From 6c1c60f3b908aa922a46cbae94a03eb162147b70 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sat, 2 Aug 2014 09:03:29 +0200 Subject: Support password encryption using openssl extension (#1489989) --- CHANGELOG | 1 + INSTALL | 4 ++-- program/lib/Roundcube/rcube.php | 26 +++++++++++++++++++++++--- 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index a2de91fa6..f2bbe353d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Support password encryption using openssl extension (#1489989) - Create/rename groups in UI dialogs (#1489951) - Added 'contact_search_name' option to define autocompletion entry format - Display quota information for current folder not INBOX only (#1487993) diff --git a/INSTALL b/INSTALL index abb6bbd7d..9ab791112 100644 --- a/INSTALL +++ b/INSTALL @@ -15,7 +15,7 @@ REQUIREMENTS - PCRE, DOM, JSON, XML, Session, Sockets (required) - PHP Data Objects (PDO) with driver for either MySQL, PostgreSQL or SQLite (required) - Libiconv, Zip (recommended) - - Fileinfo, Mcrypt, mbstring (optional) + - OpenSSL, Fileinfo, Mcrypt, mbstring (optional) * PEAR packages distributed with Roundcube or external: - Mail_Mime 1.8.1 or newer - Mail_mimeDecode 1.5.5 or newer @@ -35,7 +35,7 @@ REQUIREMENTS - magic_quotes_runtime disabled - magic_quotes_sybase disabled - register_globals disabled (PHP < 5.4) -* PHP compiled with OpenSSL to connect to IMAPS and to use the spell checker +* PHP compiled with OpenSSL to use secure (tls/ssl) connections and to use the spell checker * A MySQL (4.0.8 or newer), PostgreSQL, MS SQL Server (2005 or newer) database engine or SQLite support in PHP * One of the above databases with permission to create tables diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php index 5f55414e6..e3e26d8b9 100644 --- a/program/lib/Roundcube/rcube.php +++ b/program/lib/Roundcube/rcube.php @@ -829,7 +829,13 @@ class rcube */ $clear = pack("a*H2", $clear, "80"); - if (function_exists('mcrypt_module_open') && + if (function_exists('openssl_encrypt')) { + $method = 'DES-EDE3-CBC'; + $opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true; + $iv = $this->create_iv(openssl_cipher_iv_length($method)); + $cipher = $iv . openssl_encrypt($clear, $method, $ckey, $opts, $iv); + } + else if (function_exists('mcrypt_module_open') && ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, "")) ) { $iv = $this->create_iv(mcrypt_enc_get_iv_size($td)); @@ -850,7 +856,7 @@ class rcube self::raise_error(array( 'code' => 500, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, - 'message' => "Could not perform encryption; make sure Mcrypt is installed or lib/des.inc is available" + 'message' => "Could not perform encryption; make sure OpenSSL or Mcrypt or lib/des.inc is available" ), true, true); } } @@ -876,7 +882,21 @@ class rcube $cipher = $base64 ? base64_decode($cipher) : $cipher; - if (function_exists('mcrypt_module_open') && + if (function_exists('openssl_decrypt')) { + $method = 'DES-EDE3-CBC'; + $opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true; + $iv_size = openssl_cipher_iv_length($method); + $iv = substr($cipher, 0, $iv_size); + + // session corruption? (#1485970) + if (strlen($iv) < $iv_size) { + return ''; + } + + $cipher = substr($cipher, $iv_size); + $clear = openssl_decrypt($cipher, $method, $ckey, $opts, $iv); + } + else if (function_exists('mcrypt_module_open') && ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, "")) ) { $iv_size = mcrypt_enc_get_iv_size($td); -- cgit v1.2.3