FAQ
The openssl extension is way to restrictive in the algorithms it
supports, i.e. no support for SHA265 which is starting to become the
standard algo to use, etc.. Rather than having to always add more
constants and additional logic for any new algorithms, I'd like to
change the sign and verify functions to not only accept the current
integers, but also a string so the EVP_get_digestbyname function can be
used.

So while still supporting something list:
openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_SHA1)

It can also be called using:
openssl_sign($data, $signature, $priv_key_id, "SHA1")
openssl_sign($data, $signature, $priv_key_id, "SHA256")

Attached is a patch to illustrate the change made to the PHP_5_2 branch
(only to the sign function but same change would be made to verify as well).
I'd really like to be able to support the string based algorithm rather
than always having to add constants just for the added flexibility but
in any case we really need to add support for more than what we have
now. Personally I'd also like to see this in 5.2.12 but know that might
be pushing it.

Rob

Search Discussions

  • Rasmus Lerdorf at Nov 24, 2009 at 5:40 pm
    Seems like a no-brainer for 5.3 and trunk. You will have to discuss
    with Ilia for 5.2. It seems a bit late in the game for that branch to
    get this.

    -Rasmus

    Rob Richards wrote:
    The openssl extension is way to restrictive in the algorithms it
    supports, i.e. no support for SHA265 which is starting to become the
    standard algo to use, etc.. Rather than having to always add more
    constants and additional logic for any new algorithms, I'd like to
    change the sign and verify functions to not only accept the current
    integers, but also a string so the EVP_get_digestbyname function can be
    used.

    So while still supporting something list:
    openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_SHA1)

    It can also be called using:
    openssl_sign($data, $signature, $priv_key_id, "SHA1")
    openssl_sign($data, $signature, $priv_key_id, "SHA256")

    Attached is a patch to illustrate the change made to the PHP_5_2 branch
    (only to the sign function but same change would be made to verify as
    well).
    I'd really like to be able to support the string based algorithm rather
    than always having to add constants just for the added flexibility but
    in any case we really need to add support for more than what we have
    now. Personally I'd also like to see this in 5.2.12 but know that might
    be pushing it.

    Rob
  • Rob Richards at Nov 24, 2009 at 9:51 pm
    If I had only checked... Appears its been in trunk (and 5_3) for over 2
    years now :)

    Rob

    Rasmus Lerdorf wrote:
    Seems like a no-brainer for 5.3 and trunk. You will have to discuss
    with Ilia for 5.2. It seems a bit late in the game for that branch to
    get this.

    -Rasmus

    Rob Richards wrote:
    The openssl extension is way to restrictive in the algorithms it
    supports, i.e. no support for SHA265 which is starting to become the
    standard algo to use, etc.. Rather than having to always add more
    constants and additional logic for any new algorithms, I'd like to
    change the sign and verify functions to not only accept the current
    integers, but also a string so the EVP_get_digestbyname function can be
    used.

    So while still supporting something list:
    openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_SHA1)

    It can also be called using:
    openssl_sign($data, $signature, $priv_key_id, "SHA1")
    openssl_sign($data, $signature, $priv_key_id, "SHA256")

    Attached is a patch to illustrate the change made to the PHP_5_2 branch
    (only to the sign function but same change would be made to verify as
    well).
    I'd really like to be able to support the string based algorithm rather
    than always having to add constants just for the added flexibility but
    in any case we really need to add support for more than what we have
    now. Personally I'd also like to see this in 5.2.12 but know that might
    be pushing it.

    Rob

  • Ilia Alshanetsky at Nov 24, 2009 at 10:01 pm
    Heh, I think given that we have 5.3 out there (with the code) there is little reason to introduce new features into a bug fix release which is 5.2.
    On 2009-11-24, at 4:51 PM, Rob Richards wrote:

    If I had only checked... Appears its been in trunk (and 5_3) for over 2 years now :)

    Rob

    Rasmus Lerdorf wrote:
    Seems like a no-brainer for 5.3 and trunk. You will have to discuss
    with Ilia for 5.2. It seems a bit late in the game for that branch to
    get this.

    -Rasmus

    Rob Richards wrote:
    The openssl extension is way to restrictive in the algorithms it
    supports, i.e. no support for SHA265 which is starting to become the
    standard algo to use, etc.. Rather than having to always add more
    constants and additional logic for any new algorithms, I'd like to
    change the sign and verify functions to not only accept the current
    integers, but also a string so the EVP_get_digestbyname function can be
    used.

    So while still supporting something list:
    openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_SHA1)

    It can also be called using:
    openssl_sign($data, $signature, $priv_key_id, "SHA1")
    openssl_sign($data, $signature, $priv_key_id, "SHA256")

    Attached is a patch to illustrate the change made to the PHP_5_2 branch
    (only to the sign function but same change would be made to verify as
    well).
    I'd really like to be able to support the string based algorithm rather
    than always having to add constants just for the added flexibility but
    in any case we really need to add support for more than what we have
    now. Personally I'd also like to see this in 5.2.12 but know that might
    be pushing it.

    Rob


    --
    PHP Internals - PHP Runtime Development Mailing List
    To unsubscribe, visit: http://www.php.net/unsub.php

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupphp-internals @
categoriesphp
postedNov 24, '09 at 5:27p
activeNov 24, '09 at 10:01p
posts4
users3
websitephp.net

People

Translate

site design / logo © 2022 Grokbase