Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:46173
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: softfail (pb1.pair.com: domain cdatazone.org does not designate 207.58.142.213 as permitted sender)
Message-ID: <4B0C177A.6020500@cdatazone.org>
Date: Tue, 24 Nov 2009 12:27:22 -0500
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: PHP Developers Mailing List <internals@lists.php.net>
Content-Type: multipart/mixed;
 boundary="------------090302030801020501040901"
Subject: openssl supported algorithms
From: rrichards@cdatazone.org (Rob Richards)

--------------090302030801020501040901
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

The openssl extension is way to restrictive in the algorithms it 
supports, i.e. no support for SHA265 which is starting to become the 
standard algo to use, etc.. Rather than having to always add more 
constants and additional logic for any new algorithms, I'd like to 
change the sign and verify functions to not only accept the current 
integers, but also a string so the EVP_get_digestbyname function can be 
used.

So while still supporting something list:
openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_SHA1)

It can also be called using:
openssl_sign($data, $signature, $priv_key_id, "SHA1")
openssl_sign($data, $signature, $priv_key_id, "SHA256")

Attached is a patch to illustrate the change made to the PHP_5_2 branch 
(only to the sign function but same change would be made to verify as well).
I'd really like to be able to support the string based algorithm rather 
than always having to add constants just for the added flexibility but 
in any case we really need to add support for more than what we have 
now. Personally I'd also like to see this in 5.2.12 but know that might 
be pushing it.

Rob



--------------090302030801020501040901
Content-Type: text/plain;
 name="openssl.c.diff.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="openssl.c.diff.txt"

Index: openssl.c
===================================================================
--- openssl.c	(revision 291215)
+++ openssl.c	(working copy)
@@ -3504,11 +3504,11 @@
 }
 /* }}} */
 
-/* {{{ proto bool openssl_sign(string data, &string signature, mixed key[, int signature_alg])
+/* {{{ proto bool openssl_sign(string data, &string signature, mixed key[, mixed signature_alg])
    Signs data */
 PHP_FUNCTION(openssl_sign)
 {
-	zval **key, *signature;
+	zval **key, *signature, *digest_algo;
 	EVP_PKEY *pkey;
 	int siglen;
 	unsigned char *sigbuf;
@@ -3516,10 +3516,9 @@
 	char * data;
 	int data_len;
 	EVP_MD_CTX md_ctx;
-	long signature_algo = OPENSSL_ALGO_SHA1;
-	EVP_MD *mdtype;
+	EVP_MD *mdtype = NULL;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szZ|l", &data, &data_len, &signature, &key, &signature_algo) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szZ|z!", &data, &data_len, &signature, &key, &digest_algo) == FAILURE) {
 		return;
 	}
 	pkey = php_openssl_evp_from_zval(key, 0, "", 0, &keyresource TSRMLS_CC);
@@ -3528,7 +3527,17 @@
 		RETURN_FALSE;
 	}
 
-	mdtype = php_openssl_get_evp_md_from_algo(signature_algo);
+	if ((digest_algo != NULL) && (Z_TYPE_P(digest_algo) == IS_STRING)) {
+		mdtype = EVP_get_digestbyname(Z_STRVAL_P(digest_algo));
+	} else {
+		long signature_algo = OPENSSL_ALGO_SHA1;
+		if ((digest_algo != NULL)) {
+			convert_to_long(digest_algo);
+			signature_algo = Z_LVAL_P(digest_algo);
+		}
+		mdtype = php_openssl_get_evp_md_from_algo(signature_algo);
+	}
+	
 	if (!mdtype) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature algorithm.");
 		RETURN_FALSE;

--------------090302030801020501040901--