pajoye          Sat Jul 29 21:54:45 2006 UTC

  Added files:                 
    /php-src/ext/openssl/tests  bug37820key.pem bug37820cert.pem 
                                bug37820.phpt 

  Modified files:              
    /php-src/ext/openssl        openssl.c 
  Log:
  - #37820, add support for algorithm type in openssl_verify()
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.106&r2=1.107&diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.106 php-src/ext/openssl/openssl.c:1.107
--- php-src/ext/openssl/openssl.c:1.106 Sun Apr 30 23:45:13 2006
+++ php-src/ext/openssl/openssl.c       Sat Jul 29 21:54:45 2006
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: openssl.c,v 1.106 2006/04/30 23:45:13 wez Exp $ */
+/* $Id: openssl.c,v 1.107 2006/07/29 21:54:45 pajoye Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -563,6 +563,30 @@
        }
        return SUCCESS;
 }
+
+static EVP_MD * php_openssl_get_evp_md_from_algo(long algo) { /* {{{ */
+       EVP_MD *mdtype;
+
+       switch (algo) {
+               case OPENSSL_ALGO_SHA1:
+                       mdtype = (EVP_MD *) EVP_sha1();
+                       break;
+               case OPENSSL_ALGO_MD5:
+                       mdtype = (EVP_MD *) EVP_md5();
+                       break;
+               case OPENSSL_ALGO_MD4:
+                       mdtype = (EVP_MD *) EVP_md4();
+                       break;
+               case OPENSSL_ALGO_MD2:
+                       mdtype = (EVP_MD *) EVP_md2();
+                       break;
+               default:
+                       return NULL;
+                       break;
+       }
+       return mdtype;
+}
+/* }}} */
 /* }}} */
 
 /* {{{ PHP_MINIT_FUNCTION
@@ -2860,7 +2884,7 @@
 }
 /* }}} */
 
-/* {{{ proto bool openssl_sign(string data, &string signature, mixed key)
+/* {{{ proto bool openssl_sign(string data, &string signature, mixed key[, int 
signature_alg])
    Signs data */
 PHP_FUNCTION(openssl_sign)
 {
@@ -2884,23 +2908,10 @@
                RETURN_FALSE;
        }
 
-       switch (signature_algo) {
-               case OPENSSL_ALGO_SHA1:
-                       mdtype = (EVP_MD *) EVP_sha1();
-                       break;
-               case OPENSSL_ALGO_MD5:
-                       mdtype = (EVP_MD *) EVP_md5();
-                       break;
-               case OPENSSL_ALGO_MD4:
-                       mdtype = (EVP_MD *) EVP_md4();
-                       break;
-               case OPENSSL_ALGO_MD2:
-                       mdtype = (EVP_MD *) EVP_md2();
-                       break;
-               default:
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown 
signature algorithm.");
-                       RETURN_FALSE;
-                       break;
+       mdtype = php_openssl_get_evp_md_from_algo(signature_algo);
+       if (!mdtype) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature 
algorithm.");
+               RETURN_FALSE;
        }
 
        siglen = EVP_PKEY_size(pkey);
@@ -2931,21 +2942,29 @@
        EVP_PKEY *pkey;
        int err;
        EVP_MD_CTX     md_ctx;
+       EVP_MD *mdtype;
        long keyresource = -1;
        char * data;    int data_len;
        char * signature;       int signature_len;
-
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssz", &data, 
&data_len, &signature, &signature_len, &key) == FAILURE) {
+       long signature_algo = OPENSSL_ALGO_SHA1;
+       
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssz|l", &data, 
&data_len, &signature, &signature_len, &key, &signature_algo) == FAILURE) {
                return;
        }
-       
+
+       mdtype = php_openssl_get_evp_md_from_algo(signature_algo);
+       if (!mdtype) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature 
algorithm.");
+               RETURN_FALSE;
+       }
+
        pkey = php_openssl_evp_from_zval(&key, 1, NULL, 0, &keyresource 
TSRMLS_CC);
        if (pkey == NULL) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "supplied key param 
cannot be coerced into a public key");
                RETURN_FALSE;
        }
 
-       EVP_VerifyInit   (&md_ctx, EVP_sha1());
+       EVP_VerifyInit   (&md_ctx, mdtype);
        EVP_VerifyUpdate (&md_ctx, data, data_len);
        err = EVP_VerifyFinal (&md_ctx, signature, signature_len, pkey);
 

http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug37820key.pem?view=markup&rev=1.1
Index: php-src/ext/openssl/tests/bug37820key.pem
+++ php-src/ext/openssl/tests/bug37820key.pem
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
-----END RSA PRIVATE KEY-----

http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug37820cert.pem?view=markup&rev=1.1
Index: php-src/ext/openssl/tests/bug37820cert.pem
+++ php-src/ext/openssl/tests/bug37820cert.pem
-----BEGIN CERTIFICATE-----
MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
-----END CERTIFICATE-----

http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug37820.phpt?view=markup&rev=1.1
Index: php-src/ext/openssl/tests/bug37820.phpt
+++ php-src/ext/openssl/tests/bug37820.phpt
--TEST--
openssl_sign/verify: accept different algos 
--SKIPIF--
<?php 
if (!extension_loaded("openssl")) die("skip"); 
?>
--FILE--
<?php 
$dir = dirname(__FILE__);
$file_pub = $dir . '/bug37820cert.pem';
$file_key = $dir . '/bug37820key.pem';

$priv_key = file_get_contents($file_key);
$priv_key_id = openssl_get_privatekey($priv_key);



$pub_key = file_get_contents($file_pub);
$pub_key_id = openssl_get_publickey($pub_key);
$data = "some custom data";
if (!openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_MD5)) {
        echo "openssl_sign failed.";
}

$ok = openssl_verify($data, $signature, $pub_key_id, OPENSSL_ALGO_MD5);
if ($ok == 1) {
   echo "Ok";
} elseif ($ok == 0) {
   echo "openssl_verify failed.";
}


?>
--EXPECTF--
Ok

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to