From 74500c1b6fe1a75ef8a1b98e34134529e08619dd Mon Sep 17 00:00:00 2001 From: Steve Wall Date: Thu, 2 Oct 2025 10:25:40 -0400 Subject: [PATCH 1/8] Function to look up Object IDs Create a function to lookup and return an OID, short name, and long name, given a string containing any one of those, for all OIDs known to OpenSSL. --- ext/openssl/openssl.c | 80 +++++++++++++++++++ ext/openssl/openssl.stub.php | 2 + ext/openssl/openssl_arginfo.h | 8 +- .../tests/openssl_oid_lookup_basic.phpt | 31 +++++++ 4 files changed, 120 insertions(+), 1 deletion(-) create mode 100644 ext/openssl/tests/openssl_oid_lookup_basic.phpt diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 2c09b89e31200..d1ef7833355be 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4588,3 +4588,83 @@ PHP_FUNCTION(openssl_random_pseudo_bytes) } } /* }}} */ + +/* {{{ Given an Object ID, or object short or long name, return an associative + array containing any known OID, short name, and long name, or false if the + object is not known. + + Example: + + var_dump( openssl_oid_lookup( "CN" ) ); + var_dump( openssl_oid_lookup( "unstructuredAddress" ) ); + var_dump( openssl_oid_lookup( "1.2.3.4.5" ) ); + var_dump( openssl_oid_lookup( "junk" ) ); + + Produces; + + array(3) { + ["oid"]=> + string(7) "2.5.4.3" + ["lname"]=> + string(10) "commonName" + ["sname"]=> + string(2) "CN" + } + + array(2) { + ["oid"]=> + string(20) "1.2.840.113549.1.9.8" + ["lname"]=> + string(19) "unstructuredAddress" + } + + array(1) { + ["oid"]=> + string(9) "1.2.3.4.5" + } + + bool(false) + +*/ +PHP_FUNCTION(openssl_oid_lookup) +{ + zend_string * txt; + ASN1_OBJECT *obj; + char buf[1024]; + int nid; + + if (zend_parse_parameters(ZEND_NUM_ARGS(), "S", &txt) == FAILURE) { + return; + } + + obj = OBJ_txt2obj(ZSTR_VAL(txt), 0); + if (obj == NULL) { + RETURN_FALSE; + } + + OBJ_obj2txt(buf, sizeof(buf)-1, obj, 1); + if (*buf == '\0') { + RETURN_FALSE; + } + + array_init(return_value); + add_assoc_string(return_value, "oid", buf); + + if ((nid = OBJ_obj2nid(obj)) != NID_undef) { + const char *l; + const char *s; + + l = OBJ_nid2ln(nid); + if (l != NULL) { + add_assoc_string(return_value, "lname", (char *) l); + } + + s = OBJ_nid2sn(nid); + if (s != NULL && (l == NULL || strcmp(s,l) != 0)) { + add_assoc_string(return_value, "sname", (char *) s); + } + } + + ASN1_OBJECT_free(obj); +} +/* }}} */ diff --git a/ext/openssl/openssl.stub.php b/ext/openssl/openssl.stub.php index 94902a4acf0da..7108ebee32c4d 100644 --- a/ext/openssl/openssl.stub.php +++ b/ext/openssl/openssl.stub.php @@ -699,3 +699,5 @@ function openssl_get_cert_locations(): array {} function openssl_password_hash(string $algo, #[\SensitiveParameter] string $password, array $options = []): string {} function openssl_password_verify(string $algo, #[\SensitiveParameter] string $password, string $hash): bool {} #endif + +function openssl_oid_lookup(string $txt): array {} diff --git a/ext/openssl/openssl_arginfo.h b/ext/openssl/openssl_arginfo.h index 796582c185bb6..4a1a3fb252ba0 100644 --- a/ext/openssl/openssl_arginfo.h +++ b/ext/openssl/openssl_arginfo.h @@ -1,5 +1,5 @@ /* This is a generated file, edit the .stub.php file instead. - * Stub hash: 8233a8abc8ab7145d905d0fa51478edfe1e55a06 */ + * Stub hash: 583252193c30d50f6e45905c70a04ced84ff97d9 */ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_openssl_x509_export_to_file, 0, 2, _IS_BOOL, 0) ZEND_ARG_OBJ_TYPE_MASK(0, certificate, OpenSSLCertificate, MAY_BE_STRING, NULL) @@ -406,6 +406,10 @@ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_openssl_password_verify, 0, 3, _ ZEND_END_ARG_INFO() #endif +ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_openssl_oid_lookup, 0, 1, IS_ARRAY, 0) + ZEND_ARG_TYPE_INFO(0, txt, IS_STRING, 0) +ZEND_END_ARG_INFO() + ZEND_FUNCTION(openssl_x509_export_to_file); ZEND_FUNCTION(openssl_x509_export); ZEND_FUNCTION(openssl_x509_fingerprint); @@ -473,6 +477,7 @@ ZEND_FUNCTION(openssl_get_cert_locations); ZEND_FUNCTION(openssl_password_hash); ZEND_FUNCTION(openssl_password_verify); #endif +ZEND_FUNCTION(openssl_oid_lookup); static const zend_function_entry ext_functions[] = { ZEND_FE(openssl_x509_export_to_file, arginfo_openssl_x509_export_to_file) @@ -545,6 +550,7 @@ static const zend_function_entry ext_functions[] = { ZEND_FE(openssl_password_hash, arginfo_openssl_password_hash) ZEND_FE(openssl_password_verify, arginfo_openssl_password_verify) #endif + ZEND_FE(openssl_oid_lookup, arginfo_openssl_oid_lookup) ZEND_FE_END }; diff --git a/ext/openssl/tests/openssl_oid_lookup_basic.phpt b/ext/openssl/tests/openssl_oid_lookup_basic.phpt new file mode 100644 index 0000000000000..c3bc48e3761d6 --- /dev/null +++ b/ext/openssl/tests/openssl_oid_lookup_basic.phpt @@ -0,0 +1,31 @@ +--TEST-- +openssl_csr_new() attributes setting tests +--EXTENSIONS-- +openssl +--FILE-- + +--EXPECTF-- +array(3) { + ["oid"]=> + string(7) "2.5.4.3" + ["lname"]=> + string(10) "commonName" + ["sname"]=> + string(2) "CN" +} +array(2) { + ["oid"]=> + string(20) "1.2.840.113549.1.9.8" + ["lname"]=> + string(19) "unstructuredAddress" +} +array(1) { + ["oid"]=> + string(9) "1.2.3.4.5" +} +bool(false) From 22ad590e6b03402d2fbcc3dca532730806a36221 Mon Sep 17 00:00:00 2001 From: Steve Wall Date: Sun, 2 Nov 2025 21:01:47 -0500 Subject: [PATCH 2/8] Fix return type in stub --- ext/openssl/openssl.stub.php | 6 +++++- ext/openssl/openssl_arginfo.h | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ext/openssl/openssl.stub.php b/ext/openssl/openssl.stub.php index 7108ebee32c4d..a6e22968eceb7 100644 --- a/ext/openssl/openssl.stub.php +++ b/ext/openssl/openssl.stub.php @@ -700,4 +700,8 @@ function openssl_password_hash(string $algo, #[\SensitiveParameter] string $pass function openssl_password_verify(string $algo, #[\SensitiveParameter] string $password, string $hash): bool {} #endif -function openssl_oid_lookup(string $txt): array {} +/** + * @return array|false + * @refcount 1 + */ +function openssl_oid_lookup(string $txt): array|false {} diff --git a/ext/openssl/openssl_arginfo.h b/ext/openssl/openssl_arginfo.h index 4a1a3fb252ba0..a99bc2cc171e8 100644 --- a/ext/openssl/openssl_arginfo.h +++ b/ext/openssl/openssl_arginfo.h @@ -1,5 +1,5 @@ /* This is a generated file, edit the .stub.php file instead. - * Stub hash: 583252193c30d50f6e45905c70a04ced84ff97d9 */ + * Stub hash: 2288e86f8604335de4876d464b97b8ba52da30d5 */ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_openssl_x509_export_to_file, 0, 2, _IS_BOOL, 0) ZEND_ARG_OBJ_TYPE_MASK(0, certificate, OpenSSLCertificate, MAY_BE_STRING, NULL) @@ -406,7 +406,7 @@ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_openssl_password_verify, 0, 3, _ ZEND_END_ARG_INFO() #endif -ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_openssl_oid_lookup, 0, 1, IS_ARRAY, 0) +ZEND_BEGIN_ARG_WITH_RETURN_TYPE_MASK_EX(arginfo_openssl_oid_lookup, 0, 1, MAY_BE_ARRAY|MAY_BE_FALSE) ZEND_ARG_TYPE_INFO(0, txt, IS_STRING, 0) ZEND_END_ARG_INFO() From c77ba23e0319ba256fa35476fa74be5f4181d7df Mon Sep 17 00:00:00 2001 From: Steve Wall Date: Mon, 3 Nov 2025 10:40:29 -0500 Subject: [PATCH 3/8] update optimizer info --- Zend/Optimizer/zend_func_infos.h | 1 + 1 file changed, 1 insertion(+) diff --git a/Zend/Optimizer/zend_func_infos.h b/Zend/Optimizer/zend_func_infos.h index b7b118c710c53..c745ff864af91 100644 --- a/Zend/Optimizer/zend_func_infos.h +++ b/Zend/Optimizer/zend_func_infos.h @@ -297,6 +297,7 @@ static const func_info_t func_infos[] = { F1("openssl_get_curve_names", MAY_BE_ARRAY|MAY_BE_ARRAY_KEY_LONG|MAY_BE_ARRAY_OF_STRING|MAY_BE_FALSE), #endif F1("openssl_get_cert_locations", MAY_BE_ARRAY|MAY_BE_ARRAY_KEY_STRING|MAY_BE_ARRAY_OF_STRING), + F1("openssl_oid_lookup", MAY_BE_ARRAY|MAY_BE_ARRAY_KEY_STRING|MAY_BE_ARRAY_OF_STRING|MAY_BE_FALSE), FN("pcntl_signal_get_handler", MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_ARRAY_KEY_LONG|MAY_BE_ARRAY_OF_STRING|MAY_BE_ARRAY_OF_OBJECT|MAY_BE_OBJECT|MAY_BE_LONG), FN("preg_replace", MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_ARRAY_KEY_LONG|MAY_BE_ARRAY_KEY_STRING|MAY_BE_ARRAY_OF_STRING|MAY_BE_NULL), FN("preg_filter", MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_ARRAY_KEY_LONG|MAY_BE_ARRAY_KEY_STRING|MAY_BE_ARRAY_OF_STRING|MAY_BE_NULL), From 01c95c72cce7d04706fbac766abb681833ea5814 Mon Sep 17 00:00:00 2001 From: Steve Wall Date: Wed, 10 Dec 2025 09:28:36 -0500 Subject: [PATCH 4/8] Remove example from comments --- ext/openssl/openssl.c | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index d1ef7833355be..3207b91105088 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4592,39 +4592,6 @@ PHP_FUNCTION(openssl_random_pseudo_bytes) /* {{{ Given an Object ID, or object short or long name, return an associative array containing any known OID, short name, and long name, or false if the object is not known. - - Example: - - var_dump( openssl_oid_lookup( "CN" ) ); - var_dump( openssl_oid_lookup( "unstructuredAddress" ) ); - var_dump( openssl_oid_lookup( "1.2.3.4.5" ) ); - var_dump( openssl_oid_lookup( "junk" ) ); - - Produces; - - array(3) { - ["oid"]=> - string(7) "2.5.4.3" - ["lname"]=> - string(10) "commonName" - ["sname"]=> - string(2) "CN" - } - - array(2) { - ["oid"]=> - string(20) "1.2.840.113549.1.9.8" - ["lname"]=> - string(19) "unstructuredAddress" - } - - array(1) { - ["oid"]=> - string(9) "1.2.3.4.5" - } - - bool(false) - */ PHP_FUNCTION(openssl_oid_lookup) { From 1bb224884578b84004f60b07c1f052a9caad1e94 Mon Sep 17 00:00:00 2001 From: Steve Wall Date: Tue, 13 Jan 2026 16:38:11 -0500 Subject: [PATCH 5/8] Address feedback on pull request --- ext/openssl/openssl.c | 26 +++++++++++-------- .../tests/openssl_oid_lookup_basic.phpt | 2 +- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 3207b91105088..8276a8caaf0cf 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4589,7 +4589,7 @@ PHP_FUNCTION(openssl_random_pseudo_bytes) } /* }}} */ -/* {{{ Given an Object ID, or object short or long name, return an associative +/* Given an Object ID, or object short or long name, return an associative array containing any known OID, short name, and long name, or false if the object is not known. */ @@ -4597,8 +4597,9 @@ PHP_FUNCTION(openssl_oid_lookup) { zend_string * txt; ASN1_OBJECT *obj; - char buf[1024]; + char buf[256]; int nid; + bool found = false; if (zend_parse_parameters(ZEND_NUM_ARGS(), "S", &txt) == FAILURE) { return; @@ -4609,13 +4610,12 @@ PHP_FUNCTION(openssl_oid_lookup) RETURN_FALSE; } - OBJ_obj2txt(buf, sizeof(buf)-1, obj, 1); - if (*buf == '\0') { - RETURN_FALSE; - } - array_init(return_value); - add_assoc_string(return_value, "oid", buf); + + if (OBJ_obj2txt(buf, sizeof(buf)-1, obj, 1) > 0 && *buf != '\0') { + add_assoc_string(return_value, "oid", buf); + found = TRUE; + } if ((nid = OBJ_obj2nid(obj)) != NID_undef) { const char *l; @@ -4624,14 +4624,18 @@ PHP_FUNCTION(openssl_oid_lookup) l = OBJ_nid2ln(nid); if (l != NULL) { add_assoc_string(return_value, "lname", (char *) l); + found = TRUE; } s = OBJ_nid2sn(nid); - if (s != NULL && (l == NULL || strcmp(s,l) != 0)) { + if (s != NULL) { add_assoc_string(return_value, "sname", (char *) s); + found = TRUE; } } - ASN1_OBJECT_free(obj); + + if (!found) { + RETURN_FALSE; + } } -/* }}} */ diff --git a/ext/openssl/tests/openssl_oid_lookup_basic.phpt b/ext/openssl/tests/openssl_oid_lookup_basic.phpt index c3bc48e3761d6..17d726062a910 100644 --- a/ext/openssl/tests/openssl_oid_lookup_basic.phpt +++ b/ext/openssl/tests/openssl_oid_lookup_basic.phpt @@ -9,7 +9,7 @@ var_dump(openssl_oid_lookup("unstructuredAddress")); var_dump(openssl_oid_lookup("1.2.3.4.5")); var_dump(openssl_oid_lookup("junk")); ?> ---EXPECTF-- +--EXPECT-- array(3) { ["oid"]=> string(7) "2.5.4.3" From cf5926fbf7682e39d79ae1615da1467e15db342a Mon Sep 17 00:00:00 2001 From: Steve Wall Date: Wed, 14 Jan 2026 09:14:10 -0500 Subject: [PATCH 6/8] `true`, not `TRUE` --- ext/openssl/openssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 8276a8caaf0cf..83e006839a920 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4614,7 +4614,7 @@ PHP_FUNCTION(openssl_oid_lookup) if (OBJ_obj2txt(buf, sizeof(buf)-1, obj, 1) > 0 && *buf != '\0') { add_assoc_string(return_value, "oid", buf); - found = TRUE; + found = true; } if ((nid = OBJ_obj2nid(obj)) != NID_undef) { @@ -4624,13 +4624,13 @@ PHP_FUNCTION(openssl_oid_lookup) l = OBJ_nid2ln(nid); if (l != NULL) { add_assoc_string(return_value, "lname", (char *) l); - found = TRUE; + found = true; } s = OBJ_nid2sn(nid); if (s != NULL) { add_assoc_string(return_value, "sname", (char *) s); - found = TRUE; + found = true; } } ASN1_OBJECT_free(obj); From cb55ac123ee4e705e1b3ee68c8d51f1daa1b653d Mon Sep 17 00:00:00 2001 From: Steve Wall Date: Wed, 14 Jan 2026 10:22:35 -0500 Subject: [PATCH 7/8] Fix test for change to sname --- ext/openssl/tests/openssl_oid_lookup_basic.phpt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ext/openssl/tests/openssl_oid_lookup_basic.phpt b/ext/openssl/tests/openssl_oid_lookup_basic.phpt index 17d726062a910..d04a132336bdc 100644 --- a/ext/openssl/tests/openssl_oid_lookup_basic.phpt +++ b/ext/openssl/tests/openssl_oid_lookup_basic.phpt @@ -18,9 +18,11 @@ array(3) { ["sname"]=> string(2) "CN" } -array(2) { +array(3) { ["oid"]=> string(20) "1.2.840.113549.1.9.8" + ["sname"]=> + string(19) "unstructuredAddress" ["lname"]=> string(19) "unstructuredAddress" } From 43a655bf3b970b5f83c3d7a976125fefcd380c51 Mon Sep 17 00:00:00 2001 From: Steve Wall Date: Wed, 14 Jan 2026 10:42:17 -0500 Subject: [PATCH 8/8] wrong order --- ext/openssl/tests/openssl_oid_lookup_basic.phpt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/openssl/tests/openssl_oid_lookup_basic.phpt b/ext/openssl/tests/openssl_oid_lookup_basic.phpt index d04a132336bdc..ed452b3e7530c 100644 --- a/ext/openssl/tests/openssl_oid_lookup_basic.phpt +++ b/ext/openssl/tests/openssl_oid_lookup_basic.phpt @@ -21,10 +21,10 @@ array(3) { array(3) { ["oid"]=> string(20) "1.2.840.113549.1.9.8" - ["sname"]=> - string(19) "unstructuredAddress" ["lname"]=> string(19) "unstructuredAddress" + ["sname"]=> + string(19) "unstructuredAddress" } array(1) { ["oid"]=>