Next attempt to fix bug #80368

Apparently treating LibreSSL as OpenSSL 1.1 is not just something we did in our code, it's something that upstream LibreSSL claims, despite not actually being compatible. Duh. Check for EVP_CIPH_OCB_MODE instead, which should reliably determine support...
author: Nikita Popov <nikita.ppv@gmail.com> 2020-11-30 15:15:59 +0100
committer: Nikita Popov <nikita.ppv@gmail.com> 2020-11-30 15:15:59 +0100
commit: ecee3f1209a7c0ac9f99c7f640b2f5df56656e58 (patch)
tree: e1ea101072896cc37cb6786ddb687d4463d93172
parent: 5e15c9c41f8318a8392c2e2c78544f218736549c (diff)
download: php-git-ecee3f1209a7c0ac9f99c7f640b2f5df56656e58.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index e45f76093e..52d7dbf463 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -6496,8 +6496,9 @@ static void php_openssl_load_cipher_mode(struct php_openssl_cipher_mode *mode, c
 	int cipher_mode = EVP_CIPHER_mode(cipher_type);
 	memset(mode, 0, sizeof(struct php_openssl_cipher_mode));
 	switch (cipher_mode) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-		/* Note: While OpenSSL 1.1 supports OCB mode, LibreSSL does not support it. */
+#ifdef EVP_CIPH_OCB_MODE
+		/* Since OpenSSL 1.1, all AEAD ciphers use a common framework. We check for
+		 * EVP_CIPH_OCB_MODE, because LibreSSL does not support it. */
 		case EVP_CIPH_GCM_MODE:
 		case EVP_CIPH_OCB_MODE:
 		case EVP_CIPH_CCM_MODE:
author	Nikita Popov <nikita.ppv@gmail.com>	2020-11-30 15:15:59 +0100
committer	Nikita Popov <nikita.ppv@gmail.com>	2020-11-30 15:15:59 +0100
commit	ecee3f1209a7c0ac9f99c7f640b2f5df56656e58 (patch)
tree	e1ea101072896cc37cb6786ddb687d4463d93172
parent	5e15c9c41f8318a8392c2e2c78544f218736549c (diff)
download	php-git-ecee3f1209a7c0ac9f99c7f640b2f5df56656e58.tar.gz