Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:16727
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Message-ID: <42B16BB6.2010207@konvergencia.hu>
Date: Thu, 16 Jun 2005 14:08:22 +0200
Organization: Konvergencia Kft.
User-Agent: Mozilla Thunderbird 1.0 (X11/20050108)
MIME-Version: 1.0
To: internals@lists.php.net
Content-Type: multipart/mixed;
	boundary="------------010007000300030603040908"
Subject: openssl_pkcs7_verify - save verified data [PATCH]
From: mkenyeres@konvergencia.hu (Marton Kenyeres)

--------------010007000300030603040908
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi!

Dunno, if this is the right place to ask, but I give it a try anyway. If 
I'm misguided, please feel free to point me in the right direction!

Attached is a patch which adds a 6th option to openssl_pkcs7_verify, 
which should be a string and point to a file where the contents of the 
signed message should be saved.

[I believe this patch also fixes a minor safe-mode related bug]

I've tried this on FreeBSD 4.11 / php-5.0.4 / OpenSSL 0.9.7d , so the 
patch is against openssl.c,v 1.89.2.6 , but should apply against HEAD also.

This seems to work correctly with messages created with openssl and 
CAPICOM (The M$ PKI library.)

Cheers,

m.


--------------010007000300030603040908
Content-Type: text/plain;
 name="patch-ext::openssl::openssl.c"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="patch-ext::openssl::openssl.c"

--- ext/openssl/openssl.c.orig	Tue Mar 15 01:29:36 2005
+++ ext/openssl/openssl.c	Thu Jun 16 14:01:07 2005
@@ -2152,7 +2152,7 @@
 
 /* {{{ PKCS7 S/MIME functions */
 
-/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string signerscerts [, array cainfo [, string extracerts]]])
+/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string signerscerts [, array cainfo [, string extracerts [, string content]]]])
    Verifys that the data block is intact, the signer is who they say they are, and returns the CERTs of the signers */
 PHP_FUNCTION(openssl_pkcs7_verify)
 {
@@ -2161,17 +2161,18 @@
 	STACK_OF(X509) *signers= NULL;
 	STACK_OF(X509) *others = NULL;
 	PKCS7 * p7 = NULL;
-	BIO * in = NULL, * datain = NULL;
+	BIO * in = NULL, * datain = NULL, * dataout = NULL;
 	long flags = 0;
 	char * filename; int filename_len;
 	char * extracerts = NULL; int extracerts_len;
 	char * signersfilename = NULL; int signersfilename_len;
+	char * datafilename = NULL; int datafilename_len;
 	
 	RETVAL_LONG(-1);
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sas", &filename, &filename_len,
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sass", &filename, &filename_len,
 				&flags, &signersfilename, &signersfilename_len, &cainfo,
-				&extracerts, &extracerts_len) == FAILURE) {
+				&extracerts, &extracerts_len, &datafilename, &datafilename_len) == FAILURE) {
 		return;
 	}
 	
@@ -2204,18 +2205,30 @@
 #endif
 		goto clean_exit;
 	}
+
+	if (datafilename) {
+
+		if (php_openssl_safe_mode_chk(datafilename TSRMLS_CC)) {
+			goto clean_exit;
+		}
+
+		dataout = BIO_new_file(datafilename, "w");
+		if (dataout == NULL) {
+			goto clean_exit;
+		}
+	}
 #if DEBUG_SMIME
 	zend_printf("Calling PKCS7 verify\n");
 #endif
 
-	if (PKCS7_verify(p7, others, store, datain, NULL, flags)) {
+	if (PKCS7_verify(p7, others, store, datain, dataout, flags)) {
 
 		RETVAL_TRUE;
 
 		if (signersfilename) {
 			BIO *certout;
 		
-			if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+			if (php_openssl_safe_mode_chk(signersfilename TSRMLS_CC)) {
 				goto clean_exit;
 			}
 		
@@ -2242,6 +2255,7 @@
 	X509_STORE_free(store);
 	BIO_free(datain);
 	BIO_free(in);
+	BIO_free(dataout);
 	PKCS7_free(p7);
 	sk_X509_free(others);
 }

--------------010007000300030603040908--