From: eugene at zhegan dot in Operating system: PHP version: 5.3.26 Package: OpenSSL related Bug Type: Bug Bug description:openssl module doesn't see all available ciphers
Description: ------------ Openssl doesn't see al available ciphers. In order to not get bored, please read the last part, and then, if you are still not bored, you can read following part, in order to understand how to get GOST ciphers in PHP. Missing cipher is GOST R 34.10-2001. BORING PART: I have an fresh upstream OpenSLL, which now is by default built with GOST encryption. I want to use GOST encryption (actually, I have to use it, because I'm from Russia, and FSB/KGB/God knows who is forcing to use it). OpenSSL > 1.0.0 is built with GOST encryption, but in order to actually enable it, you have to use a configuration file which mentions it. This is the first problem, still unresolved in the PHP, howevere there are several workarounds (all of the contail OPENSSL_config() call added somewhere). I have a curl from upstream built with OPENSSL_config() call, and a curl PHP module loaded before openssl module (so, no openssl modifuication is needed). NOT SO BORING PART: Why I think it's missing: Because openssl has it: /usr/local/openssl/bin/openssl ciphers aGOST01 GOST2001-GOST89-GOST89:GOST2001-NULL-GOST94 (according to its manual - "aGOST01 - cipher suites using GOST R 34.10-2001 authentication.") Curl also has it: /usr/local/curl/bin/curl --engine gost --ciphers GOST2001-GOST89-GOST89 https://google.com curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure I got a failure, but when the non-existent cipher suite is used, the error is different: /usr/local/curl/bin/curl --engine gost --ciphers GOST2001-GOST89-GOST666 https://google.com curl: (59) failed setting cipher list So, openssl has it, curl has it, but for some reason php doesn't. openssl_get_md_methods() shows a couple of GOST digest but not GOST R 34.11-94: array(30) { [0]=> string(3) "DSA" [1]=> string(7) "DSA-SHA" [2]=> string(17) "GOST 28147-89 MAC" [3]=> string(15) "GOST R 34.11-94" [4]=> string(3) "MD4" [5]=> string(3) "MD5" [6]=> string(4) "MDC2" [7]=> string(9) "RIPEMD160" [8]=> string(3) "SHA" [9]=> string(4) "SHA1" [10]=> string(6) "SHA224" [11]=> string(6) "SHA256" [12]=> string(6) "SHA384" [13]=> string(6) "SHA512" [14]=> string(13) "dsaEncryption" [15]=> string(10) "dsaWithSHA" [16]=> string(15) "ecdsa-with-SHA1" [17]=> string(8) "gost-mac" [18]=> string(3) "md4" [19]=> string(3) "md5" [20]=> string(9) "md_gost94" [21]=> string(4) "mdc2" [22]=> string(9) "ripemd160" [23]=> string(3) "sha" [24]=> string(4) "sha1" [25]=> string(6) "sha224" [26]=> string(6) "sha256" [27]=> string(6) "sha384" [28]=> string(6) "sha512" [29]=> string(9) "whirlpool" The code $encres = openssl_digest("123", "GOST R 34.11-94"); echo $encres; gives this: 5ef18489617ba2d8d2d7e0da389aaa4ff022ad01a39512a4fea1a8c45e439148 And the code: encres = openssl_digest("123", "GOST R 34.10-2001"); echo $encres; gives this: PHP Warning: openssl_digest(): Unknown signature algorithm in /home/emz/ciphers.php on line 6 Test script: --------------- <?php var_dump(openssl_get_md_methods()); var_dump(hash_algos()); $encres = openssl_digest("123", "GOST R 34.10-2001"); echo $encres; ?> Expected result: ---------------- I expect GOST R 34.10-2001 to be shown in the cipher list and openssl_digest() gives me encrypted string. Actual result: -------------- In fact, GOST R 34.10-2001 is not shown in the output of the openssl_get_md_methods(), and openssl_digest() is giving me the error: PHP Warning: openssl_digest(): Unknown signature algorithm in /home/emz/ciphers.php on line 6 -- Edit bug report at https://bugs.php.net/bug.php?id=65157&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=65157&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=65157&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=65157&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=65157&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=65157&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=65157&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=65157&r=needscript Try newer version: https://bugs.php.net/fix.php?id=65157&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=65157&r=support Expected behavior: https://bugs.php.net/fix.php?id=65157&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=65157&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=65157&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=65157&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65157&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=65157&r=dst IIS Stability: https://bugs.php.net/fix.php?id=65157&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=65157&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=65157&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=65157&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=65157&r=mysqlcfg
