Commit b619397b authored by Gold's avatar Gold
Browse files

Bug 1976416: PHP 8 Compatibility: api 

ssl_*() functions:

https://www.php.net/manual/en/function.openssl-seal.php
https://www.php.net/manual/en/function.openssl-open.php

cipher_algo (param 5) is no longer an optional parameter. The default is RC4
but is considered insecure.

Someone that knows more about what is going on here should chip in.  Can we
just switch out the cipher_algo to something more reliable or does this
interact with outside sources that also need to be updated?

Change-Id: I7aa784d3bcf4fba110ab75f082ee74c6ae95eca5
parent 590165d0

htdocs/api/xmlrpc/lib.php

+6 −4
Original line number Diff line number Diff line
@@ -1253,7 +1253,7 @@ function xmlenc_envelope($message, $remote_certificate) { 
    $symmetric_keys = array();



    // passed by ref -> &$encryptedstring &$symmetric_keys

    $bool = openssl_seal($message, $encryptedstring, $symmetric_keys, array($publickey));

    $bool = openssl_seal($message, $encryptedstring, $symmetric_keys, array($publickey), OpenSslRepo::SSL_CYPHER_ALGORITHM);

    $message = base64_encode($encryptedstring);

    $symmetrickey = base64_encode(array_pop($symmetric_keys));

    $zed = 'nothing';
@@ -1357,6 +1357,8 @@ class OpenSslRepo { 


    private $keypair = array();



    const SSL_CYPHER_ALGORITHM = 'RC4';



    /**

     * Sign a message with our private key so that peers can verify that it came

     * from us.
@@ -1388,7 +1390,7 @@ class OpenSslRepo { 
     */

    public function openssl_open($data, $key, $oldkeyok=false) {

        $payload = '';

        $isOpen = openssl_open($data, $payload, $key, $this->keypair['privatekey']);

        $isOpen = openssl_open($data, $payload, $key, $this->keypair['privatekey'], self::SSL_CYPHER_ALGORITHM);



        if (!empty($isOpen)) {

            return $payload;
@@ -1398,7 +1400,7 @@ class OpenSslRepo { 
            foreach($openssl_history as $keyset) {

                if (isset($keyset['keypair_PEM'])) {

                    $keyresource = openssl_pkey_get_private($keyset['keypair_PEM']);

                    $isOpen      = openssl_open($data, $payload, $key, $keyresource);

                    $isOpen      = openssl_open($data, $payload, $key, $keyresource, self::SSL_CYPHER_ALGORITHM);

                    if ($isOpen) {

                        // It's an older code, sir, but it checks out

                        if ($oldkeyok) {