|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #54473 PATCH: openssl extension should also load engines
Submitted: 2011-04-05 23:39 UTC Modified: 2021-01-12 17:57 UTC
Avg. Score:4.6 ± 0.8
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:2 (50.0%)
From: crrodriguez at opensuse dot org Assigned: cmb (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.3SVN-2011-04-05 (SVN) OS: all
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: crrodriguez at opensuse dot org
New email:
PHP Version: OS:


 [2011-04-05 23:39 UTC] crrodriguez at opensuse dot org
Currently openssl allows hardware engines to be used, which are usually much 
faster than the library itself, but PHP does not currently load them if available 
at Module init..

This is more important now that when openssl is used with new Intel CPUs, it can 
use AES_NI instruction sets.
The attached patch fixes the problem.

Test script:

Expected result:
engines loaded at MINIT

Actual result:
Not currently loaded.


OPENSSL_config (last revision 2011-04-26 18:20 UTC by andrew at ei-grad dot ru)
load-engines (last revision 2011-04-05 21:39 UTC by crrodriguez at opensuse dot org)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-11 10:55 UTC]
Reading the docs, it would appear ENGINE_cleanup() should be called on shutdown.
 [2011-04-26 20:13 UTC] andrew at ei-grad dot ru
Hmm... Thats seems strange for me, why do you want to load ALL engines?? A right way to solve your problem is to properly load OPENSSL config from openssl.cfg file (with a call of OPENSSL_config(NULL) function, for example), where you can specify the required engine to be used for all applications using OpenSSL.

man OPENSSL_config:

       It is strongly recommended that all new applications call
       OPENSSL_config() or the more sophisticated functions such as
       CONF_modules_load() during initialization (that is before starting any
       threads). By doing this an application does not need to keep track of
       all configuration options and some new functionality can be supported

Unfortunaly, for some reason, PHP openssl extension doesn't do this. That's a bug, IMHO.
 [2011-05-23 02:59 UTC]
-Status: Open +Status: Assigned -Assigned To: +Assigned To: pajoye
 [2017-10-24 07:34 UTC]
-Status: Assigned +Status: Open -Assigned To: pajoye +Assigned To:
 [2021-01-12 17:57 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2021-01-12 17:57 UTC]
This is fixed[1] as of PHP 7.2.0.

[1] <>
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Jan 27 04:01:25 2021 UTC