php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #54473 PATCH: openssl extension should also load engines
Submitted: 2011-04-05 23:39 UTC Modified: 2011-05-23 02:59 UTC
Votes:5
Avg. Score:4.6 ± 0.8
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:2 (50.0%)
From: crrodriguez at opensuse dot org Assigned: pajoye
Status: Assigned Package: OpenSSL related
PHP Version: 5.3SVN-2011-04-05 (SVN) OS: all
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2011-04-05 23:39 UTC] crrodriguez at opensuse dot org
Description:
------------
Currently openssl allows hardware engines to be used, which are usually much 
faster than the library itself, but PHP does not currently load them if available 
at Module init..

This is more important now that when openssl is used with new Intel CPUs, it can 
use AES_NI instruction sets.
  
The attached patch fixes the problem.

Test script:
---------------
--------------

Expected result:
----------------
engines loaded at MINIT

Actual result:
--------------
Not currently loaded.

Patches

OPENSSL_config (last revision 2011-04-26 18:20 UTC) by andrew at ei-grad dot ru)
load-engines (last revision 2011-04-05 21:39 UTC) by crrodriguez at opensuse dot org)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-11 10:55 UTC] cataphract@php.net
Reading the docs, it would appear ENGINE_cleanup() should be called on shutdown.
 [2011-04-26 20:13 UTC] andrew at ei-grad dot ru
Hmm... Thats seems strange for me, why do you want to load ALL engines?? A right way to solve your problem is to properly load OPENSSL config from openssl.cfg file (with a call of OPENSSL_config(NULL) function, for example), where you can specify the required engine to be used for all applications using OpenSSL.

man OPENSSL_config:

       It is strongly recommended that all new applications call
       OPENSSL_config() or the more sophisticated functions such as
       CONF_modules_load() during initialization (that is before starting any
       threads). By doing this an application does not need to keep track of
       all configuration options and some new functionality can be supported
       automatically.

Unfortunaly, for some reason, PHP openssl extension doesn't do this. That's a bug, IMHO.
 [2011-05-23 02:59 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: pajoye
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC