#19764 [Opn]: crypt() only generates DES results, not md5, when compiled --with-apxs2

2002-10-06 Thread php 

 ID:   19764
 User updated by:  [EMAIL PROTECTED]
 Reported By:  [EMAIL PROTECTED]
 Status:   Open
 Bug Type: *Encryption and hash functions
 Operating System: Redhat 7.3, kernel 2.4.19
 PHP Version:  4.2.3
 New Comment:

This problem has been solved.  It was an OpenSSL issue, and a fix was
committed last night to the OpenSSL tree.

This morning, I build OpenSSL-0.9.7-stable (-beta3), and the problem
went away.


Previous Comments:


[2002-10-05 19:28:01] [EMAIL PROTECTED]

Interestingly enough, when I build Apache2 with mod_ssl as a DSO, and
then disable mod_ssl in httpd.conf, the problem still occurs.  I
expected the opposite behavior.



[2002-10-05 19:07:42] [EMAIL PROTECTED]

$testsalt isn't a variable, it's part of the salt string.  $1$ tells
crypt() that this is an MD5 salt, not a 2-character DES salt.

When it works, it generates:  $1$testsalt$FJo/PhmykbF5HpI4eUR190

When it doesn't, it generates: $19JEJTylB1.M

I've just finished doing a bunch more tests of various different
situations, and it looks like it's some sort of Apache2 <-> OpenSSL
issue.  

It *only* occurs when Apache2 is compiled '--enable-ssl'. Apache2
compiled without SSL enabled works great, Apache1 works great with the
exact same versions of OpenSSL and the latest mod_ssl, and PHP
standalone works great.  I've tried various versions of OpenSSL and
Apache2, all of them exhibit this behavior.



[2002-10-05 01:27:40] [EMAIL PROTECTED]

Seems to work just fine here for me on Linux. Could you show me what
salt are you using (value of the $testsalt variable) as well as the
results that you get.




[2002-10-04 21:28:05] [EMAIL PROTECTED]

Looks like it is an OpenSSL problem, afterall.  

When I compile Apache 2.0.43 without SSL, PHP's crypt() behaves
properly.

Sorry for the bug entry.  I guess I'll go bother the OpenSSL guys.



[2002-10-04 19:36:02] [EMAIL PROTECTED]

I should note, also, that the following constants are the correct
values, too:

CRYPT_MD5 = 1
CRYPT_SALT_LENGTH = 12.

I just tried the latest CVS snapshot of 4.3.0-dev (200210040900) and I
have the same problem there.  If I configure with '--with-apxs2' I get
DES results, and if I build with '--without-apache' the standalone php
binary works fine.

I even went as far as to force configure to turn DES off, and indeed,
after compiling, CRYPT_STD_DES = 0.  Nevertheless, crypt() returned DES
results.

I will try whatever CVS snapshot of Apache2 I can get my hands on, but
this appears on the surface to be a php bug.



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/19764

-- 
Edit this bug report at http://bugs.php.net/?id=19764&edit=1

#19764 [Opn]: crypt() only generates DES results, not md5, when compiled --with-apxs2

2002-10-05 Thread php 

 ID:   19764
 User updated by:  [EMAIL PROTECTED]
 Reported By:  [EMAIL PROTECTED]
 Status:   Open
 Bug Type: *Encryption and hash functions
 Operating System: Redhat 7.3, kernel 2.4.19
 PHP Version:  4.2.3
 New Comment:

Interestingly enough, when I build Apache2 with mod_ssl as a DSO, and
then disable mod_ssl in httpd.conf, the problem still occurs.  I
expected the opposite behavior.


Previous Comments:


[2002-10-05 19:07:42] [EMAIL PROTECTED]

$testsalt isn't a variable, it's part of the salt string.  $1$ tells
crypt() that this is an MD5 salt, not a 2-character DES salt.

When it works, it generates:  $1$testsalt$FJo/PhmykbF5HpI4eUR190

When it doesn't, it generates: $19JEJTylB1.M

I've just finished doing a bunch more tests of various different
situations, and it looks like it's some sort of Apache2 <-> OpenSSL
issue.  

It *only* occurs when Apache2 is compiled '--enable-ssl'. Apache2
compiled without SSL enabled works great, Apache1 works great with the
exact same versions of OpenSSL and the latest mod_ssl, and PHP
standalone works great.  I've tried various versions of OpenSSL and
Apache2, all of them exhibit this behavior.



[2002-10-05 01:27:40] [EMAIL PROTECTED]

Seems to work just fine here for me on Linux. Could you show me what
salt are you using (value of the $testsalt variable) as well as the
results that you get.




[2002-10-04 21:28:05] [EMAIL PROTECTED]

Looks like it is an OpenSSL problem, afterall.  

When I compile Apache 2.0.43 without SSL, PHP's crypt() behaves
properly.

Sorry for the bug entry.  I guess I'll go bother the OpenSSL guys.



[2002-10-04 19:36:02] [EMAIL PROTECTED]

I should note, also, that the following constants are the correct
values, too:

CRYPT_MD5 = 1
CRYPT_SALT_LENGTH = 12.

I just tried the latest CVS snapshot of 4.3.0-dev (200210040900) and I
have the same problem there.  If I configure with '--with-apxs2' I get
DES results, and if I build with '--without-apache' the standalone php
binary works fine.

I even went as far as to force configure to turn DES off, and indeed,
after compiling, CRYPT_STD_DES = 0.  Nevertheless, crypt() returned DES
results.

I will try whatever CVS snapshot of Apache2 I can get my hands on, but
this appears on the surface to be a php bug.



[2002-10-04 19:21:24] [EMAIL PROTECTED]

I haven't tried the CVS snapshots yet, though I will shortly.  I did go
back and try php4.2.2, and the problem seems to exist there as well.

Basically, when I compile PHP standalone, or for apxs, the crypt()
function correctly returns MD5 results when it should, but when
compiled with apxs2, it does not.  Instead, it generates DES results,
regardless of what salt is given, or even if no salt is provided.

I've also tried it both with and without "--with-openssl".  It makes no
difference. 

This is with Apache 2.0.42. 

Script used:

 


Works (does MD5 correctly):

'./configure' '--enable-exif' '--with-gd' '--enable-gd-native-ttf'
'--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-freetype-dir=/usr'
'--with-ttf' '--with-mysql=/usr' '--with-zlib'
'--enable-inline-optimization' '--with-bz2' '--with-openssl'

Does not (only returns DES):

 './configure' '--enable-exif' '--with-gd' '--enable-gd-native-ttf'
'--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-freetype-dir=/usr'
'--with-ttf' '--with-apxs2' '--with-mysql=/usr' '--with-zlib'
'--enable-inline-optimization' '--with-bz2' '--with-openssl'






-- 
Edit this bug report at http://bugs.php.net/?id=19764&edit=1

#19764 [Opn]: crypt() only generates DES results, not md5, when compiled --with-apxs2

2002-10-04 Thread php 

 ID:   19764
 User updated by:  [EMAIL PROTECTED]
 Reported By:  [EMAIL PROTECTED]
 Status:   Open
 Bug Type: *Encryption and hash functions
 Operating System: Redhat 7.3, kernel 2.4.19
 PHP Version:  4.2.3
 New Comment:

Looks like it is an OpenSSL problem, afterall.  

When I compile Apache 2.0.43 without SSL, PHP's crypt() behaves
properly.

Sorry for the bug entry.  I guess I'll go bother the OpenSSL guys.


Previous Comments:


[2002-10-04 19:36:02] [EMAIL PROTECTED]

I should note, also, that the following constants are the correct
values, too:

CRYPT_MD5 = 1
CRYPT_SALT_LENGTH = 12.

I just tried the latest CVS snapshot of 4.3.0-dev (200210040900) and I
have the same problem there.  If I configure with '--with-apxs2' I get
DES results, and if I build with '--without-apache' the standalone php
binary works fine.

I even went as far as to force configure to turn DES off, and indeed,
after compiling, CRYPT_STD_DES = 0.  Nevertheless, crypt() returned DES
results.

I will try whatever CVS snapshot of Apache2 I can get my hands on, but
this appears on the surface to be a php bug.



[2002-10-04 19:21:24] [EMAIL PROTECTED]

I haven't tried the CVS snapshots yet, though I will shortly.  I did go
back and try php4.2.2, and the problem seems to exist there as well.

Basically, when I compile PHP standalone, or for apxs, the crypt()
function correctly returns MD5 results when it should, but when
compiled with apxs2, it does not.  Instead, it generates DES results,
regardless of what salt is given, or even if no salt is provided.

I've also tried it both with and without "--with-openssl".  It makes no
difference. 

This is with Apache 2.0.42. 

Script used:

 


Works (does MD5 correctly):

'./configure' '--enable-exif' '--with-gd' '--enable-gd-native-ttf'
'--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-freetype-dir=/usr'
'--with-ttf' '--with-mysql=/usr' '--with-zlib'
'--enable-inline-optimization' '--with-bz2' '--with-openssl'

Does not (only returns DES):

 './configure' '--enable-exif' '--with-gd' '--enable-gd-native-ttf'
'--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-freetype-dir=/usr'
'--with-ttf' '--with-apxs2' '--with-mysql=/usr' '--with-zlib'
'--enable-inline-optimization' '--with-bz2' '--with-openssl'






-- 
Edit this bug report at http://bugs.php.net/?id=19764&edit=1

#19764 [Opn]: crypt() only generates DES results, not md5, when compiled --with-apxs2

2002-10-04 Thread php 

 ID:   19764
 User updated by:  [EMAIL PROTECTED]
 Reported By:  [EMAIL PROTECTED]
 Status:   Open
 Bug Type: *Encryption and hash functions
 Operating System: Redhat 7.3, kernel 2.4.19
 PHP Version:  4.2.3
 New Comment:

I should note, also, that the following constants are the correct
values, too:

CRYPT_MD5 = 1
CRYPT_SALT_LENGTH = 12.

I just tried the latest CVS snapshot of 4.3.0-dev (200210040900) and I
have the same problem there.  If I configure with '--with-apxs2' I get
DES results, and if I build with '--without-apache' the standalone php
binary works fine.

I even went as far as to force configure to turn DES off, and indeed,
after compiling, CRYPT_STD_DES = 0.  Nevertheless, crypt() returned DES
results.

I will try whatever CVS snapshot of Apache2 I can get my hands on, but
this appears on the surface to be a php bug.


Previous Comments:


[2002-10-04 19:21:24] [EMAIL PROTECTED]

I haven't tried the CVS snapshots yet, though I will shortly.  I did go
back and try php4.2.2, and the problem seems to exist there as well.

Basically, when I compile PHP standalone, or for apxs, the crypt()
function correctly returns MD5 results when it should, but when
compiled with apxs2, it does not.  Instead, it generates DES results,
regardless of what salt is given, or even if no salt is provided.

I've also tried it both with and without "--with-openssl".  It makes no
difference. 

This is with Apache 2.0.42. 

Script used:

 


Works (does MD5 correctly):

'./configure' '--enable-exif' '--with-gd' '--enable-gd-native-ttf'
'--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-freetype-dir=/usr'
'--with-ttf' '--with-mysql=/usr' '--with-zlib'
'--enable-inline-optimization' '--with-bz2' '--with-openssl'

Does not (only returns DES):

 './configure' '--enable-exif' '--with-gd' '--enable-gd-native-ttf'
'--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-freetype-dir=/usr'
'--with-ttf' '--with-apxs2' '--with-mysql=/usr' '--with-zlib'
'--enable-inline-optimization' '--with-bz2' '--with-openssl'






-- 
Edit this bug report at http://bugs.php.net/?id=19764&edit=1