array_init(subitem);
for (i = 0; i < X509_NAME_entry_count(name); i++) {
- ne = X509_NAME_get_entry(name, i);
+ ne = X509_NAME_get_entry(name, i);
obj = X509_NAME_ENTRY_get_object(ne);
str = X509_NAME_ENTRY_get_data(ne);
nid = OBJ_obj2nid(obj);
if (shortname) {
sn = (char*)OBJ_nid2sn(nid);
add_assoc_stringl(subitem, sn, str->data, str->length, 1);
- }
- else {
+ } else {
ln = (char*)OBJ_nid2ln(nid);
add_assoc_stringl(subitem, ln, str->data, str->length, 1);
}
strbuf = estrdup(timestr->data);
-
memset(&thetime, 0, sizeof(thetime));
/* we work backwards so that we can use atoi more easily */
int i;
str = CONF_get_string(req->req_config, NULL, "oid_section");
- if (str == NULL)
+ if (str == NULL) {
return SUCCESS;
-
+ }
sktmp = CONF_get_section(req->req_config, str);
if (sktmp == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "problem loading oid section %s", str);
for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
cnf = sk_CONF_VALUE_value(sktmp, i);
if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "problem creating object %s=%s",
- cnf->name, cnf->value);
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "problem creating object %s=%s", cnf->name, cnf->value);
return FAILURE;
}
}
req->global_config = CONF_load(NULL, default_ssl_conf_filename, NULL);
req->req_config = CONF_load(NULL, req->config_filename, NULL);
- if (req->req_config == NULL)
+ if (req->req_config == NULL) {
return FAILURE;
-
+ }
/* read in the oids */
str = CONF_get_string(req->req_config, NULL, "oid_file");
BIO_free(oid_bio);
}
}
- if (add_oid_section(req TSRMLS_CC) == FAILURE)
+ if (add_oid_section(req TSRMLS_CC) == FAILURE) {
return FAILURE;
-
+ }
SET_OPTIONAL_STRING_ARG("digest_alg", req->digest_name,
CONF_get_string(req->req_config, req->section_name, "default_md"));
SET_OPTIONAL_STRING_ARG("x509_extensions", req->extensions_section,
if (optional_args && zend_hash_find(Z_ARRVAL_P(optional_args), "encrypt_key", sizeof("encrypt_key"), (void**)&item) == SUCCESS) {
req->priv_key_encrypt = Z_BVAL_PP(item);
- }
- else {
+ } else {
str = CONF_get_string(req->req_config, req->section_name, "encrypt_rsa_key");
- if (str == NULL)
+ if (str == NULL) {
str = CONF_get_string(req->req_config, req->section_name, "encrypt_key");
- if (str && strcmp(str, "no") == 0)
+ }
+ if (str && strcmp(str, "no") == 0) {
req->priv_key_encrypt = 0;
- else
+ } else {
req->priv_key_encrypt = 1;
+ }
}
-
/* digest alg */
- if (req->digest_name == NULL)
+ if (req->digest_name == NULL) {
req->digest_name = CONF_get_string(req->req_config, req->section_name, "default_md");
- if (req->digest_name)
+ }
+ if (req->digest_name) {
req->digest = req->md_alg = EVP_get_digestbyname(req->digest_name);
- if (req->md_alg == NULL)
+ }
+ if (req->md_alg == NULL) {
req->md_alg = req->digest = EVP_md5();
+ }
PHP_SSL_CONFIG_SYNTAX_CHECK(extensions_section);
return FAILURE;
}
- if (req->request_extensions_section == NULL)
+ if (req->request_extensions_section == NULL) {
req->request_extensions_section = CONF_get_string(req->req_config, req->section_name, "req_extensions");
-
+ }
PHP_SSL_CONFIG_SYNTAX_CHECK(request_extensions_section);
return SUCCESS;
#ifdef WINDOWS
RAND_screen();
#endif
- if (file == NULL)
+ if (file == NULL) {
file = RAND_file_name(buffer, sizeof(buffer));
- else if (RAND_egd(file) > 0) {
+ } else if (RAND_egd(file) > 0) {
/* if the given filename is an EGD socket, don't
* write anything back to it */
*egdsocket = 1;
* a low-entropy seed file back */
return FAILURE;
}
- if (file == NULL)
+ if (file == NULL) {
file = RAND_file_name(buffer, sizeof(buffer));
+ }
if (file == NULL || !RAND_write_file(file)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to write random state");
return FAILURE;
REGISTER_LONG_CONSTANT("PKCS7_BINARY", PKCS7_BINARY, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);
- REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING",
- RSA_PKCS1_PADDING,
- CONST_CS|CONST_PERSISTENT);
- REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING",
- RSA_SSLV23_PADDING,
- CONST_CS|CONST_PERSISTENT);
- REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING",
- RSA_NO_PADDING,
- CONST_CS|CONST_PERSISTENT);
- REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING",
- RSA_PKCS1_OAEP_PADDING,
- CONST_CS|CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
/* Values for key types */
- REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_RSA",
- OPENSSL_KEYTYPE_RSA, CONST_CS | CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_RSA", OPENSSL_KEYTYPE_RSA, CONST_CS|CONST_PERSISTENT);
#ifndef NO_DSA
- REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_DSA",
- OPENSSL_KEYTYPE_DSA, CONST_CS | CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_DSA", OPENSSL_KEYTYPE_DSA, CONST_CS|CONST_PERSISTENT);
#endif
- REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_DH",
- OPENSSL_KEYTYPE_DH, CONST_CS | CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_DH", OPENSSL_KEYTYPE_DH, CONST_CS|CONST_PERSISTENT);
/* Determine default SSL configuration file */
config_filename = getenv("OPENSSL_CONF");
- if (config_filename == NULL)
+ if (config_filename == NULL) {
config_filename = getenv("SSLEAY_CONF");
+ }
/* default to 'openssl.cnf' if no environment variable is set */
if (config_filename == NULL) {
snprintf(default_ssl_conf_filename, sizeof(default_ssl_conf_filename), "%s/%s",
X509_get_default_cert_area(),
"openssl.cnf");
+ } else {
+ strlcpy(default_ssl_conf_filename, config_filename, sizeof(default_ssl_conf_filename));
}
- else
- strncpy(default_ssl_conf_filename, config_filename, sizeof(default_ssl_conf_filename));
-
return SUCCESS;
}
/* }}} */
{
X509 *cert = NULL;
- if (resourceval)
+ if (resourceval) {
*resourceval = -1;
-
+ }
if (Z_TYPE_PP(val) == IS_RESOURCE) {
/* is it an x509 resource ? */
void * what;
int type;
what = zend_fetch_resource(val TSRMLS_CC, -1, "OpenSSL X.509", &type, 1, le_x509);
- if (!what)
+ if (!what) {
return NULL;
-
+ }
/* this is so callers can decide if they should free the X509 */
- if (resourceval)
+ if (resourceval) {
*resourceval = Z_LVAL_PP(val);
-
- if (type == le_x509)
+ }
+ if (type == le_x509) {
return (X509*)what;
-
+ }
/* other types could be used here - eg: file pointers and read in the data from them */
return NULL;
/* force it to be a string and check if it refers to a file */
convert_to_string_ex(val);
- if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", 7) == 0) {
+ if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", sizeof("file://") - 1) == 0) {
/* read cert from the named file */
BIO *in;
- if (php_openssl_safe_mode_chk(Z_STRVAL_PP(val) + 7 TSRMLS_CC)) {
+ if (php_openssl_safe_mode_chk(Z_STRVAL_PP(val) + (sizeof("file://") - 1) TSRMLS_CC)) {
return NULL;
}
- in = BIO_new_file(Z_STRVAL_PP(val) + 7, "r");
- if (in == NULL)
+ in = BIO_new_file(Z_STRVAL_PP(val) + (sizeof("file://") - 1), "r");
+ if (in == NULL) {
return NULL;
+ }
cert = PEM_read_bio_X509(in, NULL, NULL, NULL);
BIO_free(in);
-
- }
- else {
+ } else {
BIO *in;
in = BIO_new_mem_buf(Z_STRVAL_PP(val), Z_STRLEN_PP(val));
- if (in == NULL)
+ if (in == NULL) {
return NULL;
-
- cert = (X509 *) PEM_ASN1_read_bio((char *(*)())d2i_X509,
- PEM_STRING_X509, in,
- NULL, NULL, NULL);
+ }
+ cert = (X509 *) PEM_ASN1_read_bio((char *(*)())d2i_X509, PEM_STRING_X509, in, NULL, NULL, NULL);
BIO_free(in);
}
char * filename;
long filename_len;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|b", &zcert, &filename, &filename_len, ¬ext) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|b", &zcert, &filename, &filename_len, ¬ext) == FAILURE) {
return;
-
+ }
RETVAL_FALSE;
cert = php_openssl_x509_from_zval(&zcert, 0, &certresource TSRMLS_CC);
bio_out = BIO_new_file(filename, "w");
if (bio_out) {
- if (!notext)
+ if (!notext) {
X509_print(bio_out, cert);
+ }
PEM_write_bio_X509(bio_out, cert);
RETVAL_TRUE;
- }
- else
+ } else {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "error opening file %s", filename);
-
- if (certresource == -1 && cert)
+ }
+ if (certresource == -1 && cert) {
X509_free(cert);
-
+ }
BIO_free(bio_out);
-
}
/* }}} */
char * bio_mem_ptr;
long bio_mem_len;
-
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rz|b", &zcert, &zout, ¬ext) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rz|b", &zcert, &zout, ¬ext) == FAILURE) {
return;
-
+ }
RETVAL_FALSE;
cert = php_openssl_x509_from_zval(&zcert, 0, &certresource TSRMLS_CC);
}
bio_out = BIO_new(BIO_s_mem());
- if (!notext)
+ if (!notext) {
X509_print(bio_out, cert);
+ }
PEM_write_bio_X509(bio_out, cert);
bio_mem_len = BIO_get_mem_data(bio_out, &bio_mem_ptr);
RETVAL_TRUE;
- if (certresource == -1 && cert)
+ if (certresource == -1 && cert) {
X509_free(cert);
-
+ }
BIO_free(bio_out);
-
}
/* }}} */
RETVAL_FALSE;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &zcert, &zkey) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &zcert, &zkey) == FAILURE) {
return;
-
+ }
cert = php_openssl_x509_from_zval(&zcert, 0, &certresource TSRMLS_CC);
- if (cert == NULL)
+ if (cert == NULL) {
RETURN_FALSE;
-
+ }
key = php_openssl_evp_from_zval(&zkey, 0, "", 1, &keyresource TSRMLS_CC);
if (key) {
RETVAL_BOOL(X509_check_private_key(cert, key));
}
- if (keyresource == -1 && key)
+ if (keyresource == -1 && key) {
EVP_PKEY_free(key);
- if (certresource == -1 && cert)
+ }
+ if (certresource == -1 && cert) {
X509_free(cert);
+ }
}
/* }}} */
char * tmpstr;
zval * subitem;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|b", &zcert, &useshortnames) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|b", &zcert, &useshortnames) == FAILURE) {
return;
-
+ }
cert = php_openssl_x509_from_zval(&zcert, 0, &certresource TSRMLS_CC);
- if (cert == NULL)
+ if (cert == NULL) {
RETURN_FALSE;
-
+ }
array_init(return_value);
- if (cert->name)
+ if (cert->name) {
add_assoc_string(return_value, "name", cert->name, 1);
+ }
/* add_assoc_bool(return_value, "valid", cert->valid); */
add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC);
add_assoc_long(return_value, "validTo_time_t", asn1_time_to_time_t(X509_get_notAfter(cert) TSRMLS_CC));
tmpstr = X509_alias_get0(cert, NULL);
- if (tmpstr)
+ if (tmpstr) {
add_assoc_string(return_value, "alias", tmpstr, 1);
-
+ }
/*
add_assoc_long(return_value, "signaturetypeLONG", X509_get_signature_type(cert));
add_assoc_string(return_value, "signaturetype", OBJ_nid2sn(X509_get_signature_type(cert)), 1);
}
add_assoc_zval(return_value, "purposes", subitem);
- if (certresource == -1 && cert)
+ if (certresource == -1 && cert) {
X509_free(cert);
-
+ }
}
/* }}} */
/* {{{ load_all_certs_from_file */
static STACK_OF(X509) * load_all_certs_from_file(char *certfile)
{
- STACK_OF(X509_INFO) *sk=NULL;
- STACK_OF(X509) *stack=NULL, *ret=NULL;
- BIO *in=NULL;
- X509_INFO *xi;
- TSRMLS_FETCH();
+ STACK_OF(X509_INFO) *sk=NULL;
+ STACK_OF(X509) *stack=NULL, *ret=NULL;
+ BIO *in=NULL;
+ X509_INFO *xi;
+ TSRMLS_FETCH();
if(!(stack = sk_X509_new_null())) {
php_error_docref(NULL TSRMLS_CC, E_ERROR, "memory allocation failure");
}
/* scan over it and pull out the certs */
- while (sk_X509_INFO_num(sk))
- {
+ while (sk_X509_INFO_num(sk)) {
xi=sk_X509_INFO_shift(sk);
- if (xi->x509 != NULL)
- {
+ if (xi->x509 != NULL) {
sk_X509_push(stack,xi->x509);
xi->x509=NULL;
}
TSRMLS_FETCH();
csc = X509_STORE_CTX_new();
- if (csc == NULL)
- {
+ if (csc == NULL) {
php_error_docref(NULL TSRMLS_CC, E_ERROR, "memory allocation failure");
return 0;
}
X509_STORE_CTX_init(csc, ctx, x, untrustedchain);
- if(purpose >= 0)
+ if(purpose >= 0) {
X509_STORE_CTX_set_purpose(csc, purpose);
-
+ }
ret = X509_verify_cert(csc);
X509_STORE_CTX_free(csc);
long untrusted_len;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zl|a!s", &zcert, &purpose, &zcainfo, &untrusted, &untrusted_len)
- == FAILURE)
+ == FAILURE) {
return;
+ }
RETVAL_LONG(-1);
if (untrusted) {
untrustedchain = load_all_certs_from_file(untrusted);
- if (untrustedchain == NULL)
+ if (untrustedchain == NULL) {
goto clean_exit;
+ }
}
cainfo = setup_verify(zcainfo TSRMLS_CC);
- if (cainfo == NULL)
+ if (cainfo == NULL) {
goto clean_exit;
-
+ }
cert = php_openssl_x509_from_zval(&zcert, 0, &certresource TSRMLS_CC);
- if (cert == NULL)
+ if (cert == NULL) {
goto clean_exit;
-
+ }
RETVAL_LONG(check_cert(cainfo, cert, untrustedchain, purpose));
clean_exit:
- if (certresource == 1 && cert)
+ if (certresource == 1 && cert) {
X509_free(cert);
- if (cainfo)
- X509_STORE_free(cainfo);
- if (untrustedchain)
+ }
+ if (cainfo) {
+ X509_STORE_free(cainfo);
+ }
+ if (untrustedchain) {
sk_X509_pop_free(untrustedchain, X509_free);
+ }
}
/* }}} */
store = X509_STORE_new();
- if (store == NULL)
+ if (store == NULL) {
return NULL;
+ }
if (calist && (Z_TYPE_P(calist) == IS_ARRAY)) {
zend_hash_internal_pointer_reset_ex(HASH_OF(calist), &pos);
zval ** item;
struct stat sb;
- if (zend_hash_get_current_data_ex(HASH_OF(calist), (void**)&item, &pos) == FAILURE)
+ if (zend_hash_get_current_data_ex(HASH_OF(calist), (void**)&item, &pos) == FAILURE) {
break;
-
+ }
convert_to_string_ex(item);
if (VCWD_STAT(Z_STRVAL_PP(item), &sb) == -1) {
if ((sb.st_mode & S_IFREG) == S_IFREG) {
file_lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
- if (file_lookup == NULL || !X509_LOOKUP_load_file(file_lookup, Z_STRVAL_PP(item), X509_FILETYPE_PEM))
+ if (file_lookup == NULL || !X509_LOOKUP_load_file(file_lookup, Z_STRVAL_PP(item), X509_FILETYPE_PEM)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "error loading file %s", Z_STRVAL_PP(item));
- else
+ } else {
nfiles++;
+ }
file_lookup = NULL;
- }
- else {
+ } else {
dir_lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
- if (dir_lookup == NULL || !X509_LOOKUP_add_dir(dir_lookup, Z_STRVAL_PP(item), X509_FILETYPE_PEM))
+ if (dir_lookup == NULL || !X509_LOOKUP_add_dir(dir_lookup, Z_STRVAL_PP(item), X509_FILETYPE_PEM)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "error loading directory %s", Z_STRVAL_PP(item));
- else
+ } else {
ndirs++;
+ }
dir_lookup = NULL;
}
}
}
if (nfiles == 0) {
file_lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
- if (file_lookup)
+ if (file_lookup) {
X509_LOOKUP_load_file(file_lookup, NULL, X509_FILETYPE_DEFAULT);
+ }
}
if (ndirs == 0) {
dir_lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
- if (dir_lookup)
+ if (dir_lookup) {
X509_LOOKUP_add_dir(dir_lookup, NULL, X509_FILETYPE_DEFAULT);
+ }
}
return store;
}
zval *cert;
X509 *x509;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &cert) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &cert) == FAILURE) {
return;
-
+ }
Z_TYPE_P(return_value) = IS_RESOURCE;
x509 = php_openssl_x509_from_zval(&cert, 1, &Z_LVAL_P(return_value) TSRMLS_CC);
zval *x509;
X509 *cert;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &x509) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &x509) == FAILURE) {
return;
-
+ }
ZEND_FETCH_RESOURCE(cert, X509 *, &x509, -1, "OpenSSL X.509", le_x509);
zend_list_delete(Z_LVAL_P(x509));
}
char * str, *dn_sect, *attr_sect;
dn_sect = CONF_get_string(req->req_config, req->section_name, "distinguished_name");
- if (dn_sect == NULL)
+ if (dn_sect == NULL) {
return FAILURE;
+ }
dn_sk = CONF_get_section(req->req_config, dn_sect);
- if (dn_sk == NULL)
+ if (dn_sk == NULL) {
return FAILURE;
+ }
attr_sect = CONF_get_string(req->req_config, req->section_name, "attributes");
- if (attr_sect == NULL)
+ if (attr_sect == NULL) {
attr_sk = NULL;
- else {
+ } else {
attr_sk = CONF_get_section(req->req_config, attr_sect);
- if (attr_sk == NULL)
+ if (attr_sk == NULL) {
return FAILURE;
+ }
}
/* setup the version number: version 1 */
if (X509_REQ_set_version(csr, 0L)) {
nid = OBJ_txt2nid(strindex);
if (nid != NID_undef) {
- if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_ASC,
+ if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_ASC,
(unsigned char*)Z_STRVAL_PP(item), -1, -1, 0))
{
php_error_docref(NULL TSRMLS_CC, E_WARNING, "dn: add_entry_by_NID %d -> %s (failed)", nid, Z_STRVAL_PP(item));
type = v->name;
len = strlen(type);
- if (len < sizeof("_default"))
+ if (len < sizeof("_default")) {
continue;
+ }
len -= sizeof("_default") - 1;
if (strcmp("_default", type + len) != 0) {
continue;
for (str = type; *str; str++) {
if (*str == ':' || *str == ',' || *str == '.') {
str++;
- if (*str)
+ if (*str) {
type = str;
+ }
break;
}
}
/* if it is already set, skip this */
nid = OBJ_txt2nid(type);
- if (X509_NAME_get_index_by_NID(subj, nid, -1) >= 0)
+ if (X509_NAME_get_index_by_NID(subj, nid, -1) >= 0) {
continue;
- zend_printf("%s not already set; using default of %s\n", type, v->value);
- if (!X509_NAME_add_entry_by_txt(subj, type, MBSTRING_ASC, (unsigned char*)v->value, -1, -1, 0))
- {
+ }
+ if (!X509_NAME_add_entry_by_txt(subj, type, MBSTRING_ASC, (unsigned char*)v->value, -1, -1, 0)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "add_entry_by_txt %s -> %s (failed)", type, v->value);
return FAILURE;
}
nid = OBJ_txt2nid(strindex);
if (nid != NID_undef) {
- if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_ASC,
- (unsigned char*)Z_STRVAL_PP(item), -1, -1, 0))
- {
+ if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_ASC, (unsigned char*)Z_STRVAL_PP(item), -1, -1, 0)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "attribs: add_entry_by_NID %d -> %s (failed)", nid, Z_STRVAL_PP(item));
return FAILURE;
}
v = sk_CONF_VALUE_value(attr_sk, i);
/* if it is already set, skip this */
nid = OBJ_txt2nid(v->name);
- if (X509_REQ_get_attr_by_NID(csr, nid, -1) >= 0)
+ if (X509_REQ_get_attr_by_NID(csr, nid, -1) >= 0) {
continue;
-
- if (!X509_REQ_add1_attr_by_txt(csr, v->name, MBSTRING_ASC,
- (unsigned char*)v->value, -1))
- {
+ }
+ if (!X509_REQ_add1_attr_by_txt(csr, v->name, MBSTRING_ASC, (unsigned char*)v->value, -1)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "add1_attr_by_txt %s -> %s (failed)", v->name, v->value);
return FAILURE;
}
}
-
}
}
char * filename = NULL;
BIO * in;
- if (resourceval)
+ if (resourceval) {
*resourceval = -1;
-
+ }
if (Z_TYPE_PP(val) == IS_RESOURCE) {
void * what;
int type;
what = zend_fetch_resource(val TSRMLS_CC, -1, "OpenSSL X.509 CSR", &type, 1, le_csr);
if (what) {
- if (resourceval)
+ if (resourceval) {
*resourceval = Z_LVAL_PP(val);
+ }
return (X509_REQ*)what;
}
return NULL;
return NULL;
}
- if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", 7) == 0)
- filename = Z_STRVAL_PP(val) + 7;
-
+ if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", sizeof("file://") - 1) == 0) {
+ filename = Z_STRVAL_PP(val) + (sizeof("file://") - 1);
+ }
if (filename) {
if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
return NULL;
}
in = BIO_new_file(filename, "r");
- }
- else
+ } else {
in = BIO_new_mem_buf(Z_STRVAL_PP(val), Z_STRLEN_PP(val));
-
+ }
csr = PEM_read_bio_X509_REQ(in, NULL,NULL,NULL);
BIO_free(in);
BIO * bio_out;
long csr_resource;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|b", &zcsr, &filename, &filename_len, ¬ext) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|b", &zcsr, &filename, &filename_len, ¬ext) == FAILURE) {
return;
-
+ }
RETVAL_FALSE;
csr = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC);
bio_out = BIO_new_file(filename, "w");
if (bio_out) {
- if (!notext)
+ if (!notext) {
X509_REQ_print(bio_out, csr);
+ }
PEM_write_bio_X509_REQ(bio_out, csr);
RETVAL_TRUE;
} else {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "error opening file %s", filename);
}
- if (csr_resource == -1 && csr)
+ if (csr_resource == -1 && csr) {
X509_REQ_free(csr);
-
+ }
BIO_free(bio_out);
}
/* }}} */
char * bio_mem_ptr;
long bio_mem_len;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rz|b", &zcsr, &zout, ¬ext) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rz|b", &zcsr, &zout, ¬ext) == FAILURE) {
return;
-
+ }
RETVAL_FALSE;
csr = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC);
/* export to a var */
bio_out = BIO_new(BIO_s_mem());
- if (!notext)
+ if (!notext) {
X509_REQ_print(bio_out, csr);
+ }
PEM_write_bio_X509_REQ(bio_out, csr);
bio_mem_len = BIO_get_mem_data(bio_out, &bio_mem_ptr);
RETVAL_TRUE;
- if (csr_resource == -1 && csr)
+ if (csr_resource == -1 && csr) {
X509_REQ_free(csr);
-
+ }
BIO_free(bio_out);
}
/* }}} */
goto cleanup;
}
- if (PHP_SSL_REQ_PARSE(&req, args) == FAILURE)
+ if (PHP_SSL_REQ_PARSE(&req, args) == FAILURE) {
goto cleanup;
-
+ }
/* Check that the request matches the signature */
key = X509_REQ_get_pubkey(csr);
if (key == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Signature verification problems");
goto cleanup;
}
- else if (i==0) {
+ else if (i == 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Signature did not match the certificate request");
goto cleanup;
}
X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr));
- if (cert == NULL)
+ if (cert == NULL) {
cert = new_cert;
-
- if (!X509_set_issuer_name(new_cert, X509_get_subject_name(cert)))
+ }
+ if (!X509_set_issuer_name(new_cert, X509_get_subject_name(cert))) {
goto cleanup;
-
+ }
X509_gmtime_adj(X509_get_notBefore(new_cert), 0);
X509_gmtime_adj(X509_get_notAfter(new_cert), (long)60*60*24*num_days);
i = X509_set_pubkey(new_cert, key);
- if (!i)
+ if (!i) {
goto cleanup;
-
+ }
if (req.request_extensions_section) {
X509V3_CTX ctx;
X509V3_set_ctx(&ctx, cert, new_cert, csr, NULL, 0);
X509V3_set_conf_lhash(&ctx, req.req_config);
- if (!X509V3_EXT_add_conf(req.req_config, &ctx, req.request_extensions_section, new_cert))
+ if (!X509V3_EXT_add_conf(req.req_config, &ctx, req.request_extensions_section, new_cert)) {
goto cleanup;
+ }
}
/* Now sign it */
cleanup:
- if (cert == new_cert)
+ if (cert == new_cert) {
cert = NULL;
-
+ }
PHP_SSL_REQ_DISPOSE(&req);
- if (keyresource == -1 && priv_key)
+ if (keyresource == -1 && priv_key) {
EVP_PKEY_free(priv_key);
- if (key)
+ }
+ if (key) {
EVP_PKEY_free(key);
- if (csr_resource == -1 && csr)
+ }
+ if (csr_resource == -1 && csr) {
X509_REQ_free(csr);
- if (certresource == -1 && cert)
+ }
+ if (certresource == -1 && cert) {
X509_free(cert);
- if (new_cert)
+ }
+ if (new_cert) {
X509_free(new_cert);
+ }
}
/* }}} */
int we_made_the_key = 1;
long key_resource;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "az|a!a!", &dn, &out_pkey, &args, &attribs) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "az|a!a!", &dn, &out_pkey, &args, &attribs) == FAILURE) {
return;
-
+ }
RETVAL_FALSE;
PHP_SSL_REQ_INIT(&req);
- if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS)
- {
+ if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) {
/* Generate or use a private key */
if (Z_TYPE_P(out_pkey) != IS_NULL) {
req.priv_key = php_openssl_evp_from_zval(&out_pkey, 0, NULL, 0, &key_resource TSRMLS_CC);
- if (req.priv_key != NULL)
+ if (req.priv_key != NULL) {
we_made_the_key = 0;
+ }
}
- if (req.priv_key == NULL)
+ if (req.priv_key == NULL) {
php_openssl_generate_private_key(&req TSRMLS_CC);
- if (req.priv_key == NULL)
+ }
+ if (req.priv_key == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to generate a private key");
- else {
+ } else {
csr = X509_REQ_new();
if (csr) {
if (php_openssl_make_REQ(&req, csr, dn, attribs TSRMLS_CC) == SUCCESS) {
&ext_ctx, req.request_extensions_section, csr))
{
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error loading extension section %s", req.request_extensions_section);
- }
- else {
+ } else {
RETVAL_TRUE;
if (X509_REQ_sign(csr, req.priv_key, req.digest)) {
-
RETVAL_RESOURCE(zend_list_insert(csr, le_csr));
csr = NULL;
} else {
if (we_made_the_key) {
/* and a resource for the private key */
ZVAL_RESOURCE(out_pkey, zend_list_insert(req.priv_key, le_key));
- }
- else if (key_resource != -1)
+ } else if (key_resource != -1) {
req.priv_key = NULL; /* make sure the cleanup code doesn't zap it! */
+ }
}
}
}
}
}
- if (csr)
+ if (csr) {
X509_REQ_free(csr);
+ }
PHP_SSL_REQ_DISPOSE(&req);
}
/* }}} */
long cert_res = -1;
char * filename = NULL;
- if (resourceval)
+ if (resourceval) {
*resourceval = -1;
-
+ }
if (Z_TYPE_PP(val) == IS_ARRAY) {
zval ** zphrase;
int type;
what = zend_fetch_resource(val TSRMLS_CC, -1, "OpenSSL X.509/key", &type, 2, le_x509, le_key);
- if (!what)
+ if (!what) {
return NULL;
-
- if (resourceval)
+ }
+ if (resourceval) {
*resourceval = Z_LVAL_PP(val);
-
+ }
if (type == le_x509) {
/* extract key from cert, depending on public_key param */
cert = (X509*)what;
free_cert = 0;
- }
- else if (type == le_key) {
+ } else if (type == le_key) {
/* check whether it is actually a private key if requested */
- if (!public_key && !php_openssl_is_private_key((EVP_PKEY*)what TSRMLS_CC))
- {
+ if (!public_key && !php_openssl_is_private_key((EVP_PKEY*)what TSRMLS_CC)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "supplied key param is a public key");
return NULL;
}
/* other types could be used here - eg: file pointers and read in the data from them */
return NULL;
- }
- else {
+ } else {
/* force it to be a string and check if it refers to a file */
convert_to_string_ex(val);
- if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", 7) == 0)
- filename = Z_STRVAL_PP(val) + 7;
-
+ if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", sizeof("file://") - 1) == 0) {
+ filename = Z_STRVAL_PP(val) + (sizeof("file://") - 1);
+ }
/* it's an X509 file/cert of some kind, and we need to extract the data from that */
if (public_key) {
cert = php_openssl_x509_from_zval(val, 0, &cert_res TSRMLS_CC);
if (!cert) {
/* not a X509 certificate, try to retrieve public key */
BIO* in;
- if (filename)
+ if (filename) {
in = BIO_new_file(filename, "r");
- else
+ } else {
in = BIO_new_mem_buf(Z_STRVAL_PP(val), Z_STRLEN_PP(val));
-
- if (in == NULL)
+ }
+ if (in == NULL) {
return NULL;
-
+ }
key = PEM_read_bio_PUBKEY(in, NULL,NULL, NULL);
BIO_free(in);
}
- }
- else {
+ } else {
/* we want the private key */
if (filename) {
BIO *in;
return NULL;
}
in = BIO_new_file(filename, "r");
- if (in == NULL)
+ if (in == NULL) {
return NULL;
+ }
key = PEM_read_bio_PrivateKey(in, NULL,NULL, passphrase);
BIO_free(in);
- }
- else {
- BIO * b = BIO_new_mem_buf(Z_STRVAL_PP(val), Z_STRLEN_PP(val));
- if (b == NULL)
+ } else {
+ BIO *b = BIO_new_mem_buf(Z_STRVAL_PP(val), Z_STRLEN_PP(val));
+ if (b == NULL) {
return NULL;
-
+ }
key = (EVP_PKEY *) PEM_ASN1_read_bio((char *(*)())d2i_PrivateKey,
PEM_STRING_EVP_PKEY, b,
NULL, NULL, passphrase);
key = (EVP_PKEY *) X509_get_pubkey(cert);
}
- if (free_cert && cert)
+ if (free_cert && cert) {
X509_free(cert);
-
+ }
if (key && makeresource && resourceval) {
*resourceval = ZEND_REGISTER_RESOURCE(NULL, key, le_key);
}
case EVP_PKEY_RSA2:
assert(pkey->pkey.rsa != NULL);
- if (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)
+ if (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q) {
return 0;
+ }
break;
#endif
#ifndef NO_DSA
case EVP_PKEY_DSA4:
assert(pkey->pkey.dsa != NULL);
- if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key)
+ if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){
return 0;
+ }
break;
#endif
#ifndef NO_DH
case EVP_PKEY_DH:
assert(pkey->pkey.dh != NULL);
- if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key)
+ if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) {
return 0;
+ }
break;
#endif
default:
{
struct php_x509_request req;
zval * args = NULL;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|a!", &args) == FAILURE)
- return;
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|a!", &args) == FAILURE) {
+ return;
+ }
RETVAL_FALSE;
PHP_SSL_REQ_INIT(&req);
BIO * bio_out = NULL;
EVP_CIPHER * cipher;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) {
return;
-
+ }
RETVAL_FALSE;
key = php_openssl_evp_from_zval(&zpkey, 0, passphrase, 0, &key_resource TSRMLS_CC);
PHP_SSL_REQ_INIT(&req);
- if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS)
- {
+ if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) {
bio_out = BIO_new_file(filename, "w");
- if (passphrase && req.priv_key_encrypt)
+ if (passphrase && req.priv_key_encrypt) {
cipher = EVP_des_ede3_cbc();
- else
+ } else {
cipher = NULL;
-
+ }
if (PEM_write_bio_PrivateKey(bio_out, key, cipher, passphrase, passphrase_len, NULL, NULL)) {
/* Success!
* If returning the output as a string, do so now */
if (key_resource == -1 && key) {
EVP_PKEY_free(key);
}
- if (bio_out)
+ if (bio_out) {
BIO_free(bio_out);
+ }
}
/* }}} */
BIO * bio_out = NULL;
EVP_CIPHER * cipher;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz|s!a!", &zpkey, &out, &passphrase, &passphrase_len, &args) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz|s!a!", &zpkey, &out, &passphrase, &passphrase_len, &args) == FAILURE) {
return;
-
+ }
RETVAL_FALSE;
key = php_openssl_evp_from_zval(&zpkey, 0, passphrase, 0, &key_resource TSRMLS_CC);
PHP_SSL_REQ_INIT(&req);
- if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS)
- {
+ if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) {
bio_out = BIO_new(BIO_s_mem());
- if (passphrase && req.priv_key_encrypt)
+ if (passphrase && req.priv_key_encrypt) {
cipher = EVP_des_ede3_cbc();
- else
+ } else {
cipher = NULL;
-
+ }
if (PEM_write_bio_PrivateKey(bio_out, key, cipher, passphrase, passphrase_len, NULL, NULL)) {
/* Success!
* If returning the output as a string, do so now */
if (key_resource == -1 && key) {
EVP_PKEY_free(key);
}
- if (bio_out)
+ if (bio_out) {
BIO_free(bio_out);
+ }
}
/* }}} */
zval *cert;
EVP_PKEY *pkey;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &cert) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &cert) == FAILURE) {
return;
-
+ }
Z_TYPE_P(return_value) = IS_RESOURCE;
pkey = php_openssl_evp_from_zval(&cert, 1, NULL, 1, &Z_LVAL_P(return_value) TSRMLS_CC);
zval *key;
EVP_PKEY *pkey;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &key) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &key) == FAILURE) {
return;
-
+ }
ZEND_FETCH_RESOURCE(pkey, EVP_PKEY *, &key, -1, "OpenSSL key", le_key);
zend_list_delete(Z_LVAL_P(key));
}
char * passphrase = "";
long passphrase_len;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|s", &cert, &passphrase, &passphrase_len) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|s", &cert, &passphrase, &passphrase_len) == FAILURE) {
return;
-
+ }
Z_TYPE_P(return_value) = IS_RESOURCE;
pkey = php_openssl_evp_from_zval(&cert, 0, passphrase, 1, &Z_LVAL_P(return_value) TSRMLS_CC);
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sas", &filename, &filename_len,
&flags, &signersfilename, &signersfilename_len, &cainfo,
- &extracerts, &extracerts_len) == FAILURE)
+ &extracerts, &extracerts_len) == FAILURE) {
return;
+ }
if (extracerts) {
others = load_all_certs_from_file(extracerts);
- if (others == NULL)
+ if (others == NULL) {
goto clean_exit;
+ }
}
flags = flags & ~PKCS7_DETACHED;
store = setup_verify(cainfo TSRMLS_CC);
- if (!store)
+ if (!store) {
goto clean_exit;
-
+ }
if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
goto clean_exit;
}
in = BIO_new_file(filename, (flags & PKCS7_BINARY) ? "rb" : "r");
- if (in == NULL)
+ if (in == NULL) {
goto clean_exit;
+ }
p7 = SMIME_read_PKCS7(in, &datain);
if (p7 == NULL) {
#if DEBUG_SMIME
int i;
signers = PKCS7_get0_signers(p7, NULL, flags);
- for(i = 0; i < sk_X509_num(signers); i++)
+ for(i = 0; i < sk_X509_num(signers); i++) {
PEM_write_bio_X509(certout, sk_X509_value(signers, i));
-
+ }
BIO_free(certout);
sk_X509_free(signers);
- }
- else {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "signature OK, but cannot open %s for writing",
- signersfilename);
+ } else {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "signature OK, but cannot open %s for writing", signersfilename);
RETVAL_LONG(-1);
}
}
goto clean_exit;
- }
- else
+ } else {
RETVAL_FALSE;
+ }
clean_exit:
X509_STORE_free(store);
BIO_free(datain);
}
infile = BIO_new_file(infilename, "r");
- if (infile == NULL)
+ if (infile == NULL) {
goto clean_exit;
+ }
outfile = BIO_new_file(outfilename, "w");
- if (outfile == NULL)
+ if (outfile == NULL) {
goto clean_exit;
+ }
recipcerts = sk_X509_new_null();
long certresource;
cert = php_openssl_x509_from_zval(zcertval, 0, &certresource TSRMLS_CC);
- if (cert == NULL)
+ if (cert == NULL) {
goto clean_exit;
+ }
if (certresource != -1) {
/* we shouldn't free this particular cert, as it is a resource.
make a copy and push that on the stack instead */
cert = X509_dup(cert);
- if (cert == NULL)
+ if (cert == NULL) {
goto clean_exit;
+ }
}
sk_X509_push(recipcerts, cert);
zend_hash_move_forward_ex(HASH_OF(zrecipcerts), &hpos);
}
- }
- else {
+ } else {
/* a single certificate */
long certresource;
cert = php_openssl_x509_from_zval(&zrecipcerts, 0, &certresource TSRMLS_CC);
- if (cert == NULL)
+ if (cert == NULL) {
goto clean_exit;
+ }
if (certresource != -1) {
/* we shouldn't free this particular cert, as it is a resource.
make a copy and push that on the stack instead */
cert = X509_dup(cert);
- if (cert == NULL)
+ if (cert == NULL) {
goto clean_exit;
+ }
}
sk_X509_push(recipcerts, cert);
}
/* TODO: allow user to choose a different cipher */
cipher = EVP_rc2_40_cbc();
- if (cipher == NULL)
+ if (cipher == NULL) {
goto clean_exit;
+ }
p7 = PKCS7_encrypt(recipcerts, infile, cipher, flags);
- if (p7 == NULL)
+ if (p7 == NULL) {
goto clean_exit;
+ }
/* tack on extra headers */
if (zheaders) {
convert_to_string_ex(zcertval);
- if (strindex)
+ if (strindex) {
BIO_printf(outfile, "%s: %s\n", strindex, Z_STRVAL_PP(zcertval));
- else
+ } else {
BIO_printf(outfile, "%s\n", Z_STRVAL_PP(zcertval));
+ }
zend_hash_move_forward_ex(HASH_OF(zheaders), &hpos);
}
RETVAL_TRUE;
-
clean_exit:
PKCS7_free(p7);
BIO_free(infile);
BIO_free(outfile);
- if (recipcerts)
+ if (recipcerts) {
sk_X509_pop_free(recipcerts, X509_free);
-
+ }
}
/* }}} */
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sszza!|ls",
&infilename, &infilename_len, &outfilename, &outfilename_len,
&zcert, &zprivkey, &zheaders, &flags, &extracertsfilename,
- &extracertsfilename_len) == FAILURE)
+ &extracertsfilename_len) == FAILURE) {
return;
-
+ }
RETVAL_FALSE;
if (extracertsfilename) {
others = load_all_certs_from_file(extracertsfilename);
- if (others == NULL)
+ if (others == NULL) {
goto clean_exit;
+ }
}
privkey = php_openssl_evp_from_zval(&zprivkey, 0, "", 0, &keyresource TSRMLS_CC);
convert_to_string_ex(hval);
- if (strindex)
+ if (strindex) {
BIO_printf(outfile, "%s: %s\n", strindex, Z_STRVAL_PP(hval));
- else
+ } else {
BIO_printf(outfile, "%s\n", Z_STRVAL_PP(hval));
-
+ }
zend_hash_move_forward_ex(HASH_OF(zheaders), &hpos);
}
}
PKCS7_free(p7);
BIO_free(infile);
BIO_free(outfile);
- if (others)
+ if (others) {
sk_X509_pop_free(others, X509_free);
- if (privkey && keyresource == -1)
+ }
+ if (privkey && keyresource == -1) {
EVP_PKEY_free(privkey);
- if (cert && certresource == -1)
+ }
+ if (cert && certresource == -1) {
X509_free(cert);
+ }
}
/* }}} */
char * outfilename; long outfilename_len;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssz|z", &infilename, &infilename_len,
- &outfilename, &outfilename_len, &recipcert, &recipkey) == FAILURE)
+ &outfilename, &outfilename_len, &recipcert, &recipkey) == FAILURE) {
return;
+ }
RETVAL_FALSE;
p7 = SMIME_read_PKCS7(in, &datain);
- if (p7 == NULL)
+ if (p7 == NULL) {
goto clean_exit;
-
- if (PKCS7_decrypt(p7, key, cert, out, PKCS7_DETACHED))
+ }
+ if (PKCS7_decrypt(p7, key, cert, out, PKCS7_DETACHED)) {
RETVAL_TRUE;
-
+ }
clean_exit:
PKCS7_free(p7);
BIO_free(datain);
BIO_free(in);
BIO_free(out);
- if (cert && certresval == -1)
+ if (cert && certresval == -1) {
X509_free(cert);
- if (key && keyresval == -1)
+ }
+ if (key && keyresval == -1) {
EVP_PKEY_free(key);
+ }
}
/* }}} */
char * data;
long data_len, padding = RSA_PKCS1_PADDING;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz|l", &data, &data_len, &crypted, &key, &padding) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz|l", &data, &data_len, &crypted, &key, &padding) == FAILURE) {
return;
-
+ }
RETVAL_FALSE;
pkey = php_openssl_evp_from_zval(&key, 0, "", 0, &keyresource TSRMLS_CC);
cryptedbuf = NULL;
RETVAL_TRUE;
}
- if (cryptedbuf)
+ if (cryptedbuf) {
efree(cryptedbuf);
- if (keyresource == -1)
+ }
+ if (keyresource == -1) {
EVP_PKEY_free(pkey);
+ }
}
/* }}} */
char * data;
long data_len;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz|l", &data, &data_len, &crypted, &key, &padding) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz|l", &data, &data_len, &crypted, &key, &padding) == FAILURE) {
return;
-
+ }
RETVAL_FALSE;
pkey = php_openssl_evp_from_zval(&key, 0, "", 0, &keyresource TSRMLS_CC);
RETVAL_TRUE;
}
- if (keyresource == -1)
+ if (keyresource == -1) {
EVP_PKEY_free(pkey);
- if (cryptedbuf)
+ }
+ if (cryptedbuf) {
efree(cryptedbuf);
+ }
}
/* }}} */
cryptedbuf = NULL;
RETVAL_TRUE;
}
- if (keyresource == -1)
+ if (keyresource == -1) {
EVP_PKEY_free(pkey);
- if (cryptedbuf)
+ }
+ if (cryptedbuf) {
efree(cryptedbuf);
+ }
}
/* }}} */
char * data;
long data_len;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz|l", &data, &data_len, &crypted, &key, &padding) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz|l", &data, &data_len, &crypted, &key, &padding) == FAILURE) {
return;
-
+ }
RETVAL_FALSE;
pkey = php_openssl_evp_from_zval(&key, 1, NULL, 0, &keyresource TSRMLS_CC);
RETVAL_TRUE;
}
- if (cryptedbuf)
+ if (cryptedbuf) {
efree(cryptedbuf);
- if (keyresource == -1)
+ }
+ if (keyresource == -1) {
EVP_PKEY_free(pkey);
+ }
}
/* }}} */
}
val = ERR_get_error();
- if (val)
- {
+ if (val) {
RETURN_STRING(ERR_error_string(val, buf), 1);
- }
- else
- {
+ } else {
RETURN_FALSE;
}
}
char * data; long data_len;
EVP_MD_CTX md_ctx;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz", &data, &data_len, &signature, &key) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz", &data, &data_len, &signature, &key) == FAILURE) {
return;
-
+ }
pkey = php_openssl_evp_from_zval(&key, 0, "", 0, &keyresource TSRMLS_CC);
if (pkey == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "supplied key param cannot be coerced into a private key");
efree(sigbuf);
RETVAL_FALSE;
}
- if (keyresource == -1)
+ if (keyresource == -1) {
EVP_PKEY_free(pkey);
+ }
}
/* }}} */
char * data; long data_len;
char * signature; long signature_len;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssz", &data, &data_len,
- &signature, &signature_len, &key) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssz", &data, &data_len, &signature, &signature_len, &key) == FAILURE) {
return;
+ }
pkey = php_openssl_evp_from_zval(&key, 1, NULL, 0, &keyresource TSRMLS_CC);
if (pkey == NULL) {
EVP_VerifyUpdate (&md_ctx, data, data_len);
err = EVP_VerifyFinal (&md_ctx, signature, signature_len, pkey);
- if (keyresource == -1)
+ if (keyresource == -1) {
EVP_PKEY_free(pkey);
-
+ }
RETURN_LONG(err);
}
/* }}} */
char * data; long data_len;
EVP_CIPHER_CTX ctx;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/",
- &data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/", &data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE) {
return;
+ }
pubkeysht = HASH_OF(pubkeys);
nkeys = pubkeysht ? zend_hash_num_elements(pubkeysht) : 0;
if (!nkeys) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING,
- "Fourth argument to openssl_seal() must be a non-empty array");
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Fourth argument to openssl_seal() must be a non-empty array");
RETURN_FALSE;
}
i++;
}
-#if OPENSSL_VERSION_NUMBER >= 0x0090600fL
if (!EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL)) {
RETVAL_FALSE;
goto clean_exit;
}
-#else
- EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL);
-#endif
#if 0
/* Need this if allow ciphers that require initialization vector */
/* allocate one byte extra to make room for \0 */
buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
- if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys)
-#if OPENSSL_VERSION_NUMBER >= 0x0090600fL
- || !EVP_SealUpdate(&ctx, buf, &len1, data, data_len)
-#endif
- )
- {
+ if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, data, data_len)) {
RETVAL_FALSE;
efree(buf);
goto clean_exit;
-
}
-#if OPENSSL_VERSION_NUMBER < 0x0090600fL
- EVP_SealUpdate(&ctx, buf, &len1, data, data_len);
-#endif
EVP_SealFinal(&ctx, buf + len1, &len2);
if (len1 + len2 > 0) {
ZVAL_EMPTY_STRING(*ivec);
}
#endif
- }
- else
+ } else {
efree(buf);
-
+ }
RETVAL_LONG(len1 + len2);
clean_exit:
for (i=0; i<nkeys; i++) {
- if (key_resources[i] == -1)
+ if (key_resources[i] == -1) {
EVP_PKEY_free(pkeys[i]);
- if (eks[i])
+ }
+ if (eks[i]) {
efree(eks[i]);
+ }
}
efree(eks);
efree(eksl);
char * data; long data_len;
char * ekey; long ekey_len;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szsz", &data, &data_len,
- &opendata, &ekey, &ekey_len, &privkey) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szsz", &data, &data_len, &opendata, &ekey, &ekey_len, &privkey) == FAILURE) {
return;
+ }
pkey = php_openssl_evp_from_zval(&privkey, 0, "", 0, &keyresource TSRMLS_CC);
if (pkey == NULL) {
}
buf = emalloc(data_len + 1);
- if (EVP_OpenInit(&ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey)
-#if OPENSSL_VERSION_NUMBER >= 0x0090600fL
- && EVP_OpenUpdate(&ctx, buf, &len1, data, data_len)
-#endif
- ) {
-#if OPENSSL_VERSION_NUMBER < 0x0090600fL
- EVP_OpenUpdate(&ctx, buf, &len1, data, data_len);
-#endif
- if (!EVP_OpenFinal(&ctx, buf + len1, &len2) ||
- (len1 + len2 == 0)) {
+ if (EVP_OpenInit(&ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, data, data_len)) {
+ if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) {
efree(buf);
- if (keyresource == -1)
+ if (keyresource == -1) {
EVP_PKEY_free(pkey);
+ }
RETURN_FALSE;
}
} else {
efree(buf);
- if (keyresource == -1)
+ if (keyresource == -1) {
EVP_PKEY_free(pkey);
-
+ }
RETURN_FALSE;
}
- if (keyresource == -1)
+ if (keyresource == -1) {
EVP_PKEY_free(pkey);
-
+ }
zval_dtor(opendata);
buf[len1 + len2] = '\0';
ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
projects / php / commitdiff