diff --git a/phpseclib/Crypt/Blowfish.php b/phpseclib/Crypt/Blowfish.php index c4a4d4cf..0db10148 100644 --- a/phpseclib/Crypt/Blowfish.php +++ b/phpseclib/Crypt/Blowfish.php @@ -375,10 +375,13 @@ class Blowfish extends BlockCipher protected function isValidEngineHelper(int $engine): bool { if ($engine == self::ENGINE_OPENSSL) { - if (version_compare(PHP_VERSION, '5.3.7') < 0 && $this->key_length != 16) { + if ($this->key_length < 16) { return false; } - if ($this->key_length < 16) { + // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 + // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" + // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not + if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { return false; } $this->cipher_name_openssl_ecb = 'bf-ecb'; diff --git a/phpseclib/Crypt/DES.php b/phpseclib/Crypt/DES.php index 7ab02c9a..5f765e30 100644 --- a/phpseclib/Crypt/DES.php +++ b/phpseclib/Crypt/DES.php @@ -578,6 +578,12 @@ class DES extends BlockCipher { if ($this->key_length_max == 8) { if ($engine == self::ENGINE_OPENSSL) { + // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 + // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" + // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not + if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + return false; + } $this->cipher_name_openssl_ecb = 'des-ecb'; $this->cipher_name_openssl = 'des-' . $this->openssl_translate_mode(); } diff --git a/phpseclib/Crypt/RC2.php b/phpseclib/Crypt/RC2.php index ce6306a3..d8b83247 100644 --- a/phpseclib/Crypt/RC2.php +++ b/phpseclib/Crypt/RC2.php @@ -256,6 +256,12 @@ class RC2 extends BlockCipher if ($this->current_key_length != 128 || strlen($this->orig_key) < 16) { return false; } + // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 + // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" + // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not + if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + return false; + } $this->cipher_name_openssl_ecb = 'rc2-ecb'; $this->cipher_name_openssl = 'rc2-' . $this->openssl_translate_mode(); } diff --git a/phpseclib/Crypt/RC4.php b/phpseclib/Crypt/RC4.php index f4a6bd1b..32ee41c9 100644 --- a/phpseclib/Crypt/RC4.php +++ b/phpseclib/Crypt/RC4.php @@ -101,23 +101,13 @@ class RC4 extends StreamCipher if ($this->continuousBuffer) { return false; } - if (version_compare(PHP_VERSION, '5.3.7') >= 0) { - $this->cipher_name_openssl = 'rc4-40'; - } else { - switch (strlen($this->key)) { - case 5: - $this->cipher_name_openssl = 'rc4-40'; - break; - case 8: - $this->cipher_name_openssl = 'rc4-64'; - break; - case 16: - $this->cipher_name_openssl = 'rc4'; - break; - default: - return false; - } + // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 + // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" + // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not + if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + return false; } + $this->cipher_name_openssl = 'rc4-40'; } return parent::isValidEngineHelper($engine);