Home Original page

OpenSSL extension fails to link with OpenSSL 0.9.6

Bug #44900 OpenSSL extension fails to link with OpenSSL 0.9.6
Submitted: 2008-05-02 23:55 UTC Modified: 2008-11-30 21:42 UTC
Votes:3
Avg. Score:4.7 ± 0.5
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:0 (0.0%)
From: jd at cpanel dot net Assigned: pajoye (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.2.6 OS: RedHat Linux AS-2
Private report: No CVE-ID: None

 [2008-05-02 23:55 UTC] jd at cpanel dot net

Description:
------------
PHP 5.2.6 introduces some memory cleanup code in the OpenSSL extension.  Unfortunately, EVP_MD_CTX_cleanup() is only available with OpenSSL 0.9.7 and higher.  openssl.c needs to verify EVP_MD_CTX_cleanup() is available...

diff -Nur php-5.2.6.orig/ext/openssl/openssl.c php-5.2.6/ext/openssl/openssl.c
--- php-5.2.6.orig/ext/openssl/openssl.c        2008-04-07 05:44:03.000000000 -0500
+++ php-5.2.6/ext/openssl/openssl.c     2008-05-02 17:11:10.000000000 -0500
@@ -3522,7 +3522,9 @@
                efree(sigbuf);
                RETVAL_FALSE;
        }
+#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
        EVP_MD_CTX_cleanup(&md_ctx);
+#endif
        if (keyresource == -1) {
                EVP_PKEY_free(pkey);
        }
@@ -3562,7 +3564,9 @@
        EVP_VerifyInit   (&md_ctx, mdtype);
        EVP_VerifyUpdate (&md_ctx, data, data_len);
        err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey);
+#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
        EVP_MD_CTX_cleanup(&md_ctx);
+#endif
 
        if (keyresource == -1) {
                EVP_PKEY_free(pkey);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2008-05-03 11:46 UTC] derick@php.net

The last 0.9.6 release was more than *four* years ago - you really should upgrade as *numerous* security fixes where made there.

 [2008-05-03 11:48 UTC] pajoye@php.net

Unless we explicitly stop to support this version, it costs nothing to apply this patch for the person running Sarge and other conservative OSes.

 [2008-05-03 11:50 UTC] pajoye@php.net

Side note: 5.3.0 will have 0.9.8g as requirement (or at the 0.9.7 if 0.9.8 is too "new").

 [2008-05-05 11:09 UTC] Bjorn dot Wiberg at its dot uu dot se

Same problem on IBM AIX 5.3:

---8<---
/../
ld: 0711-317 ERROR: Undefined symbol: .EVP_MD_CTX_cleanup
ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information.
collect2: ld returned 8 exit status
make: *** [sapi/cli/php] Error 1
--->8---

Using OpenSSL 0.9.6m from (IBM) RPM.

Best regards,
Bj?rn

 [2008-11-30 21:42 UTC] pajoye@php.net

Fixed in 5.2, 5.3+ requires a more decent version.