PHP :: Bug #74335 :: digest_alg configarg for openssl_csr

Bug #74335	digest_alg configarg for openssl_csr_sign has no effect
Submitted:	2017-03-29 15:02 UTC	Modified:	2017-03-29 16:01 UTC
From:	jmaguire at duo dot com	Assigned:
Status:	Not a bug	Package:	OpenSSL related
PHP Version:	7.1.3	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	jmaguire at duo dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2017-03-29 15:02 UTC] jmaguire at duo dot com

Description:
------------
The docs here (https://secure.php.net/openssl_csr_new) suggest that passing an array that contains "digest_alg" pointing to an algorithm (such as "sha256") will use the given signature algorithm. However, it has no effect.

Modifying the openssl.conf and setting "default_md" to "sha256" under the "[req]" header achieves the desired result.

Test script:
---------------
<?php

$privKey = openssl_pkey_new();
$csr = openssl_csr_new([
    'countryName' => 'US',
    'stateOrProvinceName' => 'MI',
    'localityName' => 'Ann Arbor',
    'organizationName' => 'Duo',
    'commonName' => 'localhost',
    'emailAddress' => 'jmaguire@duo.com'
], $privKey, ['digest_alg' => 'sha256']);
$ssCert = openssl_csr_sign($csr, null, $privKey, 30);

openssl_pkey_export($privKey, $contents);
file_put_contents('private.key', $contents);

openssl_x509_export($ssCert, $contents);
file_put_contents('public.crt', $contents);

Expected result:
----------------
Expect Signature Algorithm from openssl x509 to read "sha256WithRSAEncryption".

Actual result:
--------------
-> % openssl x509 -noout -text -in public.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C = US, ST = MI, L = Ann Arbor, O = Duo, CN = localhost, emailAddress = jmaguire@duo.com
        Validity
            Not Before: Mar 29 14:56:56 2017 GMT
            Not After : Apr 28 14:56:56 2017 GMT
        Subject: C = US, ST = MI, L = Ann Arbor, O = Duo, CN = localhost, emailAddress = jmaguire@duo.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:cb:96:06:b8:72:36:8e:c7:88:89:d9:40:50:9d:
                    bf:27:07:9b:a3:54:85:54:eb:45:52:5a:8a:f0:b3:
                    22:85:14:51:55:18:0a:fb:a1:cd:93:a1:bf:94:4a:
                    fa:60:08:c0:98:ce:96:b5:e7:9f:ff:da:c4:3a:25:
                    a9:5e:5f:9b:ad:8d:fc:4f:47:16:c8:27:d2:df:96:
                    5f:d4:65:08:39:61:15:1b:c0:c6:ad:85:98:88:98:
                    67:c1:2c:d3:1d:ee:dd:82:3e:8d:9e:9e:17:98:9a:
                    f6:db:d7:34:f0:21:11:d4:40:a8:57:e0:de:c6:d7:
                    64:e2:d6:c5:d0:8f:dd:b0:0b:9e:55:70:b1:11:ab:
                    c0:4e:df:5e:7d:14:e5:b6:d9:36:03:65:62:be:a8:
                    bf:fd:ac:9b:b6:d5:50:e7:bc:0e:5a:0e:d8:f3:89:
                    7b:ed:aa:57:33:40:6c:95:cf:a5:22:01:59:43:be:
                    ff:bb:9a:e6:01:63:ba:f6:42:04:b7:6a:f9:c2:e0:
                    8e:f8:82:f9:5a:21:5d:fe:ae:e2:61:83:e2:f4:3b:
                    b9:82:d3:4c:ab:c5:83:c6:f4:53:93:1b:52:63:2c:
                    d4:5e:bb:00:92:67:91:51:34:be:50:30:a4:8d:f3:
                    3e:6e:e2:49:48:e0:44:8e:c6:1c:6b:11:e3:38:56:
                    aa:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:B1:AB:14:8F:C5:B0:9C:54:B6:11:9E:42:15:87:AD:48:E8:29:A2
            X509v3 Authority Key Identifier:
                keyid:2F:B1:AB:14:8F:C5:B0:9C:54:B6:11:9E:42:15:87:AD:48:E8:29:A2

            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
         51:49:f3:70:5a:55:32:e3:46:f8:af:1f:fc:54:cd:22:ac:85:
         9b:9e:87:67:36:9c:7b:ac:70:cd:ae:8e:33:ce:29:94:fe:af:
         1b:4d:5e:8a:53:65:d2:a9:1b:21:84:54:fd:b5:16:ca:54:aa:
         3c:3b:00:14:dc:53:d9:33:b1:5c:b9:aa:c9:5f:40:a2:e6:ce:
         c4:b2:5c:ec:e2:cb:58:48:8e:0e:8e:c0:c9:03:92:c8:2f:be:
         8a:84:f7:90:4e:87:43:58:30:43:8d:84:c6:48:4d:2f:4d:c8:
         67:ee:a1:fc:97:e9:dc:10:c2:ea:fc:ff:2c:30:28:79:01:33:
         7e:13:ec:05:d6:93:84:96:3d:ad:e9:8a:a3:07:2e:9d:18:69:
         77:c7:f3:9c:1b:54:a9:e7:f6:74:00:27:9d:30:a8:4e:57:0b:
         0e:20:a1:56:e5:37:b9:d7:2c:6c:65:5d:e0:ae:83:6f:36:f4:
         62:fb:1c:4d:ae:db:5e:ba:03:50:13:df:c2:e9:a9:26:f2:f7:
         b5:a7:4f:ed:7b:fb:1a:52:45:da:83:a8:14:0f:55:a5:93:bb:
         cf:2d:cb:4a:23:63:d2:38:45:f1:ab:eb:2b:01:0d:2d:fe:36:
         10:27:4c:6a:13:79:42:70:30:ce:74:39:e3:86:7b:26:04:09:
         b1:bd:12:a1

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-03-29 15:10 UTC] jmaguire at duo dot com

PHP 5.6.17-3 (cli) exhibits the same behavior.

[2017-03-29 15:29 UTC] requinix@php.net

-Status: Open +Status: Feedback

[2017-03-29 15:29 UTC] requinix@php.net

Does openssl_error_string() return anything? Note you should call it multiple times, like

while ($msg = openssl_error_string())
    echo $msg . "<br />\n";

[2017-03-29 15:37 UTC] daverandom@php.net

The issue is that openssl_csr_sign() is not using the value defined in the CSR created with openssl_csr_new().

If you pass the ['digest_alg' => 'whatever'] config arg directly to openssl_csr_sign() then it works as expected.

[2017-03-29 15:45 UTC] daverandom@php.net

Thinking about it I'm not sure it actually makes sense to specify the algorithm at the point of creating a new CSR, surely that's up to the signing CA to determine? 

When exported, a CSR does not (afaik?) contain this information, so logically it doesn't make sense to specify it here.

If what I said there ^ is correct (it may not be), I think this is a documentation issue more than anything else.

[2017-03-29 15:53 UTC] daverandom@php.net

https://security.stackexchange.com/a/67235/41073

tl;dr specifying digest_alg at openssl_csr_new() does not specify what should be used when signing the certificate, rather what should be used when signing the CSR itself.

Props to leigh for finding this.

[2017-03-29 15:56 UTC] kelunik@php.net

Your bug title says "openssl_csr_sign" doesn't obey "digest_alg", but you pass "digest_alg" to "openssl_csr_new" instead. It works fine if you pass the option to "openssl_csr_sign".

Unfortunately, the documentation just mentions all options for each and every function, while only some apply to each.

[2017-03-29 15:59 UTC] jmaguire at duo dot com

-Status: Feedback +Status: Closed

[2017-03-29 15:59 UTC] jmaguire at duo dot com

Sorry for the foolishness, and thanks all for the help.

[2017-03-29 16:01 UTC] daverandom@php.net

-Status: Closed +Status: Not a bug

[2017-03-29 16:01 UTC] daverandom@php.net

Additional example info showing the effects of these values

<?php

$privKey = openssl_pkey_new();

$csr = openssl_csr_new([
    'countryName' => 'US',
    'stateOrProvinceName' => 'MI',
    'localityName' => 'Ann Arbor',
    'organizationName' => 'Duo',
    'commonName' => 'localhost',
    'emailAddress' => 'jmaguire@duo.com'
], $privKey, ['digest_alg' => 'sha256']);

openssl_csr_export($csr, $contents);
file_put_contents('req.csr', $contents);

$ssCert = openssl_csr_sign($csr, null, $privKey, 30, ['digest_alg' => 'sha256']);

openssl_pkey_export($privKey, $contents);
file_put_contents('private.key', $contents);

openssl_x509_export($ssCert, $contents);
file_put_contents('public.crt', $contents);

?>

#> openssl req -noout -text -in req.csr
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=US, ST=MI, L=Ann Arbor, O=Duo, CN=localhost/emailAddress=jmaguire@duo.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:e5:37:b6:2d:ce:9b:63:8d:e8:db:0f:54:ba:53:
                    c8:67:38:d9:cf:cc:aa:ad:93:c0:a5:aa:8e:ac:d9:
                    11:c9:05:45:e5:9e:66:8c:ac:0e:17:06:48:43:ba:
                    4d:3a:ee:08:ea:e2:70:33:1c:8d:92:94:c9:9d:08:
                    72:e9:54:bd:f1:f7:20:a4:4b:f9:99:04:b3:96:c0:
                    19:bd:a2:65:24:e5:1a:e8:b5:c7:a6:33:06:a8:bc:
                    fc:a4:b7:7a:3f:c7:99:d5:7c:0e:45:a0:2f:c4:cf:
                    19:1f:f9:31:9f:ed:e3:1b:10:f0:9b:22:c4:14:d2:
                    35:b5:2e:8f:c3:67:b9:eb:47
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
         5e:b4:03:7a:d2:71:8f:fe:bf:b0:9d:90:2a:77:60:c8:33:5b:
         c6:8e:0a:b4:b0:5e:77:29:57:8c:d6:3c:2e:c8:ce:53:da:fc:
         e2:2e:a4:ab:ac:e7:99:0f:63:45:94:0f:dd:42:ad:e7:f1:62:
         a9:42:cf:8a:51:0a:cb:e5:e3:67:b4:4d:1d:16:8b:f9:f2:5e:
         2f:13:50:1e:7a:d1:50:9f:07:97:aa:95:4a:8a:11:23:92:32:
         2f:05:49:4f:2b:22:72:55:7c:2c:a6:66:d6:a9:22:64:9f:6d:
         35:fb:82:ab:54:91:9d:8f:e6:88:39:75:51:cc:a2:82:03:9d:
         f9:b4


#> openssl x509 -noout -text -in public.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=MI, L=Ann Arbor, O=Duo, CN=localhost/emailAddress=jmaguire@duo.com
        Validity
            Not Before: Mar 29 15:57:03 2017 GMT
            Not After : Apr 28 15:57:03 2017 GMT
        Subject: C=US, ST=MI, L=Ann Arbor, O=Duo, CN=localhost/emailAddress=jmaguire@duo.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:e5:37:b6:2d:ce:9b:63:8d:e8:db:0f:54:ba:53:
                    c8:67:38:d9:cf:cc:aa:ad:93:c0:a5:aa:8e:ac:d9:
                    11:c9:05:45:e5:9e:66:8c:ac:0e:17:06:48:43:ba:
                    4d:3a:ee:08:ea:e2:70:33:1c:8d:92:94:c9:9d:08:
                    72:e9:54:bd:f1:f7:20:a4:4b:f9:99:04:b3:96:c0:
                    19:bd:a2:65:24:e5:1a:e8:b5:c7:a6:33:06:a8:bc:
                    fc:a4:b7:7a:3f:c7:99:d5:7c:0e:45:a0:2f:c4:cf:
                    19:1f:f9:31:9f:ed:e3:1b:10:f0:9b:22:c4:14:d2:
                    35:b5:2e:8f:c3:67:b9:eb:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:0B:CA:D4:E6:2C:02:BC:3E:65:13:EB:F8:07:DB:F0:E9:FE:52:A6
            X509v3 Authority Key Identifier:
                keyid:35:0B:CA:D4:E6:2C:02:BC:3E:65:13:EB:F8:07:DB:F0:E9:FE:52:A6
                DirName:/C=US/ST=MI/L=Ann Arbor/O=Duo/CN=localhost/emailAddress=jmaguire@duo.com
                serial:00

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         d7:8c:8b:83:0e:2a:85:7e:ed:2d:7e:39:36:62:43:16:d0:da:
         75:b0:0d:bb:18:7a:d5:8c:a6:70:79:37:0c:22:b5:7c:3a:45:
         fe:45:b0:13:27:5e:07:3f:6b:e2:36:81:30:28:18:e2:e4:b4:
         e7:88:7a:a3:9d:a8:ff:07:44:f4:45:de:75:1d:42:74:58:5d:
         d2:0f:f0:4a:72:83:17:39:28:4d:4c:05:ec:0c:17:05:07:80:
         91:2d:67:a4:cf:ca:f2:49:35:3b:1a:1b:4b:6b:12:60:fd:b6:
         aa:ea:bf:da:7b:1b:c4:0b:90:78:33:57:e9:fc:df:49:89:ab:
         58:52

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 20:01:29 2024 UTC