php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80368 OpenSSL extension fails to build against LibreSSL due to lack of OCB support
Submitted: 2020-11-14 09:01 UTC Modified: 2020-11-30 14:18 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: izorkin at elven dot pw Assigned: nikic (profile)
Status: Closed Package: OpenSSL related
PHP Version: 8.0.0RC4 OS: NixOS 20.09
Private report: No CVE-ID: None
 [2020-11-14 09:01 UTC] izorkin at elven dot pw
Description:
------------
Error build openssl extension with libressl 3.1.4
Output error:
/build/php-src-8.0.0-rc-4/ext/openssl/openssl.c: In function 'php_openssl_load_cipher_mode':
/build/php-src-8.0.0-rc-4/ext/openssl/openssl.c:6906:8: error: 'EVP_CIPH_OCB_MODE' undeclared (first use in this function); did you mean 'EVP_CIPH_OFB_MODE'?
 6906 |   case EVP_CIPH_OCB_MODE:
      |        ^~~~~~~~~~~~~~~~~
      |        EVP_CIPH_OFB_MODE
/build/php-src-8.0.0-rc-4/ext/openssl/openssl.c:6906:8: note: each undeclared identifier is reported only once for each function it appears in
/build/php-src-8.0.0-rc-4/ext/openssl/openssl.c:6914:30: error: 'EVP_CTRL_AEAD_GET_TAG' undeclared (first use in this function); did you mean 'EVP_CTRL_CCM_GET_TAG'?
 6914 |    mode->aead_get_tag_flag = EVP_CTRL_AEAD_GET_TAG;
      |                              ^~~~~~~~~~~~~~~~~~~~~
      |                              EVP_CTRL_CCM_GET_TAG
/build/php-src-8.0.0-rc-4/ext/openssl/openssl.c:6915:30: error: 'EVP_CTRL_AEAD_SET_TAG' undeclared (first use in this function); did you mean 'EVP_CTRL_GCM_SET_TAG'?
 6915 |    mode->aead_set_tag_flag = EVP_CTRL_AEAD_SET_TAG;
      |                              ^~~~~~~~~~~~~~~~~~~~~
      |                              EVP_CTRL_GCM_SET_TAG
/build/php-src-8.0.0-rc-4/ext/openssl/openssl.c:6916:28: error: 'EVP_CTRL_AEAD_SET_IVLEN' undeclared (first use in this function); did you mean 'EVP_CTRL_GCM_SET_IVLEN'?
 6916 |    mode->aead_ivlen_flag = EVP_CTRL_AEAD_SET_IVLEN;
      |                            ^~~~~~~~~~~~~~~~~~~~~~~
      |                            EVP_CTRL_GCM_SET_IVLEN
make: *** [Makefile:798: ext/openssl/openssl.lo] Error 1
make: *** Waiting for unfinished jobs....


Patches

check_SSL_OCB_support (last revision 2020-12-01 13:00 UTC by alex at ozo dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-11-14 21:10 UTC] carusogabriel@php.net
-Package: Compile Failure +Package: OpenSSL related
 [2020-11-15 13:28 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2020-11-15 13:28 UTC] cmb@php.net
Proper support for OCB mode has recently been added[1], and this
requires OpenSSL >= 1.1.  However, we're assuming that LibreSSL
>= 2.7 supports everything that OpenSSL >= 1.1 supports[2], what
is obviously not the case for EVP support for OCB mode.

[1] <https://github.com/php/php-src/pull/6337>
[2] <https://github.com/php/php-src/blob/php-8.0.0RC4/ext/openssl/php_openssl.h#L31-L35>
 [2020-11-27 09:19 UTC] alex at ozo dot com
Greetings, I am on a 32bit gentoo rolling release system with libressl-3.3.0 & gnutls-3.6.15

I got this exact error when emerging/compiling php-7.4.13


it would be cool to have a workaround solution until libressl addresses this issue
 [2020-11-27 09:45 UTC] alex at ozo dot com
I filed an libressl-portable upstream bug report about this issue here: https://github.com/libressl-portable/portable/issues/642
 [2020-11-27 09:56 UTC] nikic@php.net
-Summary: Error build with openssl extension +Summary: OpenSSL extension fails to build against LibreSSL due to lack of OCB support
 [2020-11-27 09:58 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0f579fd7c8171cb0f7ecc8db912933df450f3861
Log: Fixed bug #80368
 [2020-11-27 09:58 UTC] nikic@php.net
-Status: Verified +Status: Closed
 [2020-11-28 13:51 UTC] izorkin at elven dot pw
Patch not working:

/build/php-src-8.0.0/ext/openssl/openssl.c: In function 'php_openssl_load_cipher_mode':
/build/php-src-8.0.0/ext/openssl/openssl.c:6892:8: error: 'EVP_CIPH_OCB_MODE' undeclared (first use in this function); did you mean 'EVP_CIPH_OFB_MODE'?
 6892 |   case EVP_CIPH_OCB_MODE:
      |        ^~~~~~~~~~~~~~~~~
      |        EVP_CIPH_OFB_MODE
/build/php-src-8.0.0/ext/openssl/openssl.c:6892:8: note: each undeclared identifier is reported only once for each function it appears in
/build/php-src-8.0.0/ext/openssl/openssl.c:6900:30: error: 'EVP_CTRL_AEAD_GET_TAG' undeclared (first use in this function); did you mean 'EVP_CTRL_CCM_GET_TAG'?
 6900 |    mode->aead_get_tag_flag = EVP_CTRL_AEAD_GET_TAG;
      |                              ^~~~~~~~~~~~~~~~~~~~~
      |                              EVP_CTRL_CCM_GET_TAG
/build/php-src-8.0.0/ext/openssl/openssl.c:6901:30: error: 'EVP_CTRL_AEAD_SET_TAG' undeclared (first use in this function); did you mean 'EVP_CTRL_GCM_SET_TAG'?
 6901 |    mode->aead_set_tag_flag = EVP_CTRL_AEAD_SET_TAG;
      |                              ^~~~~~~~~~~~~~~~~~~~~
      |                              EVP_CTRL_GCM_SET_TAG
/build/php-src-8.0.0/ext/openssl/openssl.c:6902:28: error: 'EVP_CTRL_AEAD_SET_IVLEN' undeclared (first use in this function); did you mean 'EVP_CTRL_GCM_SET_IVLEN'?
 6902 |    mode->aead_ivlen_flag = EVP_CTRL_AEAD_SET_IVLEN;
      |                            ^~~~~~~~~~~~~~~~~~~~~~~
      |                            EVP_CTRL_GCM_SET_IVLEN
make: *** [Makefile:799: ext/openssl/openssl.lo] Error 1
make: *** Waiting for unfinished jobs....
 [2020-11-30 14:17 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ecee3f1209a7c0ac9f99c7f640b2f5df56656e58
Log: Next attempt to fix bug #80368
 [2020-11-30 14:18 UTC] nikic@php.net
-Assigned To: +Assigned To: nikic
 [2020-11-30 14:18 UTC] nikic@php.net
New fix applied in https://github.com/php/php-src/commit/ecee3f1209a7c0ac9f99c7f640b2f5df56656e58, hopefully this one works.
 [2020-12-01 13:00 UTC] alex at ozo dot com
The following patch has been added/updated:

Patch Name: check_SSL_OCB_support
Revision:   1606827655
URL:        https://bugs.php.net/patch-display.php?bug=80368&patch=check_SSL_OCB_support&revision=1606827655
 [2020-12-01 13:04 UTC] alex at ozo dot com
the last patch compiled fine php-7.4.13 on my 32bit gentoo-current with libressl-3.3.0 installed. I guess this patch needs also testing against a distro/openssl system
 [2020-12-04 10:43 UTC] andrej at ebert dot su
Worked for me too:

FreeBSD 12.1-STABLE r362988

php74-openssl-7.4.13_1

libressl-devel-3.2.2 & libressl-devel-3.3.0
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Mar 07 07:01:23 2021 UTC