ID: 19764
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: *Encryption and hash functions
Operating System: Redhat 7.3, kernel 2.4.19
PHP Version: 4.2.3
New Comment:
This problem has been solved. It was an OpenSSL issue, and a fix was
committed last night to the OpenSSL tree.
This morning, I build OpenSSL-0.9.7-stable (-beta3), and the problem
went away.
Previous Comments:
------------------------------------------------------------------------
[2002-10-05 19:28:01] [EMAIL PROTECTED]
Interestingly enough, when I build Apache2 with mod_ssl as a DSO, and
then disable mod_ssl in httpd.conf, the problem still occurs. I
expected the opposite behavior.
------------------------------------------------------------------------
[2002-10-05 19:07:42] [EMAIL PROTECTED]
$testsalt isn't a variable, it's part of the salt string. $1$ tells
crypt() that this is an MD5 salt, not a 2-character DES salt.
When it works, it generates: $1$testsalt$FJo/PhmykbF5HpI4eUR190
When it doesn't, it generates: $19JEJTylB1.M
I've just finished doing a bunch more tests of various different
situations, and it looks like it's some sort of Apache2 <-> OpenSSL
issue.
It *only* occurs when Apache2 is compiled '--enable-ssl'. Apache2
compiled without SSL enabled works great, Apache1 works great with the
exact same versions of OpenSSL and the latest mod_ssl, and PHP
standalone works great. I've tried various versions of OpenSSL and
Apache2, all of them exhibit this behavior.
------------------------------------------------------------------------
[2002-10-05 01:27:40] [EMAIL PROTECTED]
Seems to work just fine here for me on Linux. Could you show me what
salt are you using (value of the $testsalt variable) as well as the
results that you get.
------------------------------------------------------------------------
[2002-10-04 21:28:05] [EMAIL PROTECTED]
Looks like it is an OpenSSL problem, afterall.
When I compile Apache 2.0.43 without SSL, PHP's crypt() behaves
properly.
Sorry for the bug entry. I guess I'll go bother the OpenSSL guys.
------------------------------------------------------------------------
[2002-10-04 19:36:02] [EMAIL PROTECTED]
I should note, also, that the following constants are the correct
values, too:
CRYPT_MD5 = 1
CRYPT_SALT_LENGTH = 12.
I just tried the latest CVS snapshot of 4.3.0-dev (200210040900) and I
have the same problem there. If I configure with '--with-apxs2' I get
DES results, and if I build with '--without-apache' the standalone php
binary works fine.
I even went as far as to force configure to turn DES off, and indeed,
after compiling, CRYPT_STD_DES = 0. Nevertheless, crypt() returned DES
results.
I will try whatever CVS snapshot of Apache2 I can get my hands on, but
this appears on the surface to be a php bug.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/19764
--
Edit this bug report at http://bugs.php.net/?id=19764&edit=1
