pajoye                                   Mon, 21 Jun 2010 08:47:25 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=300629

Log:
- #48632, ssl AES support

Bug: http://bugs.php.net/48632 (Assigned) OpenSSL extension should support AES
      
Changed paths:
    U   php/php-src/trunk/NEWS
    U   php/php-src/trunk/ext/openssl/openssl.c

Modified: php/php-src/trunk/NEWS
===================================================================
--- php/php-src/trunk/NEWS      2010-06-21 07:30:48 UTC (rev 300628)
+++ php/php-src/trunk/NEWS      2010-06-21 08:47:25 UTC (rev 300629)
@@ -78,6 +78,8 @@
   . y2k_compliance ini option. (Kalle)

 - Implemented #51295 (SQLite3::busyTimeout not existing). (Mark)
+- Implemented FR #48632 (OpenSSL AES support). (yonas dot y
+   at gmail dot com, Pierre)
 - Implemented FR #42060 (Add paged Results support). (a...@openldap.org,
   iaren...@eteo.mondragon.edu, jean...@au-fil-du.net, remy.sai...@gmail.com)


Modified: php/php-src/trunk/ext/openssl/openssl.c
===================================================================
--- php/php-src/trunk/ext/openssl/openssl.c     2010-06-21 07:30:48 UTC (rev 
300628)
+++ php/php-src/trunk/ext/openssl/openssl.c     2010-06-21 08:47:25 UTC (rev 
300629)
@@ -89,6 +89,9 @@
        PHP_OPENSSL_CIPHER_RC2_64,
        PHP_OPENSSL_CIPHER_DES,
        PHP_OPENSSL_CIPHER_3DES,
+       PHP_OPENSSL_CIPHER_AES_128_CBC,
+       PHP_OPENSSL_CIPHER_AES_192_CBC,
+       PHP_OPENSSL_CIPHER_AES_256_CBC,

        PHP_OPENSSL_CIPHER_DEFAULT = PHP_OPENSSL_CIPHER_RC2_40
 };
@@ -533,6 +536,8 @@
        int priv_key_encrypt;

        EVP_PKEY * priv_key;
+
+    const EVP_CIPHER * priv_key_encrypt_cipher;
 };
 /* }}} */

@@ -763,6 +768,9 @@
        else \
                varname = defval

+static const EVP_CIPHER * php_openssl_get_evp_cipher_from_algo(long algo);
+
+
 static int php_openssl_parse_config(struct php_x509_request * req, zval * 
optional_args TSRMLS_DC) /* {{{ */
 {
        char * str;
@@ -813,6 +821,21 @@
                        req->priv_key_encrypt = 1;
                }
        }
+
+       if (req->priv_key_encrypt && optional_args && 
zend_hash_find(Z_ARRVAL_P(optional_args), "encrypt_key_cipher", 
sizeof("encrypt_key_cipher"), (void**)&item) == SUCCESS) {
+               long cipher_algo = Z_LVAL_PP(item);
+               const EVP_CIPHER* cipher = 
php_openssl_get_evp_cipher_from_algo(cipher_algo);
+               if (cipher == NULL) {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown 
cipher algorithm for private key.");
+                       return FAILURE;
+               } else  {
+                       req->priv_key_encrypt_cipher = cipher;
+               }
+       } else {
+               req->priv_key_encrypt_cipher = NULL;
+       }
+
+

        /* digest alg */
        if (req->digest_name == NULL) {
@@ -960,6 +983,20 @@
                        return EVP_des_ede3_cbc();
                        break;
 #endif
+
+#ifndef OPENSSL_NO_AES
+               case PHP_OPENSSL_CIPHER_AES_128_CBC:
+                       return EVP_aes_128_cbc();
+                       break;
+               case PHP_OPENSSL_CIPHER_AES_192_CBC:
+                       return EVP_aes_192_cbc();
+                       break;
+               case PHP_OPENSSL_CIPHER_AES_256_CBC:
+                       return EVP_aes_256_cbc();
+                       break;
+#endif
+
+
                default:
                        return NULL;
                        break;
@@ -1039,7 +1076,12 @@
        REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_DES", PHP_OPENSSL_CIPHER_DES, 
CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_3DES", PHP_OPENSSL_CIPHER_3DES, 
CONST_CS|CONST_PERSISTENT);
 #endif
-
+#ifndef OPENSSL_NO_AES
+       REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_AES_128_CBC", 
PHP_OPENSSL_CIPHER_AES_128_CBC, CONST_CS|CONST_PERSISTENT);
+       REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_AES_192_CBC", 
PHP_OPENSSL_CIPHER_AES_192_CBC, CONST_CS|CONST_PERSISTENT);
+       REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_AES_256_CBC", 
PHP_OPENSSL_CIPHER_AES_256_CBC, CONST_CS|CONST_PERSISTENT);
+#endif
+
        /* Values for key types */
        REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_RSA", OPENSSL_KEYTYPE_RSA, 
CONST_CS|CONST_PERSISTENT);
 #ifndef NO_DSA
@@ -3014,7 +3056,11 @@
                bio_out = BIO_new_file(filename, "w");

                if (passphrase && req.priv_key_encrypt) {
-                       cipher = (EVP_CIPHER *) EVP_des_ede3_cbc();
+                       if (req.priv_key_encrypt_cipher) {
+                               cipher = req.priv_key_encrypt_cipher;
+                       } else {
+                               cipher = (EVP_CIPHER *) EVP_des_ede3_cbc();
+                       }
                } else {
                        cipher = NULL;
                }
@@ -3065,7 +3111,11 @@
                bio_out = BIO_new(BIO_s_mem());

                if (passphrase && req.priv_key_encrypt) {
-                       cipher = (EVP_CIPHER *) EVP_des_ede3_cbc();
+                       if (req.priv_key_encrypt_cipher) {
+                               cipher = req.priv_key_encrypt_cipher;
+                       } else {
+                               cipher = (EVP_CIPHER *) EVP_des_ede3_cbc();
+                       }
                } else {
                        cipher = NULL;
                }

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to