Bug 1073388 - ext/openssl: default_md algo is MD5
Summary: ext/openssl: default_md algo is MD5
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: php
Version: 7.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Remi Collet
QA Contact: David Kutálek
Depends On:
Blocks: 1289025 1295396 1295829 1313485
TreeView+ depends on / blocked
Reported: 2014-03-06 10:37 UTC by Remi Collet
Modified: 2021-01-14 09:25 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2016-11-03 21:06:23 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
PHP Bug Tracker 66833 0 None None None Never
Red Hat Product Errata RHSA-2016:2598 0 normal SHIPPED_LIVE Moderate: php security and bug fix update 2016-11-03 12:12:00 UTC

Description Remi Collet 2014-03-06 10:37:47 UTC
in php/ext/openssl, default message digest algo is hardcoded to md5, which is now rejected by recent changes in openssl.

So ext/openssl/tests/bug36732.phpt now fails (in recent build).

Proposal, which to sha1 for consistency.

in ext/openssl/openssl.c, in php_openssl_parse_config function:

    if (req->md_alg == NULL) {
-        req->md_alg = req->digest = EVP_md5();
+        req->md_alg = req->digest = EVP_sha1();

Comment 2 Joe Orton 2014-03-06 11:01:38 UTC
It might be better to use sha256 here in fact; this is the NIST recommendation (see e.g. bug 1062325).

Comment 3 Tomas Mraz 2014-03-06 11:38:20 UTC
The SHA-256 is required by NIST since beginning of this year and it is reasonable requirement given the SHA-1 weaknesses. The default in the openssl default config file is SHA-256. On the other hand OpenSSL library default is SHA-1.

One thing that's needed to be considered is that there are still widely used legacy applications that cannot verify signatures that use SHA-256.

Comment 4 Remi Collet 2014-03-06 12:04:51 UTC
Notice: PHP will use sha256 algo as configured. in provided openssl.cnf

So, only PHP users using a non default config, without default_md, will be affected.

Comment 5 Joe Orton 2014-03-06 12:11:45 UTC
Ah, good point.  This is a very minor issue then.

Comment 6 Remi Collet 2014-03-14 08:59:10 UTC
Upstream fix, use SHA1 as internal openssl default value.


Comment 16 errata-xmlrpc 2016-11-03 21:06:23 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.