Skip to content

Commit 94bc5fc

Browse files
nikicnikic
authored
Use OpenSSL NCONF APIs (#7337)
1 parent a0972de commit 94bc5fc

File tree

1 file changed

+36
-30
lines changed

1 file changed

+36
-30
lines changed

ext/openssl/openssl.c

Lines changed: 36 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -499,8 +499,8 @@ int php_openssl_get_ssl_stream_data_index(void)
499499
static char default_ssl_conf_filename[MAXPATHLEN];
500500

501501
struct php_x509_request { /* {{{ */
502-
LHASH_OF(CONF_VALUE) * global_config; /* Global SSL config */
503-
LHASH_OF(CONF_VALUE) * req_config; /* SSL config for this request */
502+
CONF *global_config; /* Global SSL config */
503+
CONF *req_config; /* SSL config for this request */
504504
const EVP_MD * md_alg;
505505
const EVP_MD * digest;
506506
char * section_name,
@@ -711,13 +711,13 @@ static time_t php_openssl_asn1_time_to_time_t(ASN1_UTCTIME * timestr) /* {{{ */
711711
}
712712
/* }}} */
713713

714-
static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH_OF(CONF_VALUE) * config) /* {{{ */
714+
static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, CONF *config) /* {{{ */
715715
{
716716
X509V3_CTX ctx;
717717

718718
X509V3_set_ctx_test(&ctx);
719-
X509V3_set_conf_lhash(&ctx, config);
720-
if (!X509V3_EXT_add_conf(config, &ctx, (char *)section, NULL)) {
719+
X509V3_set_nconf(&ctx, config);
720+
if (!X509V3_EXT_add_nconf(config, &ctx, (char *)section, NULL)) {
721721
php_openssl_store_errors();
722722
php_error_docref(NULL, E_WARNING, "Error loading %s section %s of %s",
723723
section_label,
@@ -729,17 +729,24 @@ static inline int php_openssl_config_check_syntax(const char * section_label, co
729729
}
730730
/* }}} */
731731

732-
static char *php_openssl_conf_get_string(
733-
LHASH_OF(CONF_VALUE) *conf, const char *group, const char *name) {
734-
char *str = CONF_get_string(conf, group, name);
735-
if (str == NULL) {
736-
/* OpenSSL reports an error if a configuration value is not found.
737-
* However, we don't want to generate errors for optional configuration. */
738-
ERR_clear_error();
739-
}
732+
static char *php_openssl_conf_get_string(CONF *conf, const char *group, const char *name) {
733+
/* OpenSSL reports an error if a configuration value is not found.
734+
* However, we don't want to generate errors for optional configuration. */
735+
ERR_set_mark();
736+
char *str = NCONF_get_string(conf, group, name);
737+
ERR_pop_to_mark();
740738
return str;
741739
}
742740

741+
static long php_openssl_conf_get_number(CONF *conf, const char *group, const char *name) {
742+
/* Same here, ignore errors. */
743+
long res = 0;
744+
ERR_set_mark();
745+
NCONF_get_number(conf, group, name, &res);
746+
ERR_pop_to_mark();
747+
return res;
748+
}
749+
743750
static int php_openssl_add_oid_section(struct php_x509_request * req) /* {{{ */
744751
{
745752
char * str;
@@ -751,7 +758,7 @@ static int php_openssl_add_oid_section(struct php_x509_request * req) /* {{{ */
751758
if (str == NULL) {
752759
return SUCCESS;
753760
}
754-
sktmp = CONF_get_section(req->req_config, str);
761+
sktmp = NCONF_get_section(req->req_config, str);
755762
if (sktmp == NULL) {
756763
php_openssl_store_errors();
757764
php_error_docref(NULL, E_WARNING, "Problem loading oid section %s", str);
@@ -822,13 +829,13 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
822829

823830
SET_OPTIONAL_STRING_ARG("config", req->config_filename, default_ssl_conf_filename);
824831
SET_OPTIONAL_STRING_ARG("config_section_name", req->section_name, "req");
825-
req->global_config = CONF_load(NULL, default_ssl_conf_filename, NULL);
826-
if (req->global_config == NULL) {
832+
req->global_config = NCONF_new(NULL);
833+
if (!NCONF_load(req->global_config, default_ssl_conf_filename, NULL)) {
827834
php_openssl_store_errors();
828835
}
829-
req->req_config = CONF_load(NULL, req->config_filename, NULL);
830-
if (req->req_config == NULL) {
831-
php_openssl_store_errors();
836+
837+
req->req_config = NCONF_new(NULL);
838+
if (!NCONF_load(req->req_config, req->config_filename, NULL)) {
832839
return FAILURE;
833840
}
834841

@@ -852,8 +859,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
852859
SET_OPTIONAL_STRING_ARG("req_extensions", req->request_extensions_section,
853860
php_openssl_conf_get_string(req->req_config, req->section_name, "req_extensions"));
854861
SET_OPTIONAL_LONG_ARG("private_key_bits", req->priv_key_bits,
855-
CONF_get_number(req->req_config, req->section_name, "default_bits"));
856-
862+
php_openssl_conf_get_number(req->req_config, req->section_name, "default_bits"));
857863
SET_OPTIONAL_LONG_ARG("private_key_type", req->priv_key_type, OPENSSL_KEYTYPE_DEFAULT);
858864

859865
if (optional_args && (item = zend_hash_str_find(Z_ARRVAL_P(optional_args), "encrypt_key", sizeof("encrypt_key")-1)) != NULL) {
@@ -933,11 +939,11 @@ static void php_openssl_dispose_config(struct php_x509_request * req) /* {{{ */
933939
req->priv_key = NULL;
934940
}
935941
if (req->global_config) {
936-
CONF_free(req->global_config);
942+
NCONF_free(req->global_config);
937943
req->global_config = NULL;
938944
}
939945
if (req->req_config) {
940-
CONF_free(req->req_config);
946+
NCONF_free(req->req_config);
941947
req->req_config = NULL;
942948
}
943949
}
@@ -2821,12 +2827,12 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
28212827
STACK_OF(CONF_VALUE) * dn_sk, *attr_sk = NULL;
28222828
char * str, *dn_sect, *attr_sect;
28232829

2824-
dn_sect = CONF_get_string(req->req_config, req->section_name, "distinguished_name");
2830+
dn_sect = NCONF_get_string(req->req_config, req->section_name, "distinguished_name");
28252831
if (dn_sect == NULL) {
28262832
php_openssl_store_errors();
28272833
return FAILURE;
28282834
}
2829-
dn_sk = CONF_get_section(req->req_config, dn_sect);
2835+
dn_sk = NCONF_get_section(req->req_config, dn_sect);
28302836
if (dn_sk == NULL) {
28312837
php_openssl_store_errors();
28322838
return FAILURE;
@@ -2835,7 +2841,7 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
28352841
if (attr_sect == NULL) {
28362842
attr_sk = NULL;
28372843
} else {
2838-
attr_sk = CONF_get_section(req->req_config, attr_sect);
2844+
attr_sk = NCONF_get_section(req->req_config, attr_sect);
28392845
if (attr_sk == NULL) {
28402846
php_openssl_store_errors();
28412847
return FAILURE;
@@ -3252,8 +3258,8 @@ PHP_FUNCTION(openssl_csr_sign)
32523258
X509V3_CTX ctx;
32533259

32543260
X509V3_set_ctx(&ctx, cert, new_cert, csr, NULL, 0);
3255-
X509V3_set_conf_lhash(&ctx, req.req_config);
3256-
if (!X509V3_EXT_add_conf(req.req_config, &ctx, req.extensions_section, new_cert)) {
3261+
X509V3_set_nconf(&ctx, req.req_config);
3262+
if (!X509V3_EXT_add_nconf(req.req_config, &ctx, req.extensions_section, new_cert)) {
32573263
php_openssl_store_errors();
32583264
goto cleanup;
32593265
}
@@ -3326,10 +3332,10 @@ PHP_FUNCTION(openssl_csr_new)
33263332
X509V3_CTX ext_ctx;
33273333

33283334
X509V3_set_ctx(&ext_ctx, NULL, NULL, csr, NULL, 0);
3329-
X509V3_set_conf_lhash(&ext_ctx, req.req_config);
3335+
X509V3_set_nconf(&ext_ctx, req.req_config);
33303336

33313337
/* Add extensions */
3332-
if (req.request_extensions_section && !X509V3_EXT_REQ_add_conf(req.req_config,
3338+
if (req.request_extensions_section && !X509V3_EXT_REQ_add_nconf(req.req_config,
33333339
&ext_ctx, req.request_extensions_section, csr))
33343340
{
33353341
php_openssl_store_errors();

0 commit comments

Comments
 (0)