mcrypt_get_iv_size is deprecated since php 7.1

Question

mcrypt_get_iv_size is deprecated since php 7.1

covovker opened this issue 7 years ago · 8 comments

Subj causes "function is deprecated" message to appear on the screen when encryption is used in php 7.1+.

Answer 1 · 2017-10-27T15:47:52.000Z

The entire ext/mcrypt has been deprecated as of 7.1. For PHP 7.1 you need an entirely different encryption class than currently in the toolkit.

Converting to OpenSSL for 7.1 would be an option, though as of 7.2 you would probably want to use ext/sodium.

Answer 2 · 2017-10-29T14:09:13.000Z

We are aware of this issue, but we can't currently do anything about it as Kirby 2 still supports PHP 5.4+. libsodium would definitely be the way to go, but we can't do this in Kirby 2.

Kirby 3 will drop support for PHP 5, so we will consider this there. Either we will drop support for PHP 7.0 and 7.1 as well (a bit risky as few hosting providers will support 7.2 that soon) or we will implement libsodium with a fallback to OpenSSL in case libsodium is not available.

Answer 3 · 2017-10-29T16:58:42.000Z

You could apply something like this to crypt.php to hide the deprecation messages and keep all other error reporting intact:

diff --git a/lib/crypt.php b/lib/crypt.php
index 9399f7f..cf8cf9a 100644
--- a/lib/crypt.php
+++ b/lib/crypt.php
@@ -46,10 +46,15 @@ class Crypt {
     // check for a valid encryption mode
     if(!in_array($mode, static::$encryption)) throw new Exception('Invalid encryption mode: ' . $mode);

+    // mcrypt is deprecated in 7.1, hide deprecation notices
+    $error_reporting = error_reporting(error_reporting() & ~E_DEPRECATED);
+
     $size   = mcrypt_get_iv_size($mode, MCRYPT_MODE_ECB);
     $iv     = mcrypt_create_iv($size, MCRYPT_RAND);
     $result = mcrypt_encrypt($mode, static::$salt . $key, $text, MCRYPT_MODE_ECB, $iv);

+    error_reporting($error_reporting);
+
     return trim($result);

   }
@@ -75,10 +80,15 @@ class Crypt {
     // check for a valid encryption mode
     if(!in_array($mode, static::$encryption)) throw new Exception('Invalid encryption mode: ' . $mode);

+    // mcrypt is deprecated in 7.1, hide deprecation notices
+    $error_reporting = error_reporting(error_reporting() & ~E_DEPRECATED);
+
     $size   = mcrypt_get_iv_size($mode, MCRYPT_MODE_ECB);
     $iv     = mcrypt_create_iv($size, MCRYPT_RAND);
     $result = mcrypt_decrypt($mode, static::$salt . $key, $text, MCRYPT_MODE_ECB, $iv);

+    error_reporting($error_reporting);
+
     return trim($result);

   }

Answer 4 · 2017-11-15T17:43:14.000Z

Ok, thanks

Answer 5 · 2018-04-13T02:52:34.000Z

which function can i use instead of this?

Answer 6 · 2018-04-13T05:08:42.000Z

That depends on your use-case. What do you want to encrypt and why?

Answer 7 · 2018-04-13T05:51:38.000Z

i use mcrypt to encrypt my password in php7.0,now i want to upgrade php7.2。so i need a function to be compatible

Answer 8 · 2018-04-13T09:26:56.000Z

You should never encrypt passwords. Instead hash them using PHP’s password_hash().