[PHP-DEV] Re: Bug #20936 Patch for use of public keys

Wed, 11 Dec 2002 13:02:26 -0800 

Hi there,

This is the patch for http://bugs.php.net/bug.php?id=20936
The file mentioned in the bug report is no longer available.
I have very slightly changed the documentation also. 

The patch enables reading of public keys with the function
openssl_pkey_get_public(). The following piece of code
would fail before this patch was applied:

<?php

    $key_string =<<< __EOF__
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ksziC2OJin7FhQZSWwC
wJwYA43Iomrhm9Fw7+JOCwjnDGTu+kdsEVNBitzB3qrKjkMlqqTSaacuwc7EwRDe
FKU0VaGHW8E1S+64juw56LIXEP/0I/r16O/feSd05mlOdNCfsNaZEXRiNQkfySDR
loui+699FuXUGUyfIYBVVUmEpTWaH3+vKOmqM9H3ccndAgGC4PVVEGyDfnLMV+l2
uyc9SMAB+OH9qj9cQqI8rqYHTBB5KxjHqHfskvA9bQZEvGlwfz0+fKU/joMqiUie
RV8YzKuh6G/zo5UFLgNXuYAGRt90zD+Fer9ivNJAx1yPvCp6OAvdCXMmEtgVJr1V
TQIDAQAB
-----END PUBLIC KEY-----
__EOF__;

    $public_key = openssl_pkey_get_public( $key_string );
    if ( !$public_key )
        echo 'Error: ' . openssl_error_string() . "\n";

?>

Result:
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line

This is due to the fact that the php_openssl_evp_from_zval()
function was only able to deal with certificates. Perhaps this was
done on purpose, if so, could anyone explain?

Applying the patch will make the above code work and also enable
the resulting key resource to be used in e.g. the
openssl_public_encrypt() function. 

Also a check was added to the php_openssl_evp_from_zval() which
checks whether a key resource contains a private key if requested
(because now it is possible that the key resource only contains a
public key). For this a new function was introduced:

static int php_openssl_is_private_key(EVP_PKEY* pkey TSRMLS_DC);

TODO: perhaps a nicer solution would be to introduce another
resource type: 'OpenSSL public key'?

Please let me know what you think,
Kind regards,
Jeroen Derks

-- 
drs. Jeroen Derks, CISSP, SCJP     http://www.jeroenderks.com/
[EMAIL PROTECTED]                    http://www.derks.it/
Derks.IT                           gsm. +31 (0) 6 5577 8224
Postbus 56791                      fax. +31 (0) 84 870 6519
1040 AT  Amsterdam                 tel. +31 (0) 20 777 5488

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to