#
55e07484 |
| 23-Oct-2023 |
Jakub Zelenka |
Fix #50713: openssl_pkcs7_verify() may ignore untrusted CAs Closes GH-12499
|
#
83a242ec |
| 21-Oct-2023 |
Jakub Zelenka |
Fix GH-12489: Missing sigbio creation checking in openssl_cms_verify Closes GH-12490
|
#
22c9e7e2 |
| 04-Mar-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Add missing error check on PEM_write_bio_PKCS7() Closes GH-10752.
|
#
51ea4a68 |
| 02-Mar-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Add missing error check on PEM_write_bio_CMS() On failure, this function returns 0. 2 other callers of this function already check the return value, but this one was missed.
|
#
d2ef1561 |
| 03-Mar-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Add missing error check on i2d_PKCS12_bio() This function returns 0 on error and 1 on success. The error case was not checked and the function therefore would've returned true. The o
Add missing error check on i2d_PKCS12_bio() This function returns 0 on error and 1 on success. The error case was not checked and the function therefore would've returned true. The only other caller of i2d_PKCS12_bio() in the file has a correct error check. Closes GH-10761.
show more ...
|
#
0d011e46 |
| 16-Jan-2023 |
Dmitry Stogov |
Revert "Merge branch 'PHP-8.0' into PHP-8.1" This reverts commit 0116864cd312f9756f38a0ee0f83bb302a7e367b, reversing changes made to 1f715f5658f5909a9346f56812fa605744d23880.
|
#
255e08ac |
| 03-Jan-2023 |
Gabriel Caruso |
Revert "Make build work with newer OpenSSL" This reverts commit 5f90134bb69a345c7edb5013e6461e84caa32dbc.
|
#
5f90134b |
| 19-Dec-2022 |
Stanislav Malyshev |
Make build work with newer OpenSSL
|
#
500b28ad |
| 25-Nov-2022 |
Jakub Zelenka |
Fix GH-10000: Test failures when OpenSSL compiled with no-dsa
|
#
ce572213 |
| 25-Nov-2022 |
Jakub Zelenka |
Fix GH-9064: PHP fails to build if openssl was built with no-ec
|
#
fa1b6ab5 |
| 22-Oct-2022 |
Jakub Zelenka |
Fix GH-8430: OpenSSL compiled with old disgests does not build Specifically no-md2, no-md4 or no-rmd160 were not supported
|
#
84dcf578 |
| 15-Aug-2022 |
Jakub Zelenka |
Fix GH-9339: OpenSSL oid_file path check warning contains uninitialized path
|
#
976cbba7 |
| 09-Jun-2022 |
Jakub Zelenka |
Merge branch 'PHP-8.0' into PHP-8.1
|
Revision tags: php-8.1.7RC1 |
|
#
b765d4cd |
| 21-May-2022 |
Jakub Zelenka |
Fix bug #50293 and #81713: file path checking in OpenSSL functions It introduces a single function to check file paths passed to OpenSSL functions. It expands the path, check null bytes
Fix bug #50293 and #81713: file path checking in OpenSSL functions It introduces a single function to check file paths passed to OpenSSL functions. It expands the path, check null bytes and finally does an open basedir check.
show more ...
|
Revision tags: php-8.1.4RC1, php-8.1.3, php-8.1.2RC1, php-8.1.0, php-7.3.33, php-7.3.32 |
|
#
7f0d3f54 |
| 08-Oct-2021 |
Nikita Popov |
Fixed bug #81502 Allow $tag to be null. This is the value that openssl_encrypt() sets it to for non-AEAD ciphers, so we should also accept this as an input to openssl_decrypt().
Fixed bug #81502 Allow $tag to be null. This is the value that openssl_encrypt() sets it to for non-AEAD ciphers, so we should also accept this as an input to openssl_decrypt(). Prior to PHP 8.1, null was accepted in weak mode due to the special treatment of null arguments to internal functions.
show more ...
|
Revision tags: php-7.3.31 |
|
#
6ee96f09 |
| 10-Sep-2021 |
Remi Collet |
fix [-Wmaybe-uninitialized] build warnings |
Revision tags: php-7.3.30 |
|
#
7b34db06 |
| 10-Aug-2021 |
Nikita Popov |
Switch default PKCS7/CMS cipher to AES-128-CBC Switch default cipher for openssl_pkcs7_encrypt() and openssl_cms_encrypt() from RC2-40 to AES-128-CBC. The RC2-40 cipher is consi
Switch default PKCS7/CMS cipher to AES-128-CBC Switch default cipher for openssl_pkcs7_encrypt() and openssl_cms_encrypt() from RC2-40 to AES-128-CBC. The RC2-40 cipher is considered insecure and is not loaded by default in OpenSSL 3, which means that these functions will always fail with default arguments. As the used algorithm is embedded in the result (which makes this different from the openssl_encrypt() case) changing the default algorithm should be safe. Closes GH-7357.
show more ...
|
#
c51af22f |
| 05-Aug-2021 |
Remi Collet |
implement openssl_256 and openssl_512 for phar singatures |
#
7d2a2c7d |
| 11-Aug-2021 |
Nikita Popov |
Fix openssl memory leaks Some leaks that snuck in during refactorings. |
#
3724b49a |
| 09-Aug-2021 |
Nikita Popov |
Use param API to create RSA key Instead of deprecated low-level API. A caveat here is that when using the high-level API, OpenSSL 3 requires that if the prime factors are set, t
Use param API to create RSA key Instead of deprecated low-level API. A caveat here is that when using the high-level API, OpenSSL 3 requires that if the prime factors are set, the CRT parameters are also set. See https://github.com/openssl/openssl/issues/16271. As such, add CRT parameters to the manual construction test. This fixes the last deprecation warnings in openssl.c, but there are more elsewhere.
show more ...
|
#
ff2a39e6 |
| 09-Aug-2021 |
Nikita Popov |
Add missing unsigned qualifier This previously got lost in the deprecation warning noise. |
#
6db2c2db |
| 06-Aug-2021 |
Nikita Popov |
Use param API for openssl_pkey_get_details() Now that the DSA/DH/EC keys are not created using the legacy API, we can fetch the details using the param API as well, and not run into
Use param API for openssl_pkey_get_details() Now that the DSA/DH/EC keys are not created using the legacy API, we can fetch the details using the param API as well, and not run into buggy priv_key handling.
show more ...
|
#
26a51e8d |
| 09-Aug-2021 |
Nikita Popov |
Extract public key portion via PEM roundtrip The workaround with cloning the X509_REQ no longer works in OpenSSL 3. Instead extract the public key portion by round tripping through P
Extract public key portion via PEM roundtrip The workaround with cloning the X509_REQ no longer works in OpenSSL 3. Instead extract the public key portion by round tripping through PEM.
show more ...
|
#
f9e701cd |
| 09-Aug-2021 |
Nikita Popov |
Use param API for creating EC keys Rather than the deprecated low level APIs. |
#
14d7c7e9 |
| 09-Aug-2021 |
Nikita Popov |
Extract EC key initialization |