FAQ
Hi,

I propose a patch for ext/openssl that extends support for crypto API.
- it provides access to openSSL digest functions
function openssl_get_md_methods();
function openssl_digest(string $data, string $method [, bool $raw]);
- it provides access to openSSL digest functions
function openssl_get_cipher_methods();
function openssl_encrypt(string $data, string $method, $string
$password [, bool $raw]);
function openssl_decrypt(string $data, string $method, $string
$password [, bool $raw]);
- It extends existing functions openssl_pkey_new() and
openssl_pkey_get_details() to access internal values of DSA, RSA and DH
keys. For example you can create DH key and then access its internal values
using the following code:
<?php
$dh = openssl_pkey_new(array('dh' => array(
'p' => pack('H*', 'dcf93a0b883972ec'),
'g' => pack(H*', '02')));
$details = openssl_pkey_get_details($dh);
var_dump(base64_encode($deteils['dh']['p']));
var_dump(base64_encode($deteils['dh']['g']));
var_dump(base64_encode($deteils['dh']['priv_key']));
var_dump(base64_encode($deteils['dh']['pub_key']));
?>
- it provides new function that computes shared secret for two DH keys
function openssl_dh_compute_key(string $pub_key, resource $dh)
- it also extend some functions to support string name of crypto algorith in
addition to numeric constants.

This patch was written to implement OpenID protocol in PHP.
It is similar to patch by Wez
http://netevil.org/blog/2007/feb/openid-and-typekey-using-native-openssl-fun
ctions-in-php
but it provides less additional functions and works with big numbers as with
strings (instead of resources).

I would like to commit the path to PHP_5_2 and HEAD.
Any objections?

Thanks. Dmitry.

Search Discussions

  • Jani Taskinen at Aug 1, 2007 at 9:36 am
    You just wasted time posting this here, just commit it. :)

    --Jani
    On Wed, 2007-08-01 at 12:56 +0400, Dmitry Stogov wrote:
    Hi,

    I propose a patch for ext/openssl that extends support for crypto API.
    - it provides access to openSSL digest functions
    function openssl_get_md_methods();
    function openssl_digest(string $data, string $method [, bool $raw]);
    - it provides access to openSSL digest functions
    function openssl_get_cipher_methods();
    function openssl_encrypt(string $data, string $method, $string
    $password [, bool $raw]);
    function openssl_decrypt(string $data, string $method, $string
    $password [, bool $raw]);
    - It extends existing functions openssl_pkey_new() and
    openssl_pkey_get_details() to access internal values of DSA, RSA and DH
    keys. For example you can create DH key and then access its internal values
    using the following code:
    <?php
    $dh = openssl_pkey_new(array('dh' => array(
    'p' => pack('H*', 'dcf93a0b883972ec'),
    'g' => pack(H*', '02')));
    $details = openssl_pkey_get_details($dh);
    var_dump(base64_encode($deteils['dh']['p']));
    var_dump(base64_encode($deteils['dh']['g']));
    var_dump(base64_encode($deteils['dh']['priv_key']));
    var_dump(base64_encode($deteils['dh']['pub_key']));
    ?>
    - it provides new function that computes shared secret for two DH keys
    function openssl_dh_compute_key(string $pub_key, resource $dh)
    - it also extend some functions to support string name of crypto algorith in
    addition to numeric constants.

    This patch was written to implement OpenID protocol in PHP.
    It is similar to patch by Wez
    http://netevil.org/blog/2007/feb/openid-and-typekey-using-native-openssl-fun
    ctions-in-php
    but it provides less additional functions and works with big numbers as with
    strings (instead of resources).

    I would like to commit the path to PHP_5_2 and HEAD.
    Any objections?

    Thanks. Dmitry.
    --
    PHP Internals - PHP Runtime Development Mailing List
    To unsubscribe, visit: http://www.php.net/unsub.php
  • Pierre at Aug 1, 2007 at 9:41 am

    On 8/1/07, Jani Taskinen wrote:
    You just wasted time posting this here, just commit it. :)
    Thanks for this patch, so far my favourite until now! It does not
    bring more inconsistencies to the openssl API and easy to understand.

    I agree with Jani, you can commit it to HEAD so we can start to play
    with it and see what can/should/could be improved or added. I have
    played with my own patches to add similar features and met a couple of
    annoyances, once it is in HEAD we can start to discuss and fix them if
    any :)

    Cheers,
    --Pierre
  • Rob Richards at Aug 1, 2007 at 12:12 pm
    Hi Dmitry,

    Dmitry Stogov wrote:
    Hi,

    I propose a patch for ext/openssl that extends support for crypto API.
    - it provides access to openSSL digest functions
    function openssl_get_md_methods();
    function openssl_digest(string $data, string $method [, bool $raw]);
    - it provides access to openSSL digest functions
    function openssl_get_cipher_methods();
    function openssl_encrypt(string $data, string $method, $string
    $password [, bool $raw]);
    function openssl_decrypt(string $data, string $method, $string
    $password [, bool $raw]);
    - It extends existing functions openssl_pkey_new() and
    openssl_pkey_get_details() to access internal values of DSA, RSA and DH
    keys. For example you can create DH key and then access its internal values
    using the following code:
    ...

    I would like to see this committed. I really could use this for some XML
    Sec functionality.

    Rob
  • David Coallier at Aug 1, 2007 at 1:35 pm

    On 8/1/07, Rob Richards wrote:
    Hi Dmitry,

    Dmitry Stogov wrote:
    Hi,

    I propose a patch for ext/openssl that extends support for crypto API.
    - it provides access to openSSL digest functions
    function openssl_get_md_methods();
    function openssl_digest(string $data, string $method [, bool $raw]);
    - it provides access to openSSL digest functions
    function openssl_get_cipher_methods();
    function openssl_encrypt(string $data, string $method, $string
    $password [, bool $raw]);
    function openssl_decrypt(string $data, string $method, $string
    $password [, bool $raw]);
    - It extends existing functions openssl_pkey_new() and
    openssl_pkey_get_details() to access internal values of DSA, RSA and DH
    keys. For example you can create DH key and then access its internal values
    using the following code:
    ...

    I would like to see this committed. I really could use this for some XML
    Sec functionality.

    Rob

    --
    PHP Internals - PHP Runtime Development Mailing List
    To unsubscribe, visit: http://www.php.net/unsub.php
    Awesome work Dmitry, thanks! :)

    --
    David Coallier,
    Founder & Software Architect,
    Agora Production (http://agoraproduction.com)
    51.42.06.70.18
  • Stanislav Malyshev at Aug 2, 2007 at 11:18 pm
    Sounds good. Couple of notes:

    1. Functions seem to lack prototypes except for encrypt which says:
    "Returns an array of the fields/values of the CERT" - obviously it's
    some mistake :)

    2. openssl_encrypt says "Unknown signature algorithm." when it should be
    encryption algorithm I guess... And the final period isn't needed I
    think. The same for decrypt.
    --
    Stanislav Malyshev, Zend Software Architect
    stas@zend.com http://www.zend.com/
    (408)253-8829 MSN: stas@zend.com
  • Dmitry Stogov at Aug 3, 2007 at 8:02 am
    Hi Stas,

    Thank you for catching this.
    I fixed it locally.

    Dmitry.
    -----Original Message-----
    From: Stanislav Malyshev
    Sent: Friday, August 03, 2007 3:19 AM
    To: Dmitry Stogov
    Cc: Wez Furlong; Sara Golemon; Andi Gutmans; Zeev Suraski;
    internals@lists.php.net
    Subject: Re: Ext/OpenSSL patch


    Sounds good. Couple of notes:

    1. Functions seem to lack prototypes except for encrypt which
    says: "Returns an array of the fields/values of the CERT" -
    obviously it's
    some mistake :)

    2. openssl_encrypt says "Unknown signature algorithm." when
    it should be
    encryption algorithm I guess... And the final period isn't needed I
    think. The same for decrypt.
    --
    Stanislav Malyshev, Zend Software Architect
    stas@zend.com http://www.zend.com/
    (408)253-8829 MSN: stas@zend.com
  • Pierre at Aug 3, 2007 at 9:21 am

    On 8/3/07, Dmitry Stogov wrote:
    Hi Stas,

    Thank you for catching this.
    I fixed it locally.
    Can you not apply the patch to HEAD already? :)

    Cheers,
    --Pierre
  • Dmitry Stogov at Aug 3, 2007 at 9:44 am
    I won't applay it to HEAD without php-5.
    I need it in php-5. HEAD may wait.

    Thanks. Dmitry.
    -----Original Message-----
    From: Pierre
    Sent: Friday, August 03, 2007 1:21 PM
    To: Dmitry Stogov
    Cc: Stanislav Malyshev; Wez Furlong; Sara Golemon; Andi
    Gutmans; Zeev Suraski; internals@lists.php.net
    Subject: Re: [PHP-DEV] RE: Ext/OpenSSL patch

    On 8/3/07, Dmitry Stogov wrote:
    Hi Stas,

    Thank you for catching this.
    I fixed it locally.
    Can you not apply the patch to HEAD already? :)

    Cheers,
    --Pierre

    --
    PHP Internals - PHP Runtime Development Mailing List
    To unsubscribe, visit: http://www.php.net/unsub.php
  • Pierre at Aug 3, 2007 at 9:52 am

    On 8/3/07, Dmitry Stogov wrote:
    I won't applay it to HEAD without php-5.
    I need it in php-5. HEAD may wait.
    We all need it to 5. But we also need it to test it before it goes to
    the stable branch.

    I would really love to get back our _development_ branch.

    --Pierre
  • Jani Taskinen at Aug 3, 2007 at 10:13 am
    So even Zend has abandoned PHP 6 development? :D
    And here I thought HEAD was meant for active development and you just
    MFH to any active branch were certain stuff goes..

    Anyway, it's about new features, those must wait for 5.3.

    --Jani
    On Fri, 2007-08-03 at 13:43 +0400, Dmitry Stogov wrote:
    I won't applay it to HEAD without php-5.
    I need it in php-5. HEAD may wait.

    Thanks. Dmitry.
    -----Original Message-----
    From: Pierre
    Sent: Friday, August 03, 2007 1:21 PM
    To: Dmitry Stogov
    Cc: Stanislav Malyshev; Wez Furlong; Sara Golemon; Andi
    Gutmans; Zeev Suraski; internals@lists.php.net
    Subject: Re: [PHP-DEV] RE: Ext/OpenSSL patch

    On 8/3/07, Dmitry Stogov wrote:
    Hi Stas,

    Thank you for catching this.
    I fixed it locally.
    Can you not apply the patch to HEAD already? :)

    Cheers,
    --Pierre

    --
    PHP Internals - PHP Runtime Development Mailing List
    To unsubscribe, visit: http://www.php.net/unsub.php
  • Dmitry Stogov at Aug 3, 2007 at 10:37 am

    -----Original Message-----
    From: Jani Taskinen
    Sent: Friday, August 03, 2007 2:13 PM
    To: Dmitry Stogov
    Cc: internals@lists.php.net
    Subject: RE: [PHP-DEV] RE: Ext/OpenSSL patch


    So even Zend has abandoned PHP 6 development? :D
    And here I thought HEAD was meant for active development and
    you just MFH to any active branch were certain stuff goes..
    Committing patch and then backporting it after several month is big headache
    for me.
    I belive, nobody will use it in PHP6.

    Dmitry.
    Anyway, it's about new features, those must wait for 5.3.

    --Jani
    On Fri, 2007-08-03 at 13:43 +0400, Dmitry Stogov wrote:
    I won't applay it to HEAD without php-5.
    I need it in php-5. HEAD may wait.

    Thanks. Dmitry.
    -----Original Message-----
    From: Pierre
    Sent: Friday, August 03, 2007 1:21 PM
    To: Dmitry Stogov
    Cc: Stanislav Malyshev; Wez Furlong; Sara Golemon; Andi
    Gutmans; Zeev Suraski; internals@lists.php.net
    Subject: Re: [PHP-DEV] RE: Ext/OpenSSL patch

    On 8/3/07, Dmitry Stogov wrote:
    Hi Stas,

    Thank you for catching this.
    I fixed it locally.
    Can you not apply the patch to HEAD already? :)

    Cheers,
    --Pierre

    --
    PHP Internals - PHP Runtime Development Mailing List
    To unsubscribe, visit: http://www.php.net/unsub.php

    --
    PHP Internals - PHP Runtime Development Mailing List
    To unsubscribe, visit: http://www.php.net/unsub.php
  • Pierre at Aug 3, 2007 at 10:54 am
    Hi Dmitry,
    On 8/3/07, Dmitry Stogov wrote:

    -----Original Message-----
    From: Jani Taskinen
    Sent: Friday, August 03, 2007 2:13 PM
    To: Dmitry Stogov
    Cc: internals@lists.php.net
    Subject: RE: [PHP-DEV] RE: Ext/OpenSSL patch


    So even Zend has abandoned PHP 6 development? :D
    And here I thought HEAD was meant for active development and
    you just MFH to any active branch were certain stuff goes..
    Committing patch and then backporting it after several month is big headache
    for me.
    I belive, nobody will use it in PHP6.
    I'm one that will test it, as already stated.

    That being said, I understand your concerns but remember that we are
    talking about mostly binary strings operation here. The differences
    between 5.x and 6.x for such code are very very small (and can be
    completely removed by using a couple of nice #define).

    Anyway, I can't force you to actually use our development branch...

    --Pierre
  • Moritz Bechler at Aug 3, 2007 at 11:10 am

    Pierre wrote:
    Hi Dmitry,
    On 8/3/07, Dmitry Stogov wrote:

    -----Original Message-----
    From: Jani Taskinen
    Sent: Friday, August 03, 2007 2:13 PM
    To: Dmitry Stogov
    Cc: internals@lists.php.net
    Subject: RE: [PHP-DEV] RE: Ext/OpenSSL patch


    So even Zend has abandoned PHP 6 development? :D
    And here I thought HEAD was meant for active development and
    you just MFH to any active branch were certain stuff goes..
    Committing patch and then backporting it after several month is big headache
    for me.
    I belive, nobody will use it in PHP6.
    I'm one that will test it, as already stated.

    That being said, I understand your concerns but remember that we are
    talking about mostly binary strings operation here. The differences
    between 5.x and 6.x for such code are very very small (and can be
    completely removed by using a couple of nice #define).

    Anyway, I can't force you to actually use our development branch...

    --Pierre
    Concerning ext/openssl feature enhancements I wanted to remind of my CRL
    patch (#40046) which could be committed to HEAD. I recently built new
    patches against HEAD and PHP_5_2 which can be found here:

    http://mbechler.eenterphace.org/php6-openssl-crl.patch
    http://mbechler.eenterphace.org/php5-openssl-crl.patch

    (unfortunatly I've somehow lost my bug password :|)


    best regards

    Moritz
  • Pierre at Aug 3, 2007 at 11:21 am

    On 8/3/07, Moritz Bechler wrote:

    Concerning ext/openssl feature enhancements I wanted to remind of my CRL
    patch (#b) which could be committed to HEAD. I recently built new
    patches against HEAD and PHP_5_2 which can be found here:

    http://mbechler.eenterphace.org/php6-openssl-crl.patch
    http://mbechler.eenterphace.org/php5-openssl-crl.patch

    (unfortunatly I've somehow lost my bug password :|)
    By the way, it would be nice (and faster) if you can join a couple of
    tests and examples (with required data). it will make my work a bit
    easier while testing your patch.


    Cheers,
    --Pierre
  • Moritz Bechler at Sep 23, 2007 at 6:44 pm
    Hi Pierre,
    By the way, it would be nice (and faster) if you can join a couple of
    tests and examples (with required data). it will make my work a bit
    easier while testing your patch.
    It took some time - but I now managed to put together some test cases
    (which hopefully can also serve as examples). I noticed that the current
    "openssl_x509_checkpurpose" function does not allow for passing
    verification flags so I introduced a new function "openssl_x509_check"
    (verify might be better but might cause confusion with openssl_verify)
    which does pretty much the same thing but takes a flags parameter which
    can be used to enable CRL checking and some other checking features
    which I did not test yet. I chose to add a new function because a)
    adding the argument to the end forces passing two (one unused in most
    cases) optional arguments b) _checkpurpose is a bit too specific. I hope
    that approach is okay.

    The updated patch is at
    http://mbechler.eenterphace.org/php6-openssl-crl.patch
    and the phpt and required data (needs a small CA, included files are
    valid for 5 years) at
    http://mbechler.eenterphace.org/php6-openssl-crl-tests.tar.bz2


    I noted my test fails (even for ascii filenames) when run in unicode
    mode which is a result of
    this check in php_openssl_x509_from_zval:

    if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) {
    return NULL;
    }

    maybe I'll find some time to have a look at proper filesystem encoding
    conversions for ext/openssl.

    best regards

    Moritz Bechler

    PS: Is there any way to recover/reset a lost bug password so I can add
    these links to my feature request?
  • Sara Golemon at Aug 3, 2007 at 4:43 pm

    pierre.php@gmail.com wrote:
    On 8/3/07, Dmitry Stogov wrote:

    I won't applay it to HEAD without php-5.
    I need it in php-5. HEAD may wait.
    We all need it to 5. But we also need it to test it before it goes to
    the stable branch.

    I would really love to get back our _development_ branch.

    --Pierre
    We have a development branch: "HEAD"... Why don't you want Dmitry to
    commit it to HEAD?

    -Sara
  • Pierre at Aug 3, 2007 at 4:45 pm

    On 8/3/07, Sara Golemon wrote:
    pierre.php@gmail.com wrote:
    On 8/3/07, Dmitry Stogov wrote:

    I won't applay it to HEAD without php-5.
    I need it in php-5. HEAD may wait.
    We all need it to 5. But we also need it to test it before it goes to
    the stable branch.

    I would really love to get back our _development_ branch.

    --Pierre
    We have a development branch: "HEAD"... Why don't you want Dmitry to
    commit it to HEAD?
    You mis read the thread. I want him to commit to HEAD, he does not want to.

    --Pierre
  • Dmitry Stogov at Aug 3, 2007 at 10:22 pm
    Ok. :)
    I will do it on next week.

    Dmitry.
    -----Original Message-----
    From: Pierre
    Sent: Friday, August 03, 2007 8:45 PM
    To: Sara Golemon
    Cc: Dmitry Stogov; Stanislav Malyshev; Wez Furlong; Andi
    Gutmans; Zeev Suraski; internals@lists.php.net
    Subject: Re: [PHP-DEV] RE: Ext/OpenSSL patch

    On 8/3/07, Sara Golemon wrote:
    pierre.php@gmail.com wrote:
    On 8/3/07, Dmitry Stogov wrote:

    I won't applay it to HEAD without php-5.
    I need it in php-5. HEAD may wait.
    We all need it to 5. But we also need it to test it
    before it goes
    to the stable branch.

    I would really love to get back our _development_ branch.

    --Pierre
    We have a development branch: "HEAD"... Why don't you want Dmitry to
    commit it to HEAD?
    You mis read the thread. I want him to commit to HEAD, he
    does not want to.

    --Pierre

    --
    PHP Internals - PHP Runtime Development Mailing List
    To unsubscribe, visit: http://www.php.net/unsub.php

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupphp-internals @
categoriesphp
postedAug 1, '07 at 8:57a
activeSep 23, '07 at 6:44p
posts19
users8
websitephp.net

People

Translate

site design / logo © 2022 Grokbase