PHP 7.1 uses OpenSSL instead of mcrypt to decrypt the _php technique

Source: Internet
Author: User
Tags mcrypt ord
Recently in use PHPThe development of the public number function was found in PHP7.1 MCrypt has been discarded, but can only find the corresponding solution to replace, so this article mainly to you about the PHP7.1 In the use of OpenSSL instead of MCrypt encryption and decryption of relevant information, the need for friends can refer to.





Profile:



The new features of php7.1 have attracted many phper, and everyone is discussing the benefits and conveniences of new features. But upgrading from php7.0 to php7.1 (obsolete) is an extension (mcrypt extension) that has been widely used in the past. The official provided the corresponding solution, but did not provide a more detailed solution. So the pit came:



Today, when connecting to a content management system using an open platform, it has failed to bind the public number.



Reason:



debugging, the direct reason is because the open platform filled with the authorization event (the authorization event every 10 minutes to send an event to update ticket), namely:






This place filled in the URL, debugging found that this URL is correct, there are every 10 minutes pushed to come over, but to the last direct receive ticket, see Code Discovery is because the decrypted data when the error:





<?php 
 
function aes_decode($message, $encodingaeskey = '', $appid = '') { 
 $key = base64_decode($encodingaeskey . '='); 
 
 $ciphertext_dec = base64_decode($message); 
 $iv = substr($key, 0, 16); 
 
 $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); 
 mcrypt_generic_init($module, $key, $iv); 
 $decrypted = mdecrypt_generic($module, $ciphertext_dec); 
 mcrypt_generic_deinit($module); 
 mcrypt_module_close($module); 
 
 $pad = ord(substr($decrypted, -1)); 
 if ($pad < 1 || $pad > 32) { 
 $pad = 0; 
 }






This is the place, because my environment is PHP 7.1, find data found PHP 7.1 has abandoned mcrypt, so the code inside the mcrypt_* are not able to run.



Solve:



Find data discovery, you can replace MCrypt with OpenSSL (provided the OpenSSL extension is already installed, but is usually installed by default)



OpenSSL is a powerful toolkit that integrates a wide range of cryptographic algorithms and utilities. We can use the command desk tools it provides to generate keys, certificates to encrypt and decrypt files, or to encrypt the transmitted information in code using the API interfaces it provides.



So the above code can be changed to:





<?php
 
function aes_decode($message, $encodingaeskey ='', $appid ='') {
  $key = base64_decode($encodingaeskey.'=');
 
  $ciphertext_dec = base64_decode($message);
  $iv = substr($key, 0, 16);
 
  /* The mcrypt symmetric decryption code has been abandoned in PHP7.1, so use the following openssl instead
  $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128,'', MCRYPT_MODE_CBC,'');
  mcrypt_generic_init($module, $key, $iv);
  $decrypted = mdecrypt_generic($module, $ciphertext_dec);
  mcrypt_generic_deinit($module);
  mcrypt_module_close($module);
  */
  $decrypted = openssl_decrypt($ciphertext_dec,'AES-256-CBC', $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
 
  $pad = ord(substr($decrypted, -1));
  if ($pad <1 || $pad> 32) {
  $pad = 0;
  }





Add:



The above decryption has been modified, then the corresponding MCrypt encryption needs to be modified, if not changed, will cause not to publish the whole network and can not push messages and other events
The encrypted source code is as follows:





<?php 
function aes_encode($message, $encodingaeskey = '', $appid = '') { 
 $key = base64_decode($encodingaeskey . '='); 
 $text = random(16) . pack("N", strlen($message)) . $message . $appid; 
 $iv = substr($key, 0, 16); 
 
 $block_size = 32; 
 $text_length = strlen($text); 
 $amount_to_pad = $block_size - ($text_length % $block_size); 
 if ($amount_to_pad == 0) { 
 $amount_to_pad = $block_size; 
 } 
 $pad_chr = chr($amount_to_pad); 
 $tmp = ''; 
 for ($index = 0; $index < $amount_to_pad; $index++) { 
 $tmp .= $pad_chr; 
 } 
 $text = $text . $tmp; 
 $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); 
 $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); 
 mcrypt_generic_init($module, $key, $iv); 
 $encrypted = mcrypt_generic($module, $text); 
 mcrypt_generic_deinit($module); 
 mcrypt_module_close($module); 
 
 $encrypt_msg = base64_encode($encrypted); 
 return $encrypt_msg; 
}





The modified code is:





<?php
function aes_encode($message, $encodingaeskey ='', $appid ='') {
 $key = base64_decode($encodingaeskey.'=');
 $text = random(16). pack("N", strlen($message)). $message. $appid;
 $iv = substr($key, 0, 16);
 
 $block_size = 32;
 $text_length = strlen($text);
 $amount_to_pad = $block_size-($text_length% $block_size);
 if ($amount_to_pad == 0) {
 $amount_to_pad = $block_size;
 }
 $pad_chr = chr($amount_to_pad);
 $tmp ='';
 for ($index = 0; $index <$amount_to_pad; $index++) {
 $tmp .= $pad_chr;
 }
 $text = $text. $tmp;
 /* The mcrypt symmetric encryption code has been abandoned in PHP7.1, so use the following openssl instead
 $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
 $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128,'', MCRYPT_MODE_CBC,'');
 mcrypt_generic_init($module, $key, $iv);
 $encrypted = mcrypt_generic($module, $text);
 mcrypt_generic_deinit($module);
 mcrypt_module_close($module);
 */
 
 $encrypted = openssl_encrypt($text,'AES-256-CBC', $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
 $encrypt_msg = base64_encode($encrypted);
 return $encrypt_msg;
} 





Special Note: all involved in the development process, if it has been upgraded to PHP 7.1, then it is necessary to check whether the use of mcrypt symmetric plus decryption, the development document used in the demo is also using MCrypt encryption, which needs to be noted.



Summarize


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.