php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78079 openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c
Submitted: 2019-05-28 21:24 UTC Modified: 2019-06-02 18:18 UTC
From: cmb@php.net Assigned: bukka (profile)
Status: Closed Package: OpenSSL related
PHP Version: 7.2Git-2019-05-28 (Git) OS: Windows
Private report: No CVE-ID: None
 [2019-05-28 21:24 UTC] cmb@php.net
Description:
------------
When building PHP with OpenSSL 1.1.1c, openssl_encrypt_ccm.phpt[1]
reproducibly fails (the other tests are passing).  I have only
tested this on Windows, but other systems may be affected as well.

[1] <https://github.com/php/php-src/blob/php-7.3.6/ext/openssl/tests/openssl_encrypt_ccm.phpt>

Test script:
---------------
nmake test TESTS=ext\openssl\tests\openssl_encrypt_ccm.phpt

Actual result:
--------------
007+ 
008+ Warning: openssl_encrypt(): Retrieving verification tag failed in D:\php-sdk\phpdev\vc15\x64\php-src-7.3\ext\openssl\tests\openssl_encrypt_ccm.php on line 18
007- string(8) "p/lvgA=="
008- int(1024)
009+ bool(false)
010+ int(16)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-05-28 21:24 UTC] cmb@php.net
-Assigned To: +Assigned To: bukka
 [2019-05-28 21:24 UTC] cmb@php.net
Jakub, could you please have a look at this?
 [2019-05-29 09:28 UTC] cmb@php.net
I debugged, and found that the failing test is caused by enforcing
a strict output length check in CRYPTO_ccm128_tag[1].  It seems to
me that removing the last openssl_encrypt() call in the test is
the appropriate solution.

[1] <https://github.com/openssl/openssl/commit/fc4c034ee823c18de34d72dc46da6aabbb6f551e>
 [2019-06-02 18:11 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2e025794745e09f7d0c72822ad0238bf6d67b2e8
Log: Fix bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c)
 [2019-06-02 18:11 UTC] bukka@php.net
-Status: Assigned +Status: Closed
 [2019-06-02 18:13 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2e025794745e09f7d0c72822ad0238bf6d67b2e8
Log: Fix bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c)
 [2019-06-02 18:15 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2e025794745e09f7d0c72822ad0238bf6d67b2e8
Log: Fix bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c)
 [2019-06-02 18:15 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2e025794745e09f7d0c72822ad0238bf6d67b2e8
Log: Fix bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c)
 [2019-06-02 18:18 UTC] bukka@php.net
It was actually a bug as the result of setting the tag length has not been checked correctly. I modified the test a bit to reflect the changes.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 15:01:29 2024 UTC