Req #61421 [Asn->]: OpenSSL signature verification missing RMD160, SHA224, SHA256, SHA384, SHA512

Sat, 15 Sep 2012 23:04:10 -0700 

Edit report at https://bugs.php.net/bug.php?id=61421&edit=1

 ID:                 61421
 Updated by:         s...@php.net
 Reported by:        mark at zedwood dot com
 Summary:            OpenSSL signature verification missing RMD160,
                     SHA224, SHA256, SHA384, SHA512
-Status:             Assigned
+Status:             To be documented
 Type:               Feature/Change Request
 Package:            OpenSSL related
 Operating System:   Ubuntu Linux
 PHP Version:        5.4.5
 Assigned To:        pajoye
 Block user comment: N
 Private report:     N

 New Comment:

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.




Previous Comments:
------------------------------------------------------------------------
[2012-09-14 17:56:53] mark at zedwood dot com

PHP 5.4 release manager stas had me create a pull request for this bug.
https://github.com/php/php-src/pull/196

------------------------------------------------------------------------
[2012-07-20 00:05:02] mark at zedwood dot com

updated version to php 5.4.5

------------------------------------------------------------------------
[2012-06-27 06:21:58] paj...@php.net

Patch compiles fine, I asked the RMs if it is fine to merge into 5.3/4.

Will commit all at once once I got an answer.

Thanks for your work and patience!

------------------------------------------------------------------------
[2012-06-21 20:14:04] mark at zedwood dot com

This issue is an important feature to add to PHP, considering
"SHA-1 has recently been demonstrated to provide less than 80 bits of security 
for digital signatures; at the publication of this Recommendation, the security 
strength against collisions is assessed at 69 bits. The use of SHA-1 is not 
recommended for the generation of digital signatures in new systems; new 
systems should use one of the larger hash functions. (SHA-224, SHA-256, SHA-384 
and SHA-512)"
https://wiki.mozilla.org/CA:MD5and1024

------------------------------------------------------------------------
[2012-06-19 13:43:53] mark at zedwood dot com

Those new examples are also all be in the openssl-add-sig-algs.txt patch file I 
uploaded yesterday.  So we should be good to go.

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=61421


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=61421&edit=1

Reply via email to