On Tuesday 23 July 2002 14:39, Wez Furlong wrote:
> Thanks for your efforts, but could you please diff against the current
> CVS version?
Here's the patch against CVS version.
--
Regards,
Arkadiusz Góralski: [EMAIL PROTECTED]
diff -Nu --recursive php4/ext/openssl/openssl.c php4-new/ext/openssl/openssl.c
--- php4/ext/openssl/openssl.c Fri Jul 12 23:46:34 2002
+++ php4-new/ext/openssl/openssl.c Tue Jul 23 17:14:26 2002
@@ -15,6 +15,8 @@
| Authors: Stig Venaas <[EMAIL PROTECTED]> |
| Wez Furlong <[EMAIL PROTECTED]> |
| Sascha Kettler <[EMAIL PROTECTED]> |
+ | Adding programming: |
+ | Norbert Mocek <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
@@ -41,6 +43,11 @@
#include <openssl/conf.h>
#include <openssl/rand.h>
+#define FORMAT_UNDEF 0
+#define FORMAT_ASN1 1
+#define FORMAT_PEM 3
+#define FORMAT_SMIME 6
+
#define DEFAULT_KEY_LENGTH 512
#define MIN_KEY_LENGTH 384
@@ -88,6 +95,10 @@
PHP_FE(openssl_csr_export, arg2_force_ref)
PHP_FE(openssl_csr_export_to_file, NULL)
PHP_FE(openssl_csr_sign, NULL)
+ PHP_FE(openssl_csr_parse, NULL)
+ PHP_FE(openssl_csr_file_verify, NULL)
+ PHP_FE(openssl_csr_verify, NULL)
+ PHP_FE(openssl_csr_get_public, NULL)
PHP_FE(openssl_sign, arg2_force_ref)
@@ -547,6 +558,9 @@
REGISTER_LONG_CONSTANT("PKCS7_NOATTR", PKCS7_NOATTR, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("PKCS7_BINARY", PKCS7_BINARY, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("FORMAT_PEM", FORMAT_PEM, CONST_CS|CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("FORMAT_SMIME", FORMAT_SMIME, CONST_CS|CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("FORMAT_DER", FORMAT_ASN1, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING",
RSA_PKCS1_PADDING,
@@ -1581,6 +1595,244 @@
PHP_SSL_REQ_DISPOSE(&req);
}
/* }}} */
+/* {{{ proto bool openssl_csr_file_verify(string filename, long inform)
+ verifies the signature on the request in file*/
+PHP_FUNCTION(openssl_csr_file_verify)
+{
+ int x509=0;
+ BIO *in=NULL,*out=NULL;
+ EVP_PKEY *pkey=NULL;
+ int i,newreq=0;
+ int kludge=0;
+ int informat,verify=1,keyform=FORMAT_PEM;
+ char *infile;
+ long infile_len;
+ X509_REQ *req=NULL;
+
+ RETVAL_LONG(-1);
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl", &infile, &infile_len,
+ &informat) == FAILURE)
+ return;
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ goto end;
+
+ if (!newreq)
+ {
+ /* Since we are using a pre-existing certificate
+ * request, the kludge 'format' info should not be
+ * changed. */
+ kludge= -1;
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1)
+ req=d2i_X509_REQ_bio(in,NULL);
+ else if (informat == FORMAT_PEM)
+ req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
+ else
+ {
+ zend_error(E_WARNING, "bad input format specified for X509 request\n");
+ RETVAL_LONG(-1);
+ goto end;
+ }
+ if (req == NULL)
+ {
+ zend_error(E_WARNING, "unable to load X509 request\n");
+ RETVAL_LONG(-1);
+ goto end;
+ }
+ }
+
+ if (verify && !x509)
+ {
+ int tmp=0;
+
+ if (pkey == NULL)
+ {
+ pkey=X509_REQ_get_pubkey(req);
+ tmp=1;
+ if (pkey == NULL) goto end;
+ }
+
+ i=X509_REQ_verify(req,pkey);
+ if (tmp) {
+ EVP_PKEY_free(pkey);
+ pkey=NULL;
+ }
+
+ if (i < 0)
+ {
+ goto end;
+ }
+ else if (i == 0)
+ {
+ zend_error(E_WARNING, "verify failure\n");
+ RETVAL_LONG(-1);
+ }
+ else /* if (i > 0) */
+ RETVAL_TRUE;
+ }
+
+end:
+ EVP_PKEY_free(pkey);
+ X509_REQ_free(req);
+}
+/* }}} */
+
+/* {{{ proto bool openssl_csr_verify(mixed csr)
+ verifies the signature on the request*/
+PHP_FUNCTION(openssl_csr_verify)
+{
+ int x509=0;
+ zval * zcsr;
+ BIO *in=NULL,*out=NULL;
+ EVP_PKEY *pkey=NULL;
+ int i,newreq=0;
+ int kludge=0;
+ int informat,verify=1,keyform=FORMAT_PEM;
+ char *infile;
+ long infile_len;
+ X509_REQ *req=NULL;
+ long csr_resource = -1;
+ char *bio_mem_ptr;
+ long bio_mem_len;
+
+ RETVAL_LONG(-1);
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &zcsr) == FAILURE)
+ return;
+
+ req = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC);
+ if (req == NULL) {
+ zend_error(E_WARNING, "cannot get CSR from parameter 1");
+ return;
+ }
+
+
+ if (verify && !x509)
+ {
+ int tmp=0;
+
+ if (pkey == NULL)
+ {
+ pkey=X509_REQ_get_pubkey(req);
+ tmp=1;
+ if (pkey == NULL) goto end;
+ }
+
+ i=X509_REQ_verify(req,pkey);
+ if (tmp) {
+ EVP_PKEY_free(pkey);
+ pkey=NULL;
+ }
+
+ if (i < 0)
+ {
+ goto end;
+ }
+ else if (i == 0)
+ {
+ zend_error(E_WARNING, "verify failure\n");
+ RETVAL_LONG(-1);
+ }
+ else /* if (i > 0) */
+ RETVAL_TRUE;
+ }
+
+end:
+ RETVAL_TRUE;
+
+}
+/* }}} */
+
+/* {{{ proto array openssl_csr_parse(mixed csr [, bool shortnames=true])
+ Returns an array of the fields/values of the csr */
+PHP_FUNCTION(openssl_csr_parse)
+{
+ zval * zreq;
+ X509_REQ *req=NULL;
+ long reqresource = -1;
+ zend_bool useshortnames = 1;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|b", &zreq, &useshortnames) == FAILURE)
+ return;
+
+ req = php_openssl_csr_from_zval(&zreq, 0, &reqresource TSRMLS_CC);
+ if (req == NULL)
+ RETURN_FALSE;
+
+ array_init(return_value);
+
+ add_assoc_long(return_value, "version", X509_REQ_get_version(req));
+ add_assoc_name_entry(return_value, "subject", X509_REQ_get_subject_name(req), useshortnames TSRMLS_CC);
+
+ if (reqresource == -1 && req)
+ X509_REQ_free(req);
+}
+/* }}} */
+
+/* {{{ proto bool openssl_csr_get_public(mixed csr, mixed publickey)
+ Gets public key from csr*/
+PHP_FUNCTION(openssl_csr_get_public)
+{
+ zval *zcsr, *zpublickey;
+ EVP_PKEY *pkey;
+ X509_REQ *req=NULL;
+ long csr_resource = -1;
+ unsigned char *publickeybuf = 0;
+ long publickeylen = -1;
+ char* publickey= 0;
+
+ RETVAL_LONG(-1);
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &zcsr, &zpublickey) == FAILURE)
+ return;
+
+ req = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC);
+ if (req == NULL) {
+ zend_error(E_WARNING, "cannot get CSR from parameter 1");
+ return;
+ }
+
+ pkey=X509_REQ_get_pubkey(req);
+
+ if (pkey == NULL) {
+ zend_error(E_WARNING, "cannot get public key from csr");
+ RETURN_FALSE;
+ }
+
+ {
+ BIO * oid_bio = BIO_new(BIO_s_mem());
+ char *bio_mem_ptr;
+ long bio_mem_len;
+
+ PEM_write_bio_PUBKEY(oid_bio, pkey);
+
+ bio_mem_len = BIO_get_mem_data(oid_bio, &bio_mem_ptr);
+ zval_dtor(zpublickey);
+ ZVAL_STRINGL(zpublickey, bio_mem_ptr, bio_mem_len, 1);
+
+ if (oid_bio)
+ BIO_free(oid_bio);
+ }
+
+ if(pkey)
+ EVP_PKEY_free(pkey);
+ RETVAL_TRUE;
+}
+/* }}} */
/* }}} */
@@ -1951,12 +2203,16 @@
char * filename; long filename_len;
char * extracerts = NULL; long extracerts_len;
char * signersfilename = NULL; long signersfilename_len;
+ char *contfile=NULL; long contfile_len;
+ int informat = FORMAT_SMIME;
RETVAL_LONG(-1);
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sas", &filename, &filename_len,
- &flags, &signersfilename, &signersfilename_len, &cainfo,
- &extracerts, &extracerts_len) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sll|ssas", &filename,
+ &filename_len, &informat, &flags, &contfile, &contfile_len,
+ &signersfilename, &signersfilename_len, &cainfo,
+ &extracerts, &extracerts_len) == FAILURE)
+
return;
if (extracerts) {
@@ -1975,7 +2231,17 @@
in = BIO_new_file(filename, (flags & PKCS7_BINARY) ? "rb" : "r");
if (in == NULL)
goto clean_exit;
- p7 = SMIME_read_PKCS7(in, &datain);
+ if(informat == FORMAT_SMIME)
+ p7 = SMIME_read_PKCS7(in, &datain);
+ else if(informat == FORMAT_PEM)
+ p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+ else if(informat == FORMAT_ASN1)
+ p7 = d2i_PKCS7_bio(in, NULL);
+ else {
+ zend_error(E_WARNING, "Bad input format for PKCS#7 file\n");
+ RETVAL_LONG(-1);
+ goto clean_exit;
+ }
if (p7 == NULL) {
#if DEBUG_SMIME
zend_printf("SMIME_read_PKCS7 failed\n");
@@ -1986,7 +2252,16 @@
zend_printf("Calling PKCS7 verify\n");
#endif
- if (PKCS7_verify(p7, others, store, datain, NULL, flags)) {
+ if(contfile_len > 0 && contfile) {
+ BIO_free(datain);
+ if(!(datain = BIO_new_file(contfile, "rb"))) {
+ zend_error(E_WARNING, "Can't read content file %s\n", contfile);
+ RETVAL_LONG(-1);
+ goto clean_exit;
+ }
+ }
+
+ if (PKCS7_verify(p7, others, store, datain, NULL, flags)) {
RETVAL_TRUE;
@@ -2353,7 +2628,7 @@
zval_dtor(crypted);
cryptedbuf[cryptedlen] = '\0';
ZVAL_STRINGL(crypted, cryptedbuf, cryptedlen, 0);
- cryptedbuf = NULL;
+ /* cryptedbuf = NULL; */
RETVAL_TRUE;
}
if (cryptedbuf)
diff -Nu --recursive php4/ext/openssl/php_openssl.h php4-new/ext/openssl/php_openssl.h
--- php4/ext/openssl/php_openssl.h Tue Dec 11 16:30:02 2001
+++ php4-new/ext/openssl/php_openssl.h Tue Jul 23 17:25:15 2002
@@ -64,7 +64,10 @@
PHP_FUNCTION(openssl_csr_export);
PHP_FUNCTION(openssl_csr_export_to_file);
PHP_FUNCTION(openssl_csr_sign);
-
+PHP_FUNCTION(openssl_csr_file_verify);
+PHP_FUNCTION(openssl_csr_verify);
+PHP_FUNCTION(openssl_csr_parse);
+PHP_FUNCTION(openssl_csr_get_public);
#else
#define phpext_openssl_ptr NULL
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
