Replaced mcrypt with openssl (#678) (#805)

* Replaced mcrypt with openssl (#678)

* Removed TODO

src/includes/functions.inc.php

@@ -757,7 +757,6 @@ function psm_no_cache() {
  * @return string
  * @author Pavel Laupe Dvorak <pavel@pavel-dvorak.cz>
  */
-// TODO change to working function
 function psm_password_encrypt($key, $password)
 {
 	if (empty($password)) {
@@ -768,21 +767,19 @@ function psm_password_encrypt($key, $password)
 		throw new \InvalidArgumentException('invalid_encryption_key');
 	}
 
-	// TODO rewrite
+	// using open ssl
-	$iv = mcrypt_create_iv(
+	$cipher="AES-256-CBC";
-		mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC),
+	$ivlen = openssl_cipher_iv_length($cipher);
-		MCRYPT_DEV_URANDOM
+	$iv = openssl_random_pseudo_bytes( $ivlen );
-	);
-
 	$encrypted = base64_encode(
-		$iv.
+		$iv .
-		mcrypt_encrypt(
+		openssl_encrypt(
-			MCRYPT_RIJNDAEL_128,
+	  		$password, 
-			hash('sha256', $key, true),
+	  		$cipher, 
-			$password,
+	  		hash('sha256', $key, true), 
-			MCRYPT_MODE_CBC,
+	  		OPENSSL_RAW_DATA,   // OPENSSL_ZERO_PADDING  OPENSSL_RAW_DATA
-			$iv
+	  		$iv
-		)
+		)        
 	);
 
 	return $encrypted;
@@ -806,20 +803,21 @@ function psm_password_decrypt($key, $encryptedString)
 		 throw new \InvalidArgumentException('invalid_encryption_key');
 	}
 
+	// using open ssl
 	$data = base64_decode($encryptedString);
-	$iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
+	$cipher="AES-256-CBC";
-
+	$ivlen = openssl_cipher_iv_length($cipher);
-	$decrypted = rtrim(
+	$iv = substr($data, 0, $ivlen);
-		mcrypt_decrypt(
+	$decrypted = rtrim( 
-			MCRYPT_RIJNDAEL_128,
+		openssl_decrypt(
-			hash('sha256', $key, true),
+			base64_encode(substr($data, $ivlen)), 
-			substr($data, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)),
+			$cipher, 
-			MCRYPT_MODE_CBC,
+			hash('sha256', $key, true), 
-			$iv
+			OPENSSL_ZERO_PADDING,
-		),
+			$iv),
 		"\0"
 	);
-
+	
 	return $decrypted;
 }