php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #80495 Enable to set padding in openssl_verify
Submitted: 2020-12-08 14:17 UTC Modified: 2021-03-05 13:59 UTC
From: tobias dot assmann at ecsec dot de Assigned:
Status: Open Package: OpenSSL related
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tobias dot assmann at ecsec dot de
New email:
PHP Version: OS:

 

 [2020-12-08 14:17 UTC] tobias dot assmann at ecsec dot de
Description:
------------
Hi,

when using the openssl extension for public en-/decryption (openssl_public_decrypt) you can set the padding with values like OPENSSL_PKCS1_PADDING.

This is not possible when trying to verify a signature using openssl_verify()

But setting the padding or using a greater collection of alorithems is needed, when wanting to verify a signature which has been created with a PKCS1 v2 (RSASSA-PSS) based algorithm i.E. sha256-rsa-MGF1.

It would be great if the PHP openssl extensions could be enhanced to use it with more flexibility regarding cryptographic algorithms. 


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-03-05 13:59 UTC] tobias dot assmann at ecsec dot de
As I have been told, my description of the issue is not really accurate.

Therefore I try to describe the problem in more detail.

Currently in PHP it is only possible to make and verify OpenSSL based signatures based on cryptography defined in PKCS #1 v1.5.

This is due to the mapping of the algorithm parameter given in the PHP function "openssl_sign" to a OpenSSL function (https://github.com/php/php-src/blob/3370b5fd8732ba47a6c833411d57481b9d2d4c02/ext/openssl/openssl.c#L6433) which only uses the RSA-SSA implementation as specified by PKCS #1 v1.5.

It would be great, to enable creating an signature based on the cryptographic standard PKCS #1 v2 (RSASSA-PSS). I think the following changes are needed for this:

* add the possibility to specify the signature algorithm and the digest algorithm separately in the "openssl_sign" and openssl_verify" PHP functions

* change the underlying mapping to OpenSSL calls, to make use of the OpenSSL RSASSA-PSS implementation, if the given algorithms defines the need for it

For creating RSASSA-PSS Signatures an EVP_PKEY_CTX (https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.html) is needed.
An example for the creation would be:

EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL);

To use this EVP_PKEY_CTX the calling of the method EVP_SignInit (https://www.openssl.org/docs/man1.1.0/man3/EVP_SignInit.html) should be replaced by using EVP_DigestSignInit funktion benutzt werden (https://www.openssl.org/docs/man1.1.0/man3/EVP_DigestSignInit.html).

Hope this clarifies the intention of this bug report. Please feel free to reach out to me for any questions.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Sep 28 17:03:37 2021 UTC