php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #41033 Patch to enable signing with DSA keys
Submitted: 2007-04-10 00:43 UTC Modified: 2008-11-18 02:16 UTC
Votes:6
Avg. Score:4.3 ± 0.7
Reproduced:6 of 6 (100.0%)
Same Version:2 (33.3%)
Same OS:4 (66.7%)
From: gordyf at google dot com Assigned: pajoye (profile)
Status: Closed Package: Feature/Change Request
PHP Version: 5.2.1 OS: any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: gordyf at google dot com
New email:
PHP Version: OS:

 

 [2007-04-10 00:43 UTC] gordyf at google dot com 
Description:
------------
This patch enables signing and verifying signatures with DSA keys. This currently does not work because EVP_sha1() is called when signing with SHA1 hash, and EVP_dss1() must be called for DSA-SHA1 signing.  It adds the OPENSSL_ALGO_DSS1 constant which must be used with the last parameter of openssl_sign and openssl_verify when using a DSA key.

From the <a href="http://www.die.net/doc/linux/man/man3/evp_digestinit.3.html">man page</a>: "The link between digests and signing algorithms results in a situation where EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS even though they are identical digests."

Patch available <a href="http://trigse.cx/php-openssl-patch.diff">here</a>.

Reproduce code:
---------------
$key = file_get_contents("keys/dsa.privkey.pem");
$prkeyid = openssl_get_privatekey($key);
$ct = "Hello I am some text!";
openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_DSS1);
echo "Signature: ".base64_encode($signature)."<br>";

$key = file_get_contents("keys/dsa.pubkey.pem");
$pukeyid = openssl_get_publickey($key);
$valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_DSS1);
echo "Signature validity: ".$valid;

Expected result:
----------------
(After patch)
Signature: MCwCFGKwtl03QDikxpqoGMrr4+EPoZfZAhQYIl/Bhzur/CW50b3ZFf5dYig3PA==
Signature validity: 1

Actual result:
--------------
(Before patch)
Signature:
Signature validity: -1

Patches

patch1 (last revision 2011-02-17 16:34 UTC by krishnanparya2 at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-04-10 00:47 UTC] gordyf at google dot com 
It seems I shouldn't have used link tags, here they are without trailing quotes.

Man page: http://www.die.net/doc/linux/man/man3/evp_digestinit.3.html
Patch: http://trigse.cx/php-openssl-patch.diff
 [2007-04-17 18:30 UTC] gordyf at google dot com 
I notice there hasn't been any activity on this for a week -- is there any additional information that I can provide?
 [2007-04-17 19:35 UTC] pajoye@php.net 
"I notice there hasn't been any activity on this for a week -- is there
any additional information that I can provide?"

Thank you, I have all I need to apply the patch as soon as possible.
 [2008-10-14 00:16 UTC] scott dot fagg at arup dot com 
Experiencing same problem with PHP 5.2.5

Looking at openssl.c , 5.2.5 and 5.2.6 both appear to not support DSS1.
 [2008-11-04 21:48 UTC] joey dot parrish at gmail dot com 
I'd like to see this patch merged.  I'm applying it manually to my sources in 5.2.6.  It seems like an exceedingly simple task, I don't understand why it's gone undone for 18 months.  Any news?
 [2008-11-18 02:16 UTC] pajoye@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in all branches
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Dec 03 17:01:29 2024 UTC