Re: [PHP-CVS] cvs: php-src /ext/openssl openssl.c
I guess this does not happen in PHP_5_2..? --Jani Pierre-Alain Joye wrote: pajoye Mon Jul 6 23:36:56 2009 UTC Modified files: /php-src/ext/openssl openssl.c Log: - #48116, fix build with openssl 1.0 http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.181r2=1.182diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.181 php-src/ext/openssl/openssl.c:1.182 --- php-src/ext/openssl/openssl.c:1.181 Mon Apr 20 09:43:45 2009 +++ php-src/ext/openssl/openssl.c Mon Jul 6 23:36:56 2009 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.181 2009/04/20 09:43:45 mkoppanen Exp $ */ +/* $Id: openssl.c,v 1.182 2009/07/06 23:36:56 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -484,8 +484,13 @@ static char default_ssl_conf_filename[MAXPATHLEN]; struct php_x509_request { /* {{{ */ - LHASH * global_config; /* Global SSL config */ - LHASH * req_config; /* SSL config for this request */ +#if OPENSSL_VERSION_NUMBER = 0x1002L + LHASH_OF(CONF_VALUE) * global_config; /* Global SSL config */ + LHASH_OF(CONF_VALUE) * req_config; /* SSL config for this request */ +#else + LHASH * global_config; /* Global SSL config */ + LHASH * req_config; /* SSL config for this request */ +#endif const EVP_MD * md_alg; const EVP_MD * digest; char* section_name, @@ -674,7 +679,11 @@ } /* }}} */ +#if OPENSSL_VERSION_NUMBER = 0x1002L +static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH_OF(CONF_VALUE) * config TSRMLS_DC) /* {{{ */ +#else static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH * config TSRMLS_DC) /* {{{ */ +#endif { X509V3_CTX ctx; @@ -1177,8 +1186,7 @@ if (in == NULL) { return NULL; } - - cert = (X509 *) PEM_ASN1_read_bio((char *(*)())d2i_X509, PEM_STRING_X509, in, NULL, NULL, NULL); + cert = (X509 *) PEM_ASN1_read_bio((d2i_of_void *)d2i_X509, PEM_STRING_X509, in, NULL, NULL, NULL); BIO_free(in); } if (cert makeresource resourceval) { @@ -2931,8 +2939,7 @@ case EVP_PKEY_RSA: case EVP_PKEY_RSA2: assert(pkey-pkey.rsa != NULL); - - if (NULL == pkey-pkey.rsa-p || NULL == pkey-pkey.rsa-q) { + if (pkey-pkey.rsa != NULL (NULL == pkey-pkey.rsa-p || NULL == pkey-pkey.rsa-q)) { return 0; } break; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Mon Jul 6 23:36:56 2009 UTC Modified files: /php-src/ext/opensslopenssl.c Log: - #48116, fix build with openssl 1.0 http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.181r2=1.182diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.181 php-src/ext/openssl/openssl.c:1.182 --- php-src/ext/openssl/openssl.c:1.181 Mon Apr 20 09:43:45 2009 +++ php-src/ext/openssl/openssl.c Mon Jul 6 23:36:56 2009 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.181 2009/04/20 09:43:45 mkoppanen Exp $ */ +/* $Id: openssl.c,v 1.182 2009/07/06 23:36:56 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -484,8 +484,13 @@ static char default_ssl_conf_filename[MAXPATHLEN]; struct php_x509_request { /* {{{ */ - LHASH * global_config; /* Global SSL config */ - LHASH * req_config; /* SSL config for this request */ +#if OPENSSL_VERSION_NUMBER = 0x1002L + LHASH_OF(CONF_VALUE) * global_config; /* Global SSL config */ + LHASH_OF(CONF_VALUE) * req_config; /* SSL config for this request */ +#else + LHASH * global_config; /* Global SSL config */ + LHASH * req_config; /* SSL config for this request */ +#endif const EVP_MD * md_alg; const EVP_MD * digest; char* section_name, @@ -674,7 +679,11 @@ } /* }}} */ +#if OPENSSL_VERSION_NUMBER = 0x1002L +static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH_OF(CONF_VALUE) * config TSRMLS_DC) /* {{{ */ +#else static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH * config TSRMLS_DC) /* {{{ */ +#endif { X509V3_CTX ctx; @@ -1177,8 +1186,7 @@ if (in == NULL) { return NULL; } - - cert = (X509 *) PEM_ASN1_read_bio((char *(*)())d2i_X509, PEM_STRING_X509, in, NULL, NULL, NULL); + cert = (X509 *) PEM_ASN1_read_bio((d2i_of_void *)d2i_X509, PEM_STRING_X509, in, NULL, NULL, NULL); BIO_free(in); } if (cert makeresource resourceval) { @@ -2931,8 +2939,7 @@ case EVP_PKEY_RSA: case EVP_PKEY_RSA2: assert(pkey-pkey.rsa != NULL); - - if (NULL == pkey-pkey.rsa-p || NULL == pkey-pkey.rsa-q) { + if (pkey-pkey.rsa != NULL (NULL == pkey-pkey.rsa-p || NULL == pkey-pkey.rsa-q)) { return 0; } break; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
mkoppanen Mon Apr 20 09:43:45 2009 UTC Modified files: /php-src/ext/opensslopenssl.c Log: Closes #47991 SSL streams fail if error stack contains items http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.180r2=1.181diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.180 php-src/ext/openssl/openssl.c:1.181 --- php-src/ext/openssl/openssl.c:1.180 Sun Mar 29 23:32:17 2009 +++ php-src/ext/openssl/openssl.c Mon Apr 20 09:43:45 2009 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.180 2009/03/29 23:32:17 scottmac Exp $ */ +/* $Id: openssl.c,v 1.181 2009/04/20 09:43:45 mkoppanen Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -4628,6 +4628,7 @@ char *cipherlist = NULL; int ok = 1; + ERR_clear_error(); /* look at context options in the stream and set appropriate verification flags */ if (GET_VER_OPT(verify_peer) zval_is_true(*val)) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/openssl openssl.c
hi Scott, How did you reproduce the crash (ssl version, and with which input or config)? Please add a test case. Also please keep an eye on the assign field of a bug report, it is here for good reasons. Cheers, On Mon, Mar 30, 2009 at 1:32 AM, Scott MacVicar scott...@php.net wrote: scottmac Sun Mar 29 23:32:17 2009 UTC Modified files: /php-src/ext/openssl openssl.c Log: Fix bug #47828 - Converting to UTF-8 can sometimes fail, check error codes and avoid segfault. http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.179r2=1.180diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.179 php-src/ext/openssl/openssl.c:1.180 --- php-src/ext/openssl/openssl.c:1.179 Tue Mar 10 23:39:27 2009 +++ php-src/ext/openssl/openssl.c Sun Mar 29 23:32:17 2009 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.179 2009/03/10 23:39:27 helly Exp $ */ +/* $Id: openssl.c,v 1.180 2009/03/29 23:32:17 scottmac Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -557,10 +557,12 @@ str = X509_NAME_ENTRY_get_data(ne); if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) { to_add_len = ASN1_STRING_to_UTF8(to_add, str); - add_next_index_utf8_stringl(subentries, (char *)to_add, to_add_len, 1); } else { to_add = ASN1_STRING_data(str); to_add_len = ASN1_STRING_length(str); + } + + if (to_add_len != -1) { add_next_index_utf8_stringl(subentries, (char *)to_add, to_add_len, 1); } } @@ -573,7 +575,7 @@ } else { zval_dtor(subentries); FREE_ZVAL(subentries); - if (obj_cnt str) { + if (obj_cnt str to_add_len != -1) { add_ascii_assoc_utf8_stringl(subitem, sname, (char *)to_add, to_add_len, 1); } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Pierre http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
scottmacSun Mar 29 23:32:17 2009 UTC Modified files: /php-src/ext/opensslopenssl.c Log: Fix bug #47828 - Converting to UTF-8 can sometimes fail, check error codes and avoid segfault. http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.179r2=1.180diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.179 php-src/ext/openssl/openssl.c:1.180 --- php-src/ext/openssl/openssl.c:1.179 Tue Mar 10 23:39:27 2009 +++ php-src/ext/openssl/openssl.c Sun Mar 29 23:32:17 2009 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.179 2009/03/10 23:39:27 helly Exp $ */ +/* $Id: openssl.c,v 1.180 2009/03/29 23:32:17 scottmac Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -557,10 +557,12 @@ str = X509_NAME_ENTRY_get_data(ne); if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) { to_add_len = ASN1_STRING_to_UTF8(to_add, str); - add_next_index_utf8_stringl(subentries, (char *)to_add, to_add_len, 1); } else { to_add = ASN1_STRING_data(str); to_add_len = ASN1_STRING_length(str); + } + + if (to_add_len != -1) { add_next_index_utf8_stringl(subentries, (char *)to_add, to_add_len, 1); } } @@ -573,7 +575,7 @@ } else { zval_dtor(subentries); FREE_ZVAL(subentries); - if (obj_cnt str) { + if (obj_cnt str to_add_len != -1) { add_ascii_assoc_utf8_stringl(subitem, sname, (char *)to_add, to_add_len, 1); } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests openssl_random_pseudo_bytes.phpt
scottmacMon Nov 17 21:54:20 2008 UTC Added files: /php-src/ext/openssl/tests openssl_random_pseudo_bytes.phpt Modified files: /php-src/ext/opensslopenssl.c Log: Add openssl_random_pseudo_bytes() in order to expose access to a PRG, this wraps around whatever the OS provides. - OpenBSD uses arc4random() - Windows uses the Windows Crypto API - FreeBSD, Linux, etc use /dev/random or /dev/urandom if available [DOC] http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.175r2=1.176diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.175 php-src/ext/openssl/openssl.c:1.176 --- php-src/ext/openssl/openssl.c:1.175 Mon Nov 17 11:26:22 2008 +++ php-src/ext/openssl/openssl.c Mon Nov 17 21:54:20 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.175 2008/11/17 11:26:22 felipe Exp $ */ +/* $Id: openssl.c,v 1.176 2008/11/17 21:54:20 scottmac Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -91,6 +91,7 @@ PHP_FUNCTION(openssl_decrypt); PHP_FUNCTION(openssl_dh_compute_key); +PHP_FUNCTION(openssl_random_pseudo_bytes); /* {{{ arginfo */ ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_x509_export_to_file, 0, 0, 2) @@ -349,6 +350,11 @@ ZEND_ARG_INFO(0, pub_key) ZEND_ARG_INFO(0, dh_key) ZEND_END_ARG_INFO() + +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_random_pseudo_bytes, 0, 0, 1) +ZEND_ARG_INFO(0, length) +ZEND_ARG_INFO(1, returned_strong_result) +ZEND_END_ARG_INFO() /* }}} */ /* {{{ openssl_functions[] @@ -413,6 +419,7 @@ PHP_FE(openssl_dh_compute_key, arginfo_openssl_dh_compute_key) + PHP_FE(openssl_random_pseudo_bytes, arginfo_openssl_random_pseudo_bytes) PHP_FE(openssl_error_string, arginfo_openssl_error_string) {NULL, NULL, NULL} }; @@ -4968,6 +4975,52 @@ } /* }}} */ +/* {{{ proto string openssl_random_pseudo_bytes(integer length [, bool returned_strong_result]) U + Returns a string of the length specified filled with random pseudo bytes */ +PHP_FUNCTION(openssl_random_pseudo_bytes) +{ + long buffer_length; + unsigned char *buffer = NULL; + zval *zstrong_result_returned = NULL; + int strong_result = 0; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, l|z, buffer_length, zstrong_result_returned) == FAILURE) { + return; + } + + if (buffer_length = 0) { + RETURN_FALSE; + } + + if (zstrong_result_returned) { + zval_dtor(zstrong_result_returned); + ZVAL_BOOL(zstrong_result_returned, 0); + } + + buffer = emalloc(buffer_length); + + if (!buffer) { + RETURN_FALSE; + } + +#ifdef WINDOWS +RAND_screen(); +#endif + + if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) 0) { + RETVAL_FALSE; + } else { + RETVAL_STRINGL((char *)buffer, buffer_length, 1); + + if (zstrong_result_returned) { + ZVAL_BOOL(zstrong_result_returned, strong_result); + } + + } + efree(buffer); +} +/* }}} */ + /* * Local variables: * tab-width: 8 http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/openssl_random_pseudo_bytes.phpt?view=markuprev=1.1 Index: php-src/ext/openssl/tests/openssl_random_pseudo_bytes.phpt +++ php-src/ext/openssl/tests/openssl_random_pseudo_bytes.phpt --TEST-- openssl_random_pseudo_bytes() tests --SKIPIF-- ?php if (!extension_loaded(openssl)) print skip; ? --FILE-- ?php for ($i = 0; $i 10; $i++) { var_dump(bin2hex(openssl_random_pseudo_bytes($i, $strong))); } ? --EXPECTF-- unicode(0) unicode(2) %s unicode(4) %s unicode(6) %s unicode(8) %s unicode(10) %s unicode(12) %s unicode(14) %s unicode(16) %s unicode(18) %s -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug41033.pem bug41033.phpt bug41033pub.pem
pajoye Tue Nov 18 02:12:48 2008 UTC Modified files: /php-src/ext/opensslopenssl.c /php-src/ext/openssl/tests bug41033.pem bug41033.phpt bug41033pub.pem Log: - MFB: #41033, enable signing with DSA keys http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.176r2=1.177diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.176 php-src/ext/openssl/openssl.c:1.177 --- php-src/ext/openssl/openssl.c:1.176 Mon Nov 17 21:54:20 2008 +++ php-src/ext/openssl/openssl.c Tue Nov 18 02:12:47 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.176 2008/11/17 21:54:20 scottmac Exp $ */ +/* $Id: openssl.c,v 1.177 2008/11/18 02:12:47 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -55,7 +55,7 @@ #define OPENSSL_ALGO_MD5 2 #define OPENSSL_ALGO_MD4 3 #define OPENSSL_ALGO_MD2 4 - +#define OPENSSL_ALGO_DSS1 5 #define DEBUG_SMIME0 /* FIXME: Use the openssl constants instead of @@ -904,6 +904,9 @@ case OPENSSL_ALGO_MD2: mdtype = (EVP_MD *) EVP_md2(); break; + case OPENSSL_ALGO_DSS1: + mdtype = (EVP_MD *) EVP_dss1(); + break; default: return NULL; break; @@ -983,6 +986,7 @@ REGISTER_LONG_CONSTANT(OPENSSL_ALGO_MD5, OPENSSL_ALGO_MD5, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT(OPENSSL_ALGO_MD4, OPENSSL_ALGO_MD4, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT(OPENSSL_ALGO_MD2, OPENSSL_ALGO_MD2, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT(OPENSSL_ALGO_DSS1, OPENSSL_ALGO_DSS1, CONST_CS|CONST_PERSISTENT); /* flags for S/MIME */ REGISTER_LONG_CONSTANT(PKCS7_DETACHED, PKCS7_DETACHED, CONST_CS|CONST_PERSISTENT); http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug41033.pem?r1=1.1r2=1.2diff_format=u Index: php-src/ext/openssl/tests/bug41033.pem diff -u /dev/null php-src/ext/openssl/tests/bug41033.pem:1.2 --- /dev/null Tue Nov 18 02:12:48 2008 +++ php-src/ext/openssl/tests/bug41033.pem Tue Nov 18 02:12:48 2008 @@ -0,0 +1,12 @@ +-BEGIN DSA PRIVATE KEY- +MIIBuwIBAAKBgQCrQ/By/Y5OQRmmc/e+W+eFVoeR5y8WPOkykwS2hc21aSNY5X3q +8ZHdV467thFd/QCoR55hHTRGRbYmfOkXSiscotU08ISlxIH39EEhFSzwqzkxFfak +cgHEu41AUOIfJ2Dz+vcmuasME159pDP0d0gt55pKRPcXoh916p2VS/FBiQIVAMnQ +C6W+K1brelHqpUqwQ1cdNJklAoGAN858gG/UIF+U3CYTcgl5/OUAqOzvitMV2ue+ +AkDEkGNEZs3KUAjpqHduf1E3znl7hJJIRr+33sul9USxn0vczDBkEJPralQjNX2C +dnYKDDhJ+UKlAFG2JZint4CBKPFiZC0tVo04iDQQUUfDC4c8K3cS5uzypebJyoLo +e5b8rScCgYBedJg6vklhMWv2wZD10hbQaXEX5r8T6EQujbfO0RcKpuaJziPPrXO8 +QwPtLt0f40yjTmPxN3LcpgMymiun9UCSTZ3MhVKekCmSNzs5+lQpCm1VlDrCg+jn +djw0VCX8Cm0lOPIyQ4eCNAB6nQLtBnXFWaqYuUS8iVDE7wmT0iwnkAIVAMKogWVA +ZOKwjTj9Yztv3lGj7VTa +-END DSA PRIVATE KEY- http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug41033.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/openssl/tests/bug41033.phpt diff -u /dev/null php-src/ext/openssl/tests/bug41033.phpt:1.2 --- /dev/null Tue Nov 18 02:12:48 2008 +++ php-src/ext/openssl/tests/bug41033.phpt Tue Nov 18 02:12:48 2008 @@ -0,0 +1,27 @@ +--TEST-- +#41033, enable signing with DSA keys +--SKIPIF-- +?php +if (!extension_loaded(openssl)) die(skip, openssl required); +if (OPENSSL_VERSION_NUMBER 0x009070af) die(skip); +? +--FILE-- +?php +$prv = 'file://' . dirname(__FILE__) . '/' . 'bug41033.pem'; +$pub = 'file://' . dirname(__FILE__) . '/' . 'bug41033pub.pem'; + + +$prkeyid = openssl_get_privatekey($prv, 1234); +$ct = bHello I am some text!; +openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_DSS1); +echo Signature: .base64_encode($signature) . \n; + +$pukeyid = openssl_get_publickey($pub); +$valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_DSS1); +echo Signature validity: . $valid . \n; + + +? +--EXPECTF-- +Signature: %s +Signature validity: 1 http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug41033pub.pem?r1=1.1r2=1.2diff_format=u Index: php-src/ext/openssl/tests/bug41033pub.pem diff -u /dev/null php-src/ext/openssl/tests/bug41033pub.pem:1.2 --- /dev/null Tue Nov 18 02:12:48 2008 +++ php-src/ext/openssl/tests/bug41033pub.pem Tue Nov 18 02:12:48 2008 @@ -0,0 +1,12 @@ +-BEGIN PUBLIC KEY- +MIIBtjCCASsGByqGSM44BAEwggEeAoGBAKtD8HL9jk5BGaZz975b54VWh5HnLxY8 +6TKTBLaFzbVpI1jlferxkd1Xjru2EV39AKhHnmEdNEZFtiZ86RdKKxyi1TTwhKXE +gff0QSEVLPCrOTEV9qRyAcS7jUBQ4h8nYPP69ya5qwwTXn2kM/R3SC3nmkpE9xei +H3XqnZVL8UGJAhUAydALpb4rVut6UeqlSrBDVx00mSUCgYA3znyAb9QgX5TcJhNy +CXn85QCo7O+K0xXa574CQMSQY0RmzcpQCOmod25/UTfOeXuEkkhGv7fey6X1RLGf +S9zMMGQQk+tqVCM1fYJ2dgoMOEn5QqUAUbYlmKe3gIEo8WJkLS1WjTiINBBRR8ML +hzwrdxLm7PKl5snKguh7lvytJwOBhAACgYBedJg6vklhMWv2wZD10hbQaXEX5r8T
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
iliaa Sun Oct 26 14:36:25 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: MFB: Fixed compiler warning http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.172r2=1.173diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.172 php-src/ext/openssl/openssl.c:1.173 --- php-src/ext/openssl/openssl.c:1.172 Fri Oct 24 14:34:14 2008 +++ php-src/ext/openssl/openssl.c Sun Oct 26 14:36:25 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.172 2008/10/24 14:34:14 felipe Exp $ */ +/* $Id: openssl.c,v 1.173 2008/10/26 14:36:25 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -3637,7 +3637,7 @@ } } - BIO_reset(infile); + (void)BIO_reset(infile); /* write the encrypted data */ SMIME_write_PKCS7(outfile, p7, infile, flags); @@ -3732,7 +3732,7 @@ goto clean_exit; } - BIO_reset(infile); + (void)BIO_reset(infile); /* tack on extra headers */ if (zheaders) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
iliaa Tue Oct 14 23:39:02 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: MFB: Fixed bug #46271 (local_cert option is not resolved to full path) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.169r2=1.170diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.169 php-src/ext/openssl/openssl.c:1.170 --- php-src/ext/openssl/openssl.c:1.169 Tue Sep 30 14:40:58 2008 +++ php-src/ext/openssl/openssl.c Tue Oct 14 23:39:02 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.169 2008/09/30 14:40:58 rrichards Exp $ */ +/* $Id: openssl.c,v 1.170 2008/10/14 23:39:02 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -4700,30 +4700,33 @@ X509 *cert = NULL; EVP_PKEY *key = NULL; SSL *tmpssl; + char resolved_path_buff[MAXPATHLEN]; - /* a certificate to use for authentication */ - if (SSL_CTX_use_certificate_chain_file(ctx, certfile) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer, certfile); - return NULL; - } + if (VCWD_REALPATH(certfile, resolved_path_buff)) { + /* a certificate to use for authentication */ + if (SSL_CTX_use_certificate_chain_file(ctx, resolved_path_buff) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer, certfile); + return NULL; + } - if (SSL_CTX_use_PrivateKey_file(ctx, certfile, SSL_FILETYPE_PEM) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, Unable to set private key file `%s', certfile); - return NULL; - } + if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Unable to set private key file `%s', resolved_path_buff); + return NULL; + } - tmpssl = SSL_new(ctx); - cert = SSL_get_certificate(tmpssl); + tmpssl = SSL_new(ctx); + cert = SSL_get_certificate(tmpssl); - if (cert) { - key = X509_get_pubkey(cert); - EVP_PKEY_copy_parameters(key, SSL_get_privatekey(tmpssl)); - EVP_PKEY_free(key); - } - SSL_free(tmpssl); + if (cert) { + key = X509_get_pubkey(cert); + EVP_PKEY_copy_parameters(key, SSL_get_privatekey(tmpssl)); + EVP_PKEY_free(key); + } + SSL_free(tmpssl); - if (!SSL_CTX_check_private_key(ctx)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, Private key does not match certificate!); + if (!SSL_CTX_check_private_key(ctx)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Private key does not match certificate!); + } } } if (ok) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
rrichards Tue Sep 30 14:40:58 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: initialize keyresource http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.168r2=1.169diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.168 php-src/ext/openssl/openssl.c:1.169 --- php-src/ext/openssl/openssl.c:1.168 Thu Sep 18 16:02:09 2008 +++ php-src/ext/openssl/openssl.c Tue Sep 30 14:40:58 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.168 2008/09/18 16:02:09 scottmac Exp $ */ +/* $Id: openssl.c,v 1.169 2008/09/30 14:40:58 rrichards Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -2408,7 +2408,7 @@ X509 * cert = NULL, *new_cert = NULL; X509_REQ * csr; EVP_PKEY * key = NULL, *priv_key = NULL; - long csr_resource, certresource = 0, keyresource; + long csr_resource, certresource = 0, keyresource = -1; int i; struct php_x509_request req; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
scottmacThu Sep 18 16:02:09 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: Show the library version currently loaded as well as the version the extension was compiled with. Useful for checking PHP is using the latest version. http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.167r2=1.168diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.167 php-src/ext/openssl/openssl.c:1.168 --- php-src/ext/openssl/openssl.c:1.167 Tue Aug 5 14:58:57 2008 +++ php-src/ext/openssl/openssl.c Thu Sep 18 16:02:09 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.167 2008/08/05 14:58:57 tony2001 Exp $ */ +/* $Id: openssl.c,v 1.168 2008/09/18 16:02:09 scottmac Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1092,7 +1092,8 @@ { php_info_print_table_start(); php_info_print_table_row(2, OpenSSL support, enabled); - php_info_print_table_row(2, OpenSSL Version, OPENSSL_VERSION_TEXT); + php_info_print_table_row(2, OpenSSL Library Version, SSLeay_version(SSLEAY_VERSION)); + php_info_print_table_row(2, OpenSSL Header Version, OPENSSL_VERSION_TEXT); php_info_print_table_end(); } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Tue Aug 5 14:58:57 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: fix typo http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.166r2=1.167diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.166 php-src/ext/openssl/openssl.c:1.167 --- php-src/ext/openssl/openssl.c:1.166 Wed Jul 30 11:58:43 2008 +++ php-src/ext/openssl/openssl.c Tue Aug 5 14:58:57 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.166 2008/07/30 11:58:43 tony2001 Exp $ */ +/* $Id: openssl.c,v 1.167 2008/08/05 14:58:57 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -3718,7 +3718,7 @@ char * outfilename; int outfilename_len; char * extracertsfilename; int extracertsfilename_len; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, a!|ls, ppinfilename, + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, a!|lZ, ppinfilename, ppoutfilename, zcert, zprivkey, zheaders, flags, ppextracertsfilename) == FAILURE) { return; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Wed Jul 30 11:58:44 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: fix folding http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.165r2=1.166diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.165 php-src/ext/openssl/openssl.c:1.166 --- php-src/ext/openssl/openssl.c:1.165 Fri Jul 18 23:59:49 2008 +++ php-src/ext/openssl/openssl.c Wed Jul 30 11:58:43 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.165 2008/07/18 23:59:49 hnangelo Exp $ */ +/* $Id: openssl.c,v 1.166 2008/07/30 11:58:43 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -392,6 +392,7 @@ ZEND_ARG_INFO(0, dh_key) ZEND_END_ARG_INFO() /* }}} */ + /* {{{ openssl_functions[] */ const zend_function_entry openssl_functions[] = { @@ -513,11 +514,11 @@ } /* }}} */ -/* {{{ openssl - PHP bridging */ +/* openssl - PHP bridging */ /* true global; readonly after module startup */ static char default_ssl_conf_filename[MAXPATHLEN]; -struct php_x509_request { +struct php_x509_request { /* {{{ */ LHASH * global_config; /* Global SSL config */ LHASH * req_config; /* SSL config for this request */ const EVP_MD * md_alg; @@ -534,7 +535,7 @@ EVP_PKEY * priv_key; }; - +/* }}} */ static X509 * php_openssl_x509_from_zval(zval ** val, int makeresource, long * resourceval TSRMLS_DC); static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char * passphrase, int makeresource, long * resourceval TSRMLS_DC); @@ -544,7 +545,6 @@ static X509_REQ * php_openssl_csr_from_zval(zval ** val, int makeresource, long * resourceval TSRMLS_DC); static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req TSRMLS_DC); - static void add_ascii_assoc_name_entry(zval * val, char * key, X509_NAME * name, int shortname TSRMLS_DC) /* {{{ */ { zval *subitem, *subentries; @@ -707,12 +707,7 @@ } /* }}} */ -static inline int php_openssl_config_check_syntax( - const char * section_label, - const char * config_filename, - const char * section, - LHASH * config TSRMLS_DC - ) /* {{{ */ +static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH * config TSRMLS_DC) /* {{{ */ { X509V3_CTX ctx; @@ -779,13 +774,7 @@ else \ varname = defval - - -static int php_openssl_parse_config( - struct php_x509_request * req, - zval * optional_args - TSRMLS_DC - ) /* {{{ */ +static int php_openssl_parse_config(struct php_x509_request * req, zval * optional_argsTSRMLS_DC) /* {{{ */ { char * str; zval ** item; @@ -4980,7 +4969,6 @@ } /* }}} */ - /* {{{ proto string openssl_dh_compute_key(string pub_key, resource dh_key) U Computes shared sicret for public value of remote DH key and local DH key */ PHP_FUNCTION(openssl_dh_compute_key) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
hnangeloFri Jul 18 23:59:49 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: Add unicode suport to ext/openssl http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.164r2=1.165diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.164 php-src/ext/openssl/openssl.c:1.165 --- php-src/ext/openssl/openssl.c:1.164 Tue Jul 15 03:21:56 2008 +++ php-src/ext/openssl/openssl.c Fri Jul 18 23:59:49 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.164 2008/07/15 03:21:56 hnangelo Exp $ */ +/* $Id: openssl.c,v 1.165 2008/07/18 23:59:49 hnangelo Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -545,7 +545,7 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req TSRMLS_DC); -static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int shortname TSRMLS_DC) /* {{{ */ +static void add_ascii_assoc_name_entry(zval * val, char * key, X509_NAME * name, int shortname TSRMLS_DC) /* {{{ */ { zval *subitem, *subentries; int i, j = -1, last = -1, obj_cnt = 0; @@ -619,7 +619,7 @@ } /* }}} */ -static void add_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str) /* {{{ */ +static void add_ascii_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str) /* {{{ */ { unsigned char *data; int data_len; @@ -764,7 +764,8 @@ req-config_filename, req-var, req-req_config TSRMLS_CC) == FAILURE) return FAILURE #define SET_OPTIONAL_STRING_ARG(key, varname, defval) \ - if (optional_args zend_ascii_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)item) == SUCCESS) { \ + if (optional_args (zend_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)item) == SUCCESS || \ + zend_ascii_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)item) == SUCCESS)) { \ convert_to_string_ex(item); \ varname = Z_STRVAL_PP(item); \ } else \ @@ -772,7 +773,8 @@ #define SET_OPTIONAL_LONG_ARG(key, varname, defval)\ - if (optional_args zend_ascii_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)item) == SUCCESS) \ + if (optional_args (zend_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)item) == SUCCESS || \ + zend_ascii_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)item) == SUCCESS)) \ varname = Z_LVAL_PP(item); \ else \ varname = defval @@ -820,7 +822,8 @@ SET_OPTIONAL_LONG_ARG(private_key_type, req-priv_key_type, OPENSSL_KEYTYPE_DEFAULT); - if (optional_args zend_hash_find(Z_ARRVAL_P(optional_args), encrypt_key, sizeof(encrypt_key), (void**)item) == SUCCESS) { + if (optional_args (zend_ascii_hash_find(Z_ARRVAL_P(optional_args), encrypt_key, sizeof(encrypt_key), (void**)item) == SUCCESS || + zend_hash_find(Z_ARRVAL_P(optional_args), encrypt_key, sizeof(encrypt_key), (void**)item) == SUCCESS)) { req-priv_key_encrypt = Z_BVAL_PP(item); } else { str = CONF_get_string(req-req_config, req-section_name, encrypt_rsa_key); @@ -1140,6 +1143,9 @@ static X509 * php_openssl_x509_from_zval(zval ** val, int makeresource, long * resourceval TSRMLS_DC) { X509 *cert = NULL; + char *filename = NULL; + int filename_len; + UChar *unicode_tmp; if (resourceval) { *resourceval = -1; @@ -1165,22 +1171,34 @@ return NULL; } - if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) { + if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_UNICODE || Z_TYPE_PP(val) == IS_OBJECT)) { return NULL; } /* force it to be a string and check if it refers to a file */ - convert_to_string_ex(val); + if (Z_TYPE_PP(val) == IS_OBJECT) { + convert_to_string_ex(val); + } + + /* use u_memcp() if type is unicode */ + unicode_tmp = USTR_MAKE(file://); + if (Z_STRLEN_PP(val) 7 (memcmp(Z_STRVAL_PP(val), file://, sizeof(file://) - 1) == 0 || u_memcmp(Z_USTRVAL_PP(val), unicode_tmp, sizeof(file://) - 1) == 0)) { + if (php_stream_path_param_encode(val, filename, filename_len, REPORT_ERRORS, FG(default_context)) == FAILURE) { + USTR_FREE(unicode_tmp); + return NULL; + } + filename += sizeof(file://) - 1; + } + USTR_FREE(unicode_tmp); - if (Z_STRLEN_PP(val) 7 memcmp(Z_STRVAL_PP(val), file://, sizeof(file://) - 1) == 0) { - /* read cert from the named file */ + if (filename) { BIO *in; -
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 006.phpt
hnangeloTue Jul 15 02:46:26 2008 UTC Modified files: /php-src/ext/opensslopenssl.c /php-src/ext/openssl/tests 006.phpt Log: Fix segfault caused by openssl_pkey_new() in ext/openssl/tests/006.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.161r2=1.162diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.161 php-src/ext/openssl/openssl.c:1.162 --- php-src/ext/openssl/openssl.c:1.161 Sat Jun 28 09:24:18 2008 +++ php-src/ext/openssl/openssl.c Tue Jul 15 02:46:26 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.161 2008/06/28 09:24:18 hnangelo Exp $ */ +/* $Id: openssl.c,v 1.162 2008/07/15 02:46:26 hnangelo Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -2950,8 +2950,10 @@ OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1); OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1); OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp); - if (EVP_PKEY_assign_RSA(pkey, rsa)) { - RETURN_RESOURCE(zend_list_insert(pkey, le_key)); + if (rsa-n rsa-d) { + if (EVP_PKEY_assign_RSA(pkey, rsa)) { + RETURN_RESOURCE(zend_list_insert(pkey, le_key)); + } } RSA_free(rsa); } @@ -2969,11 +2971,13 @@ OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g); OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key); OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key); - if (!dsa-priv_key !dsa-pub_key) { - DSA_generate_key(dsa); - } - if (EVP_PKEY_assign_DSA(pkey, dsa)) { - RETURN_RESOURCE(zend_list_insert(pkey, le_key)); + if (dsa-p dsa-q dsa-g) { + if (!dsa-priv_key !dsa-pub_key) { + DSA_generate_key(dsa); + } + if (EVP_PKEY_assign_DSA(pkey, dsa)) { + RETURN_RESOURCE(zend_list_insert(pkey, le_key)); + } } DSA_free(dsa); } @@ -2990,11 +2994,13 @@ OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g); OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key); OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key); - if (!dh-pub_key) { - DH_generate_key(dh); - } - if (EVP_PKEY_assign_DH(pkey, dh)) { - RETURN_RESOURCE(zend_list_insert(pkey, le_key)); + if (dh-p dh-g) { + if (!dh-pub_key) { + DH_generate_key(dh); + } + if (EVP_PKEY_assign_DH(pkey, dh)) { + RETURN_RESOURCE(zend_list_insert(pkey, le_key)); + } } DH_free(dh); } http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/006.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/openssl/tests/006.phpt diff -u /dev/null php-src/ext/openssl/tests/006.phpt:1.2 --- /dev/null Tue Jul 15 02:46:26 2008 +++ php-src/ext/openssl/tests/006.phpt Tue Jul 15 02:46:26 2008 @@ -0,0 +1,25 @@ +--TEST-- +openssl_pkey_new() with an empty sub-array arg generates a malformed resource +--SKIPIF-- +?php if (!extension_loaded(openssl)) print skip; ? +--FILE-- +?php +/* openssl_pkey_get_details() segfaults when getting the information + from openssl_pkey_new() with an empty sub-array arg */ +
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 023.phpt 025.phpt cert.crt private.key
hnangeloTue Jul 15 03:04:26 2008 UTC Modified files: /php-src/ext/opensslopenssl.c /php-src/ext/openssl/tests 023.phpt 025.phpt cert.crt private.key Log: Fix uninitilized variables in openssl_pkcs7_encrypt() and openssl_pkcs7_sign() http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.162r2=1.163diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.162 php-src/ext/openssl/openssl.c:1.163 --- php-src/ext/openssl/openssl.c:1.162 Tue Jul 15 02:46:26 2008 +++ php-src/ext/openssl/openssl.c Tue Jul 15 03:04:25 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.162 2008/07/15 02:46:26 hnangelo Exp $ */ +/* $Id: openssl.c,v 1.163 2008/07/15 03:04:25 hnangelo Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -3513,6 +3513,7 @@ if (zheaders) { zend_hash_internal_pointer_reset_ex(HASH_OF(zheaders), hpos); while(zend_hash_get_current_data_ex(HASH_OF(zheaders), (void**)zcertval, hpos) == SUCCESS) { + strindex.s = NULL; zend_hash_get_current_key_ex(HASH_OF(zheaders), strindex, strindexlen, intindex, 0, hpos); convert_to_string_ex(zcertval); @@ -3622,6 +3623,7 @@ if (zheaders) { zend_hash_internal_pointer_reset_ex(HASH_OF(zheaders), hpos); while(zend_hash_get_current_data_ex(HASH_OF(zheaders), (void**)hval, hpos) == SUCCESS) { + strindex.s = NULL; zend_hash_get_current_key_ex(HASH_OF(zheaders), strindex, strindexlen, intindex, 0, hpos); convert_to_string_ex(hval); http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/023.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/openssl/tests/023.phpt diff -u /dev/null php-src/ext/openssl/tests/023.phpt:1.2 --- /dev/null Tue Jul 15 03:04:26 2008 +++ php-src/ext/openssl/tests/023.phpt Tue Jul 15 03:04:26 2008 @@ -0,0 +1,65 @@ +--TEST-- +openssl_pkcs7_encrypt() tests +--SKIPIF-- +?php if (!extension_loaded(openssl)) print skip; ? +--FILE-- +?php +$infile = (binary) (dirname(__FILE__) . /cert.crt); +$outfile = (binary) tempnam(b/tmp, bssl); +if ($outfile === false) + die(failed to get a temporary filename!); + +$single_cert = (binary) (file:// . dirname(__FILE__) . /cert.crt); +$multi_certs = array($single_cert, $single_cert); +$assoc_headers = array(To = [EMAIL PROTECTED], Subject = testing openssl_pkcs7_encrypt()); +$assoc_headers_bin = array(bTo = b[EMAIL PROTECTED], bSubject = btesting openssl_pkcs7_encrypt()); +$headers = array([EMAIL PROTECTED], testing openssl_pkcs7_encrypt()); +$headers_bin = array(b[EMAIL PROTECTED], btesting openssl_pkcs7_encrypt()); +$empty_headers = array(); +$unicode_headers = array(\u0500 = test, test = invalid unicode\u0500); +$wrong = wrong; +$wrong2 = bwrong; +$empty = b; + +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $headers_bin)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $assoc_headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $assoc_headers_bin)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty_headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $unicode_headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $wrong)); +var_dump(openssl_pkcs7_encrypt($wrong, $outfile, $single_cert, $headers)); +var_dump(openssl_pkcs7_encrypt($empty, $outfile, $single_cert, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $empty, $single_cert, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong2, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $empty, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $multi_certs, $headers)); + +if (file_exists($outfile)) { + echo true\n; + unlink($outfile); +} +? +--EXPECTF-- +bool(true) +bool(true) +bool(true) +bool(true) +bool(true) +bool(true) + +Warning: openssl_pkcs7_encrypt() expects parameter 4 to be array, Unicode string given in %s on line %d +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) + +Warning: openssl_pkcs7_encrypt() expects parameter 4 to be array, binary string given in %s on line %d +bool(false) +bool(true) +true http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/025.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/openssl/tests/025.phpt diff -u /dev/null php-src/ext/openssl/tests/025.phpt:1.2 --- /dev/null Tue Jul 15 03:04:26 2008 +++ php-src/ext/openssl/tests/025.phpt Tue Jul 15 03:04:26 2008 @@ -0,0
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
hnangeloSat Jun 28 09:24:18 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: Fix a memory leak on openssl_decrypt() http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.160r2=1.161diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.160 php-src/ext/openssl/openssl.c:1.161 --- php-src/ext/openssl/openssl.c:1.160 Sun Jun 1 18:25:29 2008 +++ php-src/ext/openssl/openssl.c Sat Jun 28 09:24:18 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.160 2008/06/01 18:25:29 bjori Exp $ */ +/* $Id: openssl.c,v 1.161 2008/06/28 09:24:18 hnangelo Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -4691,10 +4691,9 @@ return; } - if (!raw_input) { - base64_str = (char*)php_base64_decode((unsigned char*)data, data_len, base64_str_len); - data_len = base64_str_len; - data = base64_str; + if (!method_len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Unknown cipher algorithm); + RETURN_FALSE; } cipher_type = EVP_get_cipherbyname(method); @@ -4703,6 +4702,12 @@ RETURN_FALSE; } + if (!raw_input) { + base64_str = (char*)php_base64_decode((unsigned char*)data, data_len, base64_str_len); + data_len = base64_str_len; + data = base64_str; + } + keylen = EVP_CIPHER_key_length(cipher_type); if (keylen password_len) { key = emalloc(keylen); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
bjori Sun Jun 1 18:25:29 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: MFB: fix arginfo http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.159r2=1.160diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.159 php-src/ext/openssl/openssl.c:1.160 --- php-src/ext/openssl/openssl.c:1.159 Sun Jun 1 18:21:05 2008 +++ php-src/ext/openssl/openssl.c Sun Jun 1 18:25:29 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.159 2008/06/01 18:21:05 bjori Exp $ */ +/* $Id: openssl.c,v 1.160 2008/06/01 18:25:29 bjori Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -288,7 +288,7 @@ static ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_private_encrypt, 0, 0, 3) ZEND_ARG_INFO(0, data) -ZEND_ARG_INFO(0, crypted) +ZEND_ARG_INFO(1, crypted) ZEND_ARG_INFO(0, key) ZEND_ARG_INFO(0, padding) ZEND_END_ARG_INFO() @@ -296,7 +296,7 @@ static ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_private_decrypt, 0, 0, 3) ZEND_ARG_INFO(0, data) -ZEND_ARG_INFO(0, crypted) +ZEND_ARG_INFO(1, crypted) ZEND_ARG_INFO(0, key) ZEND_ARG_INFO(0, padding) ZEND_END_ARG_INFO() @@ -304,7 +304,7 @@ static ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_public_encrypt, 0, 0, 3) ZEND_ARG_INFO(0, data) -ZEND_ARG_INFO(0, crypted) +ZEND_ARG_INFO(1, crypted) ZEND_ARG_INFO(0, key) ZEND_ARG_INFO(0, padding) ZEND_END_ARG_INFO() @@ -312,7 +312,7 @@ static ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_public_decrypt, 0, 0, 3) ZEND_ARG_INFO(0, data) -ZEND_ARG_INFO(0, crypted) +ZEND_ARG_INFO(1, crypted) ZEND_ARG_INFO(0, key) ZEND_ARG_INFO(0, padding) ZEND_END_ARG_INFO() -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
bjori Sun Jun 1 18:21:05 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: MFB: Add arginfo fix protos http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.158r2=1.159diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.158 php-src/ext/openssl/openssl.c:1.159 --- php-src/ext/openssl/openssl.c:1.158 Sun May 4 21:16:22 2008 +++ php-src/ext/openssl/openssl.c Sun Jun 1 18:21:05 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.158 2008/05/04 21:16:22 colder Exp $ */ +/* $Id: openssl.c,v 1.159 2008/06/01 18:21:05 bjori Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -58,13 +58,6 @@ #define DEBUG_SMIME0 -static - ZEND_BEGIN_ARG_INFO(arg2and3_force_ref, 0) - ZEND_ARG_PASS_INFO(0) - ZEND_ARG_PASS_INFO(1) - ZEND_ARG_PASS_INFO(1) - ZEND_END_ARG_INFO(); - /* FIXME: Use the openssl constants instead of * enum. It is now impossible to match real values * against php constants. Also sorry to break the @@ -99,69 +92,369 @@ PHP_FUNCTION(openssl_dh_compute_key); +/* {{{ arginfo */ +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_x509_export_to_file, 0, 0, 2) +ZEND_ARG_INFO(0, x509) +ZEND_ARG_INFO(0, outfilename) +ZEND_ARG_INFO(0, notext) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_x509_export, 0, 0, 2) +ZEND_ARG_INFO(0, x509) +ZEND_ARG_INFO(1, out) +ZEND_ARG_INFO(0, notext) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO(arginfo_openssl_x509_check_private_key, 0) +ZEND_ARG_INFO(0, cert) +ZEND_ARG_INFO(0, key) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO(arginfo_openssl_x509_parse, 0) +ZEND_ARG_INFO(0, x509) +ZEND_ARG_INFO(0, shortname) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_x509_checkpurpose, 0, 0, 3) +ZEND_ARG_INFO(0, x509cert) +ZEND_ARG_INFO(0, purpose) +ZEND_ARG_INFO(0, cainfo) /* array */ +ZEND_ARG_INFO(0, untrustedfile) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO(arginfo_openssl_x509_read, 0) +ZEND_ARG_INFO(0, cert) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO(arginfo_openssl_x509_free, 0) +ZEND_ARG_INFO(0, x509) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkcs12_export_to_file, 0, 0, 4) +ZEND_ARG_INFO(0, x509) +ZEND_ARG_INFO(0, filename) +ZEND_ARG_INFO(0, priv_key) +ZEND_ARG_INFO(0, pass) +ZEND_ARG_INFO(0, args) /* array */ +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO(arginfo_openssl_pkcs12_export, 0) +ZEND_ARG_INFO(0, x509) +ZEND_ARG_INFO(1, out) +ZEND_ARG_INFO(0, priv_key) +ZEND_ARG_INFO(0, pass) +ZEND_ARG_INFO(0, args) /* array */ +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO(arginfo_openssl_pkcs12_read, 0) +ZEND_ARG_INFO(0, PKCS12) +ZEND_ARG_INFO(1, certs) /* array */ +ZEND_ARG_INFO(0, pass) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_csr_export_to_file, 0, 0, 2) +ZEND_ARG_INFO(0, csr) +ZEND_ARG_INFO(0, outfilename) +ZEND_ARG_INFO(0, notext) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_csr_export, 0, 0, 2) +ZEND_ARG_INFO(0, csr) +ZEND_ARG_INFO(1, out) +ZEND_ARG_INFO(0, notext) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_csr_sign, 0, 0, 4) +ZEND_ARG_INFO(0, csr) +ZEND_ARG_INFO(0, x509) +ZEND_ARG_INFO(0, priv_key) +ZEND_ARG_INFO(0, days) +ZEND_ARG_INFO(0, config_args) /* array */ +ZEND_ARG_INFO(0, serial) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_csr_new, 0, 0, 2) +ZEND_ARG_INFO(0, dn) /* array */ +ZEND_ARG_INFO(1, privkey) +ZEND_ARG_INFO(0, configargs) +ZEND_ARG_INFO(0, extraattribs) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO(arginfo_openssl_csr_get_subject, 0) +ZEND_ARG_INFO(0, csr) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO(arginfo_openssl_csr_get_public_key, 0) +ZEND_ARG_INFO(0, csr) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkey_new, 0, 0, 0) +ZEND_ARG_INFO(0, configargs) /* array */ +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkey_export_to_file, 0, 0, 2) +ZEND_ARG_INFO(0, key) +ZEND_ARG_INFO(0, outfilename) +ZEND_ARG_INFO(0, passphrase) +ZEND_ARG_INFO(0, config_args) /* array */ +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkey_export, 0, 0, 2) +ZEND_ARG_INFO(0, key) +ZEND_ARG_INFO(1, out) +ZEND_ARG_INFO(0, passphrase) +ZEND_ARG_INFO(0, config_args) /* array */ +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO(arginfo_openssl_pkey_get_public, 0) +ZEND_ARG_INFO(0, cert) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO(arginfo_openssl_pkey_free, 0) +ZEND_ARG_INFO(0, key)
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Wed Apr 2 14:35:17 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: initialize variable http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.156r2=1.157diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.156 php-src/ext/openssl/openssl.c:1.157 --- php-src/ext/openssl/openssl.c:1.156 Thu Feb 28 14:16:13 2008 +++ php-src/ext/openssl/openssl.c Wed Apr 2 14:35:16 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.156 2008/02/28 14:16:13 felipe Exp $ */ +/* $Id: openssl.c,v 1.157 2008/04/02 14:35:16 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -2051,7 +2051,7 @@ X509 * cert = NULL, *new_cert = NULL; X509_REQ * csr; EVP_PKEY * key = NULL, *priv_key = NULL; - long csr_resource, certresource, keyresource; + long csr_resource, certresource = 0, keyresource; int i; struct php_x509_request req; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
rrichards Tue Jan 15 15:12:12 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: fix memleak in sign and verify functions http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.154r2=1.155diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.154 php-src/ext/openssl/openssl.c:1.155 --- php-src/ext/openssl/openssl.c:1.154 Wed Jan 9 16:46:52 2008 +++ php-src/ext/openssl/openssl.c Tue Jan 15 15:12:12 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.154 2008/01/09 16:46:52 rrichards Exp $ */ +/* $Id: openssl.c,v 1.155 2008/01/15 15:12:12 rrichards Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -3754,6 +3754,7 @@ efree(sigbuf); RETVAL_FALSE; } + EVP_MD_CTX_cleanup(md_ctx); if (keyresource == -1) { EVP_PKEY_free(pkey); } @@ -3804,6 +3805,7 @@ EVP_VerifyInit (md_ctx, mdtype); EVP_VerifyUpdate (md_ctx, data, data_len); err = EVP_VerifyFinal (md_ctx, (unsigned char *)signature, signature_len, pkey); + EVP_MD_CTX_cleanup(md_ctx); if (keyresource == -1) { EVP_PKEY_free(pkey); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
rrichards Wed Jan 9 16:46:52 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: fix crash when using default algorithm http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.153r2=1.154diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.153 php-src/ext/openssl/openssl.c:1.154 --- php-src/ext/openssl/openssl.c:1.153 Mon Dec 31 07:12:12 2007 +++ php-src/ext/openssl/openssl.c Wed Jan 9 16:46:52 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.153 2007/12/31 07:12:12 sebastian Exp $ */ +/* $Id: openssl.c,v 1.154 2008/01/09 16:46:52 rrichards Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -3725,7 +3725,7 @@ } if (method == NULL || Z_TYPE_P(method) == IS_LONG) { - if (Z_TYPE_P(method) == IS_LONG) { + if (method != NULL) { signature_algo = Z_LVAL_P(method); } mdtype = php_openssl_get_evp_md_from_algo(signature_algo); @@ -3780,7 +3780,7 @@ } if (method == NULL || Z_TYPE_P(method) == IS_LONG) { - if (Z_TYPE_P(method) == IS_LONG) { + if (method != NULL) { signature_algo = Z_LVAL_P(method); } mdtype = php_openssl_get_evp_md_from_algo(signature_algo); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/openssl openssl.c
Hi! Please see attached patch. Cheers, Mattias. On Wed, Aug 08, 2007 at 02:18:42AM +0400, Antony Dovgal wrote: Two OpenSSL tests started to fail yesterday: # cat ext/openssl/tests/004.diff 009+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in /local/qa/5_2/ext/openssl/tests/004.php on line 7 009- Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min - 4 (failed) in %s on line %d 011+ 012+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in /local/qa/5_2/ext/openssl/tests/004.php on line 12 013+ bool(false) 011- resource(%d) of type (OpenSSL X.509 CSR) # cat ext/openssl/tests/bug36732.diff 001+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 16 002+ 001- Ok 002- Ok 003+ Warning: openssl_csr_sign(): cannot get CSR from parameter 1 in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 17 004+ 005+ Warning: openssl_csr_export() expects parameter 1 to be resource, boolean given in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 20 006+ 007+ Warning: openssl_x509_export(): cannot get cert from parameter 1 in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 25 On 06.08.2007 23:50, Pierre-Alain Joye wrote: pajoye Mon Aug 6 19:50:16 2007 UTC Modified files: /php-src/ext/openssl openssl.c Log: - MFB: #4, forgot this one (thanks mattias) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.147r2=1.148diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.147 php-src/ext/openssl/openssl.c:1.148 --- php-src/ext/openssl/openssl.c:1.147 Mon Aug 6 19:13:05 2007 +++ php-src/ext/openssl/openssl.cMon Aug 6 19:50:16 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.147 2007/08/06 19:13:05 pajoye Exp $ */ +/* $Id: openssl.c,v 1.148 2007/08/06 19:50:16 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1818,9 +1818,10 @@ len = 200; } memcpy(buffer, type, len); -buffer[len] = '\0'; +buffer[len - 1] = '\0'; + type = buffer; - + /* Skip past any leading X. X: X, etc to allow for multiple * instances */ for (str = type; *str; str++) { -- Wbr, Antony Dovgal -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Index: ext/openssl/openssl.c === RCS file: /repository/php-src/ext/openssl/openssl.c,v retrieving revision 1.98.2.5.2.40 diff -u -a -r1.98.2.5.2.40 openssl.c --- ext/openssl/openssl.c 6 Aug 2007 19:49:45 - 1.98.2.5.2.40 +++ ext/openssl/openssl.c 8 Aug 2007 06:19:40 - @@ -1726,7 +1726,7 @@ /* Finally apply defaults from config file */ for(i = 0; i sk_CONF_VALUE_num(dn_sk); i++) { int len; - char buffer[200]; + char buffer[200 + 1]; v = sk_CONF_VALUE_value(dn_sk, i); type = v-name; @@ -1743,7 +1743,7 @@ len = 200; } memcpy(buffer, type, len); - buffer[len - 1] = '\0'; + buffer[len] = '\0'; type = buffer; /* Skip past any leading X. X: X, etc to allow for multiple -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Wed Aug 8 06:30:56 2007 UTC Modified files: /php-src/ext/opensslopenssl.c Log: - MFB: fix regressio introduced by #4 http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.148r2=1.149diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.148 php-src/ext/openssl/openssl.c:1.149 --- php-src/ext/openssl/openssl.c:1.148 Mon Aug 6 19:50:16 2007 +++ php-src/ext/openssl/openssl.c Wed Aug 8 06:30:56 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.148 2007/08/06 19:50:16 pajoye Exp $ */ +/* $Id: openssl.c,v 1.149 2007/08/08 06:30:56 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1801,7 +1801,7 @@ /* Finally apply defaults from config file */ for(i = 0; i sk_CONF_VALUE_num(dn_sk); i++) { int len; - char buffer[200]; + char buffer[200 + 1]; /* 200 + \n !*/ v = sk_CONF_VALUE_value(dn_sk, i); type = v-name; @@ -1818,7 +1818,7 @@ len = 200; } memcpy(buffer, type, len); - buffer[len - 1] = '\0'; + buffer[len] = '\0'; type = buffer; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/openssl openssl.c
Hi Mattias, Thanks for the patch (we came to the same conclusion yesterday :) applied On 8/8/07, Mattias Bengtsson [EMAIL PROTECTED] wrote: Hi! Please see attached patch. Cheers, Mattias. On Wed, Aug 08, 2007 at 02:18:42AM +0400, Antony Dovgal wrote: Two OpenSSL tests started to fail yesterday: # cat ext/openssl/tests/004.diff 009+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in /local/qa/5_2/ext/openssl/tests/004.php on line 7 009- Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min - 4 (failed) in %s on line %d 011+ 012+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in /local/qa/5_2/ext/openssl/tests/004.php on line 12 013+ bool(false) 011- resource(%d) of type (OpenSSL X.509 CSR) # cat ext/openssl/tests/bug36732.diff 001+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 16 002+ 001- Ok 002- Ok 003+ Warning: openssl_csr_sign(): cannot get CSR from parameter 1 in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 17 004+ 005+ Warning: openssl_csr_export() expects parameter 1 to be resource, boolean given in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 20 006+ 007+ Warning: openssl_x509_export(): cannot get cert from parameter 1 in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 25 On 06.08.2007 23:50, Pierre-Alain Joye wrote: pajoye Mon Aug 6 19:50:16 2007 UTC Modified files: /php-src/ext/openssl openssl.c Log: - MFB: #4, forgot this one (thanks mattias) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.147r2=1.148diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.147 php-src/ext/openssl/openssl.c:1.148 --- php-src/ext/openssl/openssl.c:1.147 Mon Aug 6 19:13:05 2007 +++ php-src/ext/openssl/openssl.cMon Aug 6 19:50:16 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.147 2007/08/06 19:13:05 pajoye Exp $ */ +/* $Id: openssl.c,v 1.148 2007/08/06 19:50:16 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1818,9 +1818,10 @@ len = 200; } memcpy(buffer, type, len); -buffer[len] = '\0'; +buffer[len - 1] = '\0'; + type = buffer; - + /* Skip past any leading X. X: X, etc to allow for multiple * instances */ for (str = type; *str; str++) { -- Wbr, Antony Dovgal -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/openssl openssl.c
Two OpenSSL tests started to fail yesterday: # cat ext/openssl/tests/004.diff 009+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in /local/qa/5_2/ext/openssl/tests/004.php on line 7 009- Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min - 4 (failed) in %s on line %d 011+ 012+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in /local/qa/5_2/ext/openssl/tests/004.php on line 12 013+ bool(false) 011- resource(%d) of type (OpenSSL X.509 CSR) # cat ext/openssl/tests/bug36732.diff 001+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 16 002+ 001- Ok 002- Ok 003+ Warning: openssl_csr_sign(): cannot get CSR from parameter 1 in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 17 004+ 005+ Warning: openssl_csr_export() expects parameter 1 to be resource, boolean given in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 20 006+ 007+ Warning: openssl_x509_export(): cannot get cert from parameter 1 in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 25 On 06.08.2007 23:50, Pierre-Alain Joye wrote: pajoye Mon Aug 6 19:50:16 2007 UTC Modified files: /php-src/ext/openssl openssl.c Log: - MFB: #4, forgot this one (thanks mattias) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.147r2=1.148diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.147 php-src/ext/openssl/openssl.c:1.148 --- php-src/ext/openssl/openssl.c:1.147 Mon Aug 6 19:13:05 2007 +++ php-src/ext/openssl/openssl.c Mon Aug 6 19:50:16 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.147 2007/08/06 19:13:05 pajoye Exp $ */ +/* $Id: openssl.c,v 1.148 2007/08/06 19:50:16 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1818,9 +1818,10 @@ len = 200; } memcpy(buffer, type, len); - buffer[len] = '\0'; + buffer[len - 1] = '\0'; + type = buffer; - + /* Skip past any leading X. X: X, etc to allow for multiple * instances */ for (str = type; *str; str++) { -- Wbr, Antony Dovgal -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Mon Aug 6 19:13:05 2007 UTC Modified files: /php-src/ext/opensslopenssl.c Log: - MFB: #4, truncate the _default to the buffer size (was 200 since day #1, we don't need dynamic alloc here) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.146r2=1.147diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.146 php-src/ext/openssl/openssl.c:1.147 --- php-src/ext/openssl/openssl.c:1.146 Mon Aug 6 08:43:43 2007 +++ php-src/ext/openssl/openssl.c Mon Aug 6 19:13:05 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.146 2007/08/06 08:43:43 dmitry Exp $ */ +/* $Id: openssl.c,v 1.147 2007/08/06 19:13:05 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1814,7 +1814,9 @@ if (strcmp(_default, type + len) != 0) { continue; } - + if (len 200) { + len = 200; + } memcpy(buffer, type, len); buffer[len] = '\0'; type = buffer; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Mon Aug 6 19:50:16 2007 UTC Modified files: /php-src/ext/opensslopenssl.c Log: - MFB: #4, forgot this one (thanks mattias) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.147r2=1.148diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.147 php-src/ext/openssl/openssl.c:1.148 --- php-src/ext/openssl/openssl.c:1.147 Mon Aug 6 19:13:05 2007 +++ php-src/ext/openssl/openssl.c Mon Aug 6 19:50:16 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.147 2007/08/06 19:13:05 pajoye Exp $ */ +/* $Id: openssl.c,v 1.148 2007/08/06 19:50:16 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1818,9 +1818,10 @@ len = 200; } memcpy(buffer, type, len); - buffer[len] = '\0'; + buffer[len - 1] = '\0'; + type = buffer; - + /* Skip past any leading X. X: X, etc to allow for multiple * instances */ for (str = type; *str; str++) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 005.phpt bug28382.phpt
dmitry Wed Jul 11 12:10:28 2007 UTC Modified files: /php-src/ext/opensslopenssl.c /php-src/ext/openssl/tests 005.phpt bug28382.phpt Log: Unicode support improved openssl_x509_parse() extensions support http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.144r2=1.145diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.144 php-src/ext/openssl/openssl.c:1.145 --- php-src/ext/openssl/openssl.c:1.144 Wed Jul 11 07:35:53 2007 +++ php-src/ext/openssl/openssl.c Wed Jul 11 12:10:28 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.144 2007/07/11 07:35:53 dmitry Exp $ */ +/* $Id: openssl.c,v 1.145 2007/07/11 12:10:28 dmitry Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -283,11 +283,11 @@ str = X509_NAME_ENTRY_get_data(ne); if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) { to_add_len = ASN1_STRING_to_UTF8(to_add, str); - add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1); + add_next_index_utf8_stringl(subentries, (char *)to_add, to_add_len, 1); } else { to_add = ASN1_STRING_data(str); to_add_len = ASN1_STRING_length(str); - add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1); + add_next_index_utf8_stringl(subentries, (char *)to_add, to_add_len, 1); } } last = j; @@ -295,24 +295,36 @@ i = last; if (obj_cnt 1) { - add_assoc_zval_ex(subitem, sname, strlen(sname) + 1, subentries); + add_ascii_assoc_zval_ex(subitem, sname, strlen(sname) + 1, subentries); } else { zval_dtor(subentries); FREE_ZVAL(subentries); if (obj_cnt str) { - add_assoc_stringl(subitem, sname, (char *)to_add, to_add_len, 1); + add_ascii_assoc_utf8_stringl(subitem, sname, (char *)to_add, to_add_len, 1); } } } if (key != NULL) { - zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void *)subitem, sizeof(subitem), NULL); + add_ascii_assoc_zval_ex(val, key, strlen(key) + 1, subitem); } } /* }}} */ static void add_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str) /* {{{ */ { - add_assoc_stringl(val, key, (char *)str-data, str-length, 1); + unsigned char *data; + int data_len; + TSRMLS_FETCH(); + + if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) { + data = ASN1_STRING_data(str); + data_len = ASN1_STRING_length(str); + add_ascii_assoc_stringl(val, key, (char*)data, data_len, 1); + } else { + data = ASN1_STRING_data(str); + data_len = ASN1_STRING_length(str); + add_ascii_assoc_utf8_stringl(val, key, (char*)data, data_len, 1); + } } /* }}} */ @@ -443,13 +455,15 @@ req-config_filename, req-var, req-req_config TSRMLS_CC) == FAILURE) return FAILURE #define SET_OPTIONAL_STRING_ARG(key, varname, defval) \ - if (optional_args zend_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)item) == SUCCESS) \ + if (optional_args zend_ascii_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)item) == SUCCESS) { \ + convert_to_string_ex(item); \ varname = Z_STRVAL_PP(item); \ - else \ - varname = defval + } else \ + varname = defval; + #define SET_OPTIONAL_LONG_ARG(key, varname, defval)\ - if (optional_args zend_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)item) == SUCCESS) \ + if (optional_args zend_ascii_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)item) == SUCCESS) \ varname = Z_LVAL_PP(item); \ else \ varname = defval @@ -985,8 +999,11 @@ char * tmpstr; zval * subitem; X509_EXTENSION *extension; - ASN1_OCTET_STRING *extdata; char *extname; + BIO *bio_out; + BUF_MEM *bio_buf; + char buf[256]; + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z|b, zcert, useshortnames) == FAILURE) { return; @@ -998,37 +1015,37 @@ array_init(return_value); if (cert-name) { -
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
dmitry Tue Jul 10 07:57:15 2007 UTC Modified files: /php-src/ext/opensslopenssl.c Log: Fixed bug #41353 http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.141r2=1.142diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.141 php-src/ext/openssl/openssl.c:1.142 --- php-src/ext/openssl/openssl.c:1.141 Wed Jun 20 05:27:38 2007 +++ php-src/ext/openssl/openssl.c Tue Jul 10 07:57:15 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.141 2007/06/20 05:27:38 pajoye Exp $ */ +/* $Id: openssl.c,v 1.142 2007/07/10 07:57:15 dmitry Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1559,7 +1559,7 @@ BIO * bio_in = NULL; int i; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, szs, zp12, zout, pass, pass_len) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, szs, zp12, zp12_len, zout, pass, pass_len) == FAILURE) { return; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Wed Jun 20 05:27:38 2007 UTC Modified files: /php-src/ext/opensslopenssl.c Log: - MFB: Fixed a memory leak inside load_all_certs_file() http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.140r2=1.141diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.140 php-src/ext/openssl/openssl.c:1.141 --- php-src/ext/openssl/openssl.c:1.140 Mon May 28 23:33:13 2007 +++ php-src/ext/openssl/openssl.c Wed Jun 20 05:27:38 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.140 2007/05/28 23:33:13 iliaa Exp $ */ +/* $Id: openssl.c,v 1.141 2007/06/20 05:27:38 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1095,17 +1095,20 @@ } if (php_check_open_basedir(certfile TSRMLS_CC)) { + sk_X509_free(stack); goto end; } if(!(in=BIO_new_file(certfile, r))) { php_error_docref(NULL TSRMLS_CC, E_WARNING, error opening the file, %s, certfile); + sk_X509_free(stack); goto end; } /* This loads from a file, a stack of x509/crl/pkey sets */ if(!(sk=PEM_X509_INFO_read_bio(in, NULL, NULL, NULL))) { php_error_docref(NULL TSRMLS_CC, E_WARNING, error reading the file, %s, certfile); + sk_X509_free(stack); goto end; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Mon May 28 13:53:54 2007 UTC Modified files: /php-src/ext/opensslopenssl.c Log: - MFB: enable DSA key if HAVE_DSA_DEFAULT_METHOD is set http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.138r2=1.139diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.138 php-src/ext/openssl/openssl.c:1.139 --- php-src/ext/openssl/openssl.c:1.138 Sat May 19 22:04:27 2007 +++ php-src/ext/openssl/openssl.c Mon May 28 13:53:54 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.138 2007/05/19 22:04:27 pajoye Exp $ */ +/* $Id: openssl.c,v 1.139 2007/05/28 13:53:54 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -2399,7 +2399,7 @@ return_val = req-priv_key; } break; -#ifndef NO_DSA +#if !defined(NO_DSA) defined(HAVE_DSA_DEFAULT_METHOD) case OPENSSL_KEYTYPE_DSA: { DSA *dsapar = DSA_generate_parameters(req-priv_key_bits, NULL, 0, NULL, NULL, NULL, NULL); @@ -3278,7 +3278,7 @@ case EVP_PKEY_RSA: case EVP_PKEY_RSA2: cryptedlen = RSA_private_decrypt(data_len, - (char *)data, + (unsigned char *)data, crypttemp, pkey-pkey.rsa, padding); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Sat May 19 22:04:28 2007 UTC Modified files: /php-src/ext/opensslopenssl.c Log: - #41423, PHP assumes wrongly that certain ciphers are enabled in OpenSSL http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.137r2=1.138diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.137 php-src/ext/openssl/openssl.c:1.138 --- php-src/ext/openssl/openssl.c:1.137 Thu Apr 5 18:09:48 2007 +++ php-src/ext/openssl/openssl.c Sat May 19 22:04:27 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.137 2007/04/05 18:09:48 rrichards Exp $ */ +/* $Id: openssl.c,v 1.138 2007/05/19 22:04:27 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -693,11 +693,15 @@ REGISTER_LONG_CONSTANT(OPENSSL_PKCS1_OAEP_PADDING, RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT); /* Ciphers */ +#ifndef OPENSSL_NO_RC2 REGISTER_LONG_CONSTANT(OPENSSL_CIPHER_RC2_40, PHP_OPENSSL_CIPHER_RC2_40, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT(OPENSSL_CIPHER_RC2_128, PHP_OPENSSL_CIPHER_RC2_128, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT(OPENSSL_CIPHER_RC2_64, PHP_OPENSSL_CIPHER_RC2_64, CONST_CS|CONST_PERSISTENT); +#endif +#ifndef OPENSSL_NO_DES REGISTER_LONG_CONSTANT(OPENSSL_CIPHER_DES, PHP_OPENSSL_CIPHER_DES, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT(OPENSSL_CIPHER_3DES, PHP_OPENSSL_CIPHER_3DES, CONST_CS|CONST_PERSISTENT); +#endif /* Values for key types */ REGISTER_LONG_CONSTANT(OPENSSL_KEYTYPE_RSA, OPENSSL_KEYTYPE_RSA, CONST_CS|CONST_PERSISTENT); @@ -2930,6 +2934,7 @@ /* sanity check the cipher */ switch (cipherid) { +#ifndef OPENSSL_NO_RC2 case PHP_OPENSSL_CIPHER_RC2_40: cipher = EVP_rc2_40_cbc(); break; @@ -2939,12 +2944,17 @@ case PHP_OPENSSL_CIPHER_RC2_128: cipher = EVP_rc2_cbc(); break; +#endif + +#ifndef OPENSSL_NO_DES case PHP_OPENSSL_CIPHER_DES: cipher = EVP_des_cbc(); break; case PHP_OPENSSL_CIPHER_3DES: cipher = EVP_des_ede3_cbc(); break; +#endif + default: php_error_docref(NULL TSRMLS_CC, E_WARNING, Invalid cipher type `%ld', cipherid); goto clean_exit; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c php_openssl.h /ext/openssl/tests 005.phpt
tony2001Thu Apr 5 07:24:21 2007 UTC Modified files: /php-src/ext/opensslopenssl.c php_openssl.h /php-src/ext/openssl/tests 005.phpt Log: fix build test improve coding style http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.135r2=1.136diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.135 php-src/ext/openssl/openssl.c:1.136 --- php-src/ext/openssl/openssl.c:1.135 Wed Apr 4 21:39:01 2007 +++ php-src/ext/openssl/openssl.c Thu Apr 5 07:24:21 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.135 2007/04/04 21:39:01 pajoye Exp $ */ +/* $Id: openssl.c,v 1.136 2007/04/05 07:24:21 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -44,6 +44,7 @@ #include openssl/conf.h #include openssl/rand.h #include openssl/ssl.h +#include openssl/pkcs12.h #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 @@ -1308,7 +1309,7 @@ /* {{{ x509 CSR functions */ -static void php_sk_X509_free(STACK_OF(X509) * sk) +static void php_sk_X509_free(STACK_OF(X509) * sk) /* {{{ */ { for (;;) { X509* x = sk_X509_pop(sk); @@ -1317,8 +1318,9 @@ } sk_X509_free(sk); } +/* }}} */ -static STACK_OF(X509) * php_array_to_X509_sk(zval ** zcerts) +static STACK_OF(X509) * php_array_to_X509_sk(zval ** zcerts TSRMLS_DC) /* {{{ */ { HashPosition hpos; zval ** zcertval; @@ -1370,6 +1372,7 @@ clean_exit: return sk; } +/* }}} */ /* {{{ proto bool openssl_pkcs12_export_to_file(mixed x509, string filename, mixed priv_key, string pass[, array args]) Creates and exports a PKCS to file */ @@ -1389,8 +1392,9 @@ zval ** item; STACK_OF(X509) *ca = NULL; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zszs|a, zcert, filename, filename_len, zpkey, pass, pass_len, args) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zszs|a, zcert, filename, filename_len, zpkey, pass, pass_len, args) == FAILURE) { return; + } RETVAL_FALSE; @@ -1408,21 +1412,23 @@ php_error_docref(NULL TSRMLS_CC, E_WARNING, private key does not correspond to cert); goto cleanup; } - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_check_open_basedir(filename TSRMLS_CC)) { goto cleanup; } /* parse extra config from args array, promote this to an extra function */ - if (args zend_hash_find(Z_ARRVAL_P(args), friendly_name, sizeof(friendly_name), (void**)item) == SUCCESS) + if (args zend_hash_find(Z_ARRVAL_P(args), friendly_name, sizeof(friendly_name), (void**)item) == SUCCESS) { friendly_name = Z_STRVAL_PP(item); + } /* certpbe (default RC2-40) keypbe (default 3DES) friendly_caname */ - if (args zend_hash_find(Z_ARRVAL_P(args), extracerts, sizeof(extracerts), (void**)item) == SUCCESS) - ca = php_array_to_X509_sk(item); + if (args zend_hash_find(Z_ARRVAL_P(args), extracerts, sizeof(extracerts), (void**)item) == SUCCESS) { + ca = php_array_to_X509_sk(item TSRMLS_CC); + } /* end parse extra config */ /* @@ -1473,8 +1479,9 @@ zval ** item; STACK_OF(X509) *ca = NULL; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zzzs|a, zcert, zout, zpkey, pass, pass_len, args) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zzzs|a, zcert, zout, zpkey, pass, pass_len, args) == FAILURE) { return; + } RETVAL_FALSE; @@ -1494,11 +1501,13 @@ } /* parse extra config from args array, promote this to an extra function */ - if (args zend_hash_find(Z_ARRVAL_P(args), friendly_name, sizeof(friendly_name), (void**)item) == SUCCESS) + if (args zend_hash_find(Z_ARRVAL_P(args), friendly_name, sizeof(friendly_name), (void**)item) == SUCCESS) { friendly_name = Z_STRVAL_PP(item); + } - if (args zend_hash_find(Z_ARRVAL_P(args), extracerts, sizeof(extracerts), (void**)item) == SUCCESS) - ca = php_array_to_X509_sk(item); + if (args zend_hash_find(Z_ARRVAL_P(args), extracerts, sizeof(extracerts), (void**)item) == SUCCESS) { + ca = php_array_to_X509_sk(item TSRMLS_CC); + } /* end parse extra config */ p12 = PKCS12_create(pass, friendly_name, priv_key, cert, ca, 0, 0, 0, 0, 0); @@ -1543,8 +1552,9 @@ BIO * bio_in = NULL; int i; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zzs, zp12, zout, pass, pass_len) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zzs, zp12, zout, pass, pass_len) ==
RE: [PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 005.phpt 005_crt.txt
1) HEAD is broken. 2) PHP_5_2 ZTS build is broken too. 3) ext/openssl/test/stests/005.phpt is broken. Dmitry. -Original Message- From: Pierre-Alain Joye [mailto:[EMAIL PROTECTED] Sent: Thursday, April 05, 2007 1:39 AM To: php-cvs@lists.php.net Subject: [PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 005.phpt 005_crt.txt pajoyeWed Apr 4 21:39:01 2007 UTC Added files: /php-src/ext/openssl/tests005_crt.txt Modified files: /php-src/ext/openssl openssl.c /php-src/ext/openssl/tests005.phpt Log: - MFB: - implement #39867, PKCS#12 support - Fix possible multibyte issues issue in the add_assoc function - add test for openssl_csr_get_subject -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
rrichards Thu Apr 5 18:09:48 2007 UTC Modified files: /php-src/ext/opensslopenssl.c Log: fix win32 build http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.136r2=1.137diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.136 php-src/ext/openssl/openssl.c:1.137 --- php-src/ext/openssl/openssl.c:1.136 Thu Apr 5 07:24:21 2007 +++ php-src/ext/openssl/openssl.c Thu Apr 5 18:09:48 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.136 2007/04/05 07:24:21 tony2001 Exp $ */ +/* $Id: openssl.c,v 1.137 2007/04/05 18:09:48 rrichards Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1565,11 +1565,10 @@ if(d2i_PKCS12_bio(bio_in, p12)) { if(PKCS12_parse(p12, pass, pkey, cert, ca)) { + BIO * bio_out; zval_dtor(zout); array_init(zout); - - BIO * bio_out; bio_out = BIO_new(BIO_s_mem()); if (PEM_write_bio_X509(bio_out, cert)) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 005.phpt bug38261.phpt
rrichards Fri Jan 19 19:23:20 2007 UTC Added files: /php-src/ext/openssl/tests 005.phpt Modified files: /php-src/ext/opensslopenssl.c /php-src/ext/openssl/tests bug38261.phpt Log: fix accessing public key from x509 resource add test fix test under win32 http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.132r2=1.133diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.132 php-src/ext/openssl/openssl.c:1.133 --- php-src/ext/openssl/openssl.c:1.132 Mon Jan 1 09:29:26 2007 +++ php-src/ext/openssl/openssl.c Fri Jan 19 19:23:20 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.132 2007/01/01 09:29:26 sebastian Exp $ */ +/* $Id: openssl.c,v 1.133 2007/01/19 19:23:20 rrichards Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1945,11 +1945,10 @@ /* got the key - return it */ return (EVP_PKEY*)what; } + } else { + /* other types could be used here - eg: file pointers and read in the data from them */ + TMP_CLEAN; } - - /* other types could be used here - eg: file pointers and read in the data from them */ - - TMP_CLEAN; } else { /* force it to be a string and check if it refers to a file */ /* passing non string values leaks, object uses toString, it returns NULL http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug38261.phpt?r1=1.2r2=1.3diff_format=u Index: php-src/ext/openssl/tests/bug38261.phpt diff -u php-src/ext/openssl/tests/bug38261.phpt:1.2 php-src/ext/openssl/tests/bug38261.phpt:1.3 --- php-src/ext/openssl/tests/bug38261.phpt:1.2 Sun Jul 30 16:27:02 2006 +++ php-src/ext/openssl/tests/bug38261.phpt Fri Jan 19 19:23:20 2007 @@ -27,8 +27,8 @@ bool(false) bool(false) -Warning: openssl_x509_parse() expects at least 1 parameter, 0 given in %s/bug38261.php on line %d +Warning: openssl_x509_parse() expects at least 1 parameter, 0 given in %sbug38261.php on line %d NULL bool(false) -Catchable fatal error: Object of class stdClass could not be converted to string in %s/bug38261.php on line %d +Catchable fatal error: Object of class stdClass could not be converted to string in %sbug38261.php on line %d http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/005.phpt?view=markuprev=1.1 Index: php-src/ext/openssl/tests/005.phpt +++ php-src/ext/openssl/tests/005.phpt --TEST-- openSSL: read public key from x.509 resource --SKIPIF-- ?php if (!extension_loaded(openssl)) die(skip); ? --FILE-- ?php $dir = dirname(__FILE__); $file_pub = $dir . '/bug37820cert.pem'; $file_key = $dir . '/bug37820key.pem'; $priv_key = file_get_contents($file_key); $priv_key_id = openssl_get_privatekey($priv_key); $x509 = openssl_x509_read(file_get_contents($file_pub)); $pub_key_id = openssl_get_publickey($x509); $data = some custom data; if (!openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_MD5)) { echo openssl_sign failed.; } $ok = openssl_verify($data, $signature, $pub_key_id, OPENSSL_ALGO_MD5); if ($ok == 1) { echo Ok; } elseif ($ok == 0) { echo openssl_verify failed.; } ? --EXPECTF-- Ok -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Fri Oct 20 23:21:06 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: fix #39217 (serialNumber is might be -1 when the value is too big) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.128r2=1.129diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.128 php-src/ext/openssl/openssl.c:1.129 --- php-src/ext/openssl/openssl.c:1.128 Sun Oct 15 21:10:09 2006 +++ php-src/ext/openssl/openssl.c Fri Oct 20 23:21:06 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.128 2006/10/15 21:10:09 tony2001 Exp $ */ +/* $Id: openssl.c,v 1.129 2006/10/20 23:21:06 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -367,6 +367,40 @@ } /* }}} */ +static void php_asn1_integer_to_string(ASN1_INTEGER *a, char **str, int *str_len TSRMLS_DC) /* {{{ */ +{ + int i; + static const char *h=0123456789ABCDEF; + zend_bool negative = 0; + + *str = NULL; + *str_len = 0; + + if (a == NULL) { + return; + } + + if (a-type V_ASN1_NEG) { + negative = 1; + } + + if (a-length == 0) { + *str_len = spprintf(str, 0, %s00, negative ? - : ); + } else { + *str_len = a-length*2 + negative; + *str = emalloc(*str_len + 1); + if (negative) { + (*str)[0] = '-'; + } + for (i=0; ia-length; i++) { + (*str)[i*2 + negative]=h[((unsigned char)a-data[i]4)0x0f]; + (*str)[i*2 + negative + 1]=h[((unsigned char)a-data[i])0x0f]; + } + (*str)[a-length*2 + negative] = '\0'; + } +} +/* }}} */ + static inline int php_openssl_config_check_syntax( const char * section_label, const char * config_filename, @@ -964,6 +998,8 @@ X509_EXTENSION *extension; ASN1_OCTET_STRING *extdata; char *extname; + char *serial; + int serial_len; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z|b, zcert, useshortnames) == FAILURE) { return; @@ -989,7 +1025,9 @@ add_assoc_name_entry(return_value, issuer, X509_get_issuer_name(cert), useshortnames TSRMLS_CC); add_assoc_long(return_value, version, X509_get_version(cert)); - add_assoc_long(return_value, serialNumber, ASN1_INTEGER_get(X509_get_serialNumber(cert))); + + php_asn1_integer_to_string(X509_get_serialNumber(cert), serial, serial_len TSRMLS_CC); + add_assoc_stringl(return_value, serialNumber, serial, serial_len, 0); add_assoc_asn1_string(return_value, validFrom, X509_get_notBefore(cert)); add_assoc_asn1_string(return_value, validTo, X509_get_notAfter(cert)); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug39217.phpt bug39217cert1.txt bug39217cert2.txt
pajoye Sat Oct 21 00:28:55 2006 UTC Added files: /php-src/ext/openssl/tests bug39217.phpt bug39217cert1.txt bug39217cert2.txt Modified files: /php-src/ext/opensslopenssl.c Log: - #39217, use openssl i2s_ASN1_INTEGER to get a string representation of the integer (large or not). It also keeps BC by using only decimal fmt - add test http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.129r2=1.130diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.129 php-src/ext/openssl/openssl.c:1.130 --- php-src/ext/openssl/openssl.c:1.129 Fri Oct 20 23:21:06 2006 +++ php-src/ext/openssl/openssl.c Sat Oct 21 00:28:55 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.129 2006/10/20 23:21:06 tony2001 Exp $ */ +/* $Id: openssl.c,v 1.130 2006/10/21 00:28:55 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -367,40 +367,6 @@ } /* }}} */ -static void php_asn1_integer_to_string(ASN1_INTEGER *a, char **str, int *str_len TSRMLS_DC) /* {{{ */ -{ - int i; - static const char *h=0123456789ABCDEF; - zend_bool negative = 0; - - *str = NULL; - *str_len = 0; - - if (a == NULL) { - return; - } - - if (a-type V_ASN1_NEG) { - negative = 1; - } - - if (a-length == 0) { - *str_len = spprintf(str, 0, %s00, negative ? - : ); - } else { - *str_len = a-length*2 + negative; - *str = emalloc(*str_len + 1); - if (negative) { - (*str)[0] = '-'; - } - for (i=0; ia-length; i++) { - (*str)[i*2 + negative]=h[((unsigned char)a-data[i]4)0x0f]; - (*str)[i*2 + negative + 1]=h[((unsigned char)a-data[i])0x0f]; - } - (*str)[a-length*2 + negative] = '\0'; - } -} -/* }}} */ - static inline int php_openssl_config_check_syntax( const char * section_label, const char * config_filename, @@ -998,8 +964,6 @@ X509_EXTENSION *extension; ASN1_OCTET_STRING *extdata; char *extname; - char *serial; - int serial_len; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z|b, zcert, useshortnames) == FAILURE) { return; @@ -1026,8 +990,7 @@ add_assoc_name_entry(return_value, issuer, X509_get_issuer_name(cert), useshortnames TSRMLS_CC); add_assoc_long(return_value, version, X509_get_version(cert)); - php_asn1_integer_to_string(X509_get_serialNumber(cert), serial, serial_len TSRMLS_CC); - add_assoc_stringl(return_value, serialNumber, serial, serial_len, 0); + add_assoc_string(return_value, serialNumber, i2s_ASN1_INTEGER(NULL, X509_get_serialNumber(cert)), 1); add_assoc_asn1_string(return_value, validFrom, X509_get_notBefore(cert)); add_assoc_asn1_string(return_value, validTo, X509_get_notAfter(cert)); http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug39217.phpt?view=markuprev=1.1 Index: php-src/ext/openssl/tests/bug39217.phpt +++ php-src/ext/openssl/tests/bug39217.phpt --TEST-- #39217, Large serial number return -1 --SKIPIF-- ?php if (!extension_loaded(openssl)) die(skip); ? --FILE-- ?php $dir = dirname(__FILE__); $certs = array('bug39217cert2.txt', 'bug39217cert1.txt'); foreach($certs as $cert) { $res = openssl_x509_parse(file_get_contents($dir . '/' . $cert)); print_r($res['serialNumber']); echo \n; } ? --EXPECTF-- 163040343498260435477161879008842183802 15 http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug39217cert1.txt?view=markuprev=1.1 Index: php-src/ext/openssl/tests/bug39217cert1.txt +++ php-src/ext/openssl/tests/bug39217cert1.txt -BEGIN CERTIFICATE- MIICvzCCAiigAwIBAgIBDzANBgkqhkiG9w0BAQUFADBbMRkwFwYDVQQKExBET0Ug U2NpZW5jZSBHcmlkMSAwHgYDVQQLExdDZXJ0aWZpY2F0ZSBBdXRob3JpdGllczEc MBoGA1UEAxMTQ2VydGlmaWNhdGUgTWFuYWdlcjAeFw0wMDA4MjkyMjI4MDJaFw0w MTA4MjkyMjI4MDJaMHgxDTALBgNVBAoTBEdyaWQxLjAsBgNVBAoTJUxhd3JlbmNl IEJlcmtlbGV5IE5hdGlvbmFsIExhYm9yYXRvcnkxIDAeBgNVBAsTF0NlcnRpZmlj YXRlIEF1dGhvcml0aWVzMRUwEwYDVQQDEwxMQk5MLUdyaWQtQ0EwgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAL2t4aX933WXYlofuY+L+16Tdl/KxpAammyfcW8u kHHT6RYDjaQdfV1FpNEqfSrRjKNwGGGkrG4XHZWiUO0Di0AlBN04lsRY6jB68l6B 5byujfZv+8EeCI2c1ObBLYZYi4lToJf0sm0Hpn3GD7PZBv6BVHLOuwEFDl9z9Dnc DFDdAgMBAAGjdjB0MBEGCWCGSAGG+EIBAQQEAwIAhzAOBgNVHQ8BAf8EBAMCAcYw HQYDVR0OBBYEFIn+csPVyp+iprpYUIu1SziMQiDxMA8GA1UdEwEB/wQFMAMBAf8w HwYDVR0jBBgwFoAUm85P8ry9WHAx1fIyDn6eveJRFOcwDQYJKoZIhvcNAQEFBQAD gYEAHindWQ4P4VUmJVt5sUGA05hSAZriDJDDnkvkm/9AR7xgGxtsy21QruhUVe2E eVFBws85zbwRqMpfUQyE/xHhUcka2GQTaKlBlcEjZTMnsh27Si2PMYU/UPr/PIpq
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Sat Oct 21 00:42:59 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: - add signature_algo to the function signature http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.130r2=1.131diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.130 php-src/ext/openssl/openssl.c:1.131 --- php-src/ext/openssl/openssl.c:1.130 Sat Oct 21 00:28:55 2006 +++ php-src/ext/openssl/openssl.c Sat Oct 21 00:42:59 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.130 2006/10/21 00:28:55 pajoye Exp $ */ +/* $Id: openssl.c,v 1.131 2006/10/21 00:42:59 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -3146,7 +3146,7 @@ } /* }}} */ -/* {{{ proto int openssl_verify(string data, string signature, mixed key) +/* {{{ proto int openssl_verify(string data, string signature, mixed key [, int signature_algo]) Verifys data */ PHP_FUNCTION(openssl_verify) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Sun Oct 15 21:10:10 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: fix compile warning http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.127r2=1.128diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.127 php-src/ext/openssl/openssl.c:1.128 --- php-src/ext/openssl/openssl.c:1.127 Mon Oct 9 14:43:52 2006 +++ php-src/ext/openssl/openssl.c Sun Oct 15 21:10:09 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.127 2006/10/09 14:43:52 bjori Exp $ */ +/* $Id: openssl.c,v 1.128 2006/10/15 21:10:09 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1045,7 +1045,7 @@ for (i = 0; i X509_get_ext_count(cert); i++) { extension = X509_get_ext(cert, i); extdata = X509_EXTENSION_get_data(extension); - extname = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); + extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); add_assoc_asn1_string(subitem, extname, extdata); } add_assoc_zval(return_value, extensions, subitem); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c php_openssl.h
bjori Mon Oct 9 14:43:52 2006 UTC Modified files: /php-src/ext/opensslopenssl.c php_openssl.h Log: MFB5.2 Constants: - OPENSSL_VERSION_TEXT - OPENSSL_VERSION_NUMBER - OPENSSL_KEYTYPE_EC Functions: - openssl_pkey_get_details() - openssl_csr_get_subject() - openssl_csr_get_public_key http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.126r2=1.127diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.126 php-src/ext/openssl/openssl.c:1.127 --- php-src/ext/openssl/openssl.c:1.126 Mon Oct 9 00:06:40 2006 +++ php-src/ext/openssl/openssl.c Mon Oct 9 14:43:52 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.126 2006/10/09 00:06:40 pajoye Exp $ */ +/* $Id: openssl.c,v 1.127 2006/10/09 14:43:52 bjori Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -60,11 +60,19 @@ ZEND_ARG_PASS_INFO(1) ZEND_END_ARG_INFO(); +/* FIXME: Use the openssl constants instead of + * enum. It is now impossible to match real values + * against php constants. Also sorry to break the + * enum principles here, BC... + */ enum php_openssl_key_type { OPENSSL_KEYTYPE_RSA, OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DH, - OPENSSL_KEYTYPE_DEFAULT = OPENSSL_KEYTYPE_RSA + OPENSSL_KEYTYPE_DEFAULT = OPENSSL_KEYTYPE_RSA, +#ifdef EVP_PKEY_EC + OPENSSL_KEYTYPE_EC = OPENSSL_KEYTYPE_DH +1 +#endif }; enum php_openssl_cipher_type { @@ -87,6 +95,7 @@ PHP_FE(openssl_pkey_export_to_file, NULL) PHP_FE(openssl_pkey_get_private,NULL) PHP_FE(openssl_pkey_get_public, NULL) + PHP_FE(openssl_pkey_get_details,NULL) PHP_FALIAS(openssl_free_key,openssl_pkey_free, NULL) PHP_FALIAS(openssl_get_privatekey, openssl_pkey_get_private, NULL) @@ -106,6 +115,8 @@ PHP_FE(openssl_csr_export, second_arg_force_ref) PHP_FE(openssl_csr_export_to_file, NULL) PHP_FE(openssl_csr_sign,NULL) + PHP_FE(openssl_csr_get_subject, NULL) + PHP_FE(openssl_csr_get_public_key, NULL) PHP_FE(openssl_sign,second_arg_force_ref) PHP_FE(openssl_verify, NULL) @@ -227,9 +238,13 @@ ASN1_STRING * str = NULL; ASN1_OBJECT * obj; - MAKE_STD_ZVAL(subitem); - array_init(subitem); - + if (key != NULL) { + MAKE_STD_ZVAL(subitem); + array_init(subitem); + } else { + subitem = val; + } + for (i = 0; i X509_NAME_entry_count(name); i++) { ne = X509_NAME_get_entry(name, i); obj = X509_NAME_ENTRY_get_object(ne); @@ -270,7 +285,9 @@ } } } - zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void *)subitem, sizeof(subitem), NULL); + if (key != NULL) { + zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void *)subitem, sizeof(subitem), NULL); + } } /* }}} */ @@ -620,6 +637,9 @@ * openSSL callbacks */ ssl_stream_data_index = SSL_get_ex_new_index(0, PHP stream index, NULL, NULL, NULL); + REGISTER_STRING_CONSTANT(OPENSSL_VERSION_TEXT, OPENSSL_VERSION_TEXT, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT(OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_NUMBER, CONST_CS|CONST_PERSISTENT); + /* purposes for cert purpose checking */ REGISTER_LONG_CONSTANT(X509_PURPOSE_SSL_CLIENT, X509_PURPOSE_SSL_CLIENT, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT(X509_PURPOSE_SSL_SERVER, X509_PURPOSE_SSL_SERVER, CONST_CS|CONST_PERSISTENT); @@ -666,6 +686,9 @@ REGISTER_LONG_CONSTANT(OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DSA, CONST_CS|CONST_PERSISTENT); #endif REGISTER_LONG_CONSTANT(OPENSSL_KEYTYPE_DH, OPENSSL_KEYTYPE_DH, CONST_CS|CONST_PERSISTENT); +#ifdef EVP_PKEY_EC + REGISTER_LONG_CONSTANT(OPENSSL_KEYTYPE_EC, OPENSSL_KEYTYPE_EC, CONST_CS|CONST_PERSISTENT); +#endif /* Determine default SSL configuration file */ config_filename = getenv(OPENSSL_CONF); @@ -1507,8 +1530,6 @@ } /* }}} */ - - /* {{{ proto bool openssl_csr_export(resource csr, string out [, bool notext=true]) Exports a CSR to file or a var */ PHP_FUNCTION(openssl_csr_export) @@ -1770,6 +1791,61 @@ } /* }}} */ +/* {{{ proto mixed openssl_csr_get_subject(mixed csr) + Returns the subject of a CERT or FALSE on error */ +PHP_FUNCTION(openssl_csr_get_subject) +{ + zval * zcsr; + zend_bool use_shortnames = 1; + long csr_resource; + X509_NAME * subject; + X509_REQ * csr; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, z|b, zcsr, use_shortnames) ==
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Mon Oct 9 00:06:40 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: - MFB: fix possible segfault (see test 004) always exists and returns NULL on error (thx Bjori for the head up) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.125r2=1.126diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.125 php-src/ext/openssl/openssl.c:1.126 --- php-src/ext/openssl/openssl.c:1.125 Sun Oct 8 13:34:23 2006 +++ php-src/ext/openssl/openssl.c Mon Oct 9 00:06:40 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.125 2006/10/08 13:34:23 bjori Exp $ */ +/* $Id: openssl.c,v 1.126 2006/10/09 00:06:40 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1801,8 +1801,8 @@ #define TMP_CLEAN \ if (Z_TYPE(tmp) == IS_STRING) {\ zval_dtor(tmp); \ - return NULL; \ - } + } \ + return NULL; if (resourceval) { *resourceval = -1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
nlopess Sat Sep 16 12:05:42 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: MFB http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.123r2=1.124diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.123 php-src/ext/openssl/openssl.c:1.124 --- php-src/ext/openssl/openssl.c:1.123 Tue Sep 12 10:53:50 2006 +++ php-src/ext/openssl/openssl.c Sat Sep 16 12:05:42 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.123 2006/09/12 10:53:50 tony2001 Exp $ */ +/* $Id: openssl.c,v 1.124 2006/09/16 12:05:42 nlopess Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1022,7 +1022,7 @@ for (i = 0; i X509_get_ext_count(cert); i++) { extension = X509_get_ext(cert, i); extdata = X509_EXTENSION_get_data(extension); - extname = strdup(OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension; + extname = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); add_assoc_asn1_string(subitem, extname, extdata); } add_assoc_zval(return_value, extensions, subitem); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Tue Sep 12 10:53:51 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: remove a leftover http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.122r2=1.123diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.122 php-src/ext/openssl/openssl.c:1.123 --- php-src/ext/openssl/openssl.c:1.122 Fri Sep 8 20:09:07 2006 +++ php-src/ext/openssl/openssl.c Tue Sep 12 10:53:50 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.122 2006/09/08 20:09:07 tony2001 Exp $ */ +/* $Id: openssl.c,v 1.123 2006/09/12 10:53:50 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1816,7 +1816,7 @@ php_error_docref(NULL TSRMLS_CC, E_WARNING, key array must be of the form array(0 = key, 1 = phrase)); TMP_CLEAN; } - //convert_to_string_ex(zphrase); + if (Z_TYPE_PP(zphrase) == IS_STRING) { passphrase = Z_STRVAL_PP(zphrase); } else { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Fri Sep 8 20:09:08 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: implement feature request #38731 (openssl_pkey_new does not support DSA key generation) patch by marci at balabit dot hu http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.121r2=1.122diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.121 php-src/ext/openssl/openssl.c:1.122 --- php-src/ext/openssl/openssl.c:1.121 Thu Sep 7 14:16:53 2006 +++ php-src/ext/openssl/openssl.c Fri Sep 8 20:09:07 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.121 2006/09/07 14:16:53 iliaa Exp $ */ +/* $Id: openssl.c,v 1.122 2006/09/08 20:09:07 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1963,9 +1963,27 @@ if ((req-priv_key = EVP_PKEY_new()) != NULL) { switch(req-priv_key_type) { case OPENSSL_KEYTYPE_RSA: - if (EVP_PKEY_assign_RSA(req-priv_key, RSA_generate_key(req-priv_key_bits, 0x10001, NULL, NULL))) + if (EVP_PKEY_assign_RSA(req-priv_key, RSA_generate_key(req-priv_key_bits, 0x10001, NULL, NULL))) { return_val = req-priv_key; + } + break; +#ifndef NO_DSA + case OPENSSL_KEYTYPE_DSA: + { + DSA *dsapar = DSA_generate_parameters(req-priv_key_bits, NULL, 0, NULL, NULL, NULL, NULL); + if (dsapar) { + DSA_set_method(dsapar, DSA_get_default_method()); + if (DSA_generate_key(dsapar)) { + if (EVP_PKEY_assign_DSA(req-priv_key, dsapar)) { + return_val = req-priv_key; + } + } else { + DSA_free(dsapar); + } + } + } break; +#endif default: php_error_docref(NULL TSRMLS_CC, E_WARNING, Unsupported private key type); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
iliaa Thu Sep 7 14:16:53 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: MFB: Fixed memory leaks in openssl test #004 http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.120r2=1.121diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.120 php-src/ext/openssl/openssl.c:1.121 --- php-src/ext/openssl/openssl.c:1.120 Tue Sep 5 13:59:07 2006 +++ php-src/ext/openssl/openssl.c Thu Sep 7 14:16:53 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.120 2006/09/05 13:59:07 tony2001 Exp $ */ +/* $Id: openssl.c,v 1.121 2006/09/07 14:16:53 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1746,6 +1746,7 @@ if (we_made_the_key) { /* and a resource for the private key */ + zval_dtor(out_pkey); ZVAL_RESOURCE(out_pkey, zend_list_insert(req.priv_key, le_key)); req.priv_key = NULL; /* make sure the cleanup code doesn't zap it! */ } else if (key_resource != -1) { @@ -1793,7 +1794,16 @@ int free_cert = 0; long cert_res = -1; char * filename = NULL; - + zval tmp; + + Z_TYPE(tmp) = IS_NULL; + +#define TMP_CLEAN \ + if (Z_TYPE(tmp) == IS_STRING) {\ + zval_dtor(tmp); \ + return NULL; \ + } + if (resourceval) { *resourceval = -1; } @@ -1804,15 +1814,21 @@ if (zend_hash_index_find(HASH_OF(*val), 1, (void **)zphrase) == FAILURE) { php_error_docref(NULL TSRMLS_CC, E_WARNING, key array must be of the form array(0 = key, 1 = phrase)); - return NULL; + TMP_CLEAN; + } + //convert_to_string_ex(zphrase); + if (Z_TYPE_PP(zphrase) == IS_STRING) { + passphrase = Z_STRVAL_PP(zphrase); + } else { + tmp = **zphrase; + zval_copy_ctor(tmp); + passphrase = Z_STRVAL(tmp); } - convert_to_string_ex(zphrase); - passphrase = Z_STRVAL_PP(zphrase); /* now set val to be the key param and continue */ if (zend_hash_index_find(HASH_OF(*val), 0, (void **)val) == FAILURE) { php_error_docref(NULL TSRMLS_CC, E_WARNING, key array must be of the form array(0 = key, 1 = phrase)); - return NULL; + TMP_CLEAN; } } @@ -1822,7 +1838,7 @@ what = zend_fetch_resource(val TSRMLS_CC, -1, OpenSSL X.509/key, type, 2, le_x509, le_key); if (!what) { - return NULL; + TMP_CLEAN; } if (resourceval) { *resourceval = Z_LVAL_PP(val); @@ -1839,13 +1855,16 @@ /* check whether it is actually a private key if requested */ if (!public_key !is_priv) { php_error_docref(NULL TSRMLS_CC, E_WARNING, supplied key param is a public key); - return NULL; + TMP_CLEAN; } if (public_key is_priv) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Don't know how to get public key from this private key); - return NULL; + TMP_CLEAN; } else { + if (Z_TYPE(tmp) == IS_STRING) { + zval_dtor(tmp); + } /* got the key - return it */ return (EVP_PKEY*)what; } @@ -1853,14 +1872,14 @@ /* other types could be used here - eg: file pointers and read in the data from them */ - return NULL; + TMP_CLEAN; } else { /* force it to be a string and check if it refers to a file */ /* passing non string values leaks, object uses toString, it returns NULL * bug38255.phpt */ if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) { - return NULL; + TMP_CLEAN; } convert_to_string_ex(val); @@ -1881,7 +1900,7 @@ in =
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Tue Sep 5 13:59:07 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: init variables http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.119r2=1.120diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.119 php-src/ext/openssl/openssl.c:1.120 --- php-src/ext/openssl/openssl.c:1.119 Thu Aug 31 13:47:31 2006 +++ php-src/ext/openssl/openssl.c Tue Sep 5 13:59:07 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.119 2006/08/31 13:47:31 tony2001 Exp $ */ +/* $Id: openssl.c,v 1.120 2006/09/05 13:59:07 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1302,8 +1302,8 @@ /* apply values from the dn hash */ zend_hash_internal_pointer_reset_ex(HASH_OF(dn), hpos); while(zend_hash_get_current_data_ex(HASH_OF(dn), (void**)item, hpos) == SUCCESS) { - zstr strindex; - uint strindexlen; + zstr strindex = NULL_ZSTR; + uint strindexlen = 0; ulong intindex; zend_hash_get_current_key_ex(HASH_OF(dn), strindex, strindexlen, intindex, 0, hpos); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Thu Aug 31 13:47:31 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: fix problem with mixed arguments accepted as zval* causing leaks/segfaults when converting to other types http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.118r2=1.119diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.118 php-src/ext/openssl/openssl.c:1.119 --- php-src/ext/openssl/openssl.c:1.118 Wed Aug 30 21:50:28 2006 +++ php-src/ext/openssl/openssl.c Thu Aug 31 13:47:31 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.118 2006/08/30 21:50:28 tony2001 Exp $ */ +/* $Id: openssl.c,v 1.119 2006/08/31 13:47:31 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -773,7 +773,7 @@ } /* force it to be a string and check if it refers to a file */ - convert_to_string(*val); + convert_to_string_ex(val); if (Z_STRLEN_PP(val) 7 memcmp(Z_STRVAL_PP(val), file://, sizeof(file://) - 1) == 0) { /* read cert from the named file */ @@ -813,19 +813,19 @@ PHP_FUNCTION(openssl_x509_export_to_file) { X509 * cert; - zval * zcert = NULL; + zval ** zcert; zend_bool notext = 1; BIO * bio_out; long certresource; char * filename; int filename_len; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, rs|b, zcert, filename, filename_len, notext) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Zs|b, zcert, filename, filename_len, notext) == FAILURE) { return; } RETVAL_FALSE; - cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC); + cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC); if (cert == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, cannot get cert from parameter 1); return; @@ -858,17 +858,17 @@ PHP_FUNCTION(openssl_x509_export) { X509 * cert; - zval * zcert = NULL, *zout=NULL; + zval ** zcert, *zout; zend_bool notext = 1; BIO * bio_out; long certresource; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, rz|b, zcert, zout, notext) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Zz|b, zcert, zout, notext) == FAILURE) { return; } RETVAL_FALSE; - cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC); + cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC); if (cert == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, cannot get cert from parameter 1); return; @@ -899,21 +899,21 @@ Checks if a private key corresponds to a CERT */ PHP_FUNCTION(openssl_x509_check_private_key) { - zval * zcert, *zkey; + zval ** zcert, **zkey; X509 * cert = NULL; EVP_PKEY * key = NULL; long certresource = -1, keyresource = -1; RETVAL_FALSE; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zz, zcert, zkey) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ZZ, zcert, zkey) == FAILURE) { return; } - cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC); + cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC); if (cert == NULL) { RETURN_FALSE; } - key = php_openssl_evp_from_zval(zkey, 0, , 1, keyresource TSRMLS_CC); + key = php_openssl_evp_from_zval(zkey, 0, , 1, keyresource TSRMLS_CC); if (key) { RETVAL_BOOL(X509_check_private_key(cert, key)); } @@ -931,7 +931,7 @@ Returns an array of the fields/values of the CERT */ PHP_FUNCTION(openssl_x509_parse) { - zval * zcert; + zval ** zcert; X509 * cert = NULL; long certresource = -1; int i; @@ -942,10 +942,10 @@ ASN1_OCTET_STRING *extdata; char *extname; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, z|b, zcert, useshortnames) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z|b, zcert, useshortnames) == FAILURE) { return; } - cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC); + cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC); if (cert == NULL) { RETURN_FALSE; } @@ -1113,7 +1113,7 @@ Checks the CERT to see if it can be used for the purpose in purpose. cainfo holds information about trusted CAs */ PHP_FUNCTION(openssl_x509_checkpurpose) { - zval * zcert, * zcainfo = NULL; + zval ** zcert, * zcainfo = NULL; X509_STORE * cainfo = NULL; X509 * cert = NULL;
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 002.phpt
tony2001Wed Aug 30 20:49:45 2006 UTC Added files: /php-src/ext/openssl/tests 002.phpt Modified files: /php-src/ext/opensslopenssl.c Log: fix segfault in openssl_seal(), add test http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.116r2=1.117diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.116 php-src/ext/openssl/openssl.c:1.117 --- php-src/ext/openssl/openssl.c:1.116 Mon Jul 31 03:41:42 2006 +++ php-src/ext/openssl/openssl.c Wed Aug 30 20:49:44 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.116 2006/07/31 03:41:42 iliaa Exp $ */ +/* $Id: openssl.c,v 1.117 2006/08/30 20:49:44 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -3041,7 +3041,9 @@ pkeys = safe_emalloc(nkeys, sizeof(*pkeys), 0); eksl = safe_emalloc(nkeys, sizeof(*eksl), 0); eks = safe_emalloc(nkeys, sizeof(*eks), 0); + memset(eks, 0, sizeof(*eks) * nkeys); key_resources = safe_emalloc(nkeys, sizeof(long), 0); + memset(key_resources, 0, sizeof(*key_resources) * nkeys); /* get the public keys we are using to seal this data */ zend_hash_internal_pointer_reset_ex(pubkeysht, pos); http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/002.phpt?view=markuprev=1.1 Index: php-src/ext/openssl/tests/002.phpt +++ php-src/ext/openssl/tests/002.phpt --TEST-- openssl_seal() tests --SKIPIF-- ?php if (!extension_loaded(openssl)) print skip; ? --FILE-- ?php $a = 1; $b = array(1); $c = array(1); $d = array(1); var_dump(openssl_seal($a, $b, $c, $d)); var_dump(openssl_seal($a, $a, $a, array())); var_dump(openssl_seal($c, $c, $c, 1)); var_dump(openssl_seal($b, $b, $b, )); echo Done\n; ? --EXPECTF-- Warning: openssl_seal(): not a public key (0th member of pubkeys) in %s on line %d bool(false) Warning: openssl_seal(): Fourth argument to openssl_seal() must be a non-empty array in %s on line %d bool(false) Warning: openssl_seal() expects parameter 1 to be string, array given in %s on line %d NULL Warning: openssl_seal() expects parameter 1 to be string, array given in %s on line %d NULL Done --UEXPECTF-- Warning: openssl_seal(): not a public key (0th member of pubkeys) in %s on line %d bool(false) Warning: openssl_seal(): Fourth argument to openssl_seal() must be a non-empty array in %s on line %d bool(false) Warning: openssl_seal() expects parameter 1 to be binary string, array given in %s on line %d NULL Warning: openssl_seal() expects parameter 1 to be binary string, array given in %s on line %d NULL Done -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 003.phpt
tony2001Wed Aug 30 21:50:28 2006 UTC Added files: /php-src/ext/openssl/tests 003.phpt Modified files: /php-src/ext/opensslopenssl.c Log: fix segfault/leak, add test http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.117r2=1.118diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.117 php-src/ext/openssl/openssl.c:1.118 --- php-src/ext/openssl/openssl.c:1.117 Wed Aug 30 20:49:44 2006 +++ php-src/ext/openssl/openssl.c Wed Aug 30 21:50:28 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.117 2006/08/30 20:49:44 tony2001 Exp $ */ +/* $Id: openssl.c,v 1.118 2006/08/30 21:50:28 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -773,7 +773,7 @@ } /* force it to be a string and check if it refers to a file */ - convert_to_string_ex(val); + convert_to_string(*val); if (Z_STRLEN_PP(val) 7 memcmp(Z_STRVAL_PP(val), file://, sizeof(file://) - 1) == 0) { /* read cert from the named file */ http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/003.phpt?view=markuprev=1.1 Index: php-src/ext/openssl/tests/003.phpt +++ php-src/ext/openssl/tests/003.phpt --TEST-- openssl_pkcs7_decrypt() and invalid parameters --SKIPIF-- ?php if (!extension_loaded(openssl)) print skip; ? --FILE-- ?php function myErrorHandler($errno, $errstr, $errfile, $errline) { var_dump($errstr); } set_error_handler(myErrorHandler); $a = 1; $b = 1; $c = new stdclass; $d = new stdclass; var_dump(openssl_pkcs7_decrypt($a, $b, $c, $d)); var_dump($c); var_dump(openssl_pkcs7_decrypt($b, $b, $b, $b)); var_dump(openssl_pkcs7_decrypt($a, $b, , )); var_dump(openssl_pkcs7_decrypt($a, $b, true, false)); var_dump(openssl_pkcs7_decrypt($a, $b, 0, 0)); echo Done\n; ? --EXPECTF-- string(57) Object of class stdClass could not be converted to string string(45) Object of class stdClass to string conversion string(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert bool(false) string(6) Object string(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert bool(false) string(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert bool(false) string(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert bool(false) string(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert bool(false) Done --UEXPECTF-- unicode(64) Object of class stdClass could not be converted to binary string unicode(45) Object of class stdClass to string conversion unicode(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert bool(false) string(6) Object unicode(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert bool(false) unicode(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert bool(false) unicode(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert bool(false) unicode(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert bool(false) Done -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Sun Jul 30 08:28:48 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: - MFB: vi happiness http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.110r2=1.111diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.110 php-src/ext/openssl/openssl.c:1.111 --- php-src/ext/openssl/openssl.c:1.110 Sat Jul 29 23:03:37 2006 +++ php-src/ext/openssl/openssl.c Sun Jul 30 08:28:48 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.110 2006/07/29 23:03:37 pajoye Exp $ */ +/* $Id: openssl.c,v 1.111 2006/07/30 08:28:48 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -156,10 +156,11 @@ static int le_csr; static int ssl_stream_data_index; -int php_openssl_get_x509_list_id(void) +int php_openssl_get_x509_list_id(void) /* {{{ */ { return le_x509; } +/* }}} */ /* {{{ resource destructors */ static void php_pkey_free(zend_rsrc_list_entry *rsrc TSRMLS_DC) @@ -216,7 +217,7 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req TSRMLS_DC); -static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int shortname TSRMLS_DC) +static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int shortname TSRMLS_DC) /* {{{ */ { zval *subitem, *subentries; int i, j = -1, last = -1, obj_cnt = 0; @@ -271,13 +272,15 @@ } zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void *)subitem, sizeof(subitem), NULL); } +/* }}} */ -static void add_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str) +static void add_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str) /* {{{ */ { add_assoc_stringl(val, key, str-data, str-length, 1); } +/* }}} */ -static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) +static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */ { /* This is how the time string is formatted: @@ -345,12 +348,14 @@ return ret; } +/* }}} */ static inline int php_openssl_config_check_syntax( const char * section_label, const char * config_filename, const char * section, - LHASH * config TSRMLS_DC) + LHASH * config TSRMLS_DC + ) /* {{{ */ { X509V3_CTX ctx; @@ -365,8 +370,9 @@ } return SUCCESS; } +/* }}} */ -static int add_oid_section(struct php_x509_request * req TSRMLS_DC) +static int add_oid_section(struct php_x509_request * req TSRMLS_DC) /* {{{ */ { char * str; STACK_OF(CONF_VALUE) * sktmp; @@ -391,6 +397,7 @@ } return SUCCESS; } +/* }}} */ #define PHP_SSL_REQ_INIT(req) memset(req, 0, sizeof(*req)) #define PHP_SSL_REQ_DISPOSE(req) php_openssl_dispose_config(req TSRMLS_CC) @@ -417,7 +424,7 @@ struct php_x509_request * req, zval * optional_args TSRMLS_DC - ) + ) /* {{{ */ { char * str; zval ** item; @@ -495,8 +502,9 @@ return SUCCESS; } +/* }}} */ -static void php_openssl_dispose_config(struct php_x509_request * req TSRMLS_DC) +static void php_openssl_dispose_config(struct php_x509_request * req TSRMLS_DC) /* {{{ */ { if (req-priv_key) { EVP_PKEY_free(req-priv_key); @@ -511,8 +519,9 @@ req-req_config = NULL; } } +/* }}} */ -static int php_openssl_load_rand_file(const char * file, int *egdsocket, int *seeded) +static int php_openssl_load_rand_file(const char * file, int *egdsocket, int *seeded) /* {{{ */ { char buffer[MAXPATHLEN]; @@ -542,8 +551,9 @@ *seeded = 1; return SUCCESS; } +/* }}} */ -static int php_openssl_write_rand_file(const char * file, int egdsocket, int seeded) +static int php_openssl_write_rand_file(const char * file, int egdsocket, int seeded) /* {{{ */ { char buffer[MAXPATHLEN]; @@ -563,6 +573,7 @@ } return SUCCESS; } +/* }}} */ static EVP_MD * php_openssl_get_evp_md_from_algo(long algo) { /* {{{ */ EVP_MD *mdtype; @@ -3146,7 +3157,7 @@ #define GET_VER_OPT(name) (stream-context SUCCESS == php_stream_context_get_option(stream-context, ssl, name, val)) #define GET_VER_OPT_STRING(name, str) if (GET_VER_OPT(name)) { convert_to_string_ex(val); str = Z_STRVAL_PP(val); } -static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) +static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) /* {{{ */ { php_stream *stream; SSL *ssl; @@ -3183,8 +3194,9 @@ return ret; } +/* }}} */ -int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer, php_stream *stream TSRMLS_DC) +int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer,
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Sun Jul 30 09:18:23 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: - MFB: silent compiler warnins (signess) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.111r2=1.112diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.111 php-src/ext/openssl/openssl.c:1.112 --- php-src/ext/openssl/openssl.c:1.111 Sun Jul 30 08:28:48 2006 +++ php-src/ext/openssl/openssl.c Sun Jul 30 09:18:23 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.111 2006/07/30 08:28:48 pajoye Exp $ */ +/* $Id: openssl.c,v 1.112 2006/07/30 09:18:23 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -254,7 +254,7 @@ obj_cnt++; ne = X509_NAME_get_entry(name, j); str = X509_NAME_ENTRY_get_data(ne); - add_next_index_stringl(subentries, str-data, str-length, 1); + add_next_index_stringl(subentries, (char *)str-data, str-length, 1); } last = j; } @@ -266,7 +266,7 @@ zval_dtor(subentries); FREE_ZVAL(subentries); if (obj_cnt) { - add_assoc_stringl(subitem, sname, str-data, str-length, 1); + add_assoc_stringl(subitem, sname, (char *)str-data, str-length, 1); } } } @@ -276,7 +276,7 @@ static void add_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str) /* {{{ */ { - add_assoc_stringl(val, key, str-data, str-length, 1); + add_assoc_stringl(val, key, (char *)str-data, str-length, 1); } /* }}} */ @@ -300,7 +300,7 @@ return (time_t)-1; } - strbuf = estrdup(timestr-data); + strbuf = estrdup((char *)timestr-data); memset(thetime, 0, sizeof(thetime)); @@ -968,7 +968,7 @@ add_assoc_long(return_value, validFrom_time_t, asn1_time_to_time_t(X509_get_notBefore(cert) TSRMLS_CC)); add_assoc_long(return_value, validTo_time_t, asn1_time_to_time_t(X509_get_notAfter(cert) TSRMLS_CC)); - tmpstr = X509_alias_get0(cert, NULL); + tmpstr = (char *)X509_alias_get0(cert, NULL); if (tmpstr) { add_assoc_string(return_value, alias, tmpstr, 1); } @@ -1285,8 +1285,8 @@ zend_hash_internal_pointer_reset_ex(HASH_OF(dn), hpos); while(zend_hash_get_current_data_ex(HASH_OF(dn), (void**)item, hpos) == SUCCESS) { zstr strindex; - int strindexlen; - long intindex; + uint strindexlen; + ulong intindex; zend_hash_get_current_key_ex(HASH_OF(dn), strindex, strindexlen, intindex, 0, hpos); @@ -1360,8 +1360,8 @@ zend_hash_internal_pointer_reset_ex(HASH_OF(attribs), hpos); while(zend_hash_get_current_data_ex(HASH_OF(attribs), (void**)item, hpos) == SUCCESS) { zstr strindex; - int strindexlen; - long intindex; + uint strindexlen; + ulong intindex; zend_hash_get_current_key_ex(HASH_OF(attribs), strindex, strindexlen, intindex, 0, hpos); convert_to_string_ex(item); @@ -2053,7 +2053,7 @@ } else { cipher = NULL; } - if (PEM_write_bio_PrivateKey(bio_out, key, cipher, passphrase, passphrase_len, NULL, NULL)) { + if (PEM_write_bio_PrivateKey(bio_out, key, cipher,(unsigned char *)passphrase, passphrase_len, NULL, NULL)) { /* Success! * If returning the output as a string, do so now */ RETVAL_TRUE; @@ -2104,7 +2104,7 @@ } else { cipher = NULL; } - if (PEM_write_bio_PrivateKey(bio_out, key, cipher, passphrase, passphrase_len, NULL, NULL)) { + if (PEM_write_bio_PrivateKey(bio_out, key, cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL)) { /* Success! * If returning the output as a string, do so now */ @@ -2664,7 +2664,7 @@ case EVP_PKEY_RSA: case EVP_PKEY_RSA2: successful = (RSA_private_encrypt(data_len, - data, + (unsigned char
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug38261.phpt
pajoye Sun Jul 30 16:27:02 2006 UTC Modified files: /php-src/ext/opensslopenssl.c /php-src/ext/openssl/tests bug38261.phpt Log: - MFB: #38261, openssl_x509_parse leaks with invalid certs http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.112r2=1.113diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.112 php-src/ext/openssl/openssl.c:1.113 --- php-src/ext/openssl/openssl.c:1.112 Sun Jul 30 09:18:23 2006 +++ php-src/ext/openssl/openssl.c Sun Jul 30 16:27:02 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.112 2006/07/30 09:18:23 pajoye Exp $ */ +/* $Id: openssl.c,v 1.113 2006/07/30 16:27:02 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -770,6 +770,11 @@ return NULL; } + + if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) { + return NULL; + } + /* force it to be a string and check if it refers to a file */ convert_to_string_ex(val); http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug38261.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/openssl/tests/bug38261.phpt diff -u /dev/null php-src/ext/openssl/tests/bug38261.phpt:1.2 --- /dev/null Sun Jul 30 16:27:02 2006 +++ php-src/ext/openssl/tests/bug38261.phpt Sun Jul 30 16:27:02 2006 @@ -0,0 +1,34 @@ +--TEST-- +openssl key from zval leaks +--SKIPIF-- +?php +if (!extension_loaded(openssl)) die(skip); +? +--FILE-- +?php +$cert = false; +class test { + function __toString() { + return test object; + } +} +$t = new test; + +var_dump(openssl_x509_parse(foo)); +var_dump(openssl_x509_parse($t)); +var_dump(openssl_x509_parse(array())); +var_dump(openssl_x509_parse()); +var_dump(openssl_x509_parse($cert)); +var_dump(openssl_x509_parse(new stdClass)); + +? +--EXPECTF-- +bool(false) +bool(false) +bool(false) + +Warning: openssl_x509_parse() expects at least 1 parameter, 0 given in %s/bug38261.php on line %d +NULL +bool(false) + +Catchable fatal error: Object of class stdClass could not be converted to string in %s/bug38261.php on line %d -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug28382.phpt bug28382cert.txt
pajoye Sun Jul 30 17:02:28 2006 UTC Added files: /php-src/ext/openssl/tests bug28382.phpt bug28382cert.txt Modified files: /php-src/ext/opensslopenssl.c Log: - #28382, add support for x509 extensions http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.113r2=1.114diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.113 php-src/ext/openssl/openssl.c:1.114 --- php-src/ext/openssl/openssl.c:1.113 Sun Jul 30 16:27:02 2006 +++ php-src/ext/openssl/openssl.c Sun Jul 30 17:02:27 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.113 2006/07/30 16:27:02 pajoye Exp $ */ +/* $Id: openssl.c,v 1.114 2006/07/30 17:02:27 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -940,6 +940,9 @@ zend_bool useshortnames = 1; char * tmpstr; zval * subitem; + X509_EXTENSION *extension; + ASN1_OCTET_STRING *extdata; + char *extname; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, z|b, zcert, useshortnames) == FAILURE) { return; @@ -1014,6 +1017,18 @@ } add_assoc_zval(return_value, purposes, subitem); + MAKE_STD_ZVAL(subitem); + array_init(subitem); + + + for (i = 0; i X509_get_ext_count(cert); i++) { + extension = X509_get_ext(cert, i); + extdata = X509_EXTENSION_get_data(extension); + extname = strdup(OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension; + add_assoc_asn1_string(subitem, extname, extdata); + } + add_assoc_zval(return_value, extensions, subitem); + if (certresource == -1 cert) { X509_free(cert); } http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug28382.phpt?view=markuprev=1.1 Index: php-src/ext/openssl/tests/bug28382.phpt +++ php-src/ext/openssl/tests/bug28382.phpt --TEST-- #28382, openssl_x509_parse extensions support --SKIPIF-- ?php if (!extension_loaded(openssl)) die(skip); ? --FILE-- ?php $cert = file_get_contents(dirname(__FILE__) . /bug28382cert.txt, rb); $ext = openssl_x509_parse($cert); var_dump($ext['extensions']); ? --EXPECTF-- array(11) { [basicConstraints]= string(2) %s [nsComment]= string(40) %s [nsCertType]= string(4) %s [crlDistributionPoints]= string(56) %s [nsCaPolicyUrl]= string(40) %s [subjectAltName]= string(26) %s [subjectKeyIdentifier]= string(22) %s [authorityKeyIdentifier]= string(159) %s [keyUsage]= string(4) %s [nsBaseUrl]= string(22) %s [UNDEF]= string(4) %s } http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug28382cert.txt?view=markuprev=1.1 Index: php-src/ext/openssl/tests/bug28382cert.txt +++ php-src/ext/openssl/tests/bug28382cert.txt -BEGIN CERTIFICATE- MIIEoDCCBAmgAwIBAgIBJzANBgkqhkiG9w0BAQQFADCBkDELMAkGA1UEBhMCUk8x EDAOBgNVBAgTB1JvbWFuaWExEDAOBgNVBAcTB0NyYWlvdmExDzANBgNVBAoTBlNl cmdpdTETMBEGA1UECxMKU2VyZ2l1IFNSTDESMBAGA1UEAxMJU2VyZ2l1IENBMSMw IQYJKoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTAeFw0wNDA1MTQxMzM0 NTZaFw0wNTA1MTQxMzM0NTZaMIGaMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9t YW5pYTEQMA4GA1UEBxMHQ3JhaW92YTETMBEGA1UEChMKU2VyZ2l1IFNSTDETMBEG A1UECxMKU2VyZ2l1IFNSTDEYMBYGA1UEAxMPU2VyZ2l1IHBlcnNvbmFsMSMwIQYJ KoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEApNj7XXz8T8FcLIWpBniPYom3QcT6T7u0xRPHqtqzj5oboBYp DJe5d354/y0gJTpiLt8+fTrPgWXnbHm3pOHgXzTcX6Arani0GDU0/xDi4VkCRGcS YqX2sJpcDzAbmK9UDMt3xf/O1B8AJan3RfO0Bm3ozTEPziLMkmsiYr5b/L8CAwEA AaOCAfwwggH4MAkGA1UdEwQCMAAwNQYJYIZIAYb4QgENBCgWJkZvciBHcmlkIHVz ZSBvbmx5OyByZXF1ZXN0IHRhZyB1c2VyVGFnMBEGCWCGSAGG+EIBAQQEAwIF4DA/ BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vbW9iaWxlLmJsdWUtc29mdHdhcmUucm86 OTAvY2EvY3JsLnNodG1sMDUGCWCGSAGG+EIBCAQoFiZodHRwOi8vbW9iaWxlLmJs dWUtc29mdHdhcmUucm86OTAvcHViLzAhBgNVHREEGjAYgRZzZXJnaXVAYmx1ZXNv ZnR3YXJlLnJvMB0GA1UdDgQWBBSwp//5QRXeIzm93TEPl6CyonTg/DCBpwYDVR0j BIGfMIGcoYGWpIGTMIGQMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9tYW5pYTEQ MA4GA1UEBxMHQ3JhaW92YTEPMA0GA1UEChMGU2VyZ2l1MRMwEQYDVQQLEwpTZXJn aXUgU1JMMRIwEAYDVQQDEwlTZXJnaXUgQ0ExIzAhBgkqhkiG9w0BCQEWFG5fc2Vy Z2l1QGhvdG1haWwuY29tggEAMAsGA1UdDwQEAwIE8DAjBglghkgBhvhCAQIEFhYU aHR0cDovLzYyLjIzMS45OC41Mi8wCwYDKgMEBAQ+52I0MA0GCSqGSIb3DQEBBAUA A4GBAIBIOJ+iiLyQfNJEY+IMefayQea0nmuXYY+F+L1DFjSC7xChytgYoPNnKkhh 3dWPtxbswiqKYUnGi6y3Hi4UhDsOaDW29t2S305hSc2qgjOiNtRYQIVYQ8EHG1k7 Fl63S7uCOhnVJt+4MnUK1N6/pwgsp+Z2GvEsDG1qCKnvNpf6 -END CERTIFICATE- -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug36732.phpt
pajoye Mon Jul 31 00:36:09 2006 UTC Modified files: /php-src/ext/opensslopenssl.c /php-src/ext/openssl/tests bug36732.phpt Log: - MFB: #36732, add req_extensions support to openssl_csr_new and _sign (ben at psc dot edu) - MFB: fix leaks in openssl_csr_new and sig http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.114r2=1.115diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.114 php-src/ext/openssl/openssl.c:1.115 --- php-src/ext/openssl/openssl.c:1.114 Sun Jul 30 17:02:27 2006 +++ php-src/ext/openssl/openssl.c Mon Jul 31 00:36:09 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.114 2006/07/30 17:02:27 pajoye Exp $ */ +/* $Id: openssl.c,v 1.115 2006/07/31 00:36:09 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -454,8 +454,8 @@ CONF_get_string(req-req_config, req-section_name, default_md)); SET_OPTIONAL_STRING_ARG(x509_extensions, req-extensions_section, CONF_get_string(req-req_config, req-section_name, x509_extensions)); - SET_OPTIONAL_STRING_ARG(req_extensions, req-extensions_section, - CONF_get_string(req-req_config, req-request_extensions_section, req_extensions)); + SET_OPTIONAL_STRING_ARG(req_extensions, req-request_extensions_section, + CONF_get_string(req-req_config, req-section_name, req_extensions)); SET_OPTIONAL_LONG_ARG(private_key_bits, req-priv_key_bits, CONF_get_number(req-req_config, req-section_name, default_bits)); @@ -495,9 +495,6 @@ return FAILURE; } - if (req-request_extensions_section == NULL) { - req-request_extensions_section = CONF_get_string(req-req_config, req-section_name, req_extensions); - } PHP_SSL_CONFIG_SYNTAX_CHECK(request_extensions_section); return SUCCESS; @@ -865,8 +862,6 @@ zend_bool notext = 1; BIO * bio_out; long certresource; - char * bio_mem_ptr; - long bio_mem_len; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, rz|b, zcert, zout, notext) == FAILURE) { return; @@ -883,12 +878,15 @@ if (!notext) { X509_print(bio_out, cert); } - PEM_write_bio_X509(bio_out, cert); + if (PEM_write_bio_X509(bio_out, cert)) { + BUF_MEM *bio_buf; - bio_mem_len = BIO_get_mem_data(bio_out, bio_mem_ptr); - ZVAL_STRINGL(zout, bio_mem_ptr, bio_mem_len, 1); + zval_dtor(zout); + BIO_get_mem_ptr(bio_out, bio_buf); + ZVAL_STRINGL(zout, bio_buf-data, bio_buf-length, 1); - RETVAL_TRUE; + RETVAL_TRUE; + } if (certresource == -1 cert) { X509_free(cert); @@ -1519,9 +1517,8 @@ zval * zcsr = NULL, *zout=NULL; zend_bool notext = 1; BIO * bio_out; + long csr_resource; - char * bio_mem_ptr; - long bio_mem_len; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, rz|b, zcsr, zout, notext) == FAILURE) { return; @@ -1540,12 +1537,16 @@ if (!notext) { X509_REQ_print(bio_out, csr); } - PEM_write_bio_X509_REQ(bio_out, csr); - bio_mem_len = BIO_get_mem_data(bio_out, bio_mem_ptr); - ZVAL_STRINGL(zout, bio_mem_ptr, bio_mem_len, 1); + if (PEM_write_bio_X509_REQ(bio_out, csr)) { + BUF_MEM *bio_buf; - RETVAL_TRUE; + BIO_get_mem_ptr(bio_out, bio_buf); + zval_dtor(zout); + ZVAL_STRINGL(zout, bio_buf-data, bio_buf-length, 1); + + RETVAL_TRUE; + } if (csr_resource == -1 csr) { X509_REQ_free(csr); @@ -1643,12 +1644,12 @@ if (!i) { goto cleanup; } - if (req.request_extensions_section) { + if (req.extensions_section) { X509V3_CTX ctx; X509V3_set_ctx(ctx, cert, new_cert, csr, NULL, 0); X509V3_set_conf_lhash(ctx, req.req_config); - if (!X509V3_EXT_add_conf(req.req_config, ctx, req.request_extensions_section, new_cert)) { + if (!X509V3_EXT_add_conf(req.req_config, ctx, req.extensions_section, new_cert)) { goto cleanup; } } http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug36732.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/openssl/tests/bug36732.phpt diff -u /dev/null php-src/ext/openssl/tests/bug36732.phpt:1.2 --- /dev/null Mon Jul 31 00:36:09 2006 +++ php-src/ext/openssl/tests/bug36732.phpt Mon Jul 31 00:36:09 2006 @@ -0,0 +1,39 @@ +--TEST-- +#36732, add support for req_extensions in openss_csr_new and sign +--SKIPIF-- +?php +if
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
iliaa Mon Jul 31 03:41:42 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: MFB: Fixed compiler warning. http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.115r2=1.116diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.115 php-src/ext/openssl/openssl.c:1.116 --- php-src/ext/openssl/openssl.c:1.115 Mon Jul 31 00:36:09 2006 +++ php-src/ext/openssl/openssl.c Mon Jul 31 03:41:42 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.115 2006/07/31 00:36:09 pajoye Exp $ */ +/* $Id: openssl.c,v 1.116 2006/07/31 03:41:42 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -224,7 +224,7 @@ char *sname; int nid; X509_NAME_ENTRY * ne; - ASN1_STRING * str; + ASN1_STRING * str = NULL; ASN1_OBJECT * obj; MAKE_STD_ZVAL(subitem); @@ -265,7 +265,7 @@ } else { zval_dtor(subentries); FREE_ZVAL(subentries); - if (obj_cnt) { + if (obj_cnt str) { add_assoc_stringl(subitem, sname, (char *)str-data, str-length, 1); } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug37820.phpt bug37820cert.pem bug37820key.pem
pajoye Sat Jul 29 21:54:45 2006 UTC Added files: /php-src/ext/openssl/tests bug37820key.pem bug37820cert.pem bug37820.phpt Modified files: /php-src/ext/opensslopenssl.c Log: - #37820, add support for algorithm type in openssl_verify() http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.106r2=1.107diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.106 php-src/ext/openssl/openssl.c:1.107 --- php-src/ext/openssl/openssl.c:1.106 Sun Apr 30 23:45:13 2006 +++ php-src/ext/openssl/openssl.c Sat Jul 29 21:54:45 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.106 2006/04/30 23:45:13 wez Exp $ */ +/* $Id: openssl.c,v 1.107 2006/07/29 21:54:45 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -563,6 +563,30 @@ } return SUCCESS; } + +static EVP_MD * php_openssl_get_evp_md_from_algo(long algo) { /* {{{ */ + EVP_MD *mdtype; + + switch (algo) { + case OPENSSL_ALGO_SHA1: + mdtype = (EVP_MD *) EVP_sha1(); + break; + case OPENSSL_ALGO_MD5: + mdtype = (EVP_MD *) EVP_md5(); + break; + case OPENSSL_ALGO_MD4: + mdtype = (EVP_MD *) EVP_md4(); + break; + case OPENSSL_ALGO_MD2: + mdtype = (EVP_MD *) EVP_md2(); + break; + default: + return NULL; + break; + } + return mdtype; +} +/* }}} */ /* }}} */ /* {{{ PHP_MINIT_FUNCTION @@ -2860,7 +2884,7 @@ } /* }}} */ -/* {{{ proto bool openssl_sign(string data, string signature, mixed key) +/* {{{ proto bool openssl_sign(string data, string signature, mixed key[, int signature_alg]) Signs data */ PHP_FUNCTION(openssl_sign) { @@ -2884,23 +2908,10 @@ RETURN_FALSE; } - switch (signature_algo) { - case OPENSSL_ALGO_SHA1: - mdtype = (EVP_MD *) EVP_sha1(); - break; - case OPENSSL_ALGO_MD5: - mdtype = (EVP_MD *) EVP_md5(); - break; - case OPENSSL_ALGO_MD4: - mdtype = (EVP_MD *) EVP_md4(); - break; - case OPENSSL_ALGO_MD2: - mdtype = (EVP_MD *) EVP_md2(); - break; - default: - php_error_docref(NULL TSRMLS_CC, E_WARNING, Unknown signature algorithm.); - RETURN_FALSE; - break; + mdtype = php_openssl_get_evp_md_from_algo(signature_algo); + if (!mdtype) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Unknown signature algorithm.); + RETURN_FALSE; } siglen = EVP_PKEY_size(pkey); @@ -2931,21 +2942,29 @@ EVP_PKEY *pkey; int err; EVP_MD_CTX md_ctx; + EVP_MD *mdtype; long keyresource = -1; char * data;int data_len; char * signature; int signature_len; - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ssz, data, data_len, signature, signature_len, key) == FAILURE) { + long signature_algo = OPENSSL_ALGO_SHA1; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ssz|l, data, data_len, signature, signature_len, key, signature_algo) == FAILURE) { return; } - + + mdtype = php_openssl_get_evp_md_from_algo(signature_algo); + if (!mdtype) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Unknown signature algorithm.); + RETURN_FALSE; + } + pkey = php_openssl_evp_from_zval(key, 1, NULL, 0, keyresource TSRMLS_CC); if (pkey == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, supplied key param cannot be coerced into a public key); RETURN_FALSE; } - EVP_VerifyInit (md_ctx, EVP_sha1()); + EVP_VerifyInit (md_ctx, mdtype); EVP_VerifyUpdate (md_ctx, data, data_len); err = EVP_VerifyFinal (md_ctx, signature, signature_len, pkey); http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug37820key.pem?view=markuprev=1.1 Index: php-src/ext/openssl/tests/bug37820key.pem +++ php-src/ext/openssl/tests/bug37820key.pem -BEGIN RSA PRIVATE KEY- MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ 2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr 8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug38255.phpt
pajoye Sat Jul 29 22:24:48 2006 UTC Added files: /php-src/ext/openssl/tests bug38255.phpt Modified files: /php-src/ext/opensslopenssl.c Log: - MFH: #38255, fix possible leak in php_openssl_evp_from_zval http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.107r2=1.108diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.107 php-src/ext/openssl/openssl.c:1.108 --- php-src/ext/openssl/openssl.c:1.107 Sat Jul 29 21:54:45 2006 +++ php-src/ext/openssl/openssl.c Sat Jul 29 22:24:48 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.107 2006/07/29 21:54:45 pajoye Exp $ */ +/* $Id: openssl.c,v 1.108 2006/07/29 22:24:48 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1824,6 +1824,9 @@ return NULL; } else { /* force it to be a string and check if it refers to a file */ + if (Z_TYPE_PP(val) == IS_LONG || Z_TYPE_PP(val) == IS_BOOL) { + return NULL; + } convert_to_string_ex(val); if (Z_STRLEN_PP(val) 7 memcmp(Z_STRVAL_PP(val), file://, sizeof(file://) - 1) == 0) { http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug38255.phpt?view=markuprev=1.1 Index: php-src/ext/openssl/tests/bug38255.phpt +++ php-src/ext/openssl/tests/bug38255.phpt --TEST-- openssl key from zval leaks --SKIPIF-- ?php if (!extension_loaded(openssl)) die(skip); ? --FILE-- ?php $pub_key_id = false; $signature = ''; $ok = openssl_verify(foo, $signature, $pub_key_id, OPENSSL_ALGO_MD5); ? --EXPECTF-- Warning: openssl_verify(): supplied key param cannot be coerced into a public key in %s/bug38255.php on line %d -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Sat Jul 29 22:39:51 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: - #38255, fails on array as well http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.108r2=1.109diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.108 php-src/ext/openssl/openssl.c:1.109 --- php-src/ext/openssl/openssl.c:1.108 Sat Jul 29 22:24:48 2006 +++ php-src/ext/openssl/openssl.c Sat Jul 29 22:39:51 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.108 2006/07/29 22:24:48 pajoye Exp $ */ +/* $Id: openssl.c,v 1.109 2006/07/29 22:39:51 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1824,7 +1824,8 @@ return NULL; } else { /* force it to be a string and check if it refers to a file */ - if (Z_TYPE_PP(val) == IS_LONG || Z_TYPE_PP(val) == IS_BOOL) { + if (Z_TYPE_PP(val) == IS_LONG || Z_TYPE_PP(val) == IS_BOOL + || Z_TYPE_PP(val) == IS_ARRAY) { return NULL; } convert_to_string_ex(val); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Sat Jul 29 23:03:37 2006 UTC Modified files: /php-src/ext/opensslopenssl.c Log: - make the test more obvious and add an explanation http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.109r2=1.110diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.109 php-src/ext/openssl/openssl.c:1.110 --- php-src/ext/openssl/openssl.c:1.109 Sat Jul 29 22:39:51 2006 +++ php-src/ext/openssl/openssl.c Sat Jul 29 23:03:37 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.109 2006/07/29 22:39:51 pajoye Exp $ */ +/* $Id: openssl.c,v 1.110 2006/07/29 23:03:37 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1824,8 +1824,10 @@ return NULL; } else { /* force it to be a string and check if it refers to a file */ - if (Z_TYPE_PP(val) == IS_LONG || Z_TYPE_PP(val) == IS_BOOL - || Z_TYPE_PP(val) == IS_ARRAY) { + /* passing non string values leaks, object uses toString, it returns NULL +* bug38255.phpt +*/ + if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) { return NULL; } convert_to_string_ex(val); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c xp_ssl.c
wez Sun Apr 30 23:45:13 2006 UTC Modified files: /php-src/ext/opensslopenssl.c xp_ssl.c Log: merge from branch: peer certificate capture context options. http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/openssl.c?r1=1.105r2=1.106diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.105 php-src/ext/openssl/openssl.c:1.106 --- php-src/ext/openssl/openssl.c:1.105 Tue Feb 21 20:12:42 2006 +++ php-src/ext/openssl/openssl.c Sun Apr 30 23:45:13 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.105 2006/02/21 20:12:42 dmitry Exp $ */ +/* $Id: openssl.c,v 1.106 2006/04/30 23:45:13 wez Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -156,6 +156,11 @@ static int le_csr; static int ssl_stream_data_index; +int php_openssl_get_x509_list_id(void) +{ + return le_x509; +} + /* {{{ resource destructors */ static void php_pkey_free(zend_rsrc_list_entry *rsrc TSRMLS_DC) { http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/xp_ssl.c?r1=1.24r2=1.25diff_format=u Index: php-src/ext/openssl/xp_ssl.c diff -u php-src/ext/openssl/xp_ssl.c:1.24 php-src/ext/openssl/xp_ssl.c:1.25 --- php-src/ext/openssl/xp_ssl.c:1.24 Sun Jan 1 13:09:52 2006 +++ php-src/ext/openssl/xp_ssl.cSun Apr 30 23:45:13 2006 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: xp_ssl.c,v 1.24 2006/01/01 13:09:52 sniper Exp $ */ +/* $Id: xp_ssl.c,v 1.25 2006/04/30 23:45:13 wez Exp $ */ #include php.h #include ext/standard/file.h @@ -33,6 +33,7 @@ int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer, php_stream *stream TSRMLS_DC); SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC); +int php_openssl_get_x509_list_id(void); /* This implementation is very closely tied to the that of the native * sockets implemented in the core. @@ -414,9 +415,63 @@ SSL_shutdown(sslsock-ssl_handle); } else { sslsock-ssl_active = 1; + + /* allow the script to capture the peer cert +* and/or the certificate chain */ + if (stream-context) { + zval **val, *zcert; + + if (SUCCESS == php_stream_context_get_option( + stream-context, ssl, + capture_peer_cert, val) + zval_is_true(*val)) { + MAKE_STD_ZVAL(zcert); + ZVAL_RESOURCE(zcert, zend_list_insert(peer_cert, + php_openssl_get_x509_list_id())); + php_stream_context_set_option(stream-context, + ssl, peer_certificate, + zcert); + peer_cert = NULL; + } + + if (SUCCESS == php_stream_context_get_option( + stream-context, ssl, + capture_peer_cert_chain, val) + zval_is_true(*val)) { + zval *arr; + STACK_OF(X509) *chain; + + MAKE_STD_ZVAL(arr); + chain = SSL_get_peer_cert_chain( + sslsock-ssl_handle); + + if (chain) { + int i; + array_init(arr); + + for (i = 0; i sk_X509_num(chain); i++) { + X509 *mycert = X509_dup( + sk_X509_value(chain, i)); + MAKE_STD_ZVAL(zcert); + ZVAL_RESOURCE(zcert, + zend_list_insert(mycert, +
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
alan_k Mon Nov 28 05:28:18 2005 EDT Modified files: /php-src/ext/opensslopenssl.c Log: fix bug #35381 - ensure library is initialized before use http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.99r2=1.100ty=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.99 php-src/ext/openssl/openssl.c:1.100 --- php-src/ext/openssl/openssl.c:1.99 Thu Aug 18 09:33:58 2005 +++ php-src/ext/openssl/openssl.c Mon Nov 28 05:28:16 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.99 2005/08/18 13:33:58 sniper Exp $ */ +/* $Id: openssl.c,v 1.100 2005/11/28 10:28:16 alan_k Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -584,6 +584,7 @@ le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, OpenSSL X.509, module_number); le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, OpenSSL X.509 CSR, module_number); + SSL_library_init(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
wez Thu Jun 30 10:25:41 2005 EDT Modified files: /php-src/ext/opensslopenssl.c Log: Add optional parameter to openssl_pkcs7_verify() which specifies the name of a file that will be filled with the verified data, but with the signature information stripped. Patch by Marton Kenyeres, mkenyeres (at) konvergencia dot hu http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.96r2=1.97ty=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.96 php-src/ext/openssl/openssl.c:1.97 --- php-src/ext/openssl/openssl.c:1.96 Tue Apr 19 18:04:25 2005 +++ php-src/ext/openssl/openssl.c Thu Jun 30 10:25:39 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.96 2005/04/19 22:04:25 sniper Exp $ */ +/* $Id: openssl.c,v 1.97 2005/06/30 14:25:39 wez Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -2152,7 +2152,7 @@ /* {{{ PKCS7 S/MIME functions */ -/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string signerscerts [, array cainfo [, string extracerts]]]) +/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string signerscerts [, array cainfo [, string extracerts [, string content) Verifys that the data block is intact, the signer is who they say they are, and returns the CERTs of the signers */ PHP_FUNCTION(openssl_pkcs7_verify) { @@ -2161,17 +2161,18 @@ STACK_OF(X509) *signers= NULL; STACK_OF(X509) *others = NULL; PKCS7 * p7 = NULL; - BIO * in = NULL, * datain = NULL; + BIO * in = NULL, * datain = NULL, * dataout = NULL; long flags = 0; char * filename; int filename_len; char * extracerts = NULL; int extracerts_len; char * signersfilename = NULL; int signersfilename_len; + char * datafilename = NULL; int datafilename_len; RETVAL_LONG(-1); - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, sl|sas, filename, filename_len, + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, sl|sass, filename, filename_len, flags, signersfilename, signersfilename_len, cainfo, - extracerts, extracerts_len) == FAILURE) { + extracerts, extracerts_len, datafilename, datafilename_len) == FAILURE) { return; } @@ -2204,18 +2205,30 @@ #endif goto clean_exit; } + + if (datafilename) { + + if (php_openssl_safe_mode_chk(datafilename TSRMLS_CC)) { + goto clean_exit; + } + + dataout = BIO_new_file(datafilename, w); + if (dataout == NULL) { + goto clean_exit; + } + } #if DEBUG_SMIME zend_printf(Calling PKCS7 verify\n); #endif - if (PKCS7_verify(p7, others, store, datain, NULL, flags)) { + if (PKCS7_verify(p7, others, store, datain, dataout, flags)) { RETVAL_TRUE; if (signersfilename) { BIO *certout; - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_safe_mode_chk(signersfilename TSRMLS_CC)) { goto clean_exit; } @@ -2242,6 +2255,7 @@ X509_STORE_free(store); BIO_free(datain); BIO_free(in); + BIO_free(dataout); PKCS7_free(p7); sk_X509_free(others); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
sniper Tue Apr 19 18:04:32 2005 EDT Modified files: /php-src/ext/opensslopenssl.c Log: - Never use Z_TYPE* macros on non-zvals. http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.95r2=1.96ty=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.95 php-src/ext/openssl/openssl.c:1.96 --- php-src/ext/openssl/openssl.c:1.95 Mon Mar 14 19:27:51 2005 +++ php-src/ext/openssl/openssl.c Tue Apr 19 18:04:25 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.95 2005/03/15 00:27:51 iliaa Exp $ */ +/* $Id: openssl.c,v 1.96 2005/04/19 22:04:25 sniper Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -2611,7 +2611,7 @@ cryptedlen = EVP_PKEY_size(pkey); cryptedbuf = emalloc(cryptedlen + 1); - switch (Z_TYPE_P(pkey)) { + switch (pkey-type) { case EVP_PKEY_RSA: case EVP_PKEY_RSA2: successful = (RSA_private_encrypt(data_len, @@ -2669,7 +2669,7 @@ cryptedlen = EVP_PKEY_size(pkey); crypttemp = emalloc(cryptedlen + 1); - switch (Z_TYPE_P(pkey)) { + switch (pkey-type) { case EVP_PKEY_RSA: case EVP_PKEY_RSA2: cryptedlen = RSA_private_decrypt(data_len, @@ -2734,7 +2734,7 @@ cryptedlen = EVP_PKEY_size(pkey); cryptedbuf = emalloc(cryptedlen + 1); - switch (Z_TYPE_P(pkey)) { + switch (pkey-type) { case EVP_PKEY_RSA: case EVP_PKEY_RSA2: successful = (RSA_public_encrypt(data_len, @@ -2793,7 +2793,7 @@ cryptedlen = EVP_PKEY_size(pkey); crypttemp = emalloc(cryptedlen + 1); - switch (Z_TYPE_P(pkey)) { + switch (pkey-type) { case EVP_PKEY_RSA: case EVP_PKEY_RSA2: cryptedlen = RSA_public_decrypt(data_len, -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
sniper Mon Mar 14 16:00:04 2005 EDT Modified files: /php-src/ext/opensslopenssl.c Log: - Fixed bug #18613 (Multiple OUs in x509 certificate not handled properly) http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.93r2=1.94ty=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.93 php-src/ext/openssl/openssl.c:1.94 --- php-src/ext/openssl/openssl.c:1.93 Wed Oct 27 07:07:25 2004 +++ php-src/ext/openssl/openssl.c Mon Mar 14 16:00:02 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.93 2004/10/27 11:07:25 wez Exp $ */ +/* $Id: openssl.c,v 1.94 2005/03/14 21:00:02 sniper Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -227,9 +227,9 @@ static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int shortname TSRMLS_DC) { - zval * subitem; - int i; - char * sn, * ln; + zval *subitem, *subentries; + int i, j = -1, last = -1, obj_cnt = 0; + char *sname; int nid; X509_NAME_ENTRY * ne; ASN1_STRING * str; @@ -241,14 +241,39 @@ for (i = 0; i X509_NAME_entry_count(name); i++) { ne = X509_NAME_get_entry(name, i); obj = X509_NAME_ENTRY_get_object(ne); - str = X509_NAME_ENTRY_get_data(ne); nid = OBJ_obj2nid(obj); + obj_cnt = 0; + if (shortname) { - sn = (char*)OBJ_nid2sn(nid); - add_assoc_stringl(subitem, sn, str-data, str-length, 1); + sname = (char *) OBJ_nid2sn(nid); + } else { + sname = (char *) OBJ_nid2ln(nid); + } + + MAKE_STD_ZVAL(subentries); + array_init(subentries); + + last = -1; + for (;;) { + j = X509_NAME_get_index_by_OBJ(name, obj, last); + if (j 0) { + if (last != -1) break; + } else { + obj_cnt++; + ne = X509_NAME_get_entry(name, j); + str = X509_NAME_ENTRY_get_data(ne); + add_next_index_stringl(subentries, str-data, str-length, 1); + } + last = j; + } + i = last; + + if (obj_cnt 1) { + add_assoc_zval_ex(subitem, sname, strlen(sname) + 1, subentries); } else { - ln = (char*)OBJ_nid2ln(nid); - add_assoc_stringl(subitem, ln, str-data, str-length, 1); + zval_dtor(subentries); + FREE_ZVAL(subentries); + add_assoc_stringl(subitem, sname, str-data, str-length, 1); } } zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void *)subitem, sizeof(subitem), NULL); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
iliaa Mon Mar 14 19:27:52 2005 EDT Modified files: /php-src/ext/opensslopenssl.c Log: Fixed possible usage of str without being initialized. http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.94r2=1.95ty=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.94 php-src/ext/openssl/openssl.c:1.95 --- php-src/ext/openssl/openssl.c:1.94 Mon Mar 14 16:00:02 2005 +++ php-src/ext/openssl/openssl.c Mon Mar 14 19:27:51 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.94 2005/03/14 21:00:02 sniper Exp $ */ +/* $Id: openssl.c,v 1.95 2005/03/15 00:27:51 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -273,7 +273,9 @@ } else { zval_dtor(subentries); FREE_ZVAL(subentries); - add_assoc_stringl(subitem, sname, str-data, str-length, 1); + if (obj_cnt) { + add_assoc_stringl(subitem, sname, str-data, str-length, 1); + } } } zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void *)subitem, sizeof(subitem), NULL); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
wez Wed Oct 27 07:07:25 2004 EDT Modified files: /php-src/ext/opensslopenssl.c Log: Fix possible crash; patch by Kamesh Jayachandran http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.92r2=1.93ty=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.92 php-src/ext/openssl/openssl.c:1.93 --- php-src/ext/openssl/openssl.c:1.92 Tue Oct 26 05:24:06 2004 +++ php-src/ext/openssl/openssl.c Wed Oct 27 07:07:25 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.92 2004/10/26 09:24:06 wez Exp $ */ +/* $Id: openssl.c,v 1.93 2004/10/27 11:07:25 wez Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1670,6 +1670,7 @@ if (we_made_the_key) { /* and a resource for the private key */ ZVAL_RESOURCE(out_pkey, zend_list_insert(req.priv_key, le_key)); + req.priv_key = NULL; /* make sure the cleanup code doesn't zap it! */ } else if (key_resource != -1) { req.priv_key = NULL; /* make sure the cleanup code doesn't zap it! */ } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
wez Tue Oct 26 05:24:07 2004 EDT Modified files: /php-src/ext/opensslopenssl.c Log: Fix for Bug #29418 (double free when openssl_csr_new fails). Also hook up MSHUTDOWN function which appears to have never been enabled. Patch by Kamesh Jayachandran http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.91r2=1.92ty=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.91 php-src/ext/openssl/openssl.c:1.92 --- php-src/ext/openssl/openssl.c:1.91 Mon Sep 13 14:30:29 2004 +++ php-src/ext/openssl/openssl.c Tue Oct 26 05:24:06 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.91 2004/09/13 18:30:29 magnus Exp $ */ +/* $Id: openssl.c,v 1.92 2004/10/26 09:24:06 wez Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -135,7 +135,7 @@ openssl, openssl_functions, PHP_MINIT(openssl), - NULL, + PHP_MSHUTDOWN(openssl), NULL, NULL, PHP_MINFO(openssl), @@ -1675,6 +1675,12 @@ } } } + else { + if (!we_made_the_key) { + /* if we have not made the key we are not supposed to zap it by calling dispose! */ + req.priv_key = NULL; + } + } } } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
magnus Mon Sep 13 14:30:30 2004 EDT Modified files: /php-src/ext/opensslopenssl.c Log: Add missing stream unregister for sslv2 and 3. http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.90r2=1.91ty=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.90 php-src/ext/openssl/openssl.c:1.91 --- php-src/ext/openssl/openssl.c:1.90 Fri Sep 10 07:43:45 2004 +++ php-src/ext/openssl/openssl.c Mon Sep 13 14:30:29 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.90 2004/09/10 11:43:45 wez Exp $ */ +/* $Id: openssl.c,v 1.91 2004/09/13 18:30:29 magnus Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -667,6 +667,8 @@ php_unregister_url_stream_wrapper(ftps TSRMLS_CC); php_stream_xport_unregister(ssl TSRMLS_CC); + php_stream_xport_unregister(sslv2 TSRMLS_CC); + php_stream_xport_unregister(sslv3 TSRMLS_CC); php_stream_xport_unregister(tls TSRMLS_CC); /* reinstate the default tcp handler */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c xp_ssl.c
wez Fri Sep 10 07:43:46 2004 EDT Modified files: /php-src/ext/opensslopenssl.c xp_ssl.c Log: Fix Bug #29296: add explicit sslv2 and sslv3 transports http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.89r2=1.90ty=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.89 php-src/ext/openssl/openssl.c:1.90 --- php-src/ext/openssl/openssl.c:1.89 Wed Apr 21 19:02:04 2004 +++ php-src/ext/openssl/openssl.c Fri Sep 10 07:43:45 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.89 2004/04/21 23:02:04 wez Exp $ */ +/* $Id: openssl.c,v 1.90 2004/09/10 11:43:45 wez Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -632,6 +632,8 @@ } php_stream_xport_register(ssl, php_openssl_ssl_socket_factory TSRMLS_CC); + php_stream_xport_register(sslv3, php_openssl_ssl_socket_factory TSRMLS_CC); + php_stream_xport_register(sslv2, php_openssl_ssl_socket_factory TSRMLS_CC); php_stream_xport_register(tls, php_openssl_ssl_socket_factory TSRMLS_CC); /* override the default tcp socket provider */ http://cvs.php.net/diff.php/php-src/ext/openssl/xp_ssl.c?r1=1.16r2=1.17ty=u Index: php-src/ext/openssl/xp_ssl.c diff -u php-src/ext/openssl/xp_ssl.c:1.16 php-src/ext/openssl/xp_ssl.c:1.17 --- php-src/ext/openssl/xp_ssl.c:1.16 Sun May 23 06:35:58 2004 +++ php-src/ext/openssl/xp_ssl.cFri Sep 10 07:43:46 2004 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: xp_ssl.c,v 1.16 2004/05/23 10:35:58 wez Exp $ */ +/* $Id: xp_ssl.c,v 1.17 2004/09/10 11:43:46 wez Exp $ */ #include php.h #include ext/standard/file.h @@ -691,6 +691,12 @@ if (strncmp(proto, ssl, protolen) == 0) { sslsock-enable_on_connect = 1; sslsock-method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT; + } else if (strncmp(proto, sslv2, protolen) == 0) { + sslsock-enable_on_connect = 1; + sslsock-method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT; + } else if (strncmp(proto, sslv3, protolen) == 0) { + sslsock-enable_on_connect = 1; + sslsock-method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT; } else if (strncmp(proto, tls, protolen) == 0) { sslsock-enable_on_connect = 1; sslsock-method = STREAM_CRYPTO_METHOD_TLS_CLIENT; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c xp_ssl.c
wez Wed Apr 21 19:02:04 2004 EDT Modified files: /php-src/ext/opensslopenssl.c xp_ssl.c Log: Fix bug #28096 - stream_socket_accept() on an SSL server socket doesn't enable SSL on the accepted socket. - Add cipher list context option - Add helpful hint about why SSL server socket fails with mysterious error (eg: you need an SSL certificate for most ciphers). http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.88r2=1.89ty=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.88 php-src/ext/openssl/openssl.c:1.89 --- php-src/ext/openssl/openssl.c:1.88 Mon Mar 29 14:57:48 2004 +++ php-src/ext/openssl/openssl.c Wed Apr 21 19:02:04 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.88 2004/03/29 19:57:48 iliaa Exp $ */ +/* $Id: openssl.c,v 1.89 2004/04/21 23:02:04 wez Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -3206,6 +3206,7 @@ char *cafile = NULL; char *capath = NULL; char *certfile = NULL; + char *cipherlist = NULL; int ok = 1; @@ -3240,6 +3241,12 @@ SSL_CTX_set_default_passwd_cb(ctx, passwd_callback); } + GET_VER_OPT_STRING(ciphers, cipherlist); + if (!cipherlist) { + cipherlist = DEFAULT; + } + SSL_CTX_set_cipher_list(ctx, cipherlist); + GET_VER_OPT_STRING(local_cert, certfile); if (certfile) { X509 *cert = NULL; http://cvs.php.net/diff.php/php-src/ext/openssl/xp_ssl.c?r1=1.14r2=1.15ty=u Index: php-src/ext/openssl/xp_ssl.c diff -u php-src/ext/openssl/xp_ssl.c:1.14 php-src/ext/openssl/xp_ssl.c:1.15 --- php-src/ext/openssl/xp_ssl.c:1.14 Thu Jan 8 03:16:39 2004 +++ php-src/ext/openssl/xp_ssl.cWed Apr 21 19:02:04 2004 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: xp_ssl.c,v 1.14 2004/01/08 08:16:39 andi Exp $ */ +/* $Id: xp_ssl.c,v 1.15 2004/04/21 23:02:04 wez Exp $ */ #include php.h #include ext/standard/file.h @@ -53,7 +53,7 @@ char esbuf[512]; char *ebuf = NULL, *wptr = NULL; size_t ebuf_size = 0; - unsigned long code; + unsigned long code, ecode; int retry = 1; switch(err) { @@ -84,37 +84,49 @@ } break; } + + /* fall through */ default: /* some other error */ - while ((code = ERR_get_error()) != 0) { - /* allow room for a NUL and an optional \n */ - if (ebuf) { - esbuf[0] = '\n'; - esbuf[1] = '\0'; - ERR_error_string_n(code, esbuf + 1, sizeof(esbuf) - 2); - } else { - esbuf[0] = '\0'; - ERR_error_string_n(code, esbuf, sizeof(esbuf) - 1); - } - code = strlen(esbuf); - esbuf[code] = '\0'; + ecode = ERR_get_error(); + + switch (ERR_GET_REASON(ecode)) { + case SSL_R_NO_SHARED_CIPHER: + php_error_docref(NULL TSRMLS_CC, E_WARNING, SSL_R_NO_SHARED_CIPHER: no suitable shared cipher could be used. This could be because the server is missing an SSL certificate (local_cert context option)); + retry = 0; + break; - ebuf = erealloc(ebuf, ebuf_size + code + 1); - if (wptr == NULL) { - wptr = ebuf; - } - - /* also copies the NUL */ - memcpy(wptr, esbuf, code + 1); - wptr += code; - } - - php_error_docref(NULL TSRMLS_CC, E_WARNING, - SSL operation failed with code %d.%s%s, - err, - ebuf ? OpenSSL Error messages:\n : , - ebuf ? ebuf : ); + default: + do { + /* allow room for a NUL and an optional \n */ + if (ebuf) { + esbuf[0] = '\n'; +
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
iliaa Sun Dec 21 13:17:19 2003 EDT Modified files: /php-src/ext/opensslopenssl.c Log: Fixed uninitialized usage of mdtype when unknown signature algorithm is found. Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.85 php-src/ext/openssl/openssl.c:1.86 --- php-src/ext/openssl/openssl.c:1.85 Thu Nov 27 12:40:15 2003 +++ php-src/ext/openssl/openssl.c Sun Dec 21 13:17:18 2003 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.85 2003/11/27 17:40:15 wez Exp $ */ +/* $Id: openssl.c,v 1.86 2003/12/21 18:17:18 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -2838,9 +2838,6 @@ RETURN_FALSE; } - siglen = EVP_PKEY_size(pkey); - sigbuf = emalloc(siglen + 1); - switch (signature_algo) { case OPENSSL_ALGO_SHA1: mdtype = (EVP_MD *) EVP_sha1(); @@ -2854,8 +2851,15 @@ case OPENSSL_ALGO_MD2: mdtype = (EVP_MD *) EVP_md2(); break; + default: + php_error_docref(NULL TSRMLS_CC, E_WARNING, Unknown signature algorithm.); + RETURN_FALSE; + break; } - + + siglen = EVP_PKEY_size(pkey); + sigbuf = emalloc(siglen + 1); + EVP_SignInit(md_ctx, mdtype); EVP_SignUpdate(md_ctx, data, data_len); if (EVP_SignFinal (md_ctx, sigbuf, siglen, pkey)) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c xp_ssl.c
wez Thu Nov 27 12:40:16 2003 EDT Modified files: /php-src/ext/opensslopenssl.c xp_ssl.c Log: Port liveness and SSL CA validation from 4.3 branch. Make stream_select() work on ssl-enabled sockets again. Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.84 php-src/ext/openssl/openssl.c:1.85 --- php-src/ext/openssl/openssl.c:1.84 Mon Oct 13 07:43:11 2003 +++ php-src/ext/openssl/openssl.c Thu Nov 27 12:40:15 2003 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.84 2003/10/13 11:43:11 wez Exp $ */ +/* $Id: openssl.c,v 1.85 2003/11/27 17:40:15 wez Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -41,6 +41,7 @@ #include openssl/err.h #include openssl/conf.h #include openssl/rand.h +#include openssl/ssl.h #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 @@ -153,6 +154,7 @@ static int le_key; static int le_x509; static int le_csr; +static int ssl_stream_data_index; /* {{{ resource destructors */ static void php_pkey_free(zend_rsrc_list_entry *rsrc TSRMLS_DC) @@ -563,6 +565,10 @@ ERR_load_crypto_strings(); ERR_load_EVP_strings(); + /* register a resource id number with openSSL so that we can map SSL - stream structures in +* openSSL callbacks */ + ssl_stream_data_index = SSL_get_ex_new_index(0, PHP stream index, NULL, NULL, NULL); + /* purposes for cert purpose checking */ REGISTER_LONG_CONSTANT(X509_PURPOSE_SSL_CLIENT, X509_PURPOSE_SSL_CLIENT, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT(X509_PURPOSE_SSL_SERVER, X509_PURPOSE_SSL_SERVER, CONST_CS|CONST_PERSISTENT); @@ -3060,6 +3066,222 @@ } /* }}} */ +/* SSL verification functions */ + +#define GET_VER_OPT(name) (stream-context SUCCESS == php_stream_context_get_option(stream-context, ssl, name, val)) +#define GET_VER_OPT_STRING(name, str) if (GET_VER_OPT(name)) { convert_to_string_ex(val); str = Z_STRVAL_PP(val); } + +static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) +{ + php_stream *stream; + SSL *ssl; + X509 *err_cert; + int err, depth, ret; + zval **val; + TSRMLS_FETCH(); + + ret = preverify_ok; + + /* determine the status for the current cert */ + err_cert = X509_STORE_CTX_get_current_cert(ctx); + err = X509_STORE_CTX_get_error(ctx); + depth = X509_STORE_CTX_get_error_depth(ctx); + + /* conjure the stream context to use */ + ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); + stream = (php_stream*)SSL_get_ex_data(ssl, ssl_stream_data_index); + + /* if allow_self_signed is set, make sure that verification succeeds */ + if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT GET_VER_OPT(allow_self_signed) zval_is_true(*val)) { + ret = 1; + } + + /* check the depth */ + if (GET_VER_OPT(verify_depth)) { + convert_to_long_ex(val); + + if (depth Z_LVAL_PP(val)) { + ret = 0; + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_CHAIN_TOO_LONG); + } + } + + return ret; + +} + +int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer, php_stream *stream TSRMLS_DC) +{ + zval **val = NULL; + char *cnmatch = NULL; + X509_NAME *name; + char buf[1024]; + int err; + + /* verification is turned off */ + if (!(GET_VER_OPT(verify_peer) zval_is_true(*val))) { + return SUCCESS; + } + + if (peer == NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Could not get peer certificate); + return FAILURE; + } + + err = SSL_get_verify_result(ssl); + switch (err) { + case X509_V_OK: + /* fine */ + break; + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + if (GET_VER_OPT(allow_self_signed) zval_is_true(*val)) { + /* allowed */ + break; + } + /* not allowed, so fall through */ + default: + php_error_docref(NULL TSRMLS_CC, E_WARNING, Could not verify peer: code:%d %s, err, X509_verify_cert_error_string(err)); + return FAILURE; + } + + /* if the cert passed the usual checks, apply our own local policies now */ + + name = X509_get_subject_name(peer); + + /* Does the common name match ? (used primarily for https://) */ + GET_VER_OPT_STRING(CN_match, cnmatch); + if (cnmatch) { + int match = 0; + + X509_NAME_get_text_by_NID(name, NID_commonName, buf, sizeof(buf)); + + match =
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
wez Mon Oct 13 07:43:12 2003 EDT Modified files: /php-src/ext/opensslopenssl.c Log: Fix unintialized variable. Patch by Joe Orton. Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.83 php-src/ext/openssl/openssl.c:1.84 --- php-src/ext/openssl/openssl.c:1.83 Tue Sep 23 15:29:33 2003 +++ php-src/ext/openssl/openssl.c Mon Oct 13 07:43:11 2003 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.83 2003/09/23 19:29:33 sniper Exp $ */ +/* $Id: openssl.c,v 1.84 2003/10/13 11:43:11 wez Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1477,7 +1477,7 @@ long serial = 0L; X509 * cert = NULL, *new_cert = NULL; X509_REQ * csr; - EVP_PKEY * key = NULL, *priv_key; + EVP_PKEY * key = NULL, *priv_key = NULL; long csr_resource, certresource, keyresource; int i; struct php_x509_request req; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug25614.phpt
wez Tue Sep 23 12:05:51 2003 EDT Modified files: /php-src/ext/opensslopenssl.c /php-src/ext/openssl/tests bug25614.phpt Log: MFB 25614 fix Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.81 php-src/ext/openssl/openssl.c:1.82 --- php-src/ext/openssl/openssl.c:1.81 Sun Aug 31 16:45:42 2003 +++ php-src/ext/openssl/openssl.c Tue Sep 23 12:05:50 2003 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.81 2003/08/31 20:45:42 iliaa Exp $ */ +/* $Id: openssl.c,v 1.82 2003/09/23 16:05:50 wez Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1738,14 +1738,23 @@ cert = (X509*)what; free_cert = 0; } else if (type == le_key) { + int is_priv; + + is_priv = php_openssl_is_private_key((EVP_PKEY*)what TSRMLS_CC); + /* check whether it is actually a private key if requested */ - if (!public_key !php_openssl_is_private_key((EVP_PKEY*)what TSRMLS_CC)) { + if (!public_key !ispriv) { php_error_docref(NULL TSRMLS_CC, E_WARNING, supplied key param is a public key); return NULL; } - - /* got the key - return it */ - return (EVP_PKEY*)what; + + if (public_key is_priv) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Don't know how to get public key from this private key); + return NULL; + } else { + /* got the key - return it */ + return (EVP_PKEY*)what; + } } /* other types could be used here - eg: file pointers and read in the data from them */ Index: php-src/ext/openssl/tests/bug25614.phpt diff -u /dev/null php-src/ext/openssl/tests/bug25614.phpt:1.2 --- /dev/null Tue Sep 23 12:05:51 2003 +++ php-src/ext/openssl/tests/bug25614.phpt Tue Sep 23 12:05:51 2003 @@ -0,0 +1,11 @@ +--TEST-- +openssl: get public key from generated private key +--SKIPIF-- +?php if (!extension_loaded(openssl)) print skip; ? +--FILE-- +?php +$priv = openssl_pkey_new(); +$pub = openssl_pkey_get_public($priv); +? +--EXPECTF-- +Warning: openssl_pkey_get_public(): Don't know how to get public key from this private key (the documentation lied) %s -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
sr Sun Jul 13 05:54:40 2003 EDT Modified files: /php-src/ext/opensslopenssl.c Log: Allow setting of the serial number. Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.77 php-src/ext/openssl/openssl.c:1.78 --- php-src/ext/openssl/openssl.c:1.77 Sun Jul 13 05:38:31 2003 +++ php-src/ext/openssl/openssl.c Sun Jul 13 05:54:40 2003 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.77 2003/07/13 09:38:31 sr Exp $ */ +/* $Id: openssl.c,v 1.78 2003/07/13 09:54:40 sr Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1463,12 +1463,13 @@ } /* }}} */ -/* {{{ proto resource openssl_csr_sign(mixed csr, mixed x509, mixed priv_key, long days) +/* {{{ proto resource openssl_csr_sign(mixed csr, mixed x509, mixed priv_key, long days [, array config_args [, long serial]]) Signs a cert with another CERT */ PHP_FUNCTION(openssl_csr_sign) { zval * zcert = NULL, *zcsr, *zpkey, *args = NULL; long num_days; + long serial = 0L; X509 * cert = NULL, *new_cert = NULL; X509_REQ * csr; EVP_PKEY * key = NULL, *priv_key; @@ -1476,7 +1477,7 @@ int i; struct php_x509_request req; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zz!zl|a!, zcsr, zcert, zpkey, num_days, args) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zz!zl|a!l, zcsr, zcert, zpkey, num_days, args, serial) == FAILURE) return; RETVAL_FALSE; @@ -1535,8 +1536,7 @@ if (!X509_set_version(new_cert, 2)) goto cleanup; - /* TODO: Allow specifying */ - ASN1_INTEGER_set(X509_get_serialNumber(new_cert), 0L); + ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial); X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr)); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php