php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46149 openssl_sign() can't generate the signature where sign DSA Private key
Submitted: 2008-09-22 11:45 UTC Modified: 2008-11-18 02:18 UTC
Votes:2
Avg. Score:4.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: hanbsd at 163 dot com Assigned:
Status: Not a bug Package: OpenSSL related
PHP Version: 5.2.6 OS: Centos 5.0
Private report: No CVE-ID: None
 [2008-09-22 11:45 UTC] hanbsd at 163 dot com
Description:
------------
I create private key with 
$configargs = array(
  "digest_alg" => "sha1",
  "private_key_bits" => 1024,
  "private_key_type" => OPENSSL_KEYTYPE_DSA,
  "encrypt_key" => false
);

But I can not get signature by openssl_sign($data, $signature, $key).

Then I use openssl  in shell
#openssl dgst -dss1 -sign id_dsa foo.sha1 > sigfile.bin
openssl create a signature file : sigfile.bin
#openssl dgst -dss1 -verify id_dsa.pub -signature sigfile.bin foo.sha1
openssl print: "Verified OK"


It looks something bug of PHP function openssl_sign()

Reproduce code:
---------------
$data = "sfsdfsdfs";
$fp = fopen("/home/id_dsa", "r");
$pkey = fread($fp, 8192);
fclose($fp);
$key = openssl_get_privatekey($pkey);
openssl_sign($data, $signature, $key);
openssl_free_key($key);
echo $signature;

Expected result:
----------------
openssl_sign() can create signature 

Actual result:
--------------
openssl_sign() can not create signature , $signature is empty

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-11-07 07:48 UTC] t dot dettrick at its dot uq dot edu dot au
This is related to Bug #41033 - PHP doesn't support signing or verification with DSA, because it requires EVP_dss1() instead of EVP_sha1(), and the patch to provide a constant for that hash algorithm hasn't been merged yet.
 [2008-11-18 02:18 UTC] pajoye@php.net
Duplicate of  #41033  (which is fixed)
 [2011-10-31 12:54 UTC] menkaur at gmail dot com
I'm getting this bug in version 5.2.17; openssl_sign silently fails, signature is empty

Here's the code to reproduce it:

$priv_key = '-----BEGIN DSA PRIVATE KEY-----
MIIDVQIBAAKCAQEA/uhSKJA6k5sSnYo+uBgi+mzJ72hqZrWgc+dNLpiiKoHsqDZ6
7kGW0J3wnhU0FxpV2SVL57SfG6dC7GvwsJYBidSEJqe3bARP8WI4yL9wm1PVTqFD
4zNkj1+zUZDWQWpJxaA8I10sJR08/WbwgD63bD6jg4JiPaowFMOrufYAW92hjANQ
D7eZ+t0GXAoDB5L6q8btVRfJrGOvkdDN6eyzc7kpJEVC9g1J9Q6glnHQRIGdW4Ot
ys/bpv2mGMfEykyTWhcMSLaAZ0YLTyKRfjYm8g7dCFWo3i8Fu0Jr+N3IWZI9Jgw5
lGyUSX8x89gjMsqtcOzcrjOtC51oAh+pio8jaQIhAM2VbbgAoxSSVO3Nd5y2mPiO
k62rr9cCj4tNy0MtYG3rAoIBABnMeAAeJpNpe3UhmWrGSJN/nQe76FSIhV/0wsu4
Xu65tW610i+uf8t0ZDqHCrbF9LSvk6vPiBydKhOmmStCa/aJJZhCKYI9/8WgtXG8
kSvAzLTNnozSLeHkapZHJwqY1wT+qxElheXjHJBRzgXVqwB+0CeJokJYlWiaPfuN
n3H1GDekuYXSFAaK4bC4TEsctQH1/403ljSbv99aXVDTVSnW0hdbokyLSPsiJjvz
w6GkyEiK/j6V2dTrIRn2X2ftzbTsE+0vEenHosIzJwM8+zUrhLvVvPBARWnbmsQ/
YstGs7WERGQzkFSsuPsWCN53Os4NnBEPiYg8//Cy1EHat3ACggEAD3mqwlAaPixs
Up49/HYlGqrU4e862rWY7mb5XRJ7AY9t70C5hhZrVO/DTgpGkwO0Yi/cYo6W0g//
cP73Nb2KZwaiyTCet2VsXb0H/8gvi8OqlidEpormedYW1T0DoyVrw57gXF0hp0D8
scfZBg0hFM/hHlmqHPKYiZtDp5imk5TeSyIoLdyJjW8jII2ni8ryStjvZ61aAPyK
VH8in3DpVANpn3MSGv1Hv1RYxaago71fVUyOkm1/pFNqBNIwBAxBIUsIPdNpjoGB
bLKXDshCfdXkQJxnx80nVDslEkv10BapLqIr98uswU/bBYMduF6Xrg5pdugDG3Cw
X8n3glog8QIgayYvNGvBvrDp9piq8RDg9mQJsd4IFBlpF7MnqIc749M=
-----END DSA PRIVATE KEY-----
';

$pkeyid = openssl_get_privatekey($priv_key);
if(empty($pkeyid)){
	die("Can't load key id");
}
$data = $_GET['i'];
// compute signature
if(!openssl_sign($data, $signature, $pkeyid,OPENSSL_ALGO_SHA1)){
	echo "Failed to sign data: $data";
}
// free the key from memory
openssl_free_key($pkeyid);
if(empty($signature)){
	echo "signature empty";
}
echo base64_encode($signature);
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Tue Dec 06 17:05:53 2022 UTC