSerializer;
use WindowsAzure\Common\Internal\Utilities;
use WindowsAzure\Common\ServicesBuilder;
use PHPUnit\Framework\TestCase;
@ -52,7 +53,7 @@ class RestProxyTestBase extends TestCase
protected function getTestName()
{
return sprintf('onesdkphp%04x', mt_rand(0, 65535));
return sprintf('onesdkphp%04x', Utilities::generateRandomInt(0, 65535));
}
public static function assertHandler($file, $line, $code)

Просмотреть файл

@ -47,6 +47,7 @@ use MicrosoftAzure\Storage\Common\Models\Logging;
use MicrosoftAzure\Storage\Common\Models\Metrics;
use MicrosoftAzure\Storage\Common\Models\RetentionPolicy;
use MicrosoftAzure\Storage\Common\Models\ServiceProperties;
use WindowsAzure\Common\Internal\Utilities;
class BlobServiceFunctionalTestData
{
@ -61,7 +62,7 @@ class BlobServiceFunctionalTestData
public static function setupData($accountName)
{
$rInt = mt_rand(0, 1000000);
$rInt = Utilities::generateRandomInt(0, 1000000);
self::$_accountName = $accountName;
self::$testUniqueId = 'qa-'.$rInt.'-';
self::$nonExistContainerPrefix = 'qa-'.($rInt. 1).'-';

Просмотреть файл

@ -605,8 +605,8 @@ class UtilitiesTest extends TestCase
$initializationVector = str_pad($efectiveInitializationVector, 16, chr(255));
// Test
$ecnrypted = Utilities::ctrCrypt($data, $key, $initializationVector);
$decrypted = Utilities::ctrCrypt($ecnrypted, $key, $initializationVector);
$encrypted = Utilities::ctrCrypt($data, $key, $initializationVector);
$decrypted = Utilities::ctrCrypt($encrypted, $key, $initializationVector);
// Assert
$this->assertEquals($data, $decrypted);