Patch spki.patch for OpenSSL related Bug #38917
Patch version 2011-12-21 03:48 UTC
Return to Bug #38917
| Download this patch
Patch Revisions:
2011-12-22 10:41 UTC | 2011-12-21 20:31 UTC | 2011-12-21 16:09 UTC | 2011-12-21 03:48 UTC | 2011-12-21 03:26 UTC | 2011-12-19 17:58 UTC | 2011-12-19 17:53 UTC | 2011-12-19 14:36 UTC | 2011-12-14 11:38 UTC | 2011-12-13 16:55 UTC | 2011-12-08 10:57 UTC | 2011-12-06 21:02 UTC | 2011-12-06 11:35 UTC | 2011-12-06 11:29 UTCDeveloper: jason.gerfen@gmail.com
--- php-5.3.8/ext/openssl/openssl.c 2011-07-25 05:42:53.000000000 -0600
+++ php-5.3.8/ext/openssl/openssl.c 2011-12-21 09:15:38.000000000 -0700
--- php-5.3.8/ext/openssl/php_openssl.h 2010-12-31 19:19:59.000000000 -0700
+++ php-5.3.8/ext/openssl/php_openssl.h 2011-12-20 20:10:00.264306347 -0700
@@ -74,6 +74,12 @@
PHP_FUNCTION(openssl_csr_sign);
PHP_FUNCTION(openssl_csr_get_subject);
PHP_FUNCTION(openssl_csr_get_public_key);
+
+PHP_FUNCTION(openssl_spki_new);
+PHP_FUNCTION(openssl_spki_verify);
+PHP_FUNCTION(openssl_spki_export);
+PHP_FUNCTION(openssl_spki_export_challenge);
+PHP_FUNCTION(openssl_spki_details);
#else
#define phpext_openssl_ptr NULL
--- php-5.3.8/ext/openssl/tests/026.phpt 1969-12-31 17:00:00.000000000 -0700
+++ php-5.3.8/ext/openssl/tests/026.phpt 2011-12-20 20:35:03.448513959 -0700
@@ -0,0 +1,204 @@
+--TEST--
+openssl_spki_new(), openssl_spki_verify(), openssl_spki_export(), openssl_spki_export_challenge(), openssl_spki_details()
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip");
+if (!@openssl_pkey_new()) die("skip cannot create private key");
+?>
+--FILE--
+<?php
+
+echo "Creating private key\n";
+$key = openssl_pkey_new();
+if ($key === false)
+ die("failed to create private key\n");
+
+echo "Creating new SPKAC with defaults (sha256)\n";
+if (!function_exists("openssl_spki_new"))
+ die("openssl_spki_new() does not exist\n");
+
+$spki = openssl_spki_new($key, "sample_challenge_string");
+if ($spki === false)
+ die("could not create spkac\n");
+
+echo "Verifying SPKAC using defaults\n";
+if (!function_exists("openssl_spki_verify"))
+ die("openssl_spki_verify() does not exist\n");
+
+$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
+if ($a === false)
+ die("could not verify spkac\n");
+
+echo "Exporting challenge using defaults\n";
+if (!function_exists("openssl_spki_export_challenge"))
+ die("openssl_spki_export_challenge() does not exist\n");
+
+$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
+if ($b !== "sample_challenge_string")
+ die("could not verify challenge string from spkac\n");
+
+echo "Exporting public key from SPKAC using defaults\n";
+if (!function_exists("openssl_spki_export"))
+ die("openssl_spki_export() does not exist\n");
+
+$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
+if ($c === "")
+ die("could not export public key from spkac\n");
+
+echo "Generating details of SPKAC structure using defaults\n";
+if (!function_exists("openssl_spki_details"))
+ die("openssl_spki_details() does not exist\n");
+
+$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
+if ($d === "")
+ die("could not obtain details from spkac\n");
+
+unset($spki, $a, $b, $c, $d);
+
+$spki = openssl_spki_new($key, "sample_challenge_string", "md5");
+if ($spki === false)
+ die("could not create spkac\n");
+
+echo "Verifying SPKAC using md5 signature\n";
+if (!function_exists("openssl_spki_verify"))
+ die("openssl_spki_verify() does not exist\n");
+
+$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
+if ($a === false)
+ die("could not verify spkac\n");
+
+echo "Exporting challenge using md5 signature\n";
+if (!function_exists("openssl_spki_export_challenge"))
+ die("openssl_spki_export_challenge() does not exist\n");
+
+$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
+if ($b !== "sample_challenge_string")
+ die("could not verify challenge string from spkac\n");
+
+echo "Exporting public key from SPKAC using md5 signature\n";
+if (!function_exists("openssl_spki_export"))
+ die("openssl_spki_export() does not exist\n");
+
+$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
+if ($c === "")
+ die("could not export public key from spkac\n");
+
+echo "Generating details of SPKAC structure using md5 signature\n";
+if (!function_exists("openssl_spki_details"))
+ die("openssl_spki_details() does not exist\n");
+
+$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
+if ($d === "")
+ die("could not obtain details from spkac\n");
+
+unset($spki, $a, $b, $c, $d);
+
+echo "Creating new SPKAC using sha1 signature\n";
+if (!function_exists("openssl_spki_new"))
+ die("openssl_spki_new() does not exist\n");
+
+$spki = openssl_spki_new($key, "sample_challenge_string", "sha1");
+if ($spki === false)
+ die("could not create spkac\n");
+
+echo "Verifying SPKAC using sha1 signature\n";
+if (!function_exists("openssl_spki_verify"))
+ die("openssl_spki_verify() does not exist\n");
+
+$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
+if ($a === false)
+ die("could not verify spkac\n");
+
+echo "Exporting challenge using sha1 signature\n";
+if (!function_exists("openssl_spki_export_challenge"))
+ die("openssl_spki_export_challenge() does not exist\n");
+
+$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
+if ($b !== "sample_challenge_string")
+ die("could not verify challenge string from spkac\n");
+
+echo "Exporting public key from SPKAC using sha1 signature\n";
+if (!function_exists("openssl_spki_export"))
+ die("openssl_spki_export() does not exist\n");
+
+$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
+if ($c === "")
+ die("could not export public key from spkac\n");
+
+echo "Generating details of SPKAC structure using sha1 signature\n";
+if (!function_exists("openssl_spki_details"))
+ die("openssl_spki_details() does not exist\n");
+
+$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
+if ($d === "")
+ die("could not obtain details from spkac\n");
+
+unset($spki, $a, $b, $c, $d);
+
+echo "Creating new SPKAC using sha512 signature\n";
+if (!function_exists("openssl_spki_new"))
+ die("openssl_spki_new() does not exist\n");
+
+$spki = openssl_spki_new($key, "sample_challenge_string", "sha512");
+if ($spki === false)
+ die("could not create spkac\n");
+
+echo "Verifying SPKAC using sha512 signature\n";
+if (!function_exists("openssl_spki_verify"))
+ die("openssl_spki_verify() does not exist\n");
+
+$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
+if ($a === false)
+ die("could not verify spkac\n");
+
+echo "Exporting challenge using sha512 signature\n";
+if (!function_exists("openssl_spki_export_challenge"))
+ die("openssl_spki_export_challenge() does not exist\n");
+
+$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
+if ($b !== "sample_challenge_string")
+ die("could not verify challenge string from spkac\n");
+
+echo "Exporting public key from SPKAC using sha512 signature\n";
+if (!function_exists("openssl_spki_export"))
+ die("openssl_spki_export() does not exist\n");
+
+$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
+if ($c === "")
+ die("could not export public key from spkac\n");
+
+echo "Generating details of SPKAC structure using sha512 signature\n";
+if (!function_exists("openssl_spki_details"))
+ die("openssl_spki_details() does not exist\n");
+
+$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
+if ($d === "")
+ die("could not obtain details from spkac\n");
+
+echo "OK!\n";
+
+openssl_free_key($key);
+?>
+--EXPECT--
+Creating private key
+Creating new SPKAC with defaults (sha256)
+Verifying SPKAC using defaults
+Exporting challenge using defaults
+Exporting public key from SPKAC using defaults
+Generating details of SPKAC structure using defaults
+Creating new SPKAC using md5 signature
+Verifying SPKAC using md5 signature
+Exporting challenge using md5 signature
+Exporting public key from SPKAC using md5 signature
+Generating details of SPKAC structure using md5 signature
+Creating new SPKAC using sha1 signature
+Verifying SPKAC using sha1 signature
+Exporting challenge using sha1 signature
+Exporting public key from SPKAC using sha1 signature
+Generating details of SPKAC structure using sha1 signature
+Creating new SPKAC using sha512 signature
+Verifying SPKAC using sha512 signature
+Exporting challenge using sha512 signature
+Exporting public key from SPKAC using sha512 signature
+Generating details of SPKAC structure using sha512 signature
+OK!
--- php-5.3.8/ext/openssl/openssl.c 2011-07-25 05:42:53.000000000 -0600
+++ php-5.3.8/ext/openssl/openssl.c 2011-12-20 20:09:36.720600685 -0700
@@ -372,11 +372,40 @@
ZEND_ARG_INFO(0, length)
ZEND_ARG_INFO(1, result_is_strong)
ZEND_END_ARG_INFO()
+ ZEND_ARG_INFO(0, algo)
+ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_verify, 0)
+ ZEND_ARG_INFO(0, spki)
+ZEND_END_ARG_INFO()
+
+ ZEND_ARG_INFO(0, spki)
+ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_export, 0)
+ ZEND_ARG_INFO(0, spki)
+ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_export_challenge, 0)
+ ZEND_ARG_INFO(0, spki)
+ZEND_END_ARG_INFO()
+ ZEND_ARG_INFO(0, spki)
+ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_details, 0)
+ ZEND_ARG_INFO(0, spki)
+ZEND_END_ARG_INFO()
/* }}} */
/* }}} */
/* {{{ openssl_functions[]
*/
const zend_function_entry openssl_functions[] = {
+/* spki functions */
+ PHP_FE(openssl_spki_new, arginfo_openssl_spki_new)
+ PHP_FE(openssl_spki_verify, arginfo_openssl_spki_verify)
+ PHP_FE(openssl_spki_export, arginfo_openssl_spki_export)
+ PHP_FE(openssl_spki_export_challenge, arginfo_openssl_spki_export_challenge)
+ PHP_FE(openssl_spki_details, arginfo_openssl_spki_details)
+ PHP_FE(openssl_spki_new, arginfo_openssl_spki_new)
+ PHP_FE(openssl_spki_verify, arginfo_openssl_spki_verify)
+ PHP_FE(openssl_spki_export, arginfo_openssl_spki_export)
+ PHP_FE(openssl_spki_export_challenge, arginfo_openssl_spki_export_challenge)
+ PHP_FE(openssl_spki_details, arginfo_openssl_spki_details)
+
/* public/private key functions */
PHP_FE(openssl_pkey_free, arginfo_openssl_pkey_free)
PHP_FE(openssl_pkey_new, arginfo_openssl_pkey_new)
+ long keyresource = -1;
+ const char *spkac = "SPKAC=";
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|s", &zpkey, &challenge, &challenge_len, &algo, &algo_len) == FAILURE) {
+ return;
+ }
+ return;
+ }
+ RETVAL_FALSE;
+
+ pkey = php_openssl_evp_from_zval(&zpkey, 0, challenge, 1, &keyresource TSRMLS_CC);
+
+PHP_FUNCTION(openssl_spki_export)
+{
+ int spkstr_len;
+ EVP_PKEY *pkey = NULL;
+ NETSCAPE_SPKI *spki = NULL;
+ BIO *out = BIO_new(BIO_s_mem());
+ BUF_MEM *bio_buf;
+ char *spkstr;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
+ goto cleanup;
+ }
+
+ if (!spkstr) {
+ goto cleanup;
+ }
+
+ char * spkstr_cleaned = malloc(strlen(spkstr));
+ openssl_spki_cleanup(spkstr, spkstr_cleaned);
+
+ spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
+ NETSCAPE_SPKI *spki = NULL;
+ BIO *out = BIO_new(BIO_s_mem());
+ BUF_MEM *bio_buf;
+ char *spkstr;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
+ goto cleanup;
+ }
+
+ if (!spkstr) {
+ goto cleanup;
+ }
+
+ char * spkstr_cleaned = malloc(strlen(spkstr));
+ openssl_spki_cleanup(spkstr, spkstr_cleaned);
+
+ spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
+ if (!spki) {
+ goto cleanup;
+ }
+
+
/* {{{ proto bool openssl_x509_export(mixed x509, string &out [, bool notext = true])
Exports a CERT to file or a var */
PHP_FUNCTION(openssl_x509_export)
--- php-5.3.8/ext/openssl/php_openssl.h 2010-12-31 19:19:59.000000000 -0700
+++ php-5.3.8/ext/openssl/php_openssl.h 2011-12-21 09:15:38.000000000 -0700
@@ -74,6 +74,12 @@
PHP_FUNCTION(openssl_csr_sign);
PHP_FUNCTION(openssl_csr_get_subject);
PHP_FUNCTION(openssl_csr_get_public_key);
+
+PHP_FUNCTION(openssl_spki_new);
+PHP_FUNCTION(openssl_spki_verify);
+PHP_FUNCTION(openssl_spki_export);
+PHP_FUNCTION(openssl_spki_export_challenge);
+PHP_FUNCTION(openssl_spki_details);
#else
#define phpext_openssl_ptr NULL
--- php-5.3.8/ext/openssl/tests/026.phpt 1969-12-31 17:00:00.000000000 -0700
+++ php-5.3.8/ext/openssl/tests/026.phpt 2011-12-21 12:45:39.000000000 -0700
@@ -0,0 +1,208 @@
+--TEST--
+openssl_spki_new(), openssl_spki_verify(), openssl_spki_export(), openssl_spki_export_challenge(), openssl_spki_details()
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip");
+if (!@openssl_pkey_new()) die("skip cannot create private key");
+?>
+--FILE--
+<?php
+
+echo "Creating private key\n";
+$key = openssl_pkey_new();
+if ($key === false)
+ die("failed to create private key\n");
+
+echo "Creating new SPKAC with defaults\n";
+if (!function_exists("openssl_spki_new"))
+ die("openssl_spki_new() does not exist\n");
+
+$spki = openssl_spki_new($key, "sample_challenge_string");
+if ($spki === false)
+ die("could not create spkac\n");
+
+echo "Verifying SPKAC using defaults\n";
+if (!function_exists("openssl_spki_verify"))
+ die("openssl_spki_verify() does not exist\n");
+
+$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
+if ($a === false)
+ die("could not verify spkac\n");
+
+echo "Exporting challenge using defaults\n";
+if (!function_exists("openssl_spki_export_challenge"))
+ die("openssl_spki_export_challenge() does not exist\n");
+
+$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
+if ($b !== "sample_challenge_string")
+ die("could not verify challenge string from spkac\n");
+
+echo "Exporting public key from SPKAC using defaults\n";
+if (!function_exists("openssl_spki_export"))
+ die("openssl_spki_export() does not exist\n");
+
+$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
+if ($c === "")
+ die("could not export public key from spkac\n");
+
+echo "Generating details of SPKAC structure using defaults\n";
+if (!function_exists("openssl_spki_details"))
+ die("openssl_spki_details() does not exist\n");
+
+$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
+if ($d === "")
+ die("could not obtain details from spkac\n");
+
+unset($spki, $a, $b, $c, $d);
+
+echo "Creating new SPKAC using md5 signature\n";
+if (!function_exists("openssl_spki_new"))
+ die("openssl_spki_new() does not exist\n");
+
+$spki = openssl_spki_new($key, "sample_challenge_string", "md5");
+if ($spki === false)
+ die("could not create spkac\n");
+
+echo "Verifying SPKAC using md5 signature\n";
+if (!function_exists("openssl_spki_verify"))
+ die("openssl_spki_verify() does not exist\n");
+
+$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
+if ($a === false)
+ die("could not verify spkac\n");
+
+echo "Exporting challenge using md5 signature\n";
+if (!function_exists("openssl_spki_export_challenge"))
+ die("openssl_spki_export_challenge() does not exist\n");
+
+$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
+if ($b !== "sample_challenge_string")
+ die("could not verify challenge string from spkac\n");
+
+echo "Exporting public key from SPKAC using md5 signature\n";
+if (!function_exists("openssl_spki_export"))
+ die("openssl_spki_export() does not exist\n");
+
+$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
+if ($c === "")
+ die("could not export public key from spkac\n");
+
+echo "Generating details of SPKAC structure using md5 signature\n";
+if (!function_exists("openssl_spki_details"))
+ die("openssl_spki_details() does not exist\n");
+
+$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
+if ($d === "")
+ die("could not obtain details from spkac\n");
+
+unset($spki, $a, $b, $c, $d);
+
+echo "Creating new SPKAC using sha1 signature\n";
+if (!function_exists("openssl_spki_new"))
+ die("openssl_spki_new() does not exist\n");
+
+$spki = openssl_spki_new($key, "sample_challenge_string", "sha1");
+if ($spki === false)
+ die("could not create spkac\n");
+
+echo "Verifying SPKAC using sha1 signature\n";
+if (!function_exists("openssl_spki_verify"))
+ die("openssl_spki_verify() does not exist\n");
+
+$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
+if ($a === false)
+ die("could not verify spkac\n");
+
+echo "Exporting challenge using sha1 signature\n";
+if (!function_exists("openssl_spki_export_challenge"))
+ die("openssl_spki_export_challenge() does not exist\n");
+
+$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
+if ($b !== "sample_challenge_string")
+ die("could not verify challenge string from spkac\n");
+
+echo "Exporting public key from SPKAC using sha1 signature\n";
+if (!function_exists("openssl_spki_export"))
+ die("openssl_spki_export() does not exist\n");
+
+$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
+if ($c === "")
+ die("could not export public key from spkac\n");
+
+echo "Generating details of SPKAC structure using sha1 signature\n";
+if (!function_exists("openssl_spki_details"))
+ die("openssl_spki_details() does not exist\n");
+
+$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
+if ($d === "")
+ die("could not obtain details from spkac\n");
+
+unset($spki, $a, $b, $c, $d);
+
+echo "Creating new SPKAC using sha512 signature\n";
+if (!function_exists("openssl_spki_new"))
+ die("openssl_spki_new() does not exist\n");
+
+$spki = openssl_spki_new($key, "sample_challenge_string", "sha512");
+if ($spki === false)
+ die("could not create spkac\n");
+
+echo "Verifying SPKAC using sha512 signature\n";
+if (!function_exists("openssl_spki_verify"))
+ die("openssl_spki_verify() does not exist\n");
+
+$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
+if ($a === false)
+ die("could not verify spkac\n");
+
+echo "Exporting challenge using sha512 signature\n";
+if (!function_exists("openssl_spki_export_challenge"))
+ die("openssl_spki_export_challenge() does not exist\n");
+
+$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
+if ($b !== "sample_challenge_string")
+ die("could not verify challenge string from spkac\n");
+
+echo "Exporting public key from SPKAC using sha512 signature\n";
+if (!function_exists("openssl_spki_export"))
+ die("openssl_spki_export() does not exist\n");
+
+$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
+if ($c === "")
+ die("could not export public key from spkac\n");
+
+echo "Generating details of SPKAC structure using sha512 signature\n";
+if (!function_exists("openssl_spki_details"))
+ die("openssl_spki_details() does not exist\n");
+
+$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
+if ($d === "")
+ die("could not obtain details from spkac\n");
+
+echo "OK!\n";
+
+openssl_free_key($key);
+?>
+--EXPECT--
+Creating private key
+Creating new SPKAC with defaults
+Verifying SPKAC using defaults
+Exporting challenge using defaults
+Exporting public key from SPKAC using defaults
+Generating details of SPKAC structure using defaults
+Creating new SPKAC using md5 signature
+Verifying SPKAC using md5 signature
+Exporting challenge using md5 signature
+Exporting public key from SPKAC using md5 signature
+Generating details of SPKAC structure using md5 signature
+Creating new SPKAC using sha1 signature
+Verifying SPKAC using sha1 signature
+Exporting challenge using sha1 signature
+Exporting public key from SPKAC using sha1 signature
+Generating details of SPKAC structure using sha1 signature
+Creating new SPKAC using sha512 signature
+Verifying SPKAC using sha512 signature
+Exporting challenge using sha512 signature
+Exporting public key from SPKAC using sha512 signature
+Generating details of SPKAC structure using sha512 signature
+OK!
|