use random_compat

.travis.yml

@@ -10,12 +10,6 @@ php:
   - '7.3'
   - '7.4'
 
-# cache vendor dirs
-cache:
-  directories:
-    - vendor
-    - $HOME/.composer/cache
-
 install:
   - travis_retry composer self-update && composer --version
   - travis_retry composer install --no-interaction

composer.json

@@ -23,7 +23,8 @@
     "require": {
         "php": "^5.5 || ^7.0",
         "ext-zlib": "*",
-        "psr/http-message": "^1.0"
+        "psr/http-message": "^1.0",
+        "paragonie/random_compat": ">=1 <9.99"
     },
     "require-dev": {
         "phpunit/phpunit": "^4.8|^5.7",

src/PhpZip/Crypto/TraditionalPkwareEncryptionEngine.php

@@ -6,7 +6,6 @@ use PhpZip\Exception\RuntimeException;
 use PhpZip\Exception\ZipAuthenticationException;
 use PhpZip\Exception\ZipCryptoException;
 use PhpZip\Model\ZipEntry;
-use PhpZip\Util\CryptoUtil;
 use PhpZip\Util\PackUtil;
 
 /**
@@ -430,7 +429,12 @@ class TraditionalPkwareEncryptionEngine implements ZipEncryptionEngine
         $crc = $this->entry->isDataDescriptorRequired() ?
             ($this->entry->getDosTime() & 0x0000ffff) << 16 :
             $this->entry->getCrc();
-        $headerBytes = CryptoUtil::randomBytes(self::STD_DEC_HDR_SIZE);
+
+        try {
+            $headerBytes = random_bytes(self::STD_DEC_HDR_SIZE);
+        } catch (\Exception $e) {
+            throw new \RuntimeException('Oops, our server is bust and cannot generate any random data.', 1, $e);
+        }
 
         // Initialize again since the generated bytes were encrypted.
         $password = $this->entry->getPassword();

src/PhpZip/Crypto/WinZipAesEngine.php

@@ -8,7 +8,6 @@ use PhpZip\Exception\ZipCryptoException;
 use PhpZip\Exception\ZipException;
 use PhpZip\Extra\Fields\WinZipAesEntryExtraField;
 use PhpZip\Model\ZipEntry;
-use PhpZip\Util\CryptoUtil;
 
 /**
  * WinZip Aes Encryption Engine.
@@ -262,7 +261,11 @@ class WinZipAesEngine implements ZipEncryptionEngine
         );
         $keyStrengthBytes = $keyStrengthBits / 8;
 
-        $salt = CryptoUtil::randomBytes($keyStrengthBytes / 2);
+        try {
+            $salt = random_bytes($keyStrengthBytes / 2);
+        } catch (\Exception $e) {
+            throw new \RuntimeException('Oops, our server is bust and cannot generate any random data.', 1, $e);
+        }
 
         $keyParam = hash_pbkdf2(
             'sha1',

src/PhpZip/Util/CryptoUtil.php

@@ -2,10 +2,10 @@
 
 namespace PhpZip\Util;
 
-use PhpZip\Exception\RuntimeException;
-
 /**
  * Crypto Utils.
+ *
+ * @deprecated
  */
 class CryptoUtil
 {
@@ -14,26 +14,14 @@ class CryptoUtil
      *
      * @param int $length
      *
+     * @throws \Exception
+     *
      * @return string
+     *
+     * @deprecated Use random_bytes()
      */
     final public static function randomBytes($length)
     {
-        $length = (int) $length;
-
-        if (\function_exists('random_bytes')) {
-            try {
-                return random_bytes($length);
-            } catch (\Exception $e) {
-                throw new \RuntimeException('Could not generate a random string.');
-            }
-        } elseif (\function_exists('openssl_random_pseudo_bytes')) {
-            /** @noinspection PhpComposerExtensionStubsInspection */
-            return openssl_random_pseudo_bytes($length);
-        } elseif (\function_exists('mcrypt_create_iv')) {
-            /** @noinspection PhpComposerExtensionStubsInspection */
-            return mcrypt_create_iv($length);
-        } else {
-            throw new RuntimeException('Extension openssl or mcrypt not loaded');
-        }
+        return random_bytes($length);
     }
 }

tests/PhpZip/Issue24Test.php

@@ -3,7 +3,6 @@
 namespace PhpZip;
 
 use PhpZip\Exception\ZipException;
-use PhpZip\Util\CryptoUtil;
 
 /**
  * @internal
@@ -22,10 +21,11 @@ class Issue24Test extends ZipTestCase
 
     /**
      * @throws ZipException
+     * @throws \Exception
      */
     public function testDummyFS()
     {
-        $fileContents = str_repeat(base64_encode(CryptoUtil::randomBytes(12000)), 100);
+        $fileContents = str_repeat(base64_encode(random_bytes(12000)), 100);
 
         // create zip file
         $zip = new ZipFile();

tests/PhpZip/ZipAlignTest.php

@@ -3,7 +3,6 @@
 namespace PhpZip;
 
 use PhpZip\Exception\ZipException;
-use PhpZip\Util\CryptoUtil;
 
 /**
  * Test ZipAlign.
@@ -53,7 +52,7 @@ class ZipAlignTest extends ZipTestCase
         for ($i = 0; $i < 100; $i++) {
             $zipFile->addFromString(
                 'entry' . $i . '.txt',
-                CryptoUtil::randomBytes(mt_rand(100, 4096)),
+                random_bytes(mt_rand(100, 4096)),
                 ZipFile::METHOD_STORED
             );
         }
@@ -87,6 +86,7 @@ class ZipAlignTest extends ZipTestCase
 
     /**
      * @throws ZipException
+     * @throws \Exception
      */
     public function testZipAlignNewFiles()
     {
@@ -94,7 +94,7 @@ class ZipAlignTest extends ZipTestCase
         for ($i = 0; $i < 100; $i++) {
             $zipFile->addFromString(
                 'entry' . $i . '.txt',
-                CryptoUtil::randomBytes(mt_rand(100, 4096)),
+                random_bytes(mt_rand(100, 4096)),
                 ZipFile::METHOD_STORED
             );
         }
@@ -115,6 +115,7 @@ class ZipAlignTest extends ZipTestCase
 
     /**
      * @throws ZipException
+     * @throws \Exception
      */
     public function testZipAlignFromModifiedZipArchive()
     {
@@ -122,7 +123,7 @@ class ZipAlignTest extends ZipTestCase
         for ($i = 0; $i < 100; $i++) {
             $zipFile->addFromString(
                 'entry' . $i . '.txt',
-                CryptoUtil::randomBytes(mt_rand(100, 4096)),
+                random_bytes(mt_rand(100, 4096)),
                 ZipFile::METHOD_STORED
             );
         }
@@ -147,7 +148,7 @@ class ZipAlignTest extends ZipTestCase
 
             $zipFile->addFromString(
                 'entry_new_' . ($isStored ? 'stored' : 'deflated') . '_' . $i . '.txt',
-                CryptoUtil::randomBytes(mt_rand(100, 4096)),
+                random_bytes(mt_rand(100, 4096)),
                 $isStored ?
                     ZipFile::METHOD_STORED :
                     ZipFile::METHOD_DEFLATED

tests/PhpZip/ZipFileTest.php

@@ -8,7 +8,6 @@ use PhpZip\Exception\ZipException;
 use PhpZip\Exception\ZipUnsupportMethodException;
 use PhpZip\Model\ZipEntry;
 use PhpZip\Model\ZipInfo;
-use PhpZip\Util\CryptoUtil;
 use PhpZip\Util\FilesUtil;
 use Psr\Http\Message\ResponseInterface;
 use Zend\Diactoros\Response;
@@ -68,6 +67,7 @@ class ZipFileTest extends ZipTestCase
 
     /**
      * @throws ZipException
+     * @throws \Exception
      */
     public function testOpenFileInvalidZip()
     {
@@ -76,7 +76,7 @@ class ZipFileTest extends ZipTestCase
             'Expected Local File Header or (ZIP64) End Of Central Directory Record'
         );
 
-        static::assertNotFalse(file_put_contents($this->outputFilename, CryptoUtil::randomBytes(255)));
+        static::assertNotFalse(file_put_contents($this->outputFilename, random_bytes(255)));
         $zipFile = new ZipFile();
         $zipFile->openFile($this->outputFilename);
     }
@@ -105,6 +105,7 @@ class ZipFileTest extends ZipTestCase
 
     /**
      * @throws ZipException
+     * @throws \Exception
      */
     public function testOpenFromStringInvalidZip()
     {
@@ -114,7 +115,7 @@ class ZipFileTest extends ZipTestCase
         );
 
         $zipFile = new ZipFile();
-        $zipFile->openFromString(CryptoUtil::randomBytes(255));
+        $zipFile->openFromString(random_bytes(255));
     }
 
     /**
@@ -224,6 +225,7 @@ class ZipFileTest extends ZipTestCase
 
     /**
      * @throws ZipException
+     * @throws \Exception
      */
     public function testOpenFromStreamInvalidZip()
     {
@@ -233,7 +235,7 @@ class ZipFileTest extends ZipTestCase
         );
 
         $fp = fopen($this->outputFilename, 'w+b');
-        fwrite($fp, CryptoUtil::randomBytes(255));
+        fwrite($fp, random_bytes(255));
         $zipFile = new ZipFile();
         $zipFile->openFromStream($fp);
     }
@@ -800,32 +802,33 @@ class ZipFileTest extends ZipTestCase
      * Test zip entry comment.
      *
      * @throws ZipException
+     * @throws \Exception
      */
     public function testEntryComment()
     {
         $entries = [
             '文件1.txt' => [
-                'data' => CryptoUtil::randomBytes(255),
+                'data' => random_bytes(255),
                 'comment' => '這是註釋的條目。',
             ],
             'file2.txt' => [
-                'data' => CryptoUtil::randomBytes(255),
+                'data' => random_bytes(255),
                 'comment' => null,
             ],
             'file3.txt' => [
-                'data' => CryptoUtil::randomBytes(255),
-                'comment' => CryptoUtil::randomBytes(255),
+                'data' => random_bytes(255),
+                'comment' => random_bytes(255),
             ],
             'file4.txt' => [
-                'data' => CryptoUtil::randomBytes(255),
+                'data' => random_bytes(255),
                 'comment' => 'Комментарий файла',
             ],
             'file5.txt' => [
-                'data' => CryptoUtil::randomBytes(255),
+                'data' => random_bytes(255),
                 'comment' => 'ไฟล์แสดงความคิดเห็น',
             ],
             'file6 emoji 🙍🏼.txt' => [
-                'data' => CryptoUtil::randomBytes(255),
+                'data' => random_bytes(255),
                 'comment' => 'Emoji comment file - 😀 ⛈ ❤️ 🤴🏽',
             ],
         ];
@@ -903,17 +906,18 @@ class ZipFileTest extends ZipTestCase
      * Test all available support compression methods.
      *
      * @throws ZipException
+     * @throws \Exception
      */
     public function testCompressionMethod()
     {
         $entries = [
             '1' => [
-                'data' => CryptoUtil::randomBytes(255),
+                'data' => random_bytes(255),
                 'method' => ZipFile::METHOD_STORED,
                 'expected' => 'No compression',
             ],
             '2' => [
-                'data' => CryptoUtil::randomBytes(255),
+                'data' => random_bytes(255),
                 'method' => ZipFile::METHOD_DEFLATED,
                 'expected' => 'Deflate',
             ],
@@ -921,7 +925,7 @@ class ZipFileTest extends ZipTestCase
 
         if (\extension_loaded('bz2')) {
             $entries['3'] = [
-                'data' => CryptoUtil::randomBytes(255),
+                'data' => random_bytes(255),
                 'method' => ZipFile::METHOD_BZIP2,
                 'expected' => 'Bzip2',
             ];
@@ -976,13 +980,14 @@ class ZipFileTest extends ZipTestCase
      * Test extract all files.
      *
      * @throws ZipException
+     * @throws \Exception
      */
     public function testExtract()
     {
         $entries = [
-            'test1.txt' => CryptoUtil::randomBytes(255),
-            'test2.txt' => CryptoUtil::randomBytes(255),
-            'test/test 2/test3.txt' => CryptoUtil::randomBytes(255),
+            'test1.txt' => random_bytes(255),
+            'test2.txt' => random_bytes(255),
+            'test/test 2/test3.txt' => random_bytes(255),
             'test empty/dir' => null,
         ];
 
@@ -1022,17 +1027,18 @@ class ZipFileTest extends ZipTestCase
      * Test extract some files.
      *
      * @throws ZipException
+     * @throws \Exception
      */
     public function testExtractSomeFiles()
     {
         $entries = [
-            'test1.txt' => CryptoUtil::randomBytes(255),
-            'test2.txt' => CryptoUtil::randomBytes(255),
-            'test3.txt' => CryptoUtil::randomBytes(255),
-            'test4.txt' => CryptoUtil::randomBytes(255),
-            'test5.txt' => CryptoUtil::randomBytes(255),
-            'test/test/test.txt' => CryptoUtil::randomBytes(255),
-            'test/test/test 2.txt' => CryptoUtil::randomBytes(255),
+            'test1.txt' => random_bytes(255),
+            'test2.txt' => random_bytes(255),
+            'test3.txt' => random_bytes(255),
+            'test4.txt' => random_bytes(255),
+            'test5.txt' => random_bytes(255),
+            'test/test/test.txt' => random_bytes(255),
+            'test/test/test 2.txt' => random_bytes(255),
             'test empty/dir/' => null,
             'test empty/dir2/' => null,
         ];
@@ -1684,13 +1690,14 @@ class ZipFileTest extends ZipTestCase
      * Test `ZipFile` implemented \ArrayAccess, \Countable and |iterator.
      *
      * @throws ZipException
+     * @throws \Exception
      */
     public function testZipFileArrayAccessAndCountableAndIterator()
     {
         $files = [];
         $numFiles = mt_rand(20, 100);
         for ($i = 0; $i < $numFiles; $i++) {
-            $files['file' . $i . '.txt'] = CryptoUtil::randomBytes(255);
+            $files['file' . $i . '.txt'] = random_bytes(255);
         }
 
         $methods = [ZipFile::METHOD_STORED, ZipFile::METHOD_DEFLATED];
@@ -1799,13 +1806,14 @@ class ZipFileTest extends ZipTestCase
     /**
      * @throws Exception\ZipEntryNotFoundException
      * @throws ZipException
+     * @throws \Exception
      */
     public function testUnknownCompressionMethod()
     {
         $zipFile = new ZipFile();
 
         $zipFile->addFromString('file', 'content', ZipEntry::UNKNOWN);
-        $zipFile->addFromString('file2', base64_encode(CryptoUtil::randomBytes(512)), ZipEntry::UNKNOWN);
+        $zipFile->addFromString('file2', base64_encode(random_bytes(512)), ZipEntry::UNKNOWN);
 
         static::assertSame($zipFile->getEntryInfo('file')->getMethodName(), 'Unknown');
         static::assertSame($zipFile->getEntryInfo('file2')->getMethodName(), 'Unknown');

tests/PhpZip/ZipMatcherTest.php

@@ -5,7 +5,6 @@ namespace PhpZip;
 use PHPUnit\Framework\TestCase;
 use PhpZip\Model\ZipEntryMatcher;
 use PhpZip\Model\ZipInfo;
-use PhpZip\Util\CryptoUtil;
 
 /**
  * @internal
@@ -73,11 +72,14 @@ class ZipMatcherTest extends TestCase
         $zipFile->close();
     }
 
+    /**
+     * @throws \Exception
+     */
     public function testDocsExample()
     {
         $zipFile = new ZipFile();
         for ($i = 0; $i < 100; $i++) {
-            $zipFile['file_' . $i . '.jpg'] = CryptoUtil::randomBytes(100);
+            $zipFile['file_' . $i . '.jpg'] = random_bytes(100);
         }
 
         $renameEntriesArray = [

tests/PhpZip/ZipPasswordTest.php

@@ -7,7 +7,6 @@ use PhpZip\Exception\ZipAuthenticationException;
 use PhpZip\Exception\ZipEntryNotFoundException;
 use PhpZip\Exception\ZipException;
 use PhpZip\Model\ZipInfo;
-use PhpZip\Util\CryptoUtil;
 
 /**
  * Tests with zip password.
@@ -22,6 +21,7 @@ class ZipPasswordTest extends ZipFileAddDirTest
      * Test archive password.
      *
      * @throws ZipException
+     * @throws \Exception
      * @noinspection PhpRedundantCatchClauseInspection
      */
     public function testSetPassword()
@@ -33,7 +33,7 @@ class ZipPasswordTest extends ZipFileAddDirTest
             );
         }
 
-        $password = base64_encode(CryptoUtil::randomBytes(100));
+        $password = base64_encode(random_bytes(100));
         $badPassword = 'bad password';
 
         // create encryption password with ZipCrypto
@@ -121,6 +121,7 @@ class ZipPasswordTest extends ZipFileAddDirTest
 
     /**
      * @throws ZipException
+     * @throws \Exception
      */
     public function testTraditionalEncryption()
     {
@@ -131,7 +132,7 @@ class ZipPasswordTest extends ZipFileAddDirTest
             );
         }
 
-        $password = base64_encode(CryptoUtil::randomBytes(50));
+        $password = base64_encode(random_bytes(50));
 
         $zip = new ZipFile();
         $zip->addDirRecursive($this->outputDirname);
@@ -161,10 +162,11 @@ class ZipPasswordTest extends ZipFileAddDirTest
      * @param int $bitSize
      *
      * @throws ZipException
+     * @throws \Exception
      */
     public function testWinZipAesEncryption($encryptionMethod, $bitSize)
     {
-        $password = base64_encode(CryptoUtil::randomBytes(50));
+        $password = base64_encode(random_bytes(50));
 
         $zip = new ZipFile();
         $zip->addDirRecursive($this->outputDirname);
@@ -415,11 +417,12 @@ class ZipPasswordTest extends ZipFileAddDirTest
      * @see https://github.com/Ne-Lexa/php-zip/issues/9
      *
      * @throws ZipException
+     * @throws \Exception
      */
     public function testIssues9()
     {
         $contents = str_pad('', 1000, 'test;test2;test3' . \PHP_EOL, \STR_PAD_RIGHT);
-        $password = base64_encode(CryptoUtil::randomBytes(20));
+        $password = base64_encode(random_bytes(20));
 
         $encryptMethod = ZipFile::ENCRYPTION_METHOD_WINZIP_AES_256;
         $zipFile = new ZipFile();

tests/PhpZip/ZipTestCase.php

@@ -63,6 +63,7 @@ abstract class ZipTestCase extends TestCase
                 $command .= ' -P ' . escapeshellarg($password);
             }
             $command .= ' -t ' . escapeshellarg($filename);
+            $command .= ' 2>&1';
             exec($command, $output, $returnCode);
 
             $output = implode(\PHP_EOL, $output);