-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
introduce wrapped_openssl_seal() and wrapped_openssl_open() #35916
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Psalm found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.
…ent RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
Thanks for your pull request 👍 Sounds like a good plan to introduce a fallback when the cipher is not available. I wonder if we could use some code from https://github.com/nextcloud/3rdparty/blob/master/phpseclib/phpseclib/phpseclib/Crypt/RC4.php? |
If someone feels like it they are free to rewrite the code to use the phpseclib implementation instead. |
I would prefer to switch to phpseclib implementation of RC4 to avoid running our own. I can look into that later this week. |
Does this still make sense after #36173 ? |
This commit introduces
wrapped_openssl_seal()
andwrapped_openssl_open()
with a custom implementation so that RC4 can be supported with OpenSSL v3 without having to reactivate legacy ciphers in the OpenSSL config. The wrapped functions could also be a basis to replaceopenssl_seal()
andopenssl_open()
with something more modern that maybe uses OAEP padding as well as authenticated encryption.This commit specifically fixes Nextcloud Server issue #32003.