|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #54473 PATCH: openssl extension should also load engines
Submitted: 2011-04-05 23:39 UTC Modified: 2021-01-12 17:57 UTC
Avg. Score:4.6 ± 0.8
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:2 (50.0%)
From: crrodriguez at opensuse dot org Assigned: cmb (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.3SVN-2011-04-05 (SVN) OS: all
Private report: No CVE-ID: None
 [2011-04-05 23:39 UTC] crrodriguez at opensuse dot org
Currently openssl allows hardware engines to be used, which are usually much 
faster than the library itself, but PHP does not currently load them if available 
at Module init..

This is more important now that when openssl is used with new Intel CPUs, it can 
use AES_NI instruction sets.
The attached patch fixes the problem.

Test script:

Expected result:
engines loaded at MINIT

Actual result:
Not currently loaded.


OPENSSL_config (last revision 2011-04-26 18:20 UTC by andrew at ei-grad dot ru)
load-engines (last revision 2011-04-05 21:39 UTC by crrodriguez at opensuse dot org)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-11 10:55 UTC]
Reading the docs, it would appear ENGINE_cleanup() should be called on shutdown.
 [2011-04-26 20:13 UTC] andrew at ei-grad dot ru
Hmm... Thats seems strange for me, why do you want to load ALL engines?? A right way to solve your problem is to properly load OPENSSL config from openssl.cfg file (with a call of OPENSSL_config(NULL) function, for example), where you can specify the required engine to be used for all applications using OpenSSL.

man OPENSSL_config:

       It is strongly recommended that all new applications call
       OPENSSL_config() or the more sophisticated functions such as
       CONF_modules_load() during initialization (that is before starting any
       threads). By doing this an application does not need to keep track of
       all configuration options and some new functionality can be supported

Unfortunaly, for some reason, PHP openssl extension doesn't do this. That's a bug, IMHO.
 [2011-05-23 02:59 UTC]
-Status: Open +Status: Assigned -Assigned To: +Assigned To: pajoye
 [2017-10-24 07:34 UTC]
-Status: Assigned +Status: Open -Assigned To: pajoye +Assigned To:
 [2021-01-12 17:57 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2021-01-12 17:57 UTC]
This is fixed[1] as of PHP 7.2.0.

[1] <>
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Jan 26 22:01:26 2021 UTC