php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #73271 Incorrect resp. unneeded OpenSSL feature check
Submitted: 2016-10-09 12:03 UTC Modified: 2020-10-14 10:36 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: rainer dot jung at kippdata dot de Assigned: nikic (profile)
Status: Closed Package: *Compile Issues
PHP Version: 7.1.0RC3 OS: Solaris, Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
20 - 5 = ?
Subscribe to this entry?

 
 [2016-10-09 12:03 UTC] rainer dot jung at kippdata dot de 
Description:
------------
I stumbled over an invalid OpenSSL feature check. File ext/mysqlnd/config9.m4 contains:

AC_CHECK_LIB(ssl, DSA_get_default_method, AC_DEFINE(HAVE_DSA_DEFAULT_METHOD, 1, [OpenSSL 0.9.7 or later]))
AC_CHECK_LIB(crypto, X509_free, AC_DEFINE(HAVE_DSA_DEFAULT_METHOD, 1, [OpenSSL 0.9.7 or later]))

In the first check, it must be "crypto" not "ssl". The symbol DSA_get_default_method is defined in OpenSSL libcrypto, not libssl. The test against the wrong library often fails, but sometimes coincidentally succeeds if due to some other previous check libcrypto was already put into LIBS.

Furthermore the second check checks another function, but then sets the same HAVE_DSA_DEFAULT_METHOD define.

Now the situation is:

- PHP 7.0 and 7.1 already demand OpenSSL 0.9.8 which always has these features. Therefore the same check in ext/openssl/config0.m4 was removed by

https://github.com/php/php-src/commit/6a813634052710f3f4bf6e2e03ca1b6c7be3bcee#diff-69bad938d17f4283faa5f7fea17fa627 

when the requirement for OpenSSL 0.9.8 was introduced. The same commit also removed the only usage of the define HAVE_DSA_DEFAULT_METHOD (in ext/openssl/openssl.c). So as a followup to this commit I suggest removing the above two lines from ext/mysqlnd/config9.m4 for 7.0 and 7.1:

--- ext/mysqlnd/config9.m4    2016-09-29 04:15:39.000000000 +0200
+++ ext/mysqlnd/config9.m4    2016-10-09 13:56:18.351155000 +0200
@@ -34,9 +34,6 @@
   test -z "$PHP_OPENSSL" && PHP_OPENSSL=no

   if test "$PHP_OPENSSL" != "no" || test "$PHP_OPENSSL_DIR" != "no"; then
-    AC_CHECK_LIB(ssl, DSA_get_default_method, AC_DEFINE(HAVE_DSA_DEFAULT_METHOD, 1, [OpenSSL 0.9.7 or later]))
-    AC_CHECK_LIB(crypto, X509_free, AC_DEFINE(HAVE_DSA_DEFAULT_METHOD, 1, [OpenSSL 0.9.7 or later]))
-
     PHP_SETUP_OPENSSL(MYSQLND_SHARED_LIBADD, [AC_DEFINE(MYSQLND_HAVE_SSL,1,[Enable mysqlnd code that uses OpenSSL directly])])
   fi


In 5.6 the situation is different. Here the check still makes sense, but should be corrected in ext/mysqlnd/config9.m4 and ext/openssl/config0.m4 to check the right library "crypto" and not "ssl":

--- ext/openssl/config0.m4    2016-08-18 13:07:46.000000000 +0200
+++ ext/openssl/config0.m4    2016-10-09 13:58:49.428676000 +0200
@@ -19,7 +19,7 @@
     PHP_SETUP_KERBEROS(OPENSSL_SHARED_LIBADD)
   fi

-  AC_CHECK_LIB(ssl, DSA_get_default_method, AC_DEFINE(HAVE_DSA_DEFAULT_METHOD, 1, [OpenSSL 0.9.7 or later]))
+  AC_CHECK_LIB(crypto, DSA_get_default_method, AC_DEFINE(HAVE_DSA_DEFAULT_METHOD, 1, [OpenSSL 0.9.7 or later]))
   AC_CHECK_LIB(crypto, X509_free, AC_DEFINE(HAVE_DSA_DEFAULT_METHOD, 1, [OpenSSL 0.9.7 or later]))
   AC_CHECK_FUNCS([RAND_egd])

--- ext/mysqlnd/config9.m4    2016-08-18 13:07:46.000000000 +0200
+++ ext/mysqlnd/config9.m4    2016-10-09 13:58:53.198828000 +0200
@@ -34,7 +34,7 @@
   test -z "$PHP_OPENSSL" && PHP_OPENSSL=no

   if test "$PHP_OPENSSL" != "no" || test "$PHP_OPENSSL_DIR" != "no"; then
-    AC_CHECK_LIB(ssl, DSA_get_default_method, AC_DEFINE(HAVE_DSA_DEFAULT_METHOD, 1, [OpenSSL 0.9.7 or later]))
+    AC_CHECK_LIB(crypto, DSA_get_default_method, AC_DEFINE(HAVE_DSA_DEFAULT_METHOD, 1, [OpenSSL 0.9.7 or later]))
     AC_CHECK_LIB(crypto, X509_free, AC_DEFINE(HAVE_DSA_DEFAULT_METHOD, 1, [OpenSSL 0.9.7 or later]))

     PHP_SETUP_OPENSSL(MYSQLND_SHARED_LIBADD, [AC_DEFINE(MYSQLND_HAVE_SSL,1,[Enable mysqlnd code that uses OpenSSL directly])])


Regards,

Rainer

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-10-09 12:08 UTC] rainer dot jung at kippdata dot de 
Two more files can be cleanup up in 87.0 and 7.1:

--- main/php_config.h.in        2016-09-29 04:15:35.000000000 +0200
+++ main/php_config.h.in        2016-10-09 14:06:14.410066000 +0200
@@ -604,9 +604,6 @@
 /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
 #undef HAVE_DOPRNT

-/* OpenSSL 0.9.7 or later */
-#undef HAVE_DSA_DEFAULT_METHOD
-
 /* Whether to enable DTrace support */
 #undef HAVE_DTRACE

--- ext/openssl/config.w32      2016-09-29 04:15:39.000000000 +0200
+++ ext/openssl/config.w32      2016-10-09 14:06:09.410396000 +0200
@@ -12,7 +12,6 @@

                AC_DEFINE("HAVE_OPENSSL_EXT", PHP_OPENSSL_SHARED ? 0 : 1, "Have openssl");
                AC_DEFINE("HAVE_OPENSSL", 1);
-               AC_DEFINE("HAVE_DSA_DEFAULT_METHOD", 1);
        }
 }
 [2020-10-14 10:36 UTC] nikic@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2020-10-14 10:36 UTC] nikic@php.net 
Looks like these checks have been removed in https://github.com/php/php-src/commit/4b03e102c58f56cbf5f794f21face56abd662e90.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Apr 24 05:01:30 2024 UTC