- #37820, add support for algorithm type in openssl_verify()

2025-08-18 15:08:55 +02:00 · 2006-07-29 21:54:46 +00:00 · 2006-07-29 21:54:46 +00:00 · 1329f72f90
commit 1329f72f90
parent 317bedda3f
4 changed files with 99 additions and 22 deletions
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@ -563,6 +563,30 @@ static int php_openssl_write_rand_file(const char * file, int egdsocket, int see
 	}
 	return SUCCESS;
 }
+
+static EVP_MD * php_openssl_get_evp_md_from_algo(long algo) { /* {{{ */
+	EVP_MD *mdtype;
+
+	switch (algo) {
+		case OPENSSL_ALGO_SHA1:
+			mdtype = (EVP_MD *) EVP_sha1();
+			break;
+		case OPENSSL_ALGO_MD5:
+			mdtype = (EVP_MD *) EVP_md5();
+			break;
+		case OPENSSL_ALGO_MD4:
+			mdtype = (EVP_MD *) EVP_md4();
+			break;
+		case OPENSSL_ALGO_MD2:
+			mdtype = (EVP_MD *) EVP_md2();
+			break;
+		default:
+			return NULL;
+			break;
+	}
+	return mdtype;
+}
+/* }}} */
 /* }}} */

 /* {{{ PHP_MINIT_FUNCTION
@ -2860,7 +2884,7 @@ PHP_FUNCTION(openssl_error_string)
 }
 /* }}} */

-/* {{{ proto bool openssl_sign(string data, &string signature, mixed key)
+/* {{{ proto bool openssl_sign(string data, &string signature, mixed key[, int signature_alg])
   Signs data */
 PHP_FUNCTION(openssl_sign)
 {
@ -2884,23 +2908,10 @@ PHP_FUNCTION(openssl_sign)
 		RETURN_FALSE;
 	}

-	switch (signature_algo) {
-		case OPENSSL_ALGO_SHA1:
-			mdtype = (EVP_MD *) EVP_sha1();
-			break;
-		case OPENSSL_ALGO_MD5:
-			mdtype = (EVP_MD *) EVP_md5();
-			break;
-		case OPENSSL_ALGO_MD4:
-			mdtype = (EVP_MD *) EVP_md4();
-			break;
-		case OPENSSL_ALGO_MD2:
-			mdtype = (EVP_MD *) EVP_md2();
-			break;
-		default:
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature algorithm.");
-			RETURN_FALSE;
-			break;
+	mdtype = php_openssl_get_evp_md_from_algo(signature_algo);
+	if (!mdtype) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature algorithm.");
+		RETURN_FALSE;
 	}

 	siglen = EVP_PKEY_size(pkey);
@ -2931,21 +2942,29 @@ PHP_FUNCTION(openssl_verify)
 	EVP_PKEY *pkey;
 	int err;
 	EVP_MD_CTX     md_ctx;
+	EVP_MD *mdtype;
 	long keyresource = -1;
 	char * data;	int data_len;
 	char * signature;	int signature_len;
-
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssz", &data, &data_len, &signature, &signature_len, &key) == FAILURE) {
+	long signature_algo = OPENSSL_ALGO_SHA1;
+	
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssz|l", &data, &data_len, &signature, &signature_len, &key, &signature_algo) == FAILURE) {
 		return;
 	}
-	
+
+	mdtype = php_openssl_get_evp_md_from_algo(signature_algo);
+	if (!mdtype) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature algorithm.");
+		RETURN_FALSE;
+	}
+
 	pkey = php_openssl_evp_from_zval(&key, 1, NULL, 0, &keyresource TSRMLS_CC);
 	if (pkey == NULL) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "supplied key param cannot be coerced into a public key");
 		RETURN_FALSE;
 	}

-	EVP_VerifyInit   (&md_ctx, EVP_sha1());
+	EVP_VerifyInit   (&md_ctx, mdtype);
 	EVP_VerifyUpdate (&md_ctx, data, data_len);
 	err = EVP_VerifyFinal (&md_ctx, signature, signature_len, pkey);

--- a/ext/openssl/tests/bug37820.phpt
+++ b/ext/openssl/tests/bug37820.phpt
@ -0,0 +1,35 @@
+--TEST--
+openssl_sign/verify: accept different algos 
+--SKIPIF--
+<?php 
+if (!extension_loaded("openssl")) die("skip"); 
+?>
+--FILE--
+<?php 
+$dir = dirname(__FILE__);
+$file_pub = $dir . '/bug37820cert.pem';
+$file_key = $dir . '/bug37820key.pem';
+
+$priv_key = file_get_contents($file_key);
+$priv_key_id = openssl_get_privatekey($priv_key);
+
+
+
+$pub_key = file_get_contents($file_pub);
+$pub_key_id = openssl_get_publickey($pub_key);
+$data = "some custom data";
+if (!openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_MD5)) {
+	echo "openssl_sign failed.";
+}
+
+$ok = openssl_verify($data, $signature, $pub_key_id, OPENSSL_ALGO_MD5);
+if ($ok == 1) {
+   echo "Ok";
+} elseif ($ok == 0) {
+   echo "openssl_verify failed.";
+}
+
+
+?>
+--EXPECTF--
+Ok
--- a/ext/openssl/tests/bug37820cert.pem
+++ b/ext/openssl/tests/bug37820cert.pem
@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
+bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
+dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
+DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
+EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
+dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
+EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
+L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
+BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
+9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
+-----END CERTIFICATE-----
--- a/ext/openssl/tests/bug37820key.pem
+++ b/ext/openssl/tests/bug37820key.pem
@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
+2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
+oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
+8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
+a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
+WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
+6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
+-----END RSA PRIVATE KEY-----