Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:49084
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: error (pb1.pair.com: domain quis.cx from 82.94.237.14 cause and error)
Message-ID: <4C400E13.1000704@quis.cx>
Date: Fri, 16 Jul 2010 09:45:23 +0200
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.2.4) Gecko/20100608 Thunderbird/3.1
MIME-Version: 1.0
To: internals@lists.php.net
CC: Paul van Brouwershaven <paul@vanbrouwershaven.com>
References: <E4.B0.22197.4C1DE3C4@pb1.pair.com>
In-Reply-To: <E4.B0.22197.4C1DE3C4@pb1.pair.com>
Content-Type: multipart/mixed;
 boundary="------------080905080804050904000007"
Subject: Re: [PHP-DEV] In memory support for openssl_pkcs7_*
From: jille@quis.cx (Jille Timmermans)

--------------080905080804050904000007
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

For the record: I created a proof-of-concept patch which changes 
openssl_pkcs7_sign() to use the input filename as a string instead as a 
filename. Paul has tested this and it seems to work.

I don't know what the best way is to go from here. We could add an extra 
argument to all those functions which toggles whether they are threated as 
filenames or not. Or we could let all the functies also accept streams, etc..
Is there a maintainer of the OpenSSL (pcks7) functions?

-- Jille

Op 15-7-2010 11:15, Paul van Brouwershaven schreef:
> Hi,
>
> The PHP functions openssl_pkcs7_(sign|encrypt|decrypt|verify) do require files to be executed. In
> many cases this will create the unintended requirement of temporary files. In compare with
> openssl_(sign|encrypt|decrypt|verify|...) which are doing almost the same thing this is a strange
> behavior.
>
> When we look at the purpose of openssl_pkcs7_* (working with digital signatures in mail), you would
> not expect to work with files instead of strings for this few data.
>
> Regards,
>
> Paul
>

--------------080905080804050904000007
Content-Type: text/plain;
 name="openssl_pkcs7_sign.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="openssl_pkcs7_sign.patch"

Index: openssl.c
===================================================================
--- openssl.c	(revision 14)
+++ openssl.c	(working copy)
@@ -3514,12 +3514,12 @@
 	uint strindexlen;
 	HashPosition hpos;
 	char * strindex;
-	char * infilename;	int infilename_len;
+	char * infiledata;	int infiledata_len;
 	char * outfilename;	int outfilename_len;
 	char * extracertsfilename = NULL; int extracertsfilename_len;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZZa!|ls",
-				&infilename, &infilename_len, &outfilename, &outfilename_len,
+				&infiledata, &infiledata_len, &outfilename, &outfilename_len,
 				&zcert, &zprivkey, &zheaders, &flags, &extracertsfilename,
 				&extracertsfilename_len) == FAILURE) {
 		return;
@@ -3546,13 +3546,13 @@
 		goto clean_exit;
 	}
 
-	if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
+	if (php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
 		goto clean_exit;
 	}
 
-	infile = BIO_new_file(infilename, "r");
+	infile = BIO_new_mem_buf(infiledata, infiledata_len);
 	if (infile == NULL) {
-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "error opening input file %s!", infilename);
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "error opening memory input!");
 		goto clean_exit;
 	}
 

--------------080905080804050904000007--