php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #74375 Allow installation of pecl/mcrypt on PHP 7.1
Submitted: 2017-04-05 15:31 UTC Modified: 2017-04-05 16:23 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: ramsey@php.net Assigned:
Status: Wont fix Package: mcrypt related
PHP Version: 7.1.3 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ramsey@php.net
New email:
PHP Version: OS:

 

 [2017-04-05 15:31 UTC] ramsey@php.net 
Description:
------------
(The "package affected" should be "PECL > mcrypt," but that doesn't exist yet in the dropdown.)

PHP 7.1 generates deprecation warnings for mcrypt functions. I would like to build PHP 7.1 without mcrypt and install the PECL extension to avoid these warnings and prepare for PHP 7.2. However, pecl/mcrypt has a minimum requirement of PHP 7.2.0.

Please change the pecl/mcrypt minimum requirement to 7.1.0 to allow users to migrate to the PECL extension before the release of 7.2.0.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-05 15:38 UTC] nikic@php.net
-Status: Open +Status: Wont fix
 [2017-04-05 15:38 UTC] nikic@php.net 
The mcrypt functions in the PECL extension are also deprecated -- it doesn't matter whether you use the bundled or PECL variant. As such, I'm marking this as won't fix.
 [2017-04-05 16:04 UTC] ramsey@php.net 
Why move them to PECL if they're deprecated?
 [2017-04-05 16:21 UTC] spam2 at rhsoft dot net 
why move them to PECL - because if you ever find data enrcypted with php-mcrypt they are otherwise lost forever?

https://paragonie.com/blog/2015/05/if-you-re-typing-word-mcrypt-into-your-code-you-re-doing-it-wrong

Surprise! MCRYPT_RIJNDAEL_256 doesn't mean AES-256.

All variants of AES use a 128-bit block size with varying key lengths (128, 192, or 256). This means that MCRYPT_RIJNDAEL_128 is the only correct choice if you want AES.
 [2017-04-05 16:23 UTC] requinix@php.net 
It will be removed from the core in 7.2. mcrypt is deprecated because it's dead - the move to PECL is so people can get to it if they still need it.
https://wiki.php.net/rfc/mcrypt-viking-funeral
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Mar 15 13:01:28 2025 UTC