php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79983 openssl_encrypt / openssl_decrypt fail with OCB mode
Submitted: 2020-08-16 21:06 UTC Modified: 2020-12-03 09:13 UTC
From: bizxing at web dot de Assigned: nikic (profile)
Status: Closed Package: OpenSSL related
PHP Version: Irrelevant OS: Win 10
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bizxing at web dot de
New email:
PHP Version: OS:

 

 [2020-08-16 21:06 UTC] bizxing at web dot de
Description:
------------
Although the OCB mode (authenticated encryption) is included in the list of available algorithms (e.g. [33] => aes-256-ocb) it is not properly supported. openssl_encrypt causes the error message: >The authenticated tag cannot be provided for cipher that doesn not support AEAD<. No tag is provided. However, the generated ciphertext seems to be correct. openssl_decrypt returns false. If aes-256-ocb is replaced by e.g. aes-256-gcm, it works as expected.


Test script:
---------------
//echo print_r(openssl_get_cipher_methods(), true);

$plaintext = "The quick brown fox jumps over the lazy dog";
$cipher = 'aes-256-ocb';
$key = '01234567890123456789012345678901';
$iv = '012345678901';

$ciphertext = openssl_encrypt($plaintext, $cipher, $key, OPENSSL_RAW_DATA, $iv, $tag);
echo "tag (hex): " . bin2hex($tag) . PHP_EOL ;
echo "ciphertext (hex): " . bin2hex($ciphertext) . PHP_EOL ;

$recovered = openssl_decrypt($ciphertext, $cipher, $key, OPENSSL_RAW_DATA, $iv, $tag);
echo "recovered: " . ($recovered == false ? 'false' : $recovered) . PHP_EOL ;


Expected result:
----------------
For the OCB mode, analogous to the GCM/CCM mode, a tag should be generated during encryption (6th parameter, $tag), which is used for authentication during decryption. 

Actual result:
--------------
See description / test script

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-10-14 10:34 UTC] nikic@php.net
-Status: Open +Status: Verified
 [2020-10-14 10:46 UTC] nikic@php.net
Ah, looks like OCB support was only added in OpenSSL 1.1, and now there are also generic controls like EVP_CTRL_AEAD_SET_TAG, rather then cipher-specific ones.

https://www.openssl.org/docs/man1.1.0/man3/EVP_CIPHER_CTX_ctrl.html
 [2020-10-14 13:59 UTC] nikic@php.net
-Assigned To: +Assigned To: nikic
 [2020-10-14 14:11 UTC] nikic@php.net
The following pull request has been associated:

Patch Name: Add support for OCB mode in OpenSSL
On GitHub:  https://github.com/php/php-src/pull/6337
Patch:      https://github.com/php/php-src/pull/6337.patch
 [2020-10-19 09:10 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=750a74ed9c8061681dba26ffc779c81b391b7718
Log: Fix bug #79983: Add support for OCB mode
 [2020-10-19 09:10 UTC] nikic@php.net
-Status: Verified +Status: Closed
 [2020-12-03 00:30 UTC] brad at pocketinnovations dot com dot au
This patch breaks libressl compilation because OCB is not supported by libressl at this time. One fix is to check that EVP_CIPH_OCB_MODE is also defined when checking openssl version

line 6496 of ext/openssl/openssl.c

 	int cipher_mode = EVP_CIPHER_mode(cipher_type);
 	memset(mode, 0, sizeof(struct php_openssl_cipher_mode));
 	switch (cipher_mode) {
-#if PHP_OPENSSL_API_VERSION >= 0x10100
+#if PHP_OPENSSL_API_VERSION >= 0x10100 && defined(EVP_CIPH_OCB_MODE)
 		case EVP_CIPH_GCM_MODE:
 		case EVP_CIPH_OCB_MODE:
 		case EVP_CIPH_CCM_MODE:
 [2020-12-03 08:17 UTC] alex at ozo dot com
well, this is NOT an actual fix (from php part) but rather a workaround. the point is, that libressl is NOT fully compatible (at least on this issue) with openssl as far as features support.

I (among others) are on the libressl land, but for this to remain, libressl needs to remain a good alternative to openssl

my very humble 0,00002 cents

regards & many thanks
 [2020-12-03 09:13 UTC] nikic@php.net
@brad at pocketinnovations dot com dot au: This issue should already be fixed in HEAD.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Oct 05 01:01:30 2024 UTC