diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 2c09b89e31200..dd6269981efc9 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1014,6 +1014,8 @@ PHP_FUNCTION(openssl_x509_parse) char *str_serial; char *hex_serial; char buf[256]; + char *crit_name = NULL; + int crit_len = 0; ZEND_PARSE_PARAMETERS_START(1, 2) Z_PARAM_OBJ_OF_CLASS_OR_STR(cert_obj, php_openssl_certificate_ce, cert_str) @@ -1116,17 +1118,32 @@ PHP_FUNCTION(openssl_x509_parse) array_init(&subitem); - for (i = 0; i < X509_get_ext_count(cert); i++) { int nid; extension = X509_get_ext(cert, i); nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); if (nid != NID_undef) { - extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); + extname = (char *)OBJ_nid2sn(nid); } else { OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); extname = buf; } + if (X509_EXTENSION_get_critical(extension)) { + int new_len = strlen(extname) + 10; + if (new_len > crit_len) { + if (crit_name) { + efree(crit_name); + } + crit_len = new_len; + crit_name = emalloc(crit_len); + } + if (crit_name) { + strcpy(crit_name, extname); + strcat(crit_name, ":critical"); + add_assoc_bool(&subitem, crit_name, 1); + } + } + bio_out = BIO_new(BIO_s_mem()); if (bio_out == NULL) { php_openssl_store_errors(); @@ -1150,6 +1167,9 @@ PHP_FUNCTION(openssl_x509_parse) BIO_free(bio_out); } add_assoc_zval(return_value, "extensions", &subitem); + if (crit_name) { + efree(crit_name); + } if (cert_str) { X509_free(cert); } @@ -1159,6 +1179,9 @@ PHP_FUNCTION(openssl_x509_parse) zval_ptr_dtor(&subitem); err: zend_array_destroy(Z_ARR_P(return_value)); + if (crit_name) { + efree(crit_name); + } if (cert_str) { X509_free(cert); } diff --git a/ext/openssl/tests/crit.crt b/ext/openssl/tests/crit.crt new file mode 100644 index 0000000000000..b56df4051d1e5 --- /dev/null +++ b/ext/openssl/tests/crit.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4DCCAkmgAwIBAgIUXulKXzpxr33sV/2LwI0+yhpUAZgwDQYJKoZIhvcNAQEF +BQAwgYExHjAcBgNVBAMMFUhlbnJpcXVlIGRvIE4uIEFuZ2VsbzELMAkGA1UEBhMC +QlIxGjAYBgNVBAgMEVJpbyBHcmFuZGUgZG8gU3VsMRUwEwYDVQQHDAxQb3J0byBB +bGVncmUxHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQwHhcNMjUxMDAy +MTgwNjMwWhcNMjYxMDAyMTgwNjMwWjCBgTEeMBwGA1UEAwwVSGVucmlxdWUgZG8g +Ti4gQW5nZWxvMQswCQYDVQQGEwJCUjEaMBgGA1UECAwRUmlvIEdyYW5kZSBkbyBT +dWwxFTATBgNVBAcMDFBvcnRvIEFsZWdyZTEfMB0GCSqGSIb3DQEJARYQaG5hbmdl +bG9AcGhwLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy16ej5ArW6Vf +j9YMBUFh+hM9FPN7hJkvCBp6XiPBZPK2P7xzmc2WWsUQsPpaMnN+NqggyEIXjDgj +ZuRZHr89Oqu+e/6KKIi0d8q8mBioihtSGSIqZZrbAveaCq81EipOtMLiNZm4KTFD ++Syov078XrOT5pFLV34ps9qoJHlHD6UCAwEAAaNTMFEwHQYDVR0OBBYEFNt+QHK9 +XDWF7CkpgRLoYmhqtz99MB8GA1UdIwQYMBaAFNt+QHK9XDWF7CkpgRLoYmhqtz99 +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAc6jR36JD6xkzq2r0 +uIEjhiieDfFXcAVgisqymPHt6DDMSajRskfWPO58ayBKmT2J1yPxx2vdjAZxIRcg +2a06ef2OxE62X4+WNm6skIKLCXmc3AgkT//cqCjOs54EQMpdCJ/mkkYo9gZMB1aQ +jgozP+80FNIaioaDWVZsTsg3q0Q= +-----END CERTIFICATE----- diff --git a/ext/openssl/tests/cve2013_4073.phpt b/ext/openssl/tests/cve2013_4073.phpt index 6c08e47eb7511..11f0822695e2e 100644 --- a/ext/openssl/tests/cve2013_4073.phpt +++ b/ext/openssl/tests/cve2013_4073.phpt @@ -11,6 +11,7 @@ var_export($info['extensions']); ?> --EXPECTF-- array ( + 'basicConstraints:critical' => true, 'basicConstraints' => 'CA:FALSE', 'subjectKeyIdentifier' => '88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C', 'keyUsage' => 'Digital Signature, Non Repudiation, Key Encipherment', diff --git a/ext/openssl/tests/openssl_x509_parse_basic.phpt b/ext/openssl/tests/openssl_x509_parse_basic.phpt index ef63f0f85f497..8a61f96951ed0 100644 --- a/ext/openssl/tests/openssl_x509_parse_basic.phpt +++ b/ext/openssl/tests/openssl_x509_parse_basic.phpt @@ -8,7 +8,7 @@ if (OPENSSL_VERSION_NUMBER >= 0x30200000) die('skip For OpenSSL < 3.2'); ?> --FILE-- - string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net" + string(96) "/CN=Henrique do N. Angelo/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/emailAddress=hnangelo@php.net" ["subject"]=> array(5) { + ["CN"]=> + string(21) "Henrique do N. Angelo" ["C"]=> string(2) "BR" ["ST"]=> string(17) "Rio Grande do Sul" ["L"]=> string(12) "Porto Alegre" - ["CN"]=> - string(21) "Henrique do N. Angelo" ["emailAddress"]=> string(16) "hnangelo@php.net" } @@ -37,31 +37,31 @@ array(16) { string(8) "%s" ["issuer"]=> array(5) { + ["CN"]=> + string(21) "Henrique do N. Angelo" ["C"]=> string(2) "BR" ["ST"]=> string(17) "Rio Grande do Sul" ["L"]=> string(12) "Porto Alegre" - ["CN"]=> - string(21) "Henrique do N. Angelo" ["emailAddress"]=> string(16) "hnangelo@php.net" } ["version"]=> int(2) ["serialNumber"]=> - string(20) "12593567369101004962" + string(42) "0x5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198" ["serialNumberHex"]=> - string(16) "AEC556CC723750A2" + string(40) "5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198" ["validFrom"]=> - string(13) "080630102843Z" + string(13) "251002180630Z" ["validTo"]=> - string(13) "080730102843Z" + string(13) "261002180630Z" ["validFrom_time_t"]=> - int(1214821723) + int(1759428390) ["validTo_time_t"]=> - int(1217413723) + int(1790964390) ["signatureTypeSN"]=> string(8) "RSA-SHA1" ["signatureTypeLN"]=> @@ -153,30 +153,30 @@ array(16) { } } ["extensions"]=> - array(3) { + array(4) { ["subjectKeyIdentifier"]=> string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D" ["authorityKeyIdentifier"]=> - string(%d) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D -DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net -serial:AE:C5:56:CC:72:37:50:A2%A" + string(%d) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D" + ["basicConstraints:critical"]=> + bool(true) ["basicConstraints"]=> string(7) "CA:TRUE" } } array(16) { ["name"]=> - string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net" + string(96) "/CN=Henrique do N. Angelo/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/emailAddress=hnangelo@php.net" ["subject"]=> array(5) { + ["commonName"]=> + string(21) "Henrique do N. Angelo" ["countryName"]=> string(2) "BR" ["stateOrProvinceName"]=> string(17) "Rio Grande do Sul" ["localityName"]=> string(12) "Porto Alegre" - ["commonName"]=> - string(21) "Henrique do N. Angelo" ["emailAddress"]=> string(16) "hnangelo@php.net" } @@ -184,31 +184,31 @@ array(16) { string(8) "%s" ["issuer"]=> array(5) { + ["commonName"]=> + string(21) "Henrique do N. Angelo" ["countryName"]=> string(2) "BR" ["stateOrProvinceName"]=> string(17) "Rio Grande do Sul" ["localityName"]=> string(12) "Porto Alegre" - ["commonName"]=> - string(21) "Henrique do N. Angelo" ["emailAddress"]=> string(16) "hnangelo@php.net" } ["version"]=> int(2) ["serialNumber"]=> - string(20) "12593567369101004962" + string(42) "0x5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198" ["serialNumberHex"]=> - string(16) "AEC556CC723750A2" + string(40) "5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198" ["validFrom"]=> - string(13) "080630102843Z" + string(13) "251002180630Z" ["validTo"]=> - string(13) "080730102843Z" + string(13) "261002180630Z" ["validFrom_time_t"]=> - int(1214821723) + int(1759428390) ["validTo_time_t"]=> - int(1217413723) + int(1790964390) ["signatureTypeSN"]=> string(8) "RSA-SHA1" ["signatureTypeLN"]=> @@ -300,13 +300,13 @@ array(16) { } } ["extensions"]=> - array(3) { + array(4) { ["subjectKeyIdentifier"]=> string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D" ["authorityKeyIdentifier"]=> - string(%d) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D -DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net -serial:AE:C5:56:CC:72:37:50:A2%A" + string(%d) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D" + ["basicConstraints:critical"]=> + bool(true) ["basicConstraints"]=> string(7) "CA:TRUE" }