dmitry Wed Jul 11 12:10:28 2007 UTC Modified files: /php-src/ext/openssl openssl.c /php-src/ext/openssl/tests 005.phpt bug28382.phpt Log: Unicode support improved openssl_x509_parse() extensions support
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.144&r2=1.145&diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.144 php-src/ext/openssl/openssl.c:1.145 --- php-src/ext/openssl/openssl.c:1.144 Wed Jul 11 07:35:53 2007 +++ php-src/ext/openssl/openssl.c Wed Jul 11 12:10:28 2007 @@ -20,7 +20,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: openssl.c,v 1.144 2007/07/11 07:35:53 dmitry Exp $ */ +/* $Id: openssl.c,v 1.145 2007/07/11 12:10:28 dmitry Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -283,11 +283,11 @@ str = X509_NAME_ENTRY_get_data(ne); if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) { to_add_len = ASN1_STRING_to_UTF8(&to_add, str); - add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1); + add_next_index_utf8_stringl(subentries, (char *)to_add, to_add_len, 1); } else { to_add = ASN1_STRING_data(str); to_add_len = ASN1_STRING_length(str); - add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1); + add_next_index_utf8_stringl(subentries, (char *)to_add, to_add_len, 1); } } last = j; @@ -295,24 +295,36 @@ i = last; if (obj_cnt > 1) { - add_assoc_zval_ex(subitem, sname, strlen(sname) + 1, subentries); + add_ascii_assoc_zval_ex(subitem, sname, strlen(sname) + 1, subentries); } else { zval_dtor(subentries); FREE_ZVAL(subentries); if (obj_cnt && str) { - add_assoc_stringl(subitem, sname, (char *)to_add, to_add_len, 1); + add_ascii_assoc_utf8_stringl(subitem, sname, (char *)to_add, to_add_len, 1); } } } if (key != NULL) { - zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void *)&subitem, sizeof(subitem), NULL); + add_ascii_assoc_zval_ex(val, key, strlen(key) + 1, subitem); } } /* }}} */ static void add_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str) /* {{{ */ { - add_assoc_stringl(val, key, (char *)str->data, str->length, 1); + unsigned char *data; + int data_len; + TSRMLS_FETCH(); + + if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) { + data = ASN1_STRING_data(str); + data_len = ASN1_STRING_length(str); + add_ascii_assoc_stringl(val, key, (char*)data, data_len, 1); + } else { + data = ASN1_STRING_data(str); + data_len = ASN1_STRING_length(str); + add_ascii_assoc_utf8_stringl(val, key, (char*)data, data_len, 1); + } } /* }}} */ @@ -443,13 +455,15 @@ req->config_filename, req->var, req->req_config TSRMLS_CC) == FAILURE) return FAILURE #define SET_OPTIONAL_STRING_ARG(key, varname, defval) \ - if (optional_args && zend_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)&item) == SUCCESS) \ + if (optional_args && zend_ascii_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)&item) == SUCCESS) { \ + convert_to_string_ex(item); \ varname = Z_STRVAL_PP(item); \ - else \ - varname = defval + } else \ + varname = defval; + #define SET_OPTIONAL_LONG_ARG(key, varname, defval) \ - if (optional_args && zend_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)&item) == SUCCESS) \ + if (optional_args && zend_ascii_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)&item) == SUCCESS) \ varname = Z_LVAL_PP(item); \ else \ varname = defval @@ -985,8 +999,11 @@ char * tmpstr; zval * subitem; X509_EXTENSION *extension; - ASN1_OCTET_STRING *extdata; char *extname; + BIO *bio_out; + BUF_MEM *bio_buf; + char buf[256]; + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Z|b", &zcert, &useshortnames) == FAILURE) { return; @@ -998,37 +1015,37 @@ array_init(return_value); if (cert->name) { - add_assoc_string(return_value, "name", cert->name, 1); + add_ascii_assoc_string(return_value, "name", cert->name, 1); } -/* add_assoc_bool(return_value, "valid", cert->valid); */ +/* add_ascii_assoc_bool(return_value, "valid", cert->valid); */ add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC); /* hash as used in CA directories to lookup cert by subject name */ { char buf[32]; snprintf(buf, sizeof(buf), "%08lx", X509_subject_name_hash(cert)); - add_assoc_string(return_value, "hash", buf, 1); + add_ascii_assoc_string(return_value, "hash", buf, 1); } add_assoc_name_entry(return_value, "issuer", X509_get_issuer_name(cert), useshortnames TSRMLS_CC); - add_assoc_long(return_value, "version", X509_get_version(cert)); + add_ascii_assoc_long(return_value, "version", X509_get_version(cert)); - add_assoc_string(return_value, "serialNumber", i2s_ASN1_INTEGER(NULL, X509_get_serialNumber(cert)), 1); + add_ascii_assoc_string(return_value, "serialNumber", i2s_ASN1_INTEGER(NULL, X509_get_serialNumber(cert)), 1); add_assoc_asn1_string(return_value, "validFrom", X509_get_notBefore(cert)); add_assoc_asn1_string(return_value, "validTo", X509_get_notAfter(cert)); - add_assoc_long(return_value, "validFrom_time_t", asn1_time_to_time_t(X509_get_notBefore(cert) TSRMLS_CC)); - add_assoc_long(return_value, "validTo_time_t", asn1_time_to_time_t(X509_get_notAfter(cert) TSRMLS_CC)); + add_ascii_assoc_long(return_value, "validFrom_time_t", asn1_time_to_time_t(X509_get_notBefore(cert) TSRMLS_CC)); + add_ascii_assoc_long(return_value, "validTo_time_t", asn1_time_to_time_t(X509_get_notAfter(cert) TSRMLS_CC)); tmpstr = (char *)X509_alias_get0(cert, NULL); if (tmpstr) { - add_assoc_string(return_value, "alias", tmpstr, 1); + add_ascii_assoc_string(return_value, "alias", tmpstr, 1); } /* - add_assoc_long(return_value, "signaturetypeLONG", X509_get_signature_type(cert)); - add_assoc_string(return_value, "signaturetype", OBJ_nid2sn(X509_get_signature_type(cert)), 1); - add_assoc_string(return_value, "signaturetypeLN", OBJ_nid2ln(X509_get_signature_type(cert)), 1); + add_ascii_assoc_long(return_value, "signaturetypeLONG", X509_get_signature_type(cert)); + add_ascii_assoc_string(return_value, "signaturetype", OBJ_nid2sn(X509_get_signature_type(cert)), 1); + add_ascii_assoc_string(return_value, "signaturetypeLN", OBJ_nid2ln(X509_get_signature_type(cert)), 1); */ MAKE_STD_ZVAL(subitem); array_init(subitem); @@ -1060,19 +1077,29 @@ add_index_zval(subitem, id, subsub); } - add_assoc_zval(return_value, "purposes", subitem); + add_ascii_assoc_zval(return_value, "purposes", subitem); MAKE_STD_ZVAL(subitem); array_init(subitem); - for (i = 0; i < X509_get_ext_count(cert); i++) { extension = X509_get_ext(cert, i); - extdata = X509_EXTENSION_get_data(extension); - extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); - add_assoc_asn1_string(subitem, extname, extdata); + if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { + extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); + } else { + OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); + extname = buf; + } + bio_out = BIO_new(BIO_s_mem()); + if (X509V3_EXT_print(bio_out, extension, 0, 0)) { + BIO_get_mem_ptr(bio_out, &bio_buf); + add_ascii_assoc_utf8_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); + } else { + add_assoc_asn1_string(subitem, extname, X509_EXTENSION_get_data(extension)); + } + BIO_free(bio_out); } - add_assoc_zval(return_value, "extensions", subitem); + add_ascii_assoc_zval(return_value, "extensions", subitem); if (certresource == -1 && cert) { X509_free(cert); @@ -1583,7 +1610,7 @@ BIO_get_mem_ptr(bio_out, &bio_buf); MAKE_STD_ZVAL(zcert); ZVAL_STRINGL(zcert, bio_buf->data, bio_buf->length, 1); - add_assoc_zval(zout, "cert", zcert); + add_ascii_assoc_zval(zout, "cert", zcert); } BIO_free(bio_out); @@ -1593,7 +1620,7 @@ BIO_get_mem_ptr(bio_out, &bio_buf); MAKE_STD_ZVAL(zpkey); ZVAL_STRINGL(zpkey, bio_buf->data, bio_buf->length, 1); - add_assoc_zval(zout, "pkey", zpkey); + add_ascii_assoc_zval(zout, "pkey", zpkey); } BIO_free(bio_out); @@ -1620,7 +1647,7 @@ } if(ca) { sk_X509_free(ca); - add_assoc_zval(zout, "extracerts", zextracerts); + add_ascii_assoc_zval(zout, "extracerts", zextracerts); } else { zval_dtor(zextracerts); } @@ -1687,26 +1714,40 @@ zstr strindex = NULL_ZSTR; uint strindexlen = 0; ulong intindex; + zend_uchar index_type; + zval index; - zend_hash_get_current_key_ex(HASH_OF(dn), &strindex, &strindexlen, &intindex, 0, &hpos); + index_type = zend_hash_get_current_key_ex(HASH_OF(dn), &strindex, &strindexlen, &intindex, 0, &hpos); + if (index_type == IS_UNICODE) { + ZVAL_UNICODEL(&index, strindex.u, strindexlen-1, 1); + convert_to_string(&index); + } else { + ZVAL_STRINGL(&index, strindex.s, strindexlen-1, 0); + } convert_to_string_ex(item); - if (strindex.s) { + if (Z_STRVAL(index)) { int nid; - nid = OBJ_txt2nid(strindex.s); + nid = OBJ_txt2nid(Z_STRVAL(index)); if (nid != NID_undef) { if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_ASC, (unsigned char*)Z_STRVAL_PP(item), -1, -1, 0)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "dn: add_entry_by_NID %d -> %s (failed)", nid, Z_STRVAL_PP(item)); + if (index_type == IS_UNICODE) { + zval_dtor(&index); + } return FAILURE; } } else { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "dn: %s is not a recognized name", strindex.s); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "dn: %s is not a recognized name", Z_STRVAL(index)); } } + if (index_type == IS_UNICODE) { + zval_dtor(&index); + } zend_hash_move_forward_ex(HASH_OF(dn), &hpos); } @@ -1762,23 +1803,38 @@ zstr strindex; uint strindexlen; ulong intindex; + zend_uchar index_type; + zval index; + + index_type = zend_hash_get_current_key_ex(HASH_OF(attribs), &strindex, &strindexlen, &intindex, 0, &hpos); + if (index_type == IS_UNICODE) { + ZVAL_UNICODEL(&index, strindex.u, strindexlen-1, 1); + convert_to_string(&index); + } else { + ZVAL_STRINGL(&index, strindex.s, strindexlen-1, 0); + } - zend_hash_get_current_key_ex(HASH_OF(attribs), &strindex, &strindexlen, &intindex, 0, &hpos); convert_to_string_ex(item); - if (strindex.s) { + if (Z_STRVAL(index)) { int nid; - nid = OBJ_txt2nid(strindex.s); + nid = OBJ_txt2nid(Z_STRVAL(index)); if (nid != NID_undef) { if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_ASC, (unsigned char*)Z_STRVAL_PP(item), -1, -1, 0)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "attribs: add_entry_by_NID %d -> %s (failed)", nid, Z_STRVAL_PP(item)); + if (index_type == IS_UNICODE) { + zval_dtor(&index); + } return FAILURE; } } else { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "dn: %s is not a recognized name", strindex.s); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "dn: %s is not a recognized name", Z_STRVAL(index)); } } + if (index_type == IS_UNICODE) { + zval_dtor(&index); + } zend_hash_move_forward_ex(HASH_OF(attribs), &hpos); } for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++) { @@ -2704,8 +2760,8 @@ pbio_len = BIO_get_mem_data(out, &pbio); array_init(return_value); - add_assoc_long(return_value, "bits", EVP_PKEY_bits(pkey)); - add_assoc_stringl(return_value, "key", pbio, pbio_len, 1); + add_ascii_assoc_long(return_value, "bits", EVP_PKEY_bits(pkey)); + add_ascii_assoc_stringl(return_value, "key", pbio, pbio_len, 1); /*TODO: Use the real values once the openssl constants are used * See the enum at the top of this file */ @@ -2732,7 +2788,7 @@ ktype = -1; break; } - add_assoc_long(return_value, "type", ktype); + add_ascii_assoc_long(return_value, "type", ktype); BIO_free(out); } http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/005.phpt?r1=1.3&r2=1.4&diff_format=u Index: php-src/ext/openssl/tests/005.phpt diff -u php-src/ext/openssl/tests/005.phpt:1.3 php-src/ext/openssl/tests/005.phpt:1.4 --- php-src/ext/openssl/tests/005.phpt:1.3 Thu Apr 5 07:24:21 2007 +++ php-src/ext/openssl/tests/005.phpt Wed Jul 11 12:10:28 2007 @@ -32,3 +32,20 @@ } string(15) "*.triconnect.nl" +--UEXPECTF-- +array(6) { + [u"C"]=> + unicode(2) "NL" + [u"ST"]=> + unicode(13) "Noord Brabant" + [u"L"]=> + unicode(4) "Uden" + [u"O"]=> + unicode(10) "Triconnect" + [u"OU"]=> + unicode(10) "Triconnect" + [u"CN"]=> + unicode(15) "*.triconnect.nl" +} + +unicode(15) "*.triconnect.nl" http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug28382.phpt?r1=1.4&r2=1.5&diff_format=u Index: php-src/ext/openssl/tests/bug28382.phpt diff -u php-src/ext/openssl/tests/bug28382.phpt:1.4 php-src/ext/openssl/tests/bug28382.phpt:1.5 --- php-src/ext/openssl/tests/bug28382.phpt:1.4 Wed May 30 15:40:17 2007 +++ php-src/ext/openssl/tests/bug28382.phpt Wed Jul 11 12:10:28 2007 @@ -14,25 +14,56 @@ --EXPECTF-- array(11) { ["basicConstraints"]=> - string(2) "%s" + string(8) "CA:FALSE" ["nsComment"]=> - string(40) "%s" + string(38) "For Grid use only; request tag userTag" ["nsCertType"]=> - string(4) "%s" + string(30) "SSL Client, SSL Server, S/MIME" ["crlDistributionPoints"]=> - string(56) "%s" + string(51) "URI:http://mobile.blue-software.ro:90/ca/crl.shtml +" ["nsCaPolicyUrl"]=> - string(40) "%s" + string(38) "http://mobile.blue-software.ro:90/pub/" ["subjectAltName"]=> - string(26) "%s" + string(28) "email:[EMAIL PROTECTED]" ["subjectKeyIdentifier"]=> - string(22) "%s" + string(59) "B0:A7:FF:F9:41:15:DE:23:39:BD:DD:31:0F:97:A0:B2:A2:74:E0:FC" ["authorityKeyIdentifier"]=> - string(159) "%s" + string(115) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/[EMAIL PROTECTED] +serial:00 +" ["keyUsage"]=> - string(4) "%s" + string(71) "Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment" ["nsBaseUrl"]=> - string(22) "%s" - ["UNDEF"]=> + string(20) "http://62.231.98.52/" + ["1.2.3.4"]=> string(4) "%s" } +--UEXPECTF-- +array(11) { + [u"basicConstraints"]=> + unicode(8) "CA:FALSE" + [u"nsComment"]=> + unicode(38) "For Grid use only; request tag userTag" + [u"nsCertType"]=> + unicode(30) "SSL Client, SSL Server, S/MIME" + [u"crlDistributionPoints"]=> + unicode(51) "URI:http://mobile.blue-software.ro:90/ca/crl.shtml +" + [u"nsCaPolicyUrl"]=> + unicode(38) "http://mobile.blue-software.ro:90/pub/" + [u"subjectAltName"]=> + unicode(28) "email:[EMAIL PROTECTED]" + [u"subjectKeyIdentifier"]=> + unicode(59) "B0:A7:FF:F9:41:15:DE:23:39:BD:DD:31:0F:97:A0:B2:A2:74:E0:FC" + [u"authorityKeyIdentifier"]=> + unicode(115) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/[EMAIL PROTECTED] +serial:00 +" + [u"keyUsage"]=> + unicode(71) "Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment" + [u"nsBaseUrl"]=> + unicode(20) "http://62.231.98.52/" + [u"1.2.3.4"]=> + string(4) "%s" +} \ No newline at end of file
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php