Skip to content

Always use PHP's own crypt_r implementation, don't support system crypt #5761

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Always use PHP's own crypt_r implementation, don't support system crypt #5761

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 0 additions & 54 deletions build/php.m4
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2215,60 +2215,6 @@ AC_DEFUN([PHP_DETECT_SUNCC],[
)
])

dnl
dnl PHP_CRYPT_R_STYLE
dnl
dnl Detect the style of crypt_r() if any is available.
dnl See APR_CHECK_CRYPT_R_STYLE() for original version.
dnl
AC_DEFUN([PHP_CRYPT_R_STYLE],
[
AC_CACHE_CHECK([which data struct is used by crypt_r], php_cv_crypt_r_style,[
php_cv_crypt_r_style=none
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#define _REENTRANT 1
#include <crypt.h>
]], [[
CRYPTD buffer;
crypt_r("passwd", "hash", &buffer);
]])],[php_cv_crypt_r_style=cryptd],[])

if test "$php_cv_crypt_r_style" = "none"; then
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#define _REENTRANT 1
#include <crypt.h>
]],[[
struct crypt_data buffer;
crypt_r("passwd", "hash", &buffer);
]])],[php_cv_crypt_r_style=struct_crypt_data],[])
fi

if test "$php_cv_crypt_r_style" = "none"; then
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#define _REENTRANT 1
#define _GNU_SOURCE
#include <crypt.h>
]],[[
struct crypt_data buffer;
crypt_r("passwd", "hash", &buffer);
]])],[php_cv_crypt_r_style=struct_crypt_data_gnu_source],[])
fi
])

if test "$php_cv_crypt_r_style" = "cryptd"; then
AC_DEFINE(CRYPT_R_CRYPTD, 1, [Define if crypt_r has uses CRYPTD])
fi
if test "$php_cv_crypt_r_style" = "struct_crypt_data" -o "$php_cv_crypt_r_style" = "struct_crypt_data_gnu_source"; then
AC_DEFINE(CRYPT_R_STRUCT_CRYPT_DATA, 1, [Define if crypt_r uses struct crypt_data])
fi
if test "$php_cv_crypt_r_style" = "struct_crypt_data_gnu_source"; then
AC_DEFINE(CRYPT_R_GNU_SOURCE, 1, [Define if struct crypt_data requires _GNU_SOURCE])
fi
if test "$php_cv_crypt_r_style" = "none"; then
AC_MSG_ERROR([Unable to detect data struct used by crypt_r])
fi
])

dnl
dnl PHP_TEST_WRITE_STDOUT
dnl
Expand Down
1 change: 0 additions & 1 deletion configure.ac
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -377,7 +377,6 @@ netinet/in.h \
alloca.h \
arpa/inet.h \
arpa/nameser.h \
crypt.h \
dns.h \
fcntl.h \
grp.h \
Expand Down
244 changes: 14 additions & 230 deletions ext/standard/config.m4
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,237 +51,20 @@ if test "$ac_cv_flush_io" = "yes"; then
AC_DEFINE(HAVE_FLUSHIO, 1, [Define if flush should be called explicitly after a buffered io.])
fi

PHP_CHECK_FUNC(crypt, crypt)
PHP_CHECK_FUNC(crypt_r, crypt)
if test "$ac_cv_func_crypt_r" = "yes"; then
PHP_CRYPT_R_STYLE
fi

AC_CACHE_CHECK(for standard DES crypt, ac_cv_crypt_des,[
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#if HAVE_UNISTD_H
#include <unistd.h>
#endif

#if HAVE_CRYPT_H
#include <crypt.h>
#endif

#include <stdlib.h>
#include <string.h>

int main() {
#if HAVE_CRYPT
char *encrypted = crypt("rasmuslerdorf","rl");
exit(!encrypted || strcmp(encrypted,"rl.3StKT.4T8M"));
#else
exit(1);
#endif
}]])],[
ac_cv_crypt_des=yes
],[
ac_cv_crypt_des=no
],[
ac_cv_crypt_des=yes
])])

AC_CACHE_CHECK(for extended DES crypt, ac_cv_crypt_ext_des,[
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#if HAVE_UNISTD_H
#include <unistd.h>
#endif

#if HAVE_CRYPT_H
#include <crypt.h>
#endif

#include <stdlib.h>
#include <string.h>

int main() {
#if HAVE_CRYPT
char *encrypted = crypt("rasmuslerdorf","_J9..rasm");
exit(!encrypted || strcmp(encrypted,"_J9..rasmBYk8r9AiWNc"));
#else
exit(1);
#endif
}]])],[
ac_cv_crypt_ext_des=yes
],[
ac_cv_crypt_ext_des=no
],[
ac_cv_crypt_ext_des=no
])])

AC_CACHE_CHECK(for MD5 crypt, ac_cv_crypt_md5,[
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#if HAVE_UNISTD_H
#include <unistd.h>
#endif

#if HAVE_CRYPT_H
#include <crypt.h>
#endif

#include <stdlib.h>
#include <string.h>

int main() {
#if HAVE_CRYPT
char salt[15], answer[40];
char *encrypted;

salt[0]='$'; salt[1]='1'; salt[2]='$';
salt[3]='r'; salt[4]='a'; salt[5]='s';
salt[6]='m'; salt[7]='u'; salt[8]='s';
salt[9]='l'; salt[10]='e'; salt[11]='$';
salt[12]='\0';
strcpy(answer,salt);
strcat(answer,"rISCgZzpwk3UhDidwXvin0");
encrypted = crypt("rasmuslerdorf",salt);
exit(!encrypted || strcmp(encrypted,answer));
#else
exit(1);
#endif
}]])],[
ac_cv_crypt_md5=yes
],[
ac_cv_crypt_md5=no
],[
ac_cv_crypt_md5=no
])])

AC_CACHE_CHECK(for Blowfish crypt, ac_cv_crypt_blowfish,[
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#if HAVE_UNISTD_H
#include <unistd.h>
#endif

#if HAVE_CRYPT_H
#include <crypt.h>
#endif

#include <stdlib.h>
#include <string.h>

int main() {
#if HAVE_CRYPT
char salt[30], answer[70];
char *encrypted;

salt[0]='$'; salt[1]='2'; salt[2]='a'; salt[3]='$'; salt[4]='0'; salt[5]='7'; salt[6]='$'; salt[7]='\0';
strcat(salt,"rasmuslerd............");
strcpy(answer,salt);
strcpy(&answer[29],"nIdrcHdxcUxWomQX9j6kvERCFjTg7Ra");
encrypted = crypt("rasmuslerdorf",salt);
exit(!encrypted || strcmp(encrypted,answer));
#else
exit(1);
#endif
}]])],[
ac_cv_crypt_blowfish=yes
],[
ac_cv_crypt_blowfish=no
],[
ac_cv_crypt_blowfish=no
])])

AC_CACHE_CHECK(for SHA512 crypt, ac_cv_crypt_sha512,[
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#if HAVE_UNISTD_H
#include <unistd.h>
#endif

#if HAVE_CRYPT_H
#include <crypt.h>
#endif

#include <stdlib.h>
#include <string.h>

int main() {
#if HAVE_CRYPT
char salt[21], answer[21+86];
char *encrypted;

strcpy(salt,"\$6\$rasmuslerdorf\$");
strcpy(answer, salt);
strcat(answer, "EeHCRjm0bljalWuALHSTs1NB9ipEiLEXLhYeXdOpx22gmlmVejnVXFhd84cEKbYxCo.XuUTrW.RLraeEnsvWs/");
encrypted = crypt("rasmuslerdorf",salt);
exit(!encrypted || strcmp(encrypted,answer));
#else
exit(1);
#endif
}]])],[
ac_cv_crypt_sha512=yes
],[
ac_cv_crypt_sha512=no
],[
ac_cv_crypt_sha512=no
])])

AC_CACHE_CHECK(for SHA256 crypt, ac_cv_crypt_sha256,[
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#if HAVE_UNISTD_H
#include <unistd.h>
#endif

#if HAVE_CRYPT_H
#include <crypt.h>
#endif

#include <stdlib.h>
#include <string.h>

int main() {
#if HAVE_CRYPT
char salt[21], answer[21+43];
char *encrypted;

strcpy(salt,"\$5\$rasmuslerdorf\$");
strcpy(answer, salt);
strcat(answer, "cFAm2puLCujQ9t.0CxiFIIvFi4JyQx5UncCt/xRIX23");
encrypted = crypt("rasmuslerdorf",salt);
exit(!encrypted || strcmp(encrypted,answer));
#else
exit(1);
#endif
}]])],[
ac_cv_crypt_sha256=yes
],[
ac_cv_crypt_sha256=no
],[
ac_cv_crypt_sha256=no
])])


dnl
dnl If one of them is missing, use our own implementation, portable code is then possible
dnl Check for __alignof__ support in the compiler
dnl
dnl TODO This is currently always enabled
if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_sha512" = "no" || test "$ac_cv_crypt_sha256" = "no" || test "$ac_cv_func_crypt_r" != "yes" || true; then

dnl
dnl Check for __alignof__ support in the compiler
dnl
AC_CACHE_CHECK(whether the compiler supports __alignof__, ac_cv_alignof_exists,[
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
]],[[
int align = __alignof__(int);
]])],[
ac_cv_alignof_exists=yes
],[
ac_cv_alignof_exists=no
])])
if test "$ac_cv_alignof_exists" = "yes"; then
AC_DEFINE([HAVE_ALIGNOF], 1, [whether the compiler supports __alignof__])
fi

AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5])

PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c)
else
AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 0, [Whether PHP has to use its own crypt_r for blowfish, des and ext des])
AC_CACHE_CHECK(whether the compiler supports __alignof__, ac_cv_alignof_exists,[
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
]],[[
int align = __alignof__(int);
]])],[
ac_cv_alignof_exists=yes
],[
ac_cv_alignof_exists=no
])])
if test "$ac_cv_alignof_exists" = "yes"; then
AC_DEFINE([HAVE_ALIGNOF], 1, [whether the compiler supports __alignof__])
fi

dnl
Expand Down Expand Up @@ -466,7 +249,8 @@ PHP_NEW_EXTENSION(standard, array.c base64.c basic_functions.c browscap.c crc32.
http_fopen_wrapper.c php_fopen_wrapper.c credits.c css.c \
var_unserializer.c ftok.c sha1.c user_filters.c uuencode.c \
filters.c proc_open.c streamsfuncs.c http.c password.c \
random.c net.c hrtime.c,,,
random.c net.c hrtime.c crypt_freesec.c crypt_blowfish.c \
crypt_sha512.c crypt_sha256.c php_crypt_r.c,,,
-DZEND_ENABLE_STATIC_TSRMLS_CACHE=1)

PHP_ADD_MAKEFILE_FRAGMENT
Expand Down
1 change: 0 additions & 1 deletion ext/standard/config.w32
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ if (PHP_PASSWORD_ARGON2 != "no") {
ARG_WITH("config-file-scan-dir", "Dir to check for additional php ini files", "");

AC_DEFINE("PHP_CONFIG_FILE_SCAN_DIR", PHP_CONFIG_FILE_SCAN_DIR);
AC_DEFINE("PHP_USE_PHP_CRYPT_R", 1);

CHECK_HEADER_ADD_INCLUDE("timelib_config.h", "CFLAGS_STANDARD", "ext/date/lib");

Expand Down
Loading