Feature/openssl ecc keypair support #1686
Conversation
ext/openssl/openssl.c
Outdated
There was a problem hiding this comment.
could you possibly add extra indent tab when continuing condition - it's a bit more readable then... ;)
There was a problem hiding this comment.
I searched for all the '/^\s+&&/' occurrences within openssl.c and the indentation is always one tab. I leave it like this to be compliant with the file. @bukka Can you refer to a style guide that defines this case. I was not able to find one. Thank you.
There was a problem hiding this comment.
yeah leave it. it was just a suggestion to make it a bit more readable - not really defined anywhere. you are right that it's better to make it consistent with the rest of the file...
|
First of all thanks for this contribution! I cherry-picked the first commit with white space issues (48ae925) so pls merge master into it and it should hopefully reduce the diff (not sure why it's not picked up automatically... :) ) I had a quick look and added few comments. I didn't have time to verify and test it. I think that this would be a nice addition to 7.1 so we still have some time to do that later... ;) But looks good overall! Thanks |
ext/openssl/openssl.c
Outdated
There was a problem hiding this comment.
no aliases should be probably here... :)
|
@bukka Thank you for your time to review the PR and add very helpful comments and thoughts. As I mentioned in my code comment I found a inconsistency with the group parameters. In retrospective taking the patch from https://bugs.php.net/bug.php?id=61204 and fixing a few things was not enough. ;-) I'll update the PR that fixes this additional found issues:
I appreciate the cherry-pick of the white space cleanup. |
|
Fixed the mentioned issues, rebased against current php-src master and squashed commits. The PR is not complete yet. I found a incorrect handling of the private and public key parameters when creating a key from 'd', 'x' and 'y'. |
|
From my side the RP is finished. This version of the PR fixes the following problem: |
|
Thanks. I will take a look a look once I have time and will test it. As I said there is quite a bit of time before 7.1 and need to sort out few other things before that. Thanks again for your work! |
|
Good to know. I'll provide an other patch to openssl_csr_new() that will help to define the content that goes into the x509 extension 'subject alternative name'. |
|
In general this looks like a self-contained addition, potentially eligible for 7.0.next too. So @bukka you may as well review and merge it now. |
|
I'm more in favour of 7.1 for this. It adds a new function and new options for pkey. It is also touching the current code in some places. We should also review it carefully to make sure that everything is fine. Anyway I will take a look once I have more time and finish all other stuff that I plan to do. |
|
@bukka I just realized PHP 7.1 alpha1 was release some days ago. I updated the PR with the latest master. |
|
That's cool. I actually planned to look at this next weekend. Will have to merge few other things before that. I think that we don't need an RFC if no one objects against the future. The AEAD had RFC because we didn't fully agree on API but this is much more straight forward. However it should be definitely introduced on internals. So if you could send an email summarising what exactly is added (new function, extra params for pkey_new...), that would be great. If no one objects for a week or so and all is cool, I will try to merge it before beta. |
ext/openssl/tests/029.phpt
Outdated
| $detailsFromScratch9 = array( | ||
| "ec" => array( | ||
| "curve_name" => "prime192v1", | ||
| "d" => gmp_export("3138550867681922400546388175470823984762234518836963313664"), |
There was a problem hiding this comment.
Just a quick thing that I noticed in your email. Please don't use gmp in openssl tests as it creates dependency on gmp ext which would require extra skip if. Please use hex value in hex2bin.
New features: - openssl_get_curve_names => list ECC curve names - generate a ECC public key pair - generate an CSR with an ECC key - export x,y,d params of ECC public/private key Thanks to @bukka for the review and feedback
| #ifdef HAVE_EVP_PKEY_EC | ||
| } else if ((data = zend_hash_str_find(Z_ARRVAL_P(args), "ec", sizeof("ec") - 1)) != NULL && | ||
| Z_TYPE_P(data) == IS_ARRAY) { | ||
| pkey = EVP_PKEY_new(); |
There was a problem hiding this comment.
C89 compat issue (should be done after definitions)
| && Z_TYPE_P(item) == IS_STRING) { | ||
| req->curve_name = OBJ_sn2nid(Z_STRVAL_P(item)); | ||
| if (req->curve_name == NID_undef) { | ||
| php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown elliptic curve (short) name %s", Z_STRVAL_P(item)); |
There was a problem hiding this comment.
remove TSRMLS_CC from here and everywhere else ;)
|
I just merged #1950 . If you find a little bit of time, it would be great if you could add |
|
@dil ^ |
|
Comment on behalf of bukka at php.net: Superseded by #1959 |
|
@bukka You are a hero. I just wanted to implement your suggestions today. Haven't had the time to look into the improvement due to family time. |
The current ECC (eliptic curver crypthography) support of the OpenSSL extensions has no possibility to generate a EC public key pair.
The PR is a modified version of the patch provided in https://bugs.php.net/bug.php?id=61204 .
The PR also fixes some tabs/spaces formatting issues.