From f039a6ebc24e08b619e068c872bc4a0d2952fd48 Mon Sep 17 00:00:00 2001 From: Patrick Monnerat Date: Mon, 10 Dec 2012 12:07:49 +0100 Subject: [PATCH] RSA: Allow changing openssl configuration file. X509: process HoldInstructionCode. Also fixes HoldInstruction* OIDs. --- phpseclib/Crypt/RSA.php | 30 ++++++++++++++++++++++++------ phpseclib/File/X509.php | 13 +++++++++---- 2 files changed, 33 insertions(+), 10 deletions(-) diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index 7df1ded7..52ab883a 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -176,6 +176,12 @@ define('CRYPT_RSA_MODE_INTERNAL', 1); define('CRYPT_RSA_MODE_OPENSSL', 2); /**#@-*/ +/** + * Default openSSL configuration file. + */ +define('CRYPT_RSA_OPENSSL_CONFIG', dirname(__FILE__) . '/../openssl.cnf'); + + /**#@+ * @access public * @see Crypt_RSA::createKey() @@ -433,6 +439,16 @@ class Crypt_RSA { */ var $current; + /** + * OpenSSL configuration file name. + * + * Set to NULL to use system configuration file. + * @see Crypt_RSA::createKey() + * @var Mixed + * @Access public + */ + var $configFile; + /** * The constructor * @@ -445,6 +461,8 @@ class Crypt_RSA { */ function Crypt_RSA() { + $this->configFile = CRYPT_RSA_OPENSSL_CONFIG; + if ( !defined('CRYPT_RSA_MODE') ) { switch (true) { case extension_loaded('openssl') && version_compare(PHP_VERSION, '4.2.0', '>='): @@ -501,12 +519,12 @@ class Crypt_RSA { // OpenSSL uses 65537 as the exponent and requires RSA keys be 384 bits minimum if ( CRYPT_RSA_MODE == CRYPT_RSA_MODE_OPENSSL && $bits >= 384 && CRYPT_RSA_EXPONENT == 65537) { - $rsa = openssl_pkey_new(array( - 'private_key_bits' => $bits, - 'config' => dirname(__FILE__) . '/../openssl.cnf' - )); - - openssl_pkey_export($rsa, $privatekey, NULL, array('config' => dirname(__FILE__) . '/../openssl.cnf')); + $config = array(); + if (isset($this->configFile)) { + $config['config'] = $this->configFile; + } + $rsa = openssl_pkey_new(array('private_key_bits' => $bits) + $config); + openssl_pkey_export($rsa, $privatekey, NULL, $config); $publickey = openssl_pkey_get_details($rsa); $publickey = $publickey['key']; diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 13a008b2..4f022dfd 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -131,6 +131,7 @@ class File_X509 { var $IssuingDistributionPoint; var $InvalidityDate; var $CertificateIssuer; + var $HoldInstructionCode; /**#@-*/ /** @@ -1175,6 +1176,8 @@ class File_X509 { $this->CertificateIssuer = $GeneralNames; + $this->HoldInstructionCode = array('type' => FILE_ASN1_TYPE_OBJECT_IDENTIFIER); + // OIDs from RFC5280 and those RFCs mentioned in RFC5280#section-4.1.1.2 $this->oids = array( '1.3.6.1.5.5.7' => 'id-pkix', @@ -1247,10 +1250,10 @@ class File_X509 { '2.5.29.21' => 'id-ce-cRLReasons', '2.5.29.29' => 'id-ce-certificateIssuer', '2.5.29.23' => 'id-ce-holdInstructionCode', - '2.2.840.10040.2' => 'holdInstruction', - '2.2.840.10040.2.1' => 'id-holdinstruction-none', - '2.2.840.10040.2.2' => 'id-holdinstruction-callissuer', - '2.2.840.10040.2.3' => 'id-holdinstruction-reject', + '1.2.840.10040.2' => 'holdInstruction', + '1.2.840.10040.2.1' => 'id-holdinstruction-none', + '1.2.840.10040.2.2' => 'id-holdinstruction-callissuer', + '1.2.840.10040.2.3' => 'id-holdinstruction-reject', '2.5.29.24' => 'id-ce-invalidityDate', '1.2.840.113549.2.2' => 'md2', @@ -1737,6 +1740,8 @@ class File_X509 { return $this->InvalidityDate; case 'id-ce-certificateIssuer': return $this->CertificateIssuer; + case 'id-ce-holdInstructionCode': + return $this->HoldInstructionCode; } return false;