Merge branch 'master' into php5

* master:
  RSA: slight adjustment to CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW format
This commit is contained in:
Andreas Fischer 2014-06-11 08:05:49 +02:00
commit 76ac2a863d
2 changed files with 25 additions and 7 deletions

View File

@ -218,6 +218,12 @@ define('CRYPT_RSA_PUBLIC_FORMAT_RAW', 3);
* PKCS#1 formatted public key (raw) * PKCS#1 formatted public key (raw)
* *
* Used by File/X509.php * Used by File/X509.php
*
* Has the following header:
*
* -----BEGIN RSA PUBLIC KEY-----
*
* Analogous to ssh-keygen's pem format (as specified by -m)
*/ */
define('CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW', 4); define('CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW', 4);
/** /**
@ -234,6 +240,14 @@ define('CRYPT_RSA_PUBLIC_FORMAT_OPENSSH', 6);
* PKCS#1 formatted public key (encapsulated) * PKCS#1 formatted public key (encapsulated)
* *
* Used by PHP's openssl_public_encrypt() and openssl's rsautl (when -pubin is set) * Used by PHP's openssl_public_encrypt() and openssl's rsautl (when -pubin is set)
*
* Has the following header:
*
* -----BEGIN PUBLIC KEY-----
*
* Analogous to ssh-keygen's pkcs8 format (as specified by -m)
* (the applicability of PKCS8 is dubious since PKCS8 is talking about
* private keys but whatever)
*/ */
define('CRYPT_RSA_PUBLIC_FORMAT_PKCS1', 7); define('CRYPT_RSA_PUBLIC_FORMAT_PKCS1', 7);
/**#@-*/ /**#@-*/
@ -904,7 +918,11 @@ class Crypt_RSA
$components['modulus'], $components['publicExponent'] $components['modulus'], $components['publicExponent']
); );
if ($this->publicKeyFormat == CRYPT_RSA_PUBLIC_FORMAT_PKCS1) { if ($this->publicKeyFormat == CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW) {
$RSAPublicKey = "-----BEGIN RSA PUBLIC KEY-----\r\n" .
chunk_split(base64_encode($RSAPublicKey), 64) .
'-----END RSA PUBLIC KEY-----';
} else {
// sequence(oid(1.2.840.113549.1.1.1), null)) = rsaEncryption. // sequence(oid(1.2.840.113549.1.1.1), null)) = rsaEncryption.
$rsaOID = pack('H*', '300d06092a864886f70d0101010500'); // hex version of MA0GCSqGSIb3DQEBAQUA $rsaOID = pack('H*', '300d06092a864886f70d0101010500'); // hex version of MA0GCSqGSIb3DQEBAQUA
$RSAPublicKey = chr(0) . $RSAPublicKey; $RSAPublicKey = chr(0) . $RSAPublicKey;
@ -913,11 +931,11 @@ class Crypt_RSA
$RSAPublicKey = pack('Ca*a*', $RSAPublicKey = pack('Ca*a*',
CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($rsaOID . $RSAPublicKey)), $rsaOID . $RSAPublicKey CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($rsaOID . $RSAPublicKey)), $rsaOID . $RSAPublicKey
); );
}
$RSAPublicKey = "-----BEGIN PUBLIC KEY-----\r\n" . $RSAPublicKey = "-----BEGIN PUBLIC KEY-----\r\n" .
chunk_split(base64_encode($RSAPublicKey), 64) . chunk_split(base64_encode($RSAPublicKey), 64) .
'-----END PUBLIC KEY-----'; '-----END PUBLIC KEY-----';
}
return $RSAPublicKey; return $RSAPublicKey;
} }

View File

@ -2171,12 +2171,12 @@ class File_X509
switch ($algorithm) { switch ($algorithm) {
case 'rsaEncryption': case 'rsaEncryption':
return return
"-----BEGIN PUBLIC KEY-----\r\n" . "-----BEGIN RSA PUBLIC KEY-----\r\n" .
// subjectPublicKey is stored as a bit string in X.509 certs. the first byte of a bit string represents how many bits // subjectPublicKey is stored as a bit string in X.509 certs. the first byte of a bit string represents how many bits
// in the last byte should be ignored. the following only supports non-zero stuff but as none of the X.509 certs Firefox // in the last byte should be ignored. the following only supports non-zero stuff but as none of the X.509 certs Firefox
// uses as a cert authority actually use a non-zero bit I think it's safe to assume that none do. // uses as a cert authority actually use a non-zero bit I think it's safe to assume that none do.
chunk_split(base64_encode(substr(base64_decode($key), 1)), 64) . chunk_split(base64_encode(substr(base64_decode($key), 1)), 64) .
'-----END PUBLIC KEY-----'; '-----END RSA PUBLIC KEY-----';
default: default:
return $key; return $key;
} }