PHP :: Request #80495 :: Enable to set padding in openssl

Enable to set padding in openssl_verify

Submitted:

2020-12-08 14:17 UTC

Modified:

2021-03-05 13:59 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

tobias dot assmann at ecsec dot de

Assigned:

Status:

Open

Package:

OpenSSL related

PHP Version:

Irrelevant

OS:

Linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!

Your email address: MUST BE VALID
Solve the problem: 49 - 27 = ?
Subscribe to this entry?

[2020-12-08 14:17 UTC] tobias dot assmann at ecsec dot de

Description:
------------
Hi,

when using the openssl extension for public en-/decryption (openssl_public_decrypt) you can set the padding with values like OPENSSL_PKCS1_PADDING.

This is not possible when trying to verify a signature using openssl_verify()

But setting the padding or using a greater collection of alorithems is needed, when wanting to verify a signature which has been created with a PKCS1 v2 (RSASSA-PSS) based algorithm i.E. sha256-rsa-MGF1.

It would be great if the PHP openssl extensions could be enhanced to use it with more flexibility regarding cryptographic algorithms.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-03-05 13:59 UTC] tobias dot assmann at ecsec dot de

As I have been told, my description of the issue is not really accurate.

Therefore I try to describe the problem in more detail.

Currently in PHP it is only possible to make and verify OpenSSL based signatures based on cryptography defined in PKCS #1 v1.5.

This is due to the mapping of the algorithm parameter given in the PHP function "openssl_sign" to a OpenSSL function (https://github.com/php/php-src/blob/3370b5fd8732ba47a6c833411d57481b9d2d4c02/ext/openssl/openssl.c#L6433) which only uses the RSA-SSA implementation as specified by PKCS #1 v1.5.

It would be great, to enable creating an signature based on the cryptographic standard PKCS #1 v2 (RSASSA-PSS). I think the following changes are needed for this:

* add the possibility to specify the signature algorithm and the digest algorithm separately in the "openssl_sign" and openssl_verify" PHP functions

* change the underlying mapping to OpenSSL calls, to make use of the OpenSSL RSASSA-PSS implementation, if the given algorithms defines the need for it

For creating RSASSA-PSS Signatures an EVP_PKEY_CTX (https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.html) is needed.
An example for the creation would be:

EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL);

To use this EVP_PKEY_CTX the calling of the method EVP_SignInit (https://www.openssl.org/docs/man1.1.0/man3/EVP_SignInit.html) should be replaced by using EVP_DigestSignInit funktion benutzt werden (https://www.openssl.org/docs/man1.1.0/man3/EVP_DigestSignInit.html).

Hope this clarifies the intention of this bug report. Please feel free to reach out to me for any questions.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 00:01:28 2024 UTC