Req #61421 [Opn->Asn]: Missing SHA256,SHA512 families of signature algorithms

pajoye Mon, 02 Apr 2012 02:36:27 -0700

Edit report at https://bugs.php.net/bug.php?id=61421&edit=1


 ID:                 61421
 Updated by:         paj...@php.net
 Reported by:        mark at zedwood dot com
 Summary:            Missing SHA256,SHA512 families of signature
                     algorithms
-Status:             Open
+Status:             Assigned
 Type:               Feature/Change Request
 Package:            OpenSSL related
 Operating System:   Ubuntu Linux
 PHP Version:        5.4.0
-Assigned To:        
+Assigned To:        pajoye
 Block user comment: N
 Private report:     N

 New Comment:

hi,

Thanks for the patch, I will apply it asap but it won't make it for the next 
releases of 5.3 or 5.4 as we are already in release phases.

Btw, can you add some tests too please?

About the patch, yes, please use the openssl version check instead. As what is 
done now won't work smoothly with older versions.

As of getting a svn account (asked per email but adding answer here too), we 
usually give one after that one has provided a couple of patches :)

Thanks for your work!


Previous Comments:
------------------------------------------------------------------------
[2012-04-02 09:21:11] der...@php.net

Mark, yes, you probably should. It will also help a lot if you include test 
cases for the new functionality. Make sure those tests also run with older 
versions of openssl though!

cheers,
Derick

------------------------------------------------------------------------
[2012-03-31 04:00:54] mark at zedwood dot com

should i submit a new patch with
#if OPENSSL_VERSION_NUMBER >= 0x0090708fL 
instead of
#ifndef OPENSSL_NO_SHA256
?

------------------------------------------------------------------------
[2012-03-16 21:10:49] zedwoodnoreply at gmail dot com

to generate a sample csr with sha256 sig use:
openssl req -new -sha256    -newkey rsa:2048 -nodes -out example_com_sha256.csr 
   -keyout example_com_sha256.key    -subj "/C=US/ST=/L=/O=/CN=example.com"

to parse the csr with openssl (command line) use:
openssl req -in example_com_sha256.csr    -noout -text

sample output:
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=US, CN=example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:a7:7a:17:c4:17:72:8e:5b:36:36:05:8f:57:10:
                    a5:b9:f2:4b:05:9e:88:62:bc:8b:a5:ad:c3:6a:41:
                    b5:31:25:cc:86:7c:99:6b:f4:7f:74:a1:01:93:95:
                    b9:3e:b7:dc:b4:b4:59:3c:ff:22:8c:d5:87:75:44:
                    93:9c:19:de:08:42:b2:fd:88:eb:71:6b:8b:21:4a:
                    06:66:9c:6d:2b:10:bb:f5:e8:7c:a2:3a:ae:51:86:
                    51:3a:d1:96:02:93:f1:de:3a:68:06:6d:36:20:41:
                    b4:09:d8:ed:74:5e:ff:ae:ba:26:84:ac:4d:6a:30:
                    6a:b4:01:ec:3a:a0:f9:5c:08:5c:6c:5e:1f:f2:11:
                    2c:11:a1:3d:44:17:79:33:0a:97:a0:4e:b8:c3:81:
                    e4:58:d7:10:b3:50:43:af:9e:4b:b9:05:e7:5d:da:
                    78:b1:85:c4:36:a7:d5:b2:82:7a:1a:ab:4c:6c:98:
                    a1:b5:6c:1a:99:04:18:2b:8d:80:2f:11:23:1d:41:
                    53:7a:15:39:2b:84:23:bf:2d:b0:32:5a:7d:0d:d0:
                    3f:ac:d3:66:9c:9f:a2:df:40:4b:0d:9c:98:e4:64:
                    44:b7:58:1d:54:75:07:47:b9:03:e5:57:10:d3:1a:
                    ac:85:c6:f1:19:1c:df:a6:33:12:25:0b:ee:9a:fb:
                    72:93
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
        48:ac:2e:08:93:95:ec:c3:12:ab:88:33:1f:7f:37:c3:5a:9b:
        6a:9a:b3:ea:35:ca:f0:1d:40:47:f0:31:8f:f3:36:b4:3d:5d:
        ee:74:48:fe:1b:43:4b:78:d7:97:d5:d5:77:8f:ba:51:db:35:
        75:c4:89:dc:b6:49:86:4e:4c:42:e7:01:e3:cb:72:da:9b:94:
        d1:ed:b7:59:be:f6:eb:44:68:54:e5:10:0c:bf:7a:9f:48:18:
        86:f2:f2:84:ca:a1:3b:48:be:d1:4a:40:22:12:7b:c0:42:a5:
        a0:ce:0f:43:17:44:e2:cf:e8:27:1d:71:d5:92:d8:de:bd:82:
        c2:11:f2:73:8c:c3:ab:5e:a1:64:78:af:a6:10:19:b1:ed:b2:
        fb:4c:bb:66:20:fe:1a:34:af:43:9f:4d:4e:6d:a2:f0:d0:df:
        33:93:e5:a7:d5:dc:2f:47:e3:56:31:fd:50:d2:2e:83:2f:d2:
        b2:fb:a8:7d:ce:4a:1f:a1:14:fc:45:92:ca:1c:85:3a:e7:32:
        e4:a8:13:fe:54:9a:ee:25:02:26:d3:b5:e1:96:08:f3:c8:36:
        59:ef:f5:46:1c:62:e6:58:ea:d4:86:a8:3f:ed:92:77:d7:eb:
        d3:92:a1:91:8e:2c:1c:4e:c2:12:b0:c9:8b:3b:17:99:32:03:
        e3:9e:a5:dd

------------------------------------------------------------------------
[2012-03-16 19:35:04] mark at zedwood dot com

Description:
------------
openssl_verify() takes as a parameter a signature algorithm.  The current list 
of values is here
http://us3.php.net/manual/en/openssl.signature-algos.php

The SHA256 and SHA512 families algorithms have been supported in openssl for 
quite some time.  RipeMD160 is also not included.

Test script:
---------------
http://pastebin.com/qdCyC0Pe

Expected result:
----------------
verified

Actual result:
--------------
PHP Notice:  Use of undefined constant OPENSSL_ALGO_SHA256 - assumed 
'OPENSSL_ALGO_SHA256' in verify_sig.php on line 18
notverified


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=61421&edit=1

Req #61421 [Opn->Asn]: Missing SHA256,SHA512 families of signature algorithms

Reply via email to