php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #80495 Enable to set padding in openssl_verify
Submitted: 2020-12-08 14:17 UTC Modified: 2021-03-05 13:59 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: tobias dot assmann at ecsec dot de Assigned:
Status: Open Package: OpenSSL related
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tobias dot assmann at ecsec dot de
New email:
PHP Version: OS:

 

 [2020-12-08 14:17 UTC] tobias dot assmann at ecsec dot de
Description:
------------
Hi,

when using the openssl extension for public en-/decryption (openssl_public_decrypt) you can set the padding with values like OPENSSL_PKCS1_PADDING.

This is not possible when trying to verify a signature using openssl_verify()

But setting the padding or using a greater collection of alorithems is needed, when wanting to verify a signature which has been created with a PKCS1 v2 (RSASSA-PSS) based algorithm i.E. sha256-rsa-MGF1.

It would be great if the PHP openssl extensions could be enhanced to use it with more flexibility regarding cryptographic algorithms. 


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-03-05 13:59 UTC] tobias dot assmann at ecsec dot de
As I have been told, my description of the issue is not really accurate.

Therefore I try to describe the problem in more detail.

Currently in PHP it is only possible to make and verify OpenSSL based signatures based on cryptography defined in PKCS #1 v1.5.

This is due to the mapping of the algorithm parameter given in the PHP function "openssl_sign" to a OpenSSL function (https://github.com/php/php-src/blob/3370b5fd8732ba47a6c833411d57481b9d2d4c02/ext/openssl/openssl.c#L6433) which only uses the RSA-SSA implementation as specified by PKCS #1 v1.5.

It would be great, to enable creating an signature based on the cryptographic standard PKCS #1 v2 (RSASSA-PSS). I think the following changes are needed for this:

* add the possibility to specify the signature algorithm and the digest algorithm separately in the "openssl_sign" and openssl_verify" PHP functions

* change the underlying mapping to OpenSSL calls, to make use of the OpenSSL RSASSA-PSS implementation, if the given algorithms defines the need for it

For creating RSASSA-PSS Signatures an EVP_PKEY_CTX (https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.html) is needed.
An example for the creation would be:

EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL);

To use this EVP_PKEY_CTX the calling of the method EVP_SignInit (https://www.openssl.org/docs/man1.1.0/man3/EVP_SignInit.html) should be replaced by using EVP_DigestSignInit funktion benutzt werden (https://www.openssl.org/docs/man1.1.0/man3/EVP_DigestSignInit.html).

Hope this clarifies the intention of this bug report. Please feel free to reach out to me for any questions.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 09 20:01:28 2024 UTC