- MFH: #41033, enable signing with DSA keys

ext/openssl/openssl.c

@@ -56,6 +56,7 @@
 #define OPENSSL_ALGO_MD5	2
 #define OPENSSL_ALGO_MD4	3
 #define OPENSSL_ALGO_MD2	4
+#define OPENSSL_ALGO_DSS1	5
 
 #define DEBUG_SMIME	0
 
@@ -641,6 +642,9 @@ static EVP_MD * php_openssl_get_evp_md_from_algo(long algo) { /* {{{ */
 		case OPENSSL_ALGO_MD2:
 			mdtype = (EVP_MD *) EVP_md2();
 			break;
+		case OPENSSL_ALGO_DSS1:
+			mdtype = (EVP_MD *) EVP_dss1();
+			break;
 		default:
 			return NULL;
 			break;
@@ -692,6 +696,7 @@ PHP_MINIT_FUNCTION(openssl)
 	REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD5", OPENSSL_ALGO_MD5, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD4", OPENSSL_ALGO_MD4, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD2", OPENSSL_ALGO_MD2, CONST_CS|CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("OPENSSL_ALGO_DSS1", OPENSSL_ALGO_DSS1, CONST_CS|CONST_PERSISTENT);
 
 	/* flags for S/MIME */
 	REGISTER_LONG_CONSTANT("PKCS7_DETACHED", PKCS7_DETACHED, CONST_CS|CONST_PERSISTENT);
@@ -1200,7 +1205,7 @@ PHP_FUNCTION(openssl_x509_checkpurpose)
 	STACK_OF(X509) * untrustedchain = NULL;
 	long purpose;
 	char * untrusted = NULL;
-	int untrusted_len;
+	int untrusted_len, ret;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zl|a!s", &zcert, &purpose, &zcainfo, &untrusted, &untrusted_len)
 			== FAILURE) {
@@ -1224,7 +1229,15 @@ PHP_FUNCTION(openssl_x509_checkpurpose)
 	if (cert == NULL) {
 		goto clean_exit;
 	}
-	RETVAL_LONG(check_cert(cainfo, cert, untrustedchain, purpose));
+
+	ret = check_cert(cainfo, cert, untrustedchain, purpose);
+
+        if (ret != 0 && ret != 1) {
+                RETVAL_LONG(ret);
+        } else {
+                RETVAL_BOOL(ret);
+        }
+
 
 clean_exit:
 	if (certresource == 1 && cert) {

ext/openssl/tests/bug41033.pem

@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCrQ/By/Y5OQRmmc/e+W+eFVoeR5y8WPOkykwS2hc21aSNY5X3q
+8ZHdV467thFd/QCoR55hHTRGRbYmfOkXSiscotU08ISlxIH39EEhFSzwqzkxFfak
+cgHEu41AUOIfJ2Dz+vcmuasME159pDP0d0gt55pKRPcXoh916p2VS/FBiQIVAMnQ
+C6W+K1brelHqpUqwQ1cdNJklAoGAN858gG/UIF+U3CYTcgl5/OUAqOzvitMV2ue+
+AkDEkGNEZs3KUAjpqHduf1E3znl7hJJIRr+33sul9USxn0vczDBkEJPralQjNX2C
+dnYKDDhJ+UKlAFG2JZint4CBKPFiZC0tVo04iDQQUUfDC4c8K3cS5uzypebJyoLo
+e5b8rScCgYBedJg6vklhMWv2wZD10hbQaXEX5r8T6EQujbfO0RcKpuaJziPPrXO8
+QwPtLt0f40yjTmPxN3LcpgMymiun9UCSTZ3MhVKekCmSNzs5+lQpCm1VlDrCg+jn
+djw0VCX8Cm0lOPIyQ4eCNAB6nQLtBnXFWaqYuUS8iVDE7wmT0iwnkAIVAMKogWVA
+ZOKwjTj9Yztv3lGj7VTa
+-----END DSA PRIVATE KEY-----

ext/openssl/tests/bug41033.phpt

@@ -0,0 +1,27 @@
+--TEST--
+#41033, enable signing with DSA keys
+--SKIPIF--
+<?php 
+if (!extension_loaded("openssl")) die("skip, openssl required");
+if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip");
+?>
+--FILE--
+<?php
+$prv = 'file://' . dirname(__FILE__) . '/' . 'bug41033.pem';
+$pub = 'file://' . dirname(__FILE__) . '/' . 'bug41033pub.pem';
+
+
+$prkeyid = openssl_get_privatekey($prv, "1234");
+$ct = "Hello I am some text!";
+openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_DSS1);
+echo "Signature: ".base64_encode($signature) . "\n";
+
+$pukeyid = openssl_get_publickey($pub);
+$valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_DSS1);
+echo "Signature validity: " . $valid . "\n";
+
+
+?>
+--EXPECTF--
+Signature: %s
+Signature validity: 1

ext/openssl/tests/bug41033pub.pem

@@ -0,0 +1,12 @@
+-----BEGIN PUBLIC KEY-----
+MIIBtjCCASsGByqGSM44BAEwggEeAoGBAKtD8HL9jk5BGaZz975b54VWh5HnLxY8
+6TKTBLaFzbVpI1jlferxkd1Xjru2EV39AKhHnmEdNEZFtiZ86RdKKxyi1TTwhKXE
+gff0QSEVLPCrOTEV9qRyAcS7jUBQ4h8nYPP69ya5qwwTXn2kM/R3SC3nmkpE9xei
+H3XqnZVL8UGJAhUAydALpb4rVut6UeqlSrBDVx00mSUCgYA3znyAb9QgX5TcJhNy
+CXn85QCo7O+K0xXa574CQMSQY0RmzcpQCOmod25/UTfOeXuEkkhGv7fey6X1RLGf
+S9zMMGQQk+tqVCM1fYJ2dgoMOEn5QqUAUbYlmKe3gIEo8WJkLS1WjTiINBBRR8ML
+hzwrdxLm7PKl5snKguh7lvytJwOBhAACgYBedJg6vklhMWv2wZD10hbQaXEX5r8T
+6EQujbfO0RcKpuaJziPPrXO8QwPtLt0f40yjTmPxN3LcpgMymiun9UCSTZ3MhVKe
+kCmSNzs5+lQpCm1VlDrCg+jndjw0VCX8Cm0lOPIyQ4eCNAB6nQLtBnXFWaqYuUS8
+iVDE7wmT0iwnkA==
+-----END PUBLIC KEY-----