PHP :: Bug #52192 :: PHP 5.3 not working against OpenSSL 0.9.6

Bug #52192	PHP 5.3 not working against OpenSSL 0.9.6
Submitted:	2010-06-26 15:23 UTC	Modified:	2010-11-27 13:30 UTC
From:	news at onastick dot clara dot co dot uk	Assigned:	pajoye (profile)
Status:	Closed	Package:	Compile Failure
PHP Version:	5.3.2	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	news at onastick dot clara dot co dot uk
New email:
PHP Version:		OS:

New Comment:

[2010-06-26 15:23 UTC] news at onastick dot clara dot co dot uk

Description:
------------
"configure" states that OpenSSL 0.9.6 is required as a minimum for build however the compilation process fails on line 4560 building ext/openssl/openssl. It seems that newer versions of SSL return a status from 'EVP_DigestFinal' whereas in 0.9.6 is it a void. This is relatively easily hacked out however at final link fatal errors are produced - see actual result below.

For me, yes I'd like it to work with my existing version however this probably isn't realistic going forward so the build should probably be updated to give a new minimum version of SSL that it will work with. 

Test script:
---------------
./configure --with-openssl ....
make


Expected result:
----------------
Build completes successfully

Actual result:
--------------
ext/openssl/.libs/openssl.o: In function `php_openssl_generate_private_key':
/home/jon/php/php-5.3.2/ext/openssl/openssl.c:2778: undefined reference to `DH_get_default_method'
ext/openssl/.libs/openssl.o: In function `zif_openssl_sign':
/home/jon/php/php-5.3.2/ext/openssl/openssl.c:4006: undefined reference to `EVP_MD_CTX_cleanup'
ext/openssl/.libs/openssl.o: In function `zif_openssl_verify':
/home/jon/php/php-5.3.2/ext/openssl/openssl.c:4057: undefined reference to `EVP_MD_CTX_cleanup'
ext/openssl/.libs/openssl.o: In function `zif_openssl_get_md_methods':
/home/jon/php/php-5.3.2/ext/openssl/openssl.c:4512: undefined reference to `OBJ_NAME_do_all_sorted'
ext/openssl/.libs/openssl.o: In function `zif_openssl_get_cipher_methods':
/home/jon/php/php-5.3.2/ext/openssl/openssl.c:4528: undefined reference to `OBJ_NAME_do_all_sorted'
collect2: ld returned 1 exit status
make: *** [sapi/cli/php] Error 1

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-06-26 16:09 UTC] pajoye@php.net

-Status: Open +Status: Feedback

[2010-06-26 16:09 UTC] pajoye@php.net

Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

[2010-06-27 21:33 UTC] news at onastick dot clara dot co dot uk

-Status: Feedback +Status: Open

[2010-06-27 21:33 UTC] news at onastick dot clara dot co dot uk

Using latest snapshot makes no difference. Same errors are generated.

[2010-06-27 23:27 UTC] pajoye@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: pajoye

[2010-06-27 23:27 UTC] pajoye@php.net

Have you ever considered to update? 0.9.6 is 7 years old and many critical fixes have been done since.

I don't have a box with this version, but can check to see if it is easily fixable. If not, this bug will be marked as won't fix.

[2010-06-28 13:38 UTC] news at onastick dot clara dot co dot uk

Yes, I have actually installed an updated version (in a separate location) however I have a feeling that a number of other modules linked in to Apache also have dependencies on OpenSSL and attempting to link in a newer version could result in a right mess. However I'll probably have a play and see what does happen.

I would be surprised if you did want to apply a fix to support this old version of SSL however my initial thoughts on raising the bug is that you would at least want to update the minimum version of SSL supported by "configure", since this clearly isn't correct anymore.

[2010-06-28 13:46 UTC] pajoye@php.net

Right, but I would like to fix the build issue first, if possible.

[2010-07-14 22:05 UTC] news at onastick dot clara dot co dot uk

Ok I managed to build it against 0.9.6 but it involved a bit of a hack, for info though here are my modifications which will need to be sanity checked by someone who knows what the code actually does:

1. Compilation failure is fixed by applying the hack I mentioned in my original post.

2. Looking an the unresolved symbols at link time, I noticed that in the version of ext/openssl/openssl.c in PHP 5.2.13, there is a #if directive wrapped around calls to "EVP_MD_CTX_cleanup" (which has been removed in the newer version) of the form:

#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
	EVP_MD_CTX_cleanup(&md_ctx);
#endif

re-instating this directive resolves that issue - note that this also needs to be applied to ext/pear/util.c which also makes calls to this function.

'DH_get_default_method' - again comparing this back against the codebase for 5.2.13, this call is invoked from an additional 'case' statement for 'OPENSSL_KEYTYPE_DH' in or around line 2276. Conveniently, this has a #if switch round it:

#if !defined(NO_DH)

...

#endif

so defining this macro for older versions of openssl would alleviate this error but I can't be sure when this was introduced so in my build I hardcoded it.

'OBJ_NAME_do_all_sorted' - again, cross referencing back to the 5.2.13 source, these calls are invoked by a whole new code section at the end of the file - in or around line 4496. These calls aren't in 0.9.6 so the best I could do is comment them out and just return straight back.

Quite what impact all this has on the functionality I couldn't tell you.

The 'diff' is as follows:

54,57d53
< #if OPENSSL_VERSION_NUMBER < 0x0090700fL
< #define NO_DH
< #endif
< 
4010d4005
< #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4012d4006
< #endif
4063d4056
< #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4065d4057
< #endif
4519d4510
< #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4524d4514
< #endif
4537,4538d4526
< 
< #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4543d4530
< #endif
4573c4560
<         EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen) ;
---
> 	if (EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) {
4585c4572,4575
< 
---
> 	} else {
> 		efree(sigbuf);
> 		RETVAL_FALSE;
> 	}

[2010-11-27 13:30 UTC] pajoye@php.net

-Status: Assigned +Status: Closed

[2010-11-27 13:30 UTC] pajoye@php.net

The configure says 0.9.7 or later, in 5.3.3/4RC1 and trunk.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Dec 02 14:00:01 2025 UTC