}
}
- if ( function_exists( 'mcrypt_encrypt' )
- && in_array( 'rijndael-128', mcrypt_list_algorithms(), true )
- ) {
- $modes = mcrypt_list_modes();
- if ( in_array( 'ctr', $modes, true ) ) {
- self::$encryptionAlgorithm = [ 'mcrypt', 'rijndael-128', 'ctr' ];
- return self::$encryptionAlgorithm;
- }
- if ( in_array( 'cbc', $modes, true ) ) {
- self::$encryptionAlgorithm = [ 'mcrypt', 'rijndael-128', 'cbc' ];
- return self::$encryptionAlgorithm;
- }
- }
-
if ( $wgSessionInsecureSecrets ) {
// @todo: import a pure-PHP library for AES instead of this
self::$encryptionAlgorithm = [ 'insecure' ];
}
throw new \BadMethodCallException(
- 'Encryption is not available. You really should install the PHP OpenSSL extension, ' .
- 'or failing that the mcrypt extension. But if you really can\'t and you\'re willing ' .
+ 'Encryption is not available. You really should install the PHP OpenSSL extension. ' .
+ 'But if you really can\'t and you\'re willing ' .
'to accept insecure storage of sensitive session data, set ' .
'$wgSessionInsecureSecrets = true in LocalSettings.php to make this exception go away.'
);
throw new \UnexpectedValueException( 'Encryption failed: ' . openssl_error_string() );
}
break;
- case 'mcrypt':
- // PKCS7 padding
- $blocksize = mcrypt_get_block_size( $algorithm[1], $algorithm[2] );
- $pad = $blocksize - ( strlen( $serialized ) % $blocksize );
- $serialized .= str_repeat( chr( $pad ), $pad );
-
- $ciphertext = mcrypt_encrypt( $algorithm[1], $encKey, $serialized, $algorithm[2], $iv );
- if ( $ciphertext === false ) {
- throw new \UnexpectedValueException( 'Encryption failed' );
- }
- break;
case 'insecure':
$ex = new \Exception( 'No encryption is available, storing data as plain text' );
$this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] );
return $default;
}
break;
- case 'mcrypt':
- $serialized = mcrypt_decrypt( $algorithm[1], $encKey, base64_decode( $ciphertext ),
- $algorithm[2], base64_decode( $iv ) );
- if ( $serialized === false ) {
- $ex = new \Exception( 'Decyption failed' );
- $this->logger->debug( $ex->getMessage(), [ 'exception' => $ex ] );
- return $default;
- }
-
- // Remove PKCS7 padding
- $pad = ord( substr( $serialized, -1 ) );
- $serialized = substr( $serialized, 0, -$pad );
- break;
case 'insecure':
$ex = new \Exception(
'No encryption is available, retrieving data that was stored as plain text'