crypt: use the proper OpenSSL version when appropriate

This is not the fix I have been meaning to push, but openssl_encrypt() and openssl_decrypt() are too low level. They do AES-256-CBC, but not key derivation as well as salt and IV handling. Getting this 100% compatible with OpenSSL was the blocker then. Also, experts have said that the cipher should not be used anymore, adding more annoyances as this config output does not have a version information prefix...
2026-03-18 10:35:27 +00:00 · 2015-02-08 20:45:32 +01:00 · 2015-02-08 20:45:32 +01:00 · 639d099341
commit 639d099341
parent 96808b5649
1 changed files with 21 additions and 1 deletions
--- a/src/etc/inc/crypt.inc
+++ b/src/etc/inc/crypt.inc
@ -30,9 +30,29 @@ function _crypt_data($val, $pass, $opt)
 {
 	$result = '';

+	if (file_exists('/usr/local/bin/openssl')) {
+		/* use the ports version */
+		$bin_openssl = '/usr/local/bin/openssl';
+	} elseif (file_exists('/usr/bin/openssl')) {
+		/* use the base version (legacy fallback) */
+		$bin_openssl = '/usr/bin/openssl';
+	} else {
+		/* the infamous "this should never happen" */
+		log_error(_('Could not find an OpenSSL implementation on your system.'));
+		return $result;
+	}
+
 	$file = tempnam('/tmp', 'php-encrypt');
 	file_put_contents("{$file}.dec", $val);
-	exec("/usr/bin/openssl enc {$opt} -aes-256-cbc -in {$file}.dec -out {$file}.enc -k " . escapeshellarg($pass));
+	exec(sprintf(
+		'%s enc %s -aes-256-cbc -in %s.dec -out %s.enc -k %s',
+		$bin_openssl,
+		$opt,
+		$file,
+		$file,
+		escapeshellarg($pass)
+	));
+
 	if (file_exists("{$file}.enc")) {
 		$result = file_get_contents("{$file}.enc");
 	} else {