ID: 19764 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Feedback +Status: Open Bug Type: *Encryption and hash functions Operating System: Redhat 7.3, kernel 2.4.19 PHP Version: 4.2.3 New Comment:
$testsalt isn't a variable, it's part of the salt string. $1$ tells crypt() that this is an MD5 salt, not a 2-character DES salt. When it works, it generates: $1$testsalt$FJo/PhmykbF5HpI4eUR190 When it doesn't, it generates: $19JEJTylB1.M I've just finished doing a bunch more tests of various different situations, and it looks like it's some sort of Apache2 <-> OpenSSL issue. It *only* occurs when Apache2 is compiled '--enable-ssl'. Apache2 compiled without SSL enabled works great, Apache1 works great with the exact same versions of OpenSSL and the latest mod_ssl, and PHP standalone works great. I've tried various versions of OpenSSL and Apache2, all of them exhibit this behavior. Previous Comments: ------------------------------------------------------------------------ [2002-10-05 01:27:40] [EMAIL PROTECTED] Seems to work just fine here for me on Linux. Could you show me what salt are you using (value of the $testsalt variable) as well as the results that you get. ------------------------------------------------------------------------ [2002-10-04 21:28:05] [EMAIL PROTECTED] Looks like it is an OpenSSL problem, afterall. When I compile Apache 2.0.43 without SSL, PHP's crypt() behaves properly. Sorry for the bug entry. I guess I'll go bother the OpenSSL guys. ------------------------------------------------------------------------ [2002-10-04 19:36:02] [EMAIL PROTECTED] I should note, also, that the following constants are the correct values, too: CRYPT_MD5 = 1 CRYPT_SALT_LENGTH = 12. I just tried the latest CVS snapshot of 4.3.0-dev (200210040900) and I have the same problem there. If I configure with '--with-apxs2' I get DES results, and if I build with '--without-apache' the standalone php binary works fine. I even went as far as to force configure to turn DES off, and indeed, after compiling, CRYPT_STD_DES = 0. Nevertheless, crypt() returned DES results. I will try whatever CVS snapshot of Apache2 I can get my hands on, but this appears on the surface to be a php bug. ------------------------------------------------------------------------ [2002-10-04 19:21:24] [EMAIL PROTECTED] I haven't tried the CVS snapshots yet, though I will shortly. I did go back and try php4.2.2, and the problem seems to exist there as well. Basically, when I compile PHP standalone, or for apxs, the crypt() function correctly returns MD5 results when it should, but when compiled with apxs2, it does not. Instead, it generates DES results, regardless of what salt is given, or even if no salt is provided. I've also tried it both with and without "--with-openssl". It makes no difference. This is with Apache 2.0.42. Script used: <? echo crypt("test", '$1$testsalt'); ?> Works (does MD5 correctly): './configure' '--enable-exif' '--with-gd' '--enable-gd-native-ttf' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-freetype-dir=/usr' '--with-ttf' '--with-mysql=/usr' '--with-zlib' '--enable-inline-optimization' '--with-bz2' '--with-openssl' Does not (only returns DES): './configure' '--enable-exif' '--with-gd' '--enable-gd-native-ttf' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-freetype-dir=/usr' '--with-ttf' '--with-apxs2' '--with-mysql=/usr' '--with-zlib' '--enable-inline-optimization' '--with-bz2' '--with-openssl' ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=19764&edit=1