From a6b0271560a41f5dbc52b4484491a6b3700bac52 Mon Sep 17 00:00:00 2001 From: chinpei215 Date: Sat, 24 Feb 2018 12:17:51 +0900 Subject: [PATCH] Remove Security::engine() We disscussed and decided to avoid auto selecting which extension to use. Instead, call Configure::write('Security.useOpenSsl', true) manually. --- lib/Cake/Test/Case/Utility/SecurityTest.php | 35 +++++---------------- lib/Cake/Utility/Security.php | 29 ++--------------- 2 files changed, 10 insertions(+), 54 deletions(-) diff --git a/lib/Cake/Test/Case/Utility/SecurityTest.php b/lib/Cake/Test/Case/Utility/SecurityTest.php index 545ba4b0b..2b1fe1ab7 100644 --- a/lib/Cake/Test/Case/Utility/SecurityTest.php +++ b/lib/Cake/Test/Case/Utility/SecurityTest.php @@ -36,7 +36,7 @@ class SecurityTest extends CakeTestCase { */ public function setUp() { parent::setUp(); - Security::engine(null); + Configure::delete('Security.useOpenSsl'); } /** @@ -46,26 +46,7 @@ class SecurityTest extends CakeTestCase { */ public function tearDown() { parent::tearDown(); - Security::engine(null); - } - -/** - * Tests that Security::engine() works - * - * @return void - */ - public function testEngine() { - if (extension_loaded('mcrypt')) { - $this->assertEquals('mcrypt', Security::engine()); - } - - $this->assertContains(Security::engine(), array('mcrypt', 'openssl')); - - Security::engine('mcrypt'); - $this->assertEquals('mcrypt', Security::engine()); - - Security::engine('openssl'); - $this->assertEquals('openssl', Security::engine()); + Configure::delete('Security.useOpenSsl'); } /** @@ -385,24 +366,24 @@ class SecurityTest extends CakeTestCase { */ public function testEncryptDecryptCompatibility($txt) { $this->skipIf(!extension_loaded('mcrypt'), 'This test requires mcrypt to be installed'); - $this->skipIf(!extension_loaded('openssl'), 'This test requires oepnssl to be installed'); - $this->skipIf(version_compare(PHP_VERSION, '5.3.3', '<'), 'This test requires PHP 5.3.3 or grater'); + $this->skipIf(!extension_loaded('openssl'), 'This test requires openssl to be installed'); + $this->skipIf(version_compare(PHP_VERSION, '5.3.3', '<'), 'This test requires PHP 5.3.3 or greater'); $key = '12345678901234567890123456789012'; - Security::engine('mcrypt'); + Configure::write('Security.useOpenSsl', false); $mcrypt = Security::encrypt($txt, $key); - Security::engine('openssl'); + Configure::write('Security.useOpenSsl', true); $openssl = Security::encrypt($txt, $key); $this->assertEquals(strlen($mcrypt), strlen($openssl)); - Security::engine('mcrypt'); + Configure::write('Security.useOpenSsl', false); $this->assertEquals($txt, Security::decrypt($mcrypt, $key)); $this->assertEquals($txt, Security::decrypt($openssl, $key)); - Security::engine('openssl'); + Configure::write('Security.useOpenSsl', true); $this->assertEquals($txt, Security::decrypt($mcrypt, $key)); $this->assertEquals($txt, Security::decrypt($openssl, $key)); } diff --git a/lib/Cake/Utility/Security.php b/lib/Cake/Utility/Security.php index 739874c09..322b29d9e 100644 --- a/lib/Cake/Utility/Security.php +++ b/lib/Cake/Utility/Security.php @@ -25,13 +25,6 @@ App::uses('CakeText', 'Utility'); */ class Security { -/** - * The encryption engine - * - * @var string - */ - protected static $_engine = null; - /** * Default hash method * @@ -359,7 +352,7 @@ class Security { // Generate the encryption and hmac key. $key = substr(hash('sha256', $key . $hmacSalt), 0, 32); - if (static::engine() === 'openssl') { + if (Configure::read('Security.useOpenSsl')) { $method = 'AES-256-CBC'; $ivSize = openssl_cipher_iv_length($method); $iv = openssl_random_pseudo_bytes($ivSize); @@ -426,7 +419,7 @@ class Security { return false; } - if (static::engine() === 'openssl') { + if (Configure::read('Security.useOpenSsl')) { $method = 'AES-256-CBC'; $ivSize = openssl_cipher_iv_length($method); $iv = substr($cipher, 0, $ivSize); @@ -446,22 +439,4 @@ class Security { return rtrim($plain, "\0"); } -/** - * Set or get the encryption engine - * - * @param string $engine The encryption engine to use - * @return string - */ - public static function engine($engine = null) { - if (func_num_args() > 0) { - static::$_engine = $engine; - } elseif (static::$_engine === null) { - static::$_engine = 'mcrypt'; - if (!extension_loaded('mcrypt') && extension_loaded('openssl') && version_compare(PHP_VERSION, '5.3.3', '>=')) { - static::$_engine = 'openssl'; - } - } - return static::$_engine; - } - }