View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0032900 | mantisbt | security | public | 2023-09-03 10:04 | 2023-10-31 16:32 |
Reporter | atrol | Assigned To | atrol | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Target Version | 2.26.0 | Fixed in Version | 2.26.0 | ||
Summary | 0032900: Use PHP random_bytes() instead of our custom crypto_generate_random_string function | ||||
Description | Starting with version 2.26.0 our minimum PHP version bill be 7.2.5, see 0027840 Function mcrypt_create_iv is not available in this PHP version, as it was deprecated in PHP 7.1.0, and removed in PHP 7.2.0 | ||||
Tags | No tags attached. | ||||
As mentioned in my PR review, a bigger refactoring is needed here, as crypto_api has been made nearly obsolete with the introduction of the random_bytes() function in PHP 7. |
|
Changed the Summary to reflect the fact that we're no longer just targeting removal of mcrypt_create_iv(), but doing the more in-depth refactoring I mentioned in 0032900:0068063, i.e. fully replacing our custom random data generating code in crypto_api.php by PHP's standard random_bytes() function. Also changing the category to security, as this more closely reflects what this change is really about. |
|
MantisBT: master 0d4dc09e 2023-09-05 14:34 Details Diff |
Use random_bytes() to get cryptographically secure random bytes Fixes 0032900 |
Affected Issues 0032900 |
|
mod - admin/install.php | Diff File | ||
mod - core/crypto_api.php | Diff File | ||
mod - core/file_api.php | Diff File | ||
MantisBT: master d9c8e1df 2023-09-05 14:45 Details Diff |
Deprecate crypto_generate_random_string() and crypto_generate_strong_random_string() Issue 0032900 |
Affected Issues 0032900 |
|
mod - core/crypto_api.php | Diff File | ||
MantisBT: master 9618371a 2023-09-05 15:05 Details Diff |
Remove unused constant and language strings Issue 0032900 |
Affected Issues 0032900 |
|
mod - core/constant_inc.php | Diff File | ||
mod - lang/strings_arabic.txt | Diff File | ||
mod - lang/strings_belarusian_tarask.txt | Diff File | ||
mod - lang/strings_breton.txt | Diff File | ||
mod - lang/strings_bulgarian.txt | Diff File | ||
mod - lang/strings_chinese_simplified.txt | Diff File | ||
mod - lang/strings_chinese_traditional.txt | Diff File | ||
mod - lang/strings_czech.txt | Diff File | ||
mod - lang/strings_danish.txt | Diff File | ||
mod - lang/strings_dutch.txt | Diff File | ||
mod - lang/strings_english.txt | Diff File | ||
mod - lang/strings_french.txt | Diff File | ||
mod - lang/strings_galician.txt | Diff File | ||
mod - lang/strings_german.txt | Diff File | ||
mod - lang/strings_hebrew.txt | Diff File | ||
mod - lang/strings_hungarian.txt | Diff File | ||
mod - lang/strings_interlingua.txt | Diff File | ||
mod - lang/strings_italian.txt | Diff File | ||
mod - lang/strings_japanese.txt | Diff File | ||
mod - lang/strings_lithuanian.txt | Diff File | ||
mod - lang/strings_macedonian.txt | Diff File | ||
mod - lang/strings_norwegian_bokmal.txt | Diff File | ||
mod - lang/strings_polish.txt | Diff File | ||
mod - lang/strings_portuguese_brazil.txt | Diff File | ||
mod - lang/strings_portuguese_standard.txt | Diff File | ||
mod - lang/strings_russian.txt | Diff File | ||
mod - lang/strings_slovak.txt | Diff File | ||
mod - lang/strings_spanish.txt | Diff File | ||
mod - lang/strings_swedish.txt | Diff File | ||
mod - lang/strings_swissgerman.txt | Diff File | ||
mod - lang/strings_turkish.txt | Diff File | ||
mod - lang/strings_ukrainian.txt | Diff File | ||
MantisBT: master b5858e3f 2023-09-09 10:36 Details Diff |
Remove references to utility_api.php Issue 0032900 |
Affected Issues 0032900 |
|
mod - core/crypto_api.php | Diff File |