Project

General

Profile

Todo #12556 ยป 1cfabed96df952c480c3bb17b93bdf53f0672326.patch

Jim Pingle, 02/28/2022 02:19 PM

View differences:

src/etc/inc/crypt.inc
26 26
 * limitations under the License.
27 27
 */
28 28

  
29
	function crypt_data($val, $pass, $opt, $legacy = false) {
29
define('PFS_OPENSSL_DEFAULT_ITERATIONS', '500000');
30

  
31
	function crypt_data($val, $pass, $opt, $legacy = false, $iterations = PFS_OPENSSL_DEFAULT_ITERATIONS) {
30 32
		$file = tempnam("/tmp", "php-encrypt");
31 33
		/* Ensure the files do not already exist */
32 34
		unlink_if_exists($file);
......
39 41
		 *  unless we need to read old data encrypted without it. */
40 42
		$keyder = ($legacy) ? "" : "-pbkdf2";
41 43
		$md = ($legacy) ? "md5" : "sha256";
44
		$iter = ($legacy) ? '' : ' -iter ' . escapeshellarg($iterations);
42 45

  
43 46
		$output = "";
44 47
		$exitcode = "";
45
		exec("/usr/bin/openssl enc {$opt} -aes-256-cbc -in {$file}.dec -out {$file}.enc -pass pass:" . escapeshellarg($pass) . " -salt -md ${md} {$keyder} 2> /dev/null", $output, $exitcode);
48
		exec("/usr/bin/openssl enc {$opt} -aes-256-cbc -in {$file}.dec -out {$file}.enc -pass pass:" . escapeshellarg($pass) . " -salt -md ${md} {$keyder} {$iter} 2> /dev/null", $output, $exitcode);
46 49

  
47 50
		if (($exitcode == 0) && file_exists("{$file}.enc") && (filesize("{$file}.enc") > 0)) {
48 51
			$result = file_get_contents("{$file}.enc");
52
		} elseif ($iterations == PFS_OPENSSL_DEFAULT_ITERATIONS) {
53
			/* If it failed with the current default iterations,
54
			 * next try with previous default number of iterations. */
55
			$result = crypt_data($val, $pass, $opt, false, '10000');
49 56
		} elseif ($legacy === false) {
50 57
			/* Operation failed without new options, try old. */
51 58
			$result = crypt_data($val, $pass, $opt, true);
    (1-1/1)