php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79983 openssl_encrypt / openssl_decrypt fail with OCB mode
Submitted: 2020-08-16 21:06 UTC Modified: 2020-12-03 09:13 UTC
From: bizxing at web dot de Assigned: nikic (profile)
Status: Closed Package: OpenSSL related
PHP Version: Irrelevant OS: Win 10
Private report: No CVE-ID: None
 [2020-08-16 21:06 UTC] bizxing at web dot de
Description:
------------
Although the OCB mode (authenticated encryption) is included in the list of available algorithms (e.g. [33] => aes-256-ocb) it is not properly supported. openssl_encrypt causes the error message: >The authenticated tag cannot be provided for cipher that doesn not support AEAD<. No tag is provided. However, the generated ciphertext seems to be correct. openssl_decrypt returns false. If aes-256-ocb is replaced by e.g. aes-256-gcm, it works as expected.


Test script:
---------------
//echo print_r(openssl_get_cipher_methods(), true);

$plaintext = "The quick brown fox jumps over the lazy dog";
$cipher = 'aes-256-ocb';
$key = '01234567890123456789012345678901';
$iv = '012345678901';

$ciphertext = openssl_encrypt($plaintext, $cipher, $key, OPENSSL_RAW_DATA, $iv, $tag);
echo "tag (hex): " . bin2hex($tag) . PHP_EOL ;
echo "ciphertext (hex): " . bin2hex($ciphertext) . PHP_EOL ;

$recovered = openssl_decrypt($ciphertext, $cipher, $key, OPENSSL_RAW_DATA, $iv, $tag);
echo "recovered: " . ($recovered == false ? 'false' : $recovered) . PHP_EOL ;


Expected result:
----------------
For the OCB mode, analogous to the GCM/CCM mode, a tag should be generated during encryption (6th parameter, $tag), which is used for authentication during decryption. 

Actual result:
--------------
See description / test script

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-10-14 10:34 UTC] nikic@php.net
-Status: Open +Status: Verified
 [2020-10-14 10:46 UTC] nikic@php.net
Ah, looks like OCB support was only added in OpenSSL 1.1, and now there are also generic controls like EVP_CTRL_AEAD_SET_TAG, rather then cipher-specific ones.

https://www.openssl.org/docs/man1.1.0/man3/EVP_CIPHER_CTX_ctrl.html
 [2020-10-14 13:59 UTC] nikic@php.net
-Assigned To: +Assigned To: nikic
 [2020-10-14 14:11 UTC] nikic@php.net
The following pull request has been associated:

Patch Name: Add support for OCB mode in OpenSSL
On GitHub:  https://github.com/php/php-src/pull/6337
Patch:      https://github.com/php/php-src/pull/6337.patch
 [2020-10-19 09:10 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=750a74ed9c8061681dba26ffc779c81b391b7718
Log: Fix bug #79983: Add support for OCB mode
 [2020-10-19 09:10 UTC] nikic@php.net
-Status: Verified +Status: Closed
 [2020-12-03 00:30 UTC] brad at pocketinnovations dot com dot au
This patch breaks libressl compilation because OCB is not supported by libressl at this time. One fix is to check that EVP_CIPH_OCB_MODE is also defined when checking openssl version

line 6496 of ext/openssl/openssl.c

 	int cipher_mode = EVP_CIPHER_mode(cipher_type);
 	memset(mode, 0, sizeof(struct php_openssl_cipher_mode));
 	switch (cipher_mode) {
-#if PHP_OPENSSL_API_VERSION >= 0x10100
+#if PHP_OPENSSL_API_VERSION >= 0x10100 && defined(EVP_CIPH_OCB_MODE)
 		case EVP_CIPH_GCM_MODE:
 		case EVP_CIPH_OCB_MODE:
 		case EVP_CIPH_CCM_MODE:
 [2020-12-03 08:17 UTC] alex at ozo dot com
well, this is NOT an actual fix (from php part) but rather a workaround. the point is, that libressl is NOT fully compatible (at least on this issue) with openssl as far as features support.

I (among others) are on the libressl land, but for this to remain, libressl needs to remain a good alternative to openssl

my very humble 0,00002 cents

regards & many thanks
 [2020-12-03 09:13 UTC] nikic@php.net
@brad at pocketinnovations dot com dot au: This issue should already be fixed in HEAD.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 16:01:33 2024 UTC