1 files changed, 9 insertions, 3 deletions

diff --git a/vendor/phpseclib/phpseclib/phpseclib/Crypt/RC4.php b/vendor/phpseclib/phpseclib/phpseclib/Crypt/RC4.php
index 25e4ff854..2e5c05567 100644
--- a/vendor/phpseclib/phpseclib/phpseclib/Crypt/RC4.php
+++ b/vendor/phpseclib/phpseclib/phpseclib/Crypt/RC4.php
@@ -144,7 +144,13 @@ class RC4 extends Base
      */
     function isValidEngine($engine)
     {
-        if ($engine == Base::ENGINE_OPENSSL) {
+        if ($engine == self::ENGINE_OPENSSL) {
+            // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1
+            // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider"
+            // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not
+            if (defined('OPENSSL_VERSION_TEXT') && version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) {
+                return false;
+            }
             if (version_compare(PHP_VERSION, '5.3.7') >= 0) {
                 $this->cipher_name_openssl = 'rc4-40';
             } else {
@@ -222,7 +228,7 @@ class RC4 extends Base
      */
     function encrypt($plaintext)
     {
-        if ($this->engine != Base::ENGINE_INTERNAL) {
+        if ($this->engine != self::ENGINE_INTERNAL) {
             return parent::encrypt($plaintext);
         }
         return $this->_crypt($plaintext, self::ENCRYPT);
@@ -242,7 +248,7 @@ class RC4 extends Base
      */
     function decrypt($ciphertext)
     {
-        if ($this->engine != Base::ENGINE_INTERNAL) {
+        if ($this->engine != self::ENGINE_INTERNAL) {
             return parent::decrypt($ciphertext);
         }
         return $this->_crypt($ciphertext, self::DECRYPT);