26 |
26 |
* limitations under the License.
|
27 |
27 |
*/
|
28 |
28 |
|
29 |
|
function crypt_data($val, $pass, $opt, $legacy = false) {
|
|
29 |
define('PFS_OPENSSL_DEFAULT_ITERATIONS', '500000');
|
|
30 |
|
|
31 |
function crypt_data($val, $pass, $opt, $legacy = false, $iterations = PFS_OPENSSL_DEFAULT_ITERATIONS) {
|
30 |
32 |
$file = tempnam("/tmp", "php-encrypt");
|
31 |
33 |
/* Ensure the files do not already exist */
|
32 |
34 |
unlink_if_exists($file);
|
... | ... | |
39 |
41 |
* unless we need to read old data encrypted without it. */
|
40 |
42 |
$keyder = ($legacy) ? "" : "-pbkdf2";
|
41 |
43 |
$md = ($legacy) ? "md5" : "sha256";
|
|
44 |
$iter = ($legacy) ? '' : ' -iter ' . escapeshellarg($iterations);
|
42 |
45 |
|
43 |
46 |
$output = "";
|
44 |
47 |
$exitcode = "";
|
45 |
|
exec("/usr/bin/openssl enc {$opt} -aes-256-cbc -in {$file}.dec -out {$file}.enc -pass pass:" . escapeshellarg($pass) . " -salt -md ${md} {$keyder} 2> /dev/null", $output, $exitcode);
|
|
48 |
exec("/usr/bin/openssl enc {$opt} -aes-256-cbc -in {$file}.dec -out {$file}.enc -pass pass:" . escapeshellarg($pass) . " -salt -md ${md} {$keyder} {$iter} 2> /dev/null", $output, $exitcode);
|
46 |
49 |
|
47 |
50 |
if (($exitcode == 0) && file_exists("{$file}.enc") && (filesize("{$file}.enc") > 0)) {
|
48 |
51 |
$result = file_get_contents("{$file}.enc");
|
49 |
|
} elseif ($legacy === false) {
|
|
52 |
} elseif (($opt == "-d") && ($legacy === false) && ($iterations == PFS_OPENSSL_DEFAULT_ITERATIONS)) {
|
|
53 |
/* If it failed with the current default iterations,
|
|
54 |
* next try with previous default number of iterations. */
|
|
55 |
unlink_if_exists($file);
|
|
56 |
unlink_if_exists("{$file}.dec");
|
|
57 |
unlink_if_exists("{$file}.enc");
|
|
58 |
$result = crypt_data($val, $pass, $opt, false, '10000');
|
|
59 |
} elseif (($opt == "-d") && ($legacy === false)) {
|
50 |
60 |
/* Operation failed without new options, try old. */
|
|
61 |
unlink_if_exists($file);
|
|
62 |
unlink_if_exists("{$file}.dec");
|
|
63 |
unlink_if_exists("{$file}.enc");
|
51 |
64 |
$result = crypt_data($val, $pass, $opt, true);
|
52 |
65 |
} else {
|
53 |
66 |
$result = "";
|