From acbe25708fe281869b2fbac4310ab23f8cb79193 Mon Sep 17 00:00:00 2001
From: jas- <jason.gerfen@gmail.com>
Date: Sun, 25 Mar 2012 17:22:26 -0600
Subject: [PATCH 1/8] Sun Mar 25 17:22:26 MDT 2012 - Five functions to
 implement support for SPKAC keys

---
 ext/openssl/openssl.c | 314 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 314 insertions(+)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index a48ab20d6a797..5a8cb95432f93 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -375,11 +375,40 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_random_pseudo_bytes, 0, 0, 1)
     ZEND_ARG_INFO(0, length)
     ZEND_ARG_INFO(1, result_is_strong)
 ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_spki_new, 0, 0, 2)
+    ZEND_ARG_INFO(0, privkey)
+    ZEND_ARG_INFO(0, challenge)
+    ZEND_ARG_INFO(0, algo)
+ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_verify, 0)
+    ZEND_ARG_INFO(0, spki)
+ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_export, 0)
+    ZEND_ARG_INFO(0, spki)
+ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_export_challenge, 0)
+    ZEND_ARG_INFO(0, spki)
+ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_details, 0)
+    ZEND_ARG_INFO(0, spki)
+ZEND_END_ARG_INFO()
 /* }}} */
 
 /* {{{ openssl_functions[]
  */
 const zend_function_entry openssl_functions[] = {
+/* spki functions */
+	PHP_FE(openssl_spki_new, arginfo_openssl_spki_new)
+	PHP_FE(openssl_spki_verify, arginfo_openssl_spki_verify)
+	PHP_FE(openssl_spki_export, arginfo_openssl_spki_export)
+ PHP_FE(openssl_spki_export_challenge, arginfo_openssl_spki_export_challenge)
+ PHP_FE(openssl_spki_details,	arginfo_openssl_spki_details)
+
 /* public/private key functions */
 	PHP_FE(openssl_pkey_free,			arginfo_openssl_pkey_free)
 	PHP_FE(openssl_pkey_new,			arginfo_openssl_pkey_new)
@@ -1290,6 +1319,291 @@ PHP_FUNCTION(openssl_x509_export_to_file)
 }
 /* }}} */
 
+/* {{{ proto string openssl_spki_new(mixed zpkey, string challenge [, string algo='sha256'])
+   Creates new private key (or uses existing) and creates a new spki cert
+   outputting results to var */
+PHP_FUNCTION(openssl_spki_new)
+{
+ zval * zpkey = NULL;
+ EVP_PKEY * pkey = NULL;
+ NETSCAPE_SPKI *spki=NULL;
+ int challenge_len, algo_len;
+ char * challenge, * spkstr, *algo="sha256";
+ long keyresource = -1;
+ const char *spkac = "SPKAC=";
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|s", &zpkey, &challenge, &challenge_len, &algo, &algo_len) == FAILURE) {
+  return;
+ }
+ RETVAL_FALSE;
+
+ pkey = php_openssl_evp_from_zval(&zpkey, 0, challenge, 1, &keyresource TSRMLS_CC);
+
+ if (pkey == NULL) {
+  goto cleanup;
+ }
+
+ if ((spki = NETSCAPE_SPKI_new()) == NULL) {
+  goto cleanup;
+ }
+
+ if (challenge) {
+  ASN1_STRING_set(spki->spkac->challenge, challenge, (int)strlen(challenge));
+ }
+
+ if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) {
+  goto cleanup;
+ }
+
+ if (strcmp(algo, "md5")==0){
+  if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_md5())) {
+   goto cleanup;
+  }
+ } else if(strcmp(algo, "sha1")==0){
+  if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_sha1())) {
+   goto cleanup;
+  }
+ } else if(strcmp(algo, "sha256")==0){
+  if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_sha256())) {
+   goto cleanup;
+  }
+ } else if (strcmp(algo, "sha512")==0){
+  if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_sha512())) {
+   goto cleanup;
+  }
+ }
+
+ spkstr = NETSCAPE_SPKI_b64_encode(spki);
+ if (!spkstr){
+  goto cleanup;
+ }
+
+ char * s = malloc(snprintf(NULL, 0, "%s%s", spkac, spkstr));
+ sprintf(s, "%s%s", spkac, spkstr);
+
+ if (strlen(s)<=0) {
+  goto cleanup;
+ }
+ RETURN_STRING(s, 1);
+
+cleanup:
+ if (keyresource == -1 && spki) {
+  NETSCAPE_SPKI_free(spki);
+ }
+ if (keyresource == -1 && pkey) {
+  EVP_PKEY_free(pkey);
+ }
+ if (keyresource == -1 && s) {
+  free(s);
+ }
+ RETURN_NULL();
+}
+/* }}} */
+
+/* {{{ proto bool openssl_spki_verify(string spki)
+   Verifies spki returns boolean */
+PHP_FUNCTION(openssl_spki_verify)
+{
+ int spkstr_len, i, x=0;
+ char *spkstr = NULL;
+ EVP_PKEY *pkey = NULL;
+ NETSCAPE_SPKI *spki = NULL;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
+  return;
+ }
+
+ if (!spkstr) {
+  goto cleanup;
+ }
+
+ char * spkstr_cleaned = malloc(strlen(spkstr));
+ openssl_spki_cleanup(spkstr, spkstr_cleaned);
+
+ spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
+ if (!spki) {
+  goto cleanup;
+ }
+
+ pkey = X509_PUBKEY_get(spki->spkac->pubkey);
+ if (pkey == NULL) {
+  goto cleanup;
+ }
+
+ i = NETSCAPE_SPKI_verify(spki, pkey);
+
+ if (i > 0) {
+  x = 1;
+ }
+ goto cleanup;
+
+cleanup:
+ if (spki) {
+  NETSCAPE_SPKI_free(spki);
+ }
+ if (pkey) {
+  EVP_PKEY_free(pkey);
+ }
+ RETURN_BOOL(x);
+}
+/* }}} */
+
+/* {{{ proto string openssl_spki_export(string spki)
+   Exports public key from existing spki to var */
+PHP_FUNCTION(openssl_spki_export)
+{
+ int spkstr_len;
+ EVP_PKEY *pkey = NULL;
+ NETSCAPE_SPKI *spki = NULL;
+ BIO *out = BIO_new(BIO_s_mem());
+ BUF_MEM *bio_buf;
+ char *spkstr;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
+  goto cleanup;
+ }
+
+ if (!spkstr) {
+  goto cleanup;
+ }
+
+ char * spkstr_cleaned = malloc(strlen(spkstr));
+ openssl_spki_cleanup(spkstr, spkstr_cleaned);
+
+ spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
+ if (!spki) {
+  goto cleanup;
+ }
+
+ pkey = X509_PUBKEY_get(spki->spkac->pubkey);
+ if (!pkey) {
+  goto cleanup;
+ }
+
+ PEM_write_bio_PUBKEY(out, pkey);
+ BIO_get_mem_ptr(out, &bio_buf);
+
+ if ((!bio_buf->data)&&(bio_buf->length<=0)) {
+  goto cleanup;
+ }
+
+ char * s = malloc(bio_buf->length);
+ BIO_read(out, s, bio_buf->length);
+ RETURN_STRING(s, 1);
+
+cleanup:
+ if (spki) {
+  NETSCAPE_SPKI_free(spki);
+ }
+ if (out) {
+  BIO_free_all(out);
+ }
+ if (pkey) {
+  EVP_PKEY_free(pkey);
+ }
+}
+/* }}} */
+
+/* {{{ proto string openssl_spki_export_challenge(string spki)
+   Exports spkac challenge from existing spki to var */
+PHP_FUNCTION(openssl_spki_export_challenge)
+{
+ int spkstr_len;
+ NETSCAPE_SPKI *spki = NULL;
+ char *spkstr;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
+  goto cleanup;
+ }
+
+ if (!spkstr) {
+  goto cleanup;
+ }
+
+ char * spkstr_cleaned = malloc(strlen(spkstr));
+ openssl_spki_cleanup(spkstr, spkstr_cleaned);
+
+ spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
+ if (!spki) {
+  goto cleanup;
+ }
+
+ RETURN_STRING(ASN1_STRING_data(spki->spkac->challenge), 1);
+
+cleanup:
+ if (spki) {
+  NETSCAPE_SPKI_free(spki);
+ }
+}
+/* }}} */
+
+/* {{{ proto string openssl_spki_details(string spki)
+   Provides details from existing spki to var */
+PHP_FUNCTION(openssl_spki_details)
+{
+ int spkstr_len;
+ NETSCAPE_SPKI *spki = NULL;
+ BIO *out = BIO_new(BIO_s_mem());
+ BUF_MEM *bio_buf;
+ zval *zout;
+ char *spkstr;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
+  return;
+ }
+ RETVAL_FALSE;
+
+ if (!spkstr) {
+  goto cleanup;
+ }
+
+ char * spkstr_cleaned = malloc(strlen(spkstr));
+ openssl_spki_cleanup(spkstr, spkstr_cleaned);
+
+ spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
+ if (!spki) {
+  goto cleanup;
+ }
+
+ NETSCAPE_SPKI_print(out, spki);
+ BIO_get_mem_ptr(out, &bio_buf);
+
+ if ((!bio_buf->data)&&(bio_buf->length<=0)) {
+  goto cleanup;
+ }
+
+ char * s = malloc(bio_buf->length);
+ BIO_read(out, s, bio_buf->length);
+ RETURN_STRING(s, 1);
+
+cleanup:
+ if (spki) {
+  NETSCAPE_SPKI_free(spki);
+ }
+ BIO_free_all(out);
+}
+/* }}} */
+
+/* {{{ proto int openssl_spki_cleanup(const char *src, char *results)
+  This will help remove new line chars in the SPKAC sent from the
+  browser */
+int openssl_spki_cleanup(const char *src, char *dest)
+{
+    int removed=0;
+
+    while (*src) {
+        if (*src!='\n'&&*src!='\r') {
+            *dest++=*src;
+        } else {
+            ++removed;
+        }
+        ++src;
+    }
+    *dest=0;
+    return removed;
+}
+/* }}} */
+
 /* {{{ proto bool openssl_x509_export(mixed x509, string &out [, bool notext = true])
    Exports a CERT to file or a var */
 PHP_FUNCTION(openssl_x509_export)

From eb4ac19d4535d929b61adaa3007e22cbbce554dd Mon Sep 17 00:00:00 2001
From: jas- <jason.gerfen@gmail.com>
Date: Sun, 25 Mar 2012 17:22:45 -0600
Subject: [PATCH 2/8] Sun Mar 25 17:22:44 MDT 2012 - Five functions to
 implement support for SPKAC keys

---
 ext/openssl/php_openssl.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h
index fc118dba1ebb8..59b53a1b178dd 100644
--- a/ext/openssl/php_openssl.h
+++ b/ext/openssl/php_openssl.h
@@ -77,6 +77,12 @@ PHP_FUNCTION(openssl_csr_export_to_file);
 PHP_FUNCTION(openssl_csr_sign);
 PHP_FUNCTION(openssl_csr_get_subject);
 PHP_FUNCTION(openssl_csr_get_public_key);
+
+PHP_FUNCTION(openssl_spki_new);
+PHP_FUNCTION(openssl_spki_verify);
+PHP_FUNCTION(openssl_spki_export);
+PHP_FUNCTION(openssl_spki_export_challenge);
+PHP_FUNCTION(openssl_spki_details);
 #else
 
 #define phpext_openssl_ptr NULL

From 35b2373a359bf7d1489a4a64aefc357031ba076c Mon Sep 17 00:00:00 2001
From: jas- <jason.gerfen@gmail.com>
Date: Sun, 25 Mar 2012 17:23:23 -0600
Subject: [PATCH 3/8] Sun Mar 25 17:23:22 MDT 2012 - Tests for SPKAC functions

---
 ext/openssl/tests/026.phpt | 208 +++++++++++++++++++++++++++++++++++++
 1 file changed, 208 insertions(+)
 create mode 100644 ext/openssl/tests/026.phpt

diff --git a/ext/openssl/tests/026.phpt b/ext/openssl/tests/026.phpt
new file mode 100644
index 0000000000000..026330ad8c32a
--- /dev/null
+++ b/ext/openssl/tests/026.phpt
@@ -0,0 +1,208 @@
+--TEST--
+openssl_spki_new(), openssl_spki_verify(), openssl_spki_export(), openssl_spki_export_challenge(), openssl_spki_details()
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip");
+if (!@openssl_pkey_new()) die("skip cannot create private key");
+?>
+--FILE--
+<?php
+
+echo "Creating private key\n";
+$key = openssl_pkey_new();
+if ($key === false)
+ die("failed to create private key\n");
+
+echo "Creating new SPKAC with defaults\n";
+if (!function_exists("openssl_spki_new"))
+ die("openssl_spki_new() does not exist\n");
+
+$spki = openssl_spki_new($key, "sample_challenge_string");
+if ($spki === false)
+ die("could not create spkac\n");
+
+echo "Verifying SPKAC using defaults\n";
+if (!function_exists("openssl_spki_verify"))
+ die("openssl_spki_verify() does not exist\n");
+
+$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
+if ($a === false)
+ die("could not verify spkac\n");
+
+echo "Exporting challenge using defaults\n";
+if (!function_exists("openssl_spki_export_challenge"))
+ die("openssl_spki_export_challenge() does not exist\n");
+
+$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
+if ($b !== "sample_challenge_string")
+ die("could not verify challenge string from spkac\n");
+
+echo "Exporting public key from SPKAC using defaults\n";
+if (!function_exists("openssl_spki_export"))
+ die("openssl_spki_export() does not exist\n");
+
+$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
+if ($c === "")
+ die("could not export public key from spkac\n");
+
+echo "Generating details of SPKAC structure using defaults\n";
+if (!function_exists("openssl_spki_details"))
+ die("openssl_spki_details() does not exist\n");
+
+$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
+if ($d === "")
+ die("could not obtain details from spkac\n");
+
+unset($spki, $a, $b, $c, $d);
+
+echo "Creating new SPKAC using md5 signature\n";
+if (!function_exists("openssl_spki_new"))
+ die("openssl_spki_new() does not exist\n");
+
+$spki = openssl_spki_new($key, "sample_challenge_string", "md5");
+if ($spki === false)
+ die("could not create spkac\n");
+
+echo "Verifying SPKAC using md5 signature\n";
+if (!function_exists("openssl_spki_verify"))
+ die("openssl_spki_verify() does not exist\n");
+
+$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
+if ($a === false)
+ die("could not verify spkac\n");
+
+echo "Exporting challenge using md5 signature\n";
+if (!function_exists("openssl_spki_export_challenge"))
+ die("openssl_spki_export_challenge() does not exist\n");
+
+$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
+if ($b !== "sample_challenge_string")
+ die("could not verify challenge string from spkac\n");
+
+echo "Exporting public key from SPKAC using md5 signature\n";
+if (!function_exists("openssl_spki_export"))
+ die("openssl_spki_export() does not exist\n");
+
+$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
+if ($c === "")
+ die("could not export public key from spkac\n");
+
+echo "Generating details of SPKAC structure using md5 signature\n";
+if (!function_exists("openssl_spki_details"))
+ die("openssl_spki_details() does not exist\n");
+
+$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
+if ($d === "")
+ die("could not obtain details from spkac\n");
+
+unset($spki, $a, $b, $c, $d);
+
+echo "Creating new SPKAC using sha1 signature\n";
+if (!function_exists("openssl_spki_new"))
+ die("openssl_spki_new() does not exist\n");
+
+$spki = openssl_spki_new($key, "sample_challenge_string", "sha1");
+if ($spki === false)
+ die("could not create spkac\n");
+
+echo "Verifying SPKAC using sha1 signature\n";
+if (!function_exists("openssl_spki_verify"))
+ die("openssl_spki_verify() does not exist\n");
+
+$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
+if ($a === false)
+ die("could not verify spkac\n");
+
+echo "Exporting challenge using sha1 signature\n";
+if (!function_exists("openssl_spki_export_challenge"))
+ die("openssl_spki_export_challenge() does not exist\n");
+
+$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
+if ($b !== "sample_challenge_string")
+ die("could not verify challenge string from spkac\n");
+
+echo "Exporting public key from SPKAC using sha1 signature\n";
+if (!function_exists("openssl_spki_export"))
+ die("openssl_spki_export() does not exist\n");
+
+$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
+if ($c === "")
+ die("could not export public key from spkac\n");
+
+echo "Generating details of SPKAC structure using sha1 signature\n";
+if (!function_exists("openssl_spki_details"))
+ die("openssl_spki_details() does not exist\n");
+
+$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
+if ($d === "")
+ die("could not obtain details from spkac\n");
+
+unset($spki, $a, $b, $c, $d);
+
+echo "Creating new SPKAC using sha512 signature\n";
+if (!function_exists("openssl_spki_new"))
+ die("openssl_spki_new() does not exist\n");
+
+$spki = openssl_spki_new($key, "sample_challenge_string", "sha512");
+if ($spki === false)
+ die("could not create spkac\n");
+
+echo "Verifying SPKAC using sha512 signature\n";
+if (!function_exists("openssl_spki_verify"))
+ die("openssl_spki_verify() does not exist\n");
+
+$a = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
+if ($a === false)
+ die("could not verify spkac\n");
+
+echo "Exporting challenge using sha512 signature\n";
+if (!function_exists("openssl_spki_export_challenge"))
+ die("openssl_spki_export_challenge() does not exist\n");
+
+$b = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
+if ($b !== "sample_challenge_string")
+ die("could not verify challenge string from spkac\n");
+
+echo "Exporting public key from SPKAC using sha512 signature\n";
+if (!function_exists("openssl_spki_export"))
+ die("openssl_spki_export() does not exist\n");
+
+$c = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
+if ($c === "")
+ die("could not export public key from spkac\n");
+
+echo "Generating details of SPKAC structure using sha512 signature\n";
+if (!function_exists("openssl_spki_details"))
+ die("openssl_spki_details() does not exist\n");
+
+$d = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
+if ($d === "")
+ die("could not obtain details from spkac\n");
+
+echo "OK!\n";
+
+openssl_free_key($key);
+?>
+--EXPECT--
+Creating private key
+Creating new SPKAC with defaults
+Verifying SPKAC using defaults
+Exporting challenge using defaults
+Exporting public key from SPKAC using defaults
+Generating details of SPKAC structure using defaults
+Creating new SPKAC using md5 signature
+Verifying SPKAC using md5 signature
+Exporting challenge using md5 signature
+Exporting public key from SPKAC using md5 signature
+Generating details of SPKAC structure using md5 signature
+Creating new SPKAC using sha1 signature
+Verifying SPKAC using sha1 signature
+Exporting challenge using sha1 signature
+Exporting public key from SPKAC using sha1 signature
+Generating details of SPKAC structure using sha1 signature
+Creating new SPKAC using sha512 signature
+Verifying SPKAC using sha512 signature
+Exporting challenge using sha512 signature
+Exporting public key from SPKAC using sha512 signature
+Generating details of SPKAC structure using sha512 signature
+OK!

From 92e076719d0784bbcd0e542921f54022e6ebdaac Mon Sep 17 00:00:00 2001
From: jas- <jason.gerfen@gmail.com>
Date: Mon, 2 Apr 2012 21:05:23 -0600
Subject: [PATCH 4/8] Mon Apr  2 21:05:22 MDT 2012 - Made suggest changes.
 Adheres to syntax formatting, c89 standards etc.

---
 ext/openssl/openssl.c | 408 ++++++++++++++++++++++--------------------
 1 file changed, 211 insertions(+), 197 deletions(-)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 5a8cb95432f93..5a091a35ba657 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -1324,79 +1324,84 @@ PHP_FUNCTION(openssl_x509_export_to_file)
    outputting results to var */
 PHP_FUNCTION(openssl_spki_new)
 {
- zval * zpkey = NULL;
- EVP_PKEY * pkey = NULL;
- NETSCAPE_SPKI *spki=NULL;
- int challenge_len, algo_len;
- char * challenge, * spkstr, *algo="sha256";
- long keyresource = -1;
- const char *spkac = "SPKAC=";
-
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|s", &zpkey, &challenge, &challenge_len, &algo, &algo_len) == FAILURE) {
-  return;
- }
- RETVAL_FALSE;
-
- pkey = php_openssl_evp_from_zval(&zpkey, 0, challenge, 1, &keyresource TSRMLS_CC);
-
- if (pkey == NULL) {
-  goto cleanup;
- }
-
- if ((spki = NETSCAPE_SPKI_new()) == NULL) {
-  goto cleanup;
- }
-
- if (challenge) {
-  ASN1_STRING_set(spki->spkac->challenge, challenge, (int)strlen(challenge));
- }
-
- if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) {
-  goto cleanup;
- }
-
- if (strcmp(algo, "md5")==0){
-  if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_md5())) {
-   goto cleanup;
-  }
- } else if(strcmp(algo, "sha1")==0){
-  if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_sha1())) {
-   goto cleanup;
-  }
- } else if(strcmp(algo, "sha256")==0){
-  if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_sha256())) {
-   goto cleanup;
-  }
- } else if (strcmp(algo, "sha512")==0){
-  if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_sha512())) {
-   goto cleanup;
-  }
- }
-
- spkstr = NETSCAPE_SPKI_b64_encode(spki);
- if (!spkstr){
-  goto cleanup;
- }
-
- char * s = malloc(snprintf(NULL, 0, "%s%s", spkac, spkstr));
- sprintf(s, "%s%s", spkac, spkstr);
-
- if (strlen(s)<=0) {
-  goto cleanup;
- }
- RETURN_STRING(s, 1);
+    int challenge_len, algo_len;
+    char * challenge, * spkstr, * algo="sha256", * s;
+    long keyresource = -1;
+    const char *spkac = "SPKAC=";
 
-cleanup:
- if (keyresource == -1 && spki) {
-  NETSCAPE_SPKI_free(spki);
- }
- if (keyresource == -1 && pkey) {
-  EVP_PKEY_free(pkey);
- }
- if (keyresource == -1 && s) {
-  free(s);
- }
- RETURN_NULL();
+    zval * zpkey = NULL;
+    EVP_PKEY * pkey = NULL;
+    NETSCAPE_SPKI *spki=NULL;
+
+    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|s", &zpkey, &challenge, &challenge_len, &algo, &algo_len) == FAILURE) {
+        return;
+    }
+
+    pkey = php_openssl_evp_from_zval(&zpkey, 0, challenge, 1, &keyresource TSRMLS_CC);
+
+    if (pkey == NULL) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to use supplied private key");
+        RETURN_NULL();
+    }
+
+    if ((spki = NETSCAPE_SPKI_new()) == NULL) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to create new SPKAC");
+        RETURN_NULL();
+    }
+
+    if (challenge) {
+        ASN1_STRING_set(spki->spkac->challenge, challenge, (int)strlen(challenge));
+    }
+
+    if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to embed public key");
+        RETURN_NULL();
+    }
+
+    if (strcmp(algo, "md5")==0){
+        if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_md5())) {
+            php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to sign with md5 algorithm");
+            RETURN_NULL();
+        }
+     } else if(strcmp(algo, "sha1")==0){
+        if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_sha1())) {
+            php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to sign with sha1 algorithm");
+            RETURN_NULL();
+        }
+    } else if(strcmp(algo, "sha256")==0){
+        if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_sha256())) {
+            php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to sign with sha256 algorithm");
+            RETURN_NULL();
+        }
+    } else if (strcmp(algo, "sha512")==0){
+        if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_sha512())) {
+            php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to sign with sha512 algorithm");
+            RETURN_NULL();
+        }
+    }
+
+    spkstr = NETSCAPE_SPKI_b64_encode(spki);
+    if (!spkstr){
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable encode SPKAC");
+        RETURN_NULL();
+    }
+
+    s = emalloc(strlen(spkac) + strlen(spkstr) + 1);
+    sprintf(s, "%s%s", spkac, spkstr);
+
+    if (sizeof(s)<=0) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to allocate memory for SPKAC");
+        RETURN_NULL();
+    }
+
+    if (keyresource == -1 && spki != NULL) {
+        NETSCAPE_SPKI_free(spki);
+    }
+    if (keyresource == -1 && pkey != NULL) {
+        EVP_PKEY_free(pkey);
+    }
+
+    RETURN_STRINGL(s, strlen(s), 1);
 }
 /* }}} */
 
@@ -1404,47 +1409,55 @@ PHP_FUNCTION(openssl_spki_new)
    Verifies spki returns boolean */
 PHP_FUNCTION(openssl_spki_verify)
 {
- int spkstr_len, i, x=0;
- char *spkstr = NULL;
- EVP_PKEY *pkey = NULL;
- NETSCAPE_SPKI *spki = NULL;
+    int spkstr_len, i;
+    char *spkstr = NULL, * spkstr_cleaned;
 
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
-  return;
- }
+    EVP_PKEY *pkey = NULL;
+    NETSCAPE_SPKI *spki = NULL;
 
- if (!spkstr) {
-  goto cleanup;
- }
+    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
+        return;
+    }
 
- char * spkstr_cleaned = malloc(strlen(spkstr));
- openssl_spki_cleanup(spkstr, spkstr_cleaned);
+    if (spkstr == NULL) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to use supplied SPKAC");
+        RETURN_FALSE;
+    }
 
- spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
- if (!spki) {
-  goto cleanup;
- }
+    spkstr_cleaned = emalloc(spkstr_len + 1);
+    openssl_spki_cleanup(spkstr, spkstr_cleaned);
 
- pkey = X509_PUBKEY_get(spki->spkac->pubkey);
- if (pkey == NULL) {
-  goto cleanup;
- }
+    if (strlen(spkstr_cleaned)<=0) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to allocate memory for SPKAC");
+        RETURN_FALSE;
+    }
 
- i = NETSCAPE_SPKI_verify(spki, pkey);
+    spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
+    if (spki == NULL) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to decode supplied SPKAC");
+        RETURN_FALSE;
+    }
+
+    pkey = X509_PUBKEY_get(spki->spkac->pubkey);
+    if (pkey == NULL) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to aquire signed public key");
+        RETURN_FALSE;
+    }
 
- if (i > 0) {
-  x = 1;
- }
- goto cleanup;
+    i = NETSCAPE_SPKI_verify(spki, pkey);
 
-cleanup:
- if (spki) {
-  NETSCAPE_SPKI_free(spki);
- }
- if (pkey) {
-  EVP_PKEY_free(pkey);
- }
- RETURN_BOOL(x);
+    if (spki != NULL) {
+        NETSCAPE_SPKI_free(spki);
+    }
+    if (pkey != NULL) {
+        EVP_PKEY_free(pkey);
+    }
+
+    if (i > 0) {
+        RETURN_TRUE;
+    } else {
+        RETURN_FALSE;
+    }
 }
 /* }}} */
 
@@ -1452,55 +1465,60 @@ PHP_FUNCTION(openssl_spki_verify)
    Exports public key from existing spki to var */
 PHP_FUNCTION(openssl_spki_export)
 {
- int spkstr_len;
- EVP_PKEY *pkey = NULL;
- NETSCAPE_SPKI *spki = NULL;
- BIO *out = BIO_new(BIO_s_mem());
- BUF_MEM *bio_buf;
- char *spkstr;
+    int spkstr_len;
+    char *spkstr, * spkstr_cleaned, * s;
 
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
-  goto cleanup;
- }
+    EVP_PKEY *pkey = NULL;
+    NETSCAPE_SPKI *spki = NULL;
+    BIO *out = BIO_new(BIO_s_mem());
+    BUF_MEM *bio_buf;
 
- if (!spkstr) {
-  goto cleanup;
- }
+    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
+        return;
+    }
 
- char * spkstr_cleaned = malloc(strlen(spkstr));
- openssl_spki_cleanup(spkstr, spkstr_cleaned);
+    if (spkstr == NULL) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to use supplied SPKAC");
+        RETURN_NULL();
+    }
 
- spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
- if (!spki) {
-  goto cleanup;
- }
+    spkstr_cleaned = emalloc(spkstr_len + 1);
+    openssl_spki_cleanup(spkstr, spkstr_cleaned);
 
- pkey = X509_PUBKEY_get(spki->spkac->pubkey);
- if (!pkey) {
-  goto cleanup;
- }
+    spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
+    if (spki == NULL) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to decode supplied SPKAC");
+        RETURN_NULL();
+    }
 
- PEM_write_bio_PUBKEY(out, pkey);
- BIO_get_mem_ptr(out, &bio_buf);
+    pkey = X509_PUBKEY_get(spki->spkac->pubkey);
+    if (pkey == NULL) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to aquire signed public key");
+        RETURN_NULL();
+    }
 
- if ((!bio_buf->data)&&(bio_buf->length<=0)) {
-  goto cleanup;
- }
+    PEM_write_bio_PUBKEY(out, pkey);
+    BIO_get_mem_ptr(out, &bio_buf);
 
- char * s = malloc(bio_buf->length);
- BIO_read(out, s, bio_buf->length);
- RETURN_STRING(s, 1);
+    if ((!bio_buf->data)&&(bio_buf->length<=0)) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to allocate memory for public key");
+        RETURN_NULL();
+    }
 
-cleanup:
- if (spki) {
-  NETSCAPE_SPKI_free(spki);
- }
- if (out) {
-  BIO_free_all(out);
- }
- if (pkey) {
-  EVP_PKEY_free(pkey);
- }
+    s = emalloc(bio_buf->length);
+    BIO_read(out, s, bio_buf->length);
+
+    if (spki != NULL) {
+        NETSCAPE_SPKI_free(spki);
+    }
+    if (out != NULL) {
+        BIO_free_all(out);
+    }
+    if (pkey != NULL) {
+        EVP_PKEY_free(pkey);
+    }
+
+    RETURN_STRINGL(s, strlen(s), 1);
 }
 /* }}} */
 
@@ -1508,32 +1526,30 @@ PHP_FUNCTION(openssl_spki_export)
    Exports spkac challenge from existing spki to var */
 PHP_FUNCTION(openssl_spki_export_challenge)
 {
- int spkstr_len;
- NETSCAPE_SPKI *spki = NULL;
- char *spkstr;
+    int spkstr_len;
+    char *spkstr, * spkstr_cleaned;
 
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
-  goto cleanup;
- }
+    NETSCAPE_SPKI *spki = NULL;
 
- if (!spkstr) {
-  goto cleanup;
- }
+    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
+        return;
+    }
 
- char * spkstr_cleaned = malloc(strlen(spkstr));
- openssl_spki_cleanup(spkstr, spkstr_cleaned);
+    if (spkstr == NULL) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to use supplied SPKAC");
+        RETURN_NULL();
+    }
 
- spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
- if (!spki) {
-  goto cleanup;
- }
+    spkstr_cleaned = emalloc(spkstr_len + 1);
+    openssl_spki_cleanup(spkstr, spkstr_cleaned);
 
- RETURN_STRING(ASN1_STRING_data(spki->spkac->challenge), 1);
+    spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
+    if (spki == NULL) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to allocate memory for public key");
+        RETURN_NULL();
+    }
 
-cleanup:
- if (spki) {
-  NETSCAPE_SPKI_free(spki);
- }
+    RETURN_STRINGL(ASN1_STRING_data(spki->spkac->challenge), strlen(ASN1_STRING_data(spki->spkac->challenge)), 1);
 }
 /* }}} */
 
@@ -1541,46 +1557,44 @@ PHP_FUNCTION(openssl_spki_export_challenge)
    Provides details from existing spki to var */
 PHP_FUNCTION(openssl_spki_details)
 {
- int spkstr_len;
- NETSCAPE_SPKI *spki = NULL;
- BIO *out = BIO_new(BIO_s_mem());
- BUF_MEM *bio_buf;
- zval *zout;
- char *spkstr;
+    int spkstr_len;
+    char *spkstr, * spkstr_cleaned, * s;
 
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
-  return;
- }
- RETVAL_FALSE;
+    NETSCAPE_SPKI *spki = NULL;
+    BIO *out = BIO_new(BIO_s_mem());
+    BUF_MEM *bio_buf;
+    zval *zout;
 
- if (!spkstr) {
-  goto cleanup;
- }
+    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
+        return;
+    }
 
- char * spkstr_cleaned = malloc(strlen(spkstr));
- openssl_spki_cleanup(spkstr, spkstr_cleaned);
+    if (!spkstr) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to use supplied SPKAC");
+        RETURN_NULL();
+    }
 
- spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
- if (!spki) {
-  goto cleanup;
- }
+    spkstr_cleaned = emalloc(spkstr_len + 1);
+    openssl_spki_cleanup(spkstr, spkstr_cleaned);
 
- NETSCAPE_SPKI_print(out, spki);
- BIO_get_mem_ptr(out, &bio_buf);
+    spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
+    if (!spki) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to decode supplied SPKAC");
+        RETURN_NULL();
+    }
 
- if ((!bio_buf->data)&&(bio_buf->length<=0)) {
-  goto cleanup;
- }
+    NETSCAPE_SPKI_print(out, spki);
+    BIO_get_mem_ptr(out, &bio_buf);
 
- char * s = malloc(bio_buf->length);
- BIO_read(out, s, bio_buf->length);
- RETURN_STRING(s, 1);
+    if ((!bio_buf->data)&&(bio_buf->length<=0)) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to obtain details of SPKAC");
+        RETURN_NULL();
+    }
 
-cleanup:
- if (spki) {
-  NETSCAPE_SPKI_free(spki);
- }
- BIO_free_all(out);
+    s = malloc(bio_buf->length);
+    BIO_read(out, s, bio_buf->length);
+
+    RETURN_STRINGL(s, strlen(s), 1);
 }
 /* }}} */
 

From f5798616f31aab652c15d4a2e2e91c2f9fb91174 Mon Sep 17 00:00:00 2001
From: jas- <jason.gerfen@gmail.com>
Date: Mon, 2 Apr 2012 21:12:20 -0600
Subject: [PATCH 5/8] Mon Apr  2 21:12:19 MDT 2012 - Switched details to use
 emalloc

---
 ext/openssl/openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 5a091a35ba657..a985495c199ac 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -1591,7 +1591,7 @@ PHP_FUNCTION(openssl_spki_details)
         RETURN_NULL();
     }
 
-    s = malloc(bio_buf->length);
+    s = emalloc(bio_buf->length);
     BIO_read(out, s, bio_buf->length);
 
     RETURN_STRINGL(s, strlen(s), 1);

From 10fd485ba35be02e7e6fbca8aaa4e769bcc9e6f6 Mon Sep 17 00:00:00 2001
From: jas- <jason.gerfen@gmail.com>
Date: Tue, 3 Apr 2012 06:44:26 -0600
Subject: [PATCH 6/8] Merge branch 'master', remote branch 'origin/master'


From 11959da90791d61ca1c52425e55ab151e55f9311 Mon Sep 17 00:00:00 2001
From: jas- <jason.gerfen@gmail.com>
Date: Tue, 3 Apr 2012 08:21:00 -0600
Subject: [PATCH 7/8] Tue Apr  3 08:21:00 MDT 2012 - Migrated switch case from
 string algorithms to requested algorithm constants (does not contain patch
 specified @ https://bugs.php.net/bug.php?id=61421 due to it being upstream)

---
 ext/openssl/openssl.c | 300 +++++++++++++++++++++---------------------
 1 file changed, 149 insertions(+), 151 deletions(-)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index a985495c199ac..077fe386501c7 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -16,7 +16,7 @@
    |          Wez Furlong <wez@thebrainroom.com>                          |
    |          Sascha Kettler <kettler@gmx.net>                            |
    |          Pierre-Alain Joye <pierre@php.net>                          |
-   |          Marc Delling <delling@silpion.de> (PKCS12 functions)        |		
+   |          Marc Delling <delling@silpion.de> (PKCS12 functions)        |
    +----------------------------------------------------------------------+
  */
 
@@ -535,7 +535,7 @@ inline static int php_openssl_open_base_dir_chk(char *filename TSRMLS_DC)
 	if (php_check_open_basedir(filename TSRMLS_CC)) {
 		return -1;
 	}
-	
+
 	return 0;
 }
 /* }}} */
@@ -594,7 +594,7 @@ static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int s
 	} else {
 		subitem = val;
 	}
-	
+
 	for (i = 0; i < X509_NAME_entry_count(name); i++) {
 		unsigned char *to_add;
 		int to_add_len;
@@ -637,7 +637,7 @@ static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int s
 			last = j;
 		}
 		i = last;
-		
+
 		if (obj_cnt > 1) {
 			add_assoc_zval_ex(subitem, sname, strlen(sname) + 1, subentries);
 		} else {
@@ -737,7 +737,7 @@ static inline int php_openssl_config_check_syntax(const char * section_label, co
 #endif
 {
 	X509V3_CTX ctx;
-	
+
 	X509V3_set_ctx_test(&ctx);
 	X509V3_set_conf_lhash(&ctx, config);
 	if (!X509V3_EXT_add_conf(config, &ctx, (char *)section, NULL)) {
@@ -865,7 +865,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
 	}
 
 
-	
+
 	/* digest alg */
 	if (req->digest_name == NULL) {
 		req->digest_name = CONF_get_string(req->req_config, req->section_name, "default_md");
@@ -887,7 +887,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
 	}
 
 	PHP_SSL_CONFIG_SYNTAX_CHECK(request_extensions_section);
-	
+
 	return SUCCESS;
 }
 /* }}} */
@@ -1050,10 +1050,10 @@ PHP_MINIT_FUNCTION(openssl)
 	/* register a resource id number with OpenSSL so that we can map SSL -> stream structures in
 	 * OpenSSL callbacks */
 	ssl_stream_data_index = SSL_get_ex_new_index(0, "PHP stream index", NULL, NULL, NULL);
-	
+
 	REGISTER_STRING_CONSTANT("OPENSSL_VERSION_TEXT", OPENSSL_VERSION_TEXT, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_VERSION_NUMBER", OPENSSL_VERSION_NUMBER, CONST_CS|CONST_PERSISTENT);
-	
+
 	/* purposes for cert purpose checking */
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_SSL_CLIENT", X509_PURPOSE_SSL_CLIENT, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_SSL_SERVER", X509_PURPOSE_SSL_SERVER, CONST_CS|CONST_PERSISTENT);
@@ -1105,7 +1105,7 @@ PHP_MINIT_FUNCTION(openssl)
 	REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_AES_192_CBC", PHP_OPENSSL_CIPHER_AES_192_CBC, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_AES_256_CBC", PHP_OPENSSL_CIPHER_AES_256_CBC, CONST_CS|CONST_PERSISTENT);
 #endif
- 
+
 	/* Values for key types */
 	REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_RSA", OPENSSL_KEYTYPE_RSA, CONST_CS|CONST_PERSISTENT);
 #ifndef NO_DSA
@@ -1151,7 +1151,7 @@ PHP_MINIT_FUNCTION(openssl)
 
 	php_register_url_stream_wrapper("https", &php_stream_http_wrapper TSRMLS_CC);
 	php_register_url_stream_wrapper("ftps", &php_stream_ftp_wrapper TSRMLS_CC);
-	
+
 	return SUCCESS;
 }
 /* }}} */
@@ -1319,33 +1319,48 @@ PHP_FUNCTION(openssl_x509_export_to_file)
 }
 /* }}} */
 
-/* {{{ proto string openssl_spki_new(mixed zpkey, string challenge [, string algo='sha256'])
+/* {{{ proto string openssl_spki_new(mixed zpkey, string challenge [, mixed method])
    Creates new private key (or uses existing) and creates a new spki cert
    outputting results to var */
 PHP_FUNCTION(openssl_spki_new)
 {
     int challenge_len, algo_len;
-    char * challenge, * spkstr, * algo="sha256", * s;
+    char * challenge, * spkstr, * s;
     long keyresource = -1;
     const char *spkac = "SPKAC=";
+	long algo = OPENSSL_ALGO_MD5;
 
+    zval *method = NULL;
     zval * zpkey = NULL;
     EVP_PKEY * pkey = NULL;
     NETSCAPE_SPKI *spki=NULL;
+    const EVP_MD *mdtype;
 
-    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|s", &zpkey, &challenge, &challenge_len, &algo, &algo_len) == FAILURE) {
+    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|z", &zpkey, &challenge, &challenge_len, &method) == FAILURE) {
         return;
     }
 
     pkey = php_openssl_evp_from_zval(&zpkey, 0, challenge, 1, &keyresource TSRMLS_CC);
 
     if (pkey == NULL) {
-        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to use supplied private key");
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to use supplied private key");
         RETURN_NULL();
     }
 
+	if (Z_TYPE_P(method) == IS_LONG) {
+		if (method != NULL) {
+			algo = Z_LVAL_P(method);
+		}
+		mdtype = php_openssl_get_evp_md_from_algo(algo);
+    }
+
+	if (!mdtype) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature algorithm.");
+		RETURN_NULL();
+	}
+
     if ((spki = NETSCAPE_SPKI_new()) == NULL) {
-        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to create new SPKAC");
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to create new SPKAC");
         RETURN_NULL();
     }
 
@@ -1354,30 +1369,13 @@ PHP_FUNCTION(openssl_spki_new)
     }
 
     if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) {
-        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to embed public key");
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to embed public key");
         RETURN_NULL();
     }
 
-    if (strcmp(algo, "md5")==0){
-        if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_md5())) {
-            php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to sign with md5 algorithm");
-            RETURN_NULL();
-        }
-     } else if(strcmp(algo, "sha1")==0){
-        if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_sha1())) {
-            php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to sign with sha1 algorithm");
-            RETURN_NULL();
-        }
-    } else if(strcmp(algo, "sha256")==0){
-        if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_sha256())) {
-            php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to sign with sha256 algorithm");
-            RETURN_NULL();
-        }
-    } else if (strcmp(algo, "sha512")==0){
-        if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_sha512())) {
-            php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to sign with sha512 algorithm");
-            RETURN_NULL();
-        }
+    if (!NETSCAPE_SPKI_sign(spki, pkey, mdtype)) {
+        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to sign with %l algorithm", method);
+        RETURN_NULL();
     }
 
     spkstr = NETSCAPE_SPKI_b64_encode(spki);
@@ -1670,14 +1668,14 @@ PHP_FUNCTION(openssl_x509_check_private_key)
 	long certresource = -1, keyresource = -1;
 
 	RETVAL_FALSE;
-	
+
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ZZ", &zcert, &zkey) == FAILURE) {
 		return;
 	}
 	cert = php_openssl_x509_from_zval(zcert, 0, &certresource TSRMLS_CC);
 	if (cert == NULL) {
 		RETURN_FALSE;
-	}	
+	}
 	key = php_openssl_evp_from_zval(zkey, 0, "", 1, &keyresource TSRMLS_CC);
 	if (key) {
 		RETVAL_BOOL(X509_check_private_key(cert, key));
@@ -1730,11 +1728,11 @@ PHP_FUNCTION(openssl_x509_parse)
 		snprintf(buf, sizeof(buf), "%08lx", X509_subject_name_hash(cert));
 		add_assoc_string(return_value, "hash", buf, 1);
 	}
-	
+
 	add_assoc_name_entry(return_value, "issuer", 		X509_get_issuer_name(cert), useshortnames TSRMLS_CC);
 	add_assoc_long(return_value, "version", 			X509_get_version(cert));
 
-	add_assoc_string(return_value, "serialNumber", i2s_ASN1_INTEGER(NULL, X509_get_serialNumber(cert)), 1); 
+	add_assoc_string(return_value, "serialNumber", i2s_ASN1_INTEGER(NULL, X509_get_serialNumber(cert)), 1);
 
 	add_assoc_asn1_string(return_value, "validFrom", 	X509_get_notBefore(cert));
 	add_assoc_asn1_string(return_value, "validTo", 		X509_get_notAfter(cert));
@@ -1936,8 +1934,8 @@ PHP_FUNCTION(openssl_x509_checkpurpose)
 	if (certresource == 1 && cert) {
 		X509_free(cert);
 	}
-	if (cainfo) { 
-		X509_STORE_free(cainfo); 
+	if (cainfo) {
+		X509_STORE_free(cainfo);
 	}
 	if (untrustedchain) {
 		sk_X509_pop_free(untrustedchain, X509_free);
@@ -1990,7 +1988,7 @@ static X509_STORE * setup_verify(zval * calist TSRMLS_DC)
 				dir_lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
 				if (dir_lookup == NULL || !X509_LOOKUP_add_dir(dir_lookup, Z_STRVAL_PP(item), X509_FILETYPE_PEM)) {
 					php_error_docref(NULL TSRMLS_CC, E_WARNING, "error loading directory %s", Z_STRVAL_PP(item));
-				} else { 
+				} else {
 					ndirs++;
 				}
 				dir_lookup = NULL;
@@ -2084,11 +2082,11 @@ static STACK_OF(X509) * php_array_to_X509_sk(zval ** zcerts TSRMLS_DC) /* {{{ */
 
 			if (certresource != -1) {
 				cert = X509_dup(cert);
-				
+
 				if (cert == NULL) {
 					goto clean_exit;
 				}
-				
+
 			}
 			sk_X509_push(sk, cert);
 
@@ -2097,7 +2095,7 @@ static STACK_OF(X509) * php_array_to_X509_sk(zval ** zcerts TSRMLS_DC) /* {{{ */
 	} else {
 		/* a single certificate */
 		cert = php_openssl_x509_from_zval(zcerts, 0, &certresource TSRMLS_CC);
-		
+
 		if (cert == NULL) {
 			goto clean_exit;
 		}
@@ -2138,7 +2136,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
 		return;
 
 	RETVAL_FALSE;
-	
+
 	cert = php_openssl_x509_from_zval(zcert, 0, &certresource TSRMLS_CC);
 	if (cert == NULL) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot get cert from parameter 1");
@@ -2174,9 +2172,9 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
 
 	p12 = PKCS12_create(pass, friendly_name, priv_key, cert, ca, 0, 0, 0, 0, 0);
 
-	bio_out = BIO_new_file(filename, "w"); 
+	bio_out = BIO_new_file(filename, "w");
 	if (bio_out) {
-		
+
 		i2d_PKCS12_bio(bio_out, p12);
 
 		RETVAL_TRUE;
@@ -2187,13 +2185,13 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
 	BIO_free(bio_out);
 	PKCS12_free(p12);
 	php_sk_X509_free(ca);
-	
+
 cleanup:
 
 	if (keyresource == -1 && priv_key) {
 		EVP_PKEY_free(priv_key);
 	}
-	if (certresource == -1 && cert) { 
+	if (certresource == -1 && cert) {
 		X509_free(cert);
 	}
 }
@@ -2219,7 +2217,7 @@ PHP_FUNCTION(openssl_pkcs12_export)
 		return;
 
 	RETVAL_FALSE;
-	
+
 	cert = php_openssl_x509_from_zval(&zcert, 0, &certresource TSRMLS_CC);
 	if (cert == NULL) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot get cert from parameter 1");
@@ -2242,7 +2240,7 @@ PHP_FUNCTION(openssl_pkcs12_export)
 	if (args && zend_hash_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts"), (void**)&item) == SUCCESS)
 		ca = php_array_to_X509_sk(item TSRMLS_CC);
 	/* end parse extra config */
-	
+
 	p12 = PKCS12_create(pass, friendly_name, priv_key, cert, ca, 0, 0, 0, 0, 0);
 
 	bio_out = BIO_new(BIO_s_mem());
@@ -2259,13 +2257,13 @@ PHP_FUNCTION(openssl_pkcs12_export)
 	BIO_free(bio_out);
 	PKCS12_free(p12);
 	php_sk_X509_free(ca);
-	
+
 cleanup:
 
 	if (keyresource == -1 && priv_key) {
 		EVP_PKEY_free(priv_key);
 	}
-	if (certresource == -1 && cert) { 
+	if (certresource == -1 && cert) {
 		X509_free(cert);
 	}
 }
@@ -2289,12 +2287,12 @@ PHP_FUNCTION(openssl_pkcs12_read)
 		return;
 
 	RETVAL_FALSE;
-	
+
 	bio_in = BIO_new(BIO_s_mem());
-	
+
 	if(!BIO_write(bio_in, zp12, zp12_len))
 		goto cleanup;
-	
+
 	if(d2i_PKCS12_bio(bio_in, &p12)) {
 		if(PKCS12_parse(p12, pass, &pkey, &cert, &ca)) {
 			BIO * bio_out;
@@ -2324,12 +2322,12 @@ PHP_FUNCTION(openssl_pkcs12_read)
 
 			MAKE_STD_ZVAL(zextracerts);
 			array_init(zextracerts);
-			
+
 			for (i=0;;i++) {
 				zval * zextracert;
 				X509* aCA = sk_X509_pop(ca);
 				if (!aCA) break;
-				
+
 				bio_out = BIO_new(BIO_s_mem());
 				if (PEM_write_bio_X509(bio_out, aCA)) {
 					BUF_MEM *bio_buf;
@@ -2337,7 +2335,7 @@ PHP_FUNCTION(openssl_pkcs12_read)
 					MAKE_STD_ZVAL(zextracert);
 					ZVAL_STRINGL(zextracert, bio_buf->data, bio_buf->length, 1);
 					add_index_zval(zextracerts, i, zextracert);
-					
+
 				}
 				BIO_free(bio_out);
 
@@ -2349,13 +2347,13 @@ PHP_FUNCTION(openssl_pkcs12_read)
 			} else {
 				zval_dtor(zextracerts);
 			}
-			
+
 			RETVAL_TRUE;
-			
+
 			PKCS12_free(p12);
 		}
 	}
-	
+
   cleanup:
 	if (bio_in) {
 		BIO_free(bio_in);
@@ -2363,7 +2361,7 @@ PHP_FUNCTION(openssl_pkcs12_read)
 	if (pkey) {
 		EVP_PKEY_free(pkey);
 	}
-	if (cert) { 
+	if (cert) {
 		X509_free(cert);
 	}
 }
@@ -2382,7 +2380,7 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
 		return FAILURE;
 	}
 	dn_sk = CONF_get_section(req->req_config, dn_sect);
-	if (dn_sk == NULL) { 
+	if (dn_sk == NULL) {
 		return FAILURE;
 	}
 	attr_sect = CONF_get_string(req->req_config, req->section_name, "attributes");
@@ -2402,15 +2400,15 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
 		X509_NAME * subj;
 		HashPosition hpos;
 		zval ** item;
-		
+
 		subj = X509_REQ_get_subject_name(csr);
 		/* apply values from the dn hash */
 		zend_hash_internal_pointer_reset_ex(HASH_OF(dn), &hpos);
 		while(zend_hash_get_current_data_ex(HASH_OF(dn), (void**)&item, &hpos) == SUCCESS) {
-			char * strindex = NULL; 
+			char * strindex = NULL;
 			uint strindexlen = 0;
 			ulong intindex;
-			
+
 			zend_hash_get_current_key_ex(HASH_OF(dn), &strindex, &strindexlen, &intindex, 0, &hpos);
 
 			convert_to_string_ex(item);
@@ -2420,7 +2418,7 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
 
 				nid = OBJ_txt2nid(strindex);
 				if (nid != NID_undef) {
-					if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_UTF8, 
+					if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_UTF8,
 								(unsigned char*)Z_STRVAL_PP(item), -1, -1, 0))
 					{
 						php_error_docref(NULL TSRMLS_CC, E_WARNING,
@@ -2441,10 +2439,10 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
 		for(i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
 			int len;
 			char buffer[200 + 1]; /*200 + \0 !*/
-			
+
 			v = sk_CONF_VALUE_value(dn_sk, i);
 			type = v->name;
-			
+
 			len = strlen(type);
 			if (len < sizeof("_default")) {
 				continue;
@@ -2459,7 +2457,7 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
 			memcpy(buffer, type, len);
 			buffer[len] = '\0';
 			type = buffer;
-		
+
 			/* Skip past any leading X. X: X, etc to allow for multiple
 			 * instances */
 			for (str = type; *str; str++) {
@@ -2540,7 +2538,7 @@ static X509_REQ * php_openssl_csr_from_zval(zval ** val, int makeresource, long
 	X509_REQ * csr = NULL;
 	char * filename = NULL;
 	BIO * in;
-	
+
 	if (resourceval) {
 		*resourceval = -1;
 	}
@@ -2681,13 +2679,13 @@ PHP_FUNCTION(openssl_csr_sign)
 	long csr_resource, certresource = 0, keyresource = -1;
 	int i;
 	struct php_x509_request req;
-	
+
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ZZ!Zl|a!l", &zcsr, &zcert, &zpkey, &num_days, &args, &serial) == FAILURE)
 		return;
 
 	RETVAL_FALSE;
 	PHP_SSL_REQ_INIT(&req);
-	
+
 	csr = php_openssl_csr_from_zval(zcsr, 0, &csr_resource TSRMLS_CC);
 	if (csr == NULL) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot get CSR from parameter 1");
@@ -2709,7 +2707,7 @@ PHP_FUNCTION(openssl_csr_sign)
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "private key does not correspond to signing cert");
 		goto cleanup;
 	}
-	
+
 	if (PHP_SSL_REQ_PARSE(&req, args) == FAILURE) {
 		goto cleanup;
 	}
@@ -2729,9 +2727,9 @@ PHP_FUNCTION(openssl_csr_sign)
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Signature did not match the certificate request");
 		goto cleanup;
 	}
-	
+
 	/* Now we can get on with it */
-	
+
 	new_cert = X509_new();
 	if (new_cert == NULL) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "No memory");
@@ -2742,7 +2740,7 @@ PHP_FUNCTION(openssl_csr_sign)
 		goto cleanup;
 
 	ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial);
-	
+
 	X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr));
 
 	if (cert == NULL) {
@@ -2759,7 +2757,7 @@ PHP_FUNCTION(openssl_csr_sign)
 	}
 	if (req.extensions_section) {
 		X509V3_CTX ctx;
-		
+
 		X509V3_set_ctx(&ctx, cert, new_cert, csr, NULL, 0);
 		X509V3_set_conf_lhash(&ctx, req.req_config);
 		if (!X509V3_EXT_add_conf(req.req_config, &ctx, req.extensions_section, new_cert)) {
@@ -2772,11 +2770,11 @@ PHP_FUNCTION(openssl_csr_sign)
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to sign it");
 		goto cleanup;
 	}
-	
+
 	/* Succeeded; lets return the cert */
 	RETVAL_RESOURCE(zend_list_insert(new_cert, le_x509 TSRMLS_CC));
 	new_cert = NULL;
-	
+
 cleanup:
 
 	if (cert == new_cert) {
@@ -2793,7 +2791,7 @@ PHP_FUNCTION(openssl_csr_sign)
 	if (csr_resource == -1 && csr) {
 		X509_REQ_free(csr);
 	}
-	if (certresource == -1 && cert) { 
+	if (certresource == -1 && cert) {
 		X509_free(cert);
 	}
 	if (new_cert) {
@@ -2812,12 +2810,12 @@ PHP_FUNCTION(openssl_csr_new)
 	X509_REQ * csr = NULL;
 	int we_made_the_key = 1;
 	long key_resource;
-	
+
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "az|a!a!", &dn, &out_pkey, &args, &attribs) == FAILURE) {
 		return;
 	}
 	RETVAL_FALSE;
-	
+
 	PHP_SSL_REQ_INIT(&req);
 
 	if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) {
@@ -2849,10 +2847,10 @@ PHP_FUNCTION(openssl_csr_new)
 						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error loading extension section %s", req.request_extensions_section);
 					} else {
 						RETVAL_TRUE;
-						
+
 						if (X509_REQ_sign(csr, req.priv_key, req.digest)) {
 							RETVAL_RESOURCE(zend_list_insert(csr, le_csr TSRMLS_CC));
-							csr = NULL;			
+							csr = NULL;
 						} else {
 							php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error signing request");
 						}
@@ -2977,14 +2975,14 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char *
 	}
 	if (Z_TYPE_PP(val) == IS_ARRAY) {
 		zval ** zphrase;
-		
+
 		/* get passphrase */
 
 		if (zend_hash_index_find(HASH_OF(*val), 1, (void **)&zphrase) == FAILURE) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "key array must be of the form array(0 => key, 1 => phrase)");
 			return NULL;
 		}
-		
+
 		if (Z_TYPE_PP(zphrase) == IS_STRING) {
 			passphrase = Z_STRVAL_PP(zphrase);
 		} else {
@@ -3009,7 +3007,7 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char *
 		if (!what) {
 			TMP_CLEAN;
 		}
-		if (resourceval) { 
+		if (resourceval) {
 			*resourceval = Z_LVAL_PP(val);
 		}
 		if (type == le_x509) {
@@ -3043,8 +3041,8 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char *
 		}
 	} else {
 		/* force it to be a string and check if it refers to a file */
-		/* passing non string values leaks, object uses toString, it returns NULL 
-		 * See bug38255.phpt 
+		/* passing non string values leaks, object uses toString, it returns NULL
+		 * See bug38255.phpt
 		 */
 		if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) {
 			TMP_CLEAN;
@@ -3118,7 +3116,7 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req
 	char * randfile = NULL;
 	int egdsocket, seeded;
 	EVP_PKEY * return_val = NULL;
-	
+
 	if (req->priv_key_bits < MIN_KEY_LENGTH) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "private key length is too short; it needs to be at least %d bits, not %d",
 				MIN_KEY_LENGTH, req->priv_key_bits);
@@ -3127,7 +3125,7 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req
 
 	randfile = CONF_get_string(req->req_config, req->section_name, "RANDFILE");
 	php_openssl_load_rand_file(randfile, &egdsocket, &seeded TSRMLS_CC);
-	
+
 	if ((req->priv_key = EVP_PKEY_new()) != NULL) {
 		switch(req->priv_key_type) {
 			case OPENSSL_KEYTYPE_RSA:
@@ -3177,13 +3175,13 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req
 	}
 
 	php_openssl_write_rand_file(randfile, egdsocket, seeded);
-	
+
 	if (return_val == NULL) {
 		EVP_PKEY_free(req->priv_key);
 		req->priv_key = NULL;
 		return NULL;
 	}
-	
+
 	return return_val;
 }
 /* }}} */
@@ -3212,7 +3210,7 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey TSRMLS_DC)
 		case EVP_PKEY_DSA4:
 			assert(pkey->pkey.dsa != NULL);
 
-			if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){ 
+			if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){
 				return 0;
 			}
 			break;
@@ -3343,7 +3341,7 @@ PHP_FUNCTION(openssl_pkey_new)
 			}
 			RETURN_FALSE;
 		}
-	} 
+	}
 
 	PHP_SSL_REQ_INIT(&req);
 
@@ -3372,7 +3370,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
 	EVP_PKEY * key;
 	BIO * bio_out = NULL;
 	const EVP_CIPHER * cipher;
-	
+
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zp|s!a!", &zpkey, &filename, &filename_len, &passphrase, &passphrase_len, &args) == FAILURE) {
 		return;
 	}
@@ -3384,11 +3382,11 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot get key from parameter 1");
 		RETURN_FALSE;
 	}
-	
+
 	if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
-	
+
 	PHP_SSL_REQ_INIT(&req);
 
 	if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) {
@@ -3431,7 +3429,7 @@ PHP_FUNCTION(openssl_pkey_export)
 	EVP_PKEY * key;
 	BIO * bio_out = NULL;
 	const EVP_CIPHER * cipher;
-	
+
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zz|s!a!", &zpkey, &out, &passphrase, &passphrase_len, &args) == FAILURE) {
 		return;
 	}
@@ -3443,7 +3441,7 @@ PHP_FUNCTION(openssl_pkey_export)
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot get key from parameter 1");
 		RETURN_FALSE;
 	}
-	
+
 	PHP_SSL_REQ_INIT(&req);
 
 	if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) {
@@ -3563,7 +3561,7 @@ PHP_FUNCTION(openssl_pkey_get_details)
 	array_init(return_value);
 	add_assoc_long(return_value, "bits", EVP_PKEY_bits(pkey));
 	add_assoc_stringl(return_value, "key", pbio, pbio_len, 1);
-	/*TODO: Use the real values once the openssl constants are used 
+	/*TODO: Use the real values once the openssl constants are used
 	 * See the enum at the top of this file
 	 */
 	switch (EVP_PKEY_type(pkey->type)) {
@@ -3587,7 +3585,7 @@ PHP_FUNCTION(openssl_pkey_get_details)
 				add_assoc_zval(return_value, "rsa", rsa);
 			}
 
-			break;	
+			break;
 		case EVP_PKEY_DSA:
 		case EVP_PKEY_DSA2:
 		case EVP_PKEY_DSA3:
@@ -3608,7 +3606,7 @@ PHP_FUNCTION(openssl_pkey_get_details)
 			}
 			break;
 		case EVP_PKEY_DH:
-			
+
 			ktype = OPENSSL_KEYTYPE_DH;
 
 			if (pkey->pkey.dh != NULL) {
@@ -3624,7 +3622,7 @@ PHP_FUNCTION(openssl_pkey_get_details)
 			}
 
 			break;
-#ifdef EVP_PKEY_EC 
+#ifdef EVP_PKEY_EC
 		case EVP_PKEY_EC:
 			ktype = OPENSSL_KEYTYPE_EC;
 			break;
@@ -3658,7 +3656,7 @@ PHP_FUNCTION(openssl_pkcs7_verify)
 	char * extracerts = NULL; int extracerts_len = 0;
 	char * signersfilename = NULL; int signersfilename_len = 0;
 	char * datafilename = NULL; int datafilename_len = 0;
-	
+
 	RETVAL_LONG(-1);
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "pl|papp", &filename, &filename_len,
@@ -3666,7 +3664,7 @@ PHP_FUNCTION(openssl_pkcs7_verify)
 				&extracerts, &extracerts_len, &datafilename, &datafilename_len) == FAILURE) {
 		return;
 	}
-	
+
 	if (extracerts) {
 		others = load_all_certs_from_file(extracerts);
 		if (others == NULL) {
@@ -3718,11 +3716,11 @@ PHP_FUNCTION(openssl_pkcs7_verify)
 
 		if (signersfilename) {
 			BIO *certout;
-		
+
 			if (php_openssl_open_base_dir_chk(signersfilename TSRMLS_CC)) {
 				goto clean_exit;
 			}
-		
+
 			certout = BIO_new_file(signersfilename, "w");
 			if (certout) {
 				int i;
@@ -3771,14 +3769,14 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
 	char * strindex;
 	char * infilename = NULL;	int infilename_len;
 	char * outfilename = NULL;	int outfilename_len;
-	
+
 	RETVAL_FALSE;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ppZa!|ll", &infilename, &infilename_len,
 				&outfilename, &outfilename_len, &zrecipcerts, &zheaders, &flags, &cipherid) == FAILURE)
 		return;
 
-	
+
 	if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) {
 		return;
 	}
@@ -3789,7 +3787,7 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
 	}
 
 	outfile = BIO_new_file(outfilename, "w");
-	if (outfile == NULL) { 
+	if (outfile == NULL) {
 		goto clean_exit;
 	}
 
@@ -3916,12 +3914,12 @@ PHP_FUNCTION(openssl_pkcs7_sign)
 				&extracertsfilename_len) == FAILURE) {
 		return;
 	}
-	
+
 	RETVAL_FALSE;
 
 	if (extracertsfilename) {
 		others = load_all_certs_from_file(extracertsfilename);
-		if (others == NULL) { 
+		if (others == NULL) {
 			goto clean_exit;
 		}
 	}
@@ -4032,7 +4030,7 @@ PHP_FUNCTION(openssl_pkcs7_decrypt)
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to get private key");
 		goto clean_exit;
 	}
-	
+
 	if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) {
 		goto clean_exit;
 	}
@@ -4051,7 +4049,7 @@ PHP_FUNCTION(openssl_pkcs7_decrypt)
 	if (p7 == NULL) {
 		goto clean_exit;
 	}
-	if (PKCS7_decrypt(p7, key, cert, out, PKCS7_DETACHED)) { 
+	if (PKCS7_decrypt(p7, key, cert, out, PKCS7_DETACHED)) {
 		RETVAL_TRUE;
 	}
 clean_exit:
@@ -4084,7 +4082,7 @@ PHP_FUNCTION(openssl_private_encrypt)
 	int data_len;
 	long padding = RSA_PKCS1_PADDING;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szZ|l", &data, &data_len, &crypted, &key, &padding) == FAILURE) { 
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szZ|l", &data, &data_len, &crypted, &key, &padding) == FAILURE) {
 		return;
 	}
 	RETVAL_FALSE;
@@ -4102,10 +4100,10 @@ PHP_FUNCTION(openssl_private_encrypt)
 	switch (pkey->type) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
-			successful =  (RSA_private_encrypt(data_len, 
-						(unsigned char *)data, 
-						cryptedbuf, 
-						pkey->pkey.rsa, 
+			successful =  (RSA_private_encrypt(data_len,
+						(unsigned char *)data,
+						cryptedbuf,
+						pkey->pkey.rsa,
 						padding) == cryptedlen);
 			break;
 		default:
@@ -4122,7 +4120,7 @@ PHP_FUNCTION(openssl_private_encrypt)
 	if (cryptedbuf) {
 		efree(cryptedbuf);
 	}
-	if (keyresource == -1) { 
+	if (keyresource == -1) {
 		EVP_PKEY_free(pkey);
 	}
 }
@@ -4160,10 +4158,10 @@ PHP_FUNCTION(openssl_private_decrypt)
 	switch (pkey->type) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
-			cryptedlen = RSA_private_decrypt(data_len, 
-					(unsigned char *)data, 
-					crypttemp, 
-					pkey->pkey.rsa, 
+			cryptedlen = RSA_private_decrypt(data_len,
+					(unsigned char *)data,
+					crypttemp,
+					pkey->pkey.rsa,
 					padding);
 			if (cryptedlen != -1) {
 				cryptedbuf = emalloc(cryptedlen + 1);
@@ -4188,7 +4186,7 @@ PHP_FUNCTION(openssl_private_decrypt)
 	if (keyresource == -1) {
 		EVP_PKEY_free(pkey);
 	}
-	if (cryptedbuf) { 
+	if (cryptedbuf) {
 		efree(cryptedbuf);
 	}
 }
@@ -4212,7 +4210,7 @@ PHP_FUNCTION(openssl_public_encrypt)
 		return;
 
 	RETVAL_FALSE;
-	
+
 	pkey = php_openssl_evp_from_zval(key, 1, NULL, 0, &keyresource TSRMLS_CC);
 	if (pkey == NULL) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "key parameter is not a valid public key");
@@ -4225,10 +4223,10 @@ PHP_FUNCTION(openssl_public_encrypt)
 	switch (pkey->type) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
-			successful = (RSA_public_encrypt(data_len, 
-						(unsigned char *)data, 
-						cryptedbuf, 
-						pkey->pkey.rsa, 
+			successful = (RSA_public_encrypt(data_len,
+						(unsigned char *)data,
+						cryptedbuf,
+						pkey->pkey.rsa,
 						padding) == cryptedlen);
 			break;
 		default:
@@ -4271,7 +4269,7 @@ PHP_FUNCTION(openssl_public_decrypt)
 		return;
 	}
 	RETVAL_FALSE;
-	
+
 	pkey = php_openssl_evp_from_zval(key, 1, NULL, 0, &keyresource TSRMLS_CC);
 	if (pkey == NULL) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "key parameter is not a valid public key");
@@ -4284,10 +4282,10 @@ PHP_FUNCTION(openssl_public_decrypt)
 	switch (pkey->type) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
-			cryptedlen = RSA_public_decrypt(data_len, 
-					(unsigned char *)data, 
-					crypttemp, 
-					pkey->pkey.rsa, 
+			cryptedlen = RSA_public_decrypt(data_len,
+					(unsigned char *)data,
+					crypttemp,
+					pkey->pkey.rsa,
 					padding);
 			if (cryptedlen != -1) {
 				cryptedbuf = emalloc(cryptedlen + 1);
@@ -4295,10 +4293,10 @@ PHP_FUNCTION(openssl_public_decrypt)
 				successful = 1;
 			}
 			break;
-			
+
 		default:
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "key type not supported in this PHP build!");
-		 
+
 	}
 
 	efree(crypttemp);
@@ -4416,7 +4414,7 @@ PHP_FUNCTION(openssl_verify)
 	char * signature;	int signature_len;
 	zval *method = NULL;
 	long signature_algo = OPENSSL_ALGO_SHA1;
-	
+
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZ|z", &data, &data_len, &signature, &signature_len, &key, &method) == FAILURE) {
 		return;
 	}
@@ -4475,7 +4473,7 @@ PHP_FUNCTION(openssl_seal)
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/|s", &data, &data_len, &sealdata, &ekeys, &pubkeys, &method, &method_len) == FAILURE) {
 		return;
 	}
-	
+
 	pubkeysht = HASH_OF(pubkeys);
 	nkeys = pubkeysht ? zend_hash_num_elements(pubkeysht) : 0;
 	if (!nkeys) {
@@ -4570,7 +4568,7 @@ PHP_FUNCTION(openssl_seal)
 		if (key_resources[i] == -1) {
 			EVP_PKEY_free(pkeys[i]);
 		}
-		if (eks[i]) { 
+		if (eks[i]) {
 			efree(eks[i]);
 		}
 	}
@@ -4616,13 +4614,13 @@ PHP_FUNCTION(openssl_open)
 	} else {
 		cipher = EVP_rc4();
 	}
-	
+
 	buf = emalloc(data_len + 1);
 
 	if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
 		if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) {
 			efree(buf);
-			if (keyresource == -1) { 
+			if (keyresource == -1) {
 				EVP_PKEY_free(pkey);
 			}
 			RETURN_FALSE;
@@ -4859,7 +4857,7 @@ SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC) /* {{{
 				if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
 					php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff);
 					return NULL;
-				}		
+				}
 			}
 
 			tmpssl = SSL_new(ctx);
@@ -4916,7 +4914,7 @@ PHP_FUNCTION(openssl_get_md_methods)
 	}
 	array_init(return_value);
 	OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,
-		aliases ? openssl_add_method_or_alias: openssl_add_method, 
+		aliases ? openssl_add_method_or_alias: openssl_add_method,
 		return_value);
 }
 /* }}} */
@@ -4932,7 +4930,7 @@ PHP_FUNCTION(openssl_get_cipher_methods)
 	}
 	array_init(return_value);
 	OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
-		aliases ? openssl_add_method_or_alias: openssl_add_method, 
+		aliases ? openssl_add_method_or_alias: openssl_add_method,
 		return_value);
 }
 /* }}} */

From e1952a3c14824e91da4ad87ccb51ae7aa7b5aa37 Mon Sep 17 00:00:00 2001
From: jas- <jason.gerfen@gmail.com>
Date: Tue, 3 Apr 2012 09:22:03 -0600
Subject: [PATCH 8/8] Tue Apr  3 09:22:02 MDT 2012 - Migrated switch case from
 string algorithms to requested algorithm constants (does not contain patch
 specified @ https://bugs.php.net/bug.php?id=61421 due to it being upstream)

---
 ext/openssl/openssl.c | 52 +------------------------------------------
 1 file changed, 1 insertion(+), 51 deletions(-)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 077fe386501c7..8e33bd87cac90 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -393,10 +393,6 @@ ZEND_END_ARG_INFO()
 ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_export_challenge, 0)
     ZEND_ARG_INFO(0, spki)
 ZEND_END_ARG_INFO()
-
-ZEND_BEGIN_ARG_INFO(arginfo_openssl_spki_details, 0)
-    ZEND_ARG_INFO(0, spki)
-ZEND_END_ARG_INFO()
 /* }}} */
 
 /* {{{ openssl_functions[]
@@ -406,8 +402,7 @@ const zend_function_entry openssl_functions[] = {
 	PHP_FE(openssl_spki_new, arginfo_openssl_spki_new)
 	PHP_FE(openssl_spki_verify, arginfo_openssl_spki_verify)
 	PHP_FE(openssl_spki_export, arginfo_openssl_spki_export)
- PHP_FE(openssl_spki_export_challenge, arginfo_openssl_spki_export_challenge)
- PHP_FE(openssl_spki_details,	arginfo_openssl_spki_details)
+	PHP_FE(openssl_spki_export_challenge, arginfo_openssl_spki_export_challenge)
 
 /* public/private key functions */
 	PHP_FE(openssl_pkey_free,			arginfo_openssl_pkey_free)
@@ -1551,51 +1546,6 @@ PHP_FUNCTION(openssl_spki_export_challenge)
 }
 /* }}} */
 
-/* {{{ proto string openssl_spki_details(string spki)
-   Provides details from existing spki to var */
-PHP_FUNCTION(openssl_spki_details)
-{
-    int spkstr_len;
-    char *spkstr, * spkstr_cleaned, * s;
-
-    NETSCAPE_SPKI *spki = NULL;
-    BIO *out = BIO_new(BIO_s_mem());
-    BUF_MEM *bio_buf;
-    zval *zout;
-
-    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &spkstr, &spkstr_len) == FAILURE) {
-        return;
-    }
-
-    if (!spkstr) {
-        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to use supplied SPKAC");
-        RETURN_NULL();
-    }
-
-    spkstr_cleaned = emalloc(spkstr_len + 1);
-    openssl_spki_cleanup(spkstr, spkstr_cleaned);
-
-    spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned));
-    if (!spki) {
-        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to decode supplied SPKAC");
-        RETURN_NULL();
-    }
-
-    NETSCAPE_SPKI_print(out, spki);
-    BIO_get_mem_ptr(out, &bio_buf);
-
-    if ((!bio_buf->data)&&(bio_buf->length<=0)) {
-        php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to obtain details of SPKAC");
-        RETURN_NULL();
-    }
-
-    s = emalloc(bio_buf->length);
-    BIO_read(out, s, bio_buf->length);
-
-    RETURN_STRINGL(s, strlen(s), 1);
-}
-/* }}} */
-
 /* {{{ proto int openssl_spki_cleanup(const char *src, char *results)
   This will help remove new line chars in the SPKAC sent from the
   browser */