From: Operating system: RedHat Linux PHP version: 5.3.10 Package: *Encryption and hash functions Bug Type: Bug Bug description:crypt() hangs when using Blowfish salt with SHA512 hash
Description: ------------ My hosting company recently upgraded from PHP 5.2.x to PHP 5.3.1. Using crypt() with a salt following the CRYPT_BLOWFISH format (as shown on http://ca.php.net/manual/en/function.crypt.php) the script will hang and timeout . Previous to the upgrade the function would process successfully without warning or error. A call to hash_algos() does list "Blowfish" as a registered hashing algorithm. On the documentation page for crypt(), the following note is stated: "As of PHP 5.3.0, PHP contains its own implementation and will use that if the system lacks of support for one or more of the algorithms." So rather than hanging PHP is expected to use an internal algorithm in place where Blowfish is apparently not supported on the server. This was further tested by using a sha512-formatted salt for the 2nd argument (sha512 is listed in the result provided by hash_algos()), which processes successfully. Also by calling crypt() using the Blowfish salt and attempting with the 1st argument processed using the hash() function and without - both instances cause the script to hang as well. Test script: --------------- crypt(hash("sha512","something"),'$2a$31$developer./.excellence$'); Expected result: ---------------- The expected result would be an encrypted string using an internal PHP algorithm as described within the PHP documentation for the crypt() function. Actual result: -------------- The actual result is that the script will hang until the maximum process time on the server is exceeded and the script times out, giving the following error message: [warn] mod_fcgid: stderr: PHP Fatal error: Maximum execution time of 30 seconds exceeded in [script path] on line 30 -- Edit bug report at https://bugs.php.net/bug.php?id=61098&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=61098&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=61098&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=61098&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=61098&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=61098&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=61098&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=61098&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=61098&r=needscript Try newer version: https://bugs.php.net/fix.php?id=61098&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=61098&r=support Expected behavior: https://bugs.php.net/fix.php?id=61098&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=61098&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=61098&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=61098&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=61098&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=61098&r=dst IIS Stability: https://bugs.php.net/fix.php?id=61098&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=61098&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=61098&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=61098&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=61098&r=mysqlcfg
