PHP :: Bug #46149 :: openssl_sign() can't generate the signature where sign DSA Private key

Bug #46149

openssl_sign() can't generate the signature where sign DSA Private key

Submitted:

2008-09-22 11:45 UTC

Modified:

2008-11-18 02:18 UTC

Votes:	2
Avg. Score:	4.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	1 (50.0%)

From:

hanbsd at 163 dot com

Assigned:

Status:

Not a bug

Package:

OpenSSL related

PHP Version:

5.2.6

OS:

Centos 5.0

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	hanbsd at 163 dot com
New email:
PHP Version:		OS:

New Comment:

[2008-09-22 11:45 UTC] hanbsd at 163 dot com

Description:
------------
I create private key with 
$configargs = array(
  "digest_alg" => "sha1",
  "private_key_bits" => 1024,
  "private_key_type" => OPENSSL_KEYTYPE_DSA,
  "encrypt_key" => false
);

But I can not get signature by openssl_sign($data, $signature, $key).

Then I use openssl  in shell
#openssl dgst -dss1 -sign id_dsa foo.sha1 > sigfile.bin
openssl create a signature file : sigfile.bin
#openssl dgst -dss1 -verify id_dsa.pub -signature sigfile.bin foo.sha1
openssl print: "Verified OK"


It looks something bug of PHP function openssl_sign()

Reproduce code:
---------------
$data = "sfsdfsdfs";
$fp = fopen("/home/id_dsa", "r");
$pkey = fread($fp, 8192);
fclose($fp);
$key = openssl_get_privatekey($pkey);
openssl_sign($data, $signature, $key);
openssl_free_key($key);
echo $signature;

Expected result:
----------------
openssl_sign() can create signature 

Actual result:
--------------
openssl_sign() can not create signature , $signature is empty

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-11-07 07:48 UTC] t dot dettrick at its dot uq dot edu dot au

This is related to Bug #41033 - PHP doesn't support signing or verification with DSA, because it requires EVP_dss1() instead of EVP_sha1(), and the patch to provide a constant for that hash algorithm hasn't been merged yet.

[2008-11-18 02:18 UTC] pajoye@php.net

Duplicate of  #41033  (which is fixed)

[2011-10-31 12:54 UTC] menkaur at gmail dot com

I'm getting this bug in version 5.2.17; openssl_sign silently fails, signature is empty

Here's the code to reproduce it:

$priv_key = '-----BEGIN DSA PRIVATE KEY-----
MIIDVQIBAAKCAQEA/uhSKJA6k5sSnYo+uBgi+mzJ72hqZrWgc+dNLpiiKoHsqDZ6
7kGW0J3wnhU0FxpV2SVL57SfG6dC7GvwsJYBidSEJqe3bARP8WI4yL9wm1PVTqFD
4zNkj1+zUZDWQWpJxaA8I10sJR08/WbwgD63bD6jg4JiPaowFMOrufYAW92hjANQ
D7eZ+t0GXAoDB5L6q8btVRfJrGOvkdDN6eyzc7kpJEVC9g1J9Q6glnHQRIGdW4Ot
ys/bpv2mGMfEykyTWhcMSLaAZ0YLTyKRfjYm8g7dCFWo3i8Fu0Jr+N3IWZI9Jgw5
lGyUSX8x89gjMsqtcOzcrjOtC51oAh+pio8jaQIhAM2VbbgAoxSSVO3Nd5y2mPiO
k62rr9cCj4tNy0MtYG3rAoIBABnMeAAeJpNpe3UhmWrGSJN/nQe76FSIhV/0wsu4
Xu65tW610i+uf8t0ZDqHCrbF9LSvk6vPiBydKhOmmStCa/aJJZhCKYI9/8WgtXG8
kSvAzLTNnozSLeHkapZHJwqY1wT+qxElheXjHJBRzgXVqwB+0CeJokJYlWiaPfuN
n3H1GDekuYXSFAaK4bC4TEsctQH1/403ljSbv99aXVDTVSnW0hdbokyLSPsiJjvz
w6GkyEiK/j6V2dTrIRn2X2ftzbTsE+0vEenHosIzJwM8+zUrhLvVvPBARWnbmsQ/
YstGs7WERGQzkFSsuPsWCN53Os4NnBEPiYg8//Cy1EHat3ACggEAD3mqwlAaPixs
Up49/HYlGqrU4e862rWY7mb5XRJ7AY9t70C5hhZrVO/DTgpGkwO0Yi/cYo6W0g//
cP73Nb2KZwaiyTCet2VsXb0H/8gvi8OqlidEpormedYW1T0DoyVrw57gXF0hp0D8
scfZBg0hFM/hHlmqHPKYiZtDp5imk5TeSyIoLdyJjW8jII2ni8ryStjvZ61aAPyK
VH8in3DpVANpn3MSGv1Hv1RYxaago71fVUyOkm1/pFNqBNIwBAxBIUsIPdNpjoGB
bLKXDshCfdXkQJxnx80nVDslEkv10BapLqIr98uswU/bBYMduF6Xrg5pdugDG3Cw
X8n3glog8QIgayYvNGvBvrDp9piq8RDg9mQJsd4IFBlpF7MnqIc749M=
-----END DSA PRIVATE KEY-----
';

$pkeyid = openssl_get_privatekey($priv_key);
if(empty($pkeyid)){
	die("Can't load key id");
}
$data = $_GET['i'];
// compute signature
if(!openssl_sign($data, $signature, $pkeyid,OPENSSL_ALGO_SHA1)){
	echo "Failed to sign data: $data";
}
// free the key from memory
openssl_free_key($pkeyid);
if(empty($signature)){
	echo "signature empty";
}
echo base64_encode($signature);

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 16:01:29 2024 UTC