1
0
mirror of https://github.com/danog/phpseclib.git synced 2024-12-12 09:09:39 +01:00

RSA: Allow changing openssl configuration file. X509: process HoldInstructionCode.

Also fixes HoldInstruction* OIDs.
This commit is contained in:
Patrick Monnerat 2012-12-10 12:07:49 +01:00
parent 8f6cd4f91f
commit f039a6ebc2
2 changed files with 33 additions and 10 deletions

View File

@ -176,6 +176,12 @@ define('CRYPT_RSA_MODE_INTERNAL', 1);
define('CRYPT_RSA_MODE_OPENSSL', 2); define('CRYPT_RSA_MODE_OPENSSL', 2);
/**#@-*/ /**#@-*/
/**
* Default openSSL configuration file.
*/
define('CRYPT_RSA_OPENSSL_CONFIG', dirname(__FILE__) . '/../openssl.cnf');
/**#@+ /**#@+
* @access public * @access public
* @see Crypt_RSA::createKey() * @see Crypt_RSA::createKey()
@ -433,6 +439,16 @@ class Crypt_RSA {
*/ */
var $current; var $current;
/**
* OpenSSL configuration file name.
*
* Set to NULL to use system configuration file.
* @see Crypt_RSA::createKey()
* @var Mixed
* @Access public
*/
var $configFile;
/** /**
* The constructor * The constructor
* *
@ -445,6 +461,8 @@ class Crypt_RSA {
*/ */
function Crypt_RSA() function Crypt_RSA()
{ {
$this->configFile = CRYPT_RSA_OPENSSL_CONFIG;
if ( !defined('CRYPT_RSA_MODE') ) { if ( !defined('CRYPT_RSA_MODE') ) {
switch (true) { switch (true) {
case extension_loaded('openssl') && version_compare(PHP_VERSION, '4.2.0', '>='): case extension_loaded('openssl') && version_compare(PHP_VERSION, '4.2.0', '>='):
@ -501,12 +519,12 @@ class Crypt_RSA {
// OpenSSL uses 65537 as the exponent and requires RSA keys be 384 bits minimum // OpenSSL uses 65537 as the exponent and requires RSA keys be 384 bits minimum
if ( CRYPT_RSA_MODE == CRYPT_RSA_MODE_OPENSSL && $bits >= 384 && CRYPT_RSA_EXPONENT == 65537) { if ( CRYPT_RSA_MODE == CRYPT_RSA_MODE_OPENSSL && $bits >= 384 && CRYPT_RSA_EXPONENT == 65537) {
$rsa = openssl_pkey_new(array( $config = array();
'private_key_bits' => $bits, if (isset($this->configFile)) {
'config' => dirname(__FILE__) . '/../openssl.cnf' $config['config'] = $this->configFile;
)); }
$rsa = openssl_pkey_new(array('private_key_bits' => $bits) + $config);
openssl_pkey_export($rsa, $privatekey, NULL, array('config' => dirname(__FILE__) . '/../openssl.cnf')); openssl_pkey_export($rsa, $privatekey, NULL, $config);
$publickey = openssl_pkey_get_details($rsa); $publickey = openssl_pkey_get_details($rsa);
$publickey = $publickey['key']; $publickey = $publickey['key'];

View File

@ -131,6 +131,7 @@ class File_X509 {
var $IssuingDistributionPoint; var $IssuingDistributionPoint;
var $InvalidityDate; var $InvalidityDate;
var $CertificateIssuer; var $CertificateIssuer;
var $HoldInstructionCode;
/**#@-*/ /**#@-*/
/** /**
@ -1175,6 +1176,8 @@ class File_X509 {
$this->CertificateIssuer = $GeneralNames; $this->CertificateIssuer = $GeneralNames;
$this->HoldInstructionCode = array('type' => FILE_ASN1_TYPE_OBJECT_IDENTIFIER);
// OIDs from RFC5280 and those RFCs mentioned in RFC5280#section-4.1.1.2 // OIDs from RFC5280 and those RFCs mentioned in RFC5280#section-4.1.1.2
$this->oids = array( $this->oids = array(
'1.3.6.1.5.5.7' => 'id-pkix', '1.3.6.1.5.5.7' => 'id-pkix',
@ -1247,10 +1250,10 @@ class File_X509 {
'2.5.29.21' => 'id-ce-cRLReasons', '2.5.29.21' => 'id-ce-cRLReasons',
'2.5.29.29' => 'id-ce-certificateIssuer', '2.5.29.29' => 'id-ce-certificateIssuer',
'2.5.29.23' => 'id-ce-holdInstructionCode', '2.5.29.23' => 'id-ce-holdInstructionCode',
'2.2.840.10040.2' => 'holdInstruction', '1.2.840.10040.2' => 'holdInstruction',
'2.2.840.10040.2.1' => 'id-holdinstruction-none', '1.2.840.10040.2.1' => 'id-holdinstruction-none',
'2.2.840.10040.2.2' => 'id-holdinstruction-callissuer', '1.2.840.10040.2.2' => 'id-holdinstruction-callissuer',
'2.2.840.10040.2.3' => 'id-holdinstruction-reject', '1.2.840.10040.2.3' => 'id-holdinstruction-reject',
'2.5.29.24' => 'id-ce-invalidityDate', '2.5.29.24' => 'id-ce-invalidityDate',
'1.2.840.113549.2.2' => 'md2', '1.2.840.113549.2.2' => 'md2',
@ -1737,6 +1740,8 @@ class File_X509 {
return $this->InvalidityDate; return $this->InvalidityDate;
case 'id-ce-certificateIssuer': case 'id-ce-certificateIssuer':
return $this->CertificateIssuer; return $this->CertificateIssuer;
case 'id-ce-holdInstructionCode':
return $this->HoldInstructionCode;
} }
return false; return false;