From: eugene at zhegan dot in Operating system: irrelevant PHP version: Irrelevant Package: OpenSSL related Bug Type: Bug Bug description:openssl cannot work with non-default engines/algos
Description: ------------ openssl extension cannot work with non-default engines/algos, for example GOST. I have a set of openssl 1.0.1x binaries on various OSes, including Linux Debian Wheezy, Solaris 10 x86, Solaris 11 x86, Solaris 11.1. x86. I have a GOST-enabled configuration file, containing a set of parameters: openssl_conf = openssl_def [openssl_def] oid_section = new_oids engines = engine_section [engine_section] gost = gost_section [gost_section] engine_id = gost dynamic_path = /usr/local/openssl/lib/engines/libgost.so default_algorithms = ALL All of my openssl console utilities are able to create certificates and private keys using GOST engine/algos and sign/verify S/MIME with it: OPENSSL_CONF=/usr/local/openssl/ssl/openssl-gost.cnf export OPENSSL_CONF /usr/local/openssl/bin/openssl req -x509 -engine gost -newkey GOST2001:gost2001.parfile -keyout key.pem -out cert.pem -nodes (file is created) /usr/local/openssl/bin/openssl req -x509 -engine gost -newkey GOST2001:gost2001.parfile -keyout key.pem -out cert.pem -nodes (certificate is created) /usr/local/openssl/bin/openssl cms -sign -signer cert.pem -inkey key.pem -in msg.txt -out signed.txt (S/MIME is signed) None of my PHP binaries, built with same openssl libraries are capable of using such engine/algo. They all complain about non-supported algorithm. Not only one openssl_pkcs7_sign() is affected, but the whole set of openssl_* calls. The same thing applies to loading and testing private keys using PHP and openssl_pkey_get_private() call and so on. This is reproducible on various PHP versions, including 5.3.23, 5.4.11, 5.4.12 and so on. This is related to bugs: https://bugs.php.net/bug.php?id=63992 https://bugs.php.net/bug.php?id=60157 https://bugs.php.net/bug.php?id=54473 Further investigation using truss/strace/ktrace OS-specific utilities shows that OPENSSL_CONF environment variable is totally ignored, at least I don't see any open() on a file pointed with OPENSSL_CONF variable. Furthermore, if being used inside a default configuration file, this does nothing, because it's totally ignored by the PHP, thus only defaults are used. Test script: --------------- <?php if (openssl_pkcs7_sign("./msg.txt", "phpsigned.txt", 'file://'.realpath('./cert.pem'), array('file://'.realpath('./key.pem'), ""), array("To" => "j...@example.com", // keyed syntax "From: HQ <c...@example.com>", // indexed syntax "Subject" => "Eyes only") )) { } else { echo openssl_error_string(), "\n"; } ?> Expected result: ---------------- This code should produce a valid S/MIME file. Actual result: -------------- This code now produces a set of errors and warnings: # php sign.php PHP Warning: openssl_pkcs7_sign(): error getting private key in /home/emz/openssl/sign.php on line 8 error:0606F076:digital envelope routines:EVP_PKCS82PKEY:unsupported private key algorithm -- Edit bug report at https://bugs.php.net/bug.php?id=64501&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=64501&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=64501&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=64501&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=64501&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=64501&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=64501&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=64501&r=needscript Try newer version: https://bugs.php.net/fix.php?id=64501&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=64501&r=support Expected behavior: https://bugs.php.net/fix.php?id=64501&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=64501&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=64501&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=64501&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=64501&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=64501&r=dst IIS Stability: https://bugs.php.net/fix.php?id=64501&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=64501&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=64501&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=64501&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=64501&r=mysqlcfg
