[php-maint] Bug#572601: Bug#572601: Bug#572601: Bug#572601: Bug#572561: php5: crypt() output inconsistency between version 5.2 and 5.3

Ondřej Surý ondrej at debian.org
Tue Mar 9 22:48:43 UTC 2010

JFTR, the new crypt.c (and accompanying m4 code) is one big mess. It
works only because embedded crypt code is used every time. Which is
just reinventing wheel again and again.

So to list all those bugs I have noticed:

1. crypt_r is checked before -lcrypt is added to LIBS, so HAVE_CRYPT_R
is never defined
2. ac_cv_crypt_SHA{256,512} vs ac_cv_crypt_sha{256,512} ends with
PHP_SHA{256,512}_CRYPT is never defined.
3. if you don't have HAVE_CRYPT_R (or neither _REENTRANT nor
_THREAD_SAFE is defined) and PHP own implementation is not used ->
PHP(crypt) function does nothing at all, since call to crypt() was
dropped in 5.3.x.
4. Blowfish code accepts 00-03 and 32-39 as count, which is invalid
5. Some more minor glitches like calling extended DES init function
every time you call PHP(crypt). At least it's optimized inside this
function to be called just once. But I am not convinced that this
magic (allocating mutexes, etc.) is needed at all.

I am not going to report them individually, but as patch to use
internal implementation only for algorithms not present in system
crypt() function. But it needs a review.

Sean, Raphael, could you take a look at attached patch (also in our git).

It compiles fine (right now dpkg-buildpackage is stuck in unit tests),
and it's not very complicated, so I guess it should be OK, but since
it heavily modifies PHP(crypt) function, it would be better if it gets
a review by more eyes.

Ondřej Surý <ondrej at sury.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: php_crypt_revamped.patch
Type: text/x-patch
Size: 16149 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20100309/5f0b4c96/attachment-0001.bin>

More information about the pkg-php-maint mailing list