[dev] [commits] Horde branch master updated. 900790ecbb506e850e5e6f03823ad293dc2d370d

Jan Schneider jan at horde.org
Fri Apr 28 14:10:35 UTC 2017 

Zitat von Michael J Rubinsky <mrubinsk at horde.org>:

> Quoting Michael J Rubinsky <mrubinsk at horde.org>:
>
>> Quoting Jan Schneider <jan at horde.org>:
>>
>>> Zitat von Michael J. Rubinsky <mrubinsk at horde.org>:
>>>
>>>> The branch "master" has been updated.
>>>> The following is a summary of the commits.
>>>>
>>>> from: 076b00cfe4db6a0fa44b8b1b7d07e96996ab1b33
>>>>
>>>> 76c0d9d Set the micalg header parameter correctly when using SHA-256.
>>>> fa2dca3 Pass the openssl path too.
>>>> 900790e BFN
>>>>
>>>> Summary:  
>>>> http://github.com/horde/horde/compare/076b00cfe4db6a0fa44b8b1b7d07e96996ab1b33...900790ecbb506e850e5e6f03823ad293dc2d370d
>>>>
>>>> -----------------------------------------------------------------------
>>>>
>>>> commit 76c0d9d3f2af854e8b34e3536af68100332a203c
>>>> Author: Michael J Rubinsky <mrubinsk at horde.org>
>>>> Date:   Thu Apr 27 00:42:20 2017 -0400
>>>>
>>>>  Set the micalg header parameter correctly when using SHA-256.
>>>>
>>>>  This took me the better part of a day to research and figure out,
>>>>  so would appreciate a second pair of eyes and/or some testing.
>>>>
>>>>  New-ish versions of openssl use SHA-256 as the message digest alg.
>>>>  when smime signing while other versions use SHA-1. This causes some
>>>>  clients to reject the signature, which I believe to  be the correct
>>>>  behavior.
>>>>
>>>>  PHP's openssl_pkcs7_* methods don't allow setting or reading the md
>>>>  method so we are left with either parsing the entire DER binary
>>>>  stream using something like phpseclib and pulling out the digest
>>>>  method, forgoing the openssl_* methods and call the openssl executable's
>>>>  smime tool to directly to do the signature, or we can use  
>>>> openssl executable's
>>>>  asn1parse command  and search for a known string indicating  
>>>> SHA-256 is being used.
>>>>
>>>>  The first option is overkill, the second option would defeat the
>>>>  purpose of having the more efficient openssl_* methods and would
>>>>  require writing out a copy of the private key to temporary storage, so
>>>>  I went with the third option.
>>>>
>>>> framework/Crypt/lib/Horde/Crypt/Smime.php | 18 +++++++++++++++++-
>>>> 1 file changed, 17 insertions(+), 1 deletion(-)
>>>>
>>>> http://github.com/horde/horde/commit/76c0d9d3f2af854e8b34e3536af68100332a203c
>>>>
>>>> -----------------------------------------------------------------------
>>>
>>> According to the OpenSSL documentation at the latest stable  
>>> version  
>>> (https://www.openssl.org/docs/man1.1.0/crypto/PKCS7_sign.html) but  
>>> also at the current master version  
>>> (https://www.openssl.org/docs/manmaster/man3/PKCS7_sign.html) is  
>>> says:
>>>
>>> "If a signer is specified it will use the default digest for the  
>>> signing algorithm. This is SHA1 for both RSA and DSA keys."
>>>
>>> The source tells a different story though:
>>> https://github.com/openssl/openssl/blob/6f0ac0e2f27d9240516edb9a23b7863e7ad02898/crypto/dsa/dsa_ameth.c#L499
>>>
>>> And this is the commit that changed the behavior:
>>> https://github.com/openssl/openssl/commit/44e0c2bae4bfd87d770480902618dbccde84fd81
>>>
>>> If we could find out what the default digest method for the used  
>>> public keys is, we can use that. I would prefer a solution without  
>>> using the openssl binary, because we are actually trying to get  
>>> rid of it: https://github.com/horde/horde/pull/218
>>
>>
>> Agreed. I'll take another look at this during my next time block.
>
> Actually, isn't this the actual issue - knowing what openssl's  
> default digest method is for any particular signing algorithm?  The  
> default digest method for these signing algorithms changed from  
> SHA-1 to SHA-256 in openssl, none of php's openssl_* methods expose  
> this value, we can't explicitly specify one, and we can't parse the  
> ASN.1 s/mime signature data using PHP's methods.
>
> Since it looks like it changed in openssl between version 1.0.1 and  
> 1.0.2 (thank you for finding that file - I gave up looking). Maybe  
> we could version sniff, but i was hesitant to do that since it looks  
> like there are upstream patches, at least in Debian, that made this  
> change in earlier versions.
>
> Another option would be to use a third party library like phpseclib  
> to do the ASN.1 parsing instead of calling out to the openssl binary.

Turned out that all required parameters had already been set by  
openssl and are available in $mime_message.

-- 
Jan Schneider
The Horde Project
https://www.horde.org/

More information about the dev mailing list