PHP :: Bug #9177 :: crypt problems with openssl

Bug #9177	crypt problems with openssl
Submitted:	2001-02-08 14:39 UTC	Modified:	2001-08-04 00:43 UTC
From:	max at the-triumvirate dot net	Assigned:
Status:	Closed	Package:	*Encryption and hash functions
PHP Version:	Latest CVS	OS:	linux 2.4.3 (rh 7.1)
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	max at the-triumvirate dot net
New email:
PHP Version:		OS:

New Comment:

[2001-02-08 14:39 UTC] max at the-triumvirate dot net

MD5 crypt fails if PHP is compiled with openssl (specifically with the -lcrypto)

If the .c file comes before the libraries, gcc won't recognize MD5 crypt:

----- blah.c -----
root# cat blah.c 
#include <crypt.h>

main() {
    char salt[15], answer[40];

    salt[0]='$'; salt[1]='1'; salt[2]='$'; 
    salt[3]='r'; salt[4]='a'; salt[5]='s';
    salt[6]='m'; salt[7]='u'; salt[8]='s';
    salt[9]='l'; salt[10]='e'; salt[11]='$';
    salt[12]='\0';
    strcpy(answer,salt);
    strcat(answer,"rISCgZzpwk3UhDidwXvin0");
    printf("%s\n%s\n", (char *)crypt("rasmuslerdorf",salt), answer);
    exit (strcmp((char *)crypt("rasmuslerdorf",salt),answer));
}

---- blah.c before libraries ----
root# gcc -o blah blah.c \
  -L/usr/local/openssl/lib -lcrypto -lcrypt

root# ./blah
$1Hat1hn6A1pw
$1$rasmusle$rISCgZzpwk3UhDidwXvin0

---- blah.c after libraries -----
root# gcc -o blah \
  -L/usr/local/openssl/lib -lcrypto -lcrypt blah.c

root# ./blah
$1$rasmusle$rISCgZzpwk3UhDidwXvin0
$1$rasmusle$rISCgZzpwk3UhDidwXvin0

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-02-15 11:35 UTC] sniper@php.net

IIRC this is fixed already in CVS so please try the latest CVS snapshot 
from http://snaps.php.net/

--Jani

[2001-02-18 16:41 UTC] sniper@php.net

My bad. It was only discussed about, not fixed..

--Jani

[2001-04-23 03:34 UTC] sniper@php.net

Fixed in CVS.

--Jani

[2001-04-23 19:43 UTC] max at the-triumvirate dot net

It doesn't seem like it was fixed.  From CVS checked about about 30 minutes ago, configure says:

checking for MD5 crypt... no

And a simple script that is supposed to return an md5 crypted string, returns a DES crypted string.

--BEG SCRIPT--
<?= crypt('rasmuslerdorf', '$1$rasmusle$'); ?>
--END SCRIPT--

--BEG OUTPUT--
$1Hat1hn6A1pw
--END OUTPUT--

When php is compiled without openssl, the correct output is acquired which is:

$1$rasmusle$rISCgZzpwk3UhDidwXvin0

(I hope it is alright to re-open the bug)

[2001-05-11 19:02 UTC] sniper@php.net

Please try the latest CVS as there have been a couple
of fixes which should fix the problems with zlib you had.

--Jani

[2001-05-12 02:39 UTC] max at the-triumvirate dot net

no luck:

# make distclean
# ./cvsclean
# cvs update -d

(upgrade libtool to 1.4)

# ./buildconf
# ../php.mod.config

-------CONFIGURE DIES-------
Configuring extensions
checking if the location of ZLIB install directory is defined... yes
checking whether to include ZLIB support... yes
checking for gzgets in -lz... no
configure: error: Zlib module requires zlib >= 1.0.9
-------CONFIGURE DIES-------

------CONFIG.LOG------
configure:8640: gcc -o conftest -g -O2   -Wl,-rpath,/usr/local/security/openssl/lib -L/usr/local/security/openssl/lib conftest.c
 -lcrypt  -lssl -lcrypto -lresolv -lm -ldl -lnsl  -lresolv 1>&5
configure:8694: checking if the location of ZLIB install directory is defined
configure:8739: checking whether to include ZLIB support
configure:8935: checking for gzgets in -lz
configure:8954: gcc -o conftest -g -O2   -Wl,-rpath,/usr/local/security/openssl/lib -L/usr/local/security/openssl/lib conftest.c
 -lz  -lcrypt -lssl -lcrypto -lresolv -lm -ldl -lnsl  -lresolv 1>&5
/usr/bin/ld: cannot find -lz
collect2: ld returned 1 exit status
configure: failed program was:
#line 8943 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error.  */
/* We use char because int might match the return type of a gcc2
    builtin and then its argument prototype would still apply.  */
char gzgets();

int main() {
gzgets()
; return 0; }
------CONFIG.LOG------

------PHP.MOD.CONFIG------
PROG_SENDMAIL=/usr/local/sbin/sendmail \
  ./configure \
    --prefix=/usr/local/services/apache-1.3.19 \
    --with-config-file-path=/usr/local/services/apache-1.3.19/conf \
    --with-apache=../apache_1.3.19 \
    --with-gnu-ld \
    --with-exec-dir=/usr/local/services/apache-1.3.19/exec \
    --with-mysql=/usr/local/services/mysql \
    --with-imap=/usr/local/devel/c-client \
    --with-imap-ssl \
    --with-openssl=/usr/local/security/openssl \
    --with-gdbm=/usr/local/devel/gdbm \
    --with-zlib=/usr/local/devel/zlib \
    --with-gd=/usr/local/devel/gd \
    --with-jpeg-dir=/usr/local/devel/jpeg \
    --with-png-dir=/usr/local/devel/png \
    --with-zlib-dir=/usr/local/devel/zlib \
    --with-gettext=/usr/local/devel/gettext \
    --with-ldap=/usr/local/services/openldap \
    --enable-sockets \
    --enable-ftp \
    --enable-url-includes
------PHP.MOD.CONFIG------

# ls /usr/local/devel/zlib/*
/usr/local/devel/zlib/include:
zconf.h  zlib.h

/usr/local/devel/zlib/lib:
libz.a

[2001-05-23 01:43 UTC] sniper@php.net

Could you please try the PHP 4.0.6 RC1:

http://www.php.net/~andi/php-4.0.6RC1.tar.gz

--Jani

[2001-06-20 10:59 UTC] max at the-triumvirate dot net

I just tried RC4 and configure works perfectly, however the final php binary (or module) do not support MD5 crypted strings.

CONFIGURE COMMAND:

PROG_SENDMAIL=/usr/local/sbin/sendmail \
  ./configure \
    --prefix=/usr/local/support/php-4.0.6rc4 \
    --with-config-file-path=/usr/local/support/php-4.0.6rc4/conf \
    --with-exec-dir=/usr/local/support/php-4.0.6rc4/exec \
    --with-gettext=/usr/local/devel/gettext \
    --with-mcal=/usr/local/devel/libmcal \
    --with-mysql=/usr/local/devel/mysql \
    --with-ldap=/usr/local/devel/openldap \
    --with-gdbm=/usr/local/devel/gdbm \
    --with-zlib=/usr/local/devel/zlib \
    --with-zlib-dir=/usr/local/devel/zlib \
    --with-openssl=/usr/local/security/openssl \
    --with-imap=/usr/local/devel/c-client \
    --with-imap-ssl \
    --enable-sockets \
    --enable-ftp \
    --enable-url-includes \
    --enable-discard-path

TEST SCRIPT:
<?= crypt('blah', '$1$blahblah$'); ?>

TEST SCRIPT OUTPUT:
$14z//s6g2/V2

EXPECTED OUTPUT:
$1$blahblah$U2V.EOEMhaQKxDSQ8t/Ty0

[2001-08-04 00:43 UTC] sniper@php.net

Fixed in CVS.

--Jani

[2002-08-15 05:41 UTC] byg at cf1 dot ru

I encounter the same problem while moving to RH7.2.
The cause was in improperly installed OpenSSL.
It should be patched to disable built-in crypt function and all will be OK. Or just use S/RPMs supplied by the vendor.
jfyi.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue May 06 01:01:30 2025 UTC