Re: [PHP-DEV] openssl_pkcs7_verify - save verified data [PATCH]

Wez Furlong Thu, 16 Jun 2005 08:56:38 -0700

OK; can you make sure that the patch applies to HEAD, and then attach
it as a text attachment in an email and/or upload it to a www server,
and I'll apply it.


Thanks,

--Wez.

On 6/16/05, Marton Kenyeres <[EMAIL PROTECTED]> wrote:
> Wez Furlong wrote:
> > What's the difference between the data you save and the data that's
> > read in?  In other words, how is this different from copying the file
> > from one place to another; why would you use it?
> >
> > --Wez.
> 
> The data you read in is a signed message (which can be in several
> formats), that is some data _plus_ some signature. The data saved is
> only the raw data without the signature. The data itself can be any
> random binary string when using PKCS7_BINARY flag. We use it to transfer
> zip files between a ASP script and PHP.
> 
> m.
> 
> > On 6/16/05, Marton Kenyeres <[EMAIL PROTECTED]> wrote:
> >
> >>Hi!
> >>
> >>Dunno, if this is the right place to ask, but I give it a try anyway. If
> >>I'm misguided, please feel free to point me in the right direction!
> >>
> >>Attached is a patch which adds a 6th option to openssl_pkcs7_verify,
> >>which should be a string and point to a file where the contents of the
> >>signed message should be saved.
> >>
> >>[I believe this patch also fixes a minor safe-mode related bug]
> >>
> >>I've tried this on FreeBSD 4.11 / php-5.0.4 / OpenSSL 0.9.7d , so the
> >>patch is against openssl.c,v 1.89.2.6 , but should apply against HEAD also.
> >>
> >>This seems to work correctly with messages created with openssl and
> >>CAPICOM (The M$ PKI library.)
> >>
> >>Cheers,
> >>
> >>m.
> >>
> >>
> >>
> >>--- ext/openssl/openssl.c.orig  Tue Mar 15 01:29:36 2005
> >>+++ ext/openssl/openssl.c       Thu Jun 16 14:01:07 2005
> >>@@ -2152,7 +2152,7 @@
> >>
> >> /* {{{ PKCS7 S/MIME functions */
> >>
> >>-/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, 
> >>string signerscerts [, array cainfo [, string extracerts]]])
> >>+/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, 
> >>string signerscerts [, array cainfo [, string extracerts [, string 
> >>content]]]])
> >>    Verifys that the data block is intact, the signer is who they say they 
> >> are, and returns the CERTs of the signers */
> >> PHP_FUNCTION(openssl_pkcs7_verify)
> >> {
> >>@@ -2161,17 +2161,18 @@
> >>        STACK_OF(X509) *signers= NULL;
> >>        STACK_OF(X509) *others = NULL;
> >>        PKCS7 * p7 = NULL;
> >>-       BIO * in = NULL, * datain = NULL;
> >>+       BIO * in = NULL, * datain = NULL, * dataout = NULL;
> >>        long flags = 0;
> >>        char * filename; int filename_len;
> >>        char * extracerts = NULL; int extracerts_len;
> >>        char * signersfilename = NULL; int signersfilename_len;
> >>+       char * datafilename = NULL; int datafilename_len;
> >>
> >>        RETVAL_LONG(-1);
> >>
> >>-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sas", 
> >>&filename, &filename_len,
> >>+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sass", 
> >>&filename, &filename_len,
> >>                                &flags, &signersfilename, 
> >> &signersfilename_len, &cainfo,
> >>-                               &extracerts, &extracerts_len) == FAILURE) {
> >>+                               &extracerts, &extracerts_len, 
> >>&datafilename, &datafilename_len) == FAILURE) {
> >>                return;
> >>        }
> >>
> >>@@ -2204,18 +2205,30 @@
> >> #endif
> >>                goto clean_exit;
> >>        }
> >>+
> >>+       if (datafilename) {
> >>+
> >>+               if (php_openssl_safe_mode_chk(datafilename TSRMLS_CC)) {
> >>+                       goto clean_exit;
> >>+               }
> >>+
> >>+               dataout = BIO_new_file(datafilename, "w");
> >>+               if (dataout == NULL) {
> >>+                       goto clean_exit;
> >>+               }
> >>+       }
> >> #if DEBUG_SMIME
> >>        zend_printf("Calling PKCS7 verify\n");
> >> #endif
> >>
> >>-       if (PKCS7_verify(p7, others, store, datain, NULL, flags)) {
> >>+       if (PKCS7_verify(p7, others, store, datain, dataout, flags)) {
> >>
> >>                RETVAL_TRUE;
> >>
> >>                if (signersfilename) {
> >>                        BIO *certout;
> >>
> >>-                       if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
> >>+                       if (php_openssl_safe_mode_chk(signersfilename 
> >>TSRMLS_CC)) {
> >>                                goto clean_exit;
> >>                        }
> >>
> >>@@ -2242,6 +2255,7 @@
> >>        X509_STORE_free(store);
> >>        BIO_free(datain);
> >>        BIO_free(in);
> >>+       BIO_free(dataout);
> >>        PKCS7_free(p7);
> >>        sk_X509_free(others);
> >> }
> >>
> >>
> >>
> >>--
> >>PHP Internals - PHP Runtime Development Mailing List
> >>To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >
> >
> 
>

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] openssl_pkcs7_verify - save verified data [PATCH]

Reply via email to