Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:16737
Return-Path: <kingwez@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 39543 invoked by uid 1010); 16 Jun 2005 15:56:07 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 39528 invoked from network); 16 Jun 2005 15:56:07 -0000
Received: from unknown (HELO pb1.pair.com) (127.0.0.1)
  by localhost with SMTP; 16 Jun 2005 15:56:07 -0000
X-Host-Fingerprint: 64.233.184.205 wproxy.gmail.com Linux 2.4/2.6
Received: from ([64.233.184.205:36799] helo=wproxy.gmail.com)
	by pb1.pair.com (ecelerity 1.2 r(5656M)) with SMTP
	id A7/90-20931-711A1B24 for <internals@lists.php.net>; Thu, 16 Jun 2005 11:56:07 -0400
Received: by wproxy.gmail.com with SMTP id 71so549094wri
	for <internals@lists.php.net>; Thu, 16 Jun 2005 08:56:03 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=Amp1c35wVfddNdoEJqXoOsKbtvStV+aUIUJutFRn0aenWB0AApzGp5SIeEKanm1ArsMgOrqO1i/tBwxgrbUoTD1ShkvtlK4+j/0WWBPw6Iq8y85zKfvCRtRdBbGHqSLF+pO2s65ja70ezWHGIJAedag/Z/ePdKeoTDTzLMBMDuQ=
Received: by 10.54.68.16 with SMTP id q16mr615578wra;
	Thu, 16 Jun 2005 08:56:03 -0700 (PDT)
Received: by 10.54.153.5 with HTTP; Thu, 16 Jun 2005 08:56:03 -0700 (PDT)
Message-ID: <4e89b426050616085671c891be@mail.gmail.com>
Date: Thu, 16 Jun 2005 11:56:03 -0400
Reply-To: Wez Furlong <kingwez@gmail.com>
To: Marton Kenyeres <mkenyeres@konvergencia.hu>
Cc: internals@lists.php.net
In-Reply-To: <42B19C07.50409@konvergencia.hu>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <42B16BB6.2010207@konvergencia.hu>
	<4e89b426050616080825430b0b@mail.gmail.com>
	<42B19C07.50409@konvergencia.hu>
Subject: Re: [PHP-DEV] openssl_pkcs7_verify - save verified data [PATCH]
From: kingwez@gmail.com (Wez Furlong)

OK; can you make sure that the patch applies to HEAD, and then attach
it as a text attachment in an email and/or upload it to a www server,
and I'll apply it.

Thanks,

--Wez.

On 6/16/05, Marton Kenyeres <mkenyeres@konvergencia.hu> wrote:
> Wez Furlong wrote:
> > What's the difference between the data you save and the data that's
> > read in?  In other words, how is this different from copying the file
> > from one place to another; why would you use it?
> >
> > --Wez.
>=20
> The data you read in is a signed message (which can be in several
> formats), that is some data _plus_ some signature. The data saved is
> only the raw data without the signature. The data itself can be any
> random binary string when using PKCS7_BINARY flag. We use it to transfer
> zip files between a ASP script and PHP.
>=20
> m.
>=20
> > On 6/16/05, Marton Kenyeres <mkenyeres@konvergencia.hu> wrote:
> >
> >>Hi!
> >>
> >>Dunno, if this is the right place to ask, but I give it a try anyway. I=
f
> >>I'm misguided, please feel free to point me in the right direction!
> >>
> >>Attached is a patch which adds a 6th option to openssl_pkcs7_verify,
> >>which should be a string and point to a file where the contents of the
> >>signed message should be saved.
> >>
> >>[I believe this patch also fixes a minor safe-mode related bug]
> >>
> >>I've tried this on FreeBSD 4.11 / php-5.0.4 / OpenSSL 0.9.7d , so the
> >>patch is against openssl.c,v 1.89.2.6 , but should apply against HEAD a=
lso.
> >>
> >>This seems to work correctly with messages created with openssl and
> >>CAPICOM (The M$ PKI library.)
> >>
> >>Cheers,
> >>
> >>m.
> >>
> >>
> >>
> >>--- ext/openssl/openssl.c.orig  Tue Mar 15 01:29:36 2005
> >>+++ ext/openssl/openssl.c       Thu Jun 16 14:01:07 2005
> >>@@ -2152,7 +2152,7 @@
> >>
> >> /* {{{ PKCS7 S/MIME functions */
> >>
> >>-/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, =
string signerscerts [, array cainfo [, string extracerts]]])
> >>+/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, =
string signerscerts [, array cainfo [, string extracerts [, string content]=
]]])
> >>    Verifys that the data block is intact, the signer is who they say t=
hey are, and returns the CERTs of the signers */
> >> PHP_FUNCTION(openssl_pkcs7_verify)
> >> {
> >>@@ -2161,17 +2161,18 @@
> >>        STACK_OF(X509) *signers=3D NULL;
> >>        STACK_OF(X509) *others =3D NULL;
> >>        PKCS7 * p7 =3D NULL;
> >>-       BIO * in =3D NULL, * datain =3D NULL;
> >>+       BIO * in =3D NULL, * datain =3D NULL, * dataout =3D NULL;
> >>        long flags =3D 0;
> >>        char * filename; int filename_len;
> >>        char * extracerts =3D NULL; int extracerts_len;
> >>        char * signersfilename =3D NULL; int signersfilename_len;
> >>+       char * datafilename =3D NULL; int datafilename_len;
> >>
> >>        RETVAL_LONG(-1);
> >>
> >>-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sas", =
&filename, &filename_len,
> >>+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sass",=
 &filename, &filename_len,
> >>                                &flags, &signersfilename, &signersfilen=
ame_len, &cainfo,
> >>-                               &extracerts, &extracerts_len) =3D=3D FA=
ILURE) {
> >>+                               &extracerts, &extracerts_len, &datafile=
name, &datafilename_len) =3D=3D FAILURE) {
> >>                return;
> >>        }
> >>
> >>@@ -2204,18 +2205,30 @@
> >> #endif
> >>                goto clean_exit;
> >>        }
> >>+
> >>+       if (datafilename) {
> >>+
> >>+               if (php_openssl_safe_mode_chk(datafilename TSRMLS_CC)) =
{
> >>+                       goto clean_exit;
> >>+               }
> >>+
> >>+               dataout =3D BIO_new_file(datafilename, "w");
> >>+               if (dataout =3D=3D NULL) {
> >>+                       goto clean_exit;
> >>+               }
> >>+       }
> >> #if DEBUG_SMIME
> >>        zend_printf("Calling PKCS7 verify\n");
> >> #endif
> >>
> >>-       if (PKCS7_verify(p7, others, store, datain, NULL, flags)) {
> >>+       if (PKCS7_verify(p7, others, store, datain, dataout, flags)) {
> >>
> >>                RETVAL_TRUE;
> >>
> >>                if (signersfilename) {
> >>                        BIO *certout;
> >>
> >>-                       if (php_openssl_safe_mode_chk(filename TSRMLS_C=
C)) {
> >>+                       if (php_openssl_safe_mode_chk(signersfilename T=
SRMLS_CC)) {
> >>                                goto clean_exit;
> >>                        }
> >>
> >>@@ -2242,6 +2255,7 @@
> >>        X509_STORE_free(store);
> >>        BIO_free(datain);
> >>        BIO_free(in);
> >>+       BIO_free(dataout);
> >>        PKCS7_free(p7);
> >>        sk_X509_free(others);
> >> }
> >>
> >>
> >>
> >>--
> >>PHP Internals - PHP Runtime Development Mailing List
> >>To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >
> >
>=20
>