php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #38917
Patch spki.patch revision 2011-12-22 10:41 UTC by jason dot gerfen at gmail dot com
revision 2011-12-21 20:31 UTC by jason dot gerfen at gmail dot com
revision 2011-12-21 16:09 UTC by jason dot gerfen at gmail dot com
revision 2011-12-21 03:48 UTC by jason dot gerfen at gmail dot com
revision 2011-12-21 03:26 UTC by jason dot gerfen at gmail dot com
revision 2011-12-19 17:58 UTC by jason dot gerfen at gmail dot com
revision 2011-12-19 17:53 UTC by jason dot gerfen at gmail dot com
revision 2011-12-19 14:36 UTC by jason dot gerfen at gmail dot com
revision 2011-12-14 11:38 UTC by jason dot gerfen at gmail dot com
revision 2011-12-13 16:55 UTC by jason dot gerfen at gmail dot com
revision 2011-12-08 10:57 UTC by jason dot gerfen at gmail dot com
revision 2011-12-06 21:02 UTC by jason dot gerfen at gmail dot com
revision 2011-12-06 11:35 UTC by jason dot gerfen at gmail dot com
revision 2011-12-06 11:29 UTC by jason dot gerfen at gmail dot com

Patch spki.patch for OpenSSL related Bug #38917

Patch version 2011-12-14 11:38 UTC

Return to Bug #38917 | Download this patch
Patch Revisions: 2011-12-22 10:41 UTC | 2011-12-21 20:31 UTC | 2011-12-21 16:09 UTC | 2011-12-21 03:48 UTC | 2011-12-21 03:26 UTC | 2011-12-19 17:58 UTC | 2011-12-19 17:53 UTC | 2011-12-19 14:36 UTC | 2011-12-14 11:38 UTC | 2011-12-13 16:55 UTC | 2011-12-08 10:57 UTC | 2011-12-06 21:02 UTC | 2011-12-06 11:35 UTC | 2011-12-06 11:29 UTC

Developer: jason.gerfen@gmail.com


 --- php-5.3.8/ext/openssl/openssl.c 
 +++ php-5.3.8/ext/openssl/openssl.c 
 @@ -372,11 +372,35 @@
 --- php-5.3.8/ext/openssl/openssl.c	2011-07-25 05:42:53.000000000 -0600
 +++ php-5.3.8/ext/openssl/openssl.c	2011-12-14 03:44:24.540000961 -0700
 @@ -372,11 +372,39 @@
       ZEND_ARG_INFO(0, length)
       ZEND_ARG_INFO(1, result_is_strong)
   ZEND_END_ARG_INFO()
  +
  +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_spki_new, 0, 0, 0)
  +    ZEND_ARG_INFO(0, privkey)
  +    ZEND_ARG_INFO(0, password)
 +    ZEND_ARG_INFO(0, spki_hash)
  +ZEND_END_ARG_INFO()
  +
  +ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_verify, 0)
  +    ZEND_ARG_INFO(0, spki)
  +ZEND_END_ARG_INFO()
  +
  +ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_export, 0)
 +    ZEND_ARG_INFO(0, spki)
 +ZEND_END_ARG_INFO()
 +
 +ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_export_challenge, 0)
  +    ZEND_ARG_INFO(0, spki)
  +ZEND_END_ARG_INFO()
  +
  +ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_details, 0)


  +/* spki functions */
  +	PHP_FE(openssl_spki_new, 		arginfo_openssl_spki_new)
  +	PHP_FE(openssl_spki_verify,		arginfo_openssl_spki_verify)
  +	PHP_FE(openssl_spki_export,		arginfo_openssl_spki_export)
 + PHP_FE(openssl_spki_export_challenge,		arginfo_openssl_spki_export_challenge)
  + PHP_FE(openssl_spki_details,		arginfo_openssl_spki_details)
  +
   /* public/private key functions */
   	PHP_FE(openssl_pkey_free,			arginfo_openssl_pkey_free)
   	PHP_FE(openssl_pkey_new,			arginfo_openssl_pkey_new)
 @@ -1252,6 +1276,190 @@
 @@ -1252,6 +1280,273 @@
   }
   /* }}} */
   
 +/* {{{ proto string openssl_spki_new(mixed priv_key, string password)
 +/* {{{ proto string openssl_spki_new(mixed zpkey, string password)
  +   Creates new private key (or uses existing) and creates a new spki cert
  +   outputting results to var */
  +PHP_FUNCTION(openssl_spki_new)
  +{


  + char * password, * spkstr;
  + long keyresource = -1;
  + const char *spkac = "SPKAC=";
  +
 + zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|s", &zpkey, &password, &zout);
 +
 + pkey = php_openssl_evp_from_zval(&zpkey, 0, password, 1, &keyresource TSRMLS_CC);
 +
 + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|s", &zpkey, &password, &zout) == FAILURE) {
 +  return;
 + }
 + RETVAL_FALSE;
 +
 + pkey = php_openssl_evp_from_zval(&zpkey, 0, password, 1, &keyresource TSRMLS_CC);
 +
  + if (pkey == NULL) {
 +  goto cleanup;
 + }
 +  goto cleanup;
 + }
  +
  + if ((spki = NETSCAPE_SPKI_new()) == NULL) {
  +  goto cleanup;
 + }
 + }
  +
  + if (password) {
  +  ASN1_STRING_set(spki->spkac->challenge, password, (int)strlen(password));
 + }
 +
 + }
 +
  + if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) {
 +  goto cleanup;
 + }
 +
 +  goto cleanup;
 + }
 +
  + if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_md5())) {
  +  goto cleanup;
  + }
  +
  + spkstr = NETSCAPE_SPKI_b64_encode(spki);
  +
 + char * s = malloc(snprintf(NULL, 0, "%s%s", spkac, spkstr));
 + char * s = malloc(snprintf(NULL, 0, "%s%s", spkac, spkstr)+1);
  + sprintf(s, "%s%s", spkac, spkstr);
 +
 + if (strlen(s)>0) {
 +  RETVAL_STRINGL(s, strlen(s), 0);
 + } else {
 +  RETURN_FALSE;
 + }
 +
 + if (strlen(s)<=0) {
 +  goto cleanup;
 + }
 + RETURN_STRING(s, 1);
  +
  +cleanup:
 + if (keyresource == -1 && pkey) {
 + if (keyresource == -1 && spki) {
  +  NETSCAPE_SPKI_free(spki);
 +  EVP_PKEY_free(pkey);
 + }
 + if (spkstr) {
 +  OPENSSL_free(spkstr);
  + }
 +}
 +/* }}} */
 +
 + if (keyresource == -1 && pkey) {
 +  EVP_PKEY_free(pkey);
 + }
 + if (keyresource == -1 && s) {
 +  free(s);
 + }
 + RETURN_NULL();
 +}
 +/* }}} */
 +
  +/* {{{ proto bool openssl_spki_verify(string spki)
  +   Verifies spki returns boolean */
  +PHP_FUNCTION(openssl_spki_verify)
  +{
  + int spkstr_len, i, x=0;
  + char *spkstr = NULL;
 + EVP_PKEY *pkey = NULL;
 + NETSCAPE_SPKI *spki = NULL;
 +
 + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
 +  php_error_docref(NULL TSRMLS_CC, E_WARNING, "missing argument 1");
 +  goto cleanup;
 + }
 +
 + if (!spkstr) {
 +  goto cleanup;
 + }
 +
 + spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
 + if (!spki) {
 +  goto cleanup;
 + }
 +
 + pkey = NETSCAPE_SPKI_get_pubkey(spki);
 + if (pkey == NULL) {
 + EVP_PKEY *pkey = NULL;
 + NETSCAPE_SPKI *spki = NULL;
 +
 + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
 +  return;
 + }
 +
 + if (!spkstr) {
 +  goto cleanup;
 + }
 +
 + char * spkstr_cleaned = malloc(strlen(spkstr));
 + openssl_spki_cleanup(spkstr, spkstr_cleaned);
 +
 + spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
 + if (!spki) {
 +  goto cleanup;
 + }
 +
 + pkey = X509_PUBKEY_get(spki->spkac->pubkey);
 + if (pkey == NULL) {
  +  goto cleanup;
  + }
  +
  + i = NETSCAPE_SPKI_verify(spki, pkey);


  +PHP_FUNCTION(openssl_spki_export)
  +{
  + int spkstr_len;
  + EVP_PKEY *pkey = NULL;
 + NETSCAPE_SPKI *spki = NULL;
 + BIO *out = BIO_new_fp(stdout, BIO_CLOSE);
 + char *spkstr;
 +
 + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
 +  php_error_docref(NULL TSRMLS_CC, E_WARNING, "missing argument 1");
 +  goto cleanup;
 + }
 +
 + if (!spkstr) {
 +  goto cleanup;
 + }
 +
 + spki = NETSCAPE_SPKI_b64_decode(spkstr, strlen(spkstr));
 + if (!spki) {
 +  goto cleanup;
 + }
 +
 + pkey = NETSCAPE_SPKI_get_pubkey(spki);
 + if (!pkey) {
 +  goto cleanup;
 + }
 + NETSCAPE_SPKI *spki = NULL;
 + BIO *out = BIO_new(BIO_s_mem());
 + BUF_MEM *bio_buf;
 + char *spkstr;
 +
 + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
 +  goto cleanup;
 + }
 +
 + if (!spkstr) {
 +  goto cleanup;
 + }
 +
 + char * spkstr_cleaned = malloc(strlen(spkstr));
 + openssl_spki_cleanup(spkstr, spkstr_cleaned);
 +
 + spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
 + if (!spki) {
 +  goto cleanup;
 + }
 +
 + pkey = X509_PUBKEY_get(spki->spkac->pubkey);
 + if (!pkey) {
 +  goto cleanup;
 + }
  +
  + PEM_write_bio_PUBKEY(out, pkey);
 +
 +cleanup:
 + if (spki) {
 +  NETSCAPE_SPKI_free(spki);
 + BIO_get_mem_ptr(out, &bio_buf);
 +
 + if ((!bio_buf->data)&&(bio_buf->length<=0)) {
 +  goto cleanup;
 + }
 +
 + char * s = malloc(bio_buf->length);
 + BIO_read(out, s, bio_buf->length);
 + RETURN_STRING(s, 1);
 +
 +cleanup:
 + if (spki) {
 +  NETSCAPE_SPKI_free(spki);
  + }
  + if (out) {
  +  BIO_free_all(out);
  + }
  + if (pkey) {
  +  EVP_PKEY_free(pkey);
 + }
 +}
 +/* }}} */
 +
 +/* {{{ proto string openssl_spki_export_challenge(string spki)
 +   Exports spkac challenge from existing spki to var */
 +PHP_FUNCTION(openssl_spki_export_challenge)
 +{
 + int spkstr_len;
 + NETSCAPE_SPKI *spki = NULL;
 + char *spkstr;
 +
 + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
 +  goto cleanup;
 + }
 +
 + if (!spkstr) {
 +  goto cleanup;
 + }
 +
 + char * spkstr_cleaned = malloc(strlen(spkstr));
 + openssl_spki_cleanup(spkstr, spkstr_cleaned);
 +
 + spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
 + if (!spki) {
 +  goto cleanup;
 + }
 +
 + RETURN_STRING(ASN1_STRING_data(spki->spkac->challenge), 1);
 +
 +cleanup:
 + if (spki) {
 +  NETSCAPE_SPKI_free(spki);
  + }
  +}
  +/* }}} */
  +
  +/* {{{ proto string openssl_spki_details(string spki)
  +   Provides details from existing spki to var */
  +PHP_FUNCTION(openssl_spki_details)
  +{
 + BUF_MEM *buf;
  + int spkstr_len;
  + NETSCAPE_SPKI *spki = NULL;
 + BIO *out = BIO_new_fp(stdout, BIO_NOCLOSE);
 + BIO *out = BIO_new(BIO_s_mem());
 + BUF_MEM *bio_buf;
 + zval *zout;
  + char *spkstr;
  +
  + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
 +  php_error_docref(NULL TSRMLS_CC, E_WARNING, "missing argument 1");
 +  goto cleanup;
 + }
 +
 +  return;
 + }
 + RETVAL_FALSE;
 +
  + if (!spkstr) {
 +  goto cleanup;
 +  goto cleanup;
  + }
  +
 + spki = NETSCAPE_SPKI_b64_decode(spkstr, strlen(spkstr));
 + char * spkstr_cleaned = malloc(strlen(spkstr));
 + openssl_spki_cleanup(spkstr, spkstr_cleaned);
 +
 + spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
  + if (!spki) {
 +  goto cleanup;
 + }
 +
 + NETSCAPE_SPKI_print(out, spki);
 +
 +  goto cleanup;
 + }
 +
 + NETSCAPE_SPKI_print(out, spki);
 + BIO_get_mem_ptr(out, &bio_buf);
 +
 + if ((!bio_buf->data)&&(bio_buf->length<=0)) {
 +  goto cleanup;
 + }
 +
 + char * s = malloc(bio_buf->length);
 + BIO_read(out, s, bio_buf->length);
 + RETURN_STRING(s, 1);
 +
  +cleanup:
  + if (spki) {
  +  NETSCAPE_SPKI_free(spki);
  + }
 + if (out) {
 +  BIO_free_all(out);
 + }
 + BIO_free_all(out);
 +}
 +/* }}} */
 +
 +/* {{{ proto int openssl_spki_cleanup(const char *src, char *results)
 +  This will help remove new line chars in the SPKAC sent from the
 +  browser */
 +int openssl_spki_cleanup(const char *src, char *dest)
 +{
 +    int removed=0;
 +
 +    while (*src) {
 +        if (*src!='\n'&&*src!='\r') {
 +            *dest++=*src;
 +        } else {
 +            ++removed;
 +        }
 +        ++src;
 +    }
 +    *dest=0;
 +    return removed;
  +}
  +/* }}} */
  +
   /* {{{ proto bool openssl_x509_export(mixed x509, string &out [, bool notext = true])
      Exports a CERT to file or a var */
   PHP_FUNCTION(openssl_x509_export)
 
 --- php-5.3.8/ext/openssl/php_openssl.h 
 +++ php-5.3.8/ext/openssl/php_openssl.h 
 @@ -74,6 +74,11 @@
 --- php-5.3.8/ext/openssl/php_openssl.h	2010-12-31 19:19:59.000000000 -0700
 +++ php-5.3.8/ext/openssl/php_openssl.h	2011-12-13 21:31:11.107957324 -0700
 @@ -74,6 +74,12 @@
   PHP_FUNCTION(openssl_csr_sign);
   PHP_FUNCTION(openssl_csr_get_subject);
   PHP_FUNCTION(openssl_csr_get_public_key);
  +
  +PHP_FUNCTION(openssl_spki_new);
  +PHP_FUNCTION(openssl_spki_verify);
  +PHP_FUNCTION(openssl_spki_export);
 +PHP_FUNCTION(openssl_spki_export_challenge);
  +PHP_FUNCTION(openssl_spki_details);
   #else
   
   #define phpext_openssl_ptr NULL
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 15:01:29 2024 UTC