Add PKCS7_NOOLDMIMETYPE and OPENSSL_CMS_OLDMIMETYPE

PKCS7_NOOLDMIMETYPE to use Content-Type application/pkcs7-mime OPENSSL_CMS_OLDMIMETYPE to use Content-Type application/x-pkcs7-mime SMIME_write_PKCS7 and SMIME_write_CMS are using SMIME_write_ASN1_ex. The Content-Type application/x-pkcs7-mime is generated with the flag SMIME_OLDMIME (0x400).[^1] SMIME_write_PKCS7 set SMIME_OLDMIME by default.[^2] SMIME_write_CMS does not.[^3] I picked OPENSSL_CMS_OLDMIMETYPE over OPENSSL_CMS_NOOLDMIMETYPE because that's what the flag actually does. [^1]: 9a2f78e14a/crypto/asn1/asn_mime.c (L248-L251) [^2]: 9a2f78e14a/crypto/pkcs7/pk7_mime.c (L41-L43) [^3]: 9a2f78e14a/crypto/cms/cms_io.c (L93) Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2025-08-15 21:48:51 +02:00 · 2023-02-25 10:22:09 +01:00 · 2023-02-25 10:22:09 +01:00 · fa10dfcc81
commit fa10dfcc81
parent f18a0384c1
6 changed files with 51 additions and 1 deletions
--- a/4
+++ b/4
@ -115,6 +115,10 @@ PHP                                                                        NEWS
  . Added memfd api usage, on Linux, for zend_shared_alloc_create_lock()
    to create an abstract anonymous file for the opcache's lock. (Max Kellermann)

+- OpenSSL:
+  . Added OPENSSL_CMS_OLDMIMETYPE and PKCS7_NOOLDMIMETYPE contants to switch
+    between mime content types. (Daniel Kesselberg)
+
 - PCNTL:
  . SA_ONSTACK is now set for pcntl_signal. (Kévin Dunglas)
  . Added SIGINFO constant. (David Carlier)
--- a/4
+++ b/4
@ -214,6 +214,10 @@ PHP 8.3 UPGRADE NOTES
  . MIXED_NUMBERS (Spoofchecker).
  . HIDDEN_OVERLAY (Spoofchecker).

+- OpenSSL:
+  . OPENSSL_CMS_OLDMIMETYPE
+  . PKCS7_NOOLDMIMETYPE
+
 - PCNTL:
  . SIGINFO

--- a/ext/openssl/openssl.stub.php
+++ b/ext/openssl/openssl.stub.php
@ -161,6 +161,11 @@ const PKCS7_BINARY = UNKNOWN;
 * @cvalue PKCS7_NOSIGS
 */
 const PKCS7_NOSIGS = UNKNOWN;
+/**
+ * @var int
+ * @cvalue PKCS7_NOOLDMIMETYPE
+ */
+const PKCS7_NOOLDMIMETYPE = UNKNOWN;

 /**
 * @var int
@ -202,6 +207,11 @@ const OPENSSL_CMS_BINARY = UNKNOWN;
 * @cvalue CMS_NOSIGS
 */
 const OPENSSL_CMS_NOSIGS = UNKNOWN;
+/**
+ * @var int
+ * @cvalue CMS_NOOLDMIMETYPE
+ */
+const OPENSSL_CMS_OLDMIMETYPE = UNKNOWN;

 /**
 * @var int
--- a/ext/openssl/openssl_arginfo.h
+++ b/ext/openssl/openssl_arginfo.h
@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: be79b4cc0d9eb4469c43f10208b86369dcc1239d */
+ * Stub hash: 549946c91248fddc4d43502d32335b68cfbe71f2 */

 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_openssl_x509_export_to_file, 0, 2, _IS_BOOL, 0)
 	ZEND_ARG_OBJ_TYPE_MASK(0, certificate, OpenSSLCertificate, MAY_BE_STRING, NULL)
@ -578,6 +578,7 @@ static void register_openssl_symbols(int module_number)
 	REGISTER_LONG_CONSTANT("PKCS7_NOATTR", PKCS7_NOATTR, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("PKCS7_BINARY", PKCS7_BINARY, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("PKCS7_NOOLDMIMETYPE", PKCS7_NOOLDMIMETYPE, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_CMS_DETACHED", CMS_DETACHED, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_CMS_TEXT", CMS_TEXT, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_CMS_NOINTERN", CMS_NOINTERN, CONST_PERSISTENT);
@ -586,6 +587,7 @@ static void register_openssl_symbols(int module_number)
 	REGISTER_LONG_CONSTANT("OPENSSL_CMS_NOATTR", CMS_NOATTR, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_CMS_BINARY", CMS_BINARY, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_CMS_NOSIGS", CMS_NOSIGS, CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("OPENSSL_CMS_OLDMIMETYPE", CMS_NOOLDMIMETYPE, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_PERSISTENT);
 #if defined(RSA_SSLV23_PADDING)
 	REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_PERSISTENT);
--- a/ext/openssl/tests/openssl_cms_encrypt_basic.phpt
+++ b/ext/openssl/tests/openssl_cms_encrypt_basic.phpt
@ -9,6 +9,9 @@ $outfile = tempnam(sys_get_temp_dir(), "cms_enc_basic");
 if ($outfile === false)
    die("failed to get a temporary filename!");
 $outfile2 = $outfile . ".out";
+$outfile3 = tempnam(sys_get_temp_dir(), "cms_enc_basic");
+if ($outfile3 === false)
+    die("failed to get a temporary filename!");
 $single_cert = "file://" . __DIR__ . "/cert.crt";
 $privkey = "file://" . __DIR__ . "/private_rsa_1024.key";
 $wrongkey = "file://" . __DIR__ . "/private_rsa_2048.key";
@ -33,6 +36,7 @@ var_dump(openssl_cms_encrypt($infile, $outfile, $wrong, $headers, cipher_algo: $
 var_dump(openssl_cms_encrypt($infile, $outfile, $empty, $headers, cipher_algo: $cipher));
 var_dump(openssl_cms_encrypt($infile, $outfile, $multi_certs, $headers, cipher_algo: $cipher));
 var_dump(openssl_cms_encrypt($infile, $outfile, array_map('openssl_x509_read', $multi_certs), $headers, cipher_algo: $cipher));
+var_dump(openssl_cms_encrypt($infile, $outfile3, $single_cert, $headers, flags: OPENSSL_CMS_OLDMIMETYPE, cipher_algo: $cipher));

 if (file_exists($outfile)) {
    echo "true\n";
@ -42,6 +46,15 @@ if (file_exists($outfile2)) {
    echo "true\n";
    unlink($outfile2);
 }
+
+if (file_exists($outfile3)) {
+    $content = file_get_contents($outfile3, false, null, 0, 256);
+    if (str_contains($content, 'Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"')) {
+        echo "true\n";
+    }
+    unset($content); 
+    unlink($outfile3);
+}
 ?>
 --EXPECT--
 bool(true)
@ -57,5 +70,7 @@ bool(false)
 bool(false)
 bool(true)
 bool(true)
+bool(true)
+true
 true
 true
--- a/ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt
+++ b/ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt
@ -11,6 +11,9 @@ if ($outfile === false)
 $outfile2 = tempnam(sys_get_temp_dir(), "ssl");
 if ($outfile2 === false)
    die("failed to get a temporary filename!");
+$outfile3 = tempnam(sys_get_temp_dir(), "ssl");
+if ($outfile3 === false)
+    die("failed to get a temporary filename!");

 $single_cert = "file://" . __DIR__ . "/cert.crt";
 $privkey = "file://" . __DIR__ . "/private_rsa_1024.key";
@ -34,6 +37,7 @@ var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong, $headers, 0, $cipher))
 var_dump(openssl_pkcs7_encrypt($infile, $outfile, $empty, $headers, 0, $cipher));
 var_dump(openssl_pkcs7_encrypt($infile, $outfile, $multi_certs, $headers, 0, $cipher));
 var_dump(openssl_pkcs7_encrypt($infile, $outfile, array_map('openssl_x509_read', $multi_certs), $headers, 0, $cipher));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile3, $single_cert, $headers, PKCS7_NOOLDMIMETYPE, $cipher));

 if (file_exists($outfile)) {
    echo "true\n";
@ -43,6 +47,15 @@ if (file_exists($outfile2)) {
    echo "true\n";
    unlink($outfile2);
 }
+
+if (file_exists($outfile3)) {
+    $content = file_get_contents($outfile3, false, null, 0, 256);
+    if (str_contains($content, 'Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"')) {
+        echo "true\n";
+    }
+    unset($content); 
+    unlink($outfile3);
+}
 ?>
 --EXPECT--
 bool(true)
@ -57,5 +70,7 @@ bool(false)
 bool(false)
 bool(true)
 bool(true)
+bool(true)
+true
 true
 true