Re: ECDSA support in the openssl extension
Hello all.
> Openssl starting from version 0.9.8 supports the ECDSA signature
> algorithm. Return value of the openssl_get_md_methods() also includes
> "ecdsa-with-SHA1" string. But if I call openssl_sign() with EC key
> then I have an error: "key type not supported in this PHP build!".
>
> After some time of digging I discover that this error is rises in the
> php_openssl_is_private_key() in the openssl.c file. This function
> simply don't includes check for EVP_PKEY_EC. All signature related
> actions are performed by OpenSSL library by self and don't depend on
> any internal code.
I apologize for the clamor. I made premature conclusions. Actually PHP
generates a warning, not an error. And despite this warning ECDSA
signing is working perfectly.
The php_openssl_is_private_key() function determines the presence of
the private key. If this function doesn't know a key's structure of
particular type, then it generate a warning and return a __positive__
result.
Since the OpenSSL header files do not include ec_key_st structure
definition we can not test private key presence. And this warning stay
here permanently until developers from OpenSSL not supplied us with a
special API or definition of the structure. So it goes.
--
With best wishes
Sergey Ryazanov
Thread (9 messages)