From: gordyf at google dot com Operating system: any PHP version: 5.2.1 PHP Bug Type: OpenSSL related Bug description: Patch to enable signing with DSA keys
Description: ------------ This patch enables signing and verifying signatures with DSA keys. This currently does not work because EVP_sha1() is called when signing with SHA1 hash, and EVP_dss1() must be called for DSA-SHA1 signing. It adds the OPENSSL_ALGO_DSS1 constant which must be used with the last parameter of openssl_sign and openssl_verify when using a DSA key. >From the <a href="http://www.die.net/doc/linux/man/man3/evp_digestinit.3.html";>man page</a>: "The link between digests and signing algorithms results in a situation where EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS even though they are identical digests." Patch available <a href="http://trigse.cx/php-openssl-patch.diff";>here</a>. Reproduce code: --------------- $key = file_get_contents("keys/dsa.privkey.pem"); $prkeyid = openssl_get_privatekey($key); $ct = "Hello I am some text!"; openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_DSS1); echo "Signature: ".base64_encode($signature)."<br>"; $key = file_get_contents("keys/dsa.pubkey.pem"); $pukeyid = openssl_get_publickey($key); $valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_DSS1); echo "Signature validity: ".$valid; Expected result: ---------------- (After patch) Signature: MCwCFGKwtl03QDikxpqoGMrr4+EPoZfZAhQYIl/Bhzur/CW50b3ZFf5dYig3PA== Signature validity: 1 Actual result: -------------- (Before patch) Signature: Signature validity: -1 -- Edit bug report at http://bugs.php.net/?id=41033&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=41033&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=41033&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=41033&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=41033&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=41033&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=41033&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=41033&r=needscript Try newer version: http://bugs.php.net/fix.php?id=41033&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=41033&r=support Expected behavior: http://bugs.php.net/fix.php?id=41033&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=41033&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=41033&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=41033&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=41033&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=41033&r=dst IIS Stability: http://bugs.php.net/fix.php?id=41033&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=41033&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=41033&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=41033&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=41033&r=mysqlcfg
