From 5f36ce398eae0798159bca147d455a936428e7df Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Sat, 4 Jan 2003 23:31:55 +0000 Subject: [PATCH] CS fixes. --- ext/openssl/openssl.c | 752 +++++++++++++++++++++--------------------- 1 file changed, 377 insertions(+), 375 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 377191a2c9..a97961e954 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -218,15 +218,14 @@ static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int s array_init(subitem); for (i = 0; i < X509_NAME_entry_count(name); i++) { - ne = X509_NAME_get_entry(name, i); + ne = X509_NAME_get_entry(name, i); obj = X509_NAME_ENTRY_get_object(ne); str = X509_NAME_ENTRY_get_data(ne); nid = OBJ_obj2nid(obj); if (shortname) { sn = (char*)OBJ_nid2sn(nid); add_assoc_stringl(subitem, sn, str->data, str->length, 1); - } - else { + } else { ln = (char*)OBJ_nid2ln(nid); add_assoc_stringl(subitem, ln, str->data, str->length, 1); } @@ -261,7 +260,6 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) strbuf = estrdup(timestr->data); - memset(&thetime, 0, sizeof(thetime)); /* we work backwards so that we can use atoi more easily */ @@ -336,9 +334,9 @@ static int add_oid_section(struct php_x509_request * req TSRMLS_DC) int i; str = CONF_get_string(req->req_config, NULL, "oid_section"); - if (str == NULL) + if (str == NULL) { return SUCCESS; - + } sktmp = CONF_get_section(req->req_config, str); if (sktmp == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "problem loading oid section %s", str); @@ -347,8 +345,7 @@ static int add_oid_section(struct php_x509_request * req TSRMLS_DC) for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { cnf = sk_CONF_VALUE_value(sktmp, i); if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "problem creating object %s=%s", - cnf->name, cnf->value); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "problem creating object %s=%s", cnf->name, cnf->value); return FAILURE; } } @@ -390,9 +387,9 @@ static int php_openssl_parse_config( req->global_config = CONF_load(NULL, default_ssl_conf_filename, NULL); req->req_config = CONF_load(NULL, req->config_filename, NULL); - if (req->req_config == NULL) + if (req->req_config == NULL) { return FAILURE; - + } /* read in the oids */ str = CONF_get_string(req->req_config, NULL, "oid_file"); @@ -403,9 +400,9 @@ static int php_openssl_parse_config( BIO_free(oid_bio); } } - if (add_oid_section(req TSRMLS_CC) == FAILURE) + if (add_oid_section(req TSRMLS_CC) == FAILURE) { return FAILURE; - + } SET_OPTIONAL_STRING_ARG("digest_alg", req->digest_name, CONF_get_string(req->req_config, req->section_name, "default_md")); SET_OPTIONAL_STRING_ARG("x509_extensions", req->extensions_section, @@ -419,25 +416,28 @@ static int php_openssl_parse_config( if (optional_args && zend_hash_find(Z_ARRVAL_P(optional_args), "encrypt_key", sizeof("encrypt_key"), (void**)&item) == SUCCESS) { req->priv_key_encrypt = Z_BVAL_PP(item); - } - else { + } else { str = CONF_get_string(req->req_config, req->section_name, "encrypt_rsa_key"); - if (str == NULL) + if (str == NULL) { str = CONF_get_string(req->req_config, req->section_name, "encrypt_key"); - if (str && strcmp(str, "no") == 0) + } + if (str && strcmp(str, "no") == 0) { req->priv_key_encrypt = 0; - else + } else { req->priv_key_encrypt = 1; + } } - /* digest alg */ - if (req->digest_name == NULL) + if (req->digest_name == NULL) { req->digest_name = CONF_get_string(req->req_config, req->section_name, "default_md"); - if (req->digest_name) + } + if (req->digest_name) { req->digest = req->md_alg = EVP_get_digestbyname(req->digest_name); - if (req->md_alg == NULL) + } + if (req->md_alg == NULL) { req->md_alg = req->digest = EVP_md5(); + } PHP_SSL_CONFIG_SYNTAX_CHECK(extensions_section); @@ -448,9 +448,9 @@ static int php_openssl_parse_config( return FAILURE; } - if (req->request_extensions_section == NULL) + if (req->request_extensions_section == NULL) { req->request_extensions_section = CONF_get_string(req->req_config, req->section_name, "req_extensions"); - + } PHP_SSL_CONFIG_SYNTAX_CHECK(request_extensions_section); return SUCCESS; @@ -484,9 +484,9 @@ static int php_openssl_load_rand_file(const char * file, int *egdsocket, int *se #ifdef WINDOWS RAND_screen(); #endif - if (file == NULL) + if (file == NULL) { file = RAND_file_name(buffer, sizeof(buffer)); - else if (RAND_egd(file) > 0) { + } else if (RAND_egd(file) > 0) { /* if the given filename is an EGD socket, don't * write anything back to it */ *egdsocket = 1; @@ -514,8 +514,9 @@ static int php_openssl_write_rand_file(const char * file, int egdsocket, int see * a low-entropy seed file back */ return FAILURE; } - if (file == NULL) + if (file == NULL) { file = RAND_file_name(buffer, sizeof(buffer)); + } if (file == NULL || !RAND_write_file(file)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to write random state"); return FAILURE; @@ -564,43 +565,32 @@ PHP_MINIT_FUNCTION(openssl) REGISTER_LONG_CONSTANT("PKCS7_BINARY", PKCS7_BINARY, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", - RSA_PKCS1_PADDING, - CONST_CS|CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", - RSA_SSLV23_PADDING, - CONST_CS|CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", - RSA_NO_PADDING, - CONST_CS|CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", - RSA_PKCS1_OAEP_PADDING, - CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT); /* Values for key types */ - REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_RSA", - OPENSSL_KEYTYPE_RSA, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_RSA", OPENSSL_KEYTYPE_RSA, CONST_CS|CONST_PERSISTENT); #ifndef NO_DSA - REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_DSA", - OPENSSL_KEYTYPE_DSA, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_DSA", OPENSSL_KEYTYPE_DSA, CONST_CS|CONST_PERSISTENT); #endif - REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_DH", - OPENSSL_KEYTYPE_DH, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_DH", OPENSSL_KEYTYPE_DH, CONST_CS|CONST_PERSISTENT); /* Determine default SSL configuration file */ config_filename = getenv("OPENSSL_CONF"); - if (config_filename == NULL) + if (config_filename == NULL) { config_filename = getenv("SSLEAY_CONF"); + } /* default to 'openssl.cnf' if no environment variable is set */ if (config_filename == NULL) { snprintf(default_ssl_conf_filename, sizeof(default_ssl_conf_filename), "%s/%s", X509_get_default_cert_area(), "openssl.cnf"); + } else { + strlcpy(default_ssl_conf_filename, config_filename, sizeof(default_ssl_conf_filename)); } - else - strncpy(default_ssl_conf_filename, config_filename, sizeof(default_ssl_conf_filename)); - return SUCCESS; } /* }}} */ @@ -640,25 +630,25 @@ static X509 * php_openssl_x509_from_zval(zval ** val, int makeresource, long * r { X509 *cert = NULL; - if (resourceval) + if (resourceval) { *resourceval = -1; - + } if (Z_TYPE_PP(val) == IS_RESOURCE) { /* is it an x509 resource ? */ void * what; int type; what = zend_fetch_resource(val TSRMLS_CC, -1, "OpenSSL X.509", &type, 1, le_x509); - if (!what) + if (!what) { return NULL; - + } /* this is so callers can decide if they should free the X509 */ - if (resourceval) + if (resourceval) { *resourceval = Z_LVAL_PP(val); - - if (type == le_x509) + } + if (type == le_x509) { return (X509*)what; - + } /* other types could be used here - eg: file pointers and read in the data from them */ return NULL; @@ -666,31 +656,28 @@ static X509 * php_openssl_x509_from_zval(zval ** val, int makeresource, long * r /* force it to be a string and check if it refers to a file */ convert_to_string_ex(val); - if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", 7) == 0) { + if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", sizeof("file://") - 1) == 0) { /* read cert from the named file */ BIO *in; - if (php_openssl_safe_mode_chk(Z_STRVAL_PP(val) + 7 TSRMLS_CC)) { + if (php_openssl_safe_mode_chk(Z_STRVAL_PP(val) + (sizeof("file://") - 1) TSRMLS_CC)) { return NULL; } - in = BIO_new_file(Z_STRVAL_PP(val) + 7, "r"); - if (in == NULL) + in = BIO_new_file(Z_STRVAL_PP(val) + (sizeof("file://") - 1), "r"); + if (in == NULL) { return NULL; + } cert = PEM_read_bio_X509(in, NULL, NULL, NULL); BIO_free(in); - - } - else { + } else { BIO *in; in = BIO_new_mem_buf(Z_STRVAL_PP(val), Z_STRLEN_PP(val)); - if (in == NULL) + if (in == NULL) { return NULL; - - cert = (X509 *) PEM_ASN1_read_bio((char *(*)())d2i_X509, - PEM_STRING_X509, in, - NULL, NULL, NULL); + } + cert = (X509 *) PEM_ASN1_read_bio((char *(*)())d2i_X509, PEM_STRING_X509, in, NULL, NULL, NULL); BIO_free(in); } @@ -714,9 +701,9 @@ PHP_FUNCTION(openssl_x509_export_to_file) char * filename; long filename_len; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|b", &zcert, &filename, &filename_len, ¬ext) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|b", &zcert, &filename, &filename_len, ¬ext) == FAILURE) { return; - + } RETVAL_FALSE; cert = php_openssl_x509_from_zval(&zcert, 0, &certresource TSRMLS_CC); @@ -731,20 +718,19 @@ PHP_FUNCTION(openssl_x509_export_to_file) bio_out = BIO_new_file(filename, "w"); if (bio_out) { - if (!notext) + if (!notext) { X509_print(bio_out, cert); + } PEM_write_bio_X509(bio_out, cert); RETVAL_TRUE; - } - else + } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "error opening file %s", filename); - - if (certresource == -1 && cert) + } + if (certresource == -1 && cert) { X509_free(cert); - + } BIO_free(bio_out); - } /* }}} */ @@ -760,10 +746,9 @@ PHP_FUNCTION(openssl_x509_export) char * bio_mem_ptr; long bio_mem_len; - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rz|b", &zcert, &zout, ¬ext) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rz|b", &zcert, &zout, ¬ext) == FAILURE) { return; - + } RETVAL_FALSE; cert = php_openssl_x509_from_zval(&zcert, 0, &certresource TSRMLS_CC); @@ -773,8 +758,9 @@ PHP_FUNCTION(openssl_x509_export) } bio_out = BIO_new(BIO_s_mem()); - if (!notext) + if (!notext) { X509_print(bio_out, cert); + } PEM_write_bio_X509(bio_out, cert); bio_mem_len = BIO_get_mem_data(bio_out, &bio_mem_ptr); @@ -782,11 +768,10 @@ PHP_FUNCTION(openssl_x509_export) RETVAL_TRUE; - if (certresource == -1 && cert) + if (certresource == -1 && cert) { X509_free(cert); - + } BIO_free(bio_out); - } /* }}} */ @@ -801,22 +786,24 @@ PHP_FUNCTION(openssl_x509_check_private_key) RETVAL_FALSE; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &zcert, &zkey) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &zcert, &zkey) == FAILURE) { return; - + } cert = php_openssl_x509_from_zval(&zcert, 0, &certresource TSRMLS_CC); - if (cert == NULL) + if (cert == NULL) { RETURN_FALSE; - + } key = php_openssl_evp_from_zval(&zkey, 0, "", 1, &keyresource TSRMLS_CC); if (key) { RETVAL_BOOL(X509_check_private_key(cert, key)); } - if (keyresource == -1 && key) + if (keyresource == -1 && key) { EVP_PKEY_free(key); - if (certresource == -1 && cert) + } + if (certresource == -1 && cert) { X509_free(cert); + } } /* }}} */ @@ -832,17 +819,18 @@ PHP_FUNCTION(openssl_x509_parse) char * tmpstr; zval * subitem; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|b", &zcert, &useshortnames) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|b", &zcert, &useshortnames) == FAILURE) { return; - + } cert = php_openssl_x509_from_zval(&zcert, 0, &certresource TSRMLS_CC); - if (cert == NULL) + if (cert == NULL) { RETURN_FALSE; - + } array_init(return_value); - if (cert->name) + if (cert->name) { add_assoc_string(return_value, "name", cert->name, 1); + } /* add_assoc_bool(return_value, "valid", cert->valid); */ add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC); @@ -864,9 +852,9 @@ PHP_FUNCTION(openssl_x509_parse) add_assoc_long(return_value, "validTo_time_t", asn1_time_to_time_t(X509_get_notAfter(cert) TSRMLS_CC)); tmpstr = X509_alias_get0(cert, NULL); - if (tmpstr) + if (tmpstr) { add_assoc_string(return_value, "alias", tmpstr, 1); - + } /* add_assoc_long(return_value, "signaturetypeLONG", X509_get_signature_type(cert)); add_assoc_string(return_value, "signaturetype", OBJ_nid2sn(X509_get_signature_type(cert)), 1); @@ -904,20 +892,20 @@ PHP_FUNCTION(openssl_x509_parse) } add_assoc_zval(return_value, "purposes", subitem); - if (certresource == -1 && cert) + if (certresource == -1 && cert) { X509_free(cert); - + } } /* }}} */ /* {{{ load_all_certs_from_file */ static STACK_OF(X509) * load_all_certs_from_file(char *certfile) { - STACK_OF(X509_INFO) *sk=NULL; - STACK_OF(X509) *stack=NULL, *ret=NULL; - BIO *in=NULL; - X509_INFO *xi; - TSRMLS_FETCH(); + STACK_OF(X509_INFO) *sk=NULL; + STACK_OF(X509) *stack=NULL, *ret=NULL; + BIO *in=NULL; + X509_INFO *xi; + TSRMLS_FETCH(); if(!(stack = sk_X509_new_null())) { php_error_docref(NULL TSRMLS_CC, E_ERROR, "memory allocation failure"); @@ -940,11 +928,9 @@ static STACK_OF(X509) * load_all_certs_from_file(char *certfile) } /* scan over it and pull out the certs */ - while (sk_X509_INFO_num(sk)) - { + while (sk_X509_INFO_num(sk)) { xi=sk_X509_INFO_shift(sk); - if (xi->x509 != NULL) - { + if (xi->x509 != NULL) { sk_X509_push(stack,xi->x509); xi->x509=NULL; } @@ -972,16 +958,15 @@ static int check_cert(X509_STORE *ctx, X509 *x, STACK_OF(X509) *untrustedchain, TSRMLS_FETCH(); csc = X509_STORE_CTX_new(); - if (csc == NULL) - { + if (csc == NULL) { php_error_docref(NULL TSRMLS_CC, E_ERROR, "memory allocation failure"); return 0; } X509_STORE_CTX_init(csc, ctx, x, untrustedchain); - if(purpose >= 0) + if(purpose >= 0) { X509_STORE_CTX_set_purpose(csc, purpose); - + } ret = X509_verify_cert(csc); X509_STORE_CTX_free(csc); @@ -1003,34 +988,39 @@ PHP_FUNCTION(openssl_x509_checkpurpose) long untrusted_len; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zl|a!s", &zcert, &purpose, &zcainfo, &untrusted, &untrusted_len) - == FAILURE) + == FAILURE) { return; + } RETVAL_LONG(-1); if (untrusted) { untrustedchain = load_all_certs_from_file(untrusted); - if (untrustedchain == NULL) + if (untrustedchain == NULL) { goto clean_exit; + } } cainfo = setup_verify(zcainfo TSRMLS_CC); - if (cainfo == NULL) + if (cainfo == NULL) { goto clean_exit; - + } cert = php_openssl_x509_from_zval(&zcert, 0, &certresource TSRMLS_CC); - if (cert == NULL) + if (cert == NULL) { goto clean_exit; - + } RETVAL_LONG(check_cert(cainfo, cert, untrustedchain, purpose)); clean_exit: - if (certresource == 1 && cert) + if (certresource == 1 && cert) { X509_free(cert); - if (cainfo) - X509_STORE_free(cainfo); - if (untrustedchain) + } + if (cainfo) { + X509_STORE_free(cainfo); + } + if (untrustedchain) { sk_X509_pop_free(untrustedchain, X509_free); + } } /* }}} */ @@ -1047,8 +1037,9 @@ static X509_STORE * setup_verify(zval * calist TSRMLS_DC) store = X509_STORE_new(); - if (store == NULL) + if (store == NULL) { return NULL; + } if (calist && (Z_TYPE_P(calist) == IS_ARRAY)) { zend_hash_internal_pointer_reset_ex(HASH_OF(calist), &pos); @@ -1056,9 +1047,9 @@ static X509_STORE * setup_verify(zval * calist TSRMLS_DC) zval ** item; struct stat sb; - if (zend_hash_get_current_data_ex(HASH_OF(calist), (void**)&item, &pos) == FAILURE) + if (zend_hash_get_current_data_ex(HASH_OF(calist), (void**)&item, &pos) == FAILURE) { break; - + } convert_to_string_ex(item); if (VCWD_STAT(Z_STRVAL_PP(item), &sb) == -1) { @@ -1068,31 +1059,34 @@ static X509_STORE * setup_verify(zval * calist TSRMLS_DC) if ((sb.st_mode & S_IFREG) == S_IFREG) { file_lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); - if (file_lookup == NULL || !X509_LOOKUP_load_file(file_lookup, Z_STRVAL_PP(item), X509_FILETYPE_PEM)) + if (file_lookup == NULL || !X509_LOOKUP_load_file(file_lookup, Z_STRVAL_PP(item), X509_FILETYPE_PEM)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "error loading file %s", Z_STRVAL_PP(item)); - else + } else { nfiles++; + } file_lookup = NULL; - } - else { + } else { dir_lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); - if (dir_lookup == NULL || !X509_LOOKUP_add_dir(dir_lookup, Z_STRVAL_PP(item), X509_FILETYPE_PEM)) + if (dir_lookup == NULL || !X509_LOOKUP_add_dir(dir_lookup, Z_STRVAL_PP(item), X509_FILETYPE_PEM)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "error loading directory %s", Z_STRVAL_PP(item)); - else + } else { ndirs++; + } dir_lookup = NULL; } } } if (nfiles == 0) { file_lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); - if (file_lookup) + if (file_lookup) { X509_LOOKUP_load_file(file_lookup, NULL, X509_FILETYPE_DEFAULT); + } } if (ndirs == 0) { dir_lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); - if (dir_lookup) + if (dir_lookup) { X509_LOOKUP_add_dir(dir_lookup, NULL, X509_FILETYPE_DEFAULT); + } } return store; } @@ -1105,9 +1099,9 @@ PHP_FUNCTION(openssl_x509_read) zval *cert; X509 *x509; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &cert) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &cert) == FAILURE) { return; - + } Z_TYPE_P(return_value) = IS_RESOURCE; x509 = php_openssl_x509_from_zval(&cert, 1, &Z_LVAL_P(return_value) TSRMLS_CC); @@ -1125,9 +1119,9 @@ PHP_FUNCTION(openssl_x509_free) zval *x509; X509 *cert; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &x509) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &x509) == FAILURE) { return; - + } ZEND_FETCH_RESOURCE(cert, X509 *, &x509, -1, "OpenSSL X.509", le_x509); zend_list_delete(Z_LVAL_P(x509)); } @@ -1144,18 +1138,21 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z char * str, *dn_sect, *attr_sect; dn_sect = CONF_get_string(req->req_config, req->section_name, "distinguished_name"); - if (dn_sect == NULL) + if (dn_sect == NULL) { return FAILURE; + } dn_sk = CONF_get_section(req->req_config, dn_sect); - if (dn_sk == NULL) + if (dn_sk == NULL) { return FAILURE; + } attr_sect = CONF_get_string(req->req_config, req->section_name, "attributes"); - if (attr_sect == NULL) + if (attr_sect == NULL) { attr_sk = NULL; - else { + } else { attr_sk = CONF_get_section(req->req_config, attr_sect); - if (attr_sk == NULL) + if (attr_sk == NULL) { return FAILURE; + } } /* setup the version number: version 1 */ if (X509_REQ_set_version(csr, 0L)) { @@ -1182,7 +1179,7 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z nid = OBJ_txt2nid(strindex); if (nid != NID_undef) { - if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_ASC, + if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_ASC, (unsigned char*)Z_STRVAL_PP(item), -1, -1, 0)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "dn: add_entry_by_NID %d -> %s (failed)", nid, Z_STRVAL_PP(item)); @@ -1204,8 +1201,9 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z type = v->name; len = strlen(type); - if (len < sizeof("_default")) + if (len < sizeof("_default")) { continue; + } len -= sizeof("_default") - 1; if (strcmp("_default", type + len) != 0) { continue; @@ -1220,18 +1218,18 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z for (str = type; *str; str++) { if (*str == ':' || *str == ',' || *str == '.') { str++; - if (*str) + if (*str) { type = str; + } break; } } /* if it is already set, skip this */ nid = OBJ_txt2nid(type); - if (X509_NAME_get_index_by_NID(subj, nid, -1) >= 0) + if (X509_NAME_get_index_by_NID(subj, nid, -1) >= 0) { continue; - zend_printf("%s not already set; using default of %s\n", type, v->value); - if (!X509_NAME_add_entry_by_txt(subj, type, MBSTRING_ASC, (unsigned char*)v->value, -1, -1, 0)) - { + } + if (!X509_NAME_add_entry_by_txt(subj, type, MBSTRING_ASC, (unsigned char*)v->value, -1, -1, 0)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "add_entry_by_txt %s -> %s (failed)", type, v->value); return FAILURE; } @@ -1254,9 +1252,7 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z nid = OBJ_txt2nid(strindex); if (nid != NID_undef) { - if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_ASC, - (unsigned char*)Z_STRVAL_PP(item), -1, -1, 0)) - { + if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_ASC, (unsigned char*)Z_STRVAL_PP(item), -1, -1, 0)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "attribs: add_entry_by_NID %d -> %s (failed)", nid, Z_STRVAL_PP(item)); return FAILURE; } @@ -1270,17 +1266,14 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z v = sk_CONF_VALUE_value(attr_sk, i); /* if it is already set, skip this */ nid = OBJ_txt2nid(v->name); - if (X509_REQ_get_attr_by_NID(csr, nid, -1) >= 0) + if (X509_REQ_get_attr_by_NID(csr, nid, -1) >= 0) { continue; - - if (!X509_REQ_add1_attr_by_txt(csr, v->name, MBSTRING_ASC, - (unsigned char*)v->value, -1)) - { + } + if (!X509_REQ_add1_attr_by_txt(csr, v->name, MBSTRING_ASC, (unsigned char*)v->value, -1)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "add1_attr_by_txt %s -> %s (failed)", v->name, v->value); return FAILURE; } } - } } @@ -1296,17 +1289,18 @@ static X509_REQ * php_openssl_csr_from_zval(zval ** val, int makeresource, long char * filename = NULL; BIO * in; - if (resourceval) + if (resourceval) { *resourceval = -1; - + } if (Z_TYPE_PP(val) == IS_RESOURCE) { void * what; int type; what = zend_fetch_resource(val TSRMLS_CC, -1, "OpenSSL X.509 CSR", &type, 1, le_csr); if (what) { - if (resourceval) + if (resourceval) { *resourceval = Z_LVAL_PP(val); + } return (X509_REQ*)what; } return NULL; @@ -1314,18 +1308,17 @@ static X509_REQ * php_openssl_csr_from_zval(zval ** val, int makeresource, long return NULL; } - if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", 7) == 0) - filename = Z_STRVAL_PP(val) + 7; - + if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", sizeof("file://") - 1) == 0) { + filename = Z_STRVAL_PP(val) + (sizeof("file://") - 1); + } if (filename) { if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { return NULL; } in = BIO_new_file(filename, "r"); - } - else + } else { in = BIO_new_mem_buf(Z_STRVAL_PP(val), Z_STRLEN_PP(val)); - + } csr = PEM_read_bio_X509_REQ(in, NULL,NULL,NULL); BIO_free(in); @@ -1344,9 +1337,9 @@ PHP_FUNCTION(openssl_csr_export_to_file) BIO * bio_out; long csr_resource; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|b", &zcsr, &filename, &filename_len, ¬ext) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|b", &zcsr, &filename, &filename_len, ¬ext) == FAILURE) { return; - + } RETVAL_FALSE; csr = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC); @@ -1361,17 +1354,18 @@ PHP_FUNCTION(openssl_csr_export_to_file) bio_out = BIO_new_file(filename, "w"); if (bio_out) { - if (!notext) + if (!notext) { X509_REQ_print(bio_out, csr); + } PEM_write_bio_X509_REQ(bio_out, csr); RETVAL_TRUE; } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "error opening file %s", filename); } - if (csr_resource == -1 && csr) + if (csr_resource == -1 && csr) { X509_REQ_free(csr); - + } BIO_free(bio_out); } /* }}} */ @@ -1390,9 +1384,9 @@ PHP_FUNCTION(openssl_csr_export) char * bio_mem_ptr; long bio_mem_len; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rz|b", &zcsr, &zout, ¬ext) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rz|b", &zcsr, &zout, ¬ext) == FAILURE) { return; - + } RETVAL_FALSE; csr = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC); @@ -1404,8 +1398,9 @@ PHP_FUNCTION(openssl_csr_export) /* export to a var */ bio_out = BIO_new(BIO_s_mem()); - if (!notext) + if (!notext) { X509_REQ_print(bio_out, csr); + } PEM_write_bio_X509_REQ(bio_out, csr); bio_mem_len = BIO_get_mem_data(bio_out, &bio_mem_ptr); @@ -1413,9 +1408,9 @@ PHP_FUNCTION(openssl_csr_export) RETVAL_TRUE; - if (csr_resource == -1 && csr) + if (csr_resource == -1 && csr) { X509_REQ_free(csr); - + } BIO_free(bio_out); } /* }}} */ @@ -1461,9 +1456,9 @@ PHP_FUNCTION(openssl_csr_sign) goto cleanup; } - if (PHP_SSL_REQ_PARSE(&req, args) == FAILURE) + if (PHP_SSL_REQ_PARSE(&req, args) == FAILURE) { goto cleanup; - + } /* Check that the request matches the signature */ key = X509_REQ_get_pubkey(csr); if (key == NULL) { @@ -1476,7 +1471,7 @@ PHP_FUNCTION(openssl_csr_sign) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Signature verification problems"); goto cleanup; } - else if (i==0) { + else if (i == 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Signature did not match the certificate request"); goto cleanup; } @@ -1497,25 +1492,26 @@ PHP_FUNCTION(openssl_csr_sign) X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr)); - if (cert == NULL) + if (cert == NULL) { cert = new_cert; - - if (!X509_set_issuer_name(new_cert, X509_get_subject_name(cert))) + } + if (!X509_set_issuer_name(new_cert, X509_get_subject_name(cert))) { goto cleanup; - + } X509_gmtime_adj(X509_get_notBefore(new_cert), 0); X509_gmtime_adj(X509_get_notAfter(new_cert), (long)60*60*24*num_days); i = X509_set_pubkey(new_cert, key); - if (!i) + if (!i) { goto cleanup; - + } if (req.request_extensions_section) { X509V3_CTX ctx; X509V3_set_ctx(&ctx, cert, new_cert, csr, NULL, 0); X509V3_set_conf_lhash(&ctx, req.req_config); - if (!X509V3_EXT_add_conf(req.req_config, &ctx, req.request_extensions_section, new_cert)) + if (!X509V3_EXT_add_conf(req.req_config, &ctx, req.request_extensions_section, new_cert)) { goto cleanup; + } } /* Now sign it */ @@ -1530,21 +1526,26 @@ PHP_FUNCTION(openssl_csr_sign) cleanup: - if (cert == new_cert) + if (cert == new_cert) { cert = NULL; - + } PHP_SSL_REQ_DISPOSE(&req); - if (keyresource == -1 && priv_key) + if (keyresource == -1 && priv_key) { EVP_PKEY_free(priv_key); - if (key) + } + if (key) { EVP_PKEY_free(key); - if (csr_resource == -1 && csr) + } + if (csr_resource == -1 && csr) { X509_REQ_free(csr); - if (certresource == -1 && cert) + } + if (certresource == -1 && cert) { X509_free(cert); - if (new_cert) + } + if (new_cert) { X509_free(new_cert); + } } /* }}} */ @@ -1559,26 +1560,27 @@ PHP_FUNCTION(openssl_csr_new) int we_made_the_key = 1; long key_resource; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "az|a!a!", &dn, &out_pkey, &args, &attribs) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "az|a!a!", &dn, &out_pkey, &args, &attribs) == FAILURE) { return; - + } RETVAL_FALSE; PHP_SSL_REQ_INIT(&req); - if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) - { + if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) { /* Generate or use a private key */ if (Z_TYPE_P(out_pkey) != IS_NULL) { req.priv_key = php_openssl_evp_from_zval(&out_pkey, 0, NULL, 0, &key_resource TSRMLS_CC); - if (req.priv_key != NULL) + if (req.priv_key != NULL) { we_made_the_key = 0; + } } - if (req.priv_key == NULL) + if (req.priv_key == NULL) { php_openssl_generate_private_key(&req TSRMLS_CC); - if (req.priv_key == NULL) + } + if (req.priv_key == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to generate a private key"); - else { + } else { csr = X509_REQ_new(); if (csr) { if (php_openssl_make_REQ(&req, csr, dn, attribs TSRMLS_CC) == SUCCESS) { @@ -1592,12 +1594,10 @@ PHP_FUNCTION(openssl_csr_new) &ext_ctx, req.request_extensions_section, csr)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error loading extension section %s", req.request_extensions_section); - } - else { + } else { RETVAL_TRUE; if (X509_REQ_sign(csr, req.priv_key, req.digest)) { - RETVAL_RESOURCE(zend_list_insert(csr, le_csr)); csr = NULL; } else { @@ -1607,16 +1607,17 @@ PHP_FUNCTION(openssl_csr_new) if (we_made_the_key) { /* and a resource for the private key */ ZVAL_RESOURCE(out_pkey, zend_list_insert(req.priv_key, le_key)); - } - else if (key_resource != -1) + } else if (key_resource != -1) { req.priv_key = NULL; /* make sure the cleanup code doesn't zap it! */ + } } } } } } - if (csr) + if (csr) { X509_REQ_free(csr); + } PHP_SSL_REQ_DISPOSE(&req); } /* }}} */ @@ -1646,9 +1647,9 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char * long cert_res = -1; char * filename = NULL; - if (resourceval) + if (resourceval) { *resourceval = -1; - + } if (Z_TYPE_PP(val) == IS_ARRAY) { zval ** zphrase; @@ -1673,21 +1674,19 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char * int type; what = zend_fetch_resource(val TSRMLS_CC, -1, "OpenSSL X.509/key", &type, 2, le_x509, le_key); - if (!what) + if (!what) { return NULL; - - if (resourceval) + } + if (resourceval) { *resourceval = Z_LVAL_PP(val); - + } if (type == le_x509) { /* extract key from cert, depending on public_key param */ cert = (X509*)what; free_cert = 0; - } - else if (type == le_key) { + } else if (type == le_key) { /* check whether it is actually a private key if requested */ - if (!public_key && !php_openssl_is_private_key((EVP_PKEY*)what TSRMLS_CC)) - { + if (!public_key && !php_openssl_is_private_key((EVP_PKEY*)what TSRMLS_CC)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "supplied key param is a public key"); return NULL; } @@ -1699,14 +1698,13 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char * /* other types could be used here - eg: file pointers and read in the data from them */ return NULL; - } - else { + } else { /* force it to be a string and check if it refers to a file */ convert_to_string_ex(val); - if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", 7) == 0) - filename = Z_STRVAL_PP(val) + 7; - + if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", sizeof("file://") - 1) == 0) { + filename = Z_STRVAL_PP(val) + (sizeof("file://") - 1); + } /* it's an X509 file/cert of some kind, and we need to extract the data from that */ if (public_key) { cert = php_openssl_x509_from_zval(val, 0, &cert_res TSRMLS_CC); @@ -1715,19 +1713,18 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char * if (!cert) { /* not a X509 certificate, try to retrieve public key */ BIO* in; - if (filename) + if (filename) { in = BIO_new_file(filename, "r"); - else + } else { in = BIO_new_mem_buf(Z_STRVAL_PP(val), Z_STRLEN_PP(val)); - - if (in == NULL) + } + if (in == NULL) { return NULL; - + } key = PEM_read_bio_PUBKEY(in, NULL,NULL, NULL); BIO_free(in); } - } - else { + } else { /* we want the private key */ if (filename) { BIO *in; @@ -1735,16 +1732,16 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char * return NULL; } in = BIO_new_file(filename, "r"); - if (in == NULL) + if (in == NULL) { return NULL; + } key = PEM_read_bio_PrivateKey(in, NULL,NULL, passphrase); BIO_free(in); - } - else { - BIO * b = BIO_new_mem_buf(Z_STRVAL_PP(val), Z_STRLEN_PP(val)); - if (b == NULL) + } else { + BIO *b = BIO_new_mem_buf(Z_STRVAL_PP(val), Z_STRLEN_PP(val)); + if (b == NULL) { return NULL; - + } key = (EVP_PKEY *) PEM_ASN1_read_bio((char *(*)())d2i_PrivateKey, PEM_STRING_EVP_PKEY, b, NULL, NULL, passphrase); @@ -1758,9 +1755,9 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char * key = (EVP_PKEY *) X509_get_pubkey(cert); } - if (free_cert && cert) + if (free_cert && cert) { X509_free(cert); - + } if (key && makeresource && resourceval) { *resourceval = ZEND_REGISTER_RESOURCE(NULL, key, le_key); } @@ -1819,8 +1816,9 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey TSRMLS_DC) case EVP_PKEY_RSA2: assert(pkey->pkey.rsa != NULL); - if (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q) + if (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q) { return 0; + } break; #endif #ifndef NO_DSA @@ -1831,16 +1829,18 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey TSRMLS_DC) case EVP_PKEY_DSA4: assert(pkey->pkey.dsa != NULL); - if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key) + if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){ return 0; + } break; #endif #ifndef NO_DH case EVP_PKEY_DH: assert(pkey->pkey.dh != NULL); - if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) + if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) { return 0; + } break; #endif default: @@ -1857,9 +1857,10 @@ PHP_FUNCTION(openssl_pkey_new) { struct php_x509_request req; zval * args = NULL; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|a!", &args) == FAILURE) - return; + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|a!", &args) == FAILURE) { + return; + } RETVAL_FALSE; PHP_SSL_REQ_INIT(&req); @@ -1890,9 +1891,9 @@ PHP_FUNCTION(openssl_pkey_export_to_file) BIO * bio_out = NULL; EVP_CIPHER * cipher; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) { return; - + } RETVAL_FALSE; key = php_openssl_evp_from_zval(&zpkey, 0, passphrase, 0, &key_resource TSRMLS_CC); @@ -1908,15 +1909,14 @@ PHP_FUNCTION(openssl_pkey_export_to_file) PHP_SSL_REQ_INIT(&req); - if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) - { + if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) { bio_out = BIO_new_file(filename, "w"); - if (passphrase && req.priv_key_encrypt) + if (passphrase && req.priv_key_encrypt) { cipher = EVP_des_ede3_cbc(); - else + } else { cipher = NULL; - + } if (PEM_write_bio_PrivateKey(bio_out, key, cipher, passphrase, passphrase_len, NULL, NULL)) { /* Success! * If returning the output as a string, do so now */ @@ -1928,8 +1928,9 @@ PHP_FUNCTION(openssl_pkey_export_to_file) if (key_resource == -1 && key) { EVP_PKEY_free(key); } - if (bio_out) + if (bio_out) { BIO_free(bio_out); + } } /* }}} */ @@ -1945,9 +1946,9 @@ PHP_FUNCTION(openssl_pkey_export) BIO * bio_out = NULL; EVP_CIPHER * cipher; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz|s!a!", &zpkey, &out, &passphrase, &passphrase_len, &args) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz|s!a!", &zpkey, &out, &passphrase, &passphrase_len, &args) == FAILURE) { return; - + } RETVAL_FALSE; key = php_openssl_evp_from_zval(&zpkey, 0, passphrase, 0, &key_resource TSRMLS_CC); @@ -1959,15 +1960,14 @@ PHP_FUNCTION(openssl_pkey_export) PHP_SSL_REQ_INIT(&req); - if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) - { + if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) { bio_out = BIO_new(BIO_s_mem()); - if (passphrase && req.priv_key_encrypt) + if (passphrase && req.priv_key_encrypt) { cipher = EVP_des_ede3_cbc(); - else + } else { cipher = NULL; - + } if (PEM_write_bio_PrivateKey(bio_out, key, cipher, passphrase, passphrase_len, NULL, NULL)) { /* Success! * If returning the output as a string, do so now */ @@ -1985,8 +1985,9 @@ PHP_FUNCTION(openssl_pkey_export) if (key_resource == -1 && key) { EVP_PKEY_free(key); } - if (bio_out) + if (bio_out) { BIO_free(bio_out); + } } /* }}} */ @@ -1997,9 +1998,9 @@ PHP_FUNCTION(openssl_pkey_get_public) zval *cert; EVP_PKEY *pkey; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &cert) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &cert) == FAILURE) { return; - + } Z_TYPE_P(return_value) = IS_RESOURCE; pkey = php_openssl_evp_from_zval(&cert, 1, NULL, 1, &Z_LVAL_P(return_value) TSRMLS_CC); @@ -2016,9 +2017,9 @@ PHP_FUNCTION(openssl_pkey_free) zval *key; EVP_PKEY *pkey; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &key) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &key) == FAILURE) { return; - + } ZEND_FETCH_RESOURCE(pkey, EVP_PKEY *, &key, -1, "OpenSSL key", le_key); zend_list_delete(Z_LVAL_P(key)); } @@ -2033,9 +2034,9 @@ PHP_FUNCTION(openssl_pkey_get_private) char * passphrase = ""; long passphrase_len; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|s", &cert, &passphrase, &passphrase_len) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|s", &cert, &passphrase, &passphrase_len) == FAILURE) { return; - + } Z_TYPE_P(return_value) = IS_RESOURCE; pkey = php_openssl_evp_from_zval(&cert, 0, passphrase, 1, &Z_LVAL_P(return_value) TSRMLS_CC); @@ -2069,29 +2070,32 @@ PHP_FUNCTION(openssl_pkcs7_verify) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sas", &filename, &filename_len, &flags, &signersfilename, &signersfilename_len, &cainfo, - &extracerts, &extracerts_len) == FAILURE) + &extracerts, &extracerts_len) == FAILURE) { return; + } if (extracerts) { others = load_all_certs_from_file(extracerts); - if (others == NULL) + if (others == NULL) { goto clean_exit; + } } flags = flags & ~PKCS7_DETACHED; store = setup_verify(cainfo TSRMLS_CC); - if (!store) + if (!store) { goto clean_exit; - + } if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { goto clean_exit; } in = BIO_new_file(filename, (flags & PKCS7_BINARY) ? "rb" : "r"); - if (in == NULL) + if (in == NULL) { goto clean_exit; + } p7 = SMIME_read_PKCS7(in, &datain); if (p7 == NULL) { #if DEBUG_SMIME @@ -2119,22 +2123,20 @@ PHP_FUNCTION(openssl_pkcs7_verify) int i; signers = PKCS7_get0_signers(p7, NULL, flags); - for(i = 0; i < sk_X509_num(signers); i++) + for(i = 0; i < sk_X509_num(signers); i++) { PEM_write_bio_X509(certout, sk_X509_value(signers, i)); - + } BIO_free(certout); sk_X509_free(signers); - } - else { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "signature OK, but cannot open %s for writing", - signersfilename); + } else { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "signature OK, but cannot open %s for writing", signersfilename); RETVAL_LONG(-1); } } goto clean_exit; - } - else + } else { RETVAL_FALSE; + } clean_exit: X509_STORE_free(store); BIO_free(datain); @@ -2174,12 +2176,14 @@ PHP_FUNCTION(openssl_pkcs7_encrypt) } infile = BIO_new_file(infilename, "r"); - if (infile == NULL) + if (infile == NULL) { goto clean_exit; + } outfile = BIO_new_file(outfilename, "w"); - if (outfile == NULL) + if (outfile == NULL) { goto clean_exit; + } recipcerts = sk_X509_new_null(); @@ -2190,48 +2194,53 @@ PHP_FUNCTION(openssl_pkcs7_encrypt) long certresource; cert = php_openssl_x509_from_zval(zcertval, 0, &certresource TSRMLS_CC); - if (cert == NULL) + if (cert == NULL) { goto clean_exit; + } if (certresource != -1) { /* we shouldn't free this particular cert, as it is a resource. make a copy and push that on the stack instead */ cert = X509_dup(cert); - if (cert == NULL) + if (cert == NULL) { goto clean_exit; + } } sk_X509_push(recipcerts, cert); zend_hash_move_forward_ex(HASH_OF(zrecipcerts), &hpos); } - } - else { + } else { /* a single certificate */ long certresource; cert = php_openssl_x509_from_zval(&zrecipcerts, 0, &certresource TSRMLS_CC); - if (cert == NULL) + if (cert == NULL) { goto clean_exit; + } if (certresource != -1) { /* we shouldn't free this particular cert, as it is a resource. make a copy and push that on the stack instead */ cert = X509_dup(cert); - if (cert == NULL) + if (cert == NULL) { goto clean_exit; + } } sk_X509_push(recipcerts, cert); } /* TODO: allow user to choose a different cipher */ cipher = EVP_rc2_40_cbc(); - if (cipher == NULL) + if (cipher == NULL) { goto clean_exit; + } p7 = PKCS7_encrypt(recipcerts, infile, cipher, flags); - if (p7 == NULL) + if (p7 == NULL) { goto clean_exit; + } /* tack on extra headers */ if (zheaders) { @@ -2241,10 +2250,11 @@ PHP_FUNCTION(openssl_pkcs7_encrypt) convert_to_string_ex(zcertval); - if (strindex) + if (strindex) { BIO_printf(outfile, "%s: %s\n", strindex, Z_STRVAL_PP(zcertval)); - else + } else { BIO_printf(outfile, "%s\n", Z_STRVAL_PP(zcertval)); + } zend_hash_move_forward_ex(HASH_OF(zheaders), &hpos); } @@ -2257,14 +2267,13 @@ PHP_FUNCTION(openssl_pkcs7_encrypt) RETVAL_TRUE; - clean_exit: PKCS7_free(p7); BIO_free(infile); BIO_free(outfile); - if (recipcerts) + if (recipcerts) { sk_X509_pop_free(recipcerts, X509_free); - + } } /* }}} */ @@ -2293,16 +2302,17 @@ PHP_FUNCTION(openssl_pkcs7_sign) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sszza!|ls", &infilename, &infilename_len, &outfilename, &outfilename_len, &zcert, &zprivkey, &zheaders, &flags, &extracertsfilename, - &extracertsfilename_len) == FAILURE) + &extracertsfilename_len) == FAILURE) { return; - + } RETVAL_FALSE; if (extracertsfilename) { others = load_all_certs_from_file(extracertsfilename); - if (others == NULL) + if (others == NULL) { goto clean_exit; + } } privkey = php_openssl_evp_from_zval(&zprivkey, 0, "", 0, &keyresource TSRMLS_CC); @@ -2349,11 +2359,11 @@ PHP_FUNCTION(openssl_pkcs7_sign) convert_to_string_ex(hval); - if (strindex) + if (strindex) { BIO_printf(outfile, "%s: %s\n", strindex, Z_STRVAL_PP(hval)); - else + } else { BIO_printf(outfile, "%s\n", Z_STRVAL_PP(hval)); - + } zend_hash_move_forward_ex(HASH_OF(zheaders), &hpos); } } @@ -2366,12 +2376,15 @@ clean_exit: PKCS7_free(p7); BIO_free(infile); BIO_free(outfile); - if (others) + if (others) { sk_X509_pop_free(others, X509_free); - if (privkey && keyresource == -1) + } + if (privkey && keyresource == -1) { EVP_PKEY_free(privkey); - if (cert && certresource == -1) + } + if (cert && certresource == -1) { X509_free(cert); + } } /* }}} */ @@ -2390,8 +2403,9 @@ PHP_FUNCTION(openssl_pkcs7_decrypt) char * outfilename; long outfilename_len; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssz|z", &infilename, &infilename_len, - &outfilename, &outfilename_len, &recipcert, &recipkey) == FAILURE) + &outfilename, &outfilename_len, &recipcert, &recipkey) == FAILURE) { return; + } RETVAL_FALSE; @@ -2422,21 +2436,23 @@ PHP_FUNCTION(openssl_pkcs7_decrypt) p7 = SMIME_read_PKCS7(in, &datain); - if (p7 == NULL) + if (p7 == NULL) { goto clean_exit; - - if (PKCS7_decrypt(p7, key, cert, out, PKCS7_DETACHED)) + } + if (PKCS7_decrypt(p7, key, cert, out, PKCS7_DETACHED)) { RETVAL_TRUE; - + } clean_exit: PKCS7_free(p7); BIO_free(datain); BIO_free(in); BIO_free(out); - if (cert && certresval == -1) + if (cert && certresval == -1) { X509_free(cert); - if (key && keyresval == -1) + } + if (key && keyresval == -1) { EVP_PKEY_free(key); + } } /* }}} */ @@ -2455,9 +2471,9 @@ PHP_FUNCTION(openssl_private_encrypt) char * data; long data_len, padding = RSA_PKCS1_PADDING; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz|l", &data, &data_len, &crypted, &key, &padding) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz|l", &data, &data_len, &crypted, &key, &padding) == FAILURE) { return; - + } RETVAL_FALSE; pkey = php_openssl_evp_from_zval(&key, 0, "", 0, &keyresource TSRMLS_CC); @@ -2490,10 +2506,12 @@ PHP_FUNCTION(openssl_private_encrypt) cryptedbuf = NULL; RETVAL_TRUE; } - if (cryptedbuf) + if (cryptedbuf) { efree(cryptedbuf); - if (keyresource == -1) + } + if (keyresource == -1) { EVP_PKEY_free(pkey); + } } /* }}} */ @@ -2512,9 +2530,9 @@ PHP_FUNCTION(openssl_private_decrypt) char * data; long data_len; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz|l", &data, &data_len, &crypted, &key, &padding) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz|l", &data, &data_len, &crypted, &key, &padding) == FAILURE) { return; - + } RETVAL_FALSE; pkey = php_openssl_evp_from_zval(&key, 0, "", 0, &keyresource TSRMLS_CC); @@ -2554,10 +2572,12 @@ PHP_FUNCTION(openssl_private_decrypt) RETVAL_TRUE; } - if (keyresource == -1) + if (keyresource == -1) { EVP_PKEY_free(pkey); - if (cryptedbuf) + } + if (cryptedbuf) { efree(cryptedbuf); + } } /* }}} */ @@ -2610,10 +2630,12 @@ PHP_FUNCTION(openssl_public_encrypt) cryptedbuf = NULL; RETVAL_TRUE; } - if (keyresource == -1) + if (keyresource == -1) { EVP_PKEY_free(pkey); - if (cryptedbuf) + } + if (cryptedbuf) { efree(cryptedbuf); + } } /* }}} */ @@ -2632,9 +2654,9 @@ PHP_FUNCTION(openssl_public_decrypt) char * data; long data_len; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz|l", &data, &data_len, &crypted, &key, &padding) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz|l", &data, &data_len, &crypted, &key, &padding) == FAILURE) { return; - + } RETVAL_FALSE; pkey = php_openssl_evp_from_zval(&key, 1, NULL, 0, &keyresource TSRMLS_CC); @@ -2676,10 +2698,12 @@ PHP_FUNCTION(openssl_public_decrypt) RETVAL_TRUE; } - if (cryptedbuf) + if (cryptedbuf) { efree(cryptedbuf); - if (keyresource == -1) + } + if (keyresource == -1) { EVP_PKEY_free(pkey); + } } /* }}} */ @@ -2695,12 +2719,9 @@ PHP_FUNCTION(openssl_error_string) } val = ERR_get_error(); - if (val) - { + if (val) { RETURN_STRING(ERR_error_string(val, buf), 1); - } - else - { + } else { RETURN_FALSE; } } @@ -2718,9 +2739,9 @@ PHP_FUNCTION(openssl_sign) char * data; long data_len; EVP_MD_CTX md_ctx; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz", &data, &data_len, &signature, &key) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz", &data, &data_len, &signature, &key) == FAILURE) { return; - + } pkey = php_openssl_evp_from_zval(&key, 0, "", 0, &keyresource TSRMLS_CC); if (pkey == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "supplied key param cannot be coerced into a private key"); @@ -2741,8 +2762,9 @@ PHP_FUNCTION(openssl_sign) efree(sigbuf); RETVAL_FALSE; } - if (keyresource == -1) + if (keyresource == -1) { EVP_PKEY_free(pkey); + } } /* }}} */ @@ -2758,9 +2780,9 @@ PHP_FUNCTION(openssl_verify) char * data; long data_len; char * signature; long signature_len; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssz", &data, &data_len, - &signature, &signature_len, &key) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssz", &data, &data_len, &signature, &signature_len, &key) == FAILURE) { return; + } pkey = php_openssl_evp_from_zval(&key, 1, NULL, 0, &keyresource TSRMLS_CC); if (pkey == NULL) { @@ -2772,9 +2794,9 @@ PHP_FUNCTION(openssl_verify) EVP_VerifyUpdate (&md_ctx, data, data_len); err = EVP_VerifyFinal (&md_ctx, signature, signature_len, pkey); - if (keyresource == -1) + if (keyresource == -1) { EVP_PKEY_free(pkey); - + } RETURN_LONG(err); } /* }}} */ @@ -2793,15 +2815,14 @@ PHP_FUNCTION(openssl_seal) char * data; long data_len; EVP_CIPHER_CTX ctx; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/", - &data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/", &data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE) { return; + } pubkeysht = HASH_OF(pubkeys); nkeys = pubkeysht ? zend_hash_num_elements(pubkeysht) : 0; if (!nkeys) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, - "Fourth argument to openssl_seal() must be a non-empty array"); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Fourth argument to openssl_seal() must be a non-empty array"); RETURN_FALSE; } @@ -2826,14 +2847,10 @@ PHP_FUNCTION(openssl_seal) i++; } -#if OPENSSL_VERSION_NUMBER >= 0x0090600fL if (!EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL)) { RETVAL_FALSE; goto clean_exit; } -#else - EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL); -#endif #if 0 /* Need this if allow ciphers that require initialization vector */ @@ -2843,21 +2860,12 @@ PHP_FUNCTION(openssl_seal) /* allocate one byte extra to make room for \0 */ buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx)); - if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys) -#if OPENSSL_VERSION_NUMBER >= 0x0090600fL - || !EVP_SealUpdate(&ctx, buf, &len1, data, data_len) -#endif - ) - { + if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, data, data_len)) { RETVAL_FALSE; efree(buf); goto clean_exit; - } -#if OPENSSL_VERSION_NUMBER < 0x0090600fL - EVP_SealUpdate(&ctx, buf, &len1, data, data_len); -#endif EVP_SealFinal(&ctx, buf + len1, &len2); if (len1 + len2 > 0) { @@ -2888,18 +2896,19 @@ PHP_FUNCTION(openssl_seal) ZVAL_EMPTY_STRING(*ivec); } #endif - } - else + } else { efree(buf); - + } RETVAL_LONG(len1 + len2); clean_exit: for (i=0; i= 0x0090600fL - && EVP_OpenUpdate(&ctx, buf, &len1, data, data_len) -#endif - ) { -#if OPENSSL_VERSION_NUMBER < 0x0090600fL - EVP_OpenUpdate(&ctx, buf, &len1, data, data_len); -#endif - if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || - (len1 + len2 == 0)) { + if (EVP_OpenInit(&ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, data, data_len)) { + if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) { efree(buf); - if (keyresource == -1) + if (keyresource == -1) { EVP_PKEY_free(pkey); + } RETURN_FALSE; } } else { efree(buf); - if (keyresource == -1) + if (keyresource == -1) { EVP_PKEY_free(pkey); - + } RETURN_FALSE; } - if (keyresource == -1) + if (keyresource == -1) { EVP_PKEY_free(pkey); - + } zval_dtor(opendata); buf[len1 + len2] = '\0'; ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); -- 2.40.0