php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72360 ext/openssl build failure with OpenSSL 1.1.0
Submitted: 2016-06-07 21:28 UTC Modified: 2017-04-05 20:22 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: bugs dot php dot net at majkl578 dot cz Assigned: bukka
Status: Closed Package: OpenSSL related
PHP Version: 7.0.7 OS: Debian experimental
Private report: No CVE-ID:
 [2016-06-07 21:28 UTC] bugs dot php dot net at majkl578 dot cz
Description:
------------
OpenSSL extension is not compatible with upcoming OpenSSL 1.1.0.

Test script:
---------------
Install OpenSSL 1.1.0 headers (you can use Debian experimental for this).

$ ./configure --disable-all --with-openssl
$ make

Expected result:
----------------
No errors.

Actual result:
--------------
/build/php/ext/openssl/openssl.c: In function ‘php_openssl_get_evp_md_from_algo’:
/build/php/ext/openssl/openssl.c:1078:24: warning: implicit declaration of function ‘EVP_dss1’ [-Wimplicit-function-declaration]
    mdtype = (EVP_MD *) EVP_dss1();
                        ^~~~~~~~
/build/php/ext/openssl/openssl.c:1078:13: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
    mdtype = (EVP_MD *) EVP_dss1();
             ^
/build/php/ext/openssl/openssl.c: In function ‘openssl_x509v3_subjectAltName’:
/build/php/ext/openssl/openssl.c:1920:15: error: dereferencing pointer to incomplete type ‘X509_EXTENSION {aka struct X509_extension_st}’
  p = extension->value->data;
               ^~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_x509_parse’:
/build/php/ext/openssl/openssl.c:1998:10: error: dereferencing pointer to incomplete type ‘X509 {aka struct x509_st}’
  if (cert->name) {
          ^~
/build/php/ext/openssl/openssl.c: In function ‘php_openssl_is_private_key’:
/build/php/ext/openssl/openssl.c:3501:14: error: dereferencing pointer to incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
  switch (pkey->type) {
              ^~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_pkey_new’:
/build/php/ext/openssl/openssl.c:3564:9: error: dereferencing pointer to incomplete type ‘RSA {aka struct rsa_st}’
    _type->_name = BN_bin2bn(         \
         ^
/build/php/ext/openssl/openssl.c:3593:6: note: in expansion of macro ‘OPENSSL_PKEY_SET_BN’
      OPENSSL_PKEY_SET_BN(Z_ARRVAL_P(data), rsa, n);
      ^~~~~~~~~~~~~~~~~~~
/build/php/ext/openssl/openssl.c:3564:9: error: dereferencing pointer to incomplete type ‘DSA {aka struct dsa_st}’
    _type->_name = BN_bin2bn(         \
         ^
/build/php/ext/openssl/openssl.c:3617:6: note: in expansion of macro ‘OPENSSL_PKEY_SET_BN’
      OPENSSL_PKEY_SET_BN(Z_ARRVAL_P(data), dsa, p);
      ^~~~~~~~~~~~~~~~~~~
/build/php/ext/openssl/openssl.c:3564:9: error: dereferencing pointer to incomplete type ‘DH {aka struct dh_st}’
    _type->_name = BN_bin2bn(         \
         ^
/build/php/ext/openssl/openssl.c:3641:6: note: in expansion of macro ‘OPENSSL_PKEY_SET_BN’
      OPENSSL_PKEY_SET_BN(Z_ARRVAL_P(data), dh, p);
      ^~~~~~~~~~~~~~~~~~~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_sign’:
/build/php/ext/openssl/openssl.c:4788:13: error: storage size of ‘md_ctx’ isn’t known
  EVP_MD_CTX md_ctx;
             ^~~~~~
/build/php/ext/openssl/openssl.c:4833:2: warning: implicit declaration of function ‘EVP_MD_CTX_cleanup’ [-Wimplicit-function-declaration]
  EVP_MD_CTX_cleanup(&md_ctx);
  ^~~~~~~~~~~~~~~~~~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_verify’:
/build/php/ext/openssl/openssl.c:4847:13: error: storage size of ‘md_ctx’ isn’t known
  EVP_MD_CTX md_ctx;
             ^~~~~~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_seal’:
/build/php/ext/openssl/openssl.c:4912:17: error: storage size of ‘ctx’ isn’t known
  EVP_CIPHER_CTX ctx;
                 ^~~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_open’:
/build/php/ext/openssl/openssl.c:5035:17: error: storage size of ‘ctx’ isn’t known
  EVP_CIPHER_CTX ctx;
                 ^~~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_digest’:
/build/php/ext/openssl/openssl.c:5163:13: error: storage size of ‘md_ctx’ isn’t known
  EVP_MD_CTX md_ctx;
             ^~~~~~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_encrypt’:
/build/php/ext/openssl/openssl.c:5244:17: error: storage size of ‘cipher_ctx’ isn’t known
  EVP_CIPHER_CTX cipher_ctx;
                 ^~~~~~~~~~
/build/php/ext/openssl/openssl.c: In function ‘zif_openssl_decrypt’:
/build/php/ext/openssl/openssl.c:5327:17: error: storage size of ‘cipher_ctx’ isn’t known
  EVP_CIPHER_CTX cipher_ctx;
                 ^~~~~~~~~~
Makefile:485: recipe for target 'ext/openssl/openssl.lo' failed

Patches

openssl (last revision 2017-09-15 11:39 UTC) by xxlsosa at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-06-07 21:50 UTC] nikic@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: bukka
 [2016-06-08 17:50 UTC] bukka@php.net
I have got an initial port that requires more work as there were further API changes in OpenSSL 1.1 (e.g. structs like RSA, DSA, DH has been made opaque). The changes so far can be seen here:

https://github.com/bukka/php-src/compare/openssl_aead_with_error_store...bukka:openssl_1_1_port

I have to first sort out the error store and then merge openssl aead to master. After that I should be able to update the patch and merge it to master.
 [2016-07-20 18:35 UTC] bukka@php.net
Fixed in master and the build with OpenSSL 1.1 should work in PHP 7.1
 [2016-07-20 18:35 UTC] bukka@php.net
-Status: Assigned +Status: Closed
 [2017-04-05 18:25 UTC] pgnet dot dev at gmail dot com
current 7.1 branch does not build , with similar errors as reported here, with Openssl 1.1.

are the reqd changes still just in master? or have these fixes already made it into 7.1 yet, but need more attention?
 [2017-04-05 20:22 UTC] bukka@php.net
It builds fine but in the email that I got from you, it's suggested to apply these changes:

@ ext/openssl/openssl.c

        PHP_MINFO_FUNCTION(openssl)
        {
            php_info_print_table_start();
            php_info_print_table_row(2, "OpenSSL support", "enabled");
--          php_info_print_table_row(2, "OpenSSL Library Version", SSLeay_version(SSLEAY_VERSION));
++          php_info_print_table_row(2, "OpenSSL Library Version", OpenSSL_version(OPENSSL_VERSION));
            php_info_print_table_row(2, "OpenSSL Header Version", OPENSSL_VERSION_TEXT);
            php_info_print_table_row(2, "Openssl default config", default_ssl_conf_filename);
            php_info_print_table_end();
            DISPLAY_INI_ENTRIES();
        }


It means that you don't build openssl with compat api (OPENSSL_API_COMPAT < 0x10100000L) which is currently necessary. See

https://github.com/openssl/openssl/blob/b3c31a6572bd7b89f469deb3c78f85f6e303df47/include/openssl/crypto.h#L54

I will take a look on those later but better to open a new bug for that called something like "Compilation with OPENSSL_API_COMPAT >= 0x10100000L fails". This is not related to the issues in this bug though.
 [2017-04-05 20:22 UTC] bukka@php.net
It builds fine but in the email that I got from you, it's suggested to apply these changes:

@ ext/openssl/openssl.c

        PHP_MINFO_FUNCTION(openssl)
        {
            php_info_print_table_start();
            php_info_print_table_row(2, "OpenSSL support", "enabled");
--          php_info_print_table_row(2, "OpenSSL Library Version", SSLeay_version(SSLEAY_VERSION));
++          php_info_print_table_row(2, "OpenSSL Library Version", OpenSSL_version(OPENSSL_VERSION));
            php_info_print_table_row(2, "OpenSSL Header Version", OPENSSL_VERSION_TEXT);
            php_info_print_table_row(2, "Openssl default config", default_ssl_conf_filename);
            php_info_print_table_end();
            DISPLAY_INI_ENTRIES();
        }


It means that you don't build openssl with compat api (OPENSSL_API_COMPAT < 0x10100000L) which is currently necessary. See

https://github.com/openssl/openssl/blob/b3c31a6572bd7b89f469deb3c78f85f6e303df47/include/openssl/crypto.h#L54

I will take a look on those later but better to open a new bug for that called something like "Compilation with OPENSSL_API_COMPAT >= 0x10100000L fails". This is not related to the issues in this bug though.
 [2017-04-05 20:22 UTC] bukka@php.net
Sorry for posting twice the same (it's just stupid interface... :) )
 [2017-04-05 20:47 UTC] pgnet dot dev at gmail dot com
> better to open a new bug for that ...

https://bugs.php.net/bug.php?id=74378

> (it's just stupid interface... :) )

No kidding.  What a PITA!

Thanks.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC