PHP :: Bug #79983 :: openssl_encrypt / openssl

Bug #79983	openssl_encrypt / openssl_decrypt fail with OCB mode
Submitted:	2020-08-16 21:06 UTC	Modified:	2020-12-03 09:13 UTC
From:	bizxing at web dot de	Assigned:	nikic (profile)
Status:	Closed	Package:	OpenSSL related
PHP Version:	Irrelevant	OS:	Win 10
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	bizxing at web dot de
New email:
PHP Version:		OS:

New/Additional Comment:

[2020-08-16 21:06 UTC] bizxing at web dot de

Description:
------------
Although the OCB mode (authenticated encryption) is included in the list of available algorithms (e.g. [33] => aes-256-ocb) it is not properly supported. openssl_encrypt causes the error message: >The authenticated tag cannot be provided for cipher that doesn not support AEAD<. No tag is provided. However, the generated ciphertext seems to be correct. openssl_decrypt returns false. If aes-256-ocb is replaced by e.g. aes-256-gcm, it works as expected.


Test script:
---------------
//echo print_r(openssl_get_cipher_methods(), true);

$plaintext = "The quick brown fox jumps over the lazy dog";
$cipher = 'aes-256-ocb';
$key = '01234567890123456789012345678901';
$iv = '012345678901';

$ciphertext = openssl_encrypt($plaintext, $cipher, $key, OPENSSL_RAW_DATA, $iv, $tag);
echo "tag (hex): " . bin2hex($tag) . PHP_EOL ;
echo "ciphertext (hex): " . bin2hex($ciphertext) . PHP_EOL ;

$recovered = openssl_decrypt($ciphertext, $cipher, $key, OPENSSL_RAW_DATA, $iv, $tag);
echo "recovered: " . ($recovered == false ? 'false' : $recovered) . PHP_EOL ;


Expected result:
----------------
For the OCB mode, analogous to the GCM/CCM mode, a tag should be generated during encryption (6th parameter, $tag), which is used for authentication during decryption. 

Actual result:
--------------
See description / test script

Patches

Add a Patch

Pull Requests

Pull requests:

Add support for OCB mode in OpenSSL (php-src/6337)

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-10-14 10:33 UTC] nikic@php.net

Related To: Bug #80232

[2020-10-14 10:34 UTC] nikic@php.net

-Status: Open +Status: Verified

[2020-10-14 10:46 UTC] nikic@php.net

Ah, looks like OCB support was only added in OpenSSL 1.1, and now there are also generic controls like EVP_CTRL_AEAD_SET_TAG, rather then cipher-specific ones.

https://www.openssl.org/docs/man1.1.0/man3/EVP_CIPHER_CTX_ctrl.html

[2020-10-14 13:59 UTC] nikic@php.net

-Assigned To: +Assigned To: nikic

[2020-10-14 14:11 UTC] nikic@php.net

The following pull request has been associated:

Patch Name: Add support for OCB mode in OpenSSL
On GitHub:  https://github.com/php/php-src/pull/6337
Patch:      https://github.com/php/php-src/pull/6337.patch

[2020-10-19 09:10 UTC] nikic@php.net

Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=750a74ed9c8061681dba26ffc779c81b391b7718
Log: Fix bug #79983: Add support for OCB mode

[2020-10-19 09:10 UTC] nikic@php.net

-Status: Verified +Status: Closed

[2020-12-03 00:30 UTC] brad at pocketinnovations dot com dot au

This patch breaks libressl compilation because OCB is not supported by libressl at this time. One fix is to check that EVP_CIPH_OCB_MODE is also defined when checking openssl version

line 6496 of ext/openssl/openssl.c

 	int cipher_mode = EVP_CIPHER_mode(cipher_type);
 	memset(mode, 0, sizeof(struct php_openssl_cipher_mode));
 	switch (cipher_mode) {
-#if PHP_OPENSSL_API_VERSION >= 0x10100
+#if PHP_OPENSSL_API_VERSION >= 0x10100 && defined(EVP_CIPH_OCB_MODE)
 		case EVP_CIPH_GCM_MODE:
 		case EVP_CIPH_OCB_MODE:
 		case EVP_CIPH_CCM_MODE:

[2020-12-03 08:17 UTC] alex at ozo dot com

well, this is NOT an actual fix (from php part) but rather a workaround. the point is, that libressl is NOT fully compatible (at least on this issue) with openssl as far as features support.

I (among others) are on the libressl land, but for this to remain, libressl needs to remain a good alternative to openssl

my very humble 0,00002 cents

regards & many thanks

[2020-12-03 09:13 UTC] nikic@php.net

@brad at pocketinnovations dot com dot au: This issue should already be fixed in HEAD.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 20 02:01:29 2024 UTC