php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Return to Bug #38917
Patch spki.patch revision 2011-12-22 10:41 UTC by jason dot gerfen at gmail dot com
revision 2011-12-21 20:31 UTC by jason dot gerfen at gmail dot com
revision 2011-12-21 16:09 UTC by jason dot gerfen at gmail dot com
revision 2011-12-21 03:48 UTC by jason dot gerfen at gmail dot com
revision 2011-12-21 03:26 UTC by jason dot gerfen at gmail dot com
revision 2011-12-19 17:58 UTC by jason dot gerfen at gmail dot com
revision 2011-12-19 17:53 UTC by jason dot gerfen at gmail dot com
revision 2011-12-19 14:36 UTC by jason dot gerfen at gmail dot com
revision 2011-12-14 11:38 UTC by jason dot gerfen at gmail dot com
revision 2011-12-13 16:55 UTC by jason dot gerfen at gmail dot com
revision 2011-12-08 10:57 UTC by jason dot gerfen at gmail dot com
revision 2011-12-06 21:02 UTC by jason dot gerfen at gmail dot com
revision 2011-12-06 11:35 UTC by jason dot gerfen at gmail dot com
revision 2011-12-06 11:29 UTC by jason dot gerfen at gmail dot com

Patch spki.patch for OpenSSL related Bug #38917

Patch version 2011-12-22 10:41 UTC

Return to Bug #38917 | Download this patch
Patch Revisions: 2011-12-22 10:41 UTC | 2011-12-21 20:31 UTC | 2011-12-21 16:09 UTC | 2011-12-21 03:48 UTC | 2011-12-21 03:26 UTC | 2011-12-19 17:58 UTC | 2011-12-19 17:53 UTC | 2011-12-19 14:36 UTC | 2011-12-14 11:38 UTC | 2011-12-13 16:55 UTC | 2011-12-08 10:57 UTC | 2011-12-06 21:02 UTC | 2011-12-06 11:35 UTC | 2011-12-06 11:29 UTC

Developer: jason.gerfen@gmail.com

Line 1 (now 1), was 228 lines, now 6 lines
 --- php-5.3.8/ext/openssl/php_openssl.h	2010-12-31 19:19:59.000000000 -0700
 +++ php-5.3.8/ext/openssl/php_openssl.h	2011-12-20 20:10:00.264306347 -0700
 @@ -74,6 +74,12 @@
  PHP_FUNCTION(openssl_csr_sign);
  PHP_FUNCTION(openssl_csr_get_subject);
  PHP_FUNCTION(openssl_csr_get_public_key);
 +
 +PHP_FUNCTION(openssl_spki_new);
 +PHP_FUNCTION(openssl_spki_verify);
 +PHP_FUNCTION(openssl_spki_export);
 +PHP_FUNCTION(openssl_spki_export_challenge);
 +PHP_FUNCTION(openssl_spki_details);
  #else
  
  #define phpext_openssl_ptr NULL
 --- php-5.3.8/ext/openssl/tests/026.phpt 1969-12-31 17:00:00.000000000 -0700
 +++ php-5.3.8/ext/openssl/tests/026.phpt 2011-12-20 20:35:03.448513959 -0700
 @@ -0,0 +1,204 @@
 +--TEST--
 +openssl_spki_new(), openssl_spki_verify(), openssl_spki_export(), openssl_spki_export_challenge(), openssl_spki_details()
 +--SKIPIF--
 +<?php
 +if (!extension_loaded("openssl")) die("skip");
 +if (!@openssl_pkey_new()) die("skip cannot create private key");
 +?>
 +--FILE--
 +<?php
 +
 +echo "Creating private key\n";
 +$key = openssl_pkey_new();
 +if ($key === false)
 + die("failed to create private key\n");
 +
 +echo "Creating new SPKAC with defaults (sha256)\n";
 +if (!function_exists("openssl_spki_new"))
 + die("openssl_spki_new() does not exist\n");
 +
 +$spki = openssl_spki_new($key, "sample_challenge_string");
 +if ($spki === false)
 + die("could not create spkac\n");
 +
 +echo "Verifying SPKAC using defaults\n";
 +if (!function_exists("openssl_spki_verify"))
 + die("openssl_spki_verify() does not exist\n");
 +
 +$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($a === false)
 + die("could not verify spkac\n");
 +
 +echo "Exporting challenge using defaults\n";
 +if (!function_exists("openssl_spki_export_challenge"))
 + die("openssl_spki_export_challenge() does not exist\n");
 +
 +$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($b !== "sample_challenge_string")
 + die("could not verify challenge string from spkac\n");
 +
 +echo "Exporting public key from SPKAC using defaults\n";
 +if (!function_exists("openssl_spki_export"))
 + die("openssl_spki_export() does not exist\n");
 +
 +$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($c === "")
 + die("could not export public key from spkac\n");
 +
 +echo "Generating details of SPKAC structure using defaults\n";
 +if (!function_exists("openssl_spki_details"))
 + die("openssl_spki_details() does not exist\n");
 +
 +$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($d === "")
 + die("could not obtain details from spkac\n");
 +
 +unset($spki, $a, $b, $c, $d);
 +
 +$spki = openssl_spki_new($key, "sample_challenge_string", "md5");
 +if ($spki === false)
 + die("could not create spkac\n");
 +
 +echo "Verifying SPKAC using md5 signature\n";
 +if (!function_exists("openssl_spki_verify"))
 + die("openssl_spki_verify() does not exist\n");
 +
 +$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($a === false)
 + die("could not verify spkac\n");
 +
 +echo "Exporting challenge using md5 signature\n";
 +if (!function_exists("openssl_spki_export_challenge"))
 + die("openssl_spki_export_challenge() does not exist\n");
 +
 +$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($b !== "sample_challenge_string")
 + die("could not verify challenge string from spkac\n");
 +
 +echo "Exporting public key from SPKAC using md5 signature\n";
 +if (!function_exists("openssl_spki_export"))
 + die("openssl_spki_export() does not exist\n");
 +
 +$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($c === "")
 + die("could not export public key from spkac\n");
 +
 +echo "Generating details of SPKAC structure using md5 signature\n";
 +if (!function_exists("openssl_spki_details"))
 + die("openssl_spki_details() does not exist\n");
 +
 +$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($d === "")
 + die("could not obtain details from spkac\n");
 +
 +unset($spki, $a, $b, $c, $d);
 +
 +echo "Creating new SPKAC using sha1 signature\n";
 +if (!function_exists("openssl_spki_new"))
 + die("openssl_spki_new() does not exist\n");
 +
 +$spki = openssl_spki_new($key, "sample_challenge_string", "sha1");
 +if ($spki === false)
 + die("could not create spkac\n");
 +
 +echo "Verifying SPKAC using sha1 signature\n";
 +if (!function_exists("openssl_spki_verify"))
 + die("openssl_spki_verify() does not exist\n");
 +
 +$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($a === false)
 + die("could not verify spkac\n");
 +
 +echo "Exporting challenge using sha1 signature\n";
 +if (!function_exists("openssl_spki_export_challenge"))
 + die("openssl_spki_export_challenge() does not exist\n");
 +
 +$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($b !== "sample_challenge_string")
 + die("could not verify challenge string from spkac\n");
 +
 +echo "Exporting public key from SPKAC using sha1 signature\n";
 +if (!function_exists("openssl_spki_export"))
 + die("openssl_spki_export() does not exist\n");
 +
 +$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($c === "")
 + die("could not export public key from spkac\n");
 +
 +echo "Generating details of SPKAC structure using sha1 signature\n";
 +if (!function_exists("openssl_spki_details"))
 + die("openssl_spki_details() does not exist\n");
 +
 +$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($d === "")
 + die("could not obtain details from spkac\n");
 +
 +unset($spki, $a, $b, $c, $d);
 +
 +echo "Creating new SPKAC using sha512 signature\n";
 +if (!function_exists("openssl_spki_new"))
 + die("openssl_spki_new() does not exist\n");
 +
 +$spki = openssl_spki_new($key, "sample_challenge_string", "sha512");
 +if ($spki === false)
 + die("could not create spkac\n");
 +
 +echo "Verifying SPKAC using sha512 signature\n";
 +if (!function_exists("openssl_spki_verify"))
 + die("openssl_spki_verify() does not exist\n");
 +
 +$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($a === false)
 + die("could not verify spkac\n");
 +
 +echo "Exporting challenge using sha512 signature\n";
 +if (!function_exists("openssl_spki_export_challenge"))
 + die("openssl_spki_export_challenge() does not exist\n");
 +
 +$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($b !== "sample_challenge_string")
 + die("could not verify challenge string from spkac\n");
 +
 +echo "Exporting public key from SPKAC using sha512 signature\n";
 +if (!function_exists("openssl_spki_export"))
 + die("openssl_spki_export() does not exist\n");
 +
 +$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($c === "")
 + die("could not export public key from spkac\n");
 +
 +echo "Generating details of SPKAC structure using sha512 signature\n";
 +if (!function_exists("openssl_spki_details"))
 + die("openssl_spki_details() does not exist\n");
 +
 +$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($d === "")
 + die("could not obtain details from spkac\n");
 +
 +echo "OK!\n";
 +
 +openssl_free_key($key);
 +?>
 +--EXPECT--
 +Creating private key
 +Creating new SPKAC with defaults (sha256)
 +Verifying SPKAC using defaults
 +Exporting challenge using defaults
 +Exporting public key from SPKAC using defaults
 +Generating details of SPKAC structure using defaults
 +Creating new SPKAC using md5 signature
 +Verifying SPKAC using md5 signature
 +Exporting challenge using md5 signature
 +Exporting public key from SPKAC using md5 signature
 +Generating details of SPKAC structure using md5 signature
 +Creating new SPKAC using sha1 signature
 +Verifying SPKAC using sha1 signature
 +Exporting challenge using sha1 signature
 +Exporting public key from SPKAC using sha1 signature
 +Generating details of SPKAC structure using sha1 signature
 +Creating new SPKAC using sha512 signature
 +Verifying SPKAC using sha512 signature
 +Exporting challenge using sha512 signature
 +Exporting public key from SPKAC using sha512 signature
 +Generating details of SPKAC structure using sha512 signature
 +OK!
  --- php-5.3.8/ext/openssl/openssl.c 2011-07-25 05:42:53.000000000 -0600
 +++ php-5.3.8/ext/openssl/openssl.c 2011-12-20 20:09:36.720600685 -0700
 +++ php-5.3.8/ext/openssl/openssl.c 2011-12-21 09:15:38.000000000 -0700
  @@ -372,11 +372,40 @@
       ZEND_ARG_INFO(0, length)
       ZEND_ARG_INFO(1, result_is_strong)
   ZEND_END_ARG_INFO()


  + PHP_FE(openssl_spki_export_challenge, arginfo_openssl_spki_export_challenge)
  + PHP_FE(openssl_spki_details,	arginfo_openssl_spki_details)
  +
   /* public/private key functions */
  	PHP_FE(openssl_pkey_free, arginfo_openssl_pkey_free)
  	PHP_FE(openssl_pkey_new, arginfo_openssl_pkey_new)
  	PHP_FE(openssl_pkey_free,			arginfo_openssl_pkey_free)
  	PHP_FE(openssl_pkey_new,			arginfo_openssl_pkey_new)
  @@ -1252,6 +1281,291 @@
   }
   /* }}} */
   


  +PHP_FUNCTION(openssl_spki_export)
  +{
  + int spkstr_len;
  + EVP_PKEY *pkey = NULL;
 + NETSCAPE_SPKI *spki = NULL;
 + BIO *out = BIO_new(BIO_s_mem());
 + BUF_MEM *bio_buf;
 + char *spkstr;
 +
 + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
 +  goto cleanup;
 + }
 +
 + if (!spkstr) {
 +  goto cleanup;
 + }
 +
 + char * spkstr_cleaned = malloc(strlen(spkstr));
 + openssl_spki_cleanup(spkstr, spkstr_cleaned);
 +
 + NETSCAPE_SPKI *spki = NULL;
 + BIO *out = BIO_new(BIO_s_mem());
 + BUF_MEM *bio_buf;
 + char *spkstr;
 +
 + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
 +  goto cleanup;
 + }
 +
 + if (!spkstr) {
 +  goto cleanup;
 + }
 +
 + char * spkstr_cleaned = malloc(strlen(spkstr));
 + openssl_spki_cleanup(spkstr, spkstr_cleaned);
 +
  + spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
  + if (!spki) {
  +  goto cleanup;
  + }


  +
   /* {{{ proto bool openssl_x509_export(mixed x509, string &out [, bool notext = true])
      Exports a CERT to file or a var */
   PHP_FUNCTION(openssl_x509_export)
 --- php-5.3.8/ext/openssl/php_openssl.h	2010-12-31 19:19:59.000000000 -0700
 +++ php-5.3.8/ext/openssl/php_openssl.h	2011-12-21 09:15:38.000000000 -0700
 @@ -74,6 +74,12 @@
  PHP_FUNCTION(openssl_csr_sign);
  PHP_FUNCTION(openssl_csr_get_subject);
  PHP_FUNCTION(openssl_csr_get_public_key);
 +
 +PHP_FUNCTION(openssl_spki_new);
 +PHP_FUNCTION(openssl_spki_verify);
 +PHP_FUNCTION(openssl_spki_export);
 +PHP_FUNCTION(openssl_spki_export_challenge);
 +PHP_FUNCTION(openssl_spki_details);
  #else
  
  #define phpext_openssl_ptr NULL
 --- php-5.3.8/ext/openssl/tests/026.phpt 1969-12-31 17:00:00.000000000 -0700
 +++ php-5.3.8/ext/openssl/tests/026.phpt 2011-12-21 12:45:39.000000000 -0700
 @@ -0,0 +1,208 @@
 +--TEST--
 +openssl_spki_new(), openssl_spki_verify(), openssl_spki_export(), openssl_spki_export_challenge(), openssl_spki_details()
 +--SKIPIF--
 +<?php
 +if (!extension_loaded("openssl")) die("skip");
 +if (!@openssl_pkey_new()) die("skip cannot create private key");
 +?>
 +--FILE--
 +<?php
 +
 +echo "Creating private key\n";
 +$key = openssl_pkey_new();
 +if ($key === false)
 + die("failed to create private key\n");
 +
 +echo "Creating new SPKAC with defaults\n";
 +if (!function_exists("openssl_spki_new"))
 + die("openssl_spki_new() does not exist\n");
 +
 +$spki = openssl_spki_new($key, "sample_challenge_string");
 +if ($spki === false)
 + die("could not create spkac\n");
 +
 +echo "Verifying SPKAC using defaults\n";
 +if (!function_exists("openssl_spki_verify"))
 + die("openssl_spki_verify() does not exist\n");
 +
 +$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($a === false)
 + die("could not verify spkac\n");
 +
 +echo "Exporting challenge using defaults\n";
 +if (!function_exists("openssl_spki_export_challenge"))
 + die("openssl_spki_export_challenge() does not exist\n");
 +
 +$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($b !== "sample_challenge_string")
 + die("could not verify challenge string from spkac\n");
 +
 +echo "Exporting public key from SPKAC using defaults\n";
 +if (!function_exists("openssl_spki_export"))
 + die("openssl_spki_export() does not exist\n");
 +
 +$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($c === "")
 + die("could not export public key from spkac\n");
 +
 +echo "Generating details of SPKAC structure using defaults\n";
 +if (!function_exists("openssl_spki_details"))
 + die("openssl_spki_details() does not exist\n");
 +
 +$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($d === "")
 + die("could not obtain details from spkac\n");
 +
 +unset($spki, $a, $b, $c, $d);
 +
 +echo "Creating new SPKAC using md5 signature\n";
 +if (!function_exists("openssl_spki_new"))
 + die("openssl_spki_new() does not exist\n");
 +
 +$spki = openssl_spki_new($key, "sample_challenge_string", "md5");
 +if ($spki === false)
 + die("could not create spkac\n");
 +
 +echo "Verifying SPKAC using md5 signature\n";
 +if (!function_exists("openssl_spki_verify"))
 + die("openssl_spki_verify() does not exist\n");
 +
 +$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($a === false)
 + die("could not verify spkac\n");
 +
 +echo "Exporting challenge using md5 signature\n";
 +if (!function_exists("openssl_spki_export_challenge"))
 + die("openssl_spki_export_challenge() does not exist\n");
 +
 +$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($b !== "sample_challenge_string")
 + die("could not verify challenge string from spkac\n");
 +
 +echo "Exporting public key from SPKAC using md5 signature\n";
 +if (!function_exists("openssl_spki_export"))
 + die("openssl_spki_export() does not exist\n");
 +
 +$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($c === "")
 + die("could not export public key from spkac\n");
 +
 +echo "Generating details of SPKAC structure using md5 signature\n";
 +if (!function_exists("openssl_spki_details"))
 + die("openssl_spki_details() does not exist\n");
 +
 +$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($d === "")
 + die("could not obtain details from spkac\n");
 +
 +unset($spki, $a, $b, $c, $d);
 +
 +echo "Creating new SPKAC using sha1 signature\n";
 +if (!function_exists("openssl_spki_new"))
 + die("openssl_spki_new() does not exist\n");
 +
 +$spki = openssl_spki_new($key, "sample_challenge_string", "sha1");
 +if ($spki === false)
 + die("could not create spkac\n");
 +
 +echo "Verifying SPKAC using sha1 signature\n";
 +if (!function_exists("openssl_spki_verify"))
 + die("openssl_spki_verify() does not exist\n");
 +
 +$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($a === false)
 + die("could not verify spkac\n");
 +
 +echo "Exporting challenge using sha1 signature\n";
 +if (!function_exists("openssl_spki_export_challenge"))
 + die("openssl_spki_export_challenge() does not exist\n");
 +
 +$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($b !== "sample_challenge_string")
 + die("could not verify challenge string from spkac\n");
 +
 +echo "Exporting public key from SPKAC using sha1 signature\n";
 +if (!function_exists("openssl_spki_export"))
 + die("openssl_spki_export() does not exist\n");
 +
 +$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($c === "")
 + die("could not export public key from spkac\n");
 +
 +echo "Generating details of SPKAC structure using sha1 signature\n";
 +if (!function_exists("openssl_spki_details"))
 + die("openssl_spki_details() does not exist\n");
 +
 +$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($d === "")
 + die("could not obtain details from spkac\n");
 +
 +unset($spki, $a, $b, $c, $d);
 +
 +echo "Creating new SPKAC using sha512 signature\n";
 +if (!function_exists("openssl_spki_new"))
 + die("openssl_spki_new() does not exist\n");
 +
 +$spki = openssl_spki_new($key, "sample_challenge_string", "sha512");
 +if ($spki === false)
 + die("could not create spkac\n");
 +
 +echo "Verifying SPKAC using sha512 signature\n";
 +if (!function_exists("openssl_spki_verify"))
 + die("openssl_spki_verify() does not exist\n");
 +
 +$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
 +if ($a === false)
 + die("could not verify spkac\n");
 +
 +echo "Exporting challenge using sha512 signature\n";
 +if (!function_exists("openssl_spki_export_challenge"))
 + die("openssl_spki_export_challenge() does not exist\n");
 +
 +$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
 +if ($b !== "sample_challenge_string")
 + die("could not verify challenge string from spkac\n");
 +
 +echo "Exporting public key from SPKAC using sha512 signature\n";
 +if (!function_exists("openssl_spki_export"))
 + die("openssl_spki_export() does not exist\n");
 +
 +$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
 +if ($c === "")
 + die("could not export public key from spkac\n");
 +
 +echo "Generating details of SPKAC structure using sha512 signature\n";
 +if (!function_exists("openssl_spki_details"))
 + die("openssl_spki_details() does not exist\n");
 +
 +$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
 +if ($d === "")
 + die("could not obtain details from spkac\n");
 +
 +echo "OK!\n";
 +
 +openssl_free_key($key);
 +?>
 +--EXPECT--
 +Creating private key
 +Creating new SPKAC with defaults
 +Verifying SPKAC using defaults
 +Exporting challenge using defaults
 +Exporting public key from SPKAC using defaults
 +Generating details of SPKAC structure using defaults
 +Creating new SPKAC using md5 signature
 +Verifying SPKAC using md5 signature
 +Exporting challenge using md5 signature
 +Exporting public key from SPKAC using md5 signature
 +Generating details of SPKAC structure using md5 signature
 +Creating new SPKAC using sha1 signature
 +Verifying SPKAC using sha1 signature
 +Exporting challenge using sha1 signature
 +Exporting public key from SPKAC using sha1 signature
 +Generating details of SPKAC structure using sha1 signature
 +Creating new SPKAC using sha512 signature
 +Verifying SPKAC using sha512 signature
 +Exporting challenge using sha512 signature
 +Exporting public key from SPKAC using sha512 signature
 +Generating details of SPKAC structure using sha512 signature
 +OK!
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 18 04:01:27 2024 UTC