#
6724d5d4 |
| 04-Aug-2021 |
Christoph M. Becker |
Fix #81327: Error build openssl extension on php 7.4.22 The recent fix for bug 52093 is not compatible with LibreSSL ≥ 2.7.0, which we recognize as mostly OpenSSL 1.1.0 compatible, but t
Fix #81327: Error build openssl extension on php 7.4.22 The recent fix for bug 52093 is not compatible with LibreSSL ≥ 2.7.0, which we recognize as mostly OpenSSL 1.1.0 compatible, but they still do not support `ASN1_INTEGER_set_int64()`. Closes GH-7339.
show more ...
|
#
334387bb |
| 01-Jul-2021 |
Christoph M. Becker |
Fix #52093: openssl_csr_sign truncates $serial We use `ASN1_INTEGER_set_int64()` if supported[1], to avoid the truncation of the integer. [1] <https://www.openssl.org/docs/man1.
Fix #52093: openssl_csr_sign truncates $serial We use `ASN1_INTEGER_set_int64()` if supported[1], to avoid the truncation of the integer. [1] <https://www.openssl.org/docs/man1.1.0/man3/ASN1_INTEGER_set_int64.html#HISTORY> Closes GH-7209.
show more ...
|
#
75667427 |
| 15-Feb-2021 |
Nikita Popov |
Suppress OpenSSL error on missing optional config openssl_pkey_new() fetches various options from the config file -- most of these are optional, and not specifying them is not an error
Suppress OpenSSL error on missing optional config openssl_pkey_new() fetches various options from the config file -- most of these are optional, and not specifying them is not an error condition from the perspective of the user. Unfortunately, the CONF_get_string() API pushes an error when accessing a key that doesn't exist (_CONF_get_string does not, but that is presumably a private API). This commit adds a helper php_openssl_conf_get_string() that automatically clears the error in this case. I've found that OpenSSL occasionally does the same thing internally: https://github.com/openssl/openssl/blob/22040fb790c854cefb04bed98ed38ea6357daf83/apps/req.c#L515-L517 Closes GH-6699.
show more ...
|
#
64b10854 |
| 15-Feb-2021 |
Nikita Popov |
Fixed bug #80747 If RSA key generation fails, actually report that failure.
|
#
ecee3f12 |
| 30-Nov-2020 |
Nikita Popov |
Next attempt to fix bug #80368 Apparently treating LibreSSL as OpenSSL 1.1 is not just something we did in our code, it's something that upstream LibreSSL claims, despite not actuall
Next attempt to fix bug #80368 Apparently treating LibreSSL as OpenSSL 1.1 is not just something we did in our code, it's something that upstream LibreSSL claims, despite not actually being compatible. Duh. Check for EVP_CIPH_OCB_MODE instead, which should reliably determine support...
show more ...
|
#
0f579fd7 |
| 27-Nov-2020 |
Nikita Popov |
Fixed bug #80368 We assume that usually LibreSSL supports everything OpenSSL 1.1 does. In this instance, this is not the case.
|
#
1359f793 |
| 20-Oct-2020 |
Nikita Popov |
Fix CCM tag length setting for old OpenSSL versions While OpenSSL 1.1 allows unconditionally setting the CCM tag length even for decryption, some older versions apparently do not. As suc
Fix CCM tag length setting for old OpenSSL versions While OpenSSL 1.1 allows unconditionally setting the CCM tag length even for decryption, some older versions apparently do not. As such, we do need to treat CCM and OCB separately after all.
show more ...
|
#
750a74ed |
| 14-Oct-2020 |
Nikita Popov |
Fix bug #79983: Add support for OCB mode OCB mode ciphers were already exposed to openssl_encrypt/decrypt, but misbehaved, because they were not treated as AEAD ciphers. From that pe
Fix bug #79983: Add support for OCB mode OCB mode ciphers were already exposed to openssl_encrypt/decrypt, but misbehaved, because they were not treated as AEAD ciphers. From that perspective, OCB should be treated the same way as GCM. In OpenSSL 1.1 the necessary controls were unified under EVP_CTRL_AEAD_* (and OCB is only supported since OpenSSL 1.1). Closes GH-6337.
show more ...
|
#
6c6a58e9 |
| 13-Oct-2020 |
Nikita Popov |
Allow passing $tag for non-authenticated encryption openssl_encrypt() currently throws a warning if the $tag out parameter is passed for a non-authenticated cipher. This violates the
Allow passing $tag for non-authenticated encryption openssl_encrypt() currently throws a warning if the $tag out parameter is passed for a non-authenticated cipher. This violates the principle that a function should behave the same if a parameter is not passed, and if the default value is passed for the parameter. I believe this warning should simply be dropped and the $tag be populated with null, as is already the case. Otherwise, it is not possible to use openssl_encrypt() in generic wrapper APIs, that are compatible with both authenticated and non-authenticated encryption. Closes GH-6333.
show more ...
|
#
41e4a770 |
| 12-Oct-2020 |
Nikita Popov |
Revert "Add missing X509 purpose constants" This reverts commit 1e53e14bc31aec98a408e517c7c8493ef4bf80cd. This fails on Travis.
|
#
1e53e14b |
| 09-Oct-2020 |
Vincent JARDIN |
Add missing X509 purpose constants X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available from OpenSSL for many years: - X509_PURPOSE_OCSP_HELPER, since 2001
Add missing X509 purpose constants X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available from OpenSSL for many years: - X509_PURPOSE_OCSP_HELPER, since 2001 - X509_PURPOSE_TIMESTAMP_SIGN, since 2006 Also drop the ifdef check for X509_PURPOSE_ANY, as it is always available in supported OpenSSL versions. Closes GH-6312.
show more ...
|
#
2f5cb702 |
| 27-Sep-2020 |
Stanislav Malyshev |
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
|
#
0216630e |
| 27-Sep-2020 |
Stanislav Malyshev |
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
|
#
657a832a |
| 22-Jul-2020 |
Nikita Popov |
Fixed bug #79881
|
#
9eff906a |
| 21-Jan-2020 |
Christoph M. Becker |
Fix #79145: openssl memory leak We must increase the refcount of `return_value` only if `cert` is a resource; this is already done in `php_openssl_evp_from_zval()`, though.
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1 |
|
#
699b465d |
| 09-Aug-2019 |
Nikita Popov |
Fixed bug #78391
|
Revision tags: php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2 |
|
#
99f3e0f0 |
| 21-Jun-2019 |
Nikita Popov |
Fix PKCS12 leak in openssl
|
#
c939a678 |
| 21-Jun-2019 |
Nikita Popov |
Fix d leak in ecc openssl_pkey_new
|
#
dfe6f0c1 |
| 21-Jun-2019 |
Nikita Popov |
Fix netscape spki leak in openssl
|
#
a0da2fb2 |
| 21-Jun-2019 |
Nikita Popov |
Fix X509 leak in openssl_pkcs7_verify()
|
#
e0bafc6d |
| 21-Jun-2019 |
Nikita Popov |
Fix CSR leaks in openssl
|
Revision tags: php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5 |
|
#
32e6d08d |
| 27-Apr-2019 |
Rosen Penev |
Fix compilation without deprecated OpenSSL 1.1 APIs
|
#
457392fa |
| 05-Jun-2019 |
Dmitry Stogov |
Cheaper checks for exceptions thrown from __toString()
|
Revision tags: php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16 |
|
#
a31f4642 |
| 26-Feb-2019 |
Nikita Popov |
Allow exceptions in __toString() RFC: https://wiki.php.net/rfc/tostring_exceptions And convert some object to string conversion related recoverable fatal errors into Error excep
Allow exceptions in __toString() RFC: https://wiki.php.net/rfc/tostring_exceptions And convert some object to string conversion related recoverable fatal errors into Error exceptions. Improve exception safety of internal code performing string conversions.
show more ...
|
#
2e025794 |
| 02-Jun-2019 |
Jakub Zelenka |
Fix bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c) It also fixes invalid setting of tag length
|