From a20e9e054dc76b79ca349d05d14ade3cc49e671a Mon Sep 17 00:00:00 2001 From: wapplay Date: Fri, 6 Dec 2019 23:23:44 +0300 Subject: [PATCH] use random_compat --- .travis.yml | 6 -- composer.json | 3 +- .../TraditionalPkwareEncryptionEngine.php | 8 ++- src/PhpZip/Crypto/WinZipAesEngine.php | 7 ++- src/PhpZip/Util/CryptoUtil.php | 26 +++----- tests/PhpZip/Issue24Test.php | 4 +- tests/PhpZip/ZipAlignTest.php | 11 ++-- tests/PhpZip/ZipFileTest.php | 60 +++++++++++-------- tests/PhpZip/ZipMatcherTest.php | 6 +- tests/PhpZip/ZipPasswordTest.php | 13 ++-- tests/PhpZip/ZipTestCase.php | 1 + 11 files changed, 75 insertions(+), 70 deletions(-) diff --git a/.travis.yml b/.travis.yml index 07dc34d..a3328f5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,12 +10,6 @@ php: - '7.3' - '7.4' -# cache vendor dirs -cache: - directories: - - vendor - - $HOME/.composer/cache - install: - travis_retry composer self-update && composer --version - travis_retry composer install --no-interaction diff --git a/composer.json b/composer.json index 6f0c4dc..b0a938f 100644 --- a/composer.json +++ b/composer.json @@ -23,7 +23,8 @@ "require": { "php": "^5.5 || ^7.0", "ext-zlib": "*", - "psr/http-message": "^1.0" + "psr/http-message": "^1.0", + "paragonie/random_compat": ">=1 <9.99" }, "require-dev": { "phpunit/phpunit": "^4.8|^5.7", diff --git a/src/PhpZip/Crypto/TraditionalPkwareEncryptionEngine.php b/src/PhpZip/Crypto/TraditionalPkwareEncryptionEngine.php index a90dff5..bc8ab45 100644 --- a/src/PhpZip/Crypto/TraditionalPkwareEncryptionEngine.php +++ b/src/PhpZip/Crypto/TraditionalPkwareEncryptionEngine.php @@ -6,7 +6,6 @@ use PhpZip\Exception\RuntimeException; use PhpZip\Exception\ZipAuthenticationException; use PhpZip\Exception\ZipCryptoException; use PhpZip\Model\ZipEntry; -use PhpZip\Util\CryptoUtil; use PhpZip\Util\PackUtil; /** @@ -430,7 +429,12 @@ class TraditionalPkwareEncryptionEngine implements ZipEncryptionEngine $crc = $this->entry->isDataDescriptorRequired() ? ($this->entry->getDosTime() & 0x0000ffff) << 16 : $this->entry->getCrc(); - $headerBytes = CryptoUtil::randomBytes(self::STD_DEC_HDR_SIZE); + + try { + $headerBytes = random_bytes(self::STD_DEC_HDR_SIZE); + } catch (\Exception $e) { + throw new \RuntimeException('Oops, our server is bust and cannot generate any random data.', 1, $e); + } // Initialize again since the generated bytes were encrypted. $password = $this->entry->getPassword(); diff --git a/src/PhpZip/Crypto/WinZipAesEngine.php b/src/PhpZip/Crypto/WinZipAesEngine.php index d050fca..97d8e44 100644 --- a/src/PhpZip/Crypto/WinZipAesEngine.php +++ b/src/PhpZip/Crypto/WinZipAesEngine.php @@ -8,7 +8,6 @@ use PhpZip\Exception\ZipCryptoException; use PhpZip\Exception\ZipException; use PhpZip\Extra\Fields\WinZipAesEntryExtraField; use PhpZip\Model\ZipEntry; -use PhpZip\Util\CryptoUtil; /** * WinZip Aes Encryption Engine. @@ -262,7 +261,11 @@ class WinZipAesEngine implements ZipEncryptionEngine ); $keyStrengthBytes = $keyStrengthBits / 8; - $salt = CryptoUtil::randomBytes($keyStrengthBytes / 2); + try { + $salt = random_bytes($keyStrengthBytes / 2); + } catch (\Exception $e) { + throw new \RuntimeException('Oops, our server is bust and cannot generate any random data.', 1, $e); + } $keyParam = hash_pbkdf2( 'sha1', diff --git a/src/PhpZip/Util/CryptoUtil.php b/src/PhpZip/Util/CryptoUtil.php index 0d7958b..d2da78f 100644 --- a/src/PhpZip/Util/CryptoUtil.php +++ b/src/PhpZip/Util/CryptoUtil.php @@ -2,10 +2,10 @@ namespace PhpZip\Util; -use PhpZip\Exception\RuntimeException; - /** * Crypto Utils. + * + * @deprecated */ class CryptoUtil { @@ -14,26 +14,14 @@ class CryptoUtil * * @param int $length * + * @throws \Exception + * * @return string + * + * @deprecated Use random_bytes() */ final public static function randomBytes($length) { - $length = (int) $length; - - if (\function_exists('random_bytes')) { - try { - return random_bytes($length); - } catch (\Exception $e) { - throw new \RuntimeException('Could not generate a random string.'); - } - } elseif (\function_exists('openssl_random_pseudo_bytes')) { - /** @noinspection PhpComposerExtensionStubsInspection */ - return openssl_random_pseudo_bytes($length); - } elseif (\function_exists('mcrypt_create_iv')) { - /** @noinspection PhpComposerExtensionStubsInspection */ - return mcrypt_create_iv($length); - } else { - throw new RuntimeException('Extension openssl or mcrypt not loaded'); - } + return random_bytes($length); } } diff --git a/tests/PhpZip/Issue24Test.php b/tests/PhpZip/Issue24Test.php index 710935d..6e33163 100644 --- a/tests/PhpZip/Issue24Test.php +++ b/tests/PhpZip/Issue24Test.php @@ -3,7 +3,6 @@ namespace PhpZip; use PhpZip\Exception\ZipException; -use PhpZip\Util\CryptoUtil; /** * @internal @@ -22,10 +21,11 @@ class Issue24Test extends ZipTestCase /** * @throws ZipException + * @throws \Exception */ public function testDummyFS() { - $fileContents = str_repeat(base64_encode(CryptoUtil::randomBytes(12000)), 100); + $fileContents = str_repeat(base64_encode(random_bytes(12000)), 100); // create zip file $zip = new ZipFile(); diff --git a/tests/PhpZip/ZipAlignTest.php b/tests/PhpZip/ZipAlignTest.php index 8201b83..f6b8f4f 100644 --- a/tests/PhpZip/ZipAlignTest.php +++ b/tests/PhpZip/ZipAlignTest.php @@ -3,7 +3,6 @@ namespace PhpZip; use PhpZip\Exception\ZipException; -use PhpZip\Util\CryptoUtil; /** * Test ZipAlign. @@ -53,7 +52,7 @@ class ZipAlignTest extends ZipTestCase for ($i = 0; $i < 100; $i++) { $zipFile->addFromString( 'entry' . $i . '.txt', - CryptoUtil::randomBytes(mt_rand(100, 4096)), + random_bytes(mt_rand(100, 4096)), ZipFile::METHOD_STORED ); } @@ -87,6 +86,7 @@ class ZipAlignTest extends ZipTestCase /** * @throws ZipException + * @throws \Exception */ public function testZipAlignNewFiles() { @@ -94,7 +94,7 @@ class ZipAlignTest extends ZipTestCase for ($i = 0; $i < 100; $i++) { $zipFile->addFromString( 'entry' . $i . '.txt', - CryptoUtil::randomBytes(mt_rand(100, 4096)), + random_bytes(mt_rand(100, 4096)), ZipFile::METHOD_STORED ); } @@ -115,6 +115,7 @@ class ZipAlignTest extends ZipTestCase /** * @throws ZipException + * @throws \Exception */ public function testZipAlignFromModifiedZipArchive() { @@ -122,7 +123,7 @@ class ZipAlignTest extends ZipTestCase for ($i = 0; $i < 100; $i++) { $zipFile->addFromString( 'entry' . $i . '.txt', - CryptoUtil::randomBytes(mt_rand(100, 4096)), + random_bytes(mt_rand(100, 4096)), ZipFile::METHOD_STORED ); } @@ -147,7 +148,7 @@ class ZipAlignTest extends ZipTestCase $zipFile->addFromString( 'entry_new_' . ($isStored ? 'stored' : 'deflated') . '_' . $i . '.txt', - CryptoUtil::randomBytes(mt_rand(100, 4096)), + random_bytes(mt_rand(100, 4096)), $isStored ? ZipFile::METHOD_STORED : ZipFile::METHOD_DEFLATED diff --git a/tests/PhpZip/ZipFileTest.php b/tests/PhpZip/ZipFileTest.php index 5f80f95..3ad1b22 100644 --- a/tests/PhpZip/ZipFileTest.php +++ b/tests/PhpZip/ZipFileTest.php @@ -8,7 +8,6 @@ use PhpZip\Exception\ZipException; use PhpZip\Exception\ZipUnsupportMethodException; use PhpZip\Model\ZipEntry; use PhpZip\Model\ZipInfo; -use PhpZip\Util\CryptoUtil; use PhpZip\Util\FilesUtil; use Psr\Http\Message\ResponseInterface; use Zend\Diactoros\Response; @@ -68,6 +67,7 @@ class ZipFileTest extends ZipTestCase /** * @throws ZipException + * @throws \Exception */ public function testOpenFileInvalidZip() { @@ -76,7 +76,7 @@ class ZipFileTest extends ZipTestCase 'Expected Local File Header or (ZIP64) End Of Central Directory Record' ); - static::assertNotFalse(file_put_contents($this->outputFilename, CryptoUtil::randomBytes(255))); + static::assertNotFalse(file_put_contents($this->outputFilename, random_bytes(255))); $zipFile = new ZipFile(); $zipFile->openFile($this->outputFilename); } @@ -105,6 +105,7 @@ class ZipFileTest extends ZipTestCase /** * @throws ZipException + * @throws \Exception */ public function testOpenFromStringInvalidZip() { @@ -114,7 +115,7 @@ class ZipFileTest extends ZipTestCase ); $zipFile = new ZipFile(); - $zipFile->openFromString(CryptoUtil::randomBytes(255)); + $zipFile->openFromString(random_bytes(255)); } /** @@ -224,6 +225,7 @@ class ZipFileTest extends ZipTestCase /** * @throws ZipException + * @throws \Exception */ public function testOpenFromStreamInvalidZip() { @@ -233,7 +235,7 @@ class ZipFileTest extends ZipTestCase ); $fp = fopen($this->outputFilename, 'w+b'); - fwrite($fp, CryptoUtil::randomBytes(255)); + fwrite($fp, random_bytes(255)); $zipFile = new ZipFile(); $zipFile->openFromStream($fp); } @@ -800,32 +802,33 @@ class ZipFileTest extends ZipTestCase * Test zip entry comment. * * @throws ZipException + * @throws \Exception */ public function testEntryComment() { $entries = [ '文件1.txt' => [ - 'data' => CryptoUtil::randomBytes(255), + 'data' => random_bytes(255), 'comment' => '這是註釋的條目。', ], 'file2.txt' => [ - 'data' => CryptoUtil::randomBytes(255), + 'data' => random_bytes(255), 'comment' => null, ], 'file3.txt' => [ - 'data' => CryptoUtil::randomBytes(255), - 'comment' => CryptoUtil::randomBytes(255), + 'data' => random_bytes(255), + 'comment' => random_bytes(255), ], 'file4.txt' => [ - 'data' => CryptoUtil::randomBytes(255), + 'data' => random_bytes(255), 'comment' => 'Комментарий файла', ], 'file5.txt' => [ - 'data' => CryptoUtil::randomBytes(255), + 'data' => random_bytes(255), 'comment' => 'ไฟล์แสดงความคิดเห็น', ], 'file6 emoji 🙍🏼.txt' => [ - 'data' => CryptoUtil::randomBytes(255), + 'data' => random_bytes(255), 'comment' => 'Emoji comment file - 😀 ⛈ ❤️ 🤴🏽', ], ]; @@ -903,17 +906,18 @@ class ZipFileTest extends ZipTestCase * Test all available support compression methods. * * @throws ZipException + * @throws \Exception */ public function testCompressionMethod() { $entries = [ '1' => [ - 'data' => CryptoUtil::randomBytes(255), + 'data' => random_bytes(255), 'method' => ZipFile::METHOD_STORED, 'expected' => 'No compression', ], '2' => [ - 'data' => CryptoUtil::randomBytes(255), + 'data' => random_bytes(255), 'method' => ZipFile::METHOD_DEFLATED, 'expected' => 'Deflate', ], @@ -921,7 +925,7 @@ class ZipFileTest extends ZipTestCase if (\extension_loaded('bz2')) { $entries['3'] = [ - 'data' => CryptoUtil::randomBytes(255), + 'data' => random_bytes(255), 'method' => ZipFile::METHOD_BZIP2, 'expected' => 'Bzip2', ]; @@ -976,13 +980,14 @@ class ZipFileTest extends ZipTestCase * Test extract all files. * * @throws ZipException + * @throws \Exception */ public function testExtract() { $entries = [ - 'test1.txt' => CryptoUtil::randomBytes(255), - 'test2.txt' => CryptoUtil::randomBytes(255), - 'test/test 2/test3.txt' => CryptoUtil::randomBytes(255), + 'test1.txt' => random_bytes(255), + 'test2.txt' => random_bytes(255), + 'test/test 2/test3.txt' => random_bytes(255), 'test empty/dir' => null, ]; @@ -1022,17 +1027,18 @@ class ZipFileTest extends ZipTestCase * Test extract some files. * * @throws ZipException + * @throws \Exception */ public function testExtractSomeFiles() { $entries = [ - 'test1.txt' => CryptoUtil::randomBytes(255), - 'test2.txt' => CryptoUtil::randomBytes(255), - 'test3.txt' => CryptoUtil::randomBytes(255), - 'test4.txt' => CryptoUtil::randomBytes(255), - 'test5.txt' => CryptoUtil::randomBytes(255), - 'test/test/test.txt' => CryptoUtil::randomBytes(255), - 'test/test/test 2.txt' => CryptoUtil::randomBytes(255), + 'test1.txt' => random_bytes(255), + 'test2.txt' => random_bytes(255), + 'test3.txt' => random_bytes(255), + 'test4.txt' => random_bytes(255), + 'test5.txt' => random_bytes(255), + 'test/test/test.txt' => random_bytes(255), + 'test/test/test 2.txt' => random_bytes(255), 'test empty/dir/' => null, 'test empty/dir2/' => null, ]; @@ -1684,13 +1690,14 @@ class ZipFileTest extends ZipTestCase * Test `ZipFile` implemented \ArrayAccess, \Countable and |iterator. * * @throws ZipException + * @throws \Exception */ public function testZipFileArrayAccessAndCountableAndIterator() { $files = []; $numFiles = mt_rand(20, 100); for ($i = 0; $i < $numFiles; $i++) { - $files['file' . $i . '.txt'] = CryptoUtil::randomBytes(255); + $files['file' . $i . '.txt'] = random_bytes(255); } $methods = [ZipFile::METHOD_STORED, ZipFile::METHOD_DEFLATED]; @@ -1799,13 +1806,14 @@ class ZipFileTest extends ZipTestCase /** * @throws Exception\ZipEntryNotFoundException * @throws ZipException + * @throws \Exception */ public function testUnknownCompressionMethod() { $zipFile = new ZipFile(); $zipFile->addFromString('file', 'content', ZipEntry::UNKNOWN); - $zipFile->addFromString('file2', base64_encode(CryptoUtil::randomBytes(512)), ZipEntry::UNKNOWN); + $zipFile->addFromString('file2', base64_encode(random_bytes(512)), ZipEntry::UNKNOWN); static::assertSame($zipFile->getEntryInfo('file')->getMethodName(), 'Unknown'); static::assertSame($zipFile->getEntryInfo('file2')->getMethodName(), 'Unknown'); diff --git a/tests/PhpZip/ZipMatcherTest.php b/tests/PhpZip/ZipMatcherTest.php index 11d8fc7..345fa3d 100644 --- a/tests/PhpZip/ZipMatcherTest.php +++ b/tests/PhpZip/ZipMatcherTest.php @@ -5,7 +5,6 @@ namespace PhpZip; use PHPUnit\Framework\TestCase; use PhpZip\Model\ZipEntryMatcher; use PhpZip\Model\ZipInfo; -use PhpZip\Util\CryptoUtil; /** * @internal @@ -73,11 +72,14 @@ class ZipMatcherTest extends TestCase $zipFile->close(); } + /** + * @throws \Exception + */ public function testDocsExample() { $zipFile = new ZipFile(); for ($i = 0; $i < 100; $i++) { - $zipFile['file_' . $i . '.jpg'] = CryptoUtil::randomBytes(100); + $zipFile['file_' . $i . '.jpg'] = random_bytes(100); } $renameEntriesArray = [ diff --git a/tests/PhpZip/ZipPasswordTest.php b/tests/PhpZip/ZipPasswordTest.php index b147b70..7ab39d7 100644 --- a/tests/PhpZip/ZipPasswordTest.php +++ b/tests/PhpZip/ZipPasswordTest.php @@ -7,7 +7,6 @@ use PhpZip\Exception\ZipAuthenticationException; use PhpZip\Exception\ZipEntryNotFoundException; use PhpZip\Exception\ZipException; use PhpZip\Model\ZipInfo; -use PhpZip\Util\CryptoUtil; /** * Tests with zip password. @@ -22,6 +21,7 @@ class ZipPasswordTest extends ZipFileAddDirTest * Test archive password. * * @throws ZipException + * @throws \Exception * @noinspection PhpRedundantCatchClauseInspection */ public function testSetPassword() @@ -33,7 +33,7 @@ class ZipPasswordTest extends ZipFileAddDirTest ); } - $password = base64_encode(CryptoUtil::randomBytes(100)); + $password = base64_encode(random_bytes(100)); $badPassword = 'bad password'; // create encryption password with ZipCrypto @@ -121,6 +121,7 @@ class ZipPasswordTest extends ZipFileAddDirTest /** * @throws ZipException + * @throws \Exception */ public function testTraditionalEncryption() { @@ -131,7 +132,7 @@ class ZipPasswordTest extends ZipFileAddDirTest ); } - $password = base64_encode(CryptoUtil::randomBytes(50)); + $password = base64_encode(random_bytes(50)); $zip = new ZipFile(); $zip->addDirRecursive($this->outputDirname); @@ -161,10 +162,11 @@ class ZipPasswordTest extends ZipFileAddDirTest * @param int $bitSize * * @throws ZipException + * @throws \Exception */ public function testWinZipAesEncryption($encryptionMethod, $bitSize) { - $password = base64_encode(CryptoUtil::randomBytes(50)); + $password = base64_encode(random_bytes(50)); $zip = new ZipFile(); $zip->addDirRecursive($this->outputDirname); @@ -415,11 +417,12 @@ class ZipPasswordTest extends ZipFileAddDirTest * @see https://github.com/Ne-Lexa/php-zip/issues/9 * * @throws ZipException + * @throws \Exception */ public function testIssues9() { $contents = str_pad('', 1000, 'test;test2;test3' . \PHP_EOL, \STR_PAD_RIGHT); - $password = base64_encode(CryptoUtil::randomBytes(20)); + $password = base64_encode(random_bytes(20)); $encryptMethod = ZipFile::ENCRYPTION_METHOD_WINZIP_AES_256; $zipFile = new ZipFile(); diff --git a/tests/PhpZip/ZipTestCase.php b/tests/PhpZip/ZipTestCase.php index a00e172..3710459 100644 --- a/tests/PhpZip/ZipTestCase.php +++ b/tests/PhpZip/ZipTestCase.php @@ -63,6 +63,7 @@ abstract class ZipTestCase extends TestCase $command .= ' -P ' . escapeshellarg($password); } $command .= ' -t ' . escapeshellarg($filename); + $command .= ' 2>&1'; exec($command, $output, $returnCode); $output = implode(\PHP_EOL, $output);