Bug 1073388 - ext/openssl: default_md algo is MD5
Summary: ext/openssl: default_md algo is MD5
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: php   
(Show other bugs)
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Web Stack Team
QA Contact: David Kutálek
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 1295396 1313485 1289025 1295829
TreeView+ depends on / blocked
 
Reported: 2014-03-06 10:37 UTC by Remi Collet
Modified: 2016-11-03 21:06 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-03 21:06:23 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2598 normal SHIPPED_LIVE Moderate: php security and bug fix update 2016-11-03 12:12:00 UTC
PHP Bug Tracker 66833 None None None Never

Description Remi Collet 2014-03-06 10:37:47 UTC
in php/ext/openssl, default message digest algo is hardcoded to md5, which is now rejected by recent changes in openssl.

So ext/openssl/tests/bug36732.phpt now fails (in recent build).

Proposal, which to sha1 for consistency.

in ext/openssl/openssl.c, in php_openssl_parse_config function:

    if (req->md_alg == NULL) {
-        req->md_alg = req->digest = EVP_md5();
+        req->md_alg = req->digest = EVP_sha1();
    }

Comment 2 Joe Orton 2014-03-06 11:01:38 UTC
It might be better to use sha256 here in fact; this is the NIST recommendation (see e.g. bug 1062325).

Comment 3 Tomas Mraz 2014-03-06 11:38:20 UTC
The SHA-256 is required by NIST since beginning of this year and it is reasonable requirement given the SHA-1 weaknesses. The default in the openssl default config file is SHA-256. On the other hand OpenSSL library default is SHA-1.

One thing that's needed to be considered is that there are still widely used legacy applications that cannot verify signatures that use SHA-256.

Comment 4 Remi Collet 2014-03-06 12:04:51 UTC
Notice: PHP will use sha256 algo as configured. in provided openssl.cnf

So, only PHP users using a non default config, without default_md, will be affected.

Comment 5 Joe Orton 2014-03-06 12:11:45 UTC
Ah, good point.  This is a very minor issue then.

Comment 6 Remi Collet 2014-03-14 08:59:10 UTC
Upstream fix, use SHA1 as internal openssl default value.

http://git.php.net/?p=php-src.git;a=commit;h=17f6391bf8bc5e0e74ea981c795455a18826ed35

Comment 16 errata-xmlrpc 2016-11-03 21:06:23 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2598.html


Note You need to log in before you can comment on or make changes to this bug.