|
version 1.1.1.2, 2012/05/29 12:34:36
|
version 1.1.1.4, 2013/10/14 08:02:27
|
|
Line 2
|
Line 2
|
| +----------------------------------------------------------------------+ |
+----------------------------------------------------------------------+ |
| | PHP Version 5 | |
| PHP Version 5 | |
| +----------------------------------------------------------------------+ |
+----------------------------------------------------------------------+ |
| | Copyright (c) 1997-2012 The PHP Group | | | Copyright (c) 1997-2013 The PHP Group | |
| +----------------------------------------------------------------------+ |
+----------------------------------------------------------------------+ |
| | This source file is subject to version 3.01 of the PHP license, | |
| This source file is subject to version 3.01 of the PHP license, | |
| | that is bundled with this package in the file LICENSE, and is | |
| that is bundled with this package in the file LICENSE, and is | |
|
Line 69
|
Line 69
|
| #define OPENSSL_ALGO_MD2 4 |
#define OPENSSL_ALGO_MD2 4 |
| #endif |
#endif |
| #define OPENSSL_ALGO_DSS1 5 |
#define OPENSSL_ALGO_DSS1 5 |
| #if OPENSSL_VERSION_NUMBER >= 0x0090708fL |
| | #define OPENSSL_ALGO_SHA224 6 |
| | #define OPENSSL_ALGO_SHA256 7 |
| | #define OPENSSL_ALGO_SHA384 8 |
| | #define OPENSSL_ALGO_SHA512 9 |
| | #define OPENSSL_ALGO_RMD160 10 |
| | #endif |
| #define DEBUG_SMIME 0 |
#define DEBUG_SMIME 0 |
| |
|
| /* FIXME: Use the openssl constants instead of |
/* FIXME: Use the openssl constants instead of |
|
Line 555 static EVP_PKEY * php_openssl_generate_private_key(str
|
Line 561 static EVP_PKEY * php_openssl_generate_private_key(str
|
| |
|
| static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int shortname TSRMLS_DC) /* {{{ */ |
static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int shortname TSRMLS_DC) /* {{{ */ |
| { |
{ |
| |
zval **data; |
| zval *subitem, *subentries; |
zval *subitem, *subentries; |
| int i, j = -1, last = -1, obj_cnt = 0; |
int i, j = -1, last = -1, obj_cnt = 0; |
| char *sname; |
char *sname; |
|
Line 572 static void add_assoc_name_entry(zval * val, char * ke
|
Line 579 static void add_assoc_name_entry(zval * val, char * ke
|
| |
|
| for (i = 0; i < X509_NAME_entry_count(name); i++) { |
for (i = 0; i < X509_NAME_entry_count(name); i++) { |
| unsigned char *to_add; |
unsigned char *to_add; |
| int to_add_len; | int to_add_len = 0; |
| |
|
| |
|
| ne = X509_NAME_get_entry(name, i); |
ne = X509_NAME_get_entry(name, i); |
|
Line 586 static void add_assoc_name_entry(zval * val, char * ke
|
Line 593 static void add_assoc_name_entry(zval * val, char * ke
|
| sname = (char *) OBJ_nid2ln(nid); |
sname = (char *) OBJ_nid2ln(nid); |
| } |
} |
| |
|
| MAKE_STD_ZVAL(subentries); | str = X509_NAME_ENTRY_get_data(ne); |
| array_init(subentries); | if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) { |
| | to_add_len = ASN1_STRING_to_UTF8(&to_add, str); |
| | } else { |
| | to_add = ASN1_STRING_data(str); |
| | to_add_len = ASN1_STRING_length(str); |
| | } |
| |
|
| last = -1; | if (to_add_len != -1) { |
| for (;;) { | if (zend_hash_find(Z_ARRVAL_P(subitem), sname, strlen(sname)+1, (void**)&data) == SUCCESS) { |
| j = X509_NAME_get_index_by_OBJ(name, obj, last); | if (Z_TYPE_PP(data) == IS_ARRAY) { |
| if (j < 0) { | subentries = *data; |
| if (last != -1) break; | |
| } else { | |
| obj_cnt++; | |
| ne = X509_NAME_get_entry(name, j); | |
| str = X509_NAME_ENTRY_get_data(ne); | |
| if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) { | |
| to_add_len = ASN1_STRING_to_UTF8(&to_add, str); | |
| if (to_add_len != -1) { | |
| add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1); | |
| } | |
| } else { | |
| to_add = ASN1_STRING_data(str); | |
| to_add_len = ASN1_STRING_length(str); | |
| add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1); |
add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1); |
| |
} else if (Z_TYPE_PP(data) == IS_STRING) { |
| |
MAKE_STD_ZVAL(subentries); |
| |
array_init(subentries); |
| |
add_next_index_stringl(subentries, Z_STRVAL_PP(data), Z_STRLEN_PP(data), 1); |
| |
add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1); |
| |
zend_hash_update(Z_ARRVAL_P(subitem), sname, strlen(sname)+1, &subentries, sizeof(zval*), NULL); |
| } |
} |
| } | } else { |
| last = j; | |
| } | |
| i = last; | |
| |
| if (obj_cnt > 1) { | |
| add_assoc_zval_ex(subitem, sname, strlen(sname) + 1, subentries); | |
| } else { | |
| zval_dtor(subentries); | |
| FREE_ZVAL(subentries); | |
| if (obj_cnt && str && to_add_len > -1) { | |
| add_assoc_stringl(subitem, sname, (char *)to_add, to_add_len, 1); |
add_assoc_stringl(subitem, sname, (char *)to_add, to_add_len, 1); |
| } |
} |
| } |
} |
|
Line 954 static EVP_MD * php_openssl_get_evp_md_from_algo(long
|
Line 949 static EVP_MD * php_openssl_get_evp_md_from_algo(long
|
| case OPENSSL_ALGO_DSS1: |
case OPENSSL_ALGO_DSS1: |
| mdtype = (EVP_MD *) EVP_dss1(); |
mdtype = (EVP_MD *) EVP_dss1(); |
| break; |
break; |
| |
#if OPENSSL_VERSION_NUMBER >= 0x0090708fL |
| |
case OPENSSL_ALGO_SHA224: |
| |
mdtype = (EVP_MD *) EVP_sha224(); |
| |
break; |
| |
case OPENSSL_ALGO_SHA256: |
| |
mdtype = (EVP_MD *) EVP_sha256(); |
| |
break; |
| |
case OPENSSL_ALGO_SHA384: |
| |
mdtype = (EVP_MD *) EVP_sha384(); |
| |
break; |
| |
case OPENSSL_ALGO_SHA512: |
| |
mdtype = (EVP_MD *) EVP_sha512(); |
| |
break; |
| |
case OPENSSL_ALGO_RMD160: |
| |
mdtype = (EVP_MD *) EVP_ripemd160(); |
| |
break; |
| |
#endif |
| default: |
default: |
| return NULL; |
return NULL; |
| break; |
break; |
|
Line 1048 PHP_MINIT_FUNCTION(openssl)
|
Line 1060 PHP_MINIT_FUNCTION(openssl)
|
| REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD2", OPENSSL_ALGO_MD2, CONST_CS|CONST_PERSISTENT); |
REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD2", OPENSSL_ALGO_MD2, CONST_CS|CONST_PERSISTENT); |
| #endif |
#endif |
| REGISTER_LONG_CONSTANT("OPENSSL_ALGO_DSS1", OPENSSL_ALGO_DSS1, CONST_CS|CONST_PERSISTENT); |
REGISTER_LONG_CONSTANT("OPENSSL_ALGO_DSS1", OPENSSL_ALGO_DSS1, CONST_CS|CONST_PERSISTENT); |
| |
#if OPENSSL_VERSION_NUMBER >= 0x0090708fL |
| |
REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA224", OPENSSL_ALGO_SHA224, CONST_CS|CONST_PERSISTENT); |
| |
REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA256", OPENSSL_ALGO_SHA256, CONST_CS|CONST_PERSISTENT); |
| |
REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA384", OPENSSL_ALGO_SHA384, CONST_CS|CONST_PERSISTENT); |
| |
REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA512", OPENSSL_ALGO_SHA512, CONST_CS|CONST_PERSISTENT); |
| |
REGISTER_LONG_CONSTANT("OPENSSL_ALGO_RMD160", OPENSSL_ALGO_RMD160, CONST_CS|CONST_PERSISTENT); |
| |
#endif |
| |
|
| /* flags for S/MIME */ |
/* flags for S/MIME */ |
| REGISTER_LONG_CONSTANT("PKCS7_DETACHED", PKCS7_DETACHED, CONST_CS|CONST_PERSISTENT); |
REGISTER_LONG_CONSTANT("PKCS7_DETACHED", PKCS7_DETACHED, CONST_CS|CONST_PERSISTENT); |
|
Line 1368 PHP_FUNCTION(openssl_x509_check_private_key)
|
Line 1387 PHP_FUNCTION(openssl_x509_check_private_key)
|
| } |
} |
| /* }}} */ |
/* }}} */ |
| |
|
| |
/* Special handling of subjectAltName, see CVE-2013-4073 |
| |
* Christian Heimes |
| |
*/ |
| |
|
| |
static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) |
| |
{ |
| |
GENERAL_NAMES *names; |
| |
const X509V3_EXT_METHOD *method = NULL; |
| |
long i, length, num; |
| |
const unsigned char *p; |
| |
|
| |
method = X509V3_EXT_get(extension); |
| |
if (method == NULL) { |
| |
return -1; |
| |
} |
| |
|
| |
p = extension->value->data; |
| |
length = extension->value->length; |
| |
if (method->it) { |
| |
names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, |
| |
ASN1_ITEM_ptr(method->it))); |
| |
} else { |
| |
names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); |
| |
} |
| |
if (names == NULL) { |
| |
return -1; |
| |
} |
| |
|
| |
num = sk_GENERAL_NAME_num(names); |
| |
for (i = 0; i < num; i++) { |
| |
GENERAL_NAME *name; |
| |
ASN1_STRING *as; |
| |
name = sk_GENERAL_NAME_value(names, i); |
| |
switch (name->type) { |
| |
case GEN_EMAIL: |
| |
BIO_puts(bio, "email:"); |
| |
as = name->d.rfc822Name; |
| |
BIO_write(bio, ASN1_STRING_data(as), |
| |
ASN1_STRING_length(as)); |
| |
break; |
| |
case GEN_DNS: |
| |
BIO_puts(bio, "DNS:"); |
| |
as = name->d.dNSName; |
| |
BIO_write(bio, ASN1_STRING_data(as), |
| |
ASN1_STRING_length(as)); |
| |
break; |
| |
case GEN_URI: |
| |
BIO_puts(bio, "URI:"); |
| |
as = name->d.uniformResourceIdentifier; |
| |
BIO_write(bio, ASN1_STRING_data(as), |
| |
ASN1_STRING_length(as)); |
| |
break; |
| |
default: |
| |
/* use builtin print for GEN_OTHERNAME, GEN_X400, |
| |
* GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID |
| |
*/ |
| |
GENERAL_NAME_print(bio, name); |
| |
} |
| |
/* trailing ', ' except for last element */ |
| |
if (i < (num - 1)) { |
| |
BIO_puts(bio, ", "); |
| |
} |
| |
} |
| |
sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); |
| |
|
| |
return 0; |
| |
} |
| |
|
| /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true]) |
/* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true]) |
| Returns an array of the fields/values of the CERT */ |
Returns an array of the fields/values of the CERT */ |
| PHP_FUNCTION(openssl_x509_parse) |
PHP_FUNCTION(openssl_x509_parse) |
|
Line 1464 PHP_FUNCTION(openssl_x509_parse)
|
Line 1551 PHP_FUNCTION(openssl_x509_parse)
|
| |
|
| |
|
| for (i = 0; i < X509_get_ext_count(cert); i++) { |
for (i = 0; i < X509_get_ext_count(cert); i++) { |
| |
int nid; |
| extension = X509_get_ext(cert, i); |
extension = X509_get_ext(cert, i); |
| if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { | nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); |
| | if (nid != NID_undef) { |
| extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); |
extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); |
| } else { |
} else { |
| OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); |
OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); |
| extname = buf; |
extname = buf; |
| } |
} |
| bio_out = BIO_new(BIO_s_mem()); |
bio_out = BIO_new(BIO_s_mem()); |
| if (X509V3_EXT_print(bio_out, extension, 0, 0)) { | if (nid == NID_subject_alt_name) { |
| | if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) { |
| | BIO_get_mem_ptr(bio_out, &bio_buf); |
| | add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); |
| | } else { |
| | zval_dtor(return_value); |
| | if (certresource == -1 && cert) { |
| | X509_free(cert); |
| | } |
| | BIO_free(bio_out); |
| | RETURN_FALSE; |
| | } |
| | } |
| | else if (X509V3_EXT_print(bio_out, extension, 0, 0)) { |
| BIO_get_mem_ptr(bio_out, &bio_buf); |
BIO_get_mem_ptr(bio_out, &bio_buf); |
| add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); |
add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); |
| } else { |
} else { |
|
Line 3174 PHP_FUNCTION(openssl_pkey_get_public)
|
Line 3276 PHP_FUNCTION(openssl_pkey_get_public)
|
| if (pkey == NULL) { |
if (pkey == NULL) { |
| RETURN_FALSE; |
RETURN_FALSE; |
| } |
} |
| |
zend_list_addref(Z_LVAL_P(return_value)); |
| } |
} |
| /* }}} */ |
/* }}} */ |
| |
|
|
Line 3210 PHP_FUNCTION(openssl_pkey_get_private)
|
Line 3313 PHP_FUNCTION(openssl_pkey_get_private)
|
| if (pkey == NULL) { |
if (pkey == NULL) { |
| RETURN_FALSE; |
RETURN_FALSE; |
| } |
} |
| |
zend_list_addref(Z_LVAL_P(return_value)); |
| } |
} |
| |
|
| /* }}} */ |
/* }}} */ |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to openssl.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / php / ext / openssl