PHP :: Bug #74335 :: digest_alg configarg for openssl_csr

Bug #74335	digest_alg configarg for openssl_csr_sign has no effect
Submitted:	2017-03-29 15:02 UTC	Modified:	2017-03-29 16:01 UTC
From:	jmaguire at duo dot com	Assigned:
Status:	Not a bug	Package:	OpenSSL related
PHP Version:	7.1.3	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jmaguire at duo dot com
New email:
PHP Version:		OS:

New Comment:

[2017-03-29 15:02 UTC] jmaguire at duo dot com

Description:
------------
The docs here (https://secure.php.net/openssl_csr_new) suggest that passing an array that contains "digest_alg" pointing to an algorithm (such as "sha256") will use the given signature algorithm. However, it has no effect.

Modifying the openssl.conf and setting "default_md" to "sha256" under the "[req]" header achieves the desired result.

Test script:
---------------
<?php

$privKey = openssl_pkey_new();
$csr = openssl_csr_new([
    'countryName' => 'US',
    'stateOrProvinceName' => 'MI',
    'localityName' => 'Ann Arbor',
    'organizationName' => 'Duo',
    'commonName' => 'localhost',
    'emailAddress' => 'jmaguire@duo.com'
], $privKey, ['digest_alg' => 'sha256']);
$ssCert = openssl_csr_sign($csr, null, $privKey, 30);

openssl_pkey_export($privKey, $contents);
file_put_contents('private.key', $contents);

openssl_x509_export($ssCert, $contents);
file_put_contents('public.crt', $contents);

Expected result:
----------------
Expect Signature Algorithm from openssl x509 to read "sha256WithRSAEncryption".

Actual result:
--------------
-> % openssl x509 -noout -text -in public.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C = US, ST = MI, L = Ann Arbor, O = Duo, CN = localhost, emailAddress = jmaguire@duo.com
        Validity
            Not Before: Mar 29 14:56:56 2017 GMT
            Not After : Apr 28 14:56:56 2017 GMT
        Subject: C = US, ST = MI, L = Ann Arbor, O = Duo, CN = localhost, emailAddress = jmaguire@duo.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:cb:96:06:b8:72:36:8e:c7:88:89:d9:40:50:9d:
                    bf:27:07:9b:a3:54:85:54:eb:45:52:5a:8a:f0:b3:
                    22:85:14:51:55:18:0a:fb:a1:cd:93:a1:bf:94:4a:
                    fa:60:08:c0:98:ce:96:b5:e7:9f:ff:da:c4:3a:25:
                    a9:5e:5f:9b:ad:8d:fc:4f:47:16:c8:27:d2:df:96:
                    5f:d4:65:08:39:61:15:1b:c0:c6:ad:85:98:88:98:
                    67:c1:2c:d3:1d:ee:dd:82:3e:8d:9e:9e:17:98:9a:
                    f6:db:d7:34:f0:21:11:d4:40:a8:57:e0:de:c6:d7:
                    64:e2:d6:c5:d0:8f:dd:b0:0b:9e:55:70:b1:11:ab:
                    c0:4e:df:5e:7d:14:e5:b6:d9:36:03:65:62:be:a8:
                    bf:fd:ac:9b:b6:d5:50:e7:bc:0e:5a:0e:d8:f3:89:
                    7b:ed:aa:57:33:40:6c:95:cf:a5:22:01:59:43:be:
                    ff:bb:9a:e6:01:63:ba:f6:42:04:b7:6a:f9:c2:e0:
                    8e:f8:82:f9:5a:21:5d:fe:ae:e2:61:83:e2:f4:3b:
                    b9:82:d3:4c:ab:c5:83:c6:f4:53:93:1b:52:63:2c:
                    d4:5e:bb:00:92:67:91:51:34:be:50:30:a4:8d:f3:
                    3e:6e:e2:49:48:e0:44:8e:c6:1c:6b:11:e3:38:56:
                    aa:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:B1:AB:14:8F:C5:B0:9C:54:B6:11:9E:42:15:87:AD:48:E8:29:A2
            X509v3 Authority Key Identifier:
                keyid:2F:B1:AB:14:8F:C5:B0:9C:54:B6:11:9E:42:15:87:AD:48:E8:29:A2

            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
         51:49:f3:70:5a:55:32:e3:46:f8:af:1f:fc:54:cd:22:ac:85:
         9b:9e:87:67:36:9c:7b:ac:70:cd:ae:8e:33:ce:29:94:fe:af:
         1b:4d:5e:8a:53:65:d2:a9:1b:21:84:54:fd:b5:16:ca:54:aa:
         3c:3b:00:14:dc:53:d9:33:b1:5c:b9:aa:c9:5f:40:a2:e6:ce:
         c4:b2:5c:ec:e2:cb:58:48:8e:0e:8e:c0:c9:03:92:c8:2f:be:
         8a:84:f7:90:4e:87:43:58:30:43:8d:84:c6:48:4d:2f:4d:c8:
         67:ee:a1:fc:97:e9:dc:10:c2:ea:fc:ff:2c:30:28:79:01:33:
         7e:13:ec:05:d6:93:84:96:3d:ad:e9:8a:a3:07:2e:9d:18:69:
         77:c7:f3:9c:1b:54:a9:e7:f6:74:00:27:9d:30:a8:4e:57:0b:
         0e:20:a1:56:e5:37:b9:d7:2c:6c:65:5d:e0:ae:83:6f:36:f4:
         62:fb:1c:4d:ae:db:5e:ba:03:50:13:df:c2:e9:a9:26:f2:f7:
         b5:a7:4f:ed:7b:fb:1a:52:45:da:83:a8:14:0f:55:a5:93:bb:
         cf:2d:cb:4a:23:63:d2:38:45:f1:ab:eb:2b:01:0d:2d:fe:36:
         10:27:4c:6a:13:79:42:70:30:ce:74:39:e3:86:7b:26:04:09:
         b1:bd:12:a1

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-03-29 15:10 UTC] jmaguire at duo dot com

PHP 5.6.17-3 (cli) exhibits the same behavior.

[2017-03-29 15:29 UTC] requinix@php.net

-Status: Open +Status: Feedback

[2017-03-29 15:29 UTC] requinix@php.net

Does openssl_error_string() return anything? Note you should call it multiple times, like

while ($msg = openssl_error_string())
    echo $msg . "<br />\n";

[2017-03-29 15:37 UTC] daverandom@php.net

The issue is that openssl_csr_sign() is not using the value defined in the CSR created with openssl_csr_new().

If you pass the ['digest_alg' => 'whatever'] config arg directly to openssl_csr_sign() then it works as expected.

[2017-03-29 15:45 UTC] daverandom@php.net

Thinking about it I'm not sure it actually makes sense to specify the algorithm at the point of creating a new CSR, surely that's up to the signing CA to determine? 

When exported, a CSR does not (afaik?) contain this information, so logically it doesn't make sense to specify it here.

If what I said there ^ is correct (it may not be), I think this is a documentation issue more than anything else.

[2017-03-29 15:53 UTC] daverandom@php.net

https://security.stackexchange.com/a/67235/41073

tl;dr specifying digest_alg at openssl_csr_new() does not specify what should be used when signing the certificate, rather what should be used when signing the CSR itself.

Props to leigh for finding this.

[2017-03-29 15:56 UTC] kelunik@php.net

Your bug title says "openssl_csr_sign" doesn't obey "digest_alg", but you pass "digest_alg" to "openssl_csr_new" instead. It works fine if you pass the option to "openssl_csr_sign".

Unfortunately, the documentation just mentions all options for each and every function, while only some apply to each.

[2017-03-29 15:59 UTC] jmaguire at duo dot com

-Status: Feedback +Status: Closed

[2017-03-29 15:59 UTC] jmaguire at duo dot com

Sorry for the foolishness, and thanks all for the help.

[2017-03-29 16:01 UTC] daverandom@php.net

-Status: Closed +Status: Not a bug

[2017-03-29 16:01 UTC] daverandom@php.net

Additional example info showing the effects of these values

<?php

$privKey = openssl_pkey_new();

$csr = openssl_csr_new([
    'countryName' => 'US',
    'stateOrProvinceName' => 'MI',
    'localityName' => 'Ann Arbor',
    'organizationName' => 'Duo',
    'commonName' => 'localhost',
    'emailAddress' => 'jmaguire@duo.com'
], $privKey, ['digest_alg' => 'sha256']);

openssl_csr_export($csr, $contents);
file_put_contents('req.csr', $contents);

$ssCert = openssl_csr_sign($csr, null, $privKey, 30, ['digest_alg' => 'sha256']);

openssl_pkey_export($privKey, $contents);
file_put_contents('private.key', $contents);

openssl_x509_export($ssCert, $contents);
file_put_contents('public.crt', $contents);

?>

#> openssl req -noout -text -in req.csr
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=US, ST=MI, L=Ann Arbor, O=Duo, CN=localhost/emailAddress=jmaguire@duo.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:e5:37:b6:2d:ce:9b:63:8d:e8:db:0f:54:ba:53:
                    c8:67:38:d9:cf:cc:aa:ad:93:c0:a5:aa:8e:ac:d9:
                    11:c9:05:45:e5:9e:66:8c:ac:0e:17:06:48:43:ba:
                    4d:3a:ee:08:ea:e2:70:33:1c:8d:92:94:c9:9d:08:
                    72:e9:54:bd:f1:f7:20:a4:4b:f9:99:04:b3:96:c0:
                    19:bd:a2:65:24:e5:1a:e8:b5:c7:a6:33:06:a8:bc:
                    fc:a4:b7:7a:3f:c7:99:d5:7c:0e:45:a0:2f:c4:cf:
                    19:1f:f9:31:9f:ed:e3:1b:10:f0:9b:22:c4:14:d2:
                    35:b5:2e:8f:c3:67:b9:eb:47
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
         5e:b4:03:7a:d2:71:8f:fe:bf:b0:9d:90:2a:77:60:c8:33:5b:
         c6:8e:0a:b4:b0:5e:77:29:57:8c:d6:3c:2e:c8:ce:53:da:fc:
         e2:2e:a4:ab:ac:e7:99:0f:63:45:94:0f:dd:42:ad:e7:f1:62:
         a9:42:cf:8a:51:0a:cb:e5:e3:67:b4:4d:1d:16:8b:f9:f2:5e:
         2f:13:50:1e:7a:d1:50:9f:07:97:aa:95:4a:8a:11:23:92:32:
         2f:05:49:4f:2b:22:72:55:7c:2c:a6:66:d6:a9:22:64:9f:6d:
         35:fb:82:ab:54:91:9d:8f:e6:88:39:75:51:cc:a2:82:03:9d:
         f9:b4


#> openssl x509 -noout -text -in public.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=MI, L=Ann Arbor, O=Duo, CN=localhost/emailAddress=jmaguire@duo.com
        Validity
            Not Before: Mar 29 15:57:03 2017 GMT
            Not After : Apr 28 15:57:03 2017 GMT
        Subject: C=US, ST=MI, L=Ann Arbor, O=Duo, CN=localhost/emailAddress=jmaguire@duo.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:e5:37:b6:2d:ce:9b:63:8d:e8:db:0f:54:ba:53:
                    c8:67:38:d9:cf:cc:aa:ad:93:c0:a5:aa:8e:ac:d9:
                    11:c9:05:45:e5:9e:66:8c:ac:0e:17:06:48:43:ba:
                    4d:3a:ee:08:ea:e2:70:33:1c:8d:92:94:c9:9d:08:
                    72:e9:54:bd:f1:f7:20:a4:4b:f9:99:04:b3:96:c0:
                    19:bd:a2:65:24:e5:1a:e8:b5:c7:a6:33:06:a8:bc:
                    fc:a4:b7:7a:3f:c7:99:d5:7c:0e:45:a0:2f:c4:cf:
                    19:1f:f9:31:9f:ed:e3:1b:10:f0:9b:22:c4:14:d2:
                    35:b5:2e:8f:c3:67:b9:eb:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:0B:CA:D4:E6:2C:02:BC:3E:65:13:EB:F8:07:DB:F0:E9:FE:52:A6
            X509v3 Authority Key Identifier:
                keyid:35:0B:CA:D4:E6:2C:02:BC:3E:65:13:EB:F8:07:DB:F0:E9:FE:52:A6
                DirName:/C=US/ST=MI/L=Ann Arbor/O=Duo/CN=localhost/emailAddress=jmaguire@duo.com
                serial:00

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         d7:8c:8b:83:0e:2a:85:7e:ed:2d:7e:39:36:62:43:16:d0:da:
         75:b0:0d:bb:18:7a:d5:8c:a6:70:79:37:0c:22:b5:7c:3a:45:
         fe:45:b0:13:27:5e:07:3f:6b:e2:36:81:30:28:18:e2:e4:b4:
         e7:88:7a:a3:9d:a8:ff:07:44:f4:45:de:75:1d:42:74:58:5d:
         d2:0f:f0:4a:72:83:17:39:28:4d:4c:05:ec:0c:17:05:07:80:
         91:2d:67:a4:cf:ca:f2:49:35:3b:1a:1b:4b:6b:12:60:fd:b6:
         aa:ea:bf:da:7b:1b:c4:0b:90:78:33:57:e9:fc:df:49:89:ab:
         58:52

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Dec 18 11:00:01 2025 UTC