Edit report at https://bugs.php.net/bug.php?id=46149&edit=1
ID: 46149 Comment by: menkaur at gmail dot com Reported by: hanbsd at 163 dot com Summary: openssl_sign() can't generate the signature where sign DSA Private key Status: Bogus Type: Bug Package: OpenSSL related Operating System: Centos 5.0 PHP Version: 5.2.6 Block user comment: N Private report: N New Comment: I'm getting this bug in version 5.2.17; openssl_sign silently fails, signature is empty Here's the code to reproduce it: $priv_key = '-----BEGIN DSA PRIVATE KEY----- MIIDVQIBAAKCAQEA/uhSKJA6k5sSnYo+uBgi+mzJ72hqZrWgc+dNLpiiKoHsqDZ6 7kGW0J3wnhU0FxpV2SVL57SfG6dC7GvwsJYBidSEJqe3bARP8WI4yL9wm1PVTqFD 4zNkj1+zUZDWQWpJxaA8I10sJR08/WbwgD63bD6jg4JiPaowFMOrufYAW92hjANQ D7eZ+t0GXAoDB5L6q8btVRfJrGOvkdDN6eyzc7kpJEVC9g1J9Q6glnHQRIGdW4Ot ys/bpv2mGMfEykyTWhcMSLaAZ0YLTyKRfjYm8g7dCFWo3i8Fu0Jr+N3IWZI9Jgw5 lGyUSX8x89gjMsqtcOzcrjOtC51oAh+pio8jaQIhAM2VbbgAoxSSVO3Nd5y2mPiO k62rr9cCj4tNy0MtYG3rAoIBABnMeAAeJpNpe3UhmWrGSJN/nQe76FSIhV/0wsu4 Xu65tW610i+uf8t0ZDqHCrbF9LSvk6vPiBydKhOmmStCa/aJJZhCKYI9/8WgtXG8 kSvAzLTNnozSLeHkapZHJwqY1wT+qxElheXjHJBRzgXVqwB+0CeJokJYlWiaPfuN n3H1GDekuYXSFAaK4bC4TEsctQH1/403ljSbv99aXVDTVSnW0hdbokyLSPsiJjvz w6GkyEiK/j6V2dTrIRn2X2ftzbTsE+0vEenHosIzJwM8+zUrhLvVvPBARWnbmsQ/ YstGs7WERGQzkFSsuPsWCN53Os4NnBEPiYg8//Cy1EHat3ACggEAD3mqwlAaPixs Up49/HYlGqrU4e862rWY7mb5XRJ7AY9t70C5hhZrVO/DTgpGkwO0Yi/cYo6W0g// cP73Nb2KZwaiyTCet2VsXb0H/8gvi8OqlidEpormedYW1T0DoyVrw57gXF0hp0D8 scfZBg0hFM/hHlmqHPKYiZtDp5imk5TeSyIoLdyJjW8jII2ni8ryStjvZ61aAPyK VH8in3DpVANpn3MSGv1Hv1RYxaago71fVUyOkm1/pFNqBNIwBAxBIUsIPdNpjoGB bLKXDshCfdXkQJxnx80nVDslEkv10BapLqIr98uswU/bBYMduF6Xrg5pdugDG3Cw X8n3glog8QIgayYvNGvBvrDp9piq8RDg9mQJsd4IFBlpF7MnqIc749M= -----END DSA PRIVATE KEY----- '; $pkeyid = openssl_get_privatekey($priv_key); if(empty($pkeyid)){ die("Can't load key id"); } $data = $_GET['i']; // compute signature if(!openssl_sign($data, $signature, $pkeyid,OPENSSL_ALGO_SHA1)){ echo "Failed to sign data: $data"; } // free the key from memory openssl_free_key($pkeyid); if(empty($signature)){ echo "signature empty"; } echo base64_encode($signature); Previous Comments: ------------------------------------------------------------------------ [2008-11-18 02:18:03] paj...@php.net Duplicate of #41033 (which is fixed) ------------------------------------------------------------------------ [2008-11-07 07:48:21] t dot dettrick at its dot uq dot edu dot au This is related to Bug #41033 - PHP doesn't support signing or verification with DSA, because it requires EVP_dss1() instead of EVP_sha1(), and the patch to provide a constant for that hash algorithm hasn't been merged yet. ------------------------------------------------------------------------ [2008-09-22 11:45:57] hanbsd at 163 dot com Description: ------------ I create private key with $configargs = array( "digest_alg" => "sha1", "private_key_bits" => 1024, "private_key_type" => OPENSSL_KEYTYPE_DSA, "encrypt_key" => false ); But I can not get signature by openssl_sign($data, $signature, $key). Then I use openssl in shell #openssl dgst -dss1 -sign id_dsa foo.sha1 > sigfile.bin openssl create a signature file : sigfile.bin #openssl dgst -dss1 -verify id_dsa.pub -signature sigfile.bin foo.sha1 openssl print: "Verified OK" It looks something bug of PHP function openssl_sign() Reproduce code: --------------- $data = "sfsdfsdfs"; $fp = fopen("/home/id_dsa", "r"); $pkey = fread($fp, 8192); fclose($fp); $key = openssl_get_privatekey($pkey); openssl_sign($data, $signature, $key); openssl_free_key($key); echo $signature; Expected result: ---------------- openssl_sign() can create signature Actual result: -------------- openssl_sign() can not create signature , $signature is empty ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=46149&edit=1