From: Robin Gustafsson Date: Sat, 28 May 2022 20:39:10 +0200 Subject: Handle the case of missing DES-ECB cipher support One feature requires the DES-ECB cipher from the OpenSSL extension, which is nowadays deemed insecure and thus no longer supported. --- lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php | 3 +++ tests/unit/Swift/Transport/Esmtp/Auth/NTLMAuthenticatorTest.php | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php b/lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php index 41931fd..d62639f 100644 --- a/lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php +++ b/lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php @@ -549,6 +549,9 @@ class Swift_Transport_Esmtp_Auth_NTLMAuthenticator implements Swift_Transport_Es */ protected function desEncrypt($value, $key) { + if (!in_array('des-ecb', openssl_get_cipher_methods())) { + throw new LogicException('The OpenSSL extension must provide the DES-ECB cipher to use certain features of the NTLM authenticator.'); + } return substr(openssl_encrypt($value, 'DES-ECB', $key, \OPENSSL_RAW_DATA), 0, 8); } diff --git a/tests/unit/Swift/Transport/Esmtp/Auth/NTLMAuthenticatorTest.php b/tests/unit/Swift/Transport/Esmtp/Auth/NTLMAuthenticatorTest.php index 2337149..96c94d7 100644 --- a/tests/unit/Swift/Transport/Esmtp/Auth/NTLMAuthenticatorTest.php +++ b/tests/unit/Swift/Transport/Esmtp/Auth/NTLMAuthenticatorTest.php @@ -29,6 +29,10 @@ class Swift_Transport_Esmtp_Auth_NTLMAuthenticatorTest extends \SwiftMailerTestC public function testLMv1Generator() { + if (!in_array('des-ecb', openssl_get_cipher_methods())) { + $this->markTestSkipped('Need OpenSSL extension with the DES-ECB cipher to run this test.'); + } + $password = 'test1234'; $challenge = 'b019d38bad875c9d'; $lmv1 = '1879f60127f8a877022132ec221bcbf3ca016a9f76095606';