php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #41033 Patch to enable signing with DSA keys
Submitted: 2007-04-10 00:43 UTC Modified: 2008-11-18 02:16 UTC
Votes:6
Avg. Score:4.3 ± 0.7
Reproduced:6 of 6 (100.0%)
Same Version:2 (33.3%)
Same OS:4 (66.7%)
From: gordyf at google dot com Assigned: pajoye (profile)
Status: Closed Package: Feature/Change Request
PHP Version: 5.2.1 OS: any
Private report: No CVE-ID: None
 [2007-04-10 00:43 UTC] gordyf at google dot com
Description:
------------
This patch enables signing and verifying signatures with DSA keys. This currently does not work because EVP_sha1() is called when signing with SHA1 hash, and EVP_dss1() must be called for DSA-SHA1 signing.  It adds the OPENSSL_ALGO_DSS1 constant which must be used with the last parameter of openssl_sign and openssl_verify when using a DSA key.

From the <a href="http://www.die.net/doc/linux/man/man3/evp_digestinit.3.html">man page</a>: "The link between digests and signing algorithms results in a situation where EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS even though they are identical digests."

Patch available <a href="http://trigse.cx/php-openssl-patch.diff">here</a>.

Reproduce code:
---------------
$key = file_get_contents("keys/dsa.privkey.pem");
$prkeyid = openssl_get_privatekey($key);
$ct = "Hello I am some text!";
openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_DSS1);
echo "Signature: ".base64_encode($signature)."<br>";

$key = file_get_contents("keys/dsa.pubkey.pem");
$pukeyid = openssl_get_publickey($key);
$valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_DSS1);
echo "Signature validity: ".$valid;

Expected result:
----------------
(After patch)
Signature: MCwCFGKwtl03QDikxpqoGMrr4+EPoZfZAhQYIl/Bhzur/CW50b3ZFf5dYig3PA==
Signature validity: 1

Actual result:
--------------
(Before patch)
Signature:
Signature validity: -1

Patches

patch1 (last revision 2011-02-17 16:34 UTC by krishnanparya2 at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-04-10 00:47 UTC] gordyf at google dot com
It seems I shouldn't have used link tags, here they are without trailing quotes.

Man page: http://www.die.net/doc/linux/man/man3/evp_digestinit.3.html
Patch: http://trigse.cx/php-openssl-patch.diff
 [2007-04-17 18:30 UTC] gordyf at google dot com
I notice there hasn't been any activity on this for a week -- is there any additional information that I can provide?
 [2007-04-17 19:35 UTC] pajoye@php.net
"I notice there hasn't been any activity on this for a week -- is there
any additional information that I can provide?"

Thank you, I have all I need to apply the patch as soon as possible.
 [2008-10-14 00:16 UTC] scott dot fagg at arup dot com
Experiencing same problem with PHP 5.2.5

Looking at openssl.c , 5.2.5 and 5.2.6 both appear to not support DSS1.
 [2008-11-04 21:48 UTC] joey dot parrish at gmail dot com
I'd like to see this patch merged.  I'm applying it manually to my sources in 5.2.6.  It seems like an exceedingly simple task, I don't understand why it's gone undone for 18 months.  Any news?
 [2008-11-18 02:16 UTC] pajoye@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in all branches
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 08:01:29 2024 UTC