php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #80368
Patch check_SSL_OCB_support revision 2020-12-01 13:00 UTC by alex at ozo dot com

Patch check_SSL_OCB_support for OpenSSL related Bug #80368

Patch version 2020-12-01 13:00 UTC

Return to Bug #80368 | Download this patch
Patch Revisions:

Developer: alex@ozo.com

From ecee3f1209a7c0ac9f99c7f640b2f5df56656e58 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 30 Nov 2020 15:15:59 +0100
Subject: [PATCH] Next attempt to fix bug #80368

Apparently treating LibreSSL as OpenSSL 1.1 is not just something
we did in our code, it's something that upstream LibreSSL claims,
despite not actually being compatible. Duh.

Check for EVP_CIPH_OCB_MODE instead, which should reliably
determine support...
---
 ext/openssl/openssl.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index e45f76093e3c..52d7dbf463a2 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -6496,7 +6496,9 @@ static void php_openssl_load_cipher_mode
 	int cipher_mode = EVP_CIPHER_mode(cipher_type);
 	memset(mode, 0, sizeof(struct php_openssl_cipher_mode));
 	switch (cipher_mode) {
-#if PHP_OPENSSL_API_VERSION >= 0x10100
+/* Since OpenSSL 1.1, all AEAD ciphers use a common framework. We check for
+ * EVP_CIPH_OCB_MODE, because LibreSSL does not support it. */
+#ifdef EVP_CIPH_OCB_MODE
 		case EVP_CIPH_GCM_MODE:
 		case EVP_CIPH_OCB_MODE:
 		case EVP_CIPH_CCM_MODE:
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Mar 07 07:01:23 2021 UTC