pajoye Sat Jul 29 21:54:45 2006 UTC
Added files:
/php-src/ext/openssl/tests bug37820key.pem bug37820cert.pem
bug37820.phpt
Modified files:
/php-src/ext/openssl openssl.c
Log:
- #37820, add support for algorithm type in openssl_verify()
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.106&r2=1.107&diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.106 php-src/ext/openssl/openssl.c:1.107
--- php-src/ext/openssl/openssl.c:1.106 Sun Apr 30 23:45:13 2006
+++ php-src/ext/openssl/openssl.c Sat Jul 29 21:54:45 2006
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: openssl.c,v 1.106 2006/04/30 23:45:13 wez Exp $ */
+/* $Id: openssl.c,v 1.107 2006/07/29 21:54:45 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -563,6 +563,30 @@
}
return SUCCESS;
}
+
+static EVP_MD * php_openssl_get_evp_md_from_algo(long algo) { /* {{{ */
+ EVP_MD *mdtype;
+
+ switch (algo) {
+ case OPENSSL_ALGO_SHA1:
+ mdtype = (EVP_MD *) EVP_sha1();
+ break;
+ case OPENSSL_ALGO_MD5:
+ mdtype = (EVP_MD *) EVP_md5();
+ break;
+ case OPENSSL_ALGO_MD4:
+ mdtype = (EVP_MD *) EVP_md4();
+ break;
+ case OPENSSL_ALGO_MD2:
+ mdtype = (EVP_MD *) EVP_md2();
+ break;
+ default:
+ return NULL;
+ break;
+ }
+ return mdtype;
+}
+/* }}} */
/* }}} */
/* {{{ PHP_MINIT_FUNCTION
@@ -2860,7 +2884,7 @@
}
/* }}} */
-/* {{{ proto bool openssl_sign(string data, &string signature, mixed key)
+/* {{{ proto bool openssl_sign(string data, &string signature, mixed key[, int
signature_alg])
Signs data */
PHP_FUNCTION(openssl_sign)
{
@@ -2884,23 +2908,10 @@
RETURN_FALSE;
}
- switch (signature_algo) {
- case OPENSSL_ALGO_SHA1:
- mdtype = (EVP_MD *) EVP_sha1();
- break;
- case OPENSSL_ALGO_MD5:
- mdtype = (EVP_MD *) EVP_md5();
- break;
- case OPENSSL_ALGO_MD4:
- mdtype = (EVP_MD *) EVP_md4();
- break;
- case OPENSSL_ALGO_MD2:
- mdtype = (EVP_MD *) EVP_md2();
- break;
- default:
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown
signature algorithm.");
- RETURN_FALSE;
- break;
+ mdtype = php_openssl_get_evp_md_from_algo(signature_algo);
+ if (!mdtype) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature
algorithm.");
+ RETURN_FALSE;
}
siglen = EVP_PKEY_size(pkey);
@@ -2931,21 +2942,29 @@
EVP_PKEY *pkey;
int err;
EVP_MD_CTX md_ctx;
+ EVP_MD *mdtype;
long keyresource = -1;
char * data; int data_len;
char * signature; int signature_len;
-
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssz", &data,
&data_len, &signature, &signature_len, &key) == FAILURE) {
+ long signature_algo = OPENSSL_ALGO_SHA1;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssz|l", &data,
&data_len, &signature, &signature_len, &key, &signature_algo) == FAILURE) {
return;
}
-
+
+ mdtype = php_openssl_get_evp_md_from_algo(signature_algo);
+ if (!mdtype) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature
algorithm.");
+ RETURN_FALSE;
+ }
+
pkey = php_openssl_evp_from_zval(&key, 1, NULL, 0, &keyresource
TSRMLS_CC);
if (pkey == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "supplied key param
cannot be coerced into a public key");
RETURN_FALSE;
}
- EVP_VerifyInit (&md_ctx, EVP_sha1());
+ EVP_VerifyInit (&md_ctx, mdtype);
EVP_VerifyUpdate (&md_ctx, data, data_len);
err = EVP_VerifyFinal (&md_ctx, signature, signature_len, pkey);
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug37820key.pem?view=markup&rev=1.1
Index: php-src/ext/openssl/tests/bug37820key.pem
+++ php-src/ext/openssl/tests/bug37820key.pem
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
-----END RSA PRIVATE KEY-----
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug37820cert.pem?view=markup&rev=1.1
Index: php-src/ext/openssl/tests/bug37820cert.pem
+++ php-src/ext/openssl/tests/bug37820cert.pem
-----BEGIN CERTIFICATE-----
MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
-----END CERTIFICATE-----
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug37820.phpt?view=markup&rev=1.1
Index: php-src/ext/openssl/tests/bug37820.phpt
+++ php-src/ext/openssl/tests/bug37820.phpt
--TEST--
openssl_sign/verify: accept different algos
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$dir = dirname(__FILE__);
$file_pub = $dir . '/bug37820cert.pem';
$file_key = $dir . '/bug37820key.pem';
$priv_key = file_get_contents($file_key);
$priv_key_id = openssl_get_privatekey($priv_key);
$pub_key = file_get_contents($file_pub);
$pub_key_id = openssl_get_publickey($pub_key);
$data = "some custom data";
if (!openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_MD5)) {
echo "openssl_sign failed.";
}
$ok = openssl_verify($data, $signature, $pub_key_id, OPENSSL_ALGO_MD5);
if ($ok == 1) {
echo "Ok";
} elseif ($ok == 0) {
echo "openssl_verify failed.";
}
?>
--EXPECTF--
Ok
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
