introduce wrapped_openssl_seal() and wrapped_openssl_open() #35916
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Psalm found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.
szaimen
requested review from
PVince81,
icewind1991,
juliusknorr and
rullzer
szaimen
added
3. to review
…ent RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
|
Thanks for your pull request 👍 Sounds like a good plan to introduce a fallback when the cipher is not available. I wonder if we could use some code from https://github.com/nextcloud/3rdparty/blob/master/phpseclib/phpseclib/phpseclib/Crypt/RC4.php? |
If someone feels like it they are free to rewrite the code to use the phpseclib implementation instead. |
|
I would prefer to switch to phpseclib implementation of RC4 to avoid running our own. I can look into that later this week. |
|
Does this still make sense after #36173 ? |
This commit introduces
wrapped_openssl_seal()andwrapped_openssl_open()with a custom implementation so that RC4 can be supported with OpenSSL v3 without having to reactivate legacy ciphers in the OpenSSL config. The wrapped functions could also be a basis to replaceopenssl_seal()andopenssl_open()with something more modern that maybe uses OAEP padding as well as authenticated encryption.This commit specifically fixes Nextcloud Server issue #32003.