[dev] [commits] Horde branch master updated. 900790ecbb506e850e5e6f03823ad293dc2d370d

Michael J Rubinsky mrubinsk at horde.org
Fri Apr 28 14:15:43 UTC 2017


Quoting Jan Schneider <jan at horde.org>:

> Zitat von Michael J Rubinsky <mrubinsk at horde.org>:
>
>> Quoting Michael J Rubinsky <mrubinsk at horde.org>:
>>
>>> Quoting Jan Schneider <jan at horde.org>:
>>>
>>>> Zitat von Michael J. Rubinsky <mrubinsk at horde.org>:
>>>>
>>>>> The branch "master" has been updated.
>>>>> The following is a summary of the commits.
>>>>>
>>>>> from: 076b00cfe4db6a0fa44b8b1b7d07e96996ab1b33
>>>>>
>>>>> 76c0d9d Set the micalg header parameter correctly when using SHA-256.
>>>>> fa2dca3 Pass the openssl path too.
>>>>> 900790e BFN
>>>>>
>>>>> Summary:  
>>>>> http://github.com/horde/horde/compare/076b00cfe4db6a0fa44b8b1b7d07e96996ab1b33...900790ecbb506e850e5e6f03823ad293dc2d370d
>>>>>
>>>>> -----------------------------------------------------------------------
>>>>>
>>>>> commit 76c0d9d3f2af854e8b34e3536af68100332a203c
>>>>> Author: Michael J Rubinsky <mrubinsk at horde.org>
>>>>> Date:   Thu Apr 27 00:42:20 2017 -0400
>>>>>
>>>>> Set the micalg header parameter correctly when using SHA-256.
>>>>>
>>>>> This took me the better part of a day to research and figure out,
>>>>> so would appreciate a second pair of eyes and/or some testing.
>>>>>
>>>>> New-ish versions of openssl use SHA-256 as the message digest alg.
>>>>> when smime signing while other versions use SHA-1. This causes some
>>>>> clients to reject the signature, which I believe to  be the correct
>>>>> behavior.
>>>>>
>>>>> PHP's openssl_pkcs7_* methods don't allow setting or reading the md
>>>>> method so we are left with either parsing the entire DER binary
>>>>> stream using something like phpseclib and pulling out the digest
>>>>> method, forgoing the openssl_* methods and call the openssl executable's
>>>>> smime tool to directly to do the signature, or we can use  
>>>>> openssl executable's
>>>>> asn1parse command  and search for a known string indicating  
>>>>> SHA-256 is being used.
>>>>>
>>>>> The first option is overkill, the second option would defeat the
>>>>> purpose of having the more efficient openssl_* methods and would
>>>>> require writing out a copy of the private key to temporary storage, so
>>>>> I went with the third option.
>>>>>
>>>>> framework/Crypt/lib/Horde/Crypt/Smime.php | 18 +++++++++++++++++-
>>>>> 1 file changed, 17 insertions(+), 1 deletion(-)
>>>>>
>>>>> http://github.com/horde/horde/commit/76c0d9d3f2af854e8b34e3536af68100332a203c
>>>>>
>>>>> -----------------------------------------------------------------------
>>>>
>>>> According to the OpenSSL documentation at the latest stable  
>>>> version  
>>>> (https://www.openssl.org/docs/man1.1.0/crypto/PKCS7_sign.html)  
>>>> but also at the current master version  
>>>> (https://www.openssl.org/docs/manmaster/man3/PKCS7_sign.html) is  
>>>> says:
>>>>
>>>> "If a signer is specified it will use the default digest for the  
>>>> signing algorithm. This is SHA1 for both RSA and DSA keys."
>>>>
>>>> The source tells a different story though:
>>>> https://github.com/openssl/openssl/blob/6f0ac0e2f27d9240516edb9a23b7863e7ad02898/crypto/dsa/dsa_ameth.c#L499
>>>>
>>>> And this is the commit that changed the behavior:
>>>> https://github.com/openssl/openssl/commit/44e0c2bae4bfd87d770480902618dbccde84fd81
>>>>
>>>> If we could find out what the default digest method for the used  
>>>> public keys is, we can use that. I would prefer a solution  
>>>> without using the openssl binary, because we are actually trying  
>>>> to get rid of it: https://github.com/horde/horde/pull/218
>>>
>>>
>>> Agreed. I'll take another look at this during my next time block.
>>
>> Actually, isn't this the actual issue - knowing what openssl's  
>> default digest method is for any particular signing algorithm?  The  
>> default digest method for these signing algorithms changed from  
>> SHA-1 to SHA-256 in openssl, none of php's openssl_* methods expose  
>> this value, we can't explicitly specify one, and we can't parse the  
>> ASN.1 s/mime signature data using PHP's methods.
>>
>> Since it looks like it changed in openssl between version 1.0.1 and  
>> 1.0.2 (thank you for finding that file - I gave up looking). Maybe  
>> we could version sniff, but i was hesitant to do that since it  
>> looks like there are upstream patches, at least in Debian, that  
>> made this change in earlier versions.
>>
>> Another option would be to use a third party library like phpseclib  
>> to do the ASN.1 parsing instead of calling out to the openssl binary.
>
> Turned out that all required parameters had already been set by  
> openssl and are available in $mime_message.


Well, now I feel a bit foolish :)


> -- 
> Jan Schneider
> The Horde Project
> https://www.horde.org/
>
> -- 
> dev mailing list
> Frequently Asked Questions: http://wiki.horde.org/FAQ
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org



-- 
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 9272 bytes
Desc: PGP Public Key
URL: <https://lists.horde.org/archives/dev/attachments/20170428/b3449c8c/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 821 bytes
Desc: PGP Digital Signature
URL: <https://lists.horde.org/archives/dev/attachments/20170428/b3449c8c/attachment-0001.bin>


More information about the dev mailing list