From 4fe60a8daba94b6744cbb4d01e3eced418753cdf Mon Sep 17 00:00:00 2001
From: Safwan Khan <safwkhan@ebay.com>
Date: Wed, 30 Sep 2015 10:25:32 -0500
Subject: [PATCH] MAGETWO-42194: Weak encryption key generation/weak fallback -
iSec 08/15
- Fixes based on CR feedback.
---
.../Magento/EncryptionKey/Model/Resource/Key/Change.php | 6 +++---
.../Framework/Config/ConfigOptionsListConstants.php | 5 +++++
lib/internal/Magento/Framework/Math/Random.php | 9 +--------
lib/internal/Magento/Framework/composer.json | 1 +
setup/src/Magento/Setup/Model/ConfigGenerator.php | 7 +------
5 files changed, 11 insertions(+), 17 deletions(-)
diff --git a/app/code/Magento/EncryptionKey/Model/Resource/Key/Change.php b/app/code/Magento/EncryptionKey/Model/Resource/Key/Change.php
index 5ebcea5dbbb..171bf88a2dd 100644
--- a/app/code/Magento/EncryptionKey/Model/Resource/Key/Change.php
+++ b/app/code/Magento/EncryptionKey/Model/Resource/Key/Change.php
@@ -122,9 +122,9 @@ class Change extends \Magento\Framework\Model\Resource\Db\AbstractDb
}
if (null === $key) {
- $key = md5(
- $this->random->getRandomString(\Magento\Setup\Model\ConfigGenerator::STORE_KEY_RANDOM_STRING_SIZE)
- );
+ $key = md5($this->random->getRandomString(
+ \Magento\Framework\Config\ConfigOptionsListConstants::STORE_KEY_RANDOM_STRING_SIZE
+ ));
}
$this->encryptor->setNewKey($key);
diff --git a/lib/internal/Magento/Framework/Config/ConfigOptionsListConstants.php b/lib/internal/Magento/Framework/Config/ConfigOptionsListConstants.php
index 6608cb60426..c49d92ee281 100644
--- a/lib/internal/Magento/Framework/Config/ConfigOptionsListConstants.php
+++ b/lib/internal/Magento/Framework/Config/ConfigOptionsListConstants.php
@@ -96,4 +96,9 @@ class ConfigOptionsListConstants
* Key for modules
*/
const KEY_MODULES = 'modules';
+
+ /**
+ * Size of random string generated for store's encryption key
+ */
+ const STORE_KEY_RANDOM_STRING_SIZE = 32;
}
diff --git a/lib/internal/Magento/Framework/Math/Random.php b/lib/internal/Magento/Framework/Math/Random.php
index 99a94a39554..ca242b5163a 100644
--- a/lib/internal/Magento/Framework/Math/Random.php
+++ b/lib/internal/Magento/Framework/Math/Random.php
@@ -53,11 +53,8 @@ class Random
$str .= $chars[$rand]; // random character in $chars
}
fclose($fp);
- } else {
- throw new \Magento\Framework\Exception\LocalizedException(
- new \Magento\Framework\Phrase("Please make sure you have 'openssl' extension installed")
- );
}
+
return $str;
}
@@ -88,10 +85,6 @@ class Random
$hex = bin2hex($bytes); // hex() doubles the length of the string
$offset = abs(hexdec($hex) % $range); // random integer from 0 to $range
fclose($fp);
- } else {
- throw new \Magento\Framework\Exception\LocalizedException(
- new \Magento\Framework\Phrase("Please make sure you have 'openssl' extension installed")
- );
}
return $min + $offset; // random integer from $min to $max
diff --git a/lib/internal/Magento/Framework/composer.json b/lib/internal/Magento/Framework/composer.json
index 0e4c4462546..bd731fb3e16 100644
--- a/lib/internal/Magento/Framework/composer.json
+++ b/lib/internal/Magento/Framework/composer.json
@@ -17,6 +17,7 @@
"ext-curl": "*",
"ext-iconv": "*",
"ext-gd": "*",
+ "ext-openssl": "*",
"lib-libxml": "*",
"ext-xsl": "*",
"magento/magento-composer-installer": "*"
diff --git a/setup/src/Magento/Setup/Model/ConfigGenerator.php b/setup/src/Magento/Setup/Model/ConfigGenerator.php
index 55182db7723..812cbd1830a 100644
--- a/setup/src/Magento/Setup/Model/ConfigGenerator.php
+++ b/setup/src/Magento/Setup/Model/ConfigGenerator.php
@@ -20,11 +20,6 @@ use Magento\Framework\App\ObjectManagerFactory;
*/
class ConfigGenerator
{
- /**
- * Size of random string generated for store's encryption key
- */
- const STORE_KEY_RANDOM_STRING_SIZE = 32;
-
/**
* Maps configuration parameters to array keys in deployment config file
*
@@ -103,7 +98,7 @@ class ConfigGenerator
if ($currentKey === null) {
$configData->set(
ConfigOptionsListConstants::CONFIG_PATH_CRYPT_KEY,
- md5($this->random->getRandomString(self::STORE_KEY_RANDOM_STRING_SIZE))
+ md5($this->random->getRandomString(ConfigOptionsListConstants::STORE_KEY_RANDOM_STRING_SIZE))
);
}
}
--
GitLab