|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2001-02-08 14:39 UTC] max at the-triumvirate dot net
MD5 crypt fails if PHP is compiled with openssl (specifically with the -lcrypto)
If the .c file comes before the libraries, gcc won't recognize MD5 crypt:
----- blah.c -----
root# cat blah.c
#include <crypt.h>
main() {
char salt[15], answer[40];
salt[0]='$'; salt[1]='1'; salt[2]='$';
salt[3]='r'; salt[4]='a'; salt[5]='s';
salt[6]='m'; salt[7]='u'; salt[8]='s';
salt[9]='l'; salt[10]='e'; salt[11]='$';
salt[12]='\0';
strcpy(answer,salt);
strcat(answer,"rISCgZzpwk3UhDidwXvin0");
printf("%s\n%s\n", (char *)crypt("rasmuslerdorf",salt), answer);
exit (strcmp((char *)crypt("rasmuslerdorf",salt),answer));
}
---- blah.c before libraries ----
root# gcc -o blah blah.c \
-L/usr/local/openssl/lib -lcrypto -lcrypt
root# ./blah
$1Hat1hn6A1pw
$1$rasmusle$rISCgZzpwk3UhDidwXvin0
---- blah.c after libraries -----
root# gcc -o blah \
-L/usr/local/openssl/lib -lcrypto -lcrypt blah.c
root# ./blah
$1$rasmusle$rISCgZzpwk3UhDidwXvin0
$1$rasmusle$rISCgZzpwk3UhDidwXvin0
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Oct 25 02:00:01 2025 UTC |
It doesn't seem like it was fixed. From CVS checked about about 30 minutes ago, configure says: checking for MD5 crypt... no And a simple script that is supposed to return an md5 crypted string, returns a DES crypted string. --BEG SCRIPT-- <?= crypt('rasmuslerdorf', '$1$rasmusle$'); ?> --END SCRIPT-- --BEG OUTPUT-- $1Hat1hn6A1pw --END OUTPUT-- When php is compiled without openssl, the correct output is acquired which is: $1$rasmusle$rISCgZzpwk3UhDidwXvin0 (I hope it is alright to re-open the bug)no luck: # make distclean # ./cvsclean # cvs update -d (upgrade libtool to 1.4) # ./buildconf # ../php.mod.config -------CONFIGURE DIES------- Configuring extensions checking if the location of ZLIB install directory is defined... yes checking whether to include ZLIB support... yes checking for gzgets in -lz... no configure: error: Zlib module requires zlib >= 1.0.9 -------CONFIGURE DIES------- ------CONFIG.LOG------ configure:8640: gcc -o conftest -g -O2 -Wl,-rpath,/usr/local/security/openssl/lib -L/usr/local/security/openssl/lib conftest.c -lcrypt -lssl -lcrypto -lresolv -lm -ldl -lnsl -lresolv 1>&5 configure:8694: checking if the location of ZLIB install directory is defined configure:8739: checking whether to include ZLIB support configure:8935: checking for gzgets in -lz configure:8954: gcc -o conftest -g -O2 -Wl,-rpath,/usr/local/security/openssl/lib -L/usr/local/security/openssl/lib conftest.c -lz -lcrypt -lssl -lcrypto -lresolv -lm -ldl -lnsl -lresolv 1>&5 /usr/bin/ld: cannot find -lz collect2: ld returned 1 exit status configure: failed program was: #line 8943 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char gzgets(); int main() { gzgets() ; return 0; } ------CONFIG.LOG------ ------PHP.MOD.CONFIG------ PROG_SENDMAIL=/usr/local/sbin/sendmail \ ./configure \ --prefix=/usr/local/services/apache-1.3.19 \ --with-config-file-path=/usr/local/services/apache-1.3.19/conf \ --with-apache=../apache_1.3.19 \ --with-gnu-ld \ --with-exec-dir=/usr/local/services/apache-1.3.19/exec \ --with-mysql=/usr/local/services/mysql \ --with-imap=/usr/local/devel/c-client \ --with-imap-ssl \ --with-openssl=/usr/local/security/openssl \ --with-gdbm=/usr/local/devel/gdbm \ --with-zlib=/usr/local/devel/zlib \ --with-gd=/usr/local/devel/gd \ --with-jpeg-dir=/usr/local/devel/jpeg \ --with-png-dir=/usr/local/devel/png \ --with-zlib-dir=/usr/local/devel/zlib \ --with-gettext=/usr/local/devel/gettext \ --with-ldap=/usr/local/services/openldap \ --enable-sockets \ --enable-ftp \ --enable-url-includes ------PHP.MOD.CONFIG------ # ls /usr/local/devel/zlib/* /usr/local/devel/zlib/include: zconf.h zlib.h /usr/local/devel/zlib/lib: libz.aI just tried RC4 and configure works perfectly, however the final php binary (or module) do not support MD5 crypted strings. CONFIGURE COMMAND: PROG_SENDMAIL=/usr/local/sbin/sendmail \ ./configure \ --prefix=/usr/local/support/php-4.0.6rc4 \ --with-config-file-path=/usr/local/support/php-4.0.6rc4/conf \ --with-exec-dir=/usr/local/support/php-4.0.6rc4/exec \ --with-gettext=/usr/local/devel/gettext \ --with-mcal=/usr/local/devel/libmcal \ --with-mysql=/usr/local/devel/mysql \ --with-ldap=/usr/local/devel/openldap \ --with-gdbm=/usr/local/devel/gdbm \ --with-zlib=/usr/local/devel/zlib \ --with-zlib-dir=/usr/local/devel/zlib \ --with-openssl=/usr/local/security/openssl \ --with-imap=/usr/local/devel/c-client \ --with-imap-ssl \ --enable-sockets \ --enable-ftp \ --enable-url-includes \ --enable-discard-path TEST SCRIPT: <?= crypt('blah', '$1$blahblah$'); ?> TEST SCRIPT OUTPUT: $14z//s6g2/V2 EXPECTED OUTPUT: $1$blahblah$U2V.EOEMhaQKxDSQ8t/Ty0