|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71087 Phar - cannot use OpenSSL signatures with custom stub
Submitted: 2015-12-10 21:49 UTC Modified: -
From: securtiy at paragonie dot com Assigned:
Status: Open Package: PHAR related
PHP Version: 5.6.16 OS: Debian 8.1 Jessie with Dotdeb
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
32 - 4 = ?
Subscribe to this entry?

 [2015-12-10 21:49 UTC] securtiy at paragonie dot com
Is there any reason why we can't use Phar::setSignatureAlgorithm() after Phar::setStub()?

If there's a reason this shouldn't allowed, could the documentation please be updated to reflect this decision?

If this is a bug, it's breaking our ability to publish signed a .phar for defuse/php-encryption

Test script:

Expected result:
Silent success, but if I do this:

$phar = new \Phar(dirname(__DIR__).'/dist/defuse-crypto.phar');
$signature = $phar->getSignature();
var_dump($signature); shouldn't say its "hash_type" is "SHA-1"

Actual result:
PHP Fatal error:  Uncaught exception 'PharException' with message 'unable to copy stub of old phar to new phar "/var/www/defuse/php-encryption/dist/defuse-crypto.phar"' in /var/www/defuse/php-encryption/other/build_phar.php:37
Stack trace:
#0 /var/www/defuse/php-encryption/other/build_phar.php(37): Phar->setSignatureAlgorithm(16, '-----BEGIN PRIV...')
#1 {main}
  thrown in /var/www/defuse/php-encryption/other/build_phar.php on line 37


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-12-10 21:58 UTC] security at paragonie dot com
In our use case, this resolved the problem...

...but that's a workaround, not a solution.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Jan 25 20:01:23 2021 UTC