Welcome! Log In Create A New Profile

Advanced

[PHP-DEV] ECDSA support in the openssl extension

Posted by Sergey Ryazanov 
Sergey Ryazanov
[PHP-DEV] ECDSA support in the openssl extension
March 20, 2012 11:50PM
Hello all.

Openssl starting from version 0.9.8 supports the ECDSA signature
algorithm. Return value of the openssl_get_md_methods() also includes
"ecdsa-with-SHA1" string. But if I call openssl_sign() with EC key
then I have an error: "key type not supported in this PHP build!".

After some time of digging I discover that this error is rises in the
php_openssl_is_private_key() in the openssl.c file. This function
simply don't includes check for EVP_PKEY_EC. All signature related
actions are performed by OpenSSL library by self and don't depend on
any internal code.

Is any chance that EVP_PKEY_EC check would be added in the next
release? Could I do something to speed up ECDSA adding process?

--
With best wishes
Sergey Ryazanov

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Alexey Shein
Re: [PHP-DEV] ECDSA support in the openssl extension
March 21, 2012 07:30AM
21 марта 2012 г. 3:34 пользователь Sergey Ryazanov
<[email protected]> написал:
> Hello all.
>
> Openssl starting from version 0.9.8 supports the ECDSA signature
> algorithm. Return value of the openssl_get_md_methods() also includes
> "ecdsa-with-SHA1" string. But if I call openssl_sign() with EC key
> then I have an error: "key type not supported in this PHP build!".
>
> After some time of digging I discover that this error is rises in the
> php_openssl_is_private_key() in the openssl.c file. This function
> simply don't includes check for EVP_PKEY_EC. All signature related
> actions are performed by OpenSSL library by self and don't depend on
> any internal code.
>
> Is any chance that EVP_PKEY_EC check would be added in the next
> release? Could I do something to speed up ECDSA adding process?
>

Hello, Sergey,

Best you can do is to open a bug with your question in bugtracker and
send a patch fixing your problem (with test case attached) against php
5.4 branch. Now it's even easier since php-src has finally moved to
git, so you can use github's pull requests mechanism, see
https://wiki.php.net/vcs/gitworkflow#workflow_for_external_contributors
for the workflow and https://wiki.php.net/vcs/gitfaq for general
questions.

Thank you.
> --
> With best wishes
> Sergey Ryazanov
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>



--
Regards,
Shein Alexey

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Sergey Ryazanov
Re: [PHP-DEV] ECDSA support in the openssl extension
March 21, 2012 08:50AM
21 марта 2012 г. 10:27 пользователь Alexey Shein <[email protected]> написал:
> 21 марта 2012 г. 3:34 пользователь Sergey Ryazanov
> <[email protected]> написал:
>> Hello all.
>>
>> Openssl starting from version 0.9.8 supports the ECDSA signature
>> algorithm. Return value of the openssl_get_md_methods() also includes
>> "ecdsa-with-SHA1" string. But if I call openssl_sign() with EC key
>> then I have an error: "key type not supported in this PHP build!".
>>
>> After some time of digging I discover that this error is rises in the
>> php_openssl_is_private_key() in the openssl.c file. This function
>> simply don't includes check for EVP_PKEY_EC. All signature related
>> actions are performed by OpenSSL library by self and don't depend on
>> any internal code.
>>
>> Is any chance that EVP_PKEY_EC check would be added in the next
>> release? Could I do something to speed up ECDSA adding process?
>>
>
> Hello, Sergey,
>
> Best you can do is to open a bug with your question in bugtracker and
> send a patch fixing your problem (with test case attached) against php
> 5.4 branch. Now it's even easier since php-src has finally moved to
> git, so you can use github's pull requests mechanism, see
> https://wiki.php.net/vcs/gitworkflow#workflow_for_external_contributors
> for the workflow and https://wiki.php.net/vcs/gitfaq for general
> questions.
>

Thank you for advice. I do so in couple of days.

Btw is 5.3 branch in development state or only maintenance? If new
feature could be added to the 5.3 branch. I preferred upgrade from
5.3.10 to 5.3.11 instead of 5.3.10 -> 5.4.

--
With best wishes
Sergey Ryazanov

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Alexey Shein
Re: [PHP-DEV] ECDSA support in the openssl extension
March 21, 2012 02:50PM
21 марта 2012 г. 12:43 пользователь Sergey Ryazanov
<[email protected]> написал:
> 21 марта 2012 г. 10:27 пользователь Alexey Shein <[email protected]> написал:
>> 21 марта 2012 г. 3:34 пользователь Sergey Ryazanov
>> <[email protected]> написал:
>>> Hello all.
>>>
>>> Openssl starting from version 0.9.8 supports the ECDSA signature
>>> algorithm. Return value of the openssl_get_md_methods() also includes
>>> "ecdsa-with-SHA1" string. But if I call openssl_sign() with EC key
>>> then I have an error: "key type not supported in this PHP build!".
>>>
>>> After some time of digging I discover that this error is rises in the
>>> php_openssl_is_private_key() in the openssl.c file. This function
>>> simply don't includes check for EVP_PKEY_EC. All signature related
>>> actions are performed by OpenSSL library by self and don't depend on
>>> any internal code.
>>>
>>> Is any chance that EVP_PKEY_EC check would be added in the next
>>> release? Could I do something to speed up ECDSA adding process?
>>>
>>
>> Hello, Sergey,
>>
>> Best you can do is to open a bug with your question in bugtracker and
>> send a patch fixing your problem (with test case attached) against php
>> 5.4 branch. Now it's even easier since php-src has finally moved to
>> git, so you can use github's pull requests mechanism, see
>> https://wiki.php.net/vcs/gitworkflow#workflow_for_external_contributors
>> for the workflow and https://wiki.php.net/vcs/gitfaq for general
>> questions.
>>
>
> Thank you for advice. I do so in couple of days.
>
> Btw is 5.3 branch in development state or only maintenance? If new
> feature could be added to the 5.3 branch. I preferred upgrade from
> 5.3.10 to 5.3.11 instead of 5.3.10 -> 5.4.
>

Can't say for sure, it's better ask maintainers, I've CC'ed David and Johannes.


> --
> With best wishes
> Sergey Ryazanov



--
Regards,
Shein Alexey

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Antony Dovgal
Re: [PHP-DEV] ECDSA support in the openssl extension
March 21, 2012 03:00PM
On 03/21/2012 02:34 AM, Sergey Ryazanov wrote:
> After some time of digging I discover that this error is rises in the
> php_openssl_is_private_key() in the openssl.c file. This function
> simply don't includes check for EVP_PKEY_EC. All signature related
> actions are performed by OpenSSL library by self and don't depend on
> any internal code.
>
> Is any chance that EVP_PKEY_EC check would be added in the next
> release? Could I do something to speed up ECDSA adding process?

Yes!
You can always provide a patch and attach it to the bug report =)

--
Wbr,
Antony Dovgal
---
http://pinba.org - realtime profiling for PHP

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
David Soria Parra
Re: [PHP-DEV] ECDSA support in the openssl extension
March 21, 2012 03:40PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/21/2012 02:44 PM, Alexey Shein wrote:
> 21 марта 2012 г. 12:43 пользователь Sergey Ryazanov
> <[email protected]> написал:
>> 21 марта 2012 г. 10:27 пользователь Alexey Shein
>> <[email protected]> написал:
>>> 21 марта 2012 г. 3:34 пользователь Sergey Ryazanov
>>> <[email protected]> написал:
>>>> Hello all.
>>>>
>>>> Openssl starting from version 0.9.8 supports the ECDSA
>>>> signature algorithm. Return value of the
>>>> openssl_get_md_methods() also includes "ecdsa-with-SHA1"
>>>> string. But if I call openssl_sign() with EC key then I have
>>>> an error: "key type not supported in this PHP build!".
>>>>
>>>> After some time of digging I discover that this error is
>>>> rises in the php_openssl_is_private_key() in the openssl.c
>>>> file. This function simply don't includes check for
>>>> EVP_PKEY_EC. All signature related actions are performed by
>>>> OpenSSL library by self and don't depend on any internal
>>>> code.
>>>>
>>>> Is any chance that EVP_PKEY_EC check would be added in the
>>>> next release? Could I do something to speed up ECDSA adding
>>>> process?
>>>>
>>>
>>> Hello, Sergey,
>>>
>>> Best you can do is to open a bug with your question in
>>> bugtracker and send a patch fixing your problem (with test case
>>> attached) against php 5.4 branch. Now it's even easier since
>>> php-src has finally moved to git, so you can use github's pull
>>> requests mechanism, see
>>> https://wiki.php.net/vcs/gitworkflow#workflow_for_external_contributors
>>>
>>>
for the workflow and https://wiki.php.net/vcs/gitfaq for general
>>> questions.
>>>
>>
>> Thank you for advice. I do so in couple of days.
>>
>> Btw is 5.3 branch in development state or only maintenance? If
>> new feature could be added to the 5.3 branch. I preferred upgrade
>> from 5.3.10 to 5.3.11 instead of 5.3.10 -> 5.4.
>>
>
> Can't say for sure, it's better ask maintainers, I've CC'ed David
> and Johannes.

as long as it doesnt break any BC and only adds one constant I am
fine with having it in 5.4.2.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPaedHAAoJEAT0aMuPE7Z1q3kP/0HbNS7cguw4AZW/B1iY3VJf
/zHKomY12J5BFEQRHLxNzU2yTne40qyiLYlKB+VjBjXBXhgNKHUpUJKeR+kPjg6t
SsqTDxsqYvmWVnb1TC073DmI4/+xKcTYCuNME85PgAvUmnhlw/Yhxc8XsNvOU5gb
dmLTbh+vB5gQJu4aD67fQQWhPwrw29+riccYeZvPgAJ0AJKzl/e5RIC3WwqxRMbx
kLVMkUY0237kTjq+DRc6/p/WKNGsfx67xyIOsaeBUObsQlFynGcC+89vuf2Og7QL
qHMUIk4zf6UUEXNLDr4yp8n2E9cH65cgoxR1L9c2Nmz9Rwt/VxhJO94/fLHqmGBn
kUA/JUnpKOWT+UozeVSj8PJNSTLkmkhRrilqD8vNLjDn2V7DECHUA6QpXN29Vzl4
UW4tUATBsSFnrn41nnVUQ3NV7vWacL0N0sxNcWbmkidIRdj8pp2sKLOhD0Ez9Ot/
WoaTNwGbij5CxWVpYCF2zXiw5Xkfl8MQeMwANMTlBeJZoMm3XYrx4zI93X5ld2Z+
meubAegmwxqwSMz6lflt1OKD8CC4wTJeuKrxzXecgkCX64pw3l7GQq/nKbFtrhoX
Er1M8VqBL8IHzm2TCYNtWsQv2MEIn0O/nXhBFh2gxiqmcYyopbqy3pJTwoVif5qB
eHsMSfDoDUxFkUgqKBJw
=GNQS
-----END PGP SIGNATURE-----

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Pierre Joye
Re: [PHP-DEV] ECDSA support in the openssl extension
March 21, 2012 04:40PM
hi!

On Tue, Mar 20, 2012 at 11:34 PM, Sergey Ryazanov
<r[email protected]> wrote:

> Is any chance that EVP_PKEY_EC check would be added in the next
> release? Could I do something to speed up ECDSA adding process?

Sure thing! I won't have the time to do it soonish but if you can
provide a patch or a pull request (with test please :), then I can
review and apply it quickly.

Cheers,
--
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Johannes Schlüter
Re: [PHP-DEV] ECDSA support in the openssl extension
March 21, 2012 05:00PM
On Wed, 2012-03-21 at 18:44 +0500, Alexey Shein wrote:
> > Btw is 5.3 branch in development state or only maintenance? If new
> > feature could be added to the 5.3 branch. I preferred upgrade from
> > 5.3.10 to 5.3.11 instead of 5.3.10 -> 5.4.
> >
>
> Can't say for sure, it's better ask maintainers, I've CC'ed David and
> Johannes.

Probably one could argue that this is a bug fix, no feature addition. In
general I aim for a quite strickt "no new feature"-rule though in order
to push people to 5.4.

Besides that: hard to say without patch.

johannes



--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Sergey Ryazanov
[PHP-DEV] Re: ECDSA support in the openssl extension
March 23, 2012 01:20PM
Hello all.

> Openssl starting from version 0.9.8 supports the ECDSA signature
> algorithm. Return value of the openssl_get_md_methods() also includes
> "ecdsa-with-SHA1" string. But if I call openssl_sign() with EC key
> then I have an error: "key type not supported in this PHP build!".
>
> After some time of digging I discover that this error is rises in the
> php_openssl_is_private_key() in the openssl.c file. This function
> simply don't includes check for EVP_PKEY_EC. All signature related
> actions are performed by OpenSSL library by self and don't depend on
> any internal code.

I apologize for the clamor. I made premature conclusions. Actually PHP
generates a warning, not an error. And despite this warning ECDSA
signing is working perfectly.

The php_openssl_is_private_key() function determines the presence of
the private key. If this function doesn't know a key's structure of
particular type, then it generate a warning and return a __positive__
result.

Since the OpenSSL header files do not include ec_key_st structure
definition we can not test private key presence. And this warning stay
here permanently until developers from OpenSSL not supplied us with a
special API or definition of the structure. So it goes.

--
With best wishes
Sergey Ryazanov

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Sorry, only registered users may post in this forum.

Click here to login