From 27d77a9c73009c94864214c684faac38278398c2 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Thu, 5 Sep 2024 19:45:31 +0900
Subject: [ruby/openssl] pkcs7: remove default cipher from PKCS7.encrypt

Require that users explicitly specify the desired algorithm. In my
opinion, we are not in a position to specify the default cipher.

When OpenSSL::PKCS7.encrypt is given only two arguments, it uses
"RC2-40-CBC" as the symmetric cipher algorithm. 40-bit RC2 is a US
export-grade cipher and considered insecure.

Although this is technically a breaking change, the impact should be
minimal. Even when OpenSSL is compiled with RC2 support and the macro
OPENSSL_NO_RC2 is not defined, it will not actually work on modern
systems because RC2 is part of the legacy provider.

https://github.com/ruby/openssl/commit/439f456bfa
---
 test/openssl/test_pkcs7.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'test/openssl')

diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb
index c049ed444a..862716b4d8 100644
--- a/test/openssl/test_pkcs7.rb
+++ b/test/openssl/test_pkcs7.rb
@@ -153,6 +153,11 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase
     assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
 
     assert_equal(data, p7.decrypt(@rsa1024))
+
+    # Default cipher has been removed in v3.3
+    assert_raise_with_message(ArgumentError, /RC2-40-CBC/) {
+      OpenSSL::PKCS7.encrypt(certs, data)
+    }
   end
 
   def test_empty_signed_data_ruby_bug_19974
-- 
cgit v1.2.3