diff options
Diffstat (limited to 'vendor/phpseclib/phpseclib/phpseclib/Crypt/RC4.php')
-rw-r--r-- | vendor/phpseclib/phpseclib/phpseclib/Crypt/RC4.php | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/vendor/phpseclib/phpseclib/phpseclib/Crypt/RC4.php b/vendor/phpseclib/phpseclib/phpseclib/Crypt/RC4.php index 25e4ff854..2e5c05567 100644 --- a/vendor/phpseclib/phpseclib/phpseclib/Crypt/RC4.php +++ b/vendor/phpseclib/phpseclib/phpseclib/Crypt/RC4.php @@ -144,7 +144,13 @@ class RC4 extends Base */ function isValidEngine($engine) { - if ($engine == Base::ENGINE_OPENSSL) { + if ($engine == self::ENGINE_OPENSSL) { + // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 + // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" + // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not + if (defined('OPENSSL_VERSION_TEXT') && version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + return false; + } if (version_compare(PHP_VERSION, '5.3.7') >= 0) { $this->cipher_name_openssl = 'rc4-40'; } else { @@ -222,7 +228,7 @@ class RC4 extends Base */ function encrypt($plaintext) { - if ($this->engine != Base::ENGINE_INTERNAL) { + if ($this->engine != self::ENGINE_INTERNAL) { return parent::encrypt($plaintext); } return $this->_crypt($plaintext, self::ENCRYPT); @@ -242,7 +248,7 @@ class RC4 extends Base */ function decrypt($ciphertext) { - if ($this->engine != Base::ENGINE_INTERNAL) { + if ($this->engine != self::ENGINE_INTERNAL) { return parent::decrypt($ciphertext); } return $this->_crypt($ciphertext, self::DECRYPT); |