php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41423 PHP assumes wrongly that certain ciphers are enabled in OpenSSL
Submitted: 2007-05-17 21:39 UTC Modified: 2007-05-19 22:06 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mdh at solitox dot net Assigned: pajoye (profile)
Status: Closed Package: Compile Failure
PHP Version: 5.2.2 OS: Linux
Private report: No CVE-ID: None
 [2007-05-17 21:39 UTC] mdh at solitox dot net
Description:
------------
PHP's build assumes that the 3DES, DES, and RC2 ciphers are enabled in OpenSSL.  While they are enabled by default, they may not be enabled on all systems, and DES and RC2 are considered largely deprecated by the majority of the cryptography community.  

This prevents compiling of OpenSSL support against OpenSSL libraries without support for these ciphers.  


Reproduce code:
---------------
        /* sanity check the cipher */
        switch (cipherid) {
                case PHP_OPENSSL_CIPHER_RC2_40:
                        cipher = EVP_rc2_40_cbc();
                        break;
                case PHP_OPENSSL_CIPHER_RC2_64:
                        cipher = EVP_rc2_64_cbc();
                        break;
                case PHP_OPENSSL_CIPHER_RC2_128:
                        cipher = EVP_rc2_cbc();
                        break;
                case PHP_OPENSSL_CIPHER_DES:
                        cipher = EVP_des_cbc();
                        break;
                case PHP_OPENSSL_CIPHER_3DES:
                        cipher = EVP_des_ede3_cbc();
                        break;


Actual result:
--------------
/u/root/build/php-5.2.2/ext/openssl/openssl.c:2932: undefined reference to `EVP_rc2_40_cbc'
ext/openssl/.libs/openssl.o(.text+0x55af):/u/root/build/php-5.2.2/ext/openssl/openssl.c:2938: undefined reference to `EVP_rc2_cbc'
ext/openssl/.libs/openssl.o(.text+0x55b9):/u/root/build/php-5.2.2/ext/openssl/openssl.c:2935: undefined reference to `EVP_rc2_64_cbc'


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-05-17 21:49 UTC] pajoye@php.net
"PHP's build assumes that the 3DES, DES, and RC2 ciphers are enabled in
OpenSSL.  While they are enabled by default, they may not be enabled on
all systems"

That's right, the OPENSSL_NO_* macros should be used.

" and DES and RC2 are considered largely deprecated by the
majority of the cryptography community."

That's sadly not relevant, we do support them as well as openssl. It is up to the users to decide.

Patch on its way.

Thanks for this report!
 [2007-05-19 22:06 UTC] pajoye@php.net
Fixed in 5.2.x and HEAD.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC