php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41423 PHP assumes wrongly that certain ciphers are enabled in OpenSSL
Submitted: 2007-05-17 21:39 UTC Modified: 2007-05-19 22:06 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mdh at solitox dot net Assigned: pajoye (profile)
Status: Closed Package: Compile Failure
PHP Version: 5.2.2 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
47 - 12 = ?
Subscribe to this entry?

 
 [2007-05-17 21:39 UTC] mdh at solitox dot net
Description:
------------
PHP's build assumes that the 3DES, DES, and RC2 ciphers are enabled in OpenSSL.  While they are enabled by default, they may not be enabled on all systems, and DES and RC2 are considered largely deprecated by the majority of the cryptography community.  

This prevents compiling of OpenSSL support against OpenSSL libraries without support for these ciphers.  


Reproduce code:
---------------
        /* sanity check the cipher */
        switch (cipherid) {
                case PHP_OPENSSL_CIPHER_RC2_40:
                        cipher = EVP_rc2_40_cbc();
                        break;
                case PHP_OPENSSL_CIPHER_RC2_64:
                        cipher = EVP_rc2_64_cbc();
                        break;
                case PHP_OPENSSL_CIPHER_RC2_128:
                        cipher = EVP_rc2_cbc();
                        break;
                case PHP_OPENSSL_CIPHER_DES:
                        cipher = EVP_des_cbc();
                        break;
                case PHP_OPENSSL_CIPHER_3DES:
                        cipher = EVP_des_ede3_cbc();
                        break;


Actual result:
--------------
/u/root/build/php-5.2.2/ext/openssl/openssl.c:2932: undefined reference to `EVP_rc2_40_cbc'
ext/openssl/.libs/openssl.o(.text+0x55af):/u/root/build/php-5.2.2/ext/openssl/openssl.c:2938: undefined reference to `EVP_rc2_cbc'
ext/openssl/.libs/openssl.o(.text+0x55b9):/u/root/build/php-5.2.2/ext/openssl/openssl.c:2935: undefined reference to `EVP_rc2_64_cbc'


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-05-17 21:49 UTC] pajoye@php.net
"PHP's build assumes that the 3DES, DES, and RC2 ciphers are enabled in
OpenSSL.  While they are enabled by default, they may not be enabled on
all systems"

That's right, the OPENSSL_NO_* macros should be used.

" and DES and RC2 are considered largely deprecated by the
majority of the cryptography community."

That's sadly not relevant, we do support them as well as openssl. It is up to the users to decide.

Patch on its way.

Thanks for this report!
 [2007-05-19 22:06 UTC] pajoye@php.net
Fixed in 5.2.x and HEAD.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Apr 11 08:01:23 2021 UTC