[PHP-CVS] cvs: php4 /ext/openssl openssl.c

[Wez Furlong]

wez             Mon Feb 10 04:49:31 2003 EDT

  Modified files:              
    /php4/ext/openssl   openssl.c 
  Log:
  Add additional optional parameter to openssl_pkcs7_encrypt to specify the
  cipher.  The cipher can be one of the constants listed below.
  
  Based on a patch from:
  stefan at cuba dot ionum dot ch
  
        OPENSSL_CIPHER_RC2_40,   (the default)
        OPENSSL_CIPHER_RC2_128,
        OPENSSL_CIPHER_RC2_64,
        OPENSSL_CIPHER_DES,
        OPENSSL_CIPHER_3DES,
  
  proto bool openssl_pkcs7_encrypt(string infile, string outfile,
     mixed recipcerts, array headers [, long flags [, long cipher]])
  
  
  
Index: php4/ext/openssl/openssl.c
diff -u php4/ext/openssl/openssl.c:1.64 php4/ext/openssl/openssl.c:1.65
--- php4/ext/openssl/openssl.c:1.64     Fri Jan 31 17:15:55 2003
+++ php4/ext/openssl/openssl.c  Mon Feb 10 04:49:30 2003
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: openssl.c,v 1.64 2003/01/31 22:15:55 iliaa Exp $ */
+/* $Id: openssl.c,v 1.65 2003/02/10 09:49:30 wez Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -52,13 +52,23 @@
 static unsigned char arg2and3_force_ref[] =
                        { 3, BYREF_NONE, BYREF_FORCE, BYREF_FORCE };
 
-enum php_openssl_key_type      {
+enum php_openssl_key_type {
        OPENSSL_KEYTYPE_RSA,
        OPENSSL_KEYTYPE_DSA,
        OPENSSL_KEYTYPE_DH,
        OPENSSL_KEYTYPE_DEFAULT = OPENSSL_KEYTYPE_RSA
 };
 
+enum php_openssl_cipher_type {
+       PHP_OPENSSL_CIPHER_RC2_40,
+       PHP_OPENSSL_CIPHER_RC2_128,
+       PHP_OPENSSL_CIPHER_RC2_64,
+       PHP_OPENSSL_CIPHER_DES,
+       PHP_OPENSSL_CIPHER_3DES,
+
+       PHP_OPENSSL_CIPHER_DEFAULT = PHP_OPENSSL_CIPHER_RC2_40
+};
+
 /* {{{ openssl_functions[]
  */
 function_entry openssl_functions[] = {
@@ -570,6 +580,13 @@
        REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, 
CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, 
CONST_CS|CONST_PERSISTENT);
 
+       /* Ciphers */
+       REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_RC2_40", PHP_OPENSSL_CIPHER_RC2_40, 
+CONST_CS|CONST_PERSISTENT);
+       REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_RC2_128", PHP_OPENSSL_CIPHER_RC2_128, 
+CONST_CS|CONST_PERSISTENT);
+       REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_RC2_64", PHP_OPENSSL_CIPHER_RC2_64, 
+CONST_CS|CONST_PERSISTENT);
+       REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_DES", PHP_OPENSSL_CIPHER_DES, 
+CONST_CS|CONST_PERSISTENT);
+       REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_3DES", PHP_OPENSSL_CIPHER_3DES, 
+CONST_CS|CONST_PERSISTENT);
+       
        /* Values for key types */
        REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_RSA", OPENSSL_KEYTYPE_RSA, 
CONST_CS|CONST_PERSISTENT);
 #ifndef NO_DSA
@@ -2141,7 +2158,7 @@
 }
 /* }}} */
 
-/* {{{ proto bool openssl_pkcs7_encrypt(string infile, string outfile, mixed 
recipcerts, array headers [, long flags])
+/* {{{ proto bool openssl_pkcs7_encrypt(string infile, string outfile, mixed 
+recipcerts, array headers [, long flags [, long cipher]])
    Encrypts the message in the file named infile with the certificates in recipcerts 
and output the result to the file named outfile */
 PHP_FUNCTION(openssl_pkcs7_encrypt)
 {
@@ -2154,6 +2171,7 @@
        zval ** zcertval;
        X509 * cert;
        EVP_CIPHER *cipher = NULL;
+       long cipherid = PHP_OPENSSL_CIPHER_DEFAULT;
        uint strindexlen;
        ulong intindex;
        char * strindex;
@@ -2162,10 +2180,11 @@
        
        RETVAL_FALSE;
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssza!|l", &infilename, 
&infilename_len,
-                               &outfilename, &outfilename_len, &zrecipcerts, 
&zheaders, &flags) == FAILURE)
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssza!|ll", &infilename, 
+&infilename_len,
+                               &outfilename, &outfilename_len, &zrecipcerts, 
+&zheaders, &flags, &cipherid) == FAILURE)
                return;
 
+       
        if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || 
php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
                return;
        }
@@ -2225,9 +2244,30 @@
                sk_X509_push(recipcerts, cert);
        }
 
-       /* TODO: allow user to choose a different cipher */
-       cipher = EVP_rc2_40_cbc();
+       /* sanity check the cipher */
+       switch (cipherid) {
+               case PHP_OPENSSL_CIPHER_RC2_40:
+                       cipher = EVP_rc2_40_cbc();
+                       break;
+               case PHP_OPENSSL_CIPHER_RC2_64:
+                       cipher = EVP_rc2_64_cbc();
+                       break;
+               case PHP_OPENSSL_CIPHER_RC2_128:
+                       cipher = EVP_rc2_cbc();
+                       break;
+               case PHP_OPENSSL_CIPHER_DES:
+                       cipher = EVP_des_cbc();
+                       break;
+               case PHP_OPENSSL_CIPHER_3DES:
+                       cipher = EVP_des_ede3_cbc();
+                       break;
+               default:
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid cipher 
+type `%d'", cipherid);
+                       goto clean_exit;
+       }
        if (cipher == NULL) {
+               /* shouldn't happen */
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to get cipher");
                goto clean_exit;
        }
 



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php