server icon indicating copy to clipboard operation
server copied to clipboard
verified publisher icon nextcloud

introduce wrapped_openssl_seal() and wrapped_openssl_open()

Open weizenspreu opened this issue 3 years ago • 2 comments

This commit introduces wrapped_openssl_seal() and wrapped_openssl_open() with a custom implementation so that RC4 can be supported with OpenSSL v3 without having to reactivate legacy ciphers in the OpenSSL config. The wrapped functions could also be a basis to replace openssl_seal() and openssl_open() with something more modern that maybe uses OAEP padding as well as authenticated encryption.

This commit specifically fixes Nextcloud Server issue https://github.com/nextcloud/server/issues/32003.

weizenspreu avatar Dec 29 '22 15:12 weizenspreu

Thanks for your pull request :+1:

Sounds like a good plan to introduce a fallback when the cipher is not available.

I wonder if we could use some code from https://github.com/nextcloud/3rdparty/blob/master/phpseclib/phpseclib/phpseclib/Crypt/RC4.php?

kesselb avatar Dec 30 '22 12:12 kesselb

I wonder if we could use some code from https://github.com/nextcloud/3rdparty/blob/master/phpseclib/phpseclib/phpseclib/Crypt/RC4.php?

If someone feels like it they are free to rewrite the code to use the phpseclib implementation instead.

weizenspreu avatar Dec 30 '22 15:12 weizenspreu

I would prefer to switch to phpseclib implementation of RC4 to avoid running our own. Also, I would always use the wrapped version of seal and remove the fallback.

I can look into that later this week.

come-nc avatar Jan 02 '23 10:01 come-nc

Does this still make sense after https://github.com/nextcloud/server/pull/36173 ?

solracsf avatar Mar 02 '23 16:03 solracsf

@solracsf No, https://github.com/nextcloud/server/pull/36173 is a modified version of this pull request here.

weizenspreu avatar Mar 03 '23 08:03 weizenspreu