php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #9177 crypt problems with openssl
Submitted: 2001-02-08 14:39 UTC Modified: 2001-08-04 00:43 UTC
From: max at the-triumvirate dot net Assigned:
Status: Closed Package: *Encryption and hash functions
PHP Version: Latest CVS OS: linux 2.4.3 (rh 7.1)
Private report: No CVE-ID: None
 [2001-02-08 14:39 UTC] max at the-triumvirate dot net
MD5 crypt fails if PHP is compiled with openssl (specifically with the -lcrypto)

If the .c file comes before the libraries, gcc won't recognize MD5 crypt:

----- blah.c -----
root# cat blah.c 
#include <crypt.h>

main() {
    char salt[15], answer[40];

    salt[0]='$'; salt[1]='1'; salt[2]='$'; 
    salt[3]='r'; salt[4]='a'; salt[5]='s';
    salt[6]='m'; salt[7]='u'; salt[8]='s';
    salt[9]='l'; salt[10]='e'; salt[11]='$';
    salt[12]='\0';
    strcpy(answer,salt);
    strcat(answer,"rISCgZzpwk3UhDidwXvin0");
    printf("%s\n%s\n", (char *)crypt("rasmuslerdorf",salt), answer);
    exit (strcmp((char *)crypt("rasmuslerdorf",salt),answer));
}

---- blah.c before libraries ----
root# gcc -o blah blah.c \
  -L/usr/local/openssl/lib -lcrypto -lcrypt

root# ./blah
$1Hat1hn6A1pw
$1$rasmusle$rISCgZzpwk3UhDidwXvin0

---- blah.c after libraries -----
root# gcc -o blah \
  -L/usr/local/openssl/lib -lcrypto -lcrypt blah.c

root# ./blah
$1$rasmusle$rISCgZzpwk3UhDidwXvin0
$1$rasmusle$rISCgZzpwk3UhDidwXvin0

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-02-15 11:35 UTC] sniper@php.net
IIRC this is fixed already in CVS so please try the latest CVS snapshot 
from http://snaps.php.net/

--Jani

 [2001-02-18 16:41 UTC] sniper@php.net
My bad. It was only discussed about, not fixed..

--Jani

 [2001-04-23 03:34 UTC] sniper@php.net
Fixed in CVS.

--Jani

 [2001-04-23 19:43 UTC] max at the-triumvirate dot net
It doesn't seem like it was fixed.  From CVS checked about about 30 minutes ago, configure says:

checking for MD5 crypt... no

And a simple script that is supposed to return an md5 crypted string, returns a DES crypted string.

--BEG SCRIPT--
<?= crypt('rasmuslerdorf', '$1$rasmusle$'); ?>
--END SCRIPT--

--BEG OUTPUT--
$1Hat1hn6A1pw
--END OUTPUT--

When php is compiled without openssl, the correct output is acquired which is:

$1$rasmusle$rISCgZzpwk3UhDidwXvin0

(I hope it is alright to re-open the bug)
 [2001-05-11 19:02 UTC] sniper@php.net
Please try the latest CVS as there have been a couple
of fixes which should fix the problems with zlib you had.

--Jani

 [2001-05-12 02:39 UTC] max at the-triumvirate dot net
no luck:

# make distclean
# ./cvsclean
# cvs update -d

(upgrade libtool to 1.4)

# ./buildconf
# ../php.mod.config

-------CONFIGURE DIES-------
Configuring extensions
checking if the location of ZLIB install directory is defined... yes
checking whether to include ZLIB support... yes
checking for gzgets in -lz... no
configure: error: Zlib module requires zlib >= 1.0.9
-------CONFIGURE DIES-------

------CONFIG.LOG------
configure:8640: gcc -o conftest -g -O2   -Wl,-rpath,/usr/local/security/openssl/lib -L/usr/local/security/openssl/lib conftest.c
 -lcrypt  -lssl -lcrypto -lresolv -lm -ldl -lnsl  -lresolv 1>&5
configure:8694: checking if the location of ZLIB install directory is defined
configure:8739: checking whether to include ZLIB support
configure:8935: checking for gzgets in -lz
configure:8954: gcc -o conftest -g -O2   -Wl,-rpath,/usr/local/security/openssl/lib -L/usr/local/security/openssl/lib conftest.c
 -lz  -lcrypt -lssl -lcrypto -lresolv -lm -ldl -lnsl  -lresolv 1>&5
/usr/bin/ld: cannot find -lz
collect2: ld returned 1 exit status
configure: failed program was:
#line 8943 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error.  */
/* We use char because int might match the return type of a gcc2
    builtin and then its argument prototype would still apply.  */
char gzgets();

int main() {
gzgets()
; return 0; }
------CONFIG.LOG------

------PHP.MOD.CONFIG------
PROG_SENDMAIL=/usr/local/sbin/sendmail \
  ./configure \
    --prefix=/usr/local/services/apache-1.3.19 \
    --with-config-file-path=/usr/local/services/apache-1.3.19/conf \
    --with-apache=../apache_1.3.19 \
    --with-gnu-ld \
    --with-exec-dir=/usr/local/services/apache-1.3.19/exec \
    --with-mysql=/usr/local/services/mysql \
    --with-imap=/usr/local/devel/c-client \
    --with-imap-ssl \
    --with-openssl=/usr/local/security/openssl \
    --with-gdbm=/usr/local/devel/gdbm \
    --with-zlib=/usr/local/devel/zlib \
    --with-gd=/usr/local/devel/gd \
    --with-jpeg-dir=/usr/local/devel/jpeg \
    --with-png-dir=/usr/local/devel/png \
    --with-zlib-dir=/usr/local/devel/zlib \
    --with-gettext=/usr/local/devel/gettext \
    --with-ldap=/usr/local/services/openldap \
    --enable-sockets \
    --enable-ftp \
    --enable-url-includes
------PHP.MOD.CONFIG------

# ls /usr/local/devel/zlib/*
/usr/local/devel/zlib/include:
zconf.h  zlib.h

/usr/local/devel/zlib/lib:
libz.a
 [2001-05-23 01:43 UTC] sniper@php.net
Could you please try the PHP 4.0.6 RC1:

http://www.php.net/~andi/php-4.0.6RC1.tar.gz

--Jani

 [2001-06-20 10:59 UTC] max at the-triumvirate dot net
I just tried RC4 and configure works perfectly, however the final php binary (or module) do not support MD5 crypted strings.

CONFIGURE COMMAND:

PROG_SENDMAIL=/usr/local/sbin/sendmail \
  ./configure \
    --prefix=/usr/local/support/php-4.0.6rc4 \
    --with-config-file-path=/usr/local/support/php-4.0.6rc4/conf \
    --with-exec-dir=/usr/local/support/php-4.0.6rc4/exec \
    --with-gettext=/usr/local/devel/gettext \
    --with-mcal=/usr/local/devel/libmcal \
    --with-mysql=/usr/local/devel/mysql \
    --with-ldap=/usr/local/devel/openldap \
    --with-gdbm=/usr/local/devel/gdbm \
    --with-zlib=/usr/local/devel/zlib \
    --with-zlib-dir=/usr/local/devel/zlib \
    --with-openssl=/usr/local/security/openssl \
    --with-imap=/usr/local/devel/c-client \
    --with-imap-ssl \
    --enable-sockets \
    --enable-ftp \
    --enable-url-includes \
    --enable-discard-path

TEST SCRIPT:
<?= crypt('blah', '$1$blahblah$'); ?>

TEST SCRIPT OUTPUT:
$14z//s6g2/V2

EXPECTED OUTPUT:
$1$blahblah$U2V.EOEMhaQKxDSQ8t/Ty0
 [2001-08-04 00:43 UTC] sniper@php.net
Fixed in CVS.

--Jani

 [2002-08-15 05:41 UTC] byg at cf1 dot ru
I encounter the same problem while moving to RH7.2.
The cause was in improperly installed OpenSSL.
It should be patched to disable built-in crypt function and all will be OK. Or just use S/RPMs supplied by the vendor.
jfyi.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Jun 25 08:01:23 2021 UTC