829 static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req);
1028 static int add_oid_section(struct php_x509_request * req) /* {{{ */  in add_oid_section()  argument
1035 	str = CONF_get_string(req->req_config, NULL, "oid_section");  in add_oid_section()
1040 	sktmp = CONF_get_section(req->req_config, str);  in add_oid_section()
1059 #define PHP_SSL_REQ_INIT(req)		memset(req, 0, sizeof(*req))  argument
1060 #define PHP_SSL_REQ_DISPOSE(req)	php_openssl_dispose_config(req)  argument
1061 #define PHP_SSL_REQ_PARSE(req, zval)	php_openssl_parse_config(req, zval)  argument
1063 #define PHP_SSL_CONFIG_SYNTAX_CHECK(var) if (req->var && php_openssl_config_check_syntax(#var, \
1064 			req->config_filename, req->var, req->req_config) == FAILURE) return FAILURE
1105 static int php_openssl_parse_config(struct php_x509_request * req, zval * optional_args) /* {{{ */  in php_openssl_parse_config()  argument
1110 	SET_OPTIONAL_STRING_ARG("config", req->config_filename, default_ssl_conf_filename);  in php_openssl_parse_config()
1111 	SET_OPTIONAL_STRING_ARG("config_section_name", req->section_name, "req");  in php_openssl_parse_config()
1112 	req->global_config = CONF_load(NULL, default_ssl_conf_filename, NULL);  in php_openssl_parse_config()
1113 	if (req->global_config == NULL) {  in php_openssl_parse_config()
1116 	req->req_config = CONF_load(NULL, req->config_filename, NULL);  in php_openssl_parse_config()
1117 	if (req->req_config == NULL) {  in php_openssl_parse_config()
1123 	str = CONF_get_string(req->req_config, NULL, "oid_file");  in php_openssl_parse_config()
1134 	if (add_oid_section(req) == FAILURE) {  in php_openssl_parse_config()
1137 	SET_OPTIONAL_STRING_ARG("digest_alg", req->digest_name,  in php_openssl_parse_config()
1138 		CONF_get_string(req->req_config, req->section_name, "default_md"));  in php_openssl_parse_config()
1139 	SET_OPTIONAL_STRING_ARG("x509_extensions", req->extensions_section,  in php_openssl_parse_config()
1140 		CONF_get_string(req->req_config, req->section_name, "x509_extensions"));  in php_openssl_parse_config()
1141 	SET_OPTIONAL_STRING_ARG("req_extensions", req->request_extensions_section,  in php_openssl_parse_config()
1142 		CONF_get_string(req->req_config, req->section_name, "req_extensions"));  in php_openssl_parse_config()
1143 	SET_OPTIONAL_LONG_ARG("private_key_bits", req->priv_key_bits,  in php_openssl_parse_config()
1144 		CONF_get_number(req->req_config, req->section_name, "default_bits"));  in php_openssl_parse_config()
1146 	SET_OPTIONAL_LONG_ARG("private_key_type", req->priv_key_type, OPENSSL_KEYTYPE_DEFAULT);  in php_openssl_parse_config()
1149 		req->priv_key_encrypt = Z_TYPE_P(item) == IS_TRUE ? 1 : 0;  in php_openssl_parse_config()
1151 		str = CONF_get_string(req->req_config, req->section_name, "encrypt_rsa_key");  in php_openssl_parse_config()
1153 			str = CONF_get_string(req->req_config, req->section_name, "encrypt_key");  in php_openssl_parse_config()
1158 			req->priv_key_encrypt = 0;  in php_openssl_parse_config()
1160 			req->priv_key_encrypt = 1;  in php_openssl_parse_config()
1164 …if (req->priv_key_encrypt && optional_args && (item = zend_hash_str_find(Z_ARRVAL_P(optional_args)…  in php_openssl_parse_config()
1172 			req->priv_key_encrypt_cipher = cipher;  in php_openssl_parse_config()
1175 		req->priv_key_encrypt_cipher = NULL;  in php_openssl_parse_config()
1181 	if (req->digest_name == NULL) {  in php_openssl_parse_config()
1182 		req->digest_name = CONF_get_string(req->req_config, req->section_name, "default_md");  in php_openssl_parse_config()
1184 	if (req->digest_name != NULL) {  in php_openssl_parse_config()
1185 		req->digest = req->md_alg = EVP_get_digestbyname(req->digest_name);  in php_openssl_parse_config()
1189 	if (req->md_alg == NULL) {  in php_openssl_parse_config()
1190 		req->md_alg = req->digest = EVP_sha1();  in php_openssl_parse_config()
1197 	req->curve_name = NID_undef;  in php_openssl_parse_config()
1200 		req->curve_name = OBJ_sn2nid(Z_STRVAL_P(item));  in php_openssl_parse_config()
1201 		if (req->curve_name == NID_undef) {  in php_openssl_parse_config()
1209 	str = CONF_get_string(req->req_config, req->section_name, "string_mask");  in php_openssl_parse_config()
1223 static void php_openssl_dispose_config(struct php_x509_request * req) /* {{{ */  in php_openssl_dispose_config()  argument
1225 	if (req->priv_key) {  in php_openssl_dispose_config()
1226 		EVP_PKEY_free(req->priv_key);  in php_openssl_dispose_config()
1227 		req->priv_key = NULL;  in php_openssl_dispose_config()
1229 	if (req->global_config) {  in php_openssl_dispose_config()
1230 		CONF_free(req->global_config);  in php_openssl_dispose_config()
1231 		req->global_config = NULL;  in php_openssl_dispose_config()
1233 	if (req->req_config) {  in php_openssl_dispose_config()
1234 		CONF_free(req->req_config);  in php_openssl_dispose_config()
1235 		req->req_config = NULL;  in php_openssl_dispose_config()
3027 static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, zval * dn, zval * at…  in php_openssl_make_REQ()  argument
3032 	dn_sect = CONF_get_string(req->req_config, req->section_name, "distinguished_name");  in php_openssl_make_REQ()
3037 	dn_sk = CONF_get_section(req->req_config, dn_sect);  in php_openssl_make_REQ()
3042 	attr_sect = CONF_get_string(req->req_config, req->section_name, "attributes");  in php_openssl_make_REQ()
3047 		attr_sk = CONF_get_section(req->req_config, attr_sect);  in php_openssl_make_REQ()
3182 	if (!X509_REQ_set_pubkey(csr, req->priv_key)) {  in php_openssl_make_REQ()
3356 	struct php_x509_request req;  in PHP_FUNCTION()  local
3362 	PHP_SSL_REQ_INIT(&req);  in PHP_FUNCTION()
3387 	if (PHP_SSL_REQ_PARSE(&req, args) == FAILURE) {  in PHP_FUNCTION()
3441 	if (req.extensions_section) {  in PHP_FUNCTION()
3445 		X509V3_set_conf_lhash(&ctx, req.req_config);  in PHP_FUNCTION()
3446 		if (!X509V3_EXT_add_conf(req.req_config, &ctx, req.extensions_section, new_cert)) {  in PHP_FUNCTION()
3453 	if (!X509_sign(new_cert, priv_key, req.digest)) {  in PHP_FUNCTION()
3468 	PHP_SSL_REQ_DISPOSE(&req);  in PHP_FUNCTION()
3492 	struct php_x509_request req;  in PHP_FUNCTION()  local
3504 	PHP_SSL_REQ_INIT(&req);  in PHP_FUNCTION()
3506 	if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) {  in PHP_FUNCTION()
3509 			req.priv_key = php_openssl_evp_from_zval(out_pkey, 0, NULL, 0, 0, &key_resource);  in PHP_FUNCTION()
3510 			if (req.priv_key != NULL) {  in PHP_FUNCTION()
3514 		if (req.priv_key == NULL) {  in PHP_FUNCTION()
3515 			php_openssl_generate_private_key(&req);  in PHP_FUNCTION()
3517 		if (req.priv_key == NULL) {  in PHP_FUNCTION()
3522 				if (php_openssl_make_REQ(&req, csr, dn, attribs) == SUCCESS) {  in PHP_FUNCTION()
3526 					X509V3_set_conf_lhash(&ext_ctx, req.req_config);  in PHP_FUNCTION()
3529 					if (req.request_extensions_section && !X509V3_EXT_REQ_add_conf(req.req_config,  in PHP_FUNCTION()
3530 								&ext_ctx, req.request_extensions_section, csr))  in PHP_FUNCTION()
3533 …php_error_docref(NULL, E_WARNING, "Error loading extension section %s", req.request_extensions_sec…  in PHP_FUNCTION()
3537 						if (X509_REQ_sign(csr, req.priv_key, req.digest)) {  in PHP_FUNCTION()
3548 							ZVAL_RES(out_pkey, zend_register_resource(req.priv_key, le_key));  in PHP_FUNCTION()
3549 							req.priv_key = NULL; /* make sure the cleanup code doesn't zap it! */  in PHP_FUNCTION()
3551 							req.priv_key = NULL; /* make sure the cleanup code doesn't zap it! */  in PHP_FUNCTION()
3558 						req.priv_key = NULL;  in PHP_FUNCTION()
3570 	PHP_SSL_REQ_DISPOSE(&req);  in PHP_FUNCTION()
3863 static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req)  in php_openssl_generate_private_key()  argument
3869 	if (req->priv_key_bits < MIN_KEY_LENGTH) {  in php_openssl_generate_private_key()
3871 				MIN_KEY_LENGTH, req->priv_key_bits);  in php_openssl_generate_private_key()
3875 	randfile = CONF_get_string(req->req_config, req->section_name, "RANDFILE");  in php_openssl_generate_private_key()
3881 	if ((req->priv_key = EVP_PKEY_new()) != NULL) {  in php_openssl_generate_private_key()
3882 		switch(req->priv_key_type) {  in php_openssl_generate_private_key()
3889 					rsaparam = (RSA*)RSA_generate_key(req->priv_key_bits, RSA_F4, NULL, NULL);  in php_openssl_generate_private_key()
3900 						if (rsaparam == NULL || !RSA_generate_key_ex(rsaparam, req->priv_key_bits, bne, NULL)) {  in php_openssl_generate_private_key()
3906 					if (rsaparam && EVP_PKEY_assign_RSA(req->priv_key, rsaparam)) {  in php_openssl_generate_private_key()
3907 						return_val = req->priv_key;  in php_openssl_generate_private_key()
3918 …if (dsaparam && DSA_generate_parameters_ex(dsaparam, req->priv_key_bits, NULL, 0, NULL, NULL, NULL…  in php_openssl_generate_private_key()
3921 							if (EVP_PKEY_assign_DSA(req->priv_key, dsaparam)) {  in php_openssl_generate_private_key()
3922 								return_val = req->priv_key;  in php_openssl_generate_private_key()
3942 					if (dhparam && DH_generate_parameters_ex(dhparam, req->priv_key_bits, 2, NULL)) {  in php_openssl_generate_private_key()
3945 							if (EVP_PKEY_assign_DH(req->priv_key, dhparam)) {  in php_openssl_generate_private_key()
3946 								return_val = req->priv_key;  in php_openssl_generate_private_key()
3963 					if (req->curve_name == NID_undef) {  in php_openssl_generate_private_key()
3967 					EC_KEY *eckey = EC_KEY_new_by_curve_name(req->curve_name);  in php_openssl_generate_private_key()
3971 							EVP_PKEY_assign_EC_KEY(req->priv_key, eckey)) {  in php_openssl_generate_private_key()
3972 							return_val = req->priv_key;  in php_openssl_generate_private_key()
3990 		EVP_PKEY_free(req->priv_key);  in php_openssl_generate_private_key()
3991 		req->priv_key = NULL;  in php_openssl_generate_private_key()
4253 	struct php_x509_request req;  in PHP_FUNCTION()  local
4443 	PHP_SSL_REQ_INIT(&req);  in PHP_FUNCTION()
4445 	if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS)  in PHP_FUNCTION()
4447 		if (php_openssl_generate_private_key(&req)) {  in PHP_FUNCTION()
4449 			RETVAL_RES(zend_register_resource(req.priv_key, le_key));  in PHP_FUNCTION()
4451 			req.priv_key = NULL;  in PHP_FUNCTION()
4454 	PHP_SSL_REQ_DISPOSE(&req);  in PHP_FUNCTION()
4462 	struct php_x509_request req;  in PHP_FUNCTION()  local
4491 	PHP_SSL_REQ_INIT(&req);  in PHP_FUNCTION()
4493 	if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) {  in PHP_FUNCTION()
4500 		if (passphrase && req.priv_key_encrypt) {  in PHP_FUNCTION()
4501 			if (req.priv_key_encrypt_cipher) {  in PHP_FUNCTION()
4502 				cipher = req.priv_key_encrypt_cipher;  in PHP_FUNCTION()
4531 	PHP_SSL_REQ_DISPOSE(&req);  in PHP_FUNCTION()
4546 	struct php_x509_request req;  in PHP_FUNCTION()  local
4568 	PHP_SSL_REQ_INIT(&req);  in PHP_FUNCTION()
4570 	if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) {  in PHP_FUNCTION()
4573 		if (passphrase && req.priv_key_encrypt) {  in PHP_FUNCTION()
4574 			if (req.priv_key_encrypt_cipher) {  in PHP_FUNCTION()
4575 				cipher = req.priv_key_encrypt_cipher;  in PHP_FUNCTION()
4609 	PHP_SSL_REQ_DISPOSE(&req);  in PHP_FUNCTION()

Last Index update Sat Sep 21 00:06:20 UTC 2024

Dedicated to & Maintained by Room-11