Req #51254 [Com]: Use internal crypt() only for algorithms needed

[iamguinness at gmail dot com]

Edit report at https://bugs.php.net/bug.php?id=51254&edit=1

 ID:                 51254
 Comment by:         iamguinness at gmail dot com
 Reported by:        ondrej at sury dot org
 Summary:            Use internal crypt() only for algorithms needed
 Status:             Open
 Type:               Feature/Change Request
 Package:            *Encryption and hash functions
 Operating System:   Linux
 PHP Version:        5.3.2
 Block user comment: N
 Private report:     N

 New Comment:

I was wondering if the problem that "php at rapsys dot eu" reported is going to 
be fixed. I had the same issue with a custom build on Ubuntu and had to drop 
this patch. Since it's almost three years old know, I'm just wondering if 
anyone has bothered to dig deeper into this problem. I'm afraid I don't have 
the skills to do so...


Previous Comments:
------------------------------------------------------------------------
[2011-03-28 16:37:47] ondrej at sury dot org

Hi,

the issue is little bit more complicated than adding defined() around the 
statements.  When compiling with --enable-maintainer-zts some header files are 
included in a way that crypt_r and struct crypt_data is unknown and the 
compilation fail.  Unless you are willing to dig deeper, you can just drop the 
patch for your custom build.

------------------------------------------------------------------------
[2011-03-28 15:12:41] php at rapsys dot eu

I had a poblem with this patch in debian/ubuntu packages.

With this patch the build with --enable-maintainer-zts the ubuntu 
php5_5.3.2-1ubuntu4.7 package.

The problem seems to comes from #if used instead of #ifdef and incorrectly 
defined strings by your patch.

Here is the build log :
/home/<user>/php/php5-5.3.2/ext/standard/crypt.c:150:27: error: #if with no 
expression
/home/<user>/php/php5-5.3.2/ext/standard/crypt.c:190:27: error: #if with no 
expression
/home/<user>/php/php5-5.3.2/ext/standard/crypt.c:201:3: warning: #warning 
Using system MD5 crypt function, which is OK on Debian system
/home/<user>/php/php5-5.3.2/ext/standard/crypt.c:202:28: error: #if with no 
expression
/home/<user>/php/php5-5.3.2/ext/standard/crypt.c:214:3: warning: #warning 
Using system SHA512 crypt function, which is OK on Debian system
/home/<user>/php/php5-5.3.2/ext/standard/crypt.c:215:28: error: #if with no 
expression
/home/<user>/php/php5-5.3.2/ext/standard/crypt.c:227:3: warning: #warning 
Using system SHA256 crypt function, which is OK on Debian system
/home/<user>/php/php5-5.3.2/ext/standard/crypt.c:228:28: error: #if with no 
expression
/home/<user>/php/php5-5.3.2/ext/standard/crypt.c:258:3: warning: #warning 
Using PHP BlowFish crypt function, which is OK on Debian system
/home/<user>/php/php5-5.3.2/ext/standard/crypt.c:272:3: warning: #warning 
Using PHP extended DES crypt function, which is OK on Debian system
/home/<user>/php/php5-5.3.2/ext/standard/crypt.c:279:3: warning: #warning 
Using system standard DES crypt function, which is OK on Debian system
/home/<user>/php/php5-5.3.2/ext/standard/crypt.c:280:28: error: #if with no 
expression
make[1]: *** [ext/standard/crypt.lo] Error 1
make[1]: Leaving directory `/home/<user>/php/php5-5.3.2/apache2-build'
make: *** [build-apache2-stamp] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2
debuild: fatal error at line 1340:
dpkg-buildpackage -rfakeroot -D -us -uc failed

------------------------------------------------------------------------
[2010-03-24 17:02:06] ondrej at sury dot org

Hi Pierre,

had a time to review this patch and provide a detailed explanation?

Ondrej

------------------------------------------------------------------------
[2010-03-12 11:24:42] paj...@php.net

Not sure I agree with these changes, they are not supposed to be valid. I don't 
have the time now to reply with a detailed explanation but we will do it asap.

------------------------------------------------------------------------
[2010-03-12 10:15:46] ondrej at sury dot org

Hi, if you apply my patch, you'll need to apply the fix_crypt_unit_tests.patch, 
since I have fixed some routines, which you checked in those unit tests.

1. if you use '_' as a first character of the salt, but the salt is not 9 
characters long => STD_DES is used.

2. if you use 00-03 or 32-39 as count in blowfish => STD_DES is used (as 
documented).

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=51254


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=51254&edit=1