ID: 41033 Updated by: [EMAIL PROTECTED] Reported By: gordyf at google dot com Status: Assigned Bug Type: Feature/Change Request Operating System: any PHP Version: 5.2.1 Assigned To: pajoye New Comment:
"I notice there hasn't been any activity on this for a week -- is there any additional information that I can provide?" Thank you, I have all I need to apply the patch as soon as possible. Previous Comments: ------------------------------------------------------------------------ [2007-04-17 18:30:40] gordyf at google dot com I notice there hasn't been any activity on this for a week -- is there any additional information that I can provide? ------------------------------------------------------------------------ [2007-04-10 00:47:11] gordyf at google dot com It seems I shouldn't have used link tags, here they are without trailing quotes. Man page: http://www.die.net/doc/linux/man/man3/evp_digestinit.3.html Patch: http://trigse.cx/php-openssl-patch.diff ------------------------------------------------------------------------ [2007-04-10 00:43:02] gordyf at google dot com Description: ------------ This patch enables signing and verifying signatures with DSA keys. This currently does not work because EVP_sha1() is called when signing with SHA1 hash, and EVP_dss1() must be called for DSA-SHA1 signing. It adds the OPENSSL_ALGO_DSS1 constant which must be used with the last parameter of openssl_sign and openssl_verify when using a DSA key. >From the <a href="http://www.die.net/doc/linux/man/man3/evp_digestinit.3.html";>man page</a>: "The link between digests and signing algorithms results in a situation where EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS even though they are identical digests." Patch available <a href="http://trigse.cx/php-openssl-patch.diff";>here</a>. Reproduce code: --------------- $key = file_get_contents("keys/dsa.privkey.pem"); $prkeyid = openssl_get_privatekey($key); $ct = "Hello I am some text!"; openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_DSS1); echo "Signature: ".base64_encode($signature)."<br>"; $key = file_get_contents("keys/dsa.pubkey.pem"); $pukeyid = openssl_get_publickey($key); $valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_DSS1); echo "Signature validity: ".$valid; Expected result: ---------------- (After patch) Signature: MCwCFGKwtl03QDikxpqoGMrr4+EPoZfZAhQYIl/Bhzur/CW50b3ZFf5dYig3PA== Signature validity: 1 Actual result: -------------- (Before patch) Signature: Signature validity: -1 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=41033&edit=1
