1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From: Robin Gustafsson <robin@rgson.se>
Date: Sat, 28 May 2022 20:39:10 +0200
Subject: Handle the case of missing DES-ECB cipher support
One feature requires the DES-ECB cipher from the OpenSSL extension,
which is nowadays deemed insecure and thus no longer supported.
---
lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php | 3 +++
tests/unit/Swift/Transport/Esmtp/Auth/NTLMAuthenticatorTest.php | 4 ++++
2 files changed, 7 insertions(+)
diff --git a/lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php b/lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php
index 41931fd..d62639f 100644
--- a/lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php
+++ b/lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php
@@ -549,6 +549,9 @@ class Swift_Transport_Esmtp_Auth_NTLMAuthenticator implements Swift_Transport_Es
*/
protected function desEncrypt($value, $key)
{
+ if (!in_array('des-ecb', openssl_get_cipher_methods())) {
+ throw new LogicException('The OpenSSL extension must provide the DES-ECB cipher to use certain features of the NTLM authenticator.');
+ }
return substr(openssl_encrypt($value, 'DES-ECB', $key, \OPENSSL_RAW_DATA), 0, 8);
}
diff --git a/tests/unit/Swift/Transport/Esmtp/Auth/NTLMAuthenticatorTest.php b/tests/unit/Swift/Transport/Esmtp/Auth/NTLMAuthenticatorTest.php
index 2337149..96c94d7 100644
--- a/tests/unit/Swift/Transport/Esmtp/Auth/NTLMAuthenticatorTest.php
+++ b/tests/unit/Swift/Transport/Esmtp/Auth/NTLMAuthenticatorTest.php
@@ -29,6 +29,10 @@ class Swift_Transport_Esmtp_Auth_NTLMAuthenticatorTest extends \SwiftMailerTestC
public function testLMv1Generator()
{
+ if (!in_array('des-ecb', openssl_get_cipher_methods())) {
+ $this->markTestSkipped('Need OpenSSL extension with the DES-ECB cipher to run this test.');
+ }
+
$password = 'test1234';
$challenge = 'b019d38bad875c9d';
$lmv1 = '1879f60127f8a877022132ec221bcbf3ca016a9f76095606';
|
