diff options
| author | Aleksander Machniak <alec@alec.pl> | 2014-08-02 09:03:29 +0200 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2014-08-02 09:03:29 +0200 |
| commit | 6c1c60f3b908aa922a46cbae94a03eb162147b70 (patch) | |
| tree | 8fa421e96ad5b84773d1cf3b334f0be796e9ddd0 | |
| parent | a8f4d847369496981f96825bb7390a44f9428a84 (diff) | |
Support password encryption using openssl extension (#1489989)
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | INSTALL | 4 | ||||
| -rw-r--r-- | program/lib/Roundcube/rcube.php | 26 |
3 files changed, 26 insertions, 5 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Support password encryption using openssl extension (#1489989) - Create/rename groups in UI dialogs (#1489951) - Added 'contact_search_name' option to define autocompletion entry format - Display quota information for current folder not INBOX only (#1487993) @@ -15,7 +15,7 @@ REQUIREMENTS - PCRE, DOM, JSON, XML, Session, Sockets (required) - PHP Data Objects (PDO) with driver for either MySQL, PostgreSQL or SQLite (required) - Libiconv, Zip (recommended) - - Fileinfo, Mcrypt, mbstring (optional) + - OpenSSL, Fileinfo, Mcrypt, mbstring (optional) * PEAR packages distributed with Roundcube or external: - Mail_Mime 1.8.1 or newer - Mail_mimeDecode 1.5.5 or newer @@ -35,7 +35,7 @@ REQUIREMENTS - magic_quotes_runtime disabled - magic_quotes_sybase disabled - register_globals disabled (PHP < 5.4) -* PHP compiled with OpenSSL to connect to IMAPS and to use the spell checker +* PHP compiled with OpenSSL to use secure (tls/ssl) connections and to use the spell checker * A MySQL (4.0.8 or newer), PostgreSQL, MS SQL Server (2005 or newer) database engine or SQLite support in PHP * One of the above databases with permission to create tables diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php index 5f55414e6..e3e26d8b9 100644 --- a/program/lib/Roundcube/rcube.php +++ b/program/lib/Roundcube/rcube.php @@ -829,7 +829,13 @@ class rcube */ $clear = pack("a*H2", $clear, "80"); - if (function_exists('mcrypt_module_open') && + if (function_exists('openssl_encrypt')) { + $method = 'DES-EDE3-CBC'; + $opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true; + $iv = $this->create_iv(openssl_cipher_iv_length($method)); + $cipher = $iv . openssl_encrypt($clear, $method, $ckey, $opts, $iv); + } + else if (function_exists('mcrypt_module_open') && ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, "")) ) { $iv = $this->create_iv(mcrypt_enc_get_iv_size($td)); @@ -850,7 +856,7 @@ class rcube self::raise_error(array( 'code' => 500, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, - 'message' => "Could not perform encryption; make sure Mcrypt is installed or lib/des.inc is available" + 'message' => "Could not perform encryption; make sure OpenSSL or Mcrypt or lib/des.inc is available" ), true, true); } } @@ -876,7 +882,21 @@ class rcube $cipher = $base64 ? base64_decode($cipher) : $cipher; - if (function_exists('mcrypt_module_open') && + if (function_exists('openssl_decrypt')) { + $method = 'DES-EDE3-CBC'; + $opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true; + $iv_size = openssl_cipher_iv_length($method); + $iv = substr($cipher, 0, $iv_size); + + // session corruption? (#1485970) + if (strlen($iv) < $iv_size) { + return ''; + } + + $cipher = substr($cipher, $iv_size); + $clear = openssl_decrypt($cipher, $method, $ckey, $opts, $iv); + } + else if (function_exists('mcrypt_module_open') && ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, "")) ) { $iv_size = mcrypt_enc_get_iv_size($td); |