php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #38917
Patch spki.patch revision 2011-12-22 10:41 UTC by jason dot gerfen at gmail dot com
revision 2011-12-21 20:31 UTC by jason dot gerfen at gmail dot com
revision 2011-12-21 16:09 UTC by jason dot gerfen at gmail dot com
revision 2011-12-21 03:48 UTC by jason dot gerfen at gmail dot com
revision 2011-12-21 03:26 UTC by jason dot gerfen at gmail dot com
revision 2011-12-19 17:58 UTC by jason dot gerfen at gmail dot com
revision 2011-12-19 17:53 UTC by jason dot gerfen at gmail dot com
revision 2011-12-19 14:36 UTC by jason dot gerfen at gmail dot com
revision 2011-12-14 11:38 UTC by jason dot gerfen at gmail dot com
revision 2011-12-13 16:55 UTC by jason dot gerfen at gmail dot com
revision 2011-12-08 10:57 UTC by jason dot gerfen at gmail dot com
revision 2011-12-06 21:02 UTC by jason dot gerfen at gmail dot com
revision 2011-12-06 11:35 UTC by jason dot gerfen at gmail dot com
revision 2011-12-06 11:29 UTC by jason dot gerfen at gmail dot com

Patch spki.patch for OpenSSL related Bug #38917

Patch version 2011-12-22 10:41 UTC

Return to Bug #38917 | Download this patch
Patch Revisions: 2011-12-22 10:41 UTC | 2011-12-21 20:31 UTC | 2011-12-21 16:09 UTC | 2011-12-21 03:48 UTC | 2011-12-21 03:26 UTC | 2011-12-19 17:58 UTC | 2011-12-19 17:53 UTC | 2011-12-19 14:36 UTC | 2011-12-14 11:38 UTC | 2011-12-13 16:55 UTC | 2011-12-08 10:57 UTC | 2011-12-06 21:02 UTC | 2011-12-06 11:35 UTC | 2011-12-06 11:29 UTC

Developer: jason.gerfen@gmail.com


 --- php-5.3.8/ext/openssl/openssl.c	2011-07-25 05:42:53.000000000 -0600
 +++ php-5.3.8/ext/openssl/openssl.c	2011-12-17 20:02:34.740053638 -0700
 @@ -372,11 +372,48 @@
 --- php-5.3.8/ext/openssl/openssl.c 2011-07-25 05:42:53.000000000 -0600
 +++ php-5.3.8/ext/openssl/openssl.c 2011-12-21 09:15:38.000000000 -0700
 @@ -372,11 +372,40 @@
       ZEND_ARG_INFO(0, length)
       ZEND_ARG_INFO(1, result_is_strong)
   ZEND_END_ARG_INFO()
  +
Line 20 (now 20), was 15 lines, now 8 lines

  +ZEND_END_ARG_INFO()
  +
  +ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_export_challenge, 0)
  +    ZEND_ARG_INFO(0, spki)
 +ZEND_END_ARG_INFO()
 +
 +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_spki_export_cert, 0, 0, 2)
 +    ZEND_ARG_INFO(0, cert)
 +    ZEND_ARG_INFO(0, spkistr)
 +    ZEND_ARG_INFO(0, dn) /* array */
 +    ZEND_ARG_INFO(0, configargs)
  +ZEND_END_ARG_INFO()
  +
  +ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_details, 0)
  +    ZEND_ARG_INFO(0, spki)
Line 38 (now 31), was 19 lines, now 18 lines

   /* {{{ openssl_functions[]
    */
   const zend_function_entry openssl_functions[] = {
  +/* spki functions */
 +	PHP_FE(openssl_spki_new, 		arginfo_openssl_spki_new)
 +	PHP_FE(openssl_spki_verify,		arginfo_openssl_spki_verify)
 +	PHP_FE(openssl_spki_export,		arginfo_openssl_spki_export)
 + PHP_FE(openssl_spki_export_challenge,		arginfo_openssl_spki_export_challenge)
 + PHP_FE(openssl_spki_export_cert,		arginfo_openssl_spki_export_cert)
 + PHP_FE(openssl_spki_details,		arginfo_openssl_spki_details)
 +	PHP_FE(openssl_spki_new, arginfo_openssl_spki_new)
 +	PHP_FE(openssl_spki_verify, arginfo_openssl_spki_verify)
 +	PHP_FE(openssl_spki_export, arginfo_openssl_spki_export)
 + PHP_FE(openssl_spki_export_challenge, arginfo_openssl_spki_export_challenge)
 + PHP_FE(openssl_spki_details,	arginfo_openssl_spki_details)
  +
   /* public/private key functions */
   	PHP_FE(openssl_pkey_free,			arginfo_openssl_pkey_free)
   	PHP_FE(openssl_pkey_new,			arginfo_openssl_pkey_new)
 @@ -1252,6 +1289,348 @@
 @@ -1252,6 +1281,291 @@
   }
   /* }}} */
   
  +/* {{{ proto string openssl_spki_new(mixed zpkey, string challenge [, string algo='sha256'])
Line 262 (now 254), was 65 lines, now 8 lines

  +  goto cleanup;
  + }
  +
  + RETURN_STRING(ASN1_STRING_data(spki->spkac->challenge), 1);
 +
 +cleanup:
 + if (spki) {
 +  NETSCAPE_SPKI_free(spki);
 + }
 +}
 +/* }}} */
 +
 +/* {{{ proto bool openssl_spki_export_cert(mixed zpkey, string spkac, array dn [, array configargs])
 +   Generates a CSR from SPKAC */
 +PHP_FUNCTION(openssl_spki_export_cert)
 +{
 + int spkistr_len;
 + char *spkistr = NULL;
 + long keyresource = -1;
 + zval * zpkey = NULL;
 + zval * args = NULL, * dn, ** zcert;
 + ASN1_UTCTIME *tm,*tmptm;
 +	ASN1_STRING *str,*str2;
 +	ASN1_OBJECT *obj; X509 *ret=NULL;
 + X509_NAME *n;
 + X509_REQ * csr = NULL;
 +	X509_CINF *ci;
 +	X509_NAME_ENTRY *ne;
 +	X509_NAME_ENTRY *tne,*push;
 + X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL;
 +	EVP_PKEY *pktmp, *pkey;
 + NETSCAPE_SPKI *spki = NULL;
 +
 + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rsa|a", &zpkey, &spkistr, &spkistr_len, &dn, &args) == FAILURE) {
 +		return;
 +	}
 +	RETVAL_FALSE;
 +
 + if (!spkistr) {
 +  goto cleanup;
 + }
 +
 + char * spkistr_cleaned = malloc(strlen(spkistr));
 + openssl_spki_cleanup(spkistr, spkistr_cleaned);
 +
 + spki = NETSCAPE_SPKI_b64_decode(spkistr_cleaned, strlen(spkistr_cleaned));
 + if (!spki) {
 +  goto cleanup;
 + }
 +
 + pktmp = X509_PUBKEY_get(spki->spkac->pubkey);
 + if (!pktmp) {
 +  goto cleanup;
 + }
 +
 + pkey = php_openssl_evp_from_zval(&zpkey, 0, ASN1_STRING_data(spki->spkac->challenge), 1, &keyresource TSRMLS_CC);
 + if (pkey == NULL) {
 +  goto cleanup;
 + }
 +
 + tmptm=ASN1_UTCTIME_new();
  +
  +cleanup:
  + if (spki) {
  +  NETSCAPE_SPKI_free(spki);
Line 397 (now 332), was 41 lines, now 26 lines

  +
   /* {{{ proto bool openssl_x509_export(mixed x509, string &out [, bool notext = true])
      Exports a CERT to file or a var */
   PHP_FUNCTION(openssl_x509_export)
 @@ -2056,6 +2435,13 @@
  			if (strindex) {
  				int nid;
  
 +    if (strcmp(strindex, "SPKAC") == 0) {
 +     if (!X509_NAME_add_entry_by_txt(subj, strindex, MBSTRING_ASC, (unsigned char*)Z_STRVAL_PP(item), -1, -1, 0)){
 +      php_error_docref(NULL TSRMLS_CC, E_WARNING, "dn: add_entry_by_txt %s (failed)", strindex);
 +      return FAILURE;
 +     }
 +    }
 +
  				nid = OBJ_txt2nid(strindex);
  				if (nid != NID_undef) {
  					if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_ASC, 
  --- php-5.3.8/ext/openssl/php_openssl.h	2010-12-31 19:19:59.000000000 -0700
 +++ php-5.3.8/ext/openssl/php_openssl.h	2011-12-15 18:08:39.482574322 -0700
 @@ -74,6 +74,13 @@
 +++ php-5.3.8/ext/openssl/php_openssl.h	2011-12-21 09:15:38.000000000 -0700
 @@ -74,6 +74,12 @@
   PHP_FUNCTION(openssl_csr_sign);
   PHP_FUNCTION(openssl_csr_get_subject);
   PHP_FUNCTION(openssl_csr_get_public_key);
  +
  +PHP_FUNCTION(openssl_spki_new);
  +PHP_FUNCTION(openssl_spki_verify);
  +PHP_FUNCTION(openssl_spki_export);
  +PHP_FUNCTION(openssl_spki_export_challenge);
 +PHP_FUNCTION(openssl_spki_export_cert);
  +PHP_FUNCTION(openssl_spki_details);
   #else
   
   #define phpext_openssl_ptr NULL
 --- php-5.3.8/ext/openssl/tests/026.phpt	1969-12-31 17:00:00.000000000 -0700
 +++ php-5.3.8/ext/openssl/tests/026.phpt	2011-12-19 09:26:18.000000000 -0700
 @@ -0,0 +1,202 @@
 --- php-5.3.8/ext/openssl/tests/026.phpt 1969-12-31 17:00:00.000000000 -0700
 +++ php-5.3.8/ext/openssl/tests/026.phpt 2011-12-21 12:45:39.000000000 -0700
 @@ -0,0 +1,208 @@
  +--TEST--
  +openssl_spki_new(), openssl_spki_verify(), openssl_spki_export(), openssl_spki_export_challenge(), openssl_spki_details()
  +--SKIPIF--
  +<?php


  +$key = openssl_pkey_new();
  +if ($key === false)
  + die("failed to create private key\n");
  +
 +echo "Creating new SPKAC with defaults (sha256)\n";
 +echo "Creating new SPKAC with defaults\n";
  +if (!function_exists("openssl_spki_new"))
  + die("openssl_spki_new() does not exist\n");
  +
  +$spki = openssl_spki_new($key, "sample_challenge_string");


  +echo "Verifying SPKAC using defaults\n";
  +if (!function_exists("openssl_spki_verify"))
  + die("openssl_spki_verify() does not exist\n");
  +
 +$x = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($x === false)
 +$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($a === false)
  + die("could not verify spkac\n");
  +
  +echo "Exporting challenge using defaults\n";
  +if (!function_exists("openssl_spki_export_challenge"))
  + die("openssl_spki_export_challenge() does not exist\n");
  +
 +$y = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($y !== "sample_challenge_string")
 +$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($b !== "sample_challenge_string")
  + die("could not verify challenge string from spkac\n");
  +
  +echo "Exporting public key from SPKAC using defaults\n";
  +if (!function_exists("openssl_spki_export"))
  + die("openssl_spki_export() does not exist\n");
  +
 +$z = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($z === "")
 +$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($c === "")
  + die("could not export public key from spkac\n");
  +
  +echo "Generating details of SPKAC structure using defaults\n";
  +if (!function_exists("openssl_spki_details"))
  + die("openssl_spki_details() does not exist\n");
  +
 +$w = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($w === "")
 +$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($d === "")
  + die("could not obtain details from spkac\n");
 +
 +unset($spki, $a, $b, $c, $d);
  +
  +echo "Creating new SPKAC using md5 signature\n";
  +if (!function_exists("openssl_spki_new"))
  + die("openssl_spki_new() does not exist\n");
  +
 +$spki = openssl_spki_new($key, "sample_challenge_string");
 +$spki = openssl_spki_new($key, "sample_challenge_string", "md5");
  +if ($spki === false)
  + die("could not create spkac\n");
  +
  +echo "Verifying SPKAC using md5 signature\n";
  +if (!function_exists("openssl_spki_verify"))
  + die("openssl_spki_verify() does not exist\n");
  +
 +$x = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($x === false)
 +$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($a === false)
  + die("could not verify spkac\n");
  +
  +echo "Exporting challenge using md5 signature\n";
  +if (!function_exists("openssl_spki_export_challenge"))
  + die("openssl_spki_export_challenge() does not exist\n");
  +
 +$y = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($y !== "sample_challenge_string")
 +$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($b !== "sample_challenge_string")
  + die("could not verify challenge string from spkac\n");
  +
  +echo "Exporting public key from SPKAC using md5 signature\n";
  +if (!function_exists("openssl_spki_export"))
  + die("openssl_spki_export() does not exist\n");
  +
 +$z = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($z === "")
 +$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($c === "")
  + die("could not export public key from spkac\n");
  +
  +echo "Generating details of SPKAC structure using md5 signature\n";
  +if (!function_exists("openssl_spki_details"))
  + die("openssl_spki_details() does not exist\n");
  +
 +$w = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($w === "")
 +$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($d === "")
  + die("could not obtain details from spkac\n");
 +
 +unset($spki, $a, $b, $c, $d);
  +
  +echo "Creating new SPKAC using sha1 signature\n";
  +if (!function_exists("openssl_spki_new"))
  + die("openssl_spki_new() does not exist\n");
  +
 +$spki = openssl_spki_new($key, "sample_challenge_string");
 +$spki = openssl_spki_new($key, "sample_challenge_string", "sha1");
  +if ($spki === false)
  + die("could not create spkac\n");
  +
  +echo "Verifying SPKAC using sha1 signature\n";
  +if (!function_exists("openssl_spki_verify"))
  + die("openssl_spki_verify() does not exist\n");
  +
 +$x = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($x === false)
 +$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($a === false)
  + die("could not verify spkac\n");
  +
  +echo "Exporting challenge using sha1 signature\n";
  +if (!function_exists("openssl_spki_export_challenge"))
  + die("openssl_spki_export_challenge() does not exist\n");
  +
 +$y = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($y !== "sample_challenge_string")
 +$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($b !== "sample_challenge_string")
  + die("could not verify challenge string from spkac\n");
  +
  +echo "Exporting public key from SPKAC using sha1 signature\n";
  +if (!function_exists("openssl_spki_export"))
  + die("openssl_spki_export() does not exist\n");
  +
 +$z = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($z === "")
 +$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($c === "")
  + die("could not export public key from spkac\n");
  +
  +echo "Generating details of SPKAC structure using sha1 signature\n";
  +if (!function_exists("openssl_spki_details"))
  + die("openssl_spki_details() does not exist\n");
  +
 +$w = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($w === "")
 +$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($d === "")
  + die("could not obtain details from spkac\n");
 +
 +unset($spki, $a, $b, $c, $d);
  +
  +echo "Creating new SPKAC using sha512 signature\n";
  +if (!function_exists("openssl_spki_new"))
  + die("openssl_spki_new() does not exist\n");
  +
 +$spki = openssl_spki_new($key, "sample_challenge_string");
 +$spki = openssl_spki_new($key, "sample_challenge_string", "sha512");
  +if ($spki === false)
  + die("could not create spkac\n");
  +
  +echo "Verifying SPKAC using sha512 signature\n";
  +if (!function_exists("openssl_spki_verify"))
  + die("openssl_spki_verify() does not exist\n");
  +
 +$x = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($x === false)
 +$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($a === false)
  + die("could not verify spkac\n");
  +
  +echo "Exporting challenge using sha512 signature\n";
  +if (!function_exists("openssl_spki_export_challenge"))
  + die("openssl_spki_export_challenge() does not exist\n");
  +
 +$y = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($y !== "sample_challenge_string")
 +$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($b !== "sample_challenge_string")
  + die("could not verify challenge string from spkac\n");
  +
  +echo "Exporting public key from SPKAC using sha512 signature\n";
  +if (!function_exists("openssl_spki_export"))
  + die("openssl_spki_export() does not exist\n");
  +
 +$z = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($z === "")
 +$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($c === "")
  + die("could not export public key from spkac\n");
  +
  +echo "Generating details of SPKAC structure using sha512 signature\n";
  +if (!function_exists("openssl_spki_details"))
  + die("openssl_spki_details() does not exist\n");
  +
 +$w = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($w === "")
 +$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($d === "")
  + die("could not obtain details from spkac\n");
  +
  +echo "OK!\n";
  +
  +openssl_free_key($key);
  +?>
  +--EXPECT--
  +Creating private key
 +Creating new SPKAC with defaults (sha256)
 +Creating new SPKAC with defaults
  +Verifying SPKAC using defaults
  +Exporting challenge using defaults
  +Exporting public key from SPKAC using defaults
  +Generating details of SPKAC structure using defaults
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 20:02:09 2014 UTC