Req #38917 [Com]: OpenSSL: signing function for spkac
Edit report at https://bugs.php.net/bug.php?id=38917&edit=1 ID: 38917 Comment by: jason dot gerfen at gmail dot com Reported by:zeph at purotesto dot it Summary:OpenSSL: signing function for spkac Status: Open Type: Feature/Change Request Package:OpenSSL related Operating System: Irrilevant PHP Version:4.4.4 Block user comment: N Private report: N New Comment: Not sure how to go about submitting a patch I am working on to address this. Previous Comments: [2006-09-21 23:45:19] zeph at purotesto dot it Description: i need openssl api support for spkac now there's the possibility to sign a pkcs10 csr (created by explorer) but not an spkac created by firefox/mozilla/netscape/safary ... check www.openca.org for more information... i need that api to create something similar but more usable on the GOsa project http://gosa.gonicus.de by Guido Serra http://dev.purotesto.it/support/gosa GOsa CA Management plugin -- Edit this bug report at https://bugs.php.net/bug.php?id=38917&edit=1
Req #38917 [Com]: OpenSSL: signing function for spkac
Edit report at https://bugs.php.net/bug.php?id=38917&edit=1
ID: 38917
Comment by: jason dot gerfen at gmail dot com
Reported by:zeph at purotesto dot it
Summary:OpenSSL: signing function for spkac
Status: Open
Type: Feature/Change Request
Package:OpenSSL related
Operating System: Irrilevant
PHP Version:4.4.4
Block user comment: N
Private report: N
New Comment:
Here is a patch to implement three new functions to help with verification of
the SPKAC HTML keygen element.
To patch:
1. Download PHP-5.3.8
2. Download patch from here (spki.patch)
3. Apply patch
%> patch -p0 < spki.patch
4. Configure and compiled PHP
%> ./configure --with-openssl=/path/to/openssl
%> make && make install
Test script:
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'password');
echo $spki.'\n\r';
}
if (function_exists('openssl_spki_verify')){
echo openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)).'\n\r';
}
if (function_exists('openssl_spki_export')){
echo openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)).'\n\r';
}
Previous Comments:
[2011-12-03 02:55:06] jason dot gerfen at gmail dot com
Not sure how to go about submitting a patch I am working on to address this.
[2006-09-21 23:45:19] zeph at purotesto dot it
Description:
i need openssl api support for spkac
now there's the possibility to sign a pkcs10 csr (created by explorer) but not
an spkac created by firefox/mozilla/netscape/safary ...
check www.openca.org for more information... i need that api to create
something similar but more usable on the GOsa project http://gosa.gonicus.de
by
Guido Serra
http://dev.purotesto.it/support/gosa
GOsa CA Management plugin
--
Edit this bug report at https://bugs.php.net/bug.php?id=38917&edit=1
Req #38917 [Com]: OpenSSL: signing function for spkac
Edit report at https://bugs.php.net/bug.php?id=38917&edit=1
ID: 38917
Comment by: jason dot gerfen at gmail dot com
Reported by:zeph at purotesto dot it
Summary:OpenSSL: signing function for spkac
Status: Open
Type: Feature/Change Request
Package:OpenSSL related
Operating System: Irrilevant
PHP Version:4.4.4
Block user comment: N
Private report: N
New Comment:
I modified the test case and fixed a slight memory problem that would
occasionally take place when allocating memory for the openssl_spki_new()
return value.
echo "Generating private key...";
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
echo "done\n";
echo "\n";
echo "Creating SPKAC...\n";
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'wtfd00d');
echo $spki;
}
echo "done\n";
echo "\n";
echo "SPKAC details...\n";
if (function_exists('openssl_spki_details')){
$x = (empty($_POST['spki-key'])) ?
openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_details($_POST['spki-key']);
var_dump($x);
}
echo "done\n";
echo "\n";
echo "Verifying SPKAC...\n";
if (function_exists('openssl_spki_verify')){
$y = (empty($_POST['spki-key'])) ?
openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_verify($_POST['spki-key']);
var_dump($y);
}
echo "\n\n";
echo "Exporting public key from SPKAC...\n";
if (function_exists('openssl_spki_export')){
$z = (empty($_POST['spki-key'])) ?
openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export($_POST['spki-key']);
var_dump($z);
}
Previous Comments:
[2011-12-06 11:28:50] jason dot gerfen at gmail dot com
Here is a patch to implement three new functions to help with verification of
the SPKAC HTML keygen element.
To patch:
1. Download PHP-5.3.8
2. Download patch from here (spki.patch)
3. Apply patch
%> patch -p0 < spki.patch
4. Configure and compiled PHP
%> ./configure --with-openssl=/path/to/openssl
%> make && make install
Test script:
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'password');
echo $spki.'\n\r';
}
if (function_exists('openssl_spki_verify')){
echo openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)).'\n\r';
}
if (function_exists('openssl_spki_export')){
echo openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)).'\n\r';
}
[2011-12-03 02:55:06] jason dot gerfen at gmail dot com
Not sure how to go about submitting a patch I am working on to address this.
[2006-09-21 23:45:19] zeph at purotesto dot it
Description:
i need openssl api support for spkac
now there's the possibility to sign a pkcs10 csr (created by explorer) but not
an spkac created by firefox/mozilla/netscape/safary ...
check www.openca.org for more information... i need that api to create
something similar but more usable on the GOsa project http://gosa.gonicus.de
by
Guido Serra
http://dev.purotesto.it/support/gosa
GOsa CA Management plugin
--
Edit this bug report at https://bugs.php.net/bug.php?id=38917&edit=1
Req #38917 [Com]: OpenSSL: signing function for spkac
Edit report at https://bugs.php.net/bug.php?id=38917&edit=1
ID: 38917
Comment by: jason dot gerfen at gmail dot com
Reported by:zeph at purotesto dot it
Summary:OpenSSL: signing function for spkac
Status: Open
Type: Feature/Change Request
Package:OpenSSL related
Operating System: Irrilevant
PHP Version:4.4.4
Block user comment: N
Private report: N
New Comment:
Since I have not seen any changes on this I am going to post the patch to php-
internals list.
Previous Comments:
[2011-12-08 10:57:03] jason dot gerfen at gmail dot com
I modified the test case and fixed a slight memory problem that would
occasionally take place when allocating memory for the openssl_spki_new()
return value.
echo "Generating private key...";
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
echo "done\n";
echo "\n";
echo "Creating SPKAC...\n";
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'wtfd00d');
echo $spki;
}
echo "done\n";
echo "\n";
echo "SPKAC details...\n";
if (function_exists('openssl_spki_details')){
$x = (empty($_POST['spki-key'])) ?
openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_details($_POST['spki-key']);
var_dump($x);
}
echo "done\n";
echo "\n";
echo "Verifying SPKAC...\n";
if (function_exists('openssl_spki_verify')){
$y = (empty($_POST['spki-key'])) ?
openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_verify($_POST['spki-key']);
var_dump($y);
}
echo "\n\n";
echo "Exporting public key from SPKAC...\n";
if (function_exists('openssl_spki_export')){
$z = (empty($_POST['spki-key'])) ?
openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export($_POST['spki-key']);
var_dump($z);
}
[2011-12-06 11:28:50] jason dot gerfen at gmail dot com
Here is a patch to implement three new functions to help with verification of
the SPKAC HTML keygen element.
To patch:
1. Download PHP-5.3.8
2. Download patch from here (spki.patch)
3. Apply patch
%> patch -p0 < spki.patch
4. Configure and compiled PHP
%> ./configure --with-openssl=/path/to/openssl
%> make && make install
Test script:
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'password');
echo $spki.'\n\r';
}
if (function_exists('openssl_spki_verify')){
echo openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)).'\n\r';
}
if (function_exists('openssl_spki_export')){
echo openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)).'\n\r';
}
[2011-12-03 02:55:06] jason dot gerfen at gmail dot com
Not sure how to go about submitting a patch I am working on to address this.
[2006-09-21 23:45:19] zeph at purotesto dot it
Description:
i need openssl api support for spkac
now there's the possibility to sign a pkcs10 csr (created by explorer) but not
an spkac created by firefox/mozilla/netscape/safary ...
check www.openca.org for more information... i need that api to create
something similar but more usable on the GOsa project http://gosa.gonicus.de
by
Guido Serra
http://dev.purotesto.it/support/gosa
GOsa CA Management plugin
--
Edit this bug report at https://bugs.php.net/bug.php?id=38917&edit=1
Req #38917 [Com]: OpenSSL: signing function for spkac
Edit report at https://bugs.php.net/bug.php?id=38917&edit=1
ID: 38917
Comment by: jason dot gerfen at gmail dot com
Reported by:zeph at purotesto dot it
Summary:OpenSSL: signing function for spkac
Status: Open
Type: Feature/Change Request
Package:OpenSSL related
Operating System: Irrilevant
PHP Version:trunk
Block user comment: N
Private report: N
New Comment:
'; print_r($_POST['spki-key']); echo '';
}
if (empty($_POST['spki-key'])){
echo "Generating private key...";
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
echo "done";
echo "";
}
if (empty($_POST['spki-key'])){
echo "Creating SPKAC...";
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'wtfd00d');
echo "".$spki."";
}
echo "done";
echo "";
}
echo "Verifying SPKAC...";
if (function_exists('openssl_spki_verify')){
$y = (empty($_POST['spki-key'])) ?
openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_verify($_POST['spki-key']);
var_dump($y);
}
echo "";
echo "Exporting challenge from SPKAC...";
if (function_exists('openssl_spki_export_challenge')){
$x = (empty($_POST['spki-key'])) ?
openssl_spki_export_challenge(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export_challenge($_POST['spki-key']);
echo $x;
}
echo "done";
echo "";
echo "Exporting public key from SPKAC...";
if (function_exists('openssl_spki_export')){
$z = (empty($_POST['spki-key'])) ?
openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export($_POST['spki-key']);
echo ''; print_r($z); echo '';
}
echo "";
echo "SPKAC details...";
if (function_exists('openssl_spki_details')){
$w = (empty($_POST['spki-key'])) ?
openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_details($_POST['spki-key']);
echo ''; print_r($w); echo '';
}
echo "done";
echo "";
if (empty($_POST['spki-key'])){
openssl_free_key($key);
}
?>
Previous Comments:
[2011-12-13 17:04:07] paj...@php.net
Hi!
Thanks for the patch, please add some test cases as well (phpt format) so we
can
easily valid the new functions.
Also be sure that the patched ssl can still be built against older openssl
version
as we still support them (0.9.x serie for trunk and 5.4).
[2011-12-13 16:56:43] jason dot gerfen at gmail dot com
Since I have not seen any changes on this I am going to post the patch to php-
internals list.
[2011-12-08 10:57:03] jason dot gerfen at gmail dot com
I modified the test case and fixed a slight memory problem that would
occasionally take place when allocating memory for the openssl_spki_new()
return value.
echo "Generating private key...";
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
echo "done\n";
echo "\n";
echo "Creating SPKAC...\n";
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'wtfd00d');
echo $spki;
}
echo "done\n";
echo "\n";
echo "SPKAC details...\n";
if (function_exists('openssl_spki_details')){
$x = (empty($_POST['spki-key'])) ?
openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_details($_POST['spki-key']);
var_dump($x);
}
echo "done\n";
echo "\n";
echo "Verifying SPKAC...\n";
if (function_exists('openssl_spki_verify')){
$y = (empty($_POST['spki-key'])) ?
openssl_spki_verify(preg_replace('/SPKAC=/',
Req #38917 [Com]: OpenSSL: signing function for spkac
Edit report at https://bugs.php.net/bug.php?id=38917&edit=1
ID: 38917
Comment by: jason dot gerfen at gmail dot com
Reported by:zeph at purotesto dot it
Summary:OpenSSL: signing function for spkac
Status: Feedback
Type: Feature/Change Request
Package:OpenSSL related
Operating System: Irrilevant
PHP Version:trunk
Block user comment: N
Private report: N
New Comment:
This will test all five new functions unless you would like one test case per
function?
--TEST--
openssl_spki_new(), openssl_spki_verify(), openssl_spki_export(),
openssl_spki_export_challenge(), openssl_spki_details()
--SKIPIF--
--FILE--
--EXPECT--
Creating private key
Creating new SPKAC
Verifying SPKAC
Exporting challenge
Exporting public key from SPKAC
Generating details of SPKAC structure
OK!
Previous Comments:
[2011-12-14 12:02:35] paj...@php.net
Please see the phpt files in ext/openssl/tests/
this is how tests should be written.
Further explanations are available here: http://qa.php.net/
Thanks!
[2011-12-14 11:40:42] jason dot gerfen at gmail dot com
'; print_r($_POST['spki-key']); echo '';
}
if (empty($_POST['spki-key'])){
echo "Generating private key...";
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
echo "done";
echo "";
}
if (empty($_POST['spki-key'])){
echo "Creating SPKAC...";
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'wtfd00d');
echo "".$spki."";
}
echo "done";
echo "";
}
echo "Verifying SPKAC...";
if (function_exists('openssl_spki_verify')){
$y = (empty($_POST['spki-key'])) ?
openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_verify($_POST['spki-key']);
var_dump($y);
}
echo "";
echo "Exporting challenge from SPKAC...";
if (function_exists('openssl_spki_export_challenge')){
$x = (empty($_POST['spki-key'])) ?
openssl_spki_export_challenge(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export_challenge($_POST['spki-key']);
echo $x;
}
echo "done";
echo "";
echo "Exporting public key from SPKAC...";
if (function_exists('openssl_spki_export')){
$z = (empty($_POST['spki-key'])) ?
openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export($_POST['spki-key']);
echo ''; print_r($z); echo '';
}
echo "";
echo "SPKAC details...";
if (function_exists('openssl_spki_details')){
$w = (empty($_POST['spki-key'])) ?
openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_details($_POST['spki-key']);
echo ''; print_r($w); echo '';
}
echo "done";
echo "";
if (empty($_POST['spki-key'])){
openssl_free_key($key);
}
?>
[2011-12-13 17:04:07] paj...@php.net
Hi!
Thanks for the patch, please add some test cases as well (phpt format) so we
can
easily valid the new functions.
Also be sure that the patched ssl can still be built against older openssl
version
as we still support them (0.9.x serie for trunk and 5.4).
[2011-12-13 16:56:43] jason dot gerfen at gmail dot com
Since I have not seen any changes on this I am going to post the patch to php-
internals list.
[2011-12-08 10:57:03] jason dot gerfen at gmail dot com
I modified the test case and fixed a slight memory problem that would
occasionally take place when allocating memory for the openssl_spki_new()
return value.
echo "Generating private key...";
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
echo "done\n";
echo "\n&q
Req #38917 [Com]: OpenSSL: signing function for spkac
Edit report at https://bugs.php.net/bug.php?id=38917&edit=1
ID: 38917
Comment by: jason dot gerfen at gmail dot com
Reported by:zeph at purotesto dot it
Summary:OpenSSL: signing function for spkac
Status: Feedback
Type: Feature/Change Request
Package:OpenSSL related
Operating System: Irrilevant
PHP Version:trunk
Block user comment: N
Private report: N
New Comment:
One other question about using SPKAC's when creating a x509. It seems the
current method using openssl_csr_new() which in turn calls the
php_openssl_make_REQ() to assign the specified DN attributes has no method of
adding the SPKAC field.
After digging around it seems logical to use the OBJ_create() and OBJ_* family
of functions to add NID. Please forgive me if I am way off here but any
direction you could point me in using the existing functions to output and sign
a certificate similar to the following command?
openssl ca -config /path/to/openssl.conf -days 180 -notext -batch \
-spkac /path/to/cert.pem -out /path/to/signed.pem -passin pass:'random'
My assumption is that I will need to create one specifically for this purpose
but would like your insight.
Previous Comments:
[2011-12-14 13:51:42] jason dot gerfen at gmail dot com
This will test all five new functions unless you would like one test case per
function?
--TEST--
openssl_spki_new(), openssl_spki_verify(), openssl_spki_export(),
openssl_spki_export_challenge(), openssl_spki_details()
--SKIPIF--
--FILE--
--EXPECT--
Creating private key
Creating new SPKAC
Verifying SPKAC
Exporting challenge
Exporting public key from SPKAC
Generating details of SPKAC structure
OK!
[2011-12-14 12:02:35] paj...@php.net
Please see the phpt files in ext/openssl/tests/
this is how tests should be written.
Further explanations are available here: http://qa.php.net/
Thanks!
[2011-12-14 11:40:42] jason dot gerfen at gmail dot com
'; print_r($_POST['spki-key']); echo '';
}
if (empty($_POST['spki-key'])){
echo "Generating private key...";
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
echo "done";
echo "";
}
if (empty($_POST['spki-key'])){
echo "Creating SPKAC...";
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'wtfd00d');
echo "".$spki."";
}
echo "done";
echo "";
}
echo "Verifying SPKAC...";
if (function_exists('openssl_spki_verify')){
$y = (empty($_POST['spki-key'])) ?
openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_verify($_POST['spki-key']);
var_dump($y);
}
echo "";
echo "Exporting challenge from SPKAC...";
if (function_exists('openssl_spki_export_challenge')){
$x = (empty($_POST['spki-key'])) ?
openssl_spki_export_challenge(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export_challenge($_POST['spki-key']);
echo $x;
}
echo "done";
echo "";
echo "Exporting public key from SPKAC...";
if (function_exists('openssl_spki_export')){
$z = (empty($_POST['spki-key'])) ?
openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export($_POST['spki-key']);
echo ''; print_r($z); echo '';
}
echo "";
echo "SPKAC details...";
if (function_exists('openssl_spki_details')){
$w = (empty($_POST['spki-key'])) ?
openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_details($_POST['spki-key']);
echo ''; print_r($w); echo '';
}
echo "done";
echo "====";
if (empty($_POST['spki-key'])){
openssl_free_key($key);
}
?>
[2011-12-13 17:04:07] paj...@php.net
Hi!
Thanks for the patch, please add some test cases as well (phpt format) so we
can
easily valid the new functions.
Also be sure that the patched ssl can still be built against older openssl
version
as
Req #38917 [Com]: OpenSSL: signing function for spkac
Edit report at https://bugs.php.net/bug.php?id=38917&edit=1
ID: 38917
Comment by: jason dot gerfen at gmail dot com
Reported by:zeph at purotesto dot it
Summary:OpenSSL: signing function for spkac
Status: Feedback
Type: Feature/Change Request
Package:OpenSSL related
Operating System: Irrilevant
PHP Version:trunk
Block user comment: N
Private report: N
New Comment:
Please disregard my previous comment. I did a little more digging and am under
the impression that adding the following to php_openssl_make_REQ() function
should allow me to create a self signed certificate using the SPKAC NID like so?
if (strcmp(strindex, "SPKAC") == 0) {
if (!X509_NAME_add_entry_by_txt(subj, strindex, MBSTRING_ASC, (unsigned
char*)Z_STRVAL_PP(item), -1, -1, 0)){
php_error_docref(NULL TSRMLS_CC, E_WARNING, "dn: add_entry_by_txt %s -> %s
(failed)", strindex, Z_STRVAL_PP(item));
return FAILURE;
}
}
Would you recommend another method? Please advise.
Previous Comments:
[2011-12-14 19:40:20] jason dot gerfen at gmail dot com
One other question about using SPKAC's when creating a x509. It seems the
current method using openssl_csr_new() which in turn calls the
php_openssl_make_REQ() to assign the specified DN attributes has no method of
adding the SPKAC field.
After digging around it seems logical to use the OBJ_create() and OBJ_* family
of functions to add NID. Please forgive me if I am way off here but any
direction you could point me in using the existing functions to output and sign
a certificate similar to the following command?
openssl ca -config /path/to/openssl.conf -days 180 -notext -batch \
-spkac /path/to/cert.pem -out /path/to/signed.pem -passin pass:'random'
My assumption is that I will need to create one specifically for this purpose
but would like your insight.
------------
[2011-12-14 13:51:42] jason dot gerfen at gmail dot com
This will test all five new functions unless you would like one test case per
function?
--TEST--
openssl_spki_new(), openssl_spki_verify(), openssl_spki_export(),
openssl_spki_export_challenge(), openssl_spki_details()
--SKIPIF--
--FILE--
--EXPECT--
Creating private key
Creating new SPKAC
Verifying SPKAC
Exporting challenge
Exporting public key from SPKAC
Generating details of SPKAC structure
OK!
[2011-12-14 12:02:35] paj...@php.net
Please see the phpt files in ext/openssl/tests/
this is how tests should be written.
Further explanations are available here: http://qa.php.net/
Thanks!
------------
[2011-12-14 11:40:42] jason dot gerfen at gmail dot com
'; print_r($_POST['spki-key']); echo '';
}
if (empty($_POST['spki-key'])){
echo "Generating private key...";
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
echo "done";
echo "";
}
if (empty($_POST['spki-key'])){
echo "Creating SPKAC...";
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'wtfd00d');
echo "".$spki."";
}
echo "done";
echo "";
}
echo "Verifying SPKAC...";
if (function_exists('openssl_spki_verify')){
$y = (empty($_POST['spki-key'])) ?
openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_verify($_POST['spki-key']);
var_dump($y);
}
echo "";
echo "Exporting challenge from SPKAC...";
if (function_exists('openssl_spki_export_challenge')){
$x = (empty($_POST['spki-key'])) ?
openssl_spki_export_challenge(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export_challenge($_POST['spki-key']);
echo $x;
}
echo "done";
echo "";
echo "Exporting public key from SPKAC...";
if (function_exists('openssl_spki_export')){
$z = (empty($_POST['spki-key'])) ?
openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export($_POST['spki-key']);
echo ''; print_r($z); echo '';
}
echo "";
echo "SPKAC details...";
if (function_exists('openssl_sp
Req #38917 [Com]: OpenSSL: signing function for spkac
Edit report at https://bugs.php.net/bug.php?id=38917&edit=1
ID: 38917
Comment by: jason dot gerfen at gmail dot com
Reported by:zeph at purotesto dot it
Summary:OpenSSL: signing function for spkac
Status: Feedback
Type: Feature/Change Request
Package:OpenSSL related
Operating System: Irrilevant
PHP Version:trunk
Block user comment: N
Private report: N
New Comment:
Once again, please disregard the last message. After researching the
documentation I found that where I had been using NULL with the
openssl_csr_sign() function allows for a CA option as well as the SPKAC
addition to the configargs optional array.
The patch was updated last night to include the 026.phpt test script, as well
as the five new functions to work with the SPKI provided by keygen tags.
How do patch inclusions work besides posting them to the php internals list?
Previous Comments:
[2011-12-14 22:10:52] jason dot gerfen at gmail dot com
Please disregard my previous comment. I did a little more digging and am under
the impression that adding the following to php_openssl_make_REQ() function
should allow me to create a self signed certificate using the SPKAC NID like so?
if (strcmp(strindex, "SPKAC") == 0) {
if (!X509_NAME_add_entry_by_txt(subj, strindex, MBSTRING_ASC, (unsigned
char*)Z_STRVAL_PP(item), -1, -1, 0)){
php_error_docref(NULL TSRMLS_CC, E_WARNING, "dn: add_entry_by_txt %s -> %s
(failed)", strindex, Z_STRVAL_PP(item));
return FAILURE;
}
}
Would you recommend another method? Please advise.
[2011-12-14 19:40:20] jason dot gerfen at gmail dot com
One other question about using SPKAC's when creating a x509. It seems the
current method using openssl_csr_new() which in turn calls the
php_openssl_make_REQ() to assign the specified DN attributes has no method of
adding the SPKAC field.
After digging around it seems logical to use the OBJ_create() and OBJ_* family
of functions to add NID. Please forgive me if I am way off here but any
direction you could point me in using the existing functions to output and sign
a certificate similar to the following command?
openssl ca -config /path/to/openssl.conf -days 180 -notext -batch \
-spkac /path/to/cert.pem -out /path/to/signed.pem -passin pass:'random'
My assumption is that I will need to create one specifically for this purpose
but would like your insight.
------------
[2011-12-14 13:51:42] jason dot gerfen at gmail dot com
This will test all five new functions unless you would like one test case per
function?
--TEST--
openssl_spki_new(), openssl_spki_verify(), openssl_spki_export(),
openssl_spki_export_challenge(), openssl_spki_details()
--SKIPIF--
--FILE--
--EXPECT--
Creating private key
Creating new SPKAC
Verifying SPKAC
Exporting challenge
Exporting public key from SPKAC
Generating details of SPKAC structure
OK!
[2011-12-14 12:02:35] paj...@php.net
Please see the phpt files in ext/openssl/tests/
this is how tests should be written.
Further explanations are available here: http://qa.php.net/
Thanks!
------------
[2011-12-14 11:40:42] jason dot gerfen at gmail dot com
'; print_r($_POST['spki-key']); echo '';
}
if (empty($_POST['spki-key'])){
echo "Generating private key...";
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
echo "done";
echo "";
}
if (empty($_POST['spki-key'])){
echo "Creating SPKAC...";
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'wtfd00d');
echo "".$spki."";
}
echo "done";
echo "";
}
echo "Verifying SPKAC...";
if (function_exists('openssl_spki_verify')){
$y = (empty($_POST['spki-key'])) ?
openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_verify($_POST['spki-key']);
var_dump($y);
}
echo "";
echo "Exporting challenge from SPKAC...";
if (function_exists('openssl_spki_export_challenge')){
$x = (empty($_POST['spki-key'])) ?
openssl_spki_export_challenge(preg_replace('/SPKAC=/', '', $spki)) :
op
Req #38917 [Com]: OpenSSL: signing function for spkac
Edit report at https://bugs.php.net/bug.php?id=38917&edit=1
ID: 38917
Comment by: jason dot gerfen at gmail dot com
Reported by:zeph at purotesto dot it
Summary:OpenSSL: signing function for spkac
Status: Feedback
Type: Feature/Change Request
Package:OpenSSL related
Operating System: Irrilevant
PHP Version:trunk
Block user comment: N
Private report: N
New Comment:
I have added the requested test case and it is included in the patch
as 026.phpt. I have also performed the required testing against the
Openssl 0.9.8x and 1.0.0x. It is attached to the original bug report
#38917. In addition to attaching the proposed patch I have created a
github repo to make maintenance on the patch simple for myself. The
URL is https://github.com/jas-/SPKAC-PHP-OpenSSL.
Previous Comments:
[2011-12-21 10:49:08] jason dot gerfen at gmail dot com
Once again, please disregard the last message. After researching the
documentation I found that where I had been using NULL with the
openssl_csr_sign() function allows for a CA option as well as the SPKAC
addition to the configargs optional array.
The patch was updated last night to include the 026.phpt test script, as well
as the five new functions to work with the SPKI provided by keygen tags.
How do patch inclusions work besides posting them to the php internals list?
[2011-12-14 22:10:52] jason dot gerfen at gmail dot com
Please disregard my previous comment. I did a little more digging and am under
the impression that adding the following to php_openssl_make_REQ() function
should allow me to create a self signed certificate using the SPKAC NID like so?
if (strcmp(strindex, "SPKAC") == 0) {
if (!X509_NAME_add_entry_by_txt(subj, strindex, MBSTRING_ASC, (unsigned
char*)Z_STRVAL_PP(item), -1, -1, 0)){
php_error_docref(NULL TSRMLS_CC, E_WARNING, "dn: add_entry_by_txt %s -> %s
(failed)", strindex, Z_STRVAL_PP(item));
return FAILURE;
}
}
Would you recommend another method? Please advise.
[2011-12-14 19:40:20] jason dot gerfen at gmail dot com
One other question about using SPKAC's when creating a x509. It seems the
current method using openssl_csr_new() which in turn calls the
php_openssl_make_REQ() to assign the specified DN attributes has no method of
adding the SPKAC field.
After digging around it seems logical to use the OBJ_create() and OBJ_* family
of functions to add NID. Please forgive me if I am way off here but any
direction you could point me in using the existing functions to output and sign
a certificate similar to the following command?
openssl ca -config /path/to/openssl.conf -days 180 -notext -batch \
-spkac /path/to/cert.pem -out /path/to/signed.pem -passin pass:'random'
My assumption is that I will need to create one specifically for this purpose
but would like your insight.
------------
[2011-12-14 13:51:42] jason dot gerfen at gmail dot com
This will test all five new functions unless you would like one test case per
function?
--TEST--
openssl_spki_new(), openssl_spki_verify(), openssl_spki_export(),
openssl_spki_export_challenge(), openssl_spki_details()
--SKIPIF--
--FILE--
--EXPECT--
Creating private key
Creating new SPKAC
Verifying SPKAC
Exporting challenge
Exporting public key from SPKAC
Generating details of SPKAC structure
OK!
[2011-12-14 12:02:35] paj...@php.net
Please see the phpt files in ext/openssl/tests/
this is how tests should be written.
Further explanations are available here: http://qa.php.net/
Thanks!
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=38917
--
Edit this bug report at https://bugs.php.net/bug.php?id=38917&edit=1
[PHP-BUG] Bug #52500 [NEW]: Using array_map, strip tags & nested $_POST array
From:
Operating system: Ubuntu 10
PHP version: 5.2.14
Package: Scripting Engine problem
Bug Type: Bug
Bug description:Using array_map, strip tags & nested $_POST array
Description:
When using a combination of array_map() & strip_tags to create a localized
copy of the $_POST superglobal array I am experiencing problems if $_POST
contains a nested array.
It seems to discard any secondary iteration of said nested array.
Test script:
---
$_POST = array('level-1-1', $var1,
'level-1-2', $var2,
'level-1-3', $var3,
'level-1-4', array('level-2-1', $var1,
'level-2-2', $var2,
'level-2-3', $var3),
'level-1-5', $var5);
$post = array_map(strip_tags, $_POST);
echo ''; print_r($post); echo '';
/* I am left with this?
level-1-1 => $var1
level-1-2 => $var2
level-1-3 => $var3
level-1-5 => $var5
*/
Expected result:
I expected a complete copy of the nested superglobal $_POST.
Actual result:
--
Any nested array information is getting stripped out.
--
Edit bug report at http://bugs.php.net/bug.php?id=52500&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=52500&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=52500&r=trysnapshot53
Try a snapshot (trunk):
http://bugs.php.net/fix.php?id=52500&r=trysnapshottrunk
Fixed in SVN:
http://bugs.php.net/fix.php?id=52500&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=52500&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=52500&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=52500&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=52500&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=52500&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=52500&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=52500&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=52500&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=52500&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=52500&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=52500&r=php4
Daylight Savings:http://bugs.php.net/fix.php?id=52500&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=52500&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=52500&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=52500&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=52500&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=52500&r=mysqlcfg
Bug #52500 [Bgs]: Using array_map, strip tags & nested $_POST array
Edit report at http://bugs.php.net/bug.php?id=52500&edit=1
ID: 52500
User updated by:jason dot gerfen at gmail dot com
Reported by:jason dot gerfen at gmail dot com
Summary:Using array_map, strip tags & nested $_POST array
Status: Bogus
Type: Bug
Package:Scripting Engine problem
Operating System: Ubuntu 10
PHP Version:5.2.14
Block user comment: N
New Comment:
Thanks. I suppose I thought array_map should work recursively.
Previous Comments:
[2010-07-31 10:59:56] johan...@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
this call strip_tags in a way similar to this:
strip_tags(array('level-2-1', $var1,
'level-2-2', $var2,
'level-2-3', $var3));
which gives an unexpected result.
what you need is wrapper handling the recusrion similar to
function strip_tags_recursive($data) {
if (is_array($data)) {
return array_map('strip_tags_recursive', $data);
} else {
return strip_tags($data);
}
}
$myget = strip_tags_recursive($_GET);
While all this isuntested but shouldgive you the idea.
----------------
[2010-07-30 15:33:55] jason dot gerfen at gmail dot com
Description:
When using a combination of array_map() & strip_tags to create a
localized copy of the $_POST superglobal array I am experiencing
problems if $_POST contains a nested array.
It seems to discard any secondary iteration of said nested array.
Test script:
---
$_POST = array('level-1-1', $var1,
'level-1-2', $var2,
'level-1-3', $var3,
'level-1-4', array('level-2-1', $var1,
'level-2-2', $var2,
'level-2-3', $var3),
'level-1-5', $var5);
$post = array_map(strip_tags, $_POST);
echo ''; print_r($post); echo '';
/* I am left with this?
level-1-1 => $var1
level-1-2 => $var2
level-1-3 => $var3
level-1-5 => $var5
*/
Expected result:
I expected a complete copy of the nested superglobal $_POST.
Actual result:
--
Any nested array information is getting stripped out.
--
Edit this bug report at http://bugs.php.net/bug.php?id=52500&edit=1
[PHP-BUG] Bug #53850 [NEW]: openssl_pkey_export() with password not protecting private key
From:
Operating system: arch linux x86_64
PHP version: 5.3.5
Package: OpenSSL related
Bug Type: Bug
Bug description:openssl_pkey_export() with password not protecting private key
Description:
I have tested this against php5.3.5 with OpenSSL 1.0.0c (arch linux) vs an
older server running php5.2.14 with OpenSSL 0.9.8e (centos linux).
Test script:
---
$opts = array('config'=>'openssl.cnf',
'encrypt_key'=>true,
'private_key_type'=>OPENSSL_KEYTYPE_RSA,
'digest_alg'=>'sha256',
'private_key_bits'=>2048,
'x509_extensions'=>'usr_cert');
$handle = openssl_pkey_new($opts);
openssl_pkey_export($handle, $privatekey, sha1($_SERVER['REMOTE_ADDR']),
$opts);
echo $privatekey;
Expected result:
CentOS example output
-BEGIN RSA PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,C93B386451093918
buV1Kuaiu8QXhSeBdAF9Le2u+SSzaEtrHw6rLq19xL+9lWuwf4dFtrMPRI/PPvA5
HwBB7ZzT1AAzOAK2AnDiND3+n6IyqrkQjD7R0bGY6VLXdMr3qgGiJOkmsroF5t/H
LQEFGn9F8eOfEQTjkz4h9KYF/traXZSayBjNQ37fL42HO4M5WY0Ehms6bfeU5BN5
1d+NdENKLK0KVIJDNM3clQoHCc2KJwq70CeZmKq+tIG7UdigxmW0f9B/BMSM8PFx
3cFzt1eZVj23jPO65icEfqLWvdYUpOqFfZc17Si87LW8ExvO8yu4UPrk8iRR8eFH
LeOCPobR446Ehq8XBgFiFp8kzus5vDbqRLbMaBqul/mVWDmkpcyrnWJVAfginUar
FDTji8Ge8Zv5GgpuS2tjYkQpykthA17SKxDGe8s26feaHkErEanTWg5o50RP1oUo
1e2rrX+PVFoukN9f+j5OiScC8QDVfBcSZZYvfRmkE1SnF3S3CAVdtDIcqmy33WY+
Icx/n2uh3Y4tYafzSu/5O8ZeBzGUz3eKWMIAL66mxOclPAceWsQ6Ry22IBdjr+7p
Af3IKo4sWVtj3mOlrwNdNX9JtdHYiskNTVJ7+7DBlmbM+lfQlvb7wBsVek9ex6k2
qxWv250S+rdWuXBx3WuleQsQ14gBtX7Rf0Sk3DvOTinaU9C5n8xwaO9GWS0CJtjA
AkDTLZ0rylVjfdd3W7fjxfYtQEwnbKeIC1SEKuNR8tv6GXGuubU5Nt8Q5TIhZIYL
p2H027lafTE1Ky+KIRD0qZWfSEAujrxJVnH1n62edYxzWXfr+onS0g==
-END RSA PRIVATE KEY-
Actual result:
--
Arch linux sample output
-BEGIN ENCRYPTED PRIVATE KEY-
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIkd4I9LadOsYCAggA
MBQGCCqGSIb3DQMHBAhqJEWqm0xA9ASCAoDgWeRhfyKrCqfW7aSW1rYs8LVjN3ug
p9Kn6U7YZydHwxYdwNSK80i0yw+yU+ovVck2BdCBnm8ggdyXgS5UVTt5bnJHIHls
rEe4spLl8hkc0sOcL/ZseVBoxKIan7ZY1c0AysAwmrniFXKehSTCByDMUC58rl6H
gejVJk4+yebHuLqeq7z9d9dIvEuAFI9qjZjqUhq8wsCdN2+scFi/3/DXDp1V5/AS
SCeIsVsvcBNPaI8CYP48R13+mQJ+AGAWewcoHtwu8IQGuG46vlqOaYULCfInr/w7
/Y+Ttd2Hd6RHcnE9vTW7bhOn49v6KCtcwpcAtSz2kHrAufGxjAMzFV2oEVZPsDGM
4Rf3H1JtlJKIFYktTLoz9/07kQR0c6S1UkBa2oG/O7G0in7igzQEafKPKOMdOo3j
jP23He7kHJTTja5HE41DryUwa1JIB4L/BtbLDiYJA7KcrY7WoSROL675OmJEG1v6
vjLD0kcxIqc4rT0xesv4JEwVBxh8R/1qlqJjvLGJU8UQYWAzLqiMsg2rqrAy9XQy
Eu53GLXKhKCV2NtuvVQMbvza3RajA77B2i/EEM/ORKGiDI9isHce2yM4hptggBU6
YZiqOzIcgYjo1Dv/IB069jUdxXUg874MD/MG9r1ERUsZrLX8UMyVVj7VmnH6tMsc
2S/YwCgvflRdubDEJdmTE8KUD6XSTUjhdy1Tqzzhfg3KZ8SI8Bknb4k1oV8pSAlC
9YezxiisH4FL041LpUGhj9lbvHtY+8ctxbAT35Jy6npK94rASmoOXt0TFcOJxoGn
xCZjstibMOzNSNFU8subS92Xsu9fWtEV+nCAgDOtJeMwqFNBE1g5e6JN
-END ENCRYPTED PRIVATE KEY-
--
Edit bug report at http://bugs.php.net/bug.php?id=53850&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=53850&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=53850&r=trysnapshot53
Try a snapshot (trunk):
http://bugs.php.net/fix.php?id=53850&r=trysnapshottrunk
Fixed in SVN:
http://bugs.php.net/fix.php?id=53850&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=53850&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=53850&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=53850&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=53850&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=53850&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=53850&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=53850&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=53850&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=53850&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=53850&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=53850&r=php4
Daylight Savings:http://bugs.php.net/fix.php?id=53850&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=53850&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=53850&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=53850&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=53850&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=53850&r=mysqlcfg
Bug #53850 [Fbk->Opn]: openssl_pkey_export() with password not protecting private key
Edit report at http://bugs.php.net/bug.php?id=53850&edit=1
ID: 53850
User updated by:jason dot gerfen at gmail dot com
Reported by:jason dot gerfen at gmail dot com
Summary:openssl_pkey_export() with password not protecting
private key
-Status: Feedback
+Status: Open
Type: Bug
Package:OpenSSL related
Operating System: arch linux x86_64
PHP Version:5.3.5
Block user comment: N
Private report: N
New Comment:
I have verified this under the following conditions.
Arch Linux x86_64 installation
This configuration returns a password protected private key
Apache 2.2 [./configure]
OpenSSL 0.9.8q [./config --openssldir=/usr/local/openssl-0.9.8q
--shared]
PHP 5.3.5 [./configure --with-apxs2=/usr/local/apache2/bin/apxs
--disable-cli --with-openssl=/usr/local/openssl-0.9.8q]
This configuration however does not return a password protected key
Apache 2.2 [./configure]
OpenSSL 0.9.8q [./config --openssldir=/usr/local/openssl-1.0.0c
--shared]
PHP 5.3.5 [./configure --with-apxs2=/usr/local/apache2/bin/apxs
--disable-cli --with-openssl=/usr/local/openssl-1.0.0c]
Anything else you might find pertinent?
Previous Comments:
[2011-01-26 20:12:04] paj...@php.net
There is no different code in php to deal with this function.
If two versions of openssl give you two different results then it is a
openssl
problem, not php.
Also I would like you to test using the same PHP versions vs two
openssl, then we
can begin to discuss a possible issue. Be sure to use the latest
versions
available at php.net, not the centos (or any other distro) you use.
[2011-01-26 20:04:50] jason dot gerfen at gmail dot com
Description:
I have tested this against php5.3.5 with OpenSSL 1.0.0c (arch linux) vs
an older server running php5.2.14 with OpenSSL 0.9.8e (centos linux).
Test script:
---
$opts = array('config'=>'openssl.cnf',
'encrypt_key'=>true,
'private_key_type'=>OPENSSL_KEYTYPE_RSA,
'digest_alg'=>'sha256',
'private_key_bits'=>2048,
'x509_extensions'=>'usr_cert');
$handle = openssl_pkey_new($opts);
openssl_pkey_export($handle, $privatekey, sha1($_SERVER['REMOTE_ADDR']),
$opts);
echo $privatekey;
Expected result:
CentOS example output
-BEGIN RSA PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,C93B386451093918
buV1Kuaiu8QXhSeBdAF9Le2u+SSzaEtrHw6rLq19xL+9lWuwf4dFtrMPRI/PPvA5
HwBB7ZzT1AAzOAK2AnDiND3+n6IyqrkQjD7R0bGY6VLXdMr3qgGiJOkmsroF5t/H
LQEFGn9F8eOfEQTjkz4h9KYF/traXZSayBjNQ37fL42HO4M5WY0Ehms6bfeU5BN5
1d+NdENKLK0KVIJDNM3clQoHCc2KJwq70CeZmKq+tIG7UdigxmW0f9B/BMSM8PFx
3cFzt1eZVj23jPO65icEfqLWvdYUpOqFfZc17Si87LW8ExvO8yu4UPrk8iRR8eFH
LeOCPobR446Ehq8XBgFiFp8kzus5vDbqRLbMaBqul/mVWDmkpcyrnWJVAfginUar
FDTji8Ge8Zv5GgpuS2tjYkQpykthA17SKxDGe8s26feaHkErEanTWg5o50RP1oUo
1e2rrX+PVFoukN9f+j5OiScC8QDVfBcSZZYvfRmkE1SnF3S3CAVdtDIcqmy33WY+
Icx/n2uh3Y4tYafzSu/5O8ZeBzGUz3eKWMIAL66mxOclPAceWsQ6Ry22IBdjr+7p
Af3IKo4sWVtj3mOlrwNdNX9JtdHYiskNTVJ7+7DBlmbM+lfQlvb7wBsVek9ex6k2
qxWv250S+rdWuXBx3WuleQsQ14gBtX7Rf0Sk3DvOTinaU9C5n8xwaO9GWS0CJtjA
AkDTLZ0rylVjfdd3W7fjxfYtQEwnbKeIC1SEKuNR8tv6GXGuubU5Nt8Q5TIhZIYL
p2H027lafTE1Ky+KIRD0qZWfSEAujrxJVnH1n62edYxzWXfr+onS0g==
-END RSA PRIVATE KEY-
Actual result:
--
Arch linux sample output
-BEGIN ENCRYPTED PRIVATE KEY-
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIkd4I9LadOsYCAggA
MBQGCCqGSIb3DQMHBAhqJEWqm0xA9ASCAoDgWeRhfyKrCqfW7aSW1rYs8LVjN3ug
p9Kn6U7YZydHwxYdwNSK80i0yw+yU+ovVck2BdCBnm8ggdyXgS5UVTt5bnJHIHls
rEe4spLl8hkc0sOcL/ZseVBoxKIan7ZY1c0AysAwmrniFXKehSTCByDMUC58rl6H
gejVJk4+yebHuLqeq7z9d9dIvEuAFI9qjZjqUhq8wsCdN2+scFi/3/DXDp1V5/AS
SCeIsVsvcBNPaI8CYP48R13+mQJ+AGAWewcoHtwu8IQGuG46vlqOaYULCfInr/w7
/Y+Ttd2Hd6RHcnE9vTW7bhOn49v6KCtcwpcAtSz2kHrAufGxjAMzFV2oEVZPsDGM
4Rf3H1JtlJKIFYktTLoz9/07kQR0c6S1UkBa2oG/O7G0in7igzQEafKPKOMdOo3j
jP23He7kHJTTja5HE41DryUwa1JIB4L/BtbLDiYJA7KcrY7WoSROL675OmJEG1v6
vjLD0kcxIqc4rT0xesv4JEwVBxh8R/1qlqJjvLGJU8UQYWAzLqiMsg2rqrAy9XQy
Eu53GLXKhKCV2NtuvVQMbvza3RajA77B2i/EEM/ORKGiDI9isHce2yM4hptggBU6
YZiqOzIcgYjo1Dv/IB069jUdxXUg874MD/MG9r1ERUsZrLX8UMyVVj7VmnH6tMsc
2S/YwCgvflRdubDEJdmTE8KUD6XSTUjhdy1Tqzzhfg3KZ8SI8Bknb4k1oV8pSAlC
9YezxiisH4FL041LpUGhj9lbvHtY+8ctxbAT35Jy6npK94rASmoOXt0TFcOJxoGn
xCZjstibMOzNSNFU8subS92Xsu9fWtEV+nCAgDOtJeMwqFNBE1g5e6JN
-END ENCRYPTED PRIVATE KEY-
--
Edit this bug report at http://bugs.php.net/bug.php?id=53850&edit=1
Bug #53850 [Opn]: openssl_pkey_export() with password not protecting private key
Edit report at http://bugs.php.net/bug.php?id=53850&edit=1
ID: 53850
User updated by:jason dot gerfen at gmail dot com
Reported by:jason dot gerfen at gmail dot com
Summary:openssl_pkey_export() with password not protecting
private key
Status: Open
Type: Bug
Package:OpenSSL related
Operating System: arch linux x86_64
PHP Version:5.3.5
Block user comment: N
Private report: N
New Comment:
Since I have not heard anything else about this I did some digging to
try and identify the problem.
I have been adding some warning output in the
'openssl-1.0.0c/crypto/pem/pem_pkey.c' file after reviewing the the
'php-5.3.5/ext/openssl/openssl.c' file and noticing and focusing on the
calls to the OpenSSL shared objects for 'PEM_write_bio_PrivateKey()'.
When adding the warning output flags in the
'OpenSSL-1.0.0c/crypt/pem/pem_pkey.c' the password argument would always
display as '(null)'.
Correct me if I am looking the wrong spot in helping identify the
problem.
Previous Comments:
--------------------
[2011-01-28 19:42:32] jason dot gerfen at gmail dot com
I have verified this under the following conditions.
Arch Linux x86_64 installation
This configuration returns a password protected private key
Apache 2.2 [./configure]
OpenSSL 0.9.8q [./config --openssldir=/usr/local/openssl-0.9.8q
--shared]
PHP 5.3.5 [./configure --with-apxs2=/usr/local/apache2/bin/apxs
--disable-cli --with-openssl=/usr/local/openssl-0.9.8q]
This configuration however does not return a password protected key
Apache 2.2 [./configure]
OpenSSL 0.9.8q [./config --openssldir=/usr/local/openssl-1.0.0c
--shared]
PHP 5.3.5 [./configure --with-apxs2=/usr/local/apache2/bin/apxs
--disable-cli --with-openssl=/usr/local/openssl-1.0.0c]
Anything else you might find pertinent?
[2011-01-26 20:12:04] paj...@php.net
There is no different code in php to deal with this function.
If two versions of openssl give you two different results then it is a
openssl
problem, not php.
Also I would like you to test using the same PHP versions vs two
openssl, then we
can begin to discuss a possible issue. Be sure to use the latest
versions
available at php.net, not the centos (or any other distro) you use.
--------------------
[2011-01-26 20:04:50] jason dot gerfen at gmail dot com
Description:
I have tested this against php5.3.5 with OpenSSL 1.0.0c (arch linux) vs
an older server running php5.2.14 with OpenSSL 0.9.8e (centos linux).
Test script:
---
$opts = array('config'=>'openssl.cnf',
'encrypt_key'=>true,
'private_key_type'=>OPENSSL_KEYTYPE_RSA,
'digest_alg'=>'sha256',
'private_key_bits'=>2048,
'x509_extensions'=>'usr_cert');
$handle = openssl_pkey_new($opts);
openssl_pkey_export($handle, $privatekey, sha1($_SERVER['REMOTE_ADDR']),
$opts);
echo $privatekey;
Expected result:
CentOS example output
-BEGIN RSA PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,C93B386451093918
buV1Kuaiu8QXhSeBdAF9Le2u+SSzaEtrHw6rLq19xL+9lWuwf4dFtrMPRI/PPvA5
HwBB7ZzT1AAzOAK2AnDiND3+n6IyqrkQjD7R0bGY6VLXdMr3qgGiJOkmsroF5t/H
LQEFGn9F8eOfEQTjkz4h9KYF/traXZSayBjNQ37fL42HO4M5WY0Ehms6bfeU5BN5
1d+NdENKLK0KVIJDNM3clQoHCc2KJwq70CeZmKq+tIG7UdigxmW0f9B/BMSM8PFx
3cFzt1eZVj23jPO65icEfqLWvdYUpOqFfZc17Si87LW8ExvO8yu4UPrk8iRR8eFH
LeOCPobR446Ehq8XBgFiFp8kzus5vDbqRLbMaBqul/mVWDmkpcyrnWJVAfginUar
FDTji8Ge8Zv5GgpuS2tjYkQpykthA17SKxDGe8s26feaHkErEanTWg5o50RP1oUo
1e2rrX+PVFoukN9f+j5OiScC8QDVfBcSZZYvfRmkE1SnF3S3CAVdtDIcqmy33WY+
Icx/n2uh3Y4tYafzSu/5O8ZeBzGUz3eKWMIAL66mxOclPAceWsQ6Ry22IBdjr+7p
Af3IKo4sWVtj3mOlrwNdNX9JtdHYiskNTVJ7+7DBlmbM+lfQlvb7wBsVek9ex6k2
qxWv250S+rdWuXBx3WuleQsQ14gBtX7Rf0Sk3DvOTinaU9C5n8xwaO9GWS0CJtjA
AkDTLZ0rylVjfdd3W7fjxfYtQEwnbKeIC1SEKuNR8tv6GXGuubU5Nt8Q5TIhZIYL
p2H027lafTE1Ky+KIRD0qZWfSEAujrxJVnH1n62edYxzWXfr+onS0g==
-END RSA PRIVATE KEY-
Actual result:
--
Arch linux sample output
-BEGIN ENCRYPTED PRIVATE KEY-
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIkd4I9LadOsYCAggA
MBQGCCqGSIb3DQMHBAhqJEWqm0xA9ASCAoDgWeRhfyKrCqfW7aSW1rYs8LVjN3ug
p9Kn6U7YZydHwxYdwNSK80i0yw+yU+ovVck2BdCBnm8ggdyXgS5UVTt5bnJHIHls
rEe4spLl8hkc0sOcL/ZseVBoxKIan7ZY1c0AysAwmrniFXKehSTCByDMUC58rl6H
gejVJk4+yebHuLqeq7z9d9dIvEuAFI9qjZjqUhq8wsCdN2+scFi/3/DXDp1V5/AS
SCeIsVsvcBNPaI8CYP48R13+mQJ+AGAWewcoHtwu8IQGuG46vlqOaYULCfInr/w7
/Y+Ttd2Hd6RHcnE9vTW7bhOn49v6KCtcwpcAtSz2kHrAufGxjAMzFV2oEVZPsDGM
4Rf3H1JtlJKIFYktTLoz9/07
Bug #53850 [Com]: openssl_pkey_export() with password not protecting private key
Edit report at http://bugs.php.net/bug.php?id=53850&edit=1
ID: 53850
Comment by: jason dot gerfen at gmail dot com
Reported by:jason dot gerfen at gmail dot com
Summary:openssl_pkey_export() with password not protecting
private key
Status: Open
Type: Bug
Package:OpenSSL related
Operating System: arch linux x86_64
PHP Version:5.3.5
Block user comment: N
Private report: N
New Comment:
Can I get an update on this status?
Previous Comments:
[2011-01-31 15:18:56] jason dot gerfen at gmail dot com
Since I have not heard anything else about this I did some digging to
try and identify the problem.
I have been adding some warning output in the
'openssl-1.0.0c/crypto/pem/pem_pkey.c' file after reviewing the the
'php-5.3.5/ext/openssl/openssl.c' file and noticing and focusing on the
calls to the OpenSSL shared objects for 'PEM_write_bio_PrivateKey()'.
When adding the warning output flags in the
'OpenSSL-1.0.0c/crypt/pem/pem_pkey.c' the password argument would always
display as '(null)'.
Correct me if I am looking the wrong spot in helping identify the
problem.
--------------------
[2011-01-28 19:42:32] jason dot gerfen at gmail dot com
I have verified this under the following conditions.
Arch Linux x86_64 installation
This configuration returns a password protected private key
Apache 2.2 [./configure]
OpenSSL 0.9.8q [./config --openssldir=/usr/local/openssl-0.9.8q
--shared]
PHP 5.3.5 [./configure --with-apxs2=/usr/local/apache2/bin/apxs
--disable-cli --with-openssl=/usr/local/openssl-0.9.8q]
This configuration however does not return a password protected key
Apache 2.2 [./configure]
OpenSSL 0.9.8q [./config --openssldir=/usr/local/openssl-1.0.0c
--shared]
PHP 5.3.5 [./configure --with-apxs2=/usr/local/apache2/bin/apxs
--disable-cli --with-openssl=/usr/local/openssl-1.0.0c]
Anything else you might find pertinent?
[2011-01-26 20:12:04] paj...@php.net
There is no different code in php to deal with this function.
If two versions of openssl give you two different results then it is a
openssl
problem, not php.
Also I would like you to test using the same PHP versions vs two
openssl, then we
can begin to discuss a possible issue. Be sure to use the latest
versions
available at php.net, not the centos (or any other distro) you use.
--------------------
[2011-01-26 20:04:50] jason dot gerfen at gmail dot com
Description:
I have tested this against php5.3.5 with OpenSSL 1.0.0c (arch linux) vs
an older server running php5.2.14 with OpenSSL 0.9.8e (centos linux).
Test script:
---
$opts = array('config'=>'openssl.cnf',
'encrypt_key'=>true,
'private_key_type'=>OPENSSL_KEYTYPE_RSA,
'digest_alg'=>'sha256',
'private_key_bits'=>2048,
'x509_extensions'=>'usr_cert');
$handle = openssl_pkey_new($opts);
openssl_pkey_export($handle, $privatekey, sha1($_SERVER['REMOTE_ADDR']),
$opts);
echo $privatekey;
Expected result:
CentOS example output
-BEGIN RSA PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,C93B386451093918
buV1Kuaiu8QXhSeBdAF9Le2u+SSzaEtrHw6rLq19xL+9lWuwf4dFtrMPRI/PPvA5
HwBB7ZzT1AAzOAK2AnDiND3+n6IyqrkQjD7R0bGY6VLXdMr3qgGiJOkmsroF5t/H
LQEFGn9F8eOfEQTjkz4h9KYF/traXZSayBjNQ37fL42HO4M5WY0Ehms6bfeU5BN5
1d+NdENKLK0KVIJDNM3clQoHCc2KJwq70CeZmKq+tIG7UdigxmW0f9B/BMSM8PFx
3cFzt1eZVj23jPO65icEfqLWvdYUpOqFfZc17Si87LW8ExvO8yu4UPrk8iRR8eFH
LeOCPobR446Ehq8XBgFiFp8kzus5vDbqRLbMaBqul/mVWDmkpcyrnWJVAfginUar
FDTji8Ge8Zv5GgpuS2tjYkQpykthA17SKxDGe8s26feaHkErEanTWg5o50RP1oUo
1e2rrX+PVFoukN9f+j5OiScC8QDVfBcSZZYvfRmkE1SnF3S3CAVdtDIcqmy33WY+
Icx/n2uh3Y4tYafzSu/5O8ZeBzGUz3eKWMIAL66mxOclPAceWsQ6Ry22IBdjr+7p
Af3IKo4sWVtj3mOlrwNdNX9JtdHYiskNTVJ7+7DBlmbM+lfQlvb7wBsVek9ex6k2
qxWv250S+rdWuXBx3WuleQsQ14gBtX7Rf0Sk3DvOTinaU9C5n8xwaO9GWS0CJtjA
AkDTLZ0rylVjfdd3W7fjxfYtQEwnbKeIC1SEKuNR8tv6GXGuubU5Nt8Q5TIhZIYL
p2H027lafTE1Ky+KIRD0qZWfSEAujrxJVnH1n62edYxzWXfr+onS0g==
-END RSA PRIVATE KEY-
Actual result:
--
Arch linux sample output
-BEGIN ENCRYPTED PRIVATE KEY-
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIkd4I9LadOsYCAggA
MBQGCCqGSIb3DQMHBAhqJEWqm0xA9ASCAoDgWeRhfyKrCqfW7aSW1rYs8LVjN3ug
p9Kn6U7YZydHwxYdwNSK80i0yw+yU+ovVck2BdCBnm8ggdyXgS5UVTt5bnJHIHls
rEe4spLl8hkc0sOcL/ZseVBoxKIan7ZY1c0AysAwmrniFXKehSTCByDMUC58rl6H
gejVJk4+yebHuLqeq7z9d9dIvEuAFI9qjZjqUhq8wsCdN2+scFi/3/DXDp1V5/AS
Bug #53850 [Com]: openssl_pkey_export() with password not protecting private key
Edit report at http://bugs.php.net/bug.php?id=53850&edit=1
ID: 53850
Comment by: jason dot gerfen at gmail dot com
Reported by:jason dot gerfen at gmail dot com
Summary:openssl_pkey_export() with password not protecting
private key
Status: Open
Type: Bug
Package:OpenSSL related
Operating System: arch linux x86_64
PHP Version:5.3.5
Block user comment: N
Private report: N
New Comment:
On another note. Using strictly SSL commands to generate a new private
key using both openssl-0.9.8x & openssl-1.0.0x (installed from source)
produce a valid password protected private key.
Previous Comments:
[2011-02-16 17:19:54] jason dot gerfen at gmail dot com
Can I get an update on this status?
[2011-01-31 15:18:56] jason dot gerfen at gmail dot com
Since I have not heard anything else about this I did some digging to
try and identify the problem.
I have been adding some warning output in the
'openssl-1.0.0c/crypto/pem/pem_pkey.c' file after reviewing the the
'php-5.3.5/ext/openssl/openssl.c' file and noticing and focusing on the
calls to the OpenSSL shared objects for 'PEM_write_bio_PrivateKey()'.
When adding the warning output flags in the
'OpenSSL-1.0.0c/crypt/pem/pem_pkey.c' the password argument would always
display as '(null)'.
Correct me if I am looking the wrong spot in helping identify the
problem.
------------------------
[2011-01-28 19:42:32] jason dot gerfen at gmail dot com
I have verified this under the following conditions.
Arch Linux x86_64 installation
This configuration returns a password protected private key
Apache 2.2 [./configure]
OpenSSL 0.9.8q [./config --openssldir=/usr/local/openssl-0.9.8q
--shared]
PHP 5.3.5 [./configure --with-apxs2=/usr/local/apache2/bin/apxs
--disable-cli --with-openssl=/usr/local/openssl-0.9.8q]
This configuration however does not return a password protected key
Apache 2.2 [./configure]
OpenSSL 0.9.8q [./config --openssldir=/usr/local/openssl-1.0.0c
--shared]
PHP 5.3.5 [./configure --with-apxs2=/usr/local/apache2/bin/apxs
--disable-cli --with-openssl=/usr/local/openssl-1.0.0c]
Anything else you might find pertinent?
[2011-01-26 20:12:04] paj...@php.net
There is no different code in php to deal with this function.
If two versions of openssl give you two different results then it is a
openssl
problem, not php.
Also I would like you to test using the same PHP versions vs two
openssl, then we
can begin to discuss a possible issue. Be sure to use the latest
versions
available at php.net, not the centos (or any other distro) you use.
------------------------
[2011-01-26 20:04:50] jason dot gerfen at gmail dot com
Description:
I have tested this against php5.3.5 with OpenSSL 1.0.0c (arch linux) vs
an older server running php5.2.14 with OpenSSL 0.9.8e (centos linux).
Test script:
---
$opts = array('config'=>'openssl.cnf',
'encrypt_key'=>true,
'private_key_type'=>OPENSSL_KEYTYPE_RSA,
'digest_alg'=>'sha256',
'private_key_bits'=>2048,
'x509_extensions'=>'usr_cert');
$handle = openssl_pkey_new($opts);
openssl_pkey_export($handle, $privatekey, sha1($_SERVER['REMOTE_ADDR']),
$opts);
echo $privatekey;
Expected result:
CentOS example output
-BEGIN RSA PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,C93B386451093918
buV1Kuaiu8QXhSeBdAF9Le2u+SSzaEtrHw6rLq19xL+9lWuwf4dFtrMPRI/PPvA5
HwBB7ZzT1AAzOAK2AnDiND3+n6IyqrkQjD7R0bGY6VLXdMr3qgGiJOkmsroF5t/H
LQEFGn9F8eOfEQTjkz4h9KYF/traXZSayBjNQ37fL42HO4M5WY0Ehms6bfeU5BN5
1d+NdENKLK0KVIJDNM3clQoHCc2KJwq70CeZmKq+tIG7UdigxmW0f9B/BMSM8PFx
3cFzt1eZVj23jPO65icEfqLWvdYUpOqFfZc17Si87LW8ExvO8yu4UPrk8iRR8eFH
LeOCPobR446Ehq8XBgFiFp8kzus5vDbqRLbMaBqul/mVWDmkpcyrnWJVAfginUar
FDTji8Ge8Zv5GgpuS2tjYkQpykthA17SKxDGe8s26feaHkErEanTWg5o50RP1oUo
1e2rrX+PVFoukN9f+j5OiScC8QDVfBcSZZYvfRmkE1SnF3S3CAVdtDIcqmy33WY+
Icx/n2uh3Y4tYafzSu/5O8ZeBzGUz3eKWMIAL66mxOclPAceWsQ6Ry22IBdjr+7p
Af3IKo4sWVtj3mOlrwNdNX9JtdHYiskNTVJ7+7DBlmbM+lfQlvb7wBsVek9ex6k2
qxWv250S+rdWuXBx3WuleQsQ14gBtX7Rf0Sk3DvOTinaU9C5n8xwaO9GWS0CJtjA
AkDTLZ0rylVjfdd3W7fjxfYtQEwnbKeIC1SEKuNR8tv6GXGuubU5Nt8Q5TIhZIYL
p2H027lafTE1Ky+KIRD0qZWfSEAujrxJVnH1n62edYxzWXfr+onS0g==
-END RSA PRIVATE KEY-
Actual result:
--
Arch linux sample output
-BEGIN ENCRYPTED PRI
[PHP-BUG] Req #55045 [NEW]: openssl_pkcs7_sign() & openssl_pkcs7_encrypt()
From: Operating system: arch linux x86_64 PHP version: 5.3.6 Package: OpenSSL related Bug Type: Feature/Change Request Bug description:openssl_pkcs7_sign() & openssl_pkcs7_encrypt() Description: --- >From manual page: http://www.php.net/function.openssl-pkcs7-sign#Description --- I would like to see the openssl_pkcs7_sign(), openssl_pkcs7_verify(), openssl_pkcs7_encrypt(), openssl_pkcs7_decrypt() functions use either a file for input & output or a string variable. When it comes to shared hosting environments writing files is not always available. Thanks. -- Edit bug report at http://bugs.php.net/bug.php?id=55045&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=55045&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=55045&r=trysnapshot53 Try a snapshot (trunk): http://bugs.php.net/fix.php?id=55045&r=trysnapshottrunk Fixed in SVN: http://bugs.php.net/fix.php?id=55045&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=55045&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=55045&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=55045&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=55045&r=needscript Try newer version: http://bugs.php.net/fix.php?id=55045&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=55045&r=support Expected behavior: http://bugs.php.net/fix.php?id=55045&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=55045&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=55045&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=55045&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=55045&r=php4 Daylight Savings:http://bugs.php.net/fix.php?id=55045&r=dst IIS Stability: http://bugs.php.net/fix.php?id=55045&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=55045&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=55045&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=55045&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=55045&r=mysqlcfg
[PHP-BUG] Bug #55787 [NEW]: session_id() - Limits on amount session_regenerate_id() can be used with sha512
From:
Operating system: Linux
PHP version: 5.3.8
Package: Session related
Bug Type: Bug
Bug description:session_id() - Limits on amount session_regenerate_id() can be
used with sha512
Description:
I am not sure if this is a bug or a feature in terms of limits due to a
test case exceeding internal limits.
Scenario #1.
Using session_regenerate_id() over 39 times results in the following
errors:
Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot
regenerate session id - headers already sent
Scenario #2.
Using session_regenerate_id() over 19 times results in the following
errors:
Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot
regenerate session id - headers already sent; when the following parameters
are modified:
ini_set("session.entropy_file", "/dev/urandom");
ini_set("session.entropy_length", "512");
ini_set("session.hash_function", "sha512");
Test script:
---
session_start();
function _regenIDdef($old){
session_regenerate_id(true);
$_SESSION = $old;
}
function _prettyPrint($id, $i){
echo sprintf('Iteration: %d : ID: %s => Length: %d', $i, $id,
strlen((string)$id));
}
function _collide($array){
$x=0;
foreach($array as $k => $v){
if (count(in_array($v, $array))>1){
$x = $x++;
echo sprintf('Collision found at %d session id %s', $k, $v);
}
}
echo sprintf('Total collisions found %d', $x);
}
function _loop($id, $int){
$a = array();
for($i=0; $i<$int; $i++){
_regenIDdef($id);
_prettyPrint(session_id(), $i);
$a[$i]=session_id();
}
_collide($a);
}
echo 'Testing with PHP defaults';
_loop(session_id(), 40, 'a');
echo 'Testing with /dev/urandom & entropy 32';
ini_set("session.entropy_file", "/dev/urandom");
ini_set("session.entropy_length", "512");
ini_set("session.hash_function", "sha512");
_loop(session_id(), 20, 'a');
?>
Expected result:
No errors returning about not being able to regenerate a new session_id
Actual result:
--
Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot
regenerate session id - headers already sent
--
Edit bug report at https://bugs.php.net/bug.php?id=55787&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=55787&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=55787&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=55787&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=55787&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=55787&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=55787&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=55787&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=55787&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=55787&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=55787&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=55787&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=55787&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=55787&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=55787&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=55787&r=php4
Daylight Savings:https://bugs.php.net/fix.php?id=55787&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=55787&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=55787&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=55787&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=55787&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=55787&r=mysqlcfg
Bug #55787 [Opn]: session_id() - Limits on amount session_regenerate_id() can be used with sha512
Edit report at https://bugs.php.net/bug.php?id=55787&edit=1
ID: 55787
User updated by:jason dot gerfen at gmail dot com
Reported by:jason dot gerfen at gmail dot com
Summary:session_id() - Limits on amount
session_regenerate_id() can be used with sha512
Status: Open
Type: Bug
Package:Session related
Operating System: Linux
PHP Version:5.3.8
Block user comment: N
Private report: N
New Comment:
I am familiar with the error and the thing that I find the strangest is that
the use of echo on a session variable would prevent the second echo statement
by producing errors.
Here in every instance any warnings and/or errors regarding the headers sent
occurs at iteration 39 (default md5() session_id()) or iteration 19 (using
sha512() session_id()).
I suppose the use of the @session_id() should be used while testing entropy of
custom session_id()'s vs. the internal session.entropy_file,
session.entropy_length and session.hash_function options?
Previous Comments:
[2011-09-29 10:59:23] matty at mattyasia dot com
This is a coding problem, not a bug. Perhaps an omission in the documentation
though.
You can not use this function after you have sent any data to the browser.
So your problem here is that you have used "echo" before calling
"session_regenerate_id()", causing this error.
echo 'Testing with PHP defaults';
_loop(session_id(), 40, 'a');
----------------
[2011-09-26 18:29:57] jason dot gerfen at gmail dot com
Description:
I am not sure if this is a bug or a feature in terms of limits due to a test
case exceeding internal limits.
Scenario #1.
Using session_regenerate_id() over 39 times results in the following errors:
Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot
regenerate session id - headers already sent
Scenario #2.
Using session_regenerate_id() over 19 times results in the following errors:
Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot
regenerate session id - headers already sent; when the following parameters are
modified:
ini_set("session.entropy_file", "/dev/urandom");
ini_set("session.entropy_length", "512");
ini_set("session.hash_function", "sha512");
Test script:
---
session_start();
function _regenIDdef($old){
session_regenerate_id(true);
$_SESSION = $old;
}
function _prettyPrint($id, $i){
echo sprintf('Iteration: %d : ID: %s => Length: %d', $i, $id,
strlen((string)$id));
}
function _collide($array){
$x=0;
foreach($array as $k => $v){
if (count(in_array($v, $array))>1){
$x = $x++;
echo sprintf('Collision found at %d session id %s', $k, $v);
}
}
echo sprintf('Total collisions found %d', $x);
}
function _loop($id, $int){
$a = array();
for($i=0; $i<$int; $i++){
_regenIDdef($id);
_prettyPrint(session_id(), $i);
$a[$i]=session_id();
}
_collide($a);
}
echo 'Testing with PHP defaults';
_loop(session_id(), 40, 'a');
echo 'Testing with /dev/urandom & entropy 32';
ini_set("session.entropy_file", "/dev/urandom");
ini_set("session.entropy_length", "512");
ini_set("session.hash_function", "sha512");
_loop(session_id(), 20, 'a');
?>
Expected result:
No errors returning about not being able to regenerate a new session_id
Actual result:
--
Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot
regenerate session id - headers already sent
--
Edit this bug report at https://bugs.php.net/bug.php?id=55787&edit=1
