#
75667427 |
| 15-Feb-2021 |
Nikita Popov |
Suppress OpenSSL error on missing optional config openssl_pkey_new() fetches various options from the config file -- most of these are optional, and not specifying them is not an error
Suppress OpenSSL error on missing optional config openssl_pkey_new() fetches various options from the config file -- most of these are optional, and not specifying them is not an error condition from the perspective of the user. Unfortunately, the CONF_get_string() API pushes an error when accessing a key that doesn't exist (_CONF_get_string does not, but that is presumably a private API). This commit adds a helper php_openssl_conf_get_string() that automatically clears the error in this case. I've found that OpenSSL occasionally does the same thing internally: https://github.com/openssl/openssl/blob/22040fb790c854cefb04bed98ed38ea6357daf83/apps/req.c#L515-L517 Closes GH-6699.
show more ...
|
#
5f0b995e |
| 15-Feb-2021 |
Nikita Popov |
Merge branch 'PHP-8.0' * PHP-8.0: Fixed bug #80747
|
#
f43097a2 |
| 15-Feb-2021 |
Nikita Popov |
Merge branch 'PHP-7.4' into PHP-8.0 * PHP-7.4: Fixed bug #80747
|
#
64b10854 |
| 15-Feb-2021 |
Nikita Popov |
Fixed bug #80747 If RSA key generation fails, actually report that failure. |
#
af56982a |
| 14-Feb-2021 |
Máté Kocsis |
Generate class entries from stubs for oci8, odbc, openssl, pcntl, pdo, pgsql Closes GH-6691 |
Revision tags: php-7.3.27 |
|
#
3e01f5af |
| 15-Jan-2021 |
Nikita Popov |
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool is retained as an alias.
show more ...
|
Revision tags: php-7.3.26, php-7.3.26RC1 |
|
#
4ce33486 |
| 30-Nov-2020 |
Nikita Popov |
Merge branch 'PHP-8.0' * PHP-8.0: Next attempt to fix bug #80368
|
#
32cd5a1b |
| 30-Nov-2020 |
Nikita Popov |
Merge branch 'PHP-7.4' into PHP-8.0 * PHP-7.4: Next attempt to fix bug #80368
|
#
ecee3f12 |
| 30-Nov-2020 |
Nikita Popov |
Next attempt to fix bug #80368 Apparently treating LibreSSL as OpenSSL 1.1 is not just something we did in our code, it's something that upstream LibreSSL claims, despite not actuall
Next attempt to fix bug #80368 Apparently treating LibreSSL as OpenSSL 1.1 is not just something we did in our code, it's something that upstream LibreSSL claims, despite not actually being compatible. Duh. Check for EVP_CIPH_OCB_MODE instead, which should reliably determine support...
show more ...
|
#
d56e2554 |
| 27-Nov-2020 |
Nikita Popov |
Merge branch 'PHP-8.0' * PHP-8.0: Fixed bug #80368
|
#
f4e1768e |
| 27-Nov-2020 |
Nikita Popov |
Merge branch 'PHP-7.4' into PHP-8.0 * PHP-7.4: Fixed bug #80368
|
#
0f579fd7 |
| 27-Nov-2020 |
Nikita Popov |
Fixed bug #80368 We assume that usually LibreSSL supports everything OpenSSL 1.1 does. In this instance, this is not the case. |
Revision tags: php-7.3.25, php-7.3.25RC1, php-7.3.24, php-7.3.24RC1 |
|
#
c3a6debc |
| 10-Oct-2020 |
Jakub Zelenka |
Bump minimal OpenSSL version to 1.0.2 |
#
87d2bb74 |
| 20-Oct-2020 |
Nikita Popov |
Merge branch 'PHP-7.4' into PHP-8.0 * PHP-7.4: Fix CCM tag length setting for old OpenSSL versions
|
#
1359f793 |
| 20-Oct-2020 |
Nikita Popov |
Fix CCM tag length setting for old OpenSSL versions While OpenSSL 1.1 allows unconditionally setting the CCM tag length even for decryption, some older versions apparently do not. As suc
Fix CCM tag length setting for old OpenSSL versions While OpenSSL 1.1 allows unconditionally setting the CCM tag length even for decryption, some older versions apparently do not. As such, we do need to treat CCM and OCB separately after all.
show more ...
|
#
7727a022 |
| 19-Oct-2020 |
Nikita Popov |
Merge branch 'PHP-7.4' into PHP-8.0 * PHP-7.4: Fix bug #79983: Add support for OCB mode
|
#
750a74ed |
| 14-Oct-2020 |
Nikita Popov |
Fix bug #79983: Add support for OCB mode OCB mode ciphers were already exposed to openssl_encrypt/decrypt, but misbehaved, because they were not treated as AEAD ciphers. From that pe
Fix bug #79983: Add support for OCB mode OCB mode ciphers were already exposed to openssl_encrypt/decrypt, but misbehaved, because they were not treated as AEAD ciphers. From that perspective, OCB should be treated the same way as GCM. In OpenSSL 1.1 the necessary controls were unified under EVP_CTRL_AEAD_* (and OCB is only supported since OpenSSL 1.1). Closes GH-6337.
show more ...
|
#
251af732 |
| 14-Oct-2020 |
Nikita Popov |
Fix nullability of openssl_cms_sign() parameter |
#
2540f68d |
| 14-Oct-2020 |
Nikita Popov |
Merge branch 'PHP-7.4' into PHP-8.0 * PHP-7.4: Allow passing $tag for non-authenticated encryption
|
#
6c6a58e9 |
| 13-Oct-2020 |
Nikita Popov |
Allow passing $tag for non-authenticated encryption openssl_encrypt() currently throws a warning if the $tag out parameter is passed for a non-authenticated cipher. This violates the
Allow passing $tag for non-authenticated encryption openssl_encrypt() currently throws a warning if the $tag out parameter is passed for a non-authenticated cipher. This violates the principle that a function should behave the same if a parameter is not passed, and if the default value is passed for the parameter. I believe this warning should simply be dropped and the $tag be populated with null, as is already the case. Otherwise, it is not possible to use openssl_encrypt() in generic wrapper APIs, that are compatible with both authenticated and non-authenticated encryption. Closes GH-6333.
show more ...
|
#
2cd2ca88 |
| 12-Oct-2020 |
Nikita Popov |
Merge branch 'PHP-7.4' into PHP-8.0 * PHP-7.4: Revert "Add missing X509 purpose constants"
|
#
41e4a770 |
| 12-Oct-2020 |
Nikita Popov |
Revert "Add missing X509 purpose constants" This reverts commit 1e53e14bc31aec98a408e517c7c8493ef4bf80cd. This fails on Travis. |
#
da60849f |
| 12-Oct-2020 |
Nikita Popov |
Merge branch 'PHP-7.4' into PHP-8.0 * PHP-7.4: Add missing X509 purpose constants
|
#
1e53e14b |
| 09-Oct-2020 |
Vincent JARDIN |
Add missing X509 purpose constants X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available from OpenSSL for many years: - X509_PURPOSE_OCSP_HELPER, since 2001
Add missing X509 purpose constants X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available from OpenSSL for many years: - X509_PURPOSE_OCSP_HELPER, since 2001 - X509_PURPOSE_TIMESTAMP_SIGN, since 2006 Also drop the ifdef check for X509_PURPOSE_ANY, as it is always available in supported OpenSSL versions. Closes GH-6312.
show more ...
|
#
62c6d695 |
| 01-Oct-2020 |
Nikita Popov |
Add test instantiating all objects Intended to find issues in opaque object destructors. Closes GH-6251. |