Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Load the legacy providers from OpenSSL 3 #9290

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Load the legacy providers from OpenSSL 3 #9290

wants to merge 3 commits into from

Commits on Nov 2, 2022

  1. Commit 3 

    Differential Revision: D40942193

fbshipit-source-id: 3b58a588ad34cda7831feed4d62321ce2411e66b
    @Atry @facebook-github-bot
    Atry authored and facebook-github-bot committed Nov 2, 2022
    Configuration menu
    Copy the full SHA
    47e4822 View commit details
    Browse the repository at this point in the history

  2. Extract public key portion via PEM roundtrip (facebook#9282) 

    Summary:
This diff applies the approach similar to php/php-src@26a51e8 in order to fix behavior changes in OpenSSL 3

Pull Request resolved: facebook#9282

Test Plan:
The existing tests should still pass with OpenSSL 1.1
```
"$HHVM_BIN" hphp/test/run.php hphp/test/slow/ext_openssl/ext_openssl.php
```

Differential Revision: D40876120

Pulled By: Atry

fbshipit-source-id: a0d7d9932da78f06b986096f45a03d169331f38c
    @Atry @facebook-github-bot
    Atry authored and facebook-github-bot committed Nov 2, 2022
    Configuration menu
    Copy the full SHA
    e993d4b View commit details
    Browse the repository at this point in the history

  3. Load the legacy providers from OpenSSL 3 

    Summary:
`openssl_seal` is by default using RC4. However RC4 is only available from the legacy providers in OpenSSL 3, which is not loaded by default.

This diff loads the legacy providers so that `openssl_seal` will not fail with default parameters.

See https://www.openssl.org/docs/man3.0/man7/crypto.html#:~:text=md_whirlpool)%3B%0AEVP_MD_free(md_sha256)%3B-,OPENSSL%20PROVIDERS,-OpenSSL%20comes%20with for providers in OpenSSL 3

## Internal:
We should also consider removing the default value `'RC4'` from `openssl_seal` like [what PHP 8.0 did](https://www.php.net/manual/en/function.openssl-seal.php), because RC4 is vulnerable.

Differential Revision: D40942189

fbshipit-source-id: 5669e7ba2caf09b6e2c12b7de709141276308513
    @Atry @facebook-github-bot
    Atry authored and facebook-github-bot committed Nov 2, 2022
    Configuration menu
    Copy the full SHA
    e7b15c6 View commit details
    Browse the repository at this point in the history