Bug 1073388

Summary: ext/openssl: default_md algo is MD5
Product: Red Hat Enterprise Linux 7 Reporter: Remi Collet <rcollet>
Component: phpAssignee: Remi Collet <rcollet>
Status: CLOSED ERRATA QA Contact: David Kutálek <dkutalek>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: dkutalek, isenfeld, jorton, lmiksik, tmraz
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-03 21:06:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1289025, 1295396, 1295829, 1313485    

Description Remi Collet 2014-03-06 10:37:47 UTC 
in php/ext/openssl, default message digest algo is hardcoded to md5, which is now rejected by recent changes in openssl.

So ext/openssl/tests/bug36732.phpt now fails (in recent build).

Proposal, which to sha1 for consistency.

in ext/openssl/openssl.c, in php_openssl_parse_config function:

    if (req->md_alg == NULL) {
-        req->md_alg = req->digest = EVP_md5();
+        req->md_alg = req->digest = EVP_sha1();
    }
Comment 2 Joe Orton 2014-03-06 11:01:38 UTC 
It might be better to use sha256 here in fact; this is the NIST recommendation (see e.g. bug 1062325).
Comment 3 Tomas Mraz 2014-03-06 11:38:20 UTC 
The SHA-256 is required by NIST since beginning of this year and it is reasonable requirement given the SHA-1 weaknesses. The default in the openssl default config file is SHA-256. On the other hand OpenSSL library default is SHA-1.

One thing that's needed to be considered is that there are still widely used legacy applications that cannot verify signatures that use SHA-256.
Comment 4 Remi Collet 2014-03-06 12:04:51 UTC 
Notice: PHP will use sha256 algo as configured. in provided openssl.cnf

So, only PHP users using a non default config, without default_md, will be affected.
Comment 5 Joe Orton 2014-03-06 12:11:45 UTC 
Ah, good point.  This is a very minor issue then.
Comment 6 Remi Collet 2014-03-14 08:59:10 UTC 
Upstream fix, use SHA1 as internal openssl default value.

http://git.php.net/?p=php-src.git;a=commit;h=17f6391bf8bc5e0e74ea981c795455a18826ed35
Comment 16 errata-xmlrpc 2016-11-03 21:06:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2598.html