php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #61421 OpenSSL signature verification missing RMD160, SHA224, SHA256, SHA384, SHA512
Submitted: 2012-03-16 19:35 UTC Modified: 2012-09-16 06:03 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:4 of 4 (100.0%)
Same Version:4 (100.0%)
Same OS:4 (100.0%)
From: mark at zedwood dot com Assigned: pajoye
Status: Closed Package: OpenSSL related
PHP Version: 5.4.5 OS: Ubuntu Linux
Private report: No CVE-ID:
 [2012-03-16 19:35 UTC] mark at zedwood dot com
Description:
------------
openssl_verify() takes as a parameter a signature algorithm.  The current list of values is here
http://us3.php.net/manual/en/openssl.signature-algos.php

The SHA256 and SHA512 families algorithms have been supported in openssl for quite some time.  RipeMD160 is also not included.

Test script:
---------------
http://pastebin.com/qdCyC0Pe

Expected result:
----------------
verified

Actual result:
--------------
PHP Notice:  Use of undefined constant OPENSSL_ALGO_SHA256 - assumed 'OPENSSL_ALGO_SHA256' in verify_sig.php on line 18
notverified

Patches

openssl-add-sig-algs.txt (last revision 2012-06-18 20:47 UTC) by mark at zedwood dot com)
openssl-add-rmd160-sha2-sig-alg.patch (last revision 2012-04-05 22:08 UTC) by mark at zedwood dot com)
openssl-add-ripemd160-sha2-sig-algs (last revision 2012-04-02 18:19 UTC) by mark at zedwood dot com)
add_openssl_signature_algorithms.txt (last revision 2012-03-16 19:35 UTC) by zedwoodnoreply at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-16 21:10 UTC] zedwoodnoreply at gmail dot com
to generate a sample csr with sha256 sig use:
openssl req -new -sha256    -newkey rsa:2048 -nodes -out example_com_sha256.csr    -keyout example_com_sha256.key    -subj "/C=US/ST=/L=/O=/CN=example.com"

to parse the csr with openssl (command line) use:
openssl req -in example_com_sha256.csr    -noout -text

sample output:
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=US, CN=example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:a7:7a:17:c4:17:72:8e:5b:36:36:05:8f:57:10:
                    a5:b9:f2:4b:05:9e:88:62:bc:8b:a5:ad:c3:6a:41:
                    b5:31:25:cc:86:7c:99:6b:f4:7f:74:a1:01:93:95:
                    b9:3e:b7:dc:b4:b4:59:3c:ff:22:8c:d5:87:75:44:
                    93:9c:19:de:08:42:b2:fd:88:eb:71:6b:8b:21:4a:
                    06:66:9c:6d:2b:10:bb:f5:e8:7c:a2:3a:ae:51:86:
                    51:3a:d1:96:02:93:f1:de:3a:68:06:6d:36:20:41:
                    b4:09:d8:ed:74:5e:ff:ae:ba:26:84:ac:4d:6a:30:
                    6a:b4:01:ec:3a:a0:f9:5c:08:5c:6c:5e:1f:f2:11:
                    2c:11:a1:3d:44:17:79:33:0a:97:a0:4e:b8:c3:81:
                    e4:58:d7:10:b3:50:43:af:9e:4b:b9:05:e7:5d:da:
                    78:b1:85:c4:36:a7:d5:b2:82:7a:1a:ab:4c:6c:98:
                    a1:b5:6c:1a:99:04:18:2b:8d:80:2f:11:23:1d:41:
                    53:7a:15:39:2b:84:23:bf:2d:b0:32:5a:7d:0d:d0:
                    3f:ac:d3:66:9c:9f:a2:df:40:4b:0d:9c:98:e4:64:
                    44:b7:58:1d:54:75:07:47:b9:03:e5:57:10:d3:1a:
                    ac:85:c6:f1:19:1c:df:a6:33:12:25:0b:ee:9a:fb:
                    72:93
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
        48:ac:2e:08:93:95:ec:c3:12:ab:88:33:1f:7f:37:c3:5a:9b:
        6a:9a:b3:ea:35:ca:f0:1d:40:47:f0:31:8f:f3:36:b4:3d:5d:
        ee:74:48:fe:1b:43:4b:78:d7:97:d5:d5:77:8f:ba:51:db:35:
        75:c4:89:dc:b6:49:86:4e:4c:42:e7:01:e3:cb:72:da:9b:94:
        d1:ed:b7:59:be:f6:eb:44:68:54:e5:10:0c:bf:7a:9f:48:18:
        86:f2:f2:84:ca:a1:3b:48:be:d1:4a:40:22:12:7b:c0:42:a5:
        a0:ce:0f:43:17:44:e2:cf:e8:27:1d:71:d5:92:d8:de:bd:82:
        c2:11:f2:73:8c:c3:ab:5e:a1:64:78:af:a6:10:19:b1:ed:b2:
        fb:4c:bb:66:20:fe:1a:34:af:43:9f:4d:4e:6d:a2:f0:d0:df:
        33:93:e5:a7:d5:dc:2f:47:e3:56:31:fd:50:d2:2e:83:2f:d2:
        b2:fb:a8:7d:ce:4a:1f:a1:14:fc:45:92:ca:1c:85:3a:e7:32:
        e4:a8:13:fe:54:9a:ee:25:02:26:d3:b5:e1:96:08:f3:c8:36:
        59:ef:f5:46:1c:62:e6:58:ea:d4:86:a8:3f:ed:92:77:d7:eb:
        d3:92:a1:91:8e:2c:1c:4e:c2:12:b0:c9:8b:3b:17:99:32:03:
        e3:9e:a5:dd
 [2012-03-31 04:00 UTC] mark at zedwood dot com
should i submit a new patch with
#if OPENSSL_VERSION_NUMBER >= 0x0090708fL 
instead of
#ifndef OPENSSL_NO_SHA256
?
 [2012-03-31 04:00 UTC] mark at zedwood dot com
-: zedwoodnoreply@gmail.com +: mark at zedwood dot com
 [2012-04-02 09:21 UTC] derick@php.net
Mark, yes, you probably should. It will also help a lot if you include test cases for the new functionality. Make sure those tests also run with older versions of openssl though!

cheers,
Derick
 [2012-04-02 09:36 UTC] pajoye@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: pajoye
 [2012-04-02 09:36 UTC] pajoye@php.net
hi,

Thanks for the patch, I will apply it asap but it won't make it for the next 
releases of 5.3 or 5.4 as we are already in release phases.

Btw, can you add some tests too please?

About the patch, yes, please use the openssl version check instead. As what is 
done now won't work smoothly with older versions.

As of getting a svn account (asked per email but adding answer here too), we 
usually give one after that one has provided a couple of patches :)

Thanks for your work!
 [2012-04-02 18:21 UTC] mark at zedwood dot com
added openssl version check, added new patch with .phpt test
 [2012-04-05 22:10 UTC] mark at zedwood dot com
Changed name of const to OPENSSL_ALGO_RMD160 instead of OPENSSL_ALGO_RIPEMD160
 [2012-05-30 19:10 UTC] mark at zedwood dot com
Is there anything preventing this bugfix/patch from being committed into git?
 [2012-06-18 20:12 UTC] mark at zedwood dot com
Modified pastebin example to show simpler test case:
http://pastebin.com/qdCyC0Pe

older pastebin example now available at:
http://pastebin.com/4LQDqMD5
 [2012-06-18 20:12 UTC] mark at zedwood dot com
-Summary: Missing SHA256,SHA512 families of signature algorithms +Summary: OpenSSL signature verification missing RMD160, SHA224, SHA256, SHA384, SHA512 -PHP Version: 5.4.0 +PHP Version: 5.4.4
 [2012-06-18 20:48 UTC] mark at zedwood dot com
I just added a patch, updated to php 5.4.4.  Hopefully this can make it into php 5.4.5.
 [2012-06-19 07:55 UTC] pajoye@php.net
hi!

that looks good now! Thanks!

Could you add the latest examples as extra tests as well please?

I will commit it to master this week.
 [2012-06-19 13:43 UTC] mark at zedwood dot com
Those new examples are also all be in the openssl-add-sig-algs.txt patch file I uploaded yesterday.  So we should be good to go.
 [2012-06-21 20:14 UTC] mark at zedwood dot com
This issue is an important feature to add to PHP, considering
"SHA-1 has recently been demonstrated to provide less than 80 bits of security for digital signatures; at the publication of this Recommendation, the security strength against collisions is assessed at 69 bits. The use of SHA-1 is not recommended for the generation of digital signatures in new systems; new systems should use one of the larger hash functions. (SHA-224, SHA-256, SHA-384 and SHA-512)"
https://wiki.mozilla.org/CA:MD5and1024
 [2012-06-27 06:21 UTC] pajoye@php.net
Patch compiles fine, I asked the RMs if it is fine to merge into 5.3/4.

Will commit all at once once I got an answer.

Thanks for your work and patience!
 [2012-07-20 00:05 UTC] mark at zedwood dot com
updated version to php 5.4.5
 [2012-07-20 00:05 UTC] mark at zedwood dot com
-PHP Version: 5.4.4 +PHP Version: 5.4.5
 [2012-09-14 17:56 UTC] mark at zedwood dot com
PHP 5.4 release manager stas had me create a pull request for this bug.
https://github.com/php/php-src/pull/196
 [2012-09-16 06:03 UTC] stas@php.net
-Status: Assigned +Status: To be documented
 [2012-09-16 06:03 UTC] stas@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 10:02:10 2014 UTC