RSA: Allow changing openssl configuration file. X509: process HoldInstructionCode.

Also fixes HoldInstruction* OIDs.
2024-12-03 10:08:04 +01:00 · 2012-12-10 12:07:49 +01:00 · 2012-12-10 12:07:49 +01:00 · f039a6ebc2
commit f039a6ebc2
parent 8f6cd4f91f
2 changed files with 33 additions and 10 deletions
--- a/phpseclib/Crypt/RSA.php
+++ b/phpseclib/Crypt/RSA.php
@ -176,6 +176,12 @@ define('CRYPT_RSA_MODE_INTERNAL', 1);
 define('CRYPT_RSA_MODE_OPENSSL', 2);
 /**#@-*/

+/**
+ * Default openSSL configuration file.
+ */
+define('CRYPT_RSA_OPENSSL_CONFIG', dirname(__FILE__) . '/../openssl.cnf');
+
+
 /**#@+
 * @access public
 * @see Crypt_RSA::createKey()
@ -433,6 +439,16 @@ class Crypt_RSA {
     */
    var $current;

+    /**
+     * OpenSSL configuration file name.
+     *
+     * Set to NULL to use system configuration file.
+     * @see Crypt_RSA::createKey()
+     * @var Mixed
+     * @Access public
+     */
+    var $configFile;
+
    /**
     * The constructor
     *
@ -445,6 +461,8 @@ class Crypt_RSA {
     */
    function Crypt_RSA()
    {
+        $this->configFile = CRYPT_RSA_OPENSSL_CONFIG;
+
        if ( !defined('CRYPT_RSA_MODE') ) {
            switch (true) {
                case extension_loaded('openssl') && version_compare(PHP_VERSION, '4.2.0', '>='):
@ -501,12 +519,12 @@ class Crypt_RSA {

        // OpenSSL uses 65537 as the exponent and requires RSA keys be 384 bits minimum
        if ( CRYPT_RSA_MODE == CRYPT_RSA_MODE_OPENSSL && $bits >= 384 && CRYPT_RSA_EXPONENT == 65537) {
-            $rsa = openssl_pkey_new(array(
-                'private_key_bits' => $bits,
-                'config' => dirname(__FILE__) . '/../openssl.cnf'
-            ));
-
-            openssl_pkey_export($rsa, $privatekey, NULL, array('config' => dirname(__FILE__) . '/../openssl.cnf'));
+            $config = array();
+            if (isset($this->configFile)) {
+                $config['config'] = $this->configFile;
+            }
+            $rsa = openssl_pkey_new(array('private_key_bits' => $bits) + $config);
+            openssl_pkey_export($rsa, $privatekey, NULL, $config);
            $publickey = openssl_pkey_get_details($rsa);
            $publickey = $publickey['key'];

--- a/phpseclib/File/X509.php
+++ b/phpseclib/File/X509.php
@ -131,6 +131,7 @@ class File_X509 {
    var $IssuingDistributionPoint;
    var $InvalidityDate;
    var $CertificateIssuer;
+    var $HoldInstructionCode;
    /**#@-*/

    /**
@ -1175,6 +1176,8 @@ class File_X509 {

        $this->CertificateIssuer = $GeneralNames;

+        $this->HoldInstructionCode = array('type' => FILE_ASN1_TYPE_OBJECT_IDENTIFIER);
+
        // OIDs from RFC5280 and those RFCs mentioned in RFC5280#section-4.1.1.2
        $this->oids = array(
            '1.3.6.1.5.5.7' => 'id-pkix',
@ -1247,10 +1250,10 @@ class File_X509 {
            '2.5.29.21' => 'id-ce-cRLReasons',
            '2.5.29.29' => 'id-ce-certificateIssuer',
            '2.5.29.23' => 'id-ce-holdInstructionCode',
-            '2.2.840.10040.2' => 'holdInstruction',
-            '2.2.840.10040.2.1' => 'id-holdinstruction-none',
-            '2.2.840.10040.2.2' => 'id-holdinstruction-callissuer',
-            '2.2.840.10040.2.3' => 'id-holdinstruction-reject',
+            '1.2.840.10040.2' => 'holdInstruction',
+            '1.2.840.10040.2.1' => 'id-holdinstruction-none',
+            '1.2.840.10040.2.2' => 'id-holdinstruction-callissuer',
+            '1.2.840.10040.2.3' => 'id-holdinstruction-reject',
            '2.5.29.24' => 'id-ce-invalidityDate',

            '1.2.840.113549.2.2' => 'md2',
@ -1737,6 +1740,8 @@ class File_X509 {
                return $this->InvalidityDate;
            case 'id-ce-certificateIssuer':
                return $this->CertificateIssuer;
+            case 'id-ce-holdInstructionCode':
+                return $this->HoldInstructionCode;
        }

        return false;