Edit report at https://bugs.php.net/bug.php?id=61421&edit=1
ID: 61421
Updated by: der...@php.net
Reported by: mark at zedwood dot com
Summary: Missing SHA256,SHA512 families of signature
algorithms
Status: Open
Type: Feature/Change Request
Package: OpenSSL related
Operating System: Ubuntu Linux
PHP Version: 5.4.0
Block user comment: N
Private report: N
New Comment:
Mark, yes, you probably should. It will also help a lot if you include test
cases for the new functionality. Make sure those tests also run with older
versions of openssl though!
cheers,
Derick
Previous Comments:
------------------------------------------------------------------------
[2012-03-31 04:00:54] mark at zedwood dot com
should i submit a new patch with
#if OPENSSL_VERSION_NUMBER >= 0x0090708fL
instead of
#ifndef OPENSSL_NO_SHA256
?
------------------------------------------------------------------------
[2012-03-16 21:10:49] zedwoodnoreply at gmail dot com
to generate a sample csr with sha256 sig use:
openssl req -new -sha256 -newkey rsa:2048 -nodes -out example_com_sha256.csr
-keyout example_com_sha256.key -subj "/C=US/ST=/L=/O=/CN=example.com"
to parse the csr with openssl (command line) use:
openssl req -in example_com_sha256.csr -noout -text
sample output:
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, CN=example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:a7:7a:17:c4:17:72:8e:5b:36:36:05:8f:57:10:
a5:b9:f2:4b:05:9e:88:62:bc:8b:a5:ad:c3:6a:41:
b5:31:25:cc:86:7c:99:6b:f4:7f:74:a1:01:93:95:
b9:3e:b7:dc:b4:b4:59:3c:ff:22:8c:d5:87:75:44:
93:9c:19:de:08:42:b2:fd:88:eb:71:6b:8b:21:4a:
06:66:9c:6d:2b:10:bb:f5:e8:7c:a2:3a:ae:51:86:
51:3a:d1:96:02:93:f1:de:3a:68:06:6d:36:20:41:
b4:09:d8:ed:74:5e:ff:ae:ba:26:84:ac:4d:6a:30:
6a:b4:01:ec:3a:a0:f9:5c:08:5c:6c:5e:1f:f2:11:
2c:11:a1:3d:44:17:79:33:0a:97:a0:4e:b8:c3:81:
e4:58:d7:10:b3:50:43:af:9e:4b:b9:05:e7:5d:da:
78:b1:85:c4:36:a7:d5:b2:82:7a:1a:ab:4c:6c:98:
a1:b5:6c:1a:99:04:18:2b:8d:80:2f:11:23:1d:41:
53:7a:15:39:2b:84:23:bf:2d:b0:32:5a:7d:0d:d0:
3f:ac:d3:66:9c:9f:a2:df:40:4b:0d:9c:98:e4:64:
44:b7:58:1d:54:75:07:47:b9:03:e5:57:10:d3:1a:
ac:85:c6:f1:19:1c:df:a6:33:12:25:0b:ee:9a:fb:
72:93
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
48:ac:2e:08:93:95:ec:c3:12:ab:88:33:1f:7f:37:c3:5a:9b:
6a:9a:b3:ea:35:ca:f0:1d:40:47:f0:31:8f:f3:36:b4:3d:5d:
ee:74:48:fe:1b:43:4b:78:d7:97:d5:d5:77:8f:ba:51:db:35:
75:c4:89:dc:b6:49:86:4e:4c:42:e7:01:e3:cb:72:da:9b:94:
d1:ed:b7:59:be:f6:eb:44:68:54:e5:10:0c:bf:7a:9f:48:18:
86:f2:f2:84:ca:a1:3b:48:be:d1:4a:40:22:12:7b:c0:42:a5:
a0:ce:0f:43:17:44:e2:cf:e8:27:1d:71:d5:92:d8:de:bd:82:
c2:11:f2:73:8c:c3:ab:5e:a1:64:78:af:a6:10:19:b1:ed:b2:
fb:4c:bb:66:20:fe:1a:34:af:43:9f:4d:4e:6d:a2:f0:d0:df:
33:93:e5:a7:d5:dc:2f:47:e3:56:31:fd:50:d2:2e:83:2f:d2:
b2:fb:a8:7d:ce:4a:1f:a1:14:fc:45:92:ca:1c:85:3a:e7:32:
e4:a8:13:fe:54:9a:ee:25:02:26:d3:b5:e1:96:08:f3:c8:36:
59:ef:f5:46:1c:62:e6:58:ea:d4:86:a8:3f:ed:92:77:d7:eb:
d3:92:a1:91:8e:2c:1c:4e:c2:12:b0:c9:8b:3b:17:99:32:03:
e3:9e:a5:dd
------------------------------------------------------------------------
[2012-03-16 19:35:04] mark at zedwood dot com
Description:
------------
openssl_verify() takes as a parameter a signature algorithm. The current list
of values is here
http://us3.php.net/manual/en/openssl.signature-algos.php
The SHA256 and SHA512 families algorithms have been supported in openssl for
quite some time. RipeMD160 is also not included.
Test script:
---------------
http://pastebin.com/qdCyC0Pe
Expected result:
----------------
verified
Actual result:
--------------
PHP Notice: Use of undefined constant OPENSSL_ALGO_SHA256 - assumed
'OPENSSL_ALGO_SHA256' in verify_sig.php on line 18
notverified
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=61421&edit=1
