Edit report at http://bugs.php.net/bug.php?id=51254&edit=1
ID: 51254 Comment by: php at rapsys dot eu Reported by: ondrej at sury dot org Summary: Use internal crypt() only for algorithms needed Status: Open Type: Feature/Change Request Package: *Encryption and hash functions Operating System: Linux PHP Version: 5.3.2 Block user comment: N Private report: N New Comment: I had a poblem with this patch in debian/ubuntu packages. With this patch the build with --enable-maintainer-zts the ubuntu php5_5.3.2-1ubuntu4.7 package. The problem seems to comes from #if used instead of #ifdef and incorrectly defined strings by your patch. Here is the build log : /home/<user>/php/php5-5.3.2/ext/standard/crypt.c:150:27: error: #if with no expression /home/<user>/php/php5-5.3.2/ext/standard/crypt.c:190:27: error: #if with no expression /home/<user>/php/php5-5.3.2/ext/standard/crypt.c:201:3: warning: #warning Using system MD5 crypt function, which is OK on Debian system /home/<user>/php/php5-5.3.2/ext/standard/crypt.c:202:28: error: #if with no expression /home/<user>/php/php5-5.3.2/ext/standard/crypt.c:214:3: warning: #warning Using system SHA512 crypt function, which is OK on Debian system /home/<user>/php/php5-5.3.2/ext/standard/crypt.c:215:28: error: #if with no expression /home/<user>/php/php5-5.3.2/ext/standard/crypt.c:227:3: warning: #warning Using system SHA256 crypt function, which is OK on Debian system /home/<user>/php/php5-5.3.2/ext/standard/crypt.c:228:28: error: #if with no expression /home/<user>/php/php5-5.3.2/ext/standard/crypt.c:258:3: warning: #warning Using PHP BlowFish crypt function, which is OK on Debian system /home/<user>/php/php5-5.3.2/ext/standard/crypt.c:272:3: warning: #warning Using PHP extended DES crypt function, which is OK on Debian system /home/<user>/php/php5-5.3.2/ext/standard/crypt.c:279:3: warning: #warning Using system standard DES crypt function, which is OK on Debian system /home/<user>/php/php5-5.3.2/ext/standard/crypt.c:280:28: error: #if with no expression make[1]: *** [ext/standard/crypt.lo] Error 1 make[1]: Leaving directory `/home/<user>/php/php5-5.3.2/apache2-build' make: *** [build-apache2-stamp] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 debuild: fatal error at line 1340: dpkg-buildpackage -rfakeroot -D -us -uc failed Previous Comments: ------------------------------------------------------------------------ [2010-03-24 17:02:06] ondrej at sury dot org Hi Pierre, had a time to review this patch and provide a detailed explanation? Ondrej ------------------------------------------------------------------------ [2010-03-12 11:24:42] paj...@php.net Not sure I agree with these changes, they are not supposed to be valid. I don't have the time now to reply with a detailed explanation but we will do it asap. ------------------------------------------------------------------------ [2010-03-12 10:15:46] ondrej at sury dot org Hi, if you apply my patch, you'll need to apply the fix_crypt_unit_tests.patch, since I have fixed some routines, which you checked in those unit tests. 1. if you use '_' as a first character of the salt, but the salt is not 9 characters long => STD_DES is used. 2. if you use 00-03 or 32-39 as count in blowfish => STD_DES is used (as documented). ------------------------------------------------------------------------ [2010-03-10 08:09:46] ondrej at sury dot org Description: ------------ Attached patch changes crypt.c and accompanying m4 code so it selects only algorithms not supported by system library crypt() for candidates to use internal implementation of crypt(). It also unifies the code to one style (BF and MD5 used static output buffer, sha256,512 allocated the buffer dynamically, etc.), so it's easier to read and understand, which is needed due all #if statements there. Next it fixes some glitches in m4 code. Expected result: ---------------- Use internal implementation only for missing or buggy support for algorithm in system library crypt() function. Actual result: -------------- Internal implementation of crypt() is always selected and used(), when BF or EXT_DES is missing. (Note that due misplaced check for HAVE_CRYPT_R, it will be used even if BF and EXT_DES is present in the system.) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=51254&edit=1
