The openssl extension is way to restrictive in the algorithms it
supports, i.e. no support for SHA265 which is starting to become the
standard algo to use, etc.. Rather than having to always add more
constants and additional logic for any new algorithms, I'd like to
change the sign and verify functions to not only accept the current
integers, but also a string so the EVP_get_digestbyname function can be
used.
So while still supporting something list:
openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_SHA1)
It can also be called using:
openssl_sign($data, $signature, $priv_key_id, "SHA1")
openssl_sign($data, $signature, $priv_key_id, "SHA256")
Attached is a patch to illustrate the change made to the PHP_5_2 branch
(only to the sign function but same change would be made to verify as well).
I'd really like to be able to support the string based algorithm rather
than always having to add constants just for the added flexibility but
in any case we really need to add support for more than what we have
now. Personally I'd also like to see this in 5.2.12 but know that might
be pushing it.
Rob
Index: openssl.c
===================================================================
--- openssl.c (revision 291215)
+++ openssl.c (working copy)
@@ -3504,11 +3504,11 @@
}
/* }}} */
-/* {{{ proto bool openssl_sign(string data, &string signature, mixed key[, int
signature_alg])
+/* {{{ proto bool openssl_sign(string data, &string signature, mixed key[,
mixed signature_alg])
Signs data */
PHP_FUNCTION(openssl_sign)
{
- zval **key, *signature;
+ zval **key, *signature, *digest_algo;
EVP_PKEY *pkey;
int siglen;
unsigned char *sigbuf;
@@ -3516,10 +3516,9 @@
char * data;
int data_len;
EVP_MD_CTX md_ctx;
- long signature_algo = OPENSSL_ALGO_SHA1;
- EVP_MD *mdtype;
+ EVP_MD *mdtype = NULL;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szZ|l", &data,
&data_len, &signature, &key, &signature_algo) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szZ|z!", &data,
&data_len, &signature, &key, &digest_algo) == FAILURE) {
return;
}
pkey = php_openssl_evp_from_zval(key, 0, "", 0, &keyresource TSRMLS_CC);
@@ -3528,7 +3527,17 @@
RETURN_FALSE;
}
- mdtype = php_openssl_get_evp_md_from_algo(signature_algo);
+ if ((digest_algo != NULL) && (Z_TYPE_P(digest_algo) == IS_STRING)) {
+ mdtype = EVP_get_digestbyname(Z_STRVAL_P(digest_algo));
+ } else {
+ long signature_algo = OPENSSL_ALGO_SHA1;
+ if ((digest_algo != NULL)) {
+ convert_to_long(digest_algo);
+ signature_algo = Z_LVAL_P(digest_algo);
+ }
+ mdtype = php_openssl_get_evp_md_from_algo(signature_algo);
+ }
+
if (!mdtype) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature
algorithm.");
RETURN_FALSE;
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
