Skip to content

Add openssl_x509_verify() function #3624

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
DASPRiD wants to merge 2 commits into from
Closed

Add openssl_x509_verify() function #3624

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
87e2d3c
Add openssl_x509_verify() function
DASPRiD Oct 20, 2018
3e23b9f
Address review comments
DASPRiD Oct 22, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions ext/openssl/openssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,11 @@ ZEND_BEGIN_ARG_INFO(arginfo_openssl_x509_check_private_key, 0)
ZEND_ARG_INFO(0, key)
ZEND_END_ARG_INFO()

ZEND_BEGIN_ARG_INFO(arginfo_openssl_x509_verify, 0)
ZEND_ARG_INFO(0, cert)
ZEND_ARG_INFO(0, key)
ZEND_END_ARG_INFO()

ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_x509_parse, 0, 0, 1)
ZEND_ARG_INFO(0, x509)
ZEND_ARG_INFO(0, shortname)
Expand Down Expand Up @@ -492,6 +497,7 @@ static const zend_function_entry openssl_functions[] = {
PHP_FE(openssl_x509_parse, arginfo_openssl_x509_parse)
PHP_FE(openssl_x509_checkpurpose, arginfo_openssl_x509_checkpurpose)
PHP_FE(openssl_x509_check_private_key, arginfo_openssl_x509_check_private_key)
PHP_FE(openssl_x509_verify, arginfo_openssl_x509_verify)
PHP_FE(openssl_x509_export, arginfo_openssl_x509_export)
PHP_FE(openssl_x509_fingerprint, arginfo_openssl_x509_fingerprint)
PHP_FE(openssl_x509_export_to_file, arginfo_openssl_x509_export_to_file)
Expand Down Expand Up @@ -2224,6 +2230,46 @@ PHP_FUNCTION(openssl_x509_check_private_key)
}
/* }}} */

/* {{{ proto int openssl_x509_verify(mixed cert, mixed key)
Verifies the signature of certificate cert using public key key */
PHP_FUNCTION(openssl_x509_verify)
{
zval * zcert, *zkey;
X509 * cert = NULL;
EVP_PKEY * key = NULL;
zend_resource *keyresource = NULL;
int err = -1;

if (zend_parse_parameters(ZEND_NUM_ARGS(), "zz", &zcert, &zkey) == FAILURE) {
return;
}
cert = php_openssl_x509_from_zval(zcert, 0, NULL);
if (cert == NULL) {
RETURN_LONG(err);
}
key = php_openssl_evp_from_zval(zkey, 1, NULL, 0, 0, &keyresource);
if (key == NULL) {
X509_free(cert);
RETURN_LONG(err);
}

err = X509_verify(cert, key);

if (err < 0) {
php_openssl_store_errors();
}

if (keyresource == NULL && key) {
EVP_PKEY_free(key);
}
if (Z_TYPE_P(zcert) != IS_RESOURCE) {
X509_free(cert);
}

RETURN_LONG(err);
}
/* }}} */

/* Special handling of subjectAltName, see CVE-2013-4073
* Christian Heimes
*/
Expand Down
1 change: 1 addition & 0 deletions ext/openssl/php_openssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,7 @@ PHP_FUNCTION(openssl_x509_export);
PHP_FUNCTION(openssl_x509_fingerprint);
PHP_FUNCTION(openssl_x509_export_to_file);
PHP_FUNCTION(openssl_x509_check_private_key);
PHP_FUNCTION(openssl_x509_verify);

PHP_FUNCTION(openssl_pkcs12_export);
PHP_FUNCTION(openssl_pkcs12_export_to_file);
Expand Down
32 changes: 32 additions & 0 deletions ext/openssl/tests/openssl_x509_verify.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
--TEST--
openssl_x509_verify() tests
--SKIPIF--
<?php if (!extension_loaded("openssl")) print "skip"; ?>
--FILE--
<?php
$fp = fopen(dirname(__FILE__) . "/cert.crt","r");
$a = fread($fp, 8192);
fclose($fp);

$fp = fopen(dirname(__FILE__) . "/public.key","r");
$b = fread($fp, 8192);
fclose($fp);

$cert = "file://" . dirname(__FILE__) . "/cert.crt";
$key = "file://" . dirname(__FILE__) . "/public.key";
$wrongKey = "file://" . dirname(__FILE__) . "/public_rsa_2048.key";

var_dump(openssl_x509_verify($cert, $key));
var_dump(openssl_x509_verify("", $key));
var_dump(openssl_x509_verify($cert, ""));
var_dump(openssl_x509_verify("", ""));
var_dump(openssl_x509_verify(openssl_x509_read($a), $b));
var_dump(openssl_x509_verify($cert, $wrongKey));
?>
--EXPECT--
int(1)
int(-1)
int(-1)
int(-1)
int(1)
int(0)
9 changes: 9 additions & 0 deletions ext/openssl/tests/public_rsa_2048.key
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbUmVW1Y+rJzZRC3DYB0
kdIgvk7MAday78ybGPPDhVlbAb4CjWbaPs4nyUCTEt9KVG0H7pXHxDbWSsC2974z
dvqlP0L2op1/M2SteTcGCBOdwGH2jORVAZL8/WbTOf9IpKAM77oN14scsyOlQBJq
hh+xrLg8ksB2dOos54yDqo0Tq7R5tldV+alKZXWlJnqRCfFuxvqtfWI5nGTAedVZ
hvjQfLQQgujfXHoFWoGbXn2buzfwKGJEeqWPbQOZF/FeOJPlgOBhhDb3BAFNVCtM
3k71Rblj54pNd3yvq152xsgFd0o3s15fuSwZgerUjeEuw/wTK9k7vyp+MrIQHQmP
dQIDAQAB
-----END PUBLIC KEY-----