Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:16736
Return-Path: <mkenyeres@konvergencia.hu>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 27986 invoked by uid 1010); 16 Jun 2005 15:39:56 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 27968 invoked from network); 16 Jun 2005 15:39:56 -0000
Received: from unknown (HELO pb1.pair.com) (127.0.0.1)
  by localhost with SMTP; 16 Jun 2005 15:39:56 -0000
X-Host-Fingerprint: 195.228.240.90 koris.mail.t-online.hu NetCache 5.3-5.5
Received: from ([195.228.240.90:56874] helo=koris.mail.t-online.hu)
	by pb1.pair.com (ecelerity 1.2 r(5656M)) with SMTP
	id EE/FE-20931-F0C91B24 for <internals@lists.php.net>; Thu, 16 Jun 2005 11:34:39 -0400
Received: from [10.0.0.163] (184.120-182-adsl-pool.axelero.hu [81.182.120.184])
	by koris.mail.t-online.hu (8.13.2/8.13.2) with ESMTP id j5GFXYg4083035;
	Thu, 16 Jun 2005 17:33:34 +0200 (CEST)
Message-ID: <42B19C07.50409@konvergencia.hu>
Date: Thu, 16 Jun 2005 17:34:31 +0200
Organization: Konvergencia Kft.
User-Agent: Mozilla Thunderbird 1.0 (X11/20050108)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Wez Furlong <kingwez@gmail.com>
CC: internals@lists.php.net
References: <42B16BB6.2010207@konvergencia.hu> <4e89b426050616080825430b0b@mail.gmail.com>
In-Reply-To: <4e89b426050616080825430b0b@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-VBMilter: scanned
Subject: Re: [PHP-DEV] openssl_pkcs7_verify - save verified data [PATCH]
From: mkenyeres@konvergencia.hu (Marton Kenyeres)

Wez Furlong wrote:
> What's the difference between the data you save and the data that's
> read in?  In other words, how is this different from copying the file
> from one place to another; why would you use it?
> 
> --Wez.

The data you read in is a signed message (which can be in several 
formats), that is some data _plus_ some signature. The data saved is 
only the raw data without the signature. The data itself can be any 
random binary string when using PKCS7_BINARY flag. We use it to transfer 
zip files between a ASP script and PHP.

m.

> On 6/16/05, Marton Kenyeres <mkenyeres@konvergencia.hu> wrote:
> 
>>Hi!
>>
>>Dunno, if this is the right place to ask, but I give it a try anyway. If
>>I'm misguided, please feel free to point me in the right direction!
>>
>>Attached is a patch which adds a 6th option to openssl_pkcs7_verify,
>>which should be a string and point to a file where the contents of the
>>signed message should be saved.
>>
>>[I believe this patch also fixes a minor safe-mode related bug]
>>
>>I've tried this on FreeBSD 4.11 / php-5.0.4 / OpenSSL 0.9.7d , so the
>>patch is against openssl.c,v 1.89.2.6 , but should apply against HEAD also.
>>
>>This seems to work correctly with messages created with openssl and
>>CAPICOM (The M$ PKI library.)
>>
>>Cheers,
>>
>>m.
>>
>>
>>
>>--- ext/openssl/openssl.c.orig  Tue Mar 15 01:29:36 2005
>>+++ ext/openssl/openssl.c       Thu Jun 16 14:01:07 2005
>>@@ -2152,7 +2152,7 @@
>>
>> /* {{{ PKCS7 S/MIME functions */
>>
>>-/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string signerscerts [, array cainfo [, string extracerts]]])
>>+/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string signerscerts [, array cainfo [, string extracerts [, string content]]]])
>>    Verifys that the data block is intact, the signer is who they say they are, and returns the CERTs of the signers */
>> PHP_FUNCTION(openssl_pkcs7_verify)
>> {
>>@@ -2161,17 +2161,18 @@
>>        STACK_OF(X509) *signers= NULL;
>>        STACK_OF(X509) *others = NULL;
>>        PKCS7 * p7 = NULL;
>>-       BIO * in = NULL, * datain = NULL;
>>+       BIO * in = NULL, * datain = NULL, * dataout = NULL;
>>        long flags = 0;
>>        char * filename; int filename_len;
>>        char * extracerts = NULL; int extracerts_len;
>>        char * signersfilename = NULL; int signersfilename_len;
>>+       char * datafilename = NULL; int datafilename_len;
>>
>>        RETVAL_LONG(-1);
>>
>>-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sas", &filename, &filename_len,
>>+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sass", &filename, &filename_len,
>>                                &flags, &signersfilename, &signersfilename_len, &cainfo,
>>-                               &extracerts, &extracerts_len) == FAILURE) {
>>+                               &extracerts, &extracerts_len, &datafilename, &datafilename_len) == FAILURE) {
>>                return;
>>        }
>>
>>@@ -2204,18 +2205,30 @@
>> #endif
>>                goto clean_exit;
>>        }
>>+
>>+       if (datafilename) {
>>+
>>+               if (php_openssl_safe_mode_chk(datafilename TSRMLS_CC)) {
>>+                       goto clean_exit;
>>+               }
>>+
>>+               dataout = BIO_new_file(datafilename, "w");
>>+               if (dataout == NULL) {
>>+                       goto clean_exit;
>>+               }
>>+       }
>> #if DEBUG_SMIME
>>        zend_printf("Calling PKCS7 verify\n");
>> #endif
>>
>>-       if (PKCS7_verify(p7, others, store, datain, NULL, flags)) {
>>+       if (PKCS7_verify(p7, others, store, datain, dataout, flags)) {
>>
>>                RETVAL_TRUE;
>>
>>                if (signersfilename) {
>>                        BIO *certout;
>>
>>-                       if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
>>+                       if (php_openssl_safe_mode_chk(signersfilename TSRMLS_CC)) {
>>                                goto clean_exit;
>>                        }
>>
>>@@ -2242,6 +2255,7 @@
>>        X509_STORE_free(store);
>>        BIO_free(datain);
>>        BIO_free(in);
>>+       BIO_free(dataout);
>>        PKCS7_free(p7);
>>        sk_X509_free(others);
>> }
>>
>>
>>
>>--
>>PHP Internals - PHP Runtime Development Mailing List
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> 
>