From 6c1c60f3b908aa922a46cbae94a03eb162147b70 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 02 Aug 2014 03:03:29 -0400
Subject: [PATCH] Support password encryption using openssl extension (#1489989)
---
program/lib/Roundcube/rcube.php | 26 +++++++++++++++++++++++---
CHANGELOG | 1 +
INSTALL | 4 ++--
3 files changed, 26 insertions(+), 5 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index a2de91f..f2bbe35 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Support password encryption using openssl extension (#1489989)
- Create/rename groups in UI dialogs (#1489951)
- Added 'contact_search_name' option to define autocompletion entry format
- Display quota information for current folder not INBOX only (#1487993)
diff --git a/INSTALL b/INSTALL
index abb6bbd..9ab7911 100644
--- a/INSTALL
+++ b/INSTALL
@@ -15,7 +15,7 @@
- PCRE, DOM, JSON, XML, Session, Sockets (required)
- PHP Data Objects (PDO) with driver for either MySQL, PostgreSQL or SQLite (required)
- Libiconv, Zip (recommended)
- - Fileinfo, Mcrypt, mbstring (optional)
+ - OpenSSL, Fileinfo, Mcrypt, mbstring (optional)
* PEAR packages distributed with Roundcube or external:
- Mail_Mime 1.8.1 or newer
- Mail_mimeDecode 1.5.5 or newer
@@ -35,7 +35,7 @@
- magic_quotes_runtime disabled
- magic_quotes_sybase disabled
- register_globals disabled (PHP < 5.4)
-* PHP compiled with OpenSSL to connect to IMAPS and to use the spell checker
+* PHP compiled with OpenSSL to use secure (tls/ssl) connections and to use the spell checker
* A MySQL (4.0.8 or newer), PostgreSQL, MS SQL Server (2005 or newer) database engine
or SQLite support in PHP
* One of the above databases with permission to create tables
diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php
index 5f55414..e3e26d8 100644
--- a/program/lib/Roundcube/rcube.php
+++ b/program/lib/Roundcube/rcube.php
@@ -829,7 +829,13 @@
*/
$clear = pack("a*H2", $clear, "80");
- if (function_exists('mcrypt_module_open') &&
+ if (function_exists('openssl_encrypt')) {
+ $method = 'DES-EDE3-CBC';
+ $opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true;
+ $iv = $this->create_iv(openssl_cipher_iv_length($method));
+ $cipher = $iv . openssl_encrypt($clear, $method, $ckey, $opts, $iv);
+ }
+ else if (function_exists('mcrypt_module_open') &&
($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, ""))
) {
$iv = $this->create_iv(mcrypt_enc_get_iv_size($td));
@@ -850,7 +856,7 @@
self::raise_error(array(
'code' => 500, 'type' => 'php',
'file' => __FILE__, 'line' => __LINE__,
- 'message' => "Could not perform encryption; make sure Mcrypt is installed or lib/des.inc is available"
+ 'message' => "Could not perform encryption; make sure OpenSSL or Mcrypt or lib/des.inc is available"
), true, true);
}
}
@@ -876,7 +882,21 @@
$cipher = $base64 ? base64_decode($cipher) : $cipher;
- if (function_exists('mcrypt_module_open') &&
+ if (function_exists('openssl_decrypt')) {
+ $method = 'DES-EDE3-CBC';
+ $opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true;
+ $iv_size = openssl_cipher_iv_length($method);
+ $iv = substr($cipher, 0, $iv_size);
+
+ // session corruption? (#1485970)
+ if (strlen($iv) < $iv_size) {
+ return '';
+ }
+
+ $cipher = substr($cipher, $iv_size);
+ $clear = openssl_decrypt($cipher, $method, $ckey, $opts, $iv);
+ }
+ else if (function_exists('mcrypt_module_open') &&
($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, ""))
) {
$iv_size = mcrypt_enc_get_iv_size($td);
--
Gitblit v1.9.1