diff --git a/CHANGELOG b/CHANGELOG index 25b39784d..4685aafda 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -5,6 +5,7 @@ CHANGELOG Roundcube Webmail - Elastic: Fix position and style of auto-complete dropdown on small screens (#6951) - Redis: Improve error handling and phpredis 5.X support (#6888) - Fix bug where cache keys were not case-sensitive on MySQL/MSSQL (#6942) +- Fix so an error is loogged when encryption fails (#6948) RELEASE 1.4-rc2 --------------- diff --git a/config/defaults.inc.php b/config/defaults.inc.php index d6ffa7716..d40494d0a 100644 --- a/config/defaults.inc.php +++ b/config/defaults.inc.php @@ -517,7 +517,7 @@ $config['x_frame_options'] = 'sameorigin'; // with any configured cipher_method (see below). $config['des_key'] = 'rcmail-!24ByteDESkey*Str'; -// Encryption algorithm. You can use any method supported by openssl. +// Encryption algorithm. You can use any method supported by OpenSSL. // Default is set for backward compatibility to DES-EDE3-CBC, // but you can choose e.g. AES-256-CBC which we consider a better choice. $config['cipher_method'] = 'DES-EDE3-CBC'; diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php index 7e8e6ded1..1c9b65e72 100644 --- a/program/lib/Roundcube/rcube.php +++ b/program/lib/Roundcube/rcube.php @@ -850,7 +850,19 @@ class rcube $method = $this->config->get_crypto_method(); $opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true; $iv = rcube_utils::random_bytes(openssl_cipher_iv_length($method), true); - $cipher = $iv . openssl_encrypt($clear, $method, $ckey, $opts, $iv); + $cipher = openssl_encrypt($clear, $method, $ckey, $opts, $iv); + + if ($cipher === false) { + self::raise_error(array( + 'file' => __FILE__, + 'line' => __LINE__, + 'message' => "Failed to encrypt data with configured cipher method: $method!" + ), true, false); + + return false; + } + + $cipher = $iv . $cipher; return $base64 ? base64_encode($cipher) : $cipher; }