Skip to content

Commit ee939b7

Browse files
DASPRiDpetk
DASPRiD
authored and
petk
committed
Add openssl_x509_verify() function
This patch introduces a wrapper around OpenSSL's X509_verify() function.
1 parent 22889c9 commit ee939b7

File tree

4 files changed

+88
-0
lines changed

4 files changed

+88
-0
lines changed

ext/openssl/openssl.c

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,11 @@ ZEND_BEGIN_ARG_INFO(arginfo_openssl_x509_check_private_key, 0)
153153
ZEND_ARG_INFO(0, key)
154154
ZEND_END_ARG_INFO()
155155

156+
ZEND_BEGIN_ARG_INFO(arginfo_openssl_x509_verify, 0)
157+
ZEND_ARG_INFO(0, cert)
158+
ZEND_ARG_INFO(0, key)
159+
ZEND_END_ARG_INFO()
160+
156161
ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_x509_parse, 0, 0, 1)
157162
ZEND_ARG_INFO(0, x509)
158163
ZEND_ARG_INFO(0, shortname)
@@ -492,6 +497,7 @@ static const zend_function_entry openssl_functions[] = {
492497
PHP_FE(openssl_x509_parse, arginfo_openssl_x509_parse)
493498
PHP_FE(openssl_x509_checkpurpose, arginfo_openssl_x509_checkpurpose)
494499
PHP_FE(openssl_x509_check_private_key, arginfo_openssl_x509_check_private_key)
500+
PHP_FE(openssl_x509_verify, arginfo_openssl_x509_verify)
495501
PHP_FE(openssl_x509_export, arginfo_openssl_x509_export)
496502
PHP_FE(openssl_x509_fingerprint, arginfo_openssl_x509_fingerprint)
497503
PHP_FE(openssl_x509_export_to_file, arginfo_openssl_x509_export_to_file)
@@ -2224,6 +2230,46 @@ PHP_FUNCTION(openssl_x509_check_private_key)
22242230
}
22252231
/* }}} */
22262232

2233+
/* {{{ proto int openssl_x509_verify(mixed cert, mixed key)
2234+
Verifies the signature of certificate cert using public key key */
2235+
PHP_FUNCTION(openssl_x509_verify)
2236+
{
2237+
zval * zcert, *zkey;
2238+
X509 * cert = NULL;
2239+
EVP_PKEY * key = NULL;
2240+
zend_resource *keyresource = NULL;
2241+
int err = -1;
2242+
2243+
if (zend_parse_parameters(ZEND_NUM_ARGS(), "zz", &zcert, &zkey) == FAILURE) {
2244+
return;
2245+
}
2246+
cert = php_openssl_x509_from_zval(zcert, 0, NULL);
2247+
if (cert == NULL) {
2248+
RETURN_LONG(err);
2249+
}
2250+
key = php_openssl_evp_from_zval(zkey, 1, NULL, 0, 0, &keyresource);
2251+
if (key == NULL) {
2252+
X509_free(cert);
2253+
RETURN_LONG(err);
2254+
}
2255+
2256+
err = X509_verify(cert, key);
2257+
2258+
if (err < 0) {
2259+
php_openssl_store_errors();
2260+
}
2261+
2262+
if (keyresource == NULL && key) {
2263+
EVP_PKEY_free(key);
2264+
}
2265+
if (Z_TYPE_P(zcert) != IS_RESOURCE) {
2266+
X509_free(cert);
2267+
}
2268+
2269+
RETURN_LONG(err);
2270+
}
2271+
/* }}} */
2272+
22272273
/* Special handling of subjectAltName, see CVE-2013-4073
22282274
* Christian Heimes
22292275
*/

ext/openssl/php_openssl.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -127,6 +127,7 @@ PHP_FUNCTION(openssl_x509_export);
127127
PHP_FUNCTION(openssl_x509_fingerprint);
128128
PHP_FUNCTION(openssl_x509_export_to_file);
129129
PHP_FUNCTION(openssl_x509_check_private_key);
130+
PHP_FUNCTION(openssl_x509_verify);
130131

131132
PHP_FUNCTION(openssl_pkcs12_export);
132133
PHP_FUNCTION(openssl_pkcs12_export_to_file);

ext/openssl/tests/openssl_x509_verify.phpt

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
--TEST--
2+
openssl_x509_verify() tests
3+
--SKIPIF--
4+
<?php if (!extension_loaded("openssl")) print "skip"; ?>
5+
--FILE--
6+
<?php
7+
$fp = fopen(dirname(__FILE__) . "/cert.crt","r");
8+
$a = fread($fp, 8192);
9+
fclose($fp);
10+
11+
$fp = fopen(dirname(__FILE__) . "/public.key","r");
12+
$b = fread($fp, 8192);
13+
fclose($fp);
14+
15+
$cert = "file://" . dirname(__FILE__) . "/cert.crt";
16+
$key = "file://" . dirname(__FILE__) . "/public.key";
17+
$wrongKey = "file://" . dirname(__FILE__) . "/public_rsa_2048.key";
18+
19+
var_dump(openssl_x509_verify($cert, $key));
20+
var_dump(openssl_x509_verify("", $key));
21+
var_dump(openssl_x509_verify($cert, ""));
22+
var_dump(openssl_x509_verify("", ""));
23+
var_dump(openssl_x509_verify(openssl_x509_read($a), $b));
24+
var_dump(openssl_x509_verify($cert, $wrongKey));
25+
?>
26+
--EXPECT--
27+
int(1)
28+
int(-1)
29+
int(-1)
30+
int(-1)
31+
int(1)
32+
int(0)

ext/openssl/tests/public_rsa_2048.key

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
-----BEGIN PUBLIC KEY-----
2+
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbUmVW1Y+rJzZRC3DYB0
3+
kdIgvk7MAday78ybGPPDhVlbAb4CjWbaPs4nyUCTEt9KVG0H7pXHxDbWSsC2974z
4+
dvqlP0L2op1/M2SteTcGCBOdwGH2jORVAZL8/WbTOf9IpKAM77oN14scsyOlQBJq
5+
hh+xrLg8ksB2dOos54yDqo0Tq7R5tldV+alKZXWlJnqRCfFuxvqtfWI5nGTAedVZ
6+
hvjQfLQQgujfXHoFWoGbXn2buzfwKGJEeqWPbQOZF/FeOJPlgOBhhDb3BAFNVCtM
7+
3k71Rblj54pNd3yvq152xsgFd0o3s15fuSwZgerUjeEuw/wTK9k7vyp+MrIQHQmP
8+
dQIDAQAB
9+
-----END PUBLIC KEY-----

0 commit comments

Comments
 (0)