PHP :: Bug #41423 :: PHP assumes wrongly that certain ciphers are enabled in OpenSSL

Bug #41423

PHP assumes wrongly that certain ciphers are enabled in OpenSSL

Submitted:

2007-05-17 21:39 UTC

Modified:

2007-05-19 22:06 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

mdh at solitox dot net

Assigned:

pajoye (profile)

Status:

Closed

Package:

Compile Failure

PHP Version:

5.2.2

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

[2007-05-17 21:39 UTC] mdh at solitox dot net

Description:
------------
PHP's build assumes that the 3DES, DES, and RC2 ciphers are enabled in OpenSSL.  While they are enabled by default, they may not be enabled on all systems, and DES and RC2 are considered largely deprecated by the majority of the cryptography community.  

This prevents compiling of OpenSSL support against OpenSSL libraries without support for these ciphers.  


Reproduce code:
---------------
        /* sanity check the cipher */
        switch (cipherid) {
                case PHP_OPENSSL_CIPHER_RC2_40:
                        cipher = EVP_rc2_40_cbc();
                        break;
                case PHP_OPENSSL_CIPHER_RC2_64:
                        cipher = EVP_rc2_64_cbc();
                        break;
                case PHP_OPENSSL_CIPHER_RC2_128:
                        cipher = EVP_rc2_cbc();
                        break;
                case PHP_OPENSSL_CIPHER_DES:
                        cipher = EVP_des_cbc();
                        break;
                case PHP_OPENSSL_CIPHER_3DES:
                        cipher = EVP_des_ede3_cbc();
                        break;


Actual result:
--------------
/u/root/build/php-5.2.2/ext/openssl/openssl.c:2932: undefined reference to `EVP_rc2_40_cbc'
ext/openssl/.libs/openssl.o(.text+0x55af):/u/root/build/php-5.2.2/ext/openssl/openssl.c:2938: undefined reference to `EVP_rc2_cbc'
ext/openssl/.libs/openssl.o(.text+0x55b9):/u/root/build/php-5.2.2/ext/openssl/openssl.c:2935: undefined reference to `EVP_rc2_64_cbc'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-05-17 21:49 UTC] pajoye@php.net

"PHP's build assumes that the 3DES, DES, and RC2 ciphers are enabled in
OpenSSL.  While they are enabled by default, they may not be enabled on
all systems"

That's right, the OPENSSL_NO_* macros should be used.

" and DES and RC2 are considered largely deprecated by the
majority of the cryptography community."

That's sadly not relevant, we do support them as well as openssl. It is up to the users to decide.

Patch on its way.

Thanks for this report!

[2007-05-19 22:06 UTC] pajoye@php.net

Fixed in 5.2.x and HEAD.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 09:01:32 2024 UTC