Address comments on pull request

Author: StephenWall

ext/openssl/openssl.c

@@ -1998,7 +1998,7 @@ PHP_FUNCTION(openssl_csr_get_public_key)
 }
 /* }}} */
 
-/* {{{ Returns an array of the fields/values of the Certificate Request */
+/* Returns an array of the fields/values of the Certificate Request */
 PHP_FUNCTION(openssl_csr_parse)
 {
 	X509_REQ * csr = NULL;
@@ -2007,6 +2007,8 @@ PHP_FUNCTION(openssl_csr_parse)
 	int i, sig_nid;
 	bool useshortnames = 1;
 	zval subitem;
+	zval critext;
+	int critcount = 0;
 	X509_EXTENSION *extension;
 	X509_NAME *subject_name;
 	char *csr_name;
@@ -2015,8 +2017,6 @@ PHP_FUNCTION(openssl_csr_parse)
 	BUF_MEM *bio_buf;
 	char buf[256];
 	STACK_OF(X509_EXTENSION) *exts = NULL;
-	char *crit_name = NULL;
-	int crit_len = 0;
 
 	ZEND_PARSE_PARAMETERS_START(1, 2)
 		Z_PARAM_OBJ_OF_CLASS_OR_STR(csr_obj, php_openssl_request_ce, csr_str)
@@ -2026,7 +2026,7 @@ PHP_FUNCTION(openssl_csr_parse)
 
 	csr = php_openssl_csr_from_param(csr_obj, csr_str, 1);
 	if (csr == NULL) {
-		// TODO Add Warning?
+		php_error_docref(NULL, E_WARNING, "First parameter must be a valid CSR");
 		RETURN_FALSE;
 	}
 	array_init(return_value);
@@ -2054,11 +2054,13 @@ PHP_FUNCTION(openssl_csr_parse)
 	add_assoc_long(return_value, "signatureTypeNID", sig_nid);
 
 	array_init(&subitem);
+	array_init(&critext);
+
 	int attrcnt = X509_REQ_get_attr_count(csr);
 	if (attrcnt > 0) {
+		const char unknown[] = "Unknown";
 		for (i = 0; i < attrcnt; i++) {
 			X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr,i);
-			char unknown[] = "Unknown";
 			if (attr) {
 				char objbuf[80];
 				/* Adapted from openssl's "req" app */
@@ -2112,25 +2114,17 @@ PHP_FUNCTION(openssl_csr_parse)
 			extension = sk_X509_EXTENSION_value(exts, i);
 			nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
 			if (nid != NID_undef) {
-				extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
+				extname = (char *)OBJ_nid2sn(nid);
 			} else {
-				OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1);
+				if (OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1) < 0) {
+					php_openssl_store_errors();
+					goto err_subitem;
+				}
 				extname = buf;
 			}
 			if (X509_EXTENSION_get_critical(extension)) {
-				int new_len = strlen(extname) + 10;
-				if (new_len > crit_len) {
-					if (crit_name) {
-						efree(crit_name);
-					}
-					crit_len = new_len;
-					crit_name = emalloc(crit_len);
-				}
-				if (crit_name) {
-					strcpy(crit_name, extname);
-					strcat(crit_name, ":critical");
-					add_assoc_bool(&subitem, crit_name, 1);
-				}
+				add_next_index_string(&critext, extname);
+				critcount++;
 			}
 			bio_out = BIO_new(BIO_s_mem());
 			if (bio_out == NULL) {
@@ -2155,8 +2149,10 @@ PHP_FUNCTION(openssl_csr_parse)
 			BIO_free(bio_out);
 		}
 		add_assoc_zval(return_value, "extensions", &subitem);
-		if (crit_name) {
-			efree(crit_name);
+		if (critcount > 0) {
+			add_assoc_zval(return_value, "criticalExtensions", &critext);
+		} else {
+			zval_ptr_dtor(&critext);
 		}
 		sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
 		exts = NULL;
@@ -2168,9 +2164,7 @@ PHP_FUNCTION(openssl_csr_parse)
 
 err_subitem:
 	zval_ptr_dtor(&subitem);
-	if (crit_name) {
-		efree(crit_name);
-	}
+	zval_ptr_dtor(&critext);
 	zend_array_destroy(Z_ARR_P(return_value));
 	if (csr) {
 		X509_REQ_free(csr);
@@ -2180,7 +2174,6 @@ PHP_FUNCTION(openssl_csr_parse)
 	}
 	RETURN_FALSE;
 }
-/* }}} */
 
 /* }}} */
 

ext/openssl/tests/openssl_csr_parse_basic.phpt

@@ -11,7 +11,7 @@ var_dump($parsedCSR === openssl_csr_parse(file_get_contents($csr)));
 var_dump($parsedCSR);
 var_dump(openssl_csr_parse($csr, false));
 ?>
---EXPECTF--
+--EXPECT--
 bool(true)
 array(9) {
   ["name"]=>

ext/openssl/tests/parse.csr

@@ -1,59 +1,3 @@
-Certificate Request:
-    Data:
-        Version: 1 (0x0)
-        Subject: C = UK, ST = England, L = London, CN = test.php.net, emailAddress = test.php@php.net
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (2048 bit)
-                Modulus:
-                    00:ad:b5:26:55:6d:58:fa:b2:73:65:10:b7:0d:80:
-                    74:91:d2:20:be:4e:cc:01:d6:b2:ef:cc:9b:18:f3:
-                    c3:85:59:5b:01:be:02:8d:66:da:3e:ce:27:c9:40:
-                    93:12:df:4a:54:6d:07:ee:95:c7:c4:36:d6:4a:c0:
-                    b6:f7:be:33:76:fa:a5:3f:42:f6:a2:9d:7f:33:64:
-                    ad:79:37:06:08:13:9d:c0:61:f6:8c:e4:55:01:92:
-                    fc:fd:66:d3:39:ff:48:a4:a0:0c:ef:ba:0d:d7:8b:
-                    1c:b3:23:a5:40:12:6a:86:1f:b1:ac:b8:3c:92:c0:
-                    76:74:ea:2c:e7:8c:83:aa:8d:13:ab:b4:79:b6:57:
-                    55:f9:a9:4a:65:75:a5:26:7a:91:09:f1:6e:c6:fa:
-                    ad:7d:62:39:9c:64:c0:79:d5:59:86:f8:d0:7c:b4:
-                    10:82:e8:df:5c:7a:05:5a:81:9b:5e:7d:9b:bb:37:
-                    f0:28:62:44:7a:a5:8f:6d:03:99:17:f1:5e:38:93:
-                    e5:80:e0:61:84:36:f7:04:01:4d:54:2b:4c:de:4e:
-                    f5:45:b9:63:e7:8a:4d:77:7c:af:ab:5e:76:c6:c8:
-                    05:77:4a:37:b3:5e:5f:b9:2c:19:81:ea:d4:8d:e1:
-                    2e:c3:fc:13:2b:d9:3b:bf:2a:7e:32:b2:10:1d:09:
-                    8f:75
-                Exponent: 65537 (0x10001)
-        Attributes:
-            streetAddress            :
-            facsimileTelephoneNumber :
-            postalCode               :N11
-            telephoneNumber          :012345678
-            name                     :Organisation
-            1.3.6.1.4.1.11278.1150.2.1:11112222
-            1.3.6.1.4.1.11278.1150.2.2:12345678
-            emailAddress             :info@example.com
-            Requested Extensions:
-                X509v3 Basic Constraints: 
-                    CA:FALSE
-    Signature Algorithm: sha256WithRSAEncryption
-    Signature Value:
-        0a:0f:23:fb:16:63:44:0a:3c:c1:01:b9:1a:7a:30:77:2f:5a:
-        04:84:c7:09:24:41:f4:49:41:99:58:75:ea:6e:e9:3c:34:89:
-        9c:18:45:33:91:e2:c1:27:57:3f:79:aa:ca:d6:a8:7a:7a:42:
-        45:f1:74:51:bd:14:f1:e2:e0:de:ba:39:7d:97:6f:94:ed:1e:
-        00:c6:33:1a:c9:4f:06:c7:fb:b5:5d:b0:98:97:2e:45:9b:78:
-        bb:a8:cc:ab:fc:06:ca:e1:2d:16:22:66:49:7e:55:62:2b:37:
-        23:9c:2b:b6:a8:da:c0:fe:0f:76:24:08:10:38:24:ae:0e:16:
-        17:e1:c5:8e:37:0f:6b:26:7b:b6:84:41:58:eb:4b:e5:2f:12:
-        3b:88:00:b3:74:00:fe:a0:3b:60:0c:89:43:83:3c:1a:e3:b0:
-        f2:37:36:93:78:d1:55:2f:55:4f:87:b2:9d:53:96:ab:ed:87:
-        f0:18:01:2b:86:4f:6c:ad:33:96:1d:71:29:bb:27:06:86:03:
-        02:20:3a:ff:17:3d:44:06:7a:6e:76:c8:c1:2f:cf:24:91:0b:
-        86:72:4d:d7:5f:89:90:24:79:32:e6:6e:1f:92:31:56:c7:5d:
-        73:a4:51:e1:33:f9:fb:e6:43:82:fe:b1:cd:d1:13:cb:be:33:
-        c8:37:d4:b3
 -----BEGIN CERTIFICATE REQUEST-----
 MIIDcDCCAlgCAQAwaDELMAkGA1UEBhMCVUsxEDAOBgNVBAgMB0VuZ2xhbmQxDzAN
 BgNVBAcMBkxvbmRvbjEVMBMGA1UEAwwMdGVzdC5waHAubmV0MR8wHQYJKoZIhvcN