diff --git a/build/php.m4 b/build/php.m4 index d181bbeeba1d1..752c5983de4b9 100644 --- a/build/php.m4 +++ b/build/php.m4 @@ -2215,60 +2215,6 @@ AC_DEFUN([PHP_DETECT_SUNCC],[ ) ]) -dnl -dnl PHP_CRYPT_R_STYLE -dnl -dnl Detect the style of crypt_r() if any is available. -dnl See APR_CHECK_CRYPT_R_STYLE() for original version. -dnl -AC_DEFUN([PHP_CRYPT_R_STYLE], -[ - AC_CACHE_CHECK([which data struct is used by crypt_r], php_cv_crypt_r_style,[ - php_cv_crypt_r_style=none - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#define _REENTRANT 1 -#include -]], [[ -CRYPTD buffer; -crypt_r("passwd", "hash", &buffer); -]])],[php_cv_crypt_r_style=cryptd],[]) - - if test "$php_cv_crypt_r_style" = "none"; then - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#define _REENTRANT 1 -#include -]],[[ -struct crypt_data buffer; -crypt_r("passwd", "hash", &buffer); -]])],[php_cv_crypt_r_style=struct_crypt_data],[]) - fi - - if test "$php_cv_crypt_r_style" = "none"; then - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#define _REENTRANT 1 -#define _GNU_SOURCE -#include -]],[[ -struct crypt_data buffer; -crypt_r("passwd", "hash", &buffer); -]])],[php_cv_crypt_r_style=struct_crypt_data_gnu_source],[]) - fi - ]) - - if test "$php_cv_crypt_r_style" = "cryptd"; then - AC_DEFINE(CRYPT_R_CRYPTD, 1, [Define if crypt_r has uses CRYPTD]) - fi - if test "$php_cv_crypt_r_style" = "struct_crypt_data" -o "$php_cv_crypt_r_style" = "struct_crypt_data_gnu_source"; then - AC_DEFINE(CRYPT_R_STRUCT_CRYPT_DATA, 1, [Define if crypt_r uses struct crypt_data]) - fi - if test "$php_cv_crypt_r_style" = "struct_crypt_data_gnu_source"; then - AC_DEFINE(CRYPT_R_GNU_SOURCE, 1, [Define if struct crypt_data requires _GNU_SOURCE]) - fi - if test "$php_cv_crypt_r_style" = "none"; then - AC_MSG_ERROR([Unable to detect data struct used by crypt_r]) - fi -]) - dnl dnl PHP_TEST_WRITE_STDOUT dnl diff --git a/configure.ac b/configure.ac index 2a62ca6eb8071..304fa743847fc 100644 --- a/configure.ac +++ b/configure.ac @@ -377,7 +377,6 @@ netinet/in.h \ alloca.h \ arpa/inet.h \ arpa/nameser.h \ -crypt.h \ dns.h \ fcntl.h \ grp.h \ diff --git a/ext/standard/config.m4 b/ext/standard/config.m4 index 5081a6b677f22..9e3fa6e011dd7 100644 --- a/ext/standard/config.m4 +++ b/ext/standard/config.m4 @@ -51,237 +51,20 @@ if test "$ac_cv_flush_io" = "yes"; then AC_DEFINE(HAVE_FLUSHIO, 1, [Define if flush should be called explicitly after a buffered io.]) fi -PHP_CHECK_FUNC(crypt, crypt) -PHP_CHECK_FUNC(crypt_r, crypt) -if test "$ac_cv_func_crypt_r" = "yes"; then - PHP_CRYPT_R_STYLE -fi - -AC_CACHE_CHECK(for standard DES crypt, ac_cv_crypt_des,[ - AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#if HAVE_UNISTD_H -#include -#endif - -#if HAVE_CRYPT_H -#include -#endif - -#include -#include - -int main() { -#if HAVE_CRYPT - char *encrypted = crypt("rasmuslerdorf","rl"); - exit(!encrypted || strcmp(encrypted,"rl.3StKT.4T8M")); -#else - exit(1); -#endif -}]])],[ - ac_cv_crypt_des=yes -],[ - ac_cv_crypt_des=no -],[ - ac_cv_crypt_des=yes -])]) - -AC_CACHE_CHECK(for extended DES crypt, ac_cv_crypt_ext_des,[ - AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#if HAVE_UNISTD_H -#include -#endif - -#if HAVE_CRYPT_H -#include -#endif - -#include -#include - -int main() { -#if HAVE_CRYPT - char *encrypted = crypt("rasmuslerdorf","_J9..rasm"); - exit(!encrypted || strcmp(encrypted,"_J9..rasmBYk8r9AiWNc")); -#else - exit(1); -#endif -}]])],[ - ac_cv_crypt_ext_des=yes -],[ - ac_cv_crypt_ext_des=no -],[ - ac_cv_crypt_ext_des=no -])]) - -AC_CACHE_CHECK(for MD5 crypt, ac_cv_crypt_md5,[ -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#if HAVE_UNISTD_H -#include -#endif - -#if HAVE_CRYPT_H -#include -#endif - -#include -#include - -int main() { -#if HAVE_CRYPT - char salt[15], answer[40]; - char *encrypted; - - salt[0]='$'; salt[1]='1'; salt[2]='$'; - salt[3]='r'; salt[4]='a'; salt[5]='s'; - salt[6]='m'; salt[7]='u'; salt[8]='s'; - salt[9]='l'; salt[10]='e'; salt[11]='$'; - salt[12]='\0'; - strcpy(answer,salt); - strcat(answer,"rISCgZzpwk3UhDidwXvin0"); - encrypted = crypt("rasmuslerdorf",salt); - exit(!encrypted || strcmp(encrypted,answer)); -#else - exit(1); -#endif -}]])],[ - ac_cv_crypt_md5=yes -],[ - ac_cv_crypt_md5=no -],[ - ac_cv_crypt_md5=no -])]) - -AC_CACHE_CHECK(for Blowfish crypt, ac_cv_crypt_blowfish,[ -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#if HAVE_UNISTD_H -#include -#endif - -#if HAVE_CRYPT_H -#include -#endif - -#include -#include - -int main() { -#if HAVE_CRYPT - char salt[30], answer[70]; - char *encrypted; - - salt[0]='$'; salt[1]='2'; salt[2]='a'; salt[3]='$'; salt[4]='0'; salt[5]='7'; salt[6]='$'; salt[7]='\0'; - strcat(salt,"rasmuslerd............"); - strcpy(answer,salt); - strcpy(&answer[29],"nIdrcHdxcUxWomQX9j6kvERCFjTg7Ra"); - encrypted = crypt("rasmuslerdorf",salt); - exit(!encrypted || strcmp(encrypted,answer)); -#else - exit(1); -#endif -}]])],[ - ac_cv_crypt_blowfish=yes -],[ - ac_cv_crypt_blowfish=no -],[ - ac_cv_crypt_blowfish=no -])]) - -AC_CACHE_CHECK(for SHA512 crypt, ac_cv_crypt_sha512,[ -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#if HAVE_UNISTD_H -#include -#endif - -#if HAVE_CRYPT_H -#include -#endif - -#include -#include - -int main() { -#if HAVE_CRYPT - char salt[21], answer[21+86]; - char *encrypted; - - strcpy(salt,"\$6\$rasmuslerdorf\$"); - strcpy(answer, salt); - strcat(answer, "EeHCRjm0bljalWuALHSTs1NB9ipEiLEXLhYeXdOpx22gmlmVejnVXFhd84cEKbYxCo.XuUTrW.RLraeEnsvWs/"); - encrypted = crypt("rasmuslerdorf",salt); - exit(!encrypted || strcmp(encrypted,answer)); -#else - exit(1); -#endif -}]])],[ - ac_cv_crypt_sha512=yes -],[ - ac_cv_crypt_sha512=no -],[ - ac_cv_crypt_sha512=no -])]) - -AC_CACHE_CHECK(for SHA256 crypt, ac_cv_crypt_sha256,[ -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#if HAVE_UNISTD_H -#include -#endif - -#if HAVE_CRYPT_H -#include -#endif - -#include -#include - -int main() { -#if HAVE_CRYPT - char salt[21], answer[21+43]; - char *encrypted; - - strcpy(salt,"\$5\$rasmuslerdorf\$"); - strcpy(answer, salt); - strcat(answer, "cFAm2puLCujQ9t.0CxiFIIvFi4JyQx5UncCt/xRIX23"); - encrypted = crypt("rasmuslerdorf",salt); - exit(!encrypted || strcmp(encrypted,answer)); -#else - exit(1); -#endif -}]])],[ - ac_cv_crypt_sha256=yes -],[ - ac_cv_crypt_sha256=no -],[ - ac_cv_crypt_sha256=no -])]) - - dnl -dnl If one of them is missing, use our own implementation, portable code is then possible +dnl Check for __alignof__ support in the compiler dnl -dnl TODO This is currently always enabled -if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_sha512" = "no" || test "$ac_cv_crypt_sha256" = "no" || test "$ac_cv_func_crypt_r" != "yes" || true; then - - dnl - dnl Check for __alignof__ support in the compiler - dnl - AC_CACHE_CHECK(whether the compiler supports __alignof__, ac_cv_alignof_exists,[ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ - ]],[[ - int align = __alignof__(int); - ]])],[ - ac_cv_alignof_exists=yes - ],[ - ac_cv_alignof_exists=no - ])]) - if test "$ac_cv_alignof_exists" = "yes"; then - AC_DEFINE([HAVE_ALIGNOF], 1, [whether the compiler supports __alignof__]) - fi - - AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5]) - - PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c) -else - AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 0, [Whether PHP has to use its own crypt_r for blowfish, des and ext des]) +AC_CACHE_CHECK(whether the compiler supports __alignof__, ac_cv_alignof_exists,[ +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +]],[[ + int align = __alignof__(int); +]])],[ + ac_cv_alignof_exists=yes +],[ + ac_cv_alignof_exists=no +])]) +if test "$ac_cv_alignof_exists" = "yes"; then + AC_DEFINE([HAVE_ALIGNOF], 1, [whether the compiler supports __alignof__]) fi dnl @@ -466,7 +249,8 @@ PHP_NEW_EXTENSION(standard, array.c base64.c basic_functions.c browscap.c crc32. http_fopen_wrapper.c php_fopen_wrapper.c credits.c css.c \ var_unserializer.c ftok.c sha1.c user_filters.c uuencode.c \ filters.c proc_open.c streamsfuncs.c http.c password.c \ - random.c net.c hrtime.c,,, + random.c net.c hrtime.c crypt_freesec.c crypt_blowfish.c \ + crypt_sha512.c crypt_sha256.c php_crypt_r.c,,, -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1) PHP_ADD_MAKEFILE_FRAGMENT diff --git a/ext/standard/config.w32 b/ext/standard/config.w32 index a5737ea8538b8..a8f626febfa15 100644 --- a/ext/standard/config.w32 +++ b/ext/standard/config.w32 @@ -17,7 +17,6 @@ if (PHP_PASSWORD_ARGON2 != "no") { ARG_WITH("config-file-scan-dir", "Dir to check for additional php ini files", ""); AC_DEFINE("PHP_CONFIG_FILE_SCAN_DIR", PHP_CONFIG_FILE_SCAN_DIR); -AC_DEFINE("PHP_USE_PHP_CRYPT_R", 1); CHECK_HEADER_ADD_INCLUDE("timelib_config.h", "CFLAGS_STANDARD", "ext/date/lib"); diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index e592d3bf554ed..dacf1415ae189 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -18,30 +18,21 @@ */ #include +#include +#include #include "php.h" #if HAVE_UNISTD_H #include #endif -#if PHP_USE_PHP_CRYPT_R -# include "php_crypt_r.h" -# include "crypt_freesec.h" -#else -# if HAVE_CRYPT_H -# if defined(CRYPT_R_GNU_SOURCE) && !defined(_GNU_SOURCE) -# define _GNU_SOURCE -# endif -# include -# endif -#endif -#include -#include #ifdef PHP_WIN32 #include #endif +#include "php_crypt_r.h" +#include "crypt_freesec.h" #include "php_crypt.h" #include "php_random.h" @@ -61,27 +52,20 @@ PHP_MINIT_FUNCTION(crypt) /* {{{ */ REGISTER_LONG_CONSTANT("CRYPT_SHA256", 1, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("CRYPT_SHA512", 1, CONST_CS | CONST_PERSISTENT); -#if PHP_USE_PHP_CRYPT_R php_init_crypt_r(); -#endif - return SUCCESS; } /* }}} */ PHP_MSHUTDOWN_FUNCTION(crypt) /* {{{ */ { -#if PHP_USE_PHP_CRYPT_R php_shutdown_crypt_r(); -#endif - return SUCCESS; } /* }}} */ static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; -/* Encode a string of bytes as Base64 */ static void php_to64(char *s, int n) /* {{{ */ { while (--n >= 0) { @@ -100,103 +84,80 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch return NULL; } -/* Windows (win32/crypt) has a stripped down version of libxcrypt and - a CryptoApi md5_crypt implementation */ -#if PHP_USE_PHP_CRYPT_R - { - struct php_crypt_extended_data buffer; + struct php_crypt_extended_data buffer; - if (salt[0]=='$' && salt[1]=='1' && salt[2]=='$') { - char output[MD5_HASH_MAX_LEN], *out; + if (salt[0]=='$' && salt[1]=='1' && salt[2]=='$') { + char output[MD5_HASH_MAX_LEN], *out; - out = php_md5_crypt_r(password, salt, output); - if (out) { - return zend_string_init(out, strlen(out), 0); - } + out = php_md5_crypt_r(password, salt, output); + if (out) { + return zend_string_init(out, strlen(out), 0); + } + return NULL; + } else if (salt[0]=='$' && salt[1]=='6' && salt[2]=='$') { + char *output; + output = emalloc(PHP_MAX_SALT_LEN); + + crypt_res = php_sha512_crypt_r(password, salt, output, PHP_MAX_SALT_LEN); + if (!crypt_res) { + ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN); + efree(output); return NULL; - } else if (salt[0]=='$' && salt[1]=='6' && salt[2]=='$') { - char *output; - output = emalloc(PHP_MAX_SALT_LEN); - - crypt_res = php_sha512_crypt_r(password, salt, output, PHP_MAX_SALT_LEN); - if (!crypt_res) { - ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN); - efree(output); - return NULL; - } else { - result = zend_string_init(output, strlen(output), 0); - ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN); - efree(output); - return result; - } - } else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') { - char *output; - output = emalloc(PHP_MAX_SALT_LEN); - - crypt_res = php_sha256_crypt_r(password, salt, output, PHP_MAX_SALT_LEN); - if (!crypt_res) { - ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN); - efree(output); - return NULL; - } else { - result = zend_string_init(output, strlen(output), 0); - ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN); - efree(output); - return result; - } - } else if ( - salt[0] == '$' && - salt[1] == '2' && - salt[3] == '$') { - char output[PHP_MAX_SALT_LEN + 1]; - - memset(output, 0, PHP_MAX_SALT_LEN + 1); + } else { + result = zend_string_init(output, strlen(output), 0); + ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN); + efree(output); + return result; + } + } else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') { + char *output; + output = emalloc(PHP_MAX_SALT_LEN); + + crypt_res = php_sha256_crypt_r(password, salt, output, PHP_MAX_SALT_LEN); + if (!crypt_res) { + ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN); + efree(output); + return NULL; + } else { + result = zend_string_init(output, strlen(output), 0); + ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN); + efree(output); + return result; + } + } else if ( + salt[0] == '$' && + salt[1] == '2' && + salt[3] == '$') { + char output[PHP_MAX_SALT_LEN + 1]; - crypt_res = php_crypt_blowfish_rn(password, salt, output, sizeof(output)); - if (!crypt_res) { - ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN + 1); - return NULL; - } else { - result = zend_string_init(output, strlen(output), 0); - ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN + 1); - return result; - } - } else if (salt[0] == '_' - || (IS_VALID_SALT_CHARACTER(salt[0]) && IS_VALID_SALT_CHARACTER(salt[1]))) { - /* DES Fallback */ - memset(&buffer, 0, sizeof(buffer)); - _crypt_extended_init_r(); + memset(output, 0, PHP_MAX_SALT_LEN + 1); - crypt_res = _crypt_extended_r((const unsigned char *) password, salt, &buffer); - if (!crypt_res || (salt[0] == '*' && salt[1] == '0')) { - return NULL; - } else { - result = zend_string_init(crypt_res, strlen(crypt_res), 0); - return result; - } + crypt_res = php_crypt_blowfish_rn(password, salt, output, sizeof(output)); + if (!crypt_res) { + ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN + 1); + return NULL; } else { - /* Unknown hash type */ + result = zend_string_init(output, strlen(output), 0); + ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN + 1); + return result; + } + } else if (salt[0] == '_' + || (IS_VALID_SALT_CHARACTER(salt[0]) && IS_VALID_SALT_CHARACTER(salt[1]))) { + /* DES Fallback */ + memset(&buffer, 0, sizeof(buffer)); + _crypt_extended_init_r(); + + crypt_res = _crypt_extended_r((const unsigned char *) password, salt, &buffer); + if (!crypt_res || (salt[0] == '*' && salt[1] == '0')) { return NULL; + } else { + result = zend_string_init(crypt_res, strlen(crypt_res), 0); + return result; } + } else { + /* Unknown hash type */ + return NULL; } -#else - -# if defined(HAVE_CRYPT_R) && (defined(_REENTRANT) || defined(_THREAD_SAFE)) -# if defined(CRYPT_R_STRUCT_CRYPT_DATA) - struct crypt_data buffer; - memset(&buffer, 0, sizeof(buffer)); -# elif defined(CRYPT_R_CRYPTD) - CRYPTD buffer; -# else -# error Data struct used by crypt_r() is unknown. Please report. -# endif - crypt_res = crypt_r(password, salt, &buffer); -# elif defined(HAVE_CRYPT) - crypt_res = crypt(password, salt); -# else -# error No crypt() implementation -# endif -#endif if (!crypt_res || (salt[0] == '*' && salt[1] == '0')) { return NULL;