PHP :: Bug #80368 :: OpenSSL extension fails to build against LibreSSL due to lack of OCB support

Bug #80368

OpenSSL extension fails to build against LibreSSL due to lack of OCB support

Submitted:

2020-11-14 09:01 UTC

Modified:

2020-11-30 14:18 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	0 (0.0%)

From:

izorkin at elven dot pw

Assigned:

nikic (profile)

Status:

Closed

Package:

OpenSSL related

PHP Version:

8.0.0RC4

OS:

NixOS 20.09

Private report:

CVE-ID:

None

View Developer Edit

[2020-11-14 09:01 UTC] izorkin at elven dot pw

Description:
------------
Error build openssl extension with libressl 3.1.4
Output error:
/build/php-src-8.0.0-rc-4/ext/openssl/openssl.c: In function 'php_openssl_load_cipher_mode':
/build/php-src-8.0.0-rc-4/ext/openssl/openssl.c:6906:8: error: 'EVP_CIPH_OCB_MODE' undeclared (first use in this function); did you mean 'EVP_CIPH_OFB_MODE'?
 6906 |   case EVP_CIPH_OCB_MODE:
      |        ^~~~~~~~~~~~~~~~~
      |        EVP_CIPH_OFB_MODE
/build/php-src-8.0.0-rc-4/ext/openssl/openssl.c:6906:8: note: each undeclared identifier is reported only once for each function it appears in
/build/php-src-8.0.0-rc-4/ext/openssl/openssl.c:6914:30: error: 'EVP_CTRL_AEAD_GET_TAG' undeclared (first use in this function); did you mean 'EVP_CTRL_CCM_GET_TAG'?
 6914 |    mode->aead_get_tag_flag = EVP_CTRL_AEAD_GET_TAG;
      |                              ^~~~~~~~~~~~~~~~~~~~~
      |                              EVP_CTRL_CCM_GET_TAG
/build/php-src-8.0.0-rc-4/ext/openssl/openssl.c:6915:30: error: 'EVP_CTRL_AEAD_SET_TAG' undeclared (first use in this function); did you mean 'EVP_CTRL_GCM_SET_TAG'?
 6915 |    mode->aead_set_tag_flag = EVP_CTRL_AEAD_SET_TAG;
      |                              ^~~~~~~~~~~~~~~~~~~~~
      |                              EVP_CTRL_GCM_SET_TAG
/build/php-src-8.0.0-rc-4/ext/openssl/openssl.c:6916:28: error: 'EVP_CTRL_AEAD_SET_IVLEN' undeclared (first use in this function); did you mean 'EVP_CTRL_GCM_SET_IVLEN'?
 6916 |    mode->aead_ivlen_flag = EVP_CTRL_AEAD_SET_IVLEN;
      |                            ^~~~~~~~~~~~~~~~~~~~~~~
      |                            EVP_CTRL_GCM_SET_IVLEN
make: *** [Makefile:798: ext/openssl/openssl.lo] Error 1
make: *** Waiting for unfinished jobs....

Patches

check_SSL_OCB_support (last revision 2020-12-01 13:00 UTC by alex at ozo dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-11-14 21:10 UTC] carusogabriel@php.net

-Package: Compile Failure +Package: OpenSSL related

[2020-11-15 13:28 UTC] cmb@php.net

-Status: Open +Status: Verified

[2020-11-15 13:28 UTC] cmb@php.net

Proper support for OCB mode has recently been added[1], and this
requires OpenSSL >= 1.1.  However, we're assuming that LibreSSL
>= 2.7 supports everything that OpenSSL >= 1.1 supports[2], what
is obviously not the case for EVP support for OCB mode.

[1] <https://github.com/php/php-src/pull/6337>
[2] <https://github.com/php/php-src/blob/php-8.0.0RC4/ext/openssl/php_openssl.h#L31-L35>

[2020-11-27 09:19 UTC] alex at ozo dot com

Greetings, I am on a 32bit gentoo rolling release system with libressl-3.3.0 & gnutls-3.6.15

I got this exact error when emerging/compiling php-7.4.13


it would be cool to have a workaround solution until libressl addresses this issue

[2020-11-27 09:45 UTC] alex at ozo dot com

I filed an libressl-portable upstream bug report about this issue here: https://github.com/libressl-portable/portable/issues/642

[2020-11-27 09:56 UTC] nikic@php.net

-Summary: Error build with openssl extension +Summary: OpenSSL extension fails to build against LibreSSL due to lack of OCB support

[2020-11-27 09:58 UTC] nikic@php.net

Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0f579fd7c8171cb0f7ecc8db912933df450f3861
Log: Fixed bug #80368

[2020-11-27 09:58 UTC] nikic@php.net

-Status: Verified +Status: Closed

[2020-11-28 13:51 UTC] izorkin at elven dot pw

Patch not working:

/build/php-src-8.0.0/ext/openssl/openssl.c: In function 'php_openssl_load_cipher_mode':
/build/php-src-8.0.0/ext/openssl/openssl.c:6892:8: error: 'EVP_CIPH_OCB_MODE' undeclared (first use in this function); did you mean 'EVP_CIPH_OFB_MODE'?
 6892 |   case EVP_CIPH_OCB_MODE:
      |        ^~~~~~~~~~~~~~~~~
      |        EVP_CIPH_OFB_MODE
/build/php-src-8.0.0/ext/openssl/openssl.c:6892:8: note: each undeclared identifier is reported only once for each function it appears in
/build/php-src-8.0.0/ext/openssl/openssl.c:6900:30: error: 'EVP_CTRL_AEAD_GET_TAG' undeclared (first use in this function); did you mean 'EVP_CTRL_CCM_GET_TAG'?
 6900 |    mode->aead_get_tag_flag = EVP_CTRL_AEAD_GET_TAG;
      |                              ^~~~~~~~~~~~~~~~~~~~~
      |                              EVP_CTRL_CCM_GET_TAG
/build/php-src-8.0.0/ext/openssl/openssl.c:6901:30: error: 'EVP_CTRL_AEAD_SET_TAG' undeclared (first use in this function); did you mean 'EVP_CTRL_GCM_SET_TAG'?
 6901 |    mode->aead_set_tag_flag = EVP_CTRL_AEAD_SET_TAG;
      |                              ^~~~~~~~~~~~~~~~~~~~~
      |                              EVP_CTRL_GCM_SET_TAG
/build/php-src-8.0.0/ext/openssl/openssl.c:6902:28: error: 'EVP_CTRL_AEAD_SET_IVLEN' undeclared (first use in this function); did you mean 'EVP_CTRL_GCM_SET_IVLEN'?
 6902 |    mode->aead_ivlen_flag = EVP_CTRL_AEAD_SET_IVLEN;
      |                            ^~~~~~~~~~~~~~~~~~~~~~~
      |                            EVP_CTRL_GCM_SET_IVLEN
make: *** [Makefile:799: ext/openssl/openssl.lo] Error 1
make: *** Waiting for unfinished jobs....

[2020-11-30 14:17 UTC] nikic@php.net

Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ecee3f1209a7c0ac9f99c7f640b2f5df56656e58
Log: Next attempt to fix bug #80368

[2020-11-30 14:18 UTC] nikic@php.net

-Assigned To: +Assigned To: nikic

[2020-11-30 14:18 UTC] nikic@php.net

New fix applied in https://github.com/php/php-src/commit/ecee3f1209a7c0ac9f99c7f640b2f5df56656e58, hopefully this one works.

[2020-12-01 13:00 UTC] alex at ozo dot com

The following patch has been added/updated:

Patch Name: check_SSL_OCB_support
Revision:   1606827655
URL:        https://bugs.php.net/patch-display.php?bug=80368&patch=check_SSL_OCB_support&revision=1606827655

[2020-12-01 13:04 UTC] alex at ozo dot com

the last patch compiled fine php-7.4.13 on my 32bit gentoo-current with libressl-3.3.0 installed. I guess this patch needs also testing against a distro/openssl system

[2020-12-04 10:43 UTC] andrej at ebert dot su

Worked for me too:

FreeBSD 12.1-STABLE r362988

php74-openssl-7.4.13_1

libressl-devel-3.2.2 & libressl-devel-3.3.0

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 10:01:29 2024 UTC