php · nielsdos · Nov 3, 2024 · Nov 3, 2024
diff --git a/UPGRADING b/UPGRADING
@@ -40,6 +40,12 @@ PHP 8.5 UPGRADE NOTES
 - DOM:
   . Added Dom\Element::$outerHTML.
 
+- OpenSSL:
+  . openssl_x509_parse() now outputs information about the public key.
+    The output contains an additional subarray "publicKey" with the entries
+    "bits", "type", and "groupName". The last one is only applicable for
+    public keys that have a group.
+
 - XSL:
   . The $namespace argument of XSLTProcessor::getParameter(),
     XSLTProcessor::setParameter() and XSLTProcessor::removeParameter()

@@ -2136,6 +2136,38 @@ PHP_FUNCTION(openssl_x509_parse)
 	add_assoc_string(return_value, "name", cert_name);
 	OPENSSL_free(cert_name);
 
+	const EVP_PKEY *public_key = X509_get0_pubkey(cert);
+	if (public_key) {
+		char gname[64];
+		size_t gname_length;
+		zval public_key_zv;
+		array_init(&public_key_zv);
+
+#if PHP_OPENSSL_API_VERSION >= 0x30000
+		int group_name_read = EVP_PKEY_get_group_name(public_key, gname, sizeof(gname), &gname_length);
+		const char *type = EVP_PKEY_get0_type_name(public_key);
+#else
+		int group_name_read = 0;
+		(void) gname;
+		gname_length = 0;
+		const char *type = OBJ_nid2sn(EVP_PKEY_base_id(public_key));
+#endif
+
+		int bits = EVP_PKEY_bits(public_key);
+
+		if (bits > 0 && type) {
+			add_assoc_long(&public_key_zv, "bits", bits);
+			add_assoc_string(&public_key_zv, "type", type);
+			if (group_name_read == 1) {
+				/* Does not exist on all key types */
+				add_assoc_stringl(&public_key_zv, "groupName", gname, gname_length);
+			}
+			add_assoc_zval(return_value, "publicKey", &public_key_zv);
+		} else {
+			zval_ptr_dtor(&public_key_zv);
+		}
+	}
+
 	php_openssl_add_assoc_name_entry(return_value, "subject", subject_name, useshortnames);
 	/* hash as used in CA directories to lookup cert by subject name */
 	{

@@ -17,9 +17,16 @@ var_dump(openssl_x509_parse($cert, false));
 ?>
 --EXPECTF--
 bool(true)
-array(16) {
+array(17) {
   ["name"]=>
   string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net"
+  ["publicKey"]=>
+  array(2) {
+    ["bits"]=>
+    int(1024)
+    ["type"]=>
+    string(%d) "%r(RSA|rsaEncryption)%r"
+  }
   ["subject"]=>
   array(5) {
     ["C"]=>
@@ -173,9 +180,16 @@ serial:AE:C5:56:CC:72:37:50:A2%A"
     string(7) "CA:TRUE"
   }
 }
-array(16) {
+array(17) {
   ["name"]=>
   string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net"
+  ["publicKey"]=>
+  array(2) {
+    ["bits"]=>
+    int(1024)
+    ["type"]=>
+    string(%d) "%r(RSA|rsaEncryption)%r"
+  }
   ["subject"]=>
   array(5) {
     ["countryName"]=>

@@ -0,0 +1,38 @@
+--TEST--
+Request #77761 (openssl_x509_parse does not create entries for public key type and size)
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+
+$certificate = <<<CERT
+-----BEGIN CERTIFICATE-----
+MIIB3zCCAYWgAwIBAgIUWoRHmceFhGk6IaNQUFDPYTnQ4I4wCgYIKoZIzj0EAwIw
+RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDExMDMxNjQzNDVaFw0yNTExMDMx
+NjQzNDVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYD
+VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAASGaV0Ce416vnEYfiC/nvq7FH8NhsrxCxIS2LVoCfpvSgmzH/klEfkT
+omzMzA6cLbSFKGhfDWUwPlKF/XsxZ+oTo1MwUTAdBgNVHQ4EFgQUC3+muHeWsFHk
+DtVB32pu2X/WIgAwHwYDVR0jBBgwFoAUC3+muHeWsFHkDtVB32pu2X/WIgAwDwYD
+VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiBo3HaOgyzimwwJApw5ijqI
+9b8qdPx7kMsCFElxjYXn7QIhAMTWsw/AWP/Acq8YSQJMyUJ9H/ZmppHrZWLnQkc8
+W+mj
+-----END CERTIFICATE-----
+CERT;
+
+$publicKey = openssl_x509_parse($certificate)["publicKey"];
+var_dump($publicKey["bits"]);
+var_dump($publicKey["type"] === "EC" || $publicKey["type"] === "id-ecPublicKey");
+
+if (OPENSSL_VERSION_NUMBER >= 0x30000000) {
+    var_dump($publicKey["groupName"] === "prime256v1");
+} else {
+    var_dump(true);
+}
+
+?>
+--EXPECT--
+int(256)
+bool(true)
+bool(true)