How to use OpenSSL instead of Mcrypt encryption and decryption in PHP?

Recently, I discovered a problem when developing the WeChat public account, that is, PHP7.1 has been deprecated in mcrypt, so I can only find a way to solve this problem. Today I will tell you how I solved it. This problem and solutions.

After the release of php7.1, the new features attracted many PHPers, and everyone was discussing the benefits and conveniences brought by the new features. However, upgrading from php7.0 to php7.1 obsolete (obsolete) an extension that was commonly used in the past (mcrypt extension). The official provided corresponding solution tips, but did not provide more detailed solutions. So here comes the trap:

Today, when I used the WeChat open platform to connect to a content management system, it kept failing when binding the official account.

Reason:

During debugging, it was found that the direct cause was the authorization event filled in the open platform (the authorization event will send an event every ten minutes to update the ticket), that is:

The URL filled in here, debugging found that this URL is correct, WeChat also pushed it every 10 minutes, but the ticket was not received until the end. Looking at the code, it was found that an error was reported when decrypting the data from WeChat:

<?php
  
function aes_decode($message, $encodingaeskey = &#39;&#39;, $appid = &#39;&#39;) {
 $key = base64_decode($encodingaeskey . &#39;=&#39;);
  
 $ciphertext_dec = base64_decode($message);
 $iv = substr($key, 0, 16);
  
 $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, &#39;&#39;, MCRYPT_MODE_CBC, &#39;&#39;);
 mcrypt_generic_init($module, $key, $iv);
 $decrypted = mdecrypt_generic($module, $ciphertext_dec);
 mcrypt_generic_deinit($module);
 mcrypt_module_close($module);
  
 $pad = ord(substr($decrypted, -1));
 if ($pad < 1 || $pad > 32) {
 $pad = 0;
 }

That’s where it is. Since my environment is PHP 7.1, I searched for information and found that PHP 7.1 has abandoned Mcrypt, so mcrypt_* in this code cannot be run.

Solution:

Searching for information found that Mcrypt can be replaced by OpenSSL (provided that the OpenSSL extension has been installed, but it is usually installed by default)

openssl is a powerful toolkit that integrates many cryptographic algorithms and practical tools. We can use the command console tool it provides to generate keys and certificates to encrypt and decrypt files, or we can use the API interface it provides to encrypt the transmitted information in the code.

So the above code can be changed to:

<?php
  
function aes_decode($message, $encodingaeskey = &#39;&#39;, $appid = &#39;&#39;) {
 $key = base64_decode($encodingaeskey . &#39;=&#39;);
  
 $ciphertext_dec = base64_decode($message);
 $iv = substr($key, 0, 16);
  
 /* mcrypt对称解密代码在PHP7.1已经被抛弃了，所以使用下面的openssl来代替
 $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, &#39;&#39;, MCRYPT_MODE_CBC, &#39;&#39;);
 mcrypt_generic_init($module, $key, $iv);
 $decrypted = mdecrypt_generic($module, $ciphertext_dec);
 mcrypt_generic_deinit($module);
 mcrypt_module_close($module);
 */
 $decrypted = openssl_decrypt($ciphertext_dec, &#39;AES-256-CBC&#39;, $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
  
 $pad = ord(substr($decrypted, -1));
 if ($pad < 1 || $pad > 32) {
 $pad = 0;
 }

##Additional:

The above decryption has been modified, then the corresponding Mcrypt encryption also needs to be modified. If it is not changed, it will lead to events such as being unable to publish to the entire network and being unable to push messages.

The encrypted source code is as follows:

<?php
function aes_encode($message, $encodingaeskey = &#39;&#39;, $appid = &#39;&#39;) {
 $key = base64_decode($encodingaeskey . &#39;=&#39;);
 $text = random(16) . pack("N", strlen($message)) . $message . $appid;
 $iv = substr($key, 0, 16);
  
 $block_size = 32;
 $text_length = strlen($text);
 $amount_to_pad = $block_size - ($text_length % $block_size);
 if ($amount_to_pad == 0) {
 $amount_to_pad = $block_size;
 }
 $pad_chr = chr($amount_to_pad);
 $tmp = &#39;&#39;;
 for ($index = 0; $index < $amount_to_pad; $index++) {
 $tmp .= $pad_chr;
 }
 $text = $text . $tmp;
 $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
 $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, &#39;&#39;, MCRYPT_MODE_CBC, &#39;&#39;);
 mcrypt_generic_init($module, $key, $iv);
 $encrypted = mcrypt_generic($module, $text);
 mcrypt_generic_deinit($module);
 mcrypt_module_close($module);
  
 $encrypt_msg = base64_encode($encrypted);
 return $encrypt_msg;
}

The modified code is :

<?php
function aes_encode($message, $encodingaeskey = &#39;&#39;, $appid = &#39;&#39;) {
 $key = base64_decode($encodingaeskey . &#39;=&#39;);
 $text = random(16) . pack("N", strlen($message)) . $message . $appid;
 $iv = substr($key, 0, 16);
  
 $block_size = 32;
 $text_length = strlen($text);
 $amount_to_pad = $block_size - ($text_length % $block_size);
 if ($amount_to_pad == 0) {
 $amount_to_pad = $block_size;
 }
 $pad_chr = chr($amount_to_pad);
 $tmp = &#39;&#39;;
 for ($index = 0; $index < $amount_to_pad; $index++) {
 $tmp .= $pad_chr;
 }
 $text = $text . $tmp;
 /* mcrypt对称加密代码在PHP7.1已经被抛弃了，所以使用下面的openssl来代替
 $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
 $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, &#39;&#39;, MCRYPT_MODE_CBC, &#39;&#39;);
 mcrypt_generic_init($module, $key, $iv);
 $encrypted = mcrypt_generic($module, $text);
 mcrypt_generic_deinit($module);
 mcrypt_module_close($module);
 */
  
 $encrypted = openssl_encrypt($text, &#39;AES-256-CBC&#39;, $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
 $encrypt_msg = base64_encode($encrypted);
 return $encrypt_msg;
}

Special note: For any process involving WeChat development, if you have upgraded to PHP 7.1, it is necessary to check whether Mcrypt symmetric encryption and decryption is used. The demo used in the WeChat development documentation Mcrypt is also used for encryption and decryption, which needs attention.

Summary

Explanation of Ajax asynchronous request technology

What is the common syntax of AJAX

AJAX principles and CORS cross-domain methods

The above is the detailed content of How to use OpenSSL instead of Mcrypt encryption and decryption in PHP?. For more information, please follow other related articles on the PHP Chinese website!