OpenSSL 3.0.1+ deprecated some algorithms

This commit is contained in:
terrafrost 2022-12-16 22:16:49 -06:00
parent 1c56e00cf8
commit c99e38b7c9
4 changed files with 24 additions and 0 deletions

View File

@ -515,6 +515,12 @@ class Crypt_Blowfish extends Crypt_Base
function isValidEngine($engine) function isValidEngine($engine)
{ {
if ($engine == CRYPT_ENGINE_OPENSSL) { if ($engine == CRYPT_ENGINE_OPENSSL) {
// quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1
// "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider"
// in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not
if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) {
return false;
}
if (version_compare(PHP_VERSION, '5.3.7') < 0 && $this->key_length != 16) { if (version_compare(PHP_VERSION, '5.3.7') < 0 && $this->key_length != 16) {
return false; return false;
} }

View File

@ -665,6 +665,12 @@ class Crypt_DES extends Crypt_Base
{ {
if ($this->key_length_max == 8) { if ($this->key_length_max == 8) {
if ($engine == CRYPT_ENGINE_OPENSSL) { if ($engine == CRYPT_ENGINE_OPENSSL) {
// quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1
// "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider"
// in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not
if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) {
return false;
}
$this->cipher_name_openssl_ecb = 'des-ecb'; $this->cipher_name_openssl_ecb = 'des-ecb';
$this->cipher_name_openssl = 'des-' . $this->_openssl_translate_mode(); $this->cipher_name_openssl = 'des-' . $this->_openssl_translate_mode();
} }

View File

@ -346,6 +346,12 @@ class Crypt_RC2 extends Crypt_Base
{ {
switch ($engine) { switch ($engine) {
case CRYPT_ENGINE_OPENSSL: case CRYPT_ENGINE_OPENSSL:
// quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1
// "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider"
// in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not
if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) {
return false;
}
if ($this->current_key_length != 128 || strlen($this->orig_key) < 16) { if ($this->current_key_length != 128 || strlen($this->orig_key) < 16) {
return false; return false;
} }

View File

@ -190,6 +190,12 @@ class Crypt_RC4 extends Crypt_Base
function isValidEngine($engine) function isValidEngine($engine)
{ {
if ($engine == CRYPT_ENGINE_OPENSSL) { if ($engine == CRYPT_ENGINE_OPENSSL) {
// quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1
// "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider"
// in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not
if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) {
return false;
}
if (version_compare(PHP_VERSION, '5.3.7') >= 0) { if (version_compare(PHP_VERSION, '5.3.7') >= 0) {
$this->cipher_name_openssl = 'rc4-40'; $this->cipher_name_openssl = 'rc4-40';
} else { } else {