Skip to content

introduce wrapped_openssl_seal() and wrapped_openssl_open()#35916

Closed
weizenspreu wants to merge 1 commit intonextcloud:masterfrom
weizenspreu:master
Closed

introduce wrapped_openssl_seal() and wrapped_openssl_open()#35916
weizenspreu wants to merge 1 commit intonextcloud:masterfrom
weizenspreu:master

Conversation

@weizenspreu
Copy link
Member

@weizenspreu weizenspreu commented Dec 29, 2022

This commit introduces wrapped_openssl_seal() and wrapped_openssl_open() with a custom implementation so that RC4 can be supported with OpenSSL v3 without having to reactivate legacy ciphers in the OpenSSL config. The wrapped functions could also be a basis to replace openssl_seal() and openssl_open() with something more modern that maybe uses OAEP padding as well as authenticated encryption.

This commit specifically fixes Nextcloud Server issue #32003.

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 29, 2022
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Psalm found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.

@szaimen szaimen added this to the Nextcloud 26 milestone Dec 29, 2022
@weizenspreu weizenspreu mentioned this pull request Dec 29, 2022
Closed
@szaimen szaimen added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Dec 30, 2022
This was referenced Dec 30, 2022
Closed
Closed
@weizenspreu
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circum…
fcd478a 
…ent RC4 problems with OpenSSL v3

Signed-off-by: Kevin Niehage <[email protected]>
@kesselb
Copy link
Contributor

kesselb commented Dec 30, 2022

Thanks for your pull request 👍

Sounds like a good plan to introduce a fallback when the cipher is not available.

I wonder if we could use some code from https://github.com/nextcloud/3rdparty/blob/master/phpseclib/phpseclib/phpseclib/Crypt/RC4.php?

@weizenspreu
Copy link
Member Author

weizenspreu commented Dec 30, 2022

I wonder if we could use some code from https://github.com/nextcloud/3rdparty/blob/master/phpseclib/phpseclib/phpseclib/Crypt/RC4.php?

If someone feels like it they are free to rewrite the code to use the phpseclib implementation instead.

@come-nc
Copy link
Contributor

come-nc commented Jan 2, 2023

I would prefer to switch to phpseclib implementation of RC4 to avoid running our own.
Also, I would always use the wrapped version of seal and remove the fallback.

I can look into that later this week.

@come-nc come-nc mentioned this pull request Jan 16, 2023
Merged
8 tasks
@blizzz blizzz mentioned this pull request Feb 1, 2023
Merged
@skjnldsv skjnldsv mentioned this pull request Feb 23, 2023
Merged
@AkechiShiro AkechiShiro mentioned this pull request Feb 24, 2023
Merged
13 tasks
@solracsf
Copy link
Member

solracsf commented Mar 2, 2023

Does this still make sense after #36173 ?

@weizenspreu
Copy link
Member Author

weizenspreu commented Mar 3, 2023

@solracsf No, #36173 is a modified version of this pull request here.

@weizenspreu weizenspreu closed this Mar 3, 2023
This was referenced Jul 10, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PVince81 PVince81 Awaiting requested review from PVince81

@icewind1991 icewind1991 Awaiting requested review from icewind1991

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

@rullzer rullzer Awaiting requested review from rullzer

Assignees

@come-nc come-nc

Labels

3. to review Waiting for reviews feature: encryption (server-side)

Projects

None yet

Milestone

Nextcloud 26

Development

Successfully merging this pull request may close these issues.

5 participants

@weizenspreu @kesselb @come-nc @solracsf @szaimen