[dev] [commits] Horde branch master updated. 900790ecbb506e850e5e6f03823ad293dc2d370d

Michael J Rubinsky mrubinsk at horde.org
Fri Apr 28 03:31:37 UTC 2017 

Quoting Michael J Rubinsky <mrubinsk at horde.org>:

> Quoting Jan Schneider <jan at horde.org>:
>
>> Zitat von Michael J. Rubinsky <mrubinsk at horde.org>:
>>
>>> The branch "master" has been updated.
>>> The following is a summary of the commits.
>>>
>>> from: 076b00cfe4db6a0fa44b8b1b7d07e96996ab1b33
>>>
>>> 76c0d9d Set the micalg header parameter correctly when using SHA-256.
>>> fa2dca3 Pass the openssl path too.
>>> 900790e BFN
>>>
>>> Summary:  
>>> http://github.com/horde/horde/compare/076b00cfe4db6a0fa44b8b1b7d07e96996ab1b33...900790ecbb506e850e5e6f03823ad293dc2d370d
>>>
>>> -----------------------------------------------------------------------
>>>
>>> commit 76c0d9d3f2af854e8b34e3536af68100332a203c
>>> Author: Michael J Rubinsky <mrubinsk at horde.org>
>>> Date:   Thu Apr 27 00:42:20 2017 -0400
>>>
>>>   Set the micalg header parameter correctly when using SHA-256.
>>>
>>>   This took me the better part of a day to research and figure out,
>>>   so would appreciate a second pair of eyes and/or some testing.
>>>
>>>   New-ish versions of openssl use SHA-256 as the message digest alg.
>>>   when smime signing while other versions use SHA-1. This causes some
>>>   clients to reject the signature, which I believe to  be the correct
>>>   behavior.
>>>
>>>   PHP's openssl_pkcs7_* methods don't allow setting or reading the md
>>>   method so we are left with either parsing the entire DER binary
>>>   stream using something like phpseclib and pulling out the digest
>>>   method, forgoing the openssl_* methods and call the openssl executable's
>>>   smime tool to directly to do the signature, or we can use  
>>> openssl executable's
>>>   asn1parse command  and search for a known string indicating  
>>> SHA-256 is being used.
>>>
>>>   The first option is overkill, the second option would defeat the
>>>   purpose of having the more efficient openssl_* methods and would
>>>   require writing out a copy of the private key to temporary storage, so
>>>   I went with the third option.
>>>
>>> framework/Crypt/lib/Horde/Crypt/Smime.php | 18 +++++++++++++++++-
>>> 1 file changed, 17 insertions(+), 1 deletion(-)
>>>
>>> http://github.com/horde/horde/commit/76c0d9d3f2af854e8b34e3536af68100332a203c
>>>
>>> -----------------------------------------------------------------------
>>
>> According to the OpenSSL documentation at the latest stable version  
>> (https://www.openssl.org/docs/man1.1.0/crypto/PKCS7_sign.html) but  
>> also at the current master version  
>> (https://www.openssl.org/docs/manmaster/man3/PKCS7_sign.html) is  
>> says:
>>
>> "If a signer is specified it will use the default digest for the  
>> signing algorithm. This is SHA1 for both RSA and DSA keys."
>>
>> The source tells a different story though:
>> https://github.com/openssl/openssl/blob/6f0ac0e2f27d9240516edb9a23b7863e7ad02898/crypto/dsa/dsa_ameth.c#L499
>>
>> And this is the commit that changed the behavior:
>> https://github.com/openssl/openssl/commit/44e0c2bae4bfd87d770480902618dbccde84fd81
>>
>> If we could find out what the default digest method for the used  
>> public keys is, we can use that. I would prefer a solution without  
>> using the openssl binary, because we are actually trying to get rid  
>> of it: https://github.com/horde/horde/pull/218
>
>
> Agreed. I'll take another look at this during my next time block.

Actually, isn't this the actual issue - knowing what openssl's default  
digest method is for any particular signing algorithm?  The default  
digest method for these signing algorithms changed from SHA-1 to  
SHA-256 in openssl, none of php's openssl_* methods expose this value,  
we can't explicitly specify one, and we can't parse the ASN.1 s/mime  
signature data using PHP's methods.

Since it looks like it changed in openssl between version 1.0.1 and  
1.0.2 (thank you for finding that file - I gave up looking). Maybe we  
could version sniff, but i was hesitant to do that since it looks like  
there are upstream patches, at least in Debian, that made this change  
in earlier versions.

Another option would be to use a third party library like phpseclib to  
do the ASN.1 parsing instead of calling out to the openssl binary.

-- 
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 9272 bytes
Desc: PGP Public Key
URL: <https://lists.horde.org/archives/dev/attachments/20170428/4889f80f/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 821 bytes
Desc: PGP Digital Signature
URL: <https://lists.horde.org/archives/dev/attachments/20170428/4889f80f/attachment-0003.bin>

More information about the dev mailing list