[PHP-DEV] New OpenSSL fuctions

Arkadiusz Góralski Tue, 23 Jul 2002 04:40:43 -0700

Added:
New functions for certificate signed requests:
openssl_csr_file_verify
openssl_csr_verify
openssl_csr_parse
openssl_csr_get_public


Changed:
openssl_pkcs7_verify to accept DER and PEM formats.

-- 
Regards,
Arkadiusz Góralski: [EMAIL PROTECTED]

diff -Nu --recursive php-4.2.2/ext/openssl/openssl.c php-4.2.2-new/ext/openssl/openssl.c
--- php-4.2.2/ext/openssl/openssl.c	Wed May  1 10:22:56 2002
+++ php-4.2.2-new/ext/openssl/openssl.c	Tue Jul 23 08:44:38 2002
@@ -15,6 +15,8 @@
    | Authors: Stig Venaas <[EMAIL PROTECTED]>                                |
    |          Wez Furlong <[EMAIL PROTECTED]>                          |
    |          Sascha Kettler <[EMAIL PROTECTED]>                            |
+   | Additional programming:						  |
+   |		  Norbert Mocek <[EMAIL PROTECTED]>			  |
    +----------------------------------------------------------------------+
  */
 
@@ -39,12 +41,16 @@
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/conf.h>
-#include <openssl/e_os.h>
+#include <openssl/e_os2.h>
 #include <openssl/rand.h>
 
 #define DEFAULT_KEY_LENGTH	512
 #define MIN_KEY_LENGTH		384
 
+#define FORMAT_UNDEF    0
+#define FORMAT_ASN1     1
+#define FORMAT_PEM      3
+#define FORMAT_SMIME    6 
 
 #define DEBUG_SMIME	0
 
@@ -89,6 +95,10 @@
 	PHP_FE(openssl_csr_export,			arg2_force_ref)
 	PHP_FE(openssl_csr_export_to_file,	NULL)
 	PHP_FE(openssl_csr_sign,			NULL)
+	PHP_FE(openssl_csr_parse,	  	  NULL)
+	PHP_FE(openssl_csr_file_verify,	  	  NULL)
+	PHP_FE(openssl_csr_verify,	  	  NULL)
+	PHP_FE(openssl_csr_get_public,		NULL)
 
 	
 	PHP_FE(openssl_sign,               arg2_force_ref)
@@ -109,6 +119,7 @@
 
 	PHP_FE(openssl_error_string, NULL)
 	{NULL, NULL, NULL}
+
 };
 /* }}} */
 
@@ -545,6 +556,9 @@
 	REGISTER_LONG_CONSTANT("PKCS7_NOCERTS", PKCS7_NOCERTS, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("PKCS7_NOATTR", PKCS7_NOATTR, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("PKCS7_BINARY", PKCS7_BINARY, CONST_CS|CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("FORMAT_PEM", FORMAT_PEM, CONST_CS|CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("FORMAT_SMIME", FORMAT_SMIME, CONST_CS|CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("FORMAT_DER", FORMAT_ASN1, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);
 
  	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", 
@@ -1579,6 +1593,247 @@
 }
 /* }}} */
 
+/* {{{ proto bool openssl_csr_file_verify(string filename, long inform)
+	verifies the signature on the request in file*/
+PHP_FUNCTION(openssl_csr_file_verify)
+{
+	int x509=0;
+	BIO *in=NULL,*out=NULL;
+	EVP_PKEY *pkey=NULL;
+	int i,newreq=0;
+	int kludge=0;
+	int informat,verify=1,keyform=FORMAT_PEM;
+	char *infile;
+	long infile_len;
+	X509_REQ *req=NULL;
+
+	RETVAL_LONG(-1);
+
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl", &infile, &infile_len,
+				&informat) == FAILURE)
+		return;
+
+	in=BIO_new(BIO_s_file());
+	out=BIO_new(BIO_s_file());
+	if ((in == NULL) || (out == NULL))
+		goto end;
+
+	if (!newreq)
+		{
+		/* Since we are using a pre-existing certificate
+		 * request, the kludge 'format' info should not be
+		 * changed. */
+		kludge= -1;
+		if (infile == NULL)
+			BIO_set_fp(in,stdin,BIO_NOCLOSE);
+		else
+			{
+			if (BIO_read_filename(in,infile) <= 0)
+				{
+				perror(infile);
+				goto end;
+				}
+			}
+
+		if	(informat == FORMAT_ASN1)
+			req=d2i_X509_REQ_bio(in,NULL);
+		else if (informat == FORMAT_PEM)
+			req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
+		else
+			{
+			zend_error(E_WARNING, "bad input format specified for X509 request\n");
+			RETVAL_LONG(-1);
+			goto end;
+			}
+		if (req == NULL)
+			{
+			zend_error(E_WARNING, "unable to load X509 request\n");
+			RETVAL_LONG(-1);
+			goto end;
+			}
+		}
+
+	if (verify && !x509)
+		{
+		int tmp=0;
+
+		if (pkey == NULL)
+			{
+			pkey=X509_REQ_get_pubkey(req);
+			tmp=1;
+			if (pkey == NULL) goto end;
+			}
+
+		i=X509_REQ_verify(req,pkey);
+		if (tmp) {
+			EVP_PKEY_free(pkey);
+			pkey=NULL;
+		}
+
+		if (i < 0)
+			{
+			goto end;
+			}
+		else if (i == 0)
+			{
+			zend_error(E_WARNING, "verify failure\n");
+			RETVAL_LONG(-1);
+			}
+		else /* if (i > 0) */
+			RETVAL_TRUE;
+		}
+
+end:
+	EVP_PKEY_free(pkey);
+	X509_REQ_free(req);
+}
+/* }}} */
+
+/* {{{ proto bool openssl_csr_verify(mixed csr)
+	verifies the signature on the request*/
+PHP_FUNCTION(openssl_csr_verify)
+{
+	int x509=0;
+	zval * zcsr;
+	BIO *in=NULL,*out=NULL;
+	EVP_PKEY *pkey=NULL;
+	int i,newreq=0;
+	int kludge=0;
+	int informat,verify=1,keyform=FORMAT_PEM;
+	char *infile;
+	long infile_len;
+	X509_REQ *req=NULL;
+	long csr_resource = -1;
+	char *bio_mem_ptr;
+	long bio_mem_len;
+
+	RETVAL_LONG(-1);
+
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &zcsr) == FAILURE)
+		return;
+
+	req = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC);
+	if (req == NULL)	{
+		zend_error(E_WARNING, "cannot get CSR from parameter 1");
+		return;
+	}
+
+	
+	if (verify && !x509)
+		{
+		int tmp=0;
+
+		if (pkey == NULL)
+			{
+			pkey=X509_REQ_get_pubkey(req);
+			tmp=1;
+			if (pkey == NULL) goto end;
+			}
+
+		i=X509_REQ_verify(req,pkey);
+		if (tmp) {
+			EVP_PKEY_free(pkey);
+			pkey=NULL;
+		}
+
+		if (i < 0)
+			{
+			goto end;
+			}
+		else if (i == 0)
+			{
+			zend_error(E_WARNING, "verify failure\n");
+			RETVAL_LONG(-1);
+			}
+		else /* if (i > 0) */
+			RETVAL_TRUE;
+		}
+
+end:
+	RETVAL_TRUE;
+	
+}
+/* }}} */
+
+/* {{{ proto array openssl_csr_parse(mixed csr [, bool shortnames=true])
+   Returns an array of the fields/values of the csr */
+PHP_FUNCTION(openssl_csr_parse)
+{
+	zval * zreq;
+	X509_REQ *req=NULL;
+	long reqresource = -1;
+	zend_bool useshortnames = 1;
+
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|b", &zreq, &useshortnames) == FAILURE)
+		return;
+	
+	req = php_openssl_csr_from_zval(&zreq, 0, &reqresource TSRMLS_CC);
+	if (req == NULL)
+		RETURN_FALSE;
+
+	array_init(return_value);
+
+	add_assoc_long(return_value, "version", 			X509_REQ_get_version(req));
+	add_assoc_name_entry(return_value, "subject", 		X509_REQ_get_subject_name(req), useshortnames TSRMLS_CC);
+
+	if (reqresource == -1 && req)
+		X509_REQ_free(req);
+}
+/* }}} */
+
+/* {{{ proto bool openssl_csr_get_public(mixed csr, mixed publickey)
+   Gets public key from csr*/
+PHP_FUNCTION(openssl_csr_get_public)
+{
+	zval *zcsr, *zpublickey;
+	EVP_PKEY *pkey;
+	X509_REQ *req=NULL;
+	long csr_resource = -1;
+	unsigned char *publickeybuf = 0;
+	long publickeylen = -1;
+	char* publickey= 0;
+
+	RETVAL_LONG(-1);
+
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &zcsr, &zpublickey) == FAILURE)
+		return;
+
+	req = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC);
+	if (req == NULL)	{
+		zend_error(E_WARNING, "cannot get CSR from parameter 1");
+		return;
+	}
+
+	pkey=X509_REQ_get_pubkey(req);
+
+	if (pkey == NULL) {
+		zend_error(E_WARNING, "cannot get public key from csr");
+		RETURN_FALSE;
+	}
+
+	{
+		BIO * oid_bio = BIO_new(BIO_s_mem());
+		char *bio_mem_ptr;
+		long bio_mem_len;
+	
+		PEM_write_bio_PUBKEY(oid_bio, pkey); 	
+
+		bio_mem_len = BIO_get_mem_data(oid_bio, &bio_mem_ptr);
+		zval_dtor(zpublickey);
+		ZVAL_STRINGL(zpublickey, bio_mem_ptr, bio_mem_len, 1);
+		
+		if (oid_bio)
+			BIO_free(oid_bio);
+	}	
+
+	if(pkey)
+		EVP_PKEY_free(pkey);
+
+	RETVAL_TRUE;
+}
+/* }}} */
+
+
 /* }}} */
 
 /* {{{ EVP Public/Private key functions */
@@ -1934,7 +2189,7 @@
 
 /* {{{ PKCS7 S/MIME functions */
 
-/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string signerscerts [, array cainfo [, string extracerts]]])
+/* {{{ proto bool openssl_pkcs7_verify(string filename, long inform, long flags [, string content [, string signerscerts [, array cainfo [, string extracerts]]]])
    Verifys that the data block is intact, the signer is who they say they are, and returns the CERTs of the signers */
 PHP_FUNCTION(openssl_pkcs7_verify)
 {
@@ -1948,11 +2203,14 @@
 	char * filename; long filename_len;
 	char * extracerts = NULL; long extracerts_len;
 	char * signersfilename = NULL; long signersfilename_len;
+	char *contfile=NULL; long contfile_len;
+	int informat = FORMAT_SMIME;
 	
 	RETVAL_LONG(-1);
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sas", &filename, &filename_len,
-				&flags, &signersfilename, &signersfilename_len, &cainfo,
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sll|ssas", &filename, &filename_len,
+				&informat, &flags, &contfile, &contfile_len,
+				&signersfilename, &signersfilename_len, &cainfo,
 				&extracerts, &extracerts_len) == FAILURE)
 		return;
 	
@@ -1972,7 +2230,19 @@
 	in = BIO_new_file(filename, (flags & PKCS7_BINARY) ? "rb" : "r");
 	if (in == NULL)
 		goto clean_exit;
-	p7 = SMIME_read_PKCS7(in, &datain);
+
+	if(informat == FORMAT_SMIME) 
+		p7 = SMIME_read_PKCS7(in, &datain);
+	else if(informat == FORMAT_PEM) 
+		p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+	else if(informat ==  FORMAT_ASN1) 
+		p7 = d2i_PKCS7_bio(in, NULL);
+	else {
+		zend_error(E_WARNING, "Bad input format for PKCS#7 file\n");
+		RETVAL_LONG(-1);
+		goto clean_exit;
+	}
+
 	if (p7 == NULL)	{
 #if DEBUG_SMIME
 		zend_printf("SMIME_read_PKCS7 failed\n");
@@ -1983,7 +2253,16 @@
 	zend_printf("Calling PKCS7 verify\n");
 #endif
 
-	if (PKCS7_verify(p7, others, store, datain, NULL, flags))	{
+		if(contfile_len > 0 && contfile) {
+			BIO_free(datain);
+			if(!(datain = BIO_new_file(contfile, "rb"))) {
+				zend_error(E_WARNING, "Can't read content file %s\n", contfile);
+				RETVAL_LONG(-1);
+				goto clean_exit;
+			}
+		} 
+		
+		if (PKCS7_verify(p7, others, store, datain, NULL, flags))	{
 
 		RETVAL_TRUE;
 
@@ -2414,7 +2693,7 @@
 		zval_dtor(crypted);
 		cryptedbuf[cryptedlen] = '\0';
 		ZVAL_STRINGL(crypted, cryptedbuf, cryptedlen, 0);
-		cryptedbuf = NULL;
+		//cryptedbuf = NULL;
 		RETVAL_TRUE;
 	}
 
@@ -2438,7 +2717,7 @@
 	long padding = RSA_PKCS1_PADDING;
 	char * data;
 	long data_len;
-	
+
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz|l", &data, &data_len, &crypted, &key, &padding) == FAILURE)
 		return;
 
@@ -2831,6 +3110,8 @@
 }
 /* }}} */
 
+
+
 /*
  * Local variables:
  * tab-width: 8
diff -Nu --recursive php-4.2.2/ext/openssl/php_openssl.h php-4.2.2-new/ext/openssl/php_openssl.h
--- php-4.2.2/ext/openssl/php_openssl.h	Tue Dec 11 16:30:02 2001
+++ php-4.2.2-new/ext/openssl/php_openssl.h	Tue Jul 23 08:29:03 2002
@@ -14,6 +14,8 @@
    +----------------------------------------------------------------------+
    | Authors: Stig Venaas <[EMAIL PROTECTED]>                                |
    |          Wez Furlong <[EMAIL PROTECTED]                           |
+   | Additional programming:						  |
+   |		  Norbert Mocek <[EMAIL PROTECTED]>			  |
    +----------------------------------------------------------------------+
  */
 
@@ -64,6 +66,10 @@
 PHP_FUNCTION(openssl_csr_export);
 PHP_FUNCTION(openssl_csr_export_to_file);
 PHP_FUNCTION(openssl_csr_sign);
+PHP_FUNCTION(openssl_csr_file_verify);
+PHP_FUNCTION(openssl_csr_verify);
+PHP_FUNCTION(openssl_csr_parse);
+PHP_FUNCTION(openssl_csr_get_public);
 
 #else

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] New OpenSSL fuctions

Reply via email to