Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:28312 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 68025 invoked by uid 1010); 9 Mar 2007 19:46:05 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 68010 invoked from network); 9 Mar 2007 19:46:05 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 9 Mar 2007 19:46:05 -0000 Authentication-Results: pb1.pair.com header.from=stas@zend.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=stas@zend.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 63.205.162.114 as permitted sender) X-PHP-List-Original-Sender: stas@zend.com X-Host-Fingerprint: 63.205.162.114 unknown Windows 2000 SP4, XP SP1 Received: from [63.205.162.114] ([63.205.162.114:45728] helo=us-ex1.zend.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 48/FA-00491-469B1F54 for ; Fri, 09 Mar 2007 14:45:56 -0500 Received: from [127.0.0.1] ([192.168.16.109]) by us-ex1.zend.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 9 Mar 2007 11:45:28 -0800 Message-ID: <45F1B956.4060003@zend.com> Date: Fri, 09 Mar 2007 11:45:26 -0800 Organization: Zend Technologies User-Agent: Thunderbird 2.0b2 (Windows/20070116) MIME-Version: 1.0 To: Andi Gutmans CC: Wez Furlong , internals@lists.php.net References: <700A466F-7822-4371-AD6A-36F6880E6368@omniti.com> <698DE66518E7CA45812BD18E807866CE12B468@us-ex1.zend.net> In-Reply-To: <698DE66518E7CA45812BD18E807866CE12B468@us-ex1.zend.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 09 Mar 2007 19:45:28.0713 (UTC) FILETIME=[7D618790:01C76283] Subject: Re: [PHP-DEV] OpenID enabling patch for OpenSSL and PHP 5 From: stas@zend.com (Stanislav Malyshev) > Doesn't seem like this ever got commited. > Can we include this in PHP 5.2.2? It doesn't break existing APIs so I > think it's a good idea. I think adding bignum functions is OK (though it duplicates GMP to a measure) - while we are at it, why not add implementation for btwoc(number) also? I think this patch is a bit narrow-purpose - why we have specific DSA verify and not for other algorithms? Why we have DSA verify but not DSA sign? Also, can't be dsa_verify plugged into openssl_verify()? I understand that it not receives hash and not data, but I see that practical use described here: http://netevil.org/node.php?nid=949 generates hash from data, so no problem passing data either. So maybe we could instead of having separate verify functions have functions that compose keys from parameters for existing openssl_verify? Also, some small things: openssl_dh_generate_key on failure doesn't set return value to false. openssl_dh_generate_parameters on failure doesn't set return value. openssl_bignum_from_zval alsway increases resource refcount, but in openssl_dh_generate_key when key is generated successfully refcount is not decreased, so it's not clear if participating bignums would ever be freed. -- Stanislav Malyshev, Zend Products Engineer stas@zend.com http://www.zend.com/