php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #19382 openssl disables md5 crypt()
Submitted: 2002-09-12 19:06 UTC Modified: 2002-09-12 22:12 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: max at lsit dot ucsb dot edu Assigned:
Status: Not a bug Package: OpenSSL related
PHP Version: 4.2.3 OS: linux 2.4.19
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: max at lsit dot ucsb dot edu
New email:
PHP Version: OS:

 

 [2002-09-12 19:06 UTC] max at lsit dot ucsb dot edu
When compiling a cgi-sapi PHP, md5 crypt() function (although detected by configure) is disabled in the final linked php binary when openssl is used (either --with-openssl or --with-imap-ssl).  My guess is that because -lcrypt is used after -lcrypto when linking the php binary, the crypt() function is taken out of openssl and not the system.  A reordering of the libraries should fix this, although I haven't tried.

CONFIGURATION:

./configure \
  --with-imap=/usr/local/devel/c-client \
  --with-imap-ssl=/usr/local/security/openssl \
  --enable-discard-path

...

checking for standard DES crypt... (cached) yes
checking for extended DES crypt... (cached) no
checking for MD5 crypt... (cached) yes

...

SCRIPT:

<?php echo crypt('word', '$1$12345678$'); ?>

RESULT:

X-Powered-By: PHP/4.2.3
Content-type: text/html

$1uG4BAzM10Ak

...

CONFIGURATION:

./configure \
  --enable-discard-path

SCRIPT:

<?php echo crypt('word', '$1$12345678$'); ?>

RESULT:

X-Powered-By: PHP/4.2.3
Content-type: text/html

$1$12345678$yVbgM2z3.C246JEAhNVQ5/

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-09-12 22:12 UTC] sniper@php.net
Not PHP bug but bug in openssl. And they are aware of that.
Should be gone in some future release of Openssl..but you might wanna check it from them too.

 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed Jan 26 23:03:47 2022 UTC