X Tutup
Skip to content

Commit c99e38b

Browse files
terrafrostterrafrost
committed
OpenSSL 3.0.1+ deprecated some algorithms
1 parent 1c56e00 commit c99e38b

File tree

4 files changed

+24
-0
lines changed

4 files changed

+24
-0
lines changed

phpseclib/Crypt/Blowfish.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -515,6 +515,12 @@ function setKeyLength($length)
515515
function isValidEngine($engine)
516516
{
517517
if ($engine == CRYPT_ENGINE_OPENSSL) {
518+
// quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1
519+
// "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider"
520+
// in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not
521+
if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) {
522+
return false;
523+
}
518524
if (version_compare(PHP_VERSION, '5.3.7') < 0 && $this->key_length != 16) {
519525
return false;
520526
}

phpseclib/Crypt/DES.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -665,6 +665,12 @@ function isValidEngine($engine)
665665
{
666666
if ($this->key_length_max == 8) {
667667
if ($engine == CRYPT_ENGINE_OPENSSL) {
668+
// quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1
669+
// "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider"
670+
// in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not
671+
if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) {
672+
return false;
673+
}
668674
$this->cipher_name_openssl_ecb = 'des-ecb';
669675
$this->cipher_name_openssl = 'des-' . $this->_openssl_translate_mode();
670676
}

phpseclib/Crypt/RC2.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -346,6 +346,12 @@ function isValidEngine($engine)
346346
{
347347
switch ($engine) {
348348
case CRYPT_ENGINE_OPENSSL:
349+
// quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1
350+
// "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider"
351+
// in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not
352+
if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) {
353+
return false;
354+
}
349355
if ($this->current_key_length != 128 || strlen($this->orig_key) < 16) {
350356
return false;
351357
}

phpseclib/Crypt/RC4.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -190,6 +190,12 @@ function Crypt_RC4()
190190
function isValidEngine($engine)
191191
{
192192
if ($engine == CRYPT_ENGINE_OPENSSL) {
193+
// quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1
194+
// "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider"
195+
// in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not
196+
if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) {
197+
return false;
198+
}
193199
if (version_compare(PHP_VERSION, '5.3.7') >= 0) {
194200
$this->cipher_name_openssl = 'rc4-40';
195201
} else {

0 commit comments

Comments
 (0)
X Tutup