Page MenuHomePhabricator

Remove uses of mcrypt from MediaWiki
Closed, ResolvedPublic

Description

mcrypt has been deprecated in PHP 7.1 and removed in 7.2, therefore it makes sense to stop using it. The only usage left is session encryption.

Event Timeline

MaxSem created this task.Nov 29 2018, 9:41 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 29 2018, 9:41 PM
Reedy moved this task from Backlog to MediaWiki core on the PHP 7.1 support board.
Reedy moved this task from Untriaged to MediaWiki core on the PHP 7.2 support board.

Meh, I thought this was handled already in T143788? :(

Anomie added a subscriber: Anomie.Nov 30 2018, 2:24 PM

The only usage left is session encryption.

More correctly, the only usage is as a fallback for session encryption if you don't have the openssl extension available. It's also guarded by a function_exists check.

Krinkle added a subscriber: Krinkle.May 6 2019, 1:58 PM

@Anomie Is there something here that should prevent WMF from rolling out PHP 7.2 to all users/servers given the current state of MW core, WMF config, and WMF's PHP settings/extensions?

Krinkle moved this task from Untriaged to MediaWiki core on the PHP 7.2 support board.
Anomie added a comment.May 8 2019, 3:51 PM

@Anomie Is there something here that should prevent WMF from rolling out PHP 7.2 to all users/servers given the current state of MW core, WMF config, and WMF's PHP settings/extensions?

No, there is nothing here that should prevent WMF from rolling out PHP 7.2.

The code in question is in MediaWiki\Session\Session::getEncryptionAlgorithm(), ::setSecret(), and ::getSecret(). The latter two depend on the first, and the first should never even reach the mcrypt check since openssl is loaded and has a proper cipher available:

anomie@mwmaint1002:~$ php7.2 -r 'var_dump( function_exists( "openssl_encrypt" ), in_array( "aes-256-ctr", openssl_get_cipher_methods(), true ) );'
bool(true)
bool(true)

As we (are likely to) have decided to drop PHP 7.0 and PHP 7.1 support from MW master, this can be done as part of that clean-up?

MaxSem closed this task as Resolved.Oct 21 2019, 3:03 AM
MaxSem claimed this task.
TheDJ awarded a token.Oct 21 2019, 9:35 AM