I was just running phpcs with the PHPCompatibility sniffs to assess the feasibility of migrating our Lockr-supported sites to PHP 7.2 and I got this output:

FILE: src/Lockr/KeyWrapper/LockrAesCbcKeyWrapper.php
----------------------------------------------------------------------------------------------------------------------
FOUND 12 ERRORS AFFECTING 7 LINES
----------------------------------------------------------------------------------------------------------------------
 21 | ERROR | The constant "MCRYPT_RIJNDAEL_256" is deprecated since PHP 7.1 and removed since PHP 7.2
 22 | ERROR | The constant "MCRYPT_MODE_CBC" is deprecated since PHP 7.1 and removed since PHP 7.2
 25 | ERROR | Extension 'mcrypt' is deprecated since PHP 7.1 and removed since PHP 7.2; Use openssl (preferred) or
    |       | pecl/mcrypt once available instead
 25 | ERROR | Function mcrypt_get_iv_size() is deprecated since PHP 7.1 and removed since PHP 7.2; Use OpenSSL instead
 26 | ERROR | Extension 'mcrypt' is deprecated since PHP 7.1 and removed since PHP 7.2; Use openssl (preferred) or
    |       | pecl/mcrypt once available instead
 26 | ERROR | Function mcrypt_create_iv() is deprecated since PHP 7.1 and removed since PHP 7.2; Use random_bytes() or
    |       | OpenSSL instead
 28 | ERROR | Extension 'mcrypt' is deprecated since PHP 7.1 and removed since PHP 7.2; Use openssl (preferred) or
    |       | pecl/mcrypt once available instead
 28 | ERROR | Function mcrypt_encrypt() is deprecated since PHP 7.1 and removed since PHP 7.2; Use OpenSSL instead
 50 | ERROR | Extension 'mcrypt' is deprecated since PHP 7.1 and removed since PHP 7.2; Use openssl (preferred) or
    |       | pecl/mcrypt once available instead
 50 | ERROR | Function mcrypt_decrypt() is deprecated since PHP 7.1 and removed since PHP 7.2; Use OpenSSL instead
 68 | ERROR | Extension 'mcrypt' is deprecated since PHP 7.1 and removed since PHP 7.2; Use openssl (preferred) or
    |       | pecl/mcrypt once available instead
 68 | ERROR | Function mcrypt_encrypt() is deprecated since PHP 7.1 and removed since PHP 7.2; Use OpenSSL instead
----------------------------------------------------------------------------------------------------------------------
Options

It looks like Lockr uses one or more key wrappers with various clients...is LockrAesCbcKeyWrapper always in use, or just in some situations?

What is Lockr's plan for PHP 7.2?

Thanks!

Comments

bwood created an issue. See original summary.

Cellar Door’s picture

Hi bwood!

Yes there's mcrypt in the library for backwards compatibility as it was what we originally used when the module/library first launched. We've since moved to openssl + HMAC but that's still there for keys that were set before that change.

I can look back in the logs to see when that change was made but it's been a while. We'll also be rolling out an upgraded use of openssl prior to 7.1 stopping active support.

Any keys set using the openssl library won't need to be updated though and will continue to work fine in 7.2. We operate our internal testing for Lockr on 7.2 without any issue.

I'll update here when the update is pushed for legacy keys.

bwood’s picture

Hi Chris,

Thanks for the quick reply.

My concern is that these errors will be written to Drupal's logs when the Lockr code runs on these sites. I'd like to avoid seeing these errors in the logs for every site. Other modules that need deprecated code for backwards compatibility use a pattern like this

if (version_compare(PHP_VERSION, '5.3.0') >= 0) {
        $string = preg_replace_callback(
          "/\\\([0-9A-Fa-f]{2})/",
          function ($m){
            return chr(hexdec($m[1]));
          },
          $string);
      }
else {
        $string = preg_replace("/\\\([0-9A-Fa-f]{2})/e", "''.chr(hexdec('\\1')).''", $string);
}

to prevent the code from ever running when a modern PHP version is in use. I don't see this pattern in the Lockr code, but you may be mitigating this in a different way...? Can you confirm that the mcrypt code will never be run when using PHP 7.2 and errors will not be thrown?

Thanks again!

Cellar Door’s picture

It has to be a bit more complex than that since we need to provide an update pathway for the mcrypt values to update to openssl. We'll be bracketing the code in the version check so it won't throw an error but we'll also be doing an upgrade pathway that'll allow someone to migrate the keys from mcrypt to openssl (if they have any) so they can use 7.2 without any interruption.

All of this should be out well within time of the 1st to allow for migration to occur.

RajeevChoudhary’s picture

Hi Guys,

Can you try on load PHP 7.2 as mentioned below.

https://gist.github.com/arzzen/1209aa4a430bd95db3090a3399e6c35f

and share your experience with me.

Thanks
Rajeev Kr Choudhary

tynor’s picture

Status: Active » Fixed

I believe this transition has already happened and we shouldn't have any more clients looking to upgrade to 7.2 and are using mcrypt.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.