Support password encryption using openssl extension (#1489989)

CHANGELOG

@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Support password encryption using openssl extension (#1489989)
 - Create/rename groups in UI dialogs (#1489951)
 - Added 'contact_search_name' option to define autocompletion entry format
 - Display quota information for current folder not INBOX only (#1487993)

INSTALL

@@ -15,7 +15,7 @@ REQUIREMENTS
    - PCRE, DOM, JSON, XML, Session, Sockets (required)
    - PHP Data Objects (PDO) with driver for either MySQL, PostgreSQL or SQLite (required)
    - Libiconv, Zip (recommended)
-   - Fileinfo, Mcrypt, mbstring (optional)
+   - OpenSSL, Fileinfo, Mcrypt, mbstring (optional)
 * PEAR packages distributed with Roundcube or external:
    - Mail_Mime 1.8.1 or newer
    - Mail_mimeDecode 1.5.5 or newer
@@ -35,7 +35,7 @@ REQUIREMENTS
    - magic_quotes_runtime disabled
    - magic_quotes_sybase disabled
    - register_globals disabled (PHP < 5.4)
-* PHP compiled with OpenSSL to connect to IMAPS and to use the spell checker
+* PHP compiled with OpenSSL to use secure (tls/ssl) connections and to use the spell checker
 * A MySQL (4.0.8 or newer), PostgreSQL, MS SQL Server (2005 or newer) database engine
   or SQLite support in PHP
 * One of the above databases with permission to create tables

program/lib/Roundcube/rcube.php

@@ -829,7 +829,13 @@ class rcube
          */
         $clear = pack("a*H2", $clear, "80");
 
-        if (function_exists('mcrypt_module_open') &&
+        if (function_exists('openssl_encrypt')) {
+            $method = 'DES-EDE3-CBC';
+            $opts   = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true;
+            $iv     = $this->create_iv(openssl_cipher_iv_length($method));
+            $cipher = $iv . openssl_encrypt($clear, $method, $ckey, $opts, $iv);
+        }
+        else if (function_exists('mcrypt_module_open') &&
             ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, ""))
         ) {
             $iv = $this->create_iv(mcrypt_enc_get_iv_size($td));
@@ -850,7 +856,7 @@ class rcube
                 self::raise_error(array(
                     'code' => 500, 'type' => 'php',
                     'file' => __FILE__, 'line' => __LINE__,
-                    'message' => "Could not perform encryption; make sure Mcrypt is installed or lib/des.inc is available"
+                    'message' => "Could not perform encryption; make sure OpenSSL or Mcrypt or lib/des.inc is available"
                     ), true, true);
             }
         }
@@ -876,7 +882,21 @@ class rcube
 
         $cipher = $base64 ? base64_decode($cipher) : $cipher;
 
-        if (function_exists('mcrypt_module_open') &&
+        if (function_exists('openssl_decrypt')) {
+            $method  = 'DES-EDE3-CBC';
+            $opts    = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true;
+            $iv_size = openssl_cipher_iv_length($method);
+            $iv      = substr($cipher, 0, $iv_size);
+
+            // session corruption? (#1485970)
+            if (strlen($iv) < $iv_size) {
+                return '';
+            }
+
+            $cipher = substr($cipher, $iv_size);
+            $clear  = openssl_decrypt($cipher, $method, $ckey, $opts, $iv);
+        }
+        else if (function_exists('mcrypt_module_open') &&
             ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, ""))
         ) {
             $iv_size = mcrypt_enc_get_iv_size($td);