|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #80495 Enable to set padding in openssl_verify
Submitted: 2020-12-08 14:17 UTC Modified: 2021-03-05 13:59 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: tobias dot assmann at ecsec dot de Assigned:
Status: Open Package: OpenSSL related
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
25 + 6 = ?
Subscribe to this entry?

 [2020-12-08 14:17 UTC] tobias dot assmann at ecsec dot de

when using the openssl extension for public en-/decryption (openssl_public_decrypt) you can set the padding with values like OPENSSL_PKCS1_PADDING.

This is not possible when trying to verify a signature using openssl_verify()

But setting the padding or using a greater collection of alorithems is needed, when wanting to verify a signature which has been created with a PKCS1 v2 (RSASSA-PSS) based algorithm i.E. sha256-rsa-MGF1.

It would be great if the PHP openssl extensions could be enhanced to use it with more flexibility regarding cryptographic algorithms. 


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2021-03-05 13:59 UTC] tobias dot assmann at ecsec dot de
As I have been told, my description of the issue is not really accurate.

Therefore I try to describe the problem in more detail.

Currently in PHP it is only possible to make and verify OpenSSL based signatures based on cryptography defined in PKCS #1 v1.5.

This is due to the mapping of the algorithm parameter given in the PHP function "openssl_sign" to a OpenSSL function ( which only uses the RSA-SSA implementation as specified by PKCS #1 v1.5.

It would be great, to enable creating an signature based on the cryptographic standard PKCS #1 v2 (RSASSA-PSS). I think the following changes are needed for this:

* add the possibility to specify the signature algorithm and the digest algorithm separately in the "openssl_sign" and openssl_verify" PHP functions

* change the underlying mapping to OpenSSL calls, to make use of the OpenSSL RSASSA-PSS implementation, if the given algorithms defines the need for it

For creating RSASSA-PSS Signatures an EVP_PKEY_CTX ( is needed.
An example for the creation would be:


To use this EVP_PKEY_CTX the calling of the method EVP_SignInit ( should be replaced by using EVP_DigestSignInit funktion benutzt werden (

Hope this clarifies the intention of this bug report. Please feel free to reach out to me for any questions.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri May 24 17:01:32 2024 UTC