Use param API for openssl_pkey_get_details()

Now that the DSA/DH/EC keys are not created using the legacy API,
we can fetch the details using the param API as well, and not
run into

Use param API for openssl_pkey_get_details()

Now that the DSA/DH/EC keys are not created using the legacy API,
we can fetch the details using the param API as well, and not
run into buggy priv_key handling.

show more ...

Extract public key portion via PEM roundtrip

The workaround with cloning the X509_REQ no longer works in
OpenSSL 3. Instead extract the public key portion by round
tripping through P

Extract public key portion via PEM roundtrip

The workaround with cloning the X509_REQ no longer works in
OpenSSL 3. Instead extract the public key portion by round
tripping through PEM.

show more ...

Use param API for creating EC keys

Rather than the deprecated low level APIs.

Extract EC key initialization

Use OpenSSL NCONF APIs (#7337)

minimal fix for openssl 3.0 (#7002)

Switch manual DSA key generation to param API

This is very similar to the DH case, with the primary difference
that priv_key is ignored if pub_key is not given, rather than
generatin

Switch manual DSA key generation to param API

This is very similar to the DH case, with the primary difference
that priv_key is ignored if pub_key is not given, rather than
generating pub_key from priv_key. Would be nice if these worked
the same (in which case we should probably also unify the keygen
for FFC algorithms, as it's very similar).

show more ...

Switch manual DH key generation to param API

Instead of using the deprecated low-level interface.

This should also avoid issues with fetching parameters from
legacy keys, cf. ht

Switch manual DH key generation to param API

Instead of using the deprecated low-level interface.

This should also avoid issues with fetching parameters from
legacy keys, cf. https://github.com/openssl/openssl/issues/16247.

show more ...

Do not special case export of EC keys

All other private keys are exported in PKCS#8 format, while EC
keys use traditional format. Switch them to use PKCS#8 format as
well.

A

Do not special case export of EC keys

All other private keys are exported in PKCS#8 format, while EC
keys use traditional format. Switch them to use PKCS#8 format as
well.

As the OpenSSL docs say:

> PEM_write_bio_PrivateKey_traditional() writes out a private key
> in the "traditional" format with a simple private key marker and
> should only be used for compatibility with legacy programs.

show more ...

Avoid DH_compute_key() with OpenSSL 3

Instead construct a proper EVP_PKEY for the public key and
perform a derive operation.

Unfortunately we can't use a common code path here,

Avoid DH_compute_key() with OpenSSL 3

Instead construct a proper EVP_PKEY for the public key and
perform a derive operation.

Unfortunately we can't use a common code path here, because
EVP_PKEY_set1_encoded_public_key() formerly known as
EVP_PKEY_set1_tls_encodedpoint() does not appear to work with
DH keys prior to OpenSSL 3.

show more ...

Extract php_openssl_pkey_derive() function

To allow sharing it with the openssl_dh_compute_key() implementation.

Store whether pkey object contains private key

Rather than querying whether the EVP_PKEY contains private key
information, determine this at time of construction and store it
in the

Store whether pkey object contains private key

Rather than querying whether the EVP_PKEY contains private key
information, determine this at time of construction and store it
in the PHP object.

OpenSSL doesn't provide an API for this purpose, and seems
somewhat reluctant to add one, see
https://github.com/openssl/openssl/issues/9467.

To avoid using deprecated low-level APIs to determine whether
something is a private key ourselves, remember it at the point
of construction.

show more ...

Use EVP_PKEY APIs for key generation

Use high level API instead of deprecated low level API.

Merge branch 'PHP-8.0'

* PHP-8.0:
Fix #81327: Error build openssl extension on php 7.4.22

Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
Fix #81327: Error build openssl extension on php 7.4.22

Fix #81327: Error build openssl extension on php 7.4.22

The recent fix for bug 52093 is not compatible with LibreSSL ≥ 2.7.0,
which we recognize as mostly OpenSSL 1.1.0 compatible, but t

Fix #81327: Error build openssl extension on php 7.4.22

The recent fix for bug 52093 is not compatible with LibreSSL ≥ 2.7.0,
which we recognize as mostly OpenSSL 1.1.0 compatible, but they still
do not support `ASN1_INTEGER_set_int64()`.

Closes GH-7339.

show more ...

Use EVP_PKEY APIs for openssl_private_encrypt/public_decrypt

Use high level APIs instead of deprecated low level APIs.

Use EVP_PKEY API for openssl_public_encrypt/private_decrypt

Use the high level API instead of the deprecated low level API.

Only report provided ciphers in openssl_get_cipher_methods()

With OpenSSL 3 ciphers may be registered, but not provided. Make
sure that openssl_get_cipher_methods() only returns provided

Only report provided ciphers in openssl_get_cipher_methods()

With OpenSSL 3 ciphers may be registered, but not provided. Make
sure that openssl_get_cipher_methods() only returns provided
ciphers, so that "in_array openssl_get_cipher_methods" style
checks continue working as expected.

show more ...

Not serializable flag permeation

Merge branch 'PHP-8.0'

* PHP-8.0:
Fix #52093: openssl_csr_sign truncates $serial

Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
Fix #52093: openssl_csr_sign truncates $serial

Fix #52093: openssl_csr_sign truncates $serial

We use `ASN1_INTEGER_set_int64()` if supported[1], to avoid the
truncation of the integer.

[1] <https://www.openssl.org/docs/man1.

Fix #52093: openssl_csr_sign truncates $serial

We use `ASN1_INTEGER_set_int64()` if supported[1], to avoid the
truncation of the integer.

[1] <https://www.openssl.org/docs/man1.1.0/man3/ASN1_INTEGER_set_int64.html#HISTORY>

Closes GH-7209.

show more ...

Mark various functions with void arguments.

This fixes a bunch of [-Wstrict-prototypes] warning,
because in C func() and func(void) have different semantics.

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...