Bugfix Version jump probably has a BC (from 2.7.1 to 2.7.2)

[weierophinney]

Hi Zend-Filter Team,

unfortunately the last bugfix update seems to contain a BC.

This is the diff i am talking about.
zendframework/zend-filter@76a6967#diff-d178b1651bd6efe807b184425f956970

The commit message actually just says "Ensure tests run against all PHP versions" but in fact in the file src/Encrypt/BlockCipher.php in line 66 and then 68 there is a breaking change.

Background:

• we are using Zend-Crypt v3.1.0 already for quite a while.
• we are using Zend-Filter as well (lastest before the update in v2.7.1)
• we are using mcrypt to encrypt strings (with rijndael-128 as the algorithm)

The Problem:

• with the v2.7.2 (bugfix version) the $cipherType was changed from hardcoded mcrypt to a value that is fetched from the SymmetricPluginManager in the file mentioned above
• i am talking about those lines

$cipherPluginManager = CryptBlockCipher::getSymmetricPluginManager();
$cipherType = $cipherPluginManager->has('openssl') ? 'openssl' : 'mcrypt';

• the problem is that $cipherPluginManager->has('openssl') will always return true if you use Zend-Crypt > v3
• the real problem derives from that because there is no setting to tell the SymmetricPluginManager or the BlockChiper class which cipherType to use but it is implicitly set

The Result:

• as a result whenever the Crypt class is loaded with the algorithm we use (rijndael-128) it will fail because the openssl implementation does not contain this algo in the $encryptionAlgosproperty
• it fails because this particular algo can only be found in the mcrypt class

Possible Solution:

• have a possibility to let the user decide which cipherType to use
• the default might still be set to openssl but it would be really helpful to have the possibility to override that, e.g. from within the global config

Thats my report for now. Shall i create a PullRequest for a potential change including setting the desired cipherType from the config?

Thanks in advance.

---

Originally posted by @null9beta at zendframework/zend-filter#57

[weierophinney]

@null9beta

the problem is that $cipherPluginManager->has('openssl') will always return true if you use Zend-Crypt > v3

Right.

the real problem derives from that because there is no setting to tell the SymmetricPluginManager or the BlockChiper class which cipherType to use but it is implicitly set

You can set your own SymmetricPluginManager.

---

Thanks for reporting!

---

Originally posted by @froschdesign at zendframework/zend-filter#57 (comment)

[weierophinney]

@froschdesign
First of all thanks for getting back that quick. You are right. I did not recognize it can explicitly set the SymmetricPluginManager like that. Thanks. That definitely will solve it for the moment.

---

Originally posted by @null9beta at zendframework/zend-filter#57 (comment)

[weierophinney]

@froschdesign What about this issue? It has milestone 2.7.3 but I don't think so it's going to be released as we already have 2.8.0 and this problem seems to be not resolved there...

---

Originally posted by @michalbundyra at zendframework/zend-filter#57 (comment)

[gsteel]

Closing as stale