Reformatted to reflect codestyle. -- Regards, Arkadiusz Góralski: [EMAIL PROTECTED]
diff -uN --recursive php4/ext/openssl/openssl.c php4-new/ext/openssl/openssl.c --- php4/ext/openssl/openssl.c Fri Jul 12 23:46:34 2002 +++ php4-new/ext/openssl/openssl.c Wed Jul 24 10:39:38 2002 @@ -15,6 +15,8 @@ | Authors: Stig Venaas <[EMAIL PROTECTED]> | | Wez Furlong <[EMAIL PROTECTED]> | | Sascha Kettler <[EMAIL PROTECTED]> | + | Additional Programming: | + | Norbert Mocek <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ @@ -41,6 +43,10 @@ #include <openssl/conf.h> #include <openssl/rand.h> +#define FORMAT_UNDEF 0 +#define FORMAT_ASN1 1 +#define FORMAT_PEM 3 +#define FORMAT_SMIME 6 #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 @@ -88,8 +94,11 @@ PHP_FE(openssl_csr_export, arg2_force_ref) PHP_FE(openssl_csr_export_to_file, NULL) PHP_FE(openssl_csr_sign, NULL) + PHP_FE(openssl_csr_parse, NULL) + PHP_FE(openssl_csr_file_verify, NULL) + PHP_FE(openssl_csr_verify, NULL) + PHP_FE(openssl_csr_get_public, NULL) - PHP_FE(openssl_sign, arg2_force_ref) PHP_FE(openssl_verify, NULL) PHP_FE(openssl_seal, arg2and3_force_ref) @@ -547,6 +556,9 @@ REGISTER_LONG_CONSTANT("PKCS7_NOATTR", PKCS7_NOATTR, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("PKCS7_BINARY", PKCS7_BINARY, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("FORMAT_PEM", FORMAT_PEM, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("FORMAT_SMIME", FORMAT_SMIME, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("FORMAT_DER", FORMAT_ASN1, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, @@ -1582,6 +1594,239 @@ } /* }}} */ +/* {{{ proto bool openssl_csr_file_verify(string filename, long inform) + verifies the signature on the request in file*/ +PHP_FUNCTION(openssl_csr_file_verify) +{ + int x509=0; + BIO *in=NULL,*out=NULL; + EVP_PKEY *pkey=NULL; + int i, newreq=0; + int kludge=0; + int informat, verify=1, keyform=FORMAT_PEM; + char *infile; + long infile_len; + X509_REQ *req=NULL; + + RETVAL_LONG(-1); + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl", &infile, &infile_len, &informat) == FAILURE) { + return; + } + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) { + goto end; + } + + if (!newreq) { + /* Since we are using a pre-existing certificate + * request, the kludge 'format' info should not be + * changed. */ + kludge= -1; + if (infile == NULL) { + BIO_set_fp(in, stdin, BIO_NOCLOSE); + } else { + if (BIO_read_filename(in, infile) <= 0) { + perror(infile); + goto end; + } + } + + if (informat == FORMAT_ASN1) { + req=d2i_X509_REQ_bio(in, NULL); + } else if (informat == FORMAT_PEM) { + req=PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); + } else { + zend_error(E_WARNING, "bad input format specified for X509 request\n"); + RETVAL_LONG(-1); + goto end; + } + + if (req == NULL) { + zend_error(E_WARNING, "unable to load X509 request\n"); + RETVAL_LONG(-1); + goto end; + } + } + + if (verify && !x509) { + int tmp=0; + + if (pkey == NULL) { + pkey=X509_REQ_get_pubkey(req); + tmp=1; + if (pkey == NULL) { + goto end; + } + } + + i=X509_REQ_verify(req, pkey); + if (tmp) { + EVP_PKEY_free(pkey); + pkey=NULL; + } + if (i < 0) { + goto end; + } else if (i == 0) { + zend_error(E_WARNING, "verify failure\n"); + RETVAL_LONG(-1); + } else { + RETVAL_TRUE; + } + } + +end: + EVP_PKEY_free(pkey); + X509_REQ_free(req); +} +/* }}} */ + +/* {{{ proto bool openssl_csr_verify(mixed csr) + verifies the signature on the request*/ +PHP_FUNCTION(openssl_csr_verify) +{ + int x509=0; + zval * zcsr; + BIO *in=NULL,*out=NULL; + EVP_PKEY *pkey=NULL; + int i, newreq=0; + int kludge=0; + int informat, verify=1, keyform=FORMAT_PEM; + char *infile; + long infile_len; + X509_REQ *req=NULL; + long csr_resource = -1; + char *bio_mem_ptr; + long bio_mem_len; + + RETVAL_LONG(-1); + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &zcsr) == FAILURE) { + return; + } + + req = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC); + if (req == NULL) { + zend_error(E_WARNING, "cannot get CSR from parameter 1"); + return; + } + + if (verify && !x509) { + int tmp=0; + + if (pkey == NULL) { + pkey=X509_REQ_get_pubkey(req); + tmp=1; + if (pkey == NULL) { + goto end; + } + } + + i=X509_REQ_verify(req, pkey); + if (tmp) { + EVP_PKEY_free(pkey); + pkey=NULL; + } + + if (i < 0) { + goto end; + } else if (i == 0) { + zend_error(E_WARNING, "verify failure\n"); + RETVAL_LONG(-1); + } else { + RETVAL_TRUE; + } + +end: + RETVAL_TRUE; + } +} +/* }}} */ + +/* {{{ proto array openssl_csr_parse(mixed csr [, bool shortnames=true]) + Returns an array of the fields/values of the csr */ +PHP_FUNCTION(openssl_csr_parse) +{ + zval * zreq; + X509_REQ *req=NULL; + long reqresource = -1; + zend_bool useshortnames = 1; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|b", &zreq, &useshortnames) == FAILURE) { + return; + } + + req = php_openssl_csr_from_zval(&zreq, 0, &reqresource TSRMLS_CC); + if (req == NULL) { + RETURN_FALSE; + } + array_init(return_value); + + add_assoc_long(return_value, "version", X509_REQ_get_version(req)); + add_assoc_name_entry(return_value, "subject", X509_REQ_get_subject_name(req), useshortnames TSRMLS_CC); + + if (reqresource == -1 && req) { + X509_REQ_free(req); + } +} +/* }}} */ + +/* {{{ proto bool openssl_csr_get_public(mixed csr, mixed publickey) + Gets public key from csr*/ +PHP_FUNCTION(openssl_csr_get_public) +{ + zval *zcsr, *zpublickey; + EVP_PKEY *pkey; + X509_REQ *req=NULL; + long csr_resource = -1; + unsigned char *publickeybuf = 0; + long publickeylen = -1; + char* publickey= 0; + + RETVAL_LONG(-1); + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &zcsr, &zpublickey) == FAILURE) { + return; + } + + req = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC); + if (req == NULL) { + zend_error(E_WARNING, "cannot get CSR from parameter 1"); + return; + } + + pkey=X509_REQ_get_pubkey(req); + + if (pkey == NULL) { + zend_error(E_WARNING, "cannot get public key from csr"); + RETURN_FALSE; + } + + { + BIO * oid_bio = BIO_new(BIO_s_mem()); + char *bio_mem_ptr; + long bio_mem_len; + + PEM_write_bio_PUBKEY(oid_bio, pkey); + + bio_mem_len = BIO_get_mem_data(oid_bio, &bio_mem_ptr); + zval_dtor(zpublickey); + ZVAL_STRINGL(zpublickey, bio_mem_ptr, bio_mem_len, 1); + + if (oid_bio) { + BIO_free(oid_bio); + } + } + + if (pkey) { + EVP_PKEY_free(pkey); + } + RETVAL_TRUE; +} +/* }}} */ + /* }}} */ /* {{{ EVP Public/Private key functions */ @@ -1951,11 +2196,14 @@ char * filename; long filename_len; char * extracerts = NULL; long extracerts_len; char * signersfilename = NULL; long signersfilename_len; + char *contfile=NULL; long contfile_len; + int informat = FORMAT_SMIME; RETVAL_LONG(-1); - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sas", &filename, &filename_len, - &flags, &signersfilename, &signersfilename_len, &cainfo, + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sll|ssas", &filename, + &filename_len, &informat, &flags, &contfile, &contfile_len, + &signersfilename, &signersfilename_len, &cainfo, &extracerts, &extracerts_len) == FAILURE) return; @@ -1975,7 +2223,18 @@ in = BIO_new_file(filename, (flags & PKCS7_BINARY) ? "rb" : "r"); if (in == NULL) goto clean_exit; - p7 = SMIME_read_PKCS7(in, &datain); + + if (informat == FORMAT_SMIME) { + p7 = SMIME_read_PKCS7(in, &datain); + } else if (informat == FORMAT_PEM) { + p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); + } else if (informat == FORMAT_ASN1) { + p7 = d2i_PKCS7_bio(in, NULL); + } else { + zend_error(E_WARNING, "Bad input format for PKCS#7 file\n"); + RETVAL_LONG(-1); + goto clean_exit; + } if (p7 == NULL) { #if DEBUG_SMIME zend_printf("SMIME_read_PKCS7 failed\n"); @@ -1986,7 +2245,16 @@ zend_printf("Calling PKCS7 verify\n"); #endif - if (PKCS7_verify(p7, others, store, datain, NULL, flags)) { + if (contfile_len > 0 && contfile) { + BIO_free(datain); + if (!(datain = BIO_new_file(contfile, "rb"))) { + zend_error(E_WARNING, "Can't read content file %s\n", contfile); + RETVAL_LONG(-1); + goto clean_exit; + } + } + + if (PKCS7_verify(p7, others, store, datain, NULL, flags)) { RETVAL_TRUE; @@ -2353,7 +2621,7 @@ zval_dtor(crypted); cryptedbuf[cryptedlen] = '\0'; ZVAL_STRINGL(crypted, cryptedbuf, cryptedlen, 0); - cryptedbuf = NULL; + /* cryptedbuf = NULL; */ RETVAL_TRUE; } if (cryptedbuf) diff -uN --recursive php4/ext/openssl/php_openssl.h php4-new/ext/openssl/php_openssl.h --- php4/ext/openssl/php_openssl.h Tue Dec 11 16:30:02 2001 +++ php4-new/ext/openssl/php_openssl.h Wed Jul 24 10:30:32 2002 @@ -14,6 +14,8 @@ +----------------------------------------------------------------------+ | Authors: Stig Venaas <[EMAIL PROTECTED]> | | Wez Furlong <[EMAIL PROTECTED] | + | Additional Programming: | + | Norbert Mocek <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ @@ -64,6 +66,10 @@ PHP_FUNCTION(openssl_csr_export); PHP_FUNCTION(openssl_csr_export_to_file); PHP_FUNCTION(openssl_csr_sign); +PHP_FUNCTION(openssl_csr_file_verify); +PHP_FUNCTION(openssl_csr_verify); +PHP_FUNCTION(openssl_csr_parse); +PHP_FUNCTION(openssl_csr_get_public); #else
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php