Support password encryption using openssl extension (#1489989)

11 years ago · 6c1c60f3b9
3 changed files with 26 additions and 5 deletions
--- a/1
+++ b/1
@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================

+- Support password encryption using openssl extension (#1489989)
 - Create/rename groups in UI dialogs (#1489951)
 - Added 'contact_search_name' option to define autocompletion entry format
 - Display quota information for current folder not INBOX only (#1487993)
--- a/4
+++ b/4
@ -15,7 +15,7 @@ REQUIREMENTS
   - PCRE, DOM, JSON, XML, Session, Sockets (required)
   - PHP Data Objects (PDO) with driver for either MySQL, PostgreSQL or SQLite (required)
   - Libiconv, Zip (recommended)
-   - Fileinfo, Mcrypt, mbstring (optional)
+   - OpenSSL, Fileinfo, Mcrypt, mbstring (optional)
 * PEAR packages distributed with Roundcube or external:
   - Mail_Mime 1.8.1 or newer
   - Mail_mimeDecode 1.5.5 or newer
@ -35,7 +35,7 @@ REQUIREMENTS
   - magic_quotes_runtime disabled
   - magic_quotes_sybase disabled
   - register_globals disabled (PHP < 5.4)
-* PHP compiled with OpenSSL to connect to IMAPS and to use the spell checker
+* PHP compiled with OpenSSL to use secure (tls/ssl) connections and to use the spell checker
 * A MySQL (4.0.8 or newer), PostgreSQL, MS SQL Server (2005 or newer) database engine
  or SQLite support in PHP
 * One of the above databases with permission to create tables
--- a/program/lib/Roundcube/rcube.php
+++ b/program/lib/Roundcube/rcube.php
@ -829,7 +829,13 @@ class rcube
         */
        $clear = pack("a*H2", $clear, "80");

-        if (function_exists('mcrypt_module_open') &&
+        if (function_exists('openssl_encrypt')) {
+            $method = 'DES-EDE3-CBC';
+            $opts   = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true;
+            $iv     = $this->create_iv(openssl_cipher_iv_length($method));
+            $cipher = $iv . openssl_encrypt($clear, $method, $ckey, $opts, $iv);
+        }
+        else if (function_exists('mcrypt_module_open') &&
            ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, ""))
        ) {
            $iv = $this->create_iv(mcrypt_enc_get_iv_size($td));
@ -850,7 +856,7 @@ class rcube
                self::raise_error(array(
                    'code' => 500, 'type' => 'php',
                    'file' => __FILE__, 'line' => __LINE__,
-                    'message' => "Could not perform encryption; make sure Mcrypt is installed or lib/des.inc is available"
+                    'message' => "Could not perform encryption; make sure OpenSSL or Mcrypt or lib/des.inc is available"
                    ), true, true);
            }
        }
@ -876,7 +882,21 @@ class rcube

        $cipher = $base64 ? base64_decode($cipher) : $cipher;

-        if (function_exists('mcrypt_module_open') &&
+        if (function_exists('openssl_decrypt')) {
+            $method  = 'DES-EDE3-CBC';
+            $opts    = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true;
+            $iv_size = openssl_cipher_iv_length($method);
+            $iv      = substr($cipher, 0, $iv_size);
+
+            // session corruption? (#1485970)
+            if (strlen($iv) < $iv_size) {
+                return '';
+            }
+
+            $cipher = substr($cipher, $iv_size);
+            $clear  = openssl_decrypt($cipher, $method, $ckey, $opts, $iv);
+        }
+        else if (function_exists('mcrypt_module_open') &&
            ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, ""))
        ) {
            $iv_size = mcrypt_enc_get_iv_size($td);