php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #72360 ext/openssl build failure with OpenSSL 1.1.0
Submitted: 2016-06-07 21:28 UTC Modified: 2017-04-05 20:22 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: bugs dot php dot net at majkl578 dot cz Assigned: bukka (profile)
Status: Closed Package: OpenSSL related
PHP Version: 7.0.7 OS: Debian experimental
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bugs dot php dot net at majkl578 dot cz
New email:
PHP Version: OS:

 

 [2016-06-07 21:28 UTC] bugs dot php dot net at majkl578 dot cz 
Description:
------------
OpenSSL extension is not compatible with upcoming OpenSSL 1.1.0.

Test script:
---------------
Install OpenSSL 1.1.0 headers (you can use Debian experimental for this).

$ ./configure --disable-all --with-openssl
$ make

Expected result:
----------------
No errors.

Actual result:
--------------
/build/php/ext/openssl/openssl.c: In function ‘php_openssl_get_evp_md_from_algo’:
/build/php/ext/openssl/openssl.c:1078:24: warning: implicit declaration of function ‘EVP_dss1’ [-Wimplicit-function-declaration]
    mdtype = (EVP_MD *) EVP_dss1();
                        ^~~~~~~~
/build/php/ext/openssl/openssl.c:1078:13: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
    mdtype = (EVP_MD *) EVP_dss1();
             ^
/build/php/ext/openssl/openssl.c: In function ‘openssl_x509v3_subjectAltName’:
/build/php/ext/openssl/openssl.c:1920:15: error: dereferencing pointer to incomplete type ‘X509_EXTENSION {aka struct X509_extension_st}’
  p = extension->value->data;
               ^~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_x509_parse’:
/build/php/ext/openssl/openssl.c:1998:10: error: dereferencing pointer to incomplete type ‘X509 {aka struct x509_st}’
  if (cert->name) {
          ^~
/build/php/ext/openssl/openssl.c: In function ‘php_openssl_is_private_key’:
/build/php/ext/openssl/openssl.c:3501:14: error: dereferencing pointer to incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
  switch (pkey->type) {
              ^~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_pkey_new’:
/build/php/ext/openssl/openssl.c:3564:9: error: dereferencing pointer to incomplete type ‘RSA {aka struct rsa_st}’
    _type->_name = BN_bin2bn(         \
         ^
/build/php/ext/openssl/openssl.c:3593:6: note: in expansion of macro ‘OPENSSL_PKEY_SET_BN’
      OPENSSL_PKEY_SET_BN(Z_ARRVAL_P(data), rsa, n);
      ^~~~~~~~~~~~~~~~~~~
/build/php/ext/openssl/openssl.c:3564:9: error: dereferencing pointer to incomplete type ‘DSA {aka struct dsa_st}’
    _type->_name = BN_bin2bn(         \
         ^
/build/php/ext/openssl/openssl.c:3617:6: note: in expansion of macro ‘OPENSSL_PKEY_SET_BN’
      OPENSSL_PKEY_SET_BN(Z_ARRVAL_P(data), dsa, p);
      ^~~~~~~~~~~~~~~~~~~
/build/php/ext/openssl/openssl.c:3564:9: error: dereferencing pointer to incomplete type ‘DH {aka struct dh_st}’
    _type->_name = BN_bin2bn(         \
         ^
/build/php/ext/openssl/openssl.c:3641:6: note: in expansion of macro ‘OPENSSL_PKEY_SET_BN’
      OPENSSL_PKEY_SET_BN(Z_ARRVAL_P(data), dh, p);
      ^~~~~~~~~~~~~~~~~~~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_sign’:
/build/php/ext/openssl/openssl.c:4788:13: error: storage size of ‘md_ctx’ isn’t known
  EVP_MD_CTX md_ctx;
             ^~~~~~
/build/php/ext/openssl/openssl.c:4833:2: warning: implicit declaration of function ‘EVP_MD_CTX_cleanup’ [-Wimplicit-function-declaration]
  EVP_MD_CTX_cleanup(&md_ctx);
  ^~~~~~~~~~~~~~~~~~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_verify’:
/build/php/ext/openssl/openssl.c:4847:13: error: storage size of ‘md_ctx’ isn’t known
  EVP_MD_CTX md_ctx;
             ^~~~~~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_seal’:
/build/php/ext/openssl/openssl.c:4912:17: error: storage size of ‘ctx’ isn’t known
  EVP_CIPHER_CTX ctx;
                 ^~~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_open’:
/build/php/ext/openssl/openssl.c:5035:17: error: storage size of ‘ctx’ isn’t known
  EVP_CIPHER_CTX ctx;
                 ^~~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_digest’:
/build/php/ext/openssl/openssl.c:5163:13: error: storage size of ‘md_ctx’ isn’t known
  EVP_MD_CTX md_ctx;
             ^~~~~~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_encrypt’:
/build/php/ext/openssl/openssl.c:5244:17: error: storage size of ‘cipher_ctx’ isn’t known
  EVP_CIPHER_CTX cipher_ctx;
                 ^~~~~~~~~~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_decrypt’:
/build/php/ext/openssl/openssl.c:5327:17: error: storage size of ‘cipher_ctx’ isn’t known
  EVP_CIPHER_CTX cipher_ctx;
                 ^~~~~~~~~~
Makefile:485: recipe for target 'ext/openssl/openssl.lo' failed

Patches

openssl (last revision 2017-09-15 11:39 UTC by xxlsosa at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-06-07 21:50 UTC] nikic@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: bukka
 [2016-06-08 17:50 UTC] bukka@php.net 
I have got an initial port that requires more work as there were further API changes in OpenSSL 1.1 (e.g. structs like RSA, DSA, DH has been made opaque). The changes so far can be seen here:

https://github.com/bukka/php-src/compare/openssl_aead_with_error_store...bukka:openssl_1_1_port

I have to first sort out the error store and then merge openssl aead to master. After that I should be able to update the patch and merge it to master.
 [2016-07-20 18:35 UTC] bukka@php.net 
Fixed in master and the build with OpenSSL 1.1 should work in PHP 7.1
 [2016-07-20 18:35 UTC] bukka@php.net
-Status: Assigned +Status: Closed
 [2017-04-05 18:25 UTC] pgnet dot dev at gmail dot com 
current 7.1 branch does not build , with similar errors as reported here, with Openssl 1.1.

are the reqd changes still just in master? or have these fixes already made it into 7.1 yet, but need more attention?
 [2017-04-05 20:22 UTC] bukka@php.net 
It builds fine but in the email that I got from you, it's suggested to apply these changes:

@ ext/openssl/openssl.c

        PHP_MINFO_FUNCTION(openssl)
        {
            php_info_print_table_start();
            php_info_print_table_row(2, "OpenSSL support", "enabled");
--          php_info_print_table_row(2, "OpenSSL Library Version", SSLeay_version(SSLEAY_VERSION));
++          php_info_print_table_row(2, "OpenSSL Library Version", OpenSSL_version(OPENSSL_VERSION));
            php_info_print_table_row(2, "OpenSSL Header Version", OPENSSL_VERSION_TEXT);
            php_info_print_table_row(2, "Openssl default config", default_ssl_conf_filename);
            php_info_print_table_end();
            DISPLAY_INI_ENTRIES();
        }


It means that you don't build openssl with compat api (OPENSSL_API_COMPAT < 0x10100000L) which is currently necessary. See

https://github.com/openssl/openssl/blob/b3c31a6572bd7b89f469deb3c78f85f6e303df47/include/openssl/crypto.h#L54

I will take a look on those later but better to open a new bug for that called something like "Compilation with OPENSSL_API_COMPAT >= 0x10100000L fails". This is not related to the issues in this bug though.
 [2017-04-05 20:22 UTC] bukka@php.net 
It builds fine but in the email that I got from you, it's suggested to apply these changes:

@ ext/openssl/openssl.c

        PHP_MINFO_FUNCTION(openssl)
        {
            php_info_print_table_start();
            php_info_print_table_row(2, "OpenSSL support", "enabled");
--          php_info_print_table_row(2, "OpenSSL Library Version", SSLeay_version(SSLEAY_VERSION));
++          php_info_print_table_row(2, "OpenSSL Library Version", OpenSSL_version(OPENSSL_VERSION));
            php_info_print_table_row(2, "OpenSSL Header Version", OPENSSL_VERSION_TEXT);
            php_info_print_table_row(2, "Openssl default config", default_ssl_conf_filename);
            php_info_print_table_end();
            DISPLAY_INI_ENTRIES();
        }


It means that you don't build openssl with compat api (OPENSSL_API_COMPAT < 0x10100000L) which is currently necessary. See

https://github.com/openssl/openssl/blob/b3c31a6572bd7b89f469deb3c78f85f6e303df47/include/openssl/crypto.h#L54

I will take a look on those later but better to open a new bug for that called something like "Compilation with OPENSSL_API_COMPAT >= 0x10100000L fails". This is not related to the issues in this bug though.
 [2017-04-05 20:22 UTC] bukka@php.net 
Sorry for posting twice the same (it's just stupid interface... :) )
 [2017-04-05 20:47 UTC] pgnet dot dev at gmail dot com 
> better to open a new bug for that ...

https://bugs.php.net/bug.php?id=74378

> (it's just stupid interface... :) )

No kidding.  What a PITA!

Thanks.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Oct 27 13:00:01 2025 UTC