diff options
Diffstat (limited to 'program')
-rw-r--r-- | program/include/rcmail.php | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/program/include/rcmail.php b/program/include/rcmail.php index 980379075..808f0db06 100644 --- a/program/include/rcmail.php +++ b/program/include/rcmail.php @@ -1071,7 +1071,7 @@ class rcmail if (function_exists('mcrypt_module_open') && ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, ""))) { - $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); + $iv = $this->create_iv(mcrypt_enc_get_iv_size($td)); mcrypt_generic_init($td, $this->config->get_crypto_key($key), $iv); $cipher = $iv . mcrypt_generic($td, $clear); mcrypt_generic_deinit($td); @@ -1082,9 +1082,7 @@ class rcmail if (function_exists('des')) { $des_iv_size = 8; - $iv = ''; - for ($i = 0; $i < $des_iv_size; $i++) - $iv .= sprintf("%c", mt_rand(0, 255)); + $iv = $this->create_iv($des_iv_size); $cipher = $iv . des($this->config->get_crypto_key($key), $clear, 1, 1, $iv); } else { @@ -1153,6 +1151,22 @@ class rcmail } /** + * Generates encryption initialization vector (IV) + * + * @param int Vector size + * @return string Vector string + */ + private function create_iv($size) + { + // mcrypt_create_iv() can be slow when system lacks entrophy + // we'll generate IV vector manually + $iv = ''; + for ($i = 0; $i < $size; $i++) + $iv .= chr(mt_rand(0, 255)); + return $iv; + } + + /** * Build a valid URL to this instance of RoundCube * * @param mixed Either a string with the action or url parameters as key-value pairs |