From 9a263a500abb6e6eaf482fcb962fcd9d652e076c Mon Sep 17 00:00:00 2001
From: Owen Winkler <epithet@gmail.com>
Date: Mon, 19 Aug 2013 06:36:19 -0400
Subject: [PATCH] Employ config option for OpenSSL config file, if provided.
 This should help make OpenSSL configuration on Windows servers easier by
 allowing the openssl.cnf file to be set directly in the ownCloud config,
 rather than in SetEnv commands that don't exist and are hard to replicate in
 IIS.

---
 apps/files_encryption/lib/crypt.php  |  9 +++++----
 apps/files_encryption/lib/helper.php | 17 +++++++++++++++--
 config/config.sample.php             |  2 +-
 3 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php
index 7eab620baa..c009718160 100755
--- a/apps/files_encryption/lib/crypt.php
+++ b/apps/files_encryption/lib/crypt.php
@@ -52,15 +52,14 @@ class Crypt {
 
 		$return = false;
 
-		$res = \OCA\Encryption\Helper::getOpenSSLPkey();
-		$res = openssl_pkey_new(array('private_key_bits' => 4096));
+		$res = Helper::getOpenSSLPkey();
 
 		if ($res === false) {
 			\OCP\Util::writeLog('Encryption library', 'couldn\'t generate users key-pair for ' . \OCP\User::getUser(), \OCP\Util::ERROR);
 			while ($msg = openssl_error_string()) {
 				\OCP\Util::writeLog('Encryption library', 'openssl_pkey_new() fails:  ' . $msg, \OCP\Util::ERROR);
 			}
-		} elseif (openssl_pkey_export($res, $privateKey)) {
+		} elseif (openssl_pkey_export($res, $privateKey, null, Helper::getOpenSSLConfig())) {
 			// Get public key
 			$keyDetails = openssl_pkey_get_details($res);
 			$publicKey = $keyDetails['key'];
@@ -71,7 +70,9 @@ class Crypt {
 			);
 		} else {
 			\OCP\Util::writeLog('Encryption library', 'couldn\'t export users private key, please check your servers openSSL configuration.' . \OCP\User::getUser(), \OCP\Util::ERROR);
-			\OCP\Util::writeLog('Encryption library', openssl_error_string(), \OCP\Util::ERROR);
+			while($errMsg = openssl_error_string()) {
+				\OCP\Util::writeLog('Encryption library', $errMsg, \OCP\Util::ERROR);
+			}
 		}
 
 		return $return;
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 2cc905c291..10447a07bb 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -280,9 +280,22 @@ class Helper {
 	 * @return resource The pkey resource created
 	 */
 	public static function getOpenSSLPkey() {
+		static $res = null;
+		if (is_null($res)) {
+			$res = openssl_pkey_new(self::getOpenSSLConfig());
+		}
+		return $res;
+	}
+
+	/**
+	 * Return an array of OpenSSL config options, default + config
+	 * Used for multiple OpenSSL functions
+	 * @return array The combined defaults and config settings
+	 */
+	public static function getOpenSSLConfig() {
 		$config = array('private_key_bits' => 4096);
-		$config = array_merge(\OCP\Config::getSystemValue('openssl'), $config);
-		return openssl_pkey_new($config);
+		$config = array_merge(\OCP\Config::getSystemValue('openssl', array()), $config);
+		return $config;
 	}
 
 	/**
diff --git a/config/config.sample.php b/config/config.sample.php
index 6425baf87c..51ef60588d 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -217,6 +217,6 @@ $CONFIG = array(
 
 // Extra SSL options to be used for configuration
 'openssl' => array(
-	//'config' => '/path/to/openssl.cnf',
+	//'config' => '/absolute/location/of/openssl.cnf',
 ),
 );
-- 
GitLab