From cceca8af6e270db12f59ea2319dd29379e861da6 Mon Sep 17 00:00:00 2001 From: Paulo Rodrigues Pinto Date: Sun, 22 Jan 2017 17:37:59 +0000 Subject: [PATCH] Deprecate usage of mcrypt (#200) --- CHANGELOG.md | 3 ++- Cryptography/MCryptEncryptionService.php | 8 +++++--- README.md | 2 +- Resources/doc/guides/mcrypt.rst | 4 ++++ Resources/doc/setup.rst | 24 +++++++++--------------- 5 files changed, 21 insertions(+), 20 deletions(-) create mode 100644 Resources/doc/guides/mcrypt.rst diff --git a/CHANGELOG.md b/CHANGELOG.md index 35b44c05..06789a13 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,12 +15,13 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p ### Deprecated - The service `payment.encryption_service` has been deprecated and is now an alias to `payment.encryption.mcrypt`. Parameters specified for `payment.encryption_service` are automatically set for `payment.encryption.mcrypt` so no changes are required in service configuration until `payment.encryption_service` is removed in 2.0. - The `secret` configuration option has been deprecated in favor of `encryption.secret` and will be removed in 2.0. Please note that if you start using `encryption.secret` you also need to set `encryption.provider` to `mcrypt` since mcrypt is not the default when using the `encryption.*` options. +- `JMS\Payment\CoreBundle\Cryptography\MCryptEncryptionService` has been deprecated and will be removed in 2.0 (`mcrypt` has been deprecated in PHP 7.1 and is removed in PHP 7.2). Refer to http://jmspaymentcorebundle.readthedocs.io/en/stable/guides/mcrypt.html for instructions on how to migrate away from `mcrypt`. ### Added - Added support for custom encryption providers. - Added support for data encryption with [defuse/php-encryption](https://github.com/defuse/php-encryption). -- Added ability to configure which crypto provider should be used. Current available options are `mcrypt` (not recommended since it will be removed in PHP 7.2) and `defuse_php_encryption`. - Added console command to generate an encryption key for use with `defuse_php_encryption`. +- Added ability to configure which encryption provider should be used. Current available options are `mcrypt` (not recommended since it will be removed in PHP 7.2) and `defuse_php_encryption`. ### Removed - Removed support for PHP 5.3. If you're still using PHP 5.3, please consider upgrading since it reached End Of Life in August 2014. Otherwise, use `1.2.*`. diff --git a/Cryptography/MCryptEncryptionService.php b/Cryptography/MCryptEncryptionService.php index e8a0ffb5..54d8e48b 100644 --- a/Cryptography/MCryptEncryptionService.php +++ b/Cryptography/MCryptEncryptionService.php @@ -46,11 +46,13 @@ public function __construct($secret, $cipher = 'rijndael-256', $mode = 'ctr') throw new \RuntimeException('The mcrypt extension must be loaded.'); } - if (!in_array($cipher, mcrypt_list_algorithms(), true)) { + @trigger_error('mcrypt has been deprecated in PHP 7.1 and is removed in PHP 7.2. Refer to http://jmspaymentcorebundle.readthedocs.io/en/stable/guides/mcrypt.html for instructions on how to migrate away from mcrypt', E_USER_DEPRECATED); + + if (!in_array($cipher, @mcrypt_list_algorithms(), true)) { throw new \InvalidArgumentException(sprintf('The cipher "%s" is not supported.', $cipher)); } - if (!in_array($mode, mcrypt_list_modes(), true)) { + if (!in_array($mode, @mcrypt_list_modes(), true)) { throw new \InvalidArgumentException(sprintf('The mode "%s" is not supported.', $mode)); } @@ -62,7 +64,7 @@ public function __construct($secret, $cipher = 'rijndael-256', $mode = 'ctr') } $key = hash('sha256', $secret, true); - if (strlen($key) > $size = mcrypt_get_key_size($this->cipher, $this->mode)) { + if (strlen($key) > $size = @mcrypt_get_key_size($this->cipher, $this->mode)) { $key = substr($key, 0, $size); } $this->key = $key; diff --git a/README.md b/README.md index e44b8fb4..6f16ea36 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Features: - Persistence of financial entities (such as payments, transactions, etc.) - Transaction management including retry logic - Encryption of sensitive data -- Supports [many](http://jmspaymentcorebundle.readthedocs.io/en/latest/backends.html) payment backends out of the box +- Supports [many](http://jmspaymentcorebundle.readthedocs.io/en/stable/backends.html) payment backends out of the box - Easily support other payment backends # Documentation diff --git a/Resources/doc/guides/mcrypt.rst b/Resources/doc/guides/mcrypt.rst new file mode 100644 index 00000000..92c310f1 --- /dev/null +++ b/Resources/doc/guides/mcrypt.rst @@ -0,0 +1,4 @@ +Migrating from Mcrypt +===================== + +Coming soon diff --git a/Resources/doc/setup.rst b/Resources/doc/setup.rst index 6273f435..e09d2b0d 100644 --- a/Resources/doc/setup.rst +++ b/Resources/doc/setup.rst @@ -25,9 +25,7 @@ And register the bundle in your ``AppKernel.php``: Configuration ------------- -The configuration is as simple as setting a random secret which will be used for encrypting data, in case this is requested. - -You can generate the secret with the following command: +The configuration is as simple as setting an encryption key which will be used for encrypting data. You can generate a random key with the following command: .. code-block :: bash @@ -35,22 +33,20 @@ You can generate the secret with the following command: And then use it in your configuration: -.. configuration-block :: - - .. code-block :: yaml +.. code-block :: yaml - # app/config/config.yml - jms_payment_core: - encryption: - secret: output_of_above_command + # app/config/config.yml + jms_payment_core: + encryption: + secret: output_of_above_command .. warning :: - If you change the secret, all data encrypted with the old secret will become unreadable. + If you change the ``secret`` or the ``crypto`` provider, all encrypted data will become unreadable. Create database tables ---------------------- -This bundle requires a few database tables to function. You can create these tables as follows. +This bundle requires a few database tables, which you can create as follows. If you're not using database migrations: @@ -65,14 +61,13 @@ Or, if you're using migrations: bin/console doctrine:migrations:diff bin/console doctrine:migrations:migrate -.. warning :: +.. note :: It's assumed you have entity auto mapping enabled, which is usually the case. If you don't, you need to either enable it: .. code-block :: yaml # app/config/config.yml - doctrine: orm: auto_mapping: true @@ -82,7 +77,6 @@ Or, if you're using migrations: .. code-block :: yaml # app/config/config.yml - doctrine: orm: mappings: