|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79983 openssl_encrypt / openssl_decrypt fail with OCB mode
Submitted: 2020-08-16 21:06 UTC Modified: 2020-12-03 09:13 UTC
From: bizxing at web dot de Assigned: nikic (profile)
Status: Closed Package: OpenSSL related
PHP Version: Irrelevant OS: Win 10
Private report: No CVE-ID: None
 [2020-08-16 21:06 UTC] bizxing at web dot de
Although the OCB mode (authenticated encryption) is included in the list of available algorithms (e.g. [33] => aes-256-ocb) it is not properly supported. openssl_encrypt causes the error message: >The authenticated tag cannot be provided for cipher that doesn not support AEAD<. No tag is provided. However, the generated ciphertext seems to be correct. openssl_decrypt returns false. If aes-256-ocb is replaced by e.g. aes-256-gcm, it works as expected.

Test script:
//echo print_r(openssl_get_cipher_methods(), true);

$plaintext = "The quick brown fox jumps over the lazy dog";
$cipher = 'aes-256-ocb';
$key = '01234567890123456789012345678901';
$iv = '012345678901';

$ciphertext = openssl_encrypt($plaintext, $cipher, $key, OPENSSL_RAW_DATA, $iv, $tag);
echo "tag (hex): " . bin2hex($tag) . PHP_EOL ;
echo "ciphertext (hex): " . bin2hex($ciphertext) . PHP_EOL ;

$recovered = openssl_decrypt($ciphertext, $cipher, $key, OPENSSL_RAW_DATA, $iv, $tag);
echo "recovered: " . ($recovered == false ? 'false' : $recovered) . PHP_EOL ;

Expected result:
For the OCB mode, analogous to the GCM/CCM mode, a tag should be generated during encryption (6th parameter, $tag), which is used for authentication during decryption. 

Actual result:
See description / test script


Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2020-10-14 10:34 UTC]
-Status: Open +Status: Verified
 [2020-10-14 10:46 UTC]
Ah, looks like OCB support was only added in OpenSSL 1.1, and now there are also generic controls like EVP_CTRL_AEAD_SET_TAG, rather then cipher-specific ones.
 [2020-10-14 13:59 UTC]
-Assigned To: +Assigned To: nikic
 [2020-10-14 14:11 UTC]
The following pull request has been associated:

Patch Name: Add support for OCB mode in OpenSSL
On GitHub:
 [2020-10-19 09:10 UTC]
Automatic comment on behalf of
Log: Fix bug #79983: Add support for OCB mode
 [2020-10-19 09:10 UTC]
-Status: Verified +Status: Closed
 [2020-12-03 00:30 UTC] brad at pocketinnovations dot com dot au
This patch breaks libressl compilation because OCB is not supported by libressl at this time. One fix is to check that EVP_CIPH_OCB_MODE is also defined when checking openssl version

line 6496 of ext/openssl/openssl.c

 	int cipher_mode = EVP_CIPHER_mode(cipher_type);
 	memset(mode, 0, sizeof(struct php_openssl_cipher_mode));
 	switch (cipher_mode) {
+#if PHP_OPENSSL_API_VERSION >= 0x10100 && defined(EVP_CIPH_OCB_MODE)
 [2020-12-03 08:17 UTC] alex at ozo dot com
well, this is NOT an actual fix (from php part) but rather a workaround. the point is, that libressl is NOT fully compatible (at least on this issue) with openssl as far as features support.

I (among others) are on the libressl land, but for this to remain, libressl needs to remain a good alternative to openssl

my very humble 0,00002 cents

regards & many thanks
 [2020-12-03 09:13 UTC]
@brad at pocketinnovations dot com dot au: This issue should already be fixed in HEAD.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Jan 18 08:01:26 2021 UTC