From 7e3cbc94a95a736781bc388504247a0c0c598e33 Mon Sep 17 00:00:00 2001
From: Travis Botello <travisbotello@gmail.com>
Date: Fri, 29 Nov 2019 23:32:09 +0100
Subject: [PATCH] Replaced mcrypt with openssl (#678) (#805)

* Replaced mcrypt with openssl (#678)

* Removed TODO
---
 src/includes/functions.inc.php | 50 ++++++++++++++++------------------
 1 file changed, 24 insertions(+), 26 deletions(-)

diff --git a/src/includes/functions.inc.php b/src/includes/functions.inc.php
index ebadaa30..c4aad069 100644
--- a/src/includes/functions.inc.php
+++ b/src/includes/functions.inc.php
@@ -757,7 +757,6 @@ function psm_no_cache() {
  * @return string
  * @author Pavel Laupe Dvorak <pavel@pavel-dvorak.cz>
  */
-// TODO change to working function
 function psm_password_encrypt($key, $password)
 {
 	if (empty($password)) {
@@ -768,21 +767,19 @@ function psm_password_encrypt($key, $password)
 		throw new \InvalidArgumentException('invalid_encryption_key');
 	}
 
-	// TODO rewrite
-	$iv = mcrypt_create_iv(
-		mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC),
-		MCRYPT_DEV_URANDOM
-	);
-
+	// using open ssl
+	$cipher="AES-256-CBC";
+	$ivlen = openssl_cipher_iv_length($cipher);
+	$iv = openssl_random_pseudo_bytes( $ivlen );
 	$encrypted = base64_encode(
-		$iv.
-		mcrypt_encrypt(
-			MCRYPT_RIJNDAEL_128,
-			hash('sha256', $key, true),
-			$password,
-			MCRYPT_MODE_CBC,
-			$iv
-		)
+		$iv .
+		openssl_encrypt(
+	  		$password, 
+	  		$cipher, 
+	  		hash('sha256', $key, true), 
+	  		OPENSSL_RAW_DATA,   // OPENSSL_ZERO_PADDING  OPENSSL_RAW_DATA
+	  		$iv
+		)        
 	);
 
 	return $encrypted;
@@ -806,20 +803,21 @@ function psm_password_decrypt($key, $encryptedString)
 		 throw new \InvalidArgumentException('invalid_encryption_key');
 	}
 
+	// using open ssl
 	$data = base64_decode($encryptedString);
-	$iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
-
-	$decrypted = rtrim(
-		mcrypt_decrypt(
-			MCRYPT_RIJNDAEL_128,
-			hash('sha256', $key, true),
-			substr($data, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)),
-			MCRYPT_MODE_CBC,
-			$iv
-		),
+	$cipher="AES-256-CBC";
+	$ivlen = openssl_cipher_iv_length($cipher);
+	$iv = substr($data, 0, $ivlen);
+	$decrypted = rtrim( 
+		openssl_decrypt(
+			base64_encode(substr($data, $ivlen)), 
+			$cipher, 
+			hash('sha256', $key, true), 
+			OPENSSL_ZERO_PADDING,
+			$iv),
 		"\0"
 	);
-
+	
 	return $decrypted;
 }