Red Hat Bugzilla – Bug 103735
RFE: mhash support in PHP
Last modified: 2014-03-16 22:38:30 EDT
Currently PHP is shipped without mhash support. Adding mhash support requires
adding of a libmhash rpm to the distribution and configuring PHP with --with-mhash.
The mhash source can be found at
A spec file for libmhash can be found here:
(I will add the spec file as an attachment.)
Created attachment 94199 [details]
First you must request separately for mhash to be added to the distribution.
I don't particularly support this: mhash doesn't seem to do much that OpenSSL
doesn't; you could extend the existing PHP openssl extension to achieve the same
functionality without needing extra packages, I would think.
Maybe I should take a closer look at openssl, but it doesn't look like the PHP
openssl interface currently makes it easy to use all the different encryption
algorithms that mhash supports (have a quick look at
http://mhash.sourceforge.net and the PHP4 documentation). Also it looks like the
openssl functions use keys for encryption/hashing, which are not needed by the
algorithms supported by mhash. F.e. how do I calculate an md5sum using openssl?
How would I submit a request for adding (lib)mhash support to the distro? Also
note that the library is only about 150K and PHP already has an interface to use it.
Changed product from Red Hat Linux Beta to Fedora Core 1, as it still
is an issue there.
I'd like to support this change request, with RHEL 4 release as the
We are using LDAP extensively in our organisation and plan offer
LDAP-enabled solutions to many customers. Most of available LDAP-aware
applications written in PHP use mhash PHP extension for password
hashing (among others phpLDAPadmin).
Lack of libmhash and php-mhash support in RHEL forces us to lean
towards using Suse and other distributions because for production
systems we need those packages to be _vendor-supported_, not home-made.
Adding php-mhash support would be extremely easy (the official
redhat/fedora RPM has a '--with-mhash' conditional now, see bug
111251) and it is a good time to get them included in RHEL 4 which is
is in beta phase yet.
IMO, this is an important feature for a corporate distribution since
it is significat in LDAP-based environments.
In addition, please note that almost all other distributions ship with
mhash by default: Mandrake, SuSe, Debian.
Even such a minimal system as OpenBSD, which refuses to put Midnight
Commander in its ports tree, has mhash and php-mhash in ports.
I'd like to signify the importance of this for corporate customers
using RHEL, what is the best method?
Should I open a RHEL support ticket?
That's probably best.
I've opened service request 369868 as an addition to this bug.
Please also compare bug 104211, bug 114294, bug 114295 and bug 114297.
I'd just like to give a "me too" on this one. Having mcrypt/mhash and
php-mcrypt/php-mhash in the standard FC distro would make my life a
Realistically, as mhash/mcrypt is in Extras, php-m* is unlikely to be added to core.