Edit report at https://bugs.php.net/bug.php?id=38917&edit=1
ID: 38917 Updated by: paj...@php.net Reported by: zeph at purotesto dot it Summary: OpenSSL: signing function for spkac -Status: Open +Status: Feedback Type: Feature/Change Request Package: OpenSSL related Operating System: Irrilevant PHP Version: trunk Block user comment: N Private report: N New Comment: Please see the phpt files in ext/openssl/tests/ this is how tests should be written. Further explanations are available here: http://qa.php.net/ Thanks! Previous Comments: ------------------------------------------------------------------------ [2011-12-14 11:40:42] jason dot gerfen at gmail dot com <form id="spkac" name="spkac" method="post" action="openssl-spki.php"> <keygen name="spki-key" keytype="rsa" challenge="testing"></keygen> <input type="submit"> </form> <?php if (!empty($_POST['spki-key'])) { echo '<pre>'; print_r($_POST['spki-key']); echo '</pre>'; } if (empty($_POST['spki-key'])){ echo "Generating private key..."; $key = openssl_pkey_new(array('digest_alg' => 'sha1', 'private_key_type' => OPENSSL_KEYTYPE_RSA, 'private_key_bits' => 2048)); echo "done<br/>"; echo "============================<br/>"; } if (empty($_POST['spki-key'])){ echo "Creating SPKAC...<br/>"; if (function_exists('openssl_spki_new')){ $spki = openssl_spki_new($key, 'wtfd00d'); echo "<pre>".$spki."</pre>"; } echo "<br/>done<br/>"; echo "============================<br/>"; } echo "Verifying SPKAC...<br/>"; if (function_exists('openssl_spki_verify')){ $y = (empty($_POST['spki-key'])) ? openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) : openssl_spki_verify($_POST['spki-key']); var_dump($y); } echo "<br/>============================<br/>"; echo "Exporting challenge from SPKAC...<br/>"; if (function_exists('openssl_spki_export_challenge')){ $x = (empty($_POST['spki-key'])) ? openssl_spki_export_challenge(preg_replace('/SPKAC=/', '', $spki)) : openssl_spki_export_challenge($_POST['spki-key']); echo $x; } echo "<br/>done<br/>"; echo "============================<br/>"; echo "Exporting public key from SPKAC...<br/>"; if (function_exists('openssl_spki_export')){ $z = (empty($_POST['spki-key'])) ? openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) : openssl_spki_export($_POST['spki-key']); echo '<pre>'; print_r($z); echo '</pre>'; } echo "<br/>============================<br/>"; echo "SPKAC details...<br/>"; if (function_exists('openssl_spki_details')){ $w = (empty($_POST['spki-key'])) ? openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) : openssl_spki_details($_POST['spki-key']); echo '<pre>'; print_r($w); echo '</pre>'; } echo "done<br/>"; echo "============================<br/>"; if (empty($_POST['spki-key'])){ openssl_free_key($key); } ?> ------------------------------------------------------------------------ [2011-12-13 17:04:07] paj...@php.net Hi! Thanks for the patch, please add some test cases as well (phpt format) so we can easily valid the new functions. Also be sure that the patched ssl can still be built against older openssl version as we still support them (0.9.x serie for trunk and 5.4). ------------------------------------------------------------------------ [2011-12-13 16:56:43] jason dot gerfen at gmail dot com Since I have not seen any changes on this I am going to post the patch to php- internals list. ------------------------------------------------------------------------ [2011-12-08 10:57:03] jason dot gerfen at gmail dot com I modified the test case and fixed a slight memory problem that would occasionally take place when allocating memory for the openssl_spki_new() return value. echo "Generating private key..."; $key = openssl_pkey_new(array('digest_alg' => 'sha1', 'private_key_type' => OPENSSL_KEYTYPE_RSA, 'private_key_bits' => 2048)); echo "done\n"; echo "============================\n"; echo "Creating SPKAC...\n"; if (function_exists('openssl_spki_new')){ $spki = openssl_spki_new($key, 'wtfd00d'); echo $spki; } echo "done\n"; echo "============================\n"; echo "SPKAC details...\n"; if (function_exists('openssl_spki_details')){ $x = (empty($_POST['spki-key'])) ? openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) : openssl_spki_details($_POST['spki-key']); var_dump($x); } echo "done\n"; echo "============================\n"; echo "Verifying SPKAC...\n"; if (function_exists('openssl_spki_verify')){ $y = (empty($_POST['spki-key'])) ? openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) : openssl_spki_verify($_POST['spki-key']); var_dump($y); } echo "\n============================\n"; echo "Exporting public key from SPKAC...\n"; if (function_exists('openssl_spki_export')){ $z = (empty($_POST['spki-key'])) ? openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) : openssl_spki_export($_POST['spki-key']); var_dump($z); } ------------------------------------------------------------------------ [2011-12-06 11:28:50] jason dot gerfen at gmail dot com Here is a patch to implement three new functions to help with verification of the SPKAC HTML keygen element. To patch: 1. Download PHP-5.3.8 2. Download patch from here (spki.patch) 3. Apply patch %> patch -p0 < spki.patch 4. Configure and compiled PHP %> ./configure --with-openssl=/path/to/openssl %> make && make install Test script: $key = openssl_pkey_new(array('digest_alg' => 'sha1', 'private_key_type' => OPENSSL_KEYTYPE_RSA, 'private_key_bits' => 2048)); if (function_exists('openssl_spki_new')){ $spki = openssl_spki_new($key, 'password'); echo $spki.'\n\r'; } if (function_exists('openssl_spki_verify')){ echo openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)).'\n\r'; } if (function_exists('openssl_spki_export')){ echo openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)).'\n\r'; } ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=38917 -- Edit this bug report at https://bugs.php.net/bug.php?id=38917&edit=1
