Req #61421 [Asn]: OpenSSL signature verification missing RMD160, SHA224, SHA256, SHA384, SHA512

Mon, 18 Jun 2012 13:13:12 -0700 

Edit report at https://bugs.php.net/bug.php?id=61421&edit=1

 ID:                 61421
 User updated by:    mark at zedwood dot com
 Reported by:        mark at zedwood dot com
-Summary:            Missing SHA256,SHA512 families of signature
                     algorithms
+Summary:            OpenSSL signature verification missing RMD160,
                     SHA224, SHA256, SHA384, SHA512
 Status:             Assigned
 Type:               Feature/Change Request
 Package:            OpenSSL related
 Operating System:   Ubuntu Linux
-PHP Version:        5.4.0
+PHP Version:        5.4.4
 Assigned To:        pajoye
 Block user comment: N
 Private report:     N

 New Comment:

Modified pastebin example to show simpler test case:
http://pastebin.com/qdCyC0Pe

older pastebin example now available at:
http://pastebin.com/4LQDqMD5


Previous Comments:
------------------------------------------------------------------------
[2012-05-30 19:10:50] mark at zedwood dot com

Is there anything preventing this bugfix/patch from being committed into git?

------------------------------------------------------------------------
[2012-04-05 22:10:00] mark at zedwood dot com

Changed name of const to OPENSSL_ALGO_RMD160 instead of OPENSSL_ALGO_RIPEMD160

------------------------------------------------------------------------
[2012-04-02 18:21:17] mark at zedwood dot com

added openssl version check, added new patch with .phpt test

------------------------------------------------------------------------
[2012-04-02 09:36:07] [email protected]

hi,

Thanks for the patch, I will apply it asap but it won't make it for the next 
releases of 5.3 or 5.4 as we are already in release phases.

Btw, can you add some tests too please?

About the patch, yes, please use the openssl version check instead. As what is 
done now won't work smoothly with older versions.

As of getting a svn account (asked per email but adding answer here too), we 
usually give one after that one has provided a couple of patches :)

Thanks for your work!

------------------------------------------------------------------------
[2012-04-02 09:21:11] [email protected]

Mark, yes, you probably should. It will also help a lot if you include test 
cases for the new functionality. Make sure those tests also run with older 
versions of openssl though!

cheers,
Derick

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=61421


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=61421&edit=1

Reply via email to