Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[mms] Fix regression in removing CBC cipher mode when encrypting data…
… within a session (Bug #13869).
- Loading branch information
Showing
5 changed files
with
97 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
<?php | ||
/** | ||
* @todo Replace Horde_Core_Factory_Secret with this class. | ||
* | ||
* @category Horde | ||
* @package Core | ||
*/ | ||
class Horde_Core_Factory_Secret_Cbc extends Horde_Core_Factory_Injector | ||
{ | ||
public function create(Horde_Injector $injector) | ||
{ | ||
global $conf; | ||
|
||
return new Horde_Core_Secret_Cbc(array( | ||
'cookie_domain' => $conf['cookie']['domain'], | ||
'cookie_path' => $conf['cookie']['path'], | ||
'cookie_ssl' => $conf['use_ssl'] == 1, | ||
'iv' => $conf['secret_key'], | ||
'session_name' => $conf['session']['name'] | ||
)); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
<?php | ||
/** | ||
* Copyright 2015 Horde LLC (http://www.horde.org/) | ||
* | ||
* See the enclosed file COPYING for license information (LGPL). If you | ||
* did not receive this file, see http://www.horde.org/licenses/lgpl21. | ||
* | ||
* @category Horde | ||
* @copyright 2015 Horde LLC | ||
* @license http://www.horde.org/licenses/lgpl21 LGPL | ||
* @package Core | ||
*/ | ||
|
||
/** | ||
* Horde_Secret, using single session key, with CBC based Blowfish encryption. | ||
* | ||
* This is much more secure than the default Horde_Secret algorithm. It should | ||
* be used for all Horde_Secret/session encryption, but for BC purposes it | ||
* needs to live in a separate class for now. | ||
* | ||
* Uses the additional parameter 'iv' - the IV used to seed the CBC cipher. | ||
* | ||
* @todo Merge this class with Horde_Core_Secret. | ||
* | ||
* @author Michael Slusarz <slusarz@horde.org> | ||
* @category Horde | ||
* @copyright 2015 Horde LLC | ||
* @license http://www.horde.org/licenses/lgpl21 LGPL | ||
* @package Core | ||
* @since 2.20.0 | ||
*/ | ||
class Horde_Core_Secret_Cbc extends Horde_Core_Secret | ||
{ | ||
/** | ||
*/ | ||
protected function _getCipherOb($key) | ||
{ | ||
global $conf; | ||
|
||
if (!isset($this->_cipherCache[self::HORDE_KEYNAME])) { | ||
/* Use more secure CBC mode (rather than ECB). */ | ||
$this->_cipherCache[self::HORDE_KEYNAME] = new Horde_Crypt_Blowfish( | ||
substr($key, 0, 56), | ||
array( | ||
'cipher' => 'cbc', | ||
'iv' => $this->_params['iv'] | ||
) | ||
); | ||
} | ||
|
||
return $this->_cipherCache[self::HORDE_KEYNAME]; | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters