summaryrefslogtreecommitdiff
path: root/ext/openssl/openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'ext/openssl/openssl.c')
-rw-r--r--ext/openssl/openssl.c138
1 files changed, 105 insertions, 33 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index d7ac117e5..f1dfa5024 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -561,6 +561,7 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req
static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int shortname TSRMLS_DC) /* {{{ */
{
+ zval **data;
zval *subitem, *subentries;
int i, j = -1, last = -1, obj_cnt = 0;
char *sname;
@@ -578,7 +579,7 @@ static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int s
for (i = 0; i < X509_NAME_entry_count(name); i++) {
unsigned char *to_add;
- int to_add_len;
+ int to_add_len = 0;
ne = X509_NAME_get_entry(name, i);
@@ -592,39 +593,27 @@ static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int s
sname = (char *) OBJ_nid2ln(nid);
}
- MAKE_STD_ZVAL(subentries);
- array_init(subentries);
+ str = X509_NAME_ENTRY_get_data(ne);
+ if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) {
+ to_add_len = ASN1_STRING_to_UTF8(&to_add, str);
+ } else {
+ to_add = ASN1_STRING_data(str);
+ to_add_len = ASN1_STRING_length(str);
+ }
- last = -1;
- for (;;) {
- j = X509_NAME_get_index_by_OBJ(name, obj, last);
- if (j < 0) {
- if (last != -1) break;
- } else {
- obj_cnt++;
- ne = X509_NAME_get_entry(name, j);
- str = X509_NAME_ENTRY_get_data(ne);
- if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) {
- to_add_len = ASN1_STRING_to_UTF8(&to_add, str);
- if (to_add_len != -1) {
- add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1);
- }
- } else {
- to_add = ASN1_STRING_data(str);
- to_add_len = ASN1_STRING_length(str);
+ if (to_add_len != -1) {
+ if (zend_hash_find(Z_ARRVAL_P(subitem), sname, strlen(sname)+1, (void**)&data) == SUCCESS) {
+ if (Z_TYPE_PP(data) == IS_ARRAY) {
+ subentries = *data;
+ add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1);
+ } else if (Z_TYPE_PP(data) == IS_STRING) {
+ MAKE_STD_ZVAL(subentries);
+ array_init(subentries);
+ add_next_index_stringl(subentries, Z_STRVAL_PP(data), Z_STRLEN_PP(data), 1);
add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1);
+ zend_hash_update(Z_ARRVAL_P(subitem), sname, strlen(sname)+1, &subentries, sizeof(zval*), NULL);
}
- }
- last = j;
- }
- i = last;
-
- if (obj_cnt > 1) {
- add_assoc_zval_ex(subitem, sname, strlen(sname) + 1, subentries);
- } else {
- zval_dtor(subentries);
- FREE_ZVAL(subentries);
- if (obj_cnt && str && to_add_len > -1) {
+ } else {
add_assoc_stringl(subitem, sname, (char *)to_add, to_add_len, 1);
}
}
@@ -1398,6 +1387,74 @@ PHP_FUNCTION(openssl_x509_check_private_key)
}
/* }}} */
+/* Special handling of subjectAltName, see CVE-2013-4073
+ * Christian Heimes
+ */
+
+static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
+{
+ GENERAL_NAMES *names;
+ const X509V3_EXT_METHOD *method = NULL;
+ long i, length, num;
+ const unsigned char *p;
+
+ method = X509V3_EXT_get(extension);
+ if (method == NULL) {
+ return -1;
+ }
+
+ p = extension->value->data;
+ length = extension->value->length;
+ if (method->it) {
+ names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
+ ASN1_ITEM_ptr(method->it)));
+ } else {
+ names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length));
+ }
+ if (names == NULL) {
+ return -1;
+ }
+
+ num = sk_GENERAL_NAME_num(names);
+ for (i = 0; i < num; i++) {
+ GENERAL_NAME *name;
+ ASN1_STRING *as;
+ name = sk_GENERAL_NAME_value(names, i);
+ switch (name->type) {
+ case GEN_EMAIL:
+ BIO_puts(bio, "email:");
+ as = name->d.rfc822Name;
+ BIO_write(bio, ASN1_STRING_data(as),
+ ASN1_STRING_length(as));
+ break;
+ case GEN_DNS:
+ BIO_puts(bio, "DNS:");
+ as = name->d.dNSName;
+ BIO_write(bio, ASN1_STRING_data(as),
+ ASN1_STRING_length(as));
+ break;
+ case GEN_URI:
+ BIO_puts(bio, "URI:");
+ as = name->d.uniformResourceIdentifier;
+ BIO_write(bio, ASN1_STRING_data(as),
+ ASN1_STRING_length(as));
+ break;
+ default:
+ /* use builtin print for GEN_OTHERNAME, GEN_X400,
+ * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID
+ */
+ GENERAL_NAME_print(bio, name);
+ }
+ /* trailing ', ' except for last element */
+ if (i < (num - 1)) {
+ BIO_puts(bio, ", ");
+ }
+ }
+ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
+
+ return 0;
+}
+
/* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true])
Returns an array of the fields/values of the CERT */
PHP_FUNCTION(openssl_x509_parse)
@@ -1494,15 +1551,30 @@ PHP_FUNCTION(openssl_x509_parse)
for (i = 0; i < X509_get_ext_count(cert); i++) {
+ int nid;
extension = X509_get_ext(cert, i);
- if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) {
+ nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
+ if (nid != NID_undef) {
extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
} else {
OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1);
extname = buf;
}
bio_out = BIO_new(BIO_s_mem());
- if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
+ if (nid == NID_subject_alt_name) {
+ if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) {
+ BIO_get_mem_ptr(bio_out, &bio_buf);
+ add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
+ } else {
+ zval_dtor(return_value);
+ if (certresource == -1 && cert) {
+ X509_free(cert);
+ }
+ BIO_free(bio_out);
+ RETURN_FALSE;
+ }
+ }
+ else if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
BIO_get_mem_ptr(bio_out, &bio_buf);
add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
} else {
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 10:19:18 +0000