| #
6724d5d4 |
| 04-Aug-2021 |
Christoph M. Becker |
Fix #81327: Error build openssl extension on php 7.4.22
The recent fix for bug 52093 is not compatible with LibreSSL ≥ 2.7.0,
which we recognize as mostly OpenSSL 1.1.0 compatible, but t
Fix #81327: Error build openssl extension on php 7.4.22
The recent fix for bug 52093 is not compatible with LibreSSL ≥ 2.7.0,
which we recognize as mostly OpenSSL 1.1.0 compatible, but they still
do not support `ASN1_INTEGER_set_int64()`.
Closes GH-7339.
show more ...
|
| #
384ad6e2 |
| 04-Aug-2021 |
Nikita Popov |
Use EVP_PKEY APIs for openssl_private_encrypt/public_decrypt
Use high level APIs instead of deprecated low level APIs.
|
| #
0233afae |
| 04-Aug-2021 |
Nikita Popov |
Use EVP_PKEY API for openssl_public_encrypt/private_decrypt
Use the high level API instead of the deprecated low level API.
|
| #
a80ae97d |
| 04-Aug-2021 |
Nikita Popov |
Only report provided ciphers in openssl_get_cipher_methods()
With OpenSSL 3 ciphers may be registered, but not provided. Make
sure that openssl_get_cipher_methods() only returns provided
Only report provided ciphers in openssl_get_cipher_methods()
With OpenSSL 3 ciphers may be registered, but not provided. Make
sure that openssl_get_cipher_methods() only returns provided
ciphers, so that "in_array openssl_get_cipher_methods" style
checks continue working as expected.
show more ...
|
|
Revision tags: php-8.1.0beta2, php-8.0.9, php-7.4.22, php-8.1.0beta1 |
|
| #
570d9b63 |
| 20-Jul-2021 |
Joe Watkins |
Not serializable flag permeation
|
|
Revision tags: php-7.4.22RC1, php-8.0.9RC1, php-8.1.0alpha3 |
|
| #
334387bb |
| 01-Jul-2021 |
Christoph M. Becker |
Fix #52093: openssl_csr_sign truncates $serial
We use `ASN1_INTEGER_set_int64()` if supported[1], to avoid the
truncation of the integer.
[1] <https://www.openssl.org/docs/man1.
Fix #52093: openssl_csr_sign truncates $serial
We use `ASN1_INTEGER_set_int64()` if supported[1], to avoid the
truncation of the integer.
[1] <https://www.openssl.org/docs/man1.1.0/man3/ASN1_INTEGER_set_int64.html#HISTORY>
Closes GH-7209.
show more ...
|
|
Revision tags: php-7.4.21, php-7.3.29, php-8.0.8, php-8.1.0alpha2, php-7.4.21RC1, php-8.0.8RC1, php-8.1.0alpha1, php-8.0.7, php-7.4.20, php-8.0.7RC1, php-7.4.20RC1 |
|
| #
c40231af |
| 12-May-2021 |
George Peter Banyard |
Mark various functions with void arguments.
This fixes a bunch of [-Wstrict-prototypes] warning,
because in C func() and func(void) have different semantics.
|
| #
01b3fc03 |
| 06-May-2021 |
KsaR |
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
show more ...
|
|
Revision tags: php-8.0.6, php-7.4.19, php-7.4.18, php-7.3.28, php-8.0.5, php-8.0.5RC1, php-7.4.18RC1, php-8.0.4RC1, php-7.4.17RC1, php-8.0.3, php-7.4.16, php-8.0.3RC1 |
|
| #
b63ea104 |
| 16-Feb-2021 |
Nikita Popov |
Mark resource-like objects as non-comparable
As these hold on to some internal resource, there can't be two
"equal" objects with different identity. Make sure the lack of
public prop
Mark resource-like objects as non-comparable
As these hold on to some internal resource, there can't be two
"equal" objects with different identity. Make sure the lack of
public properties doesn't result in these being treated as always
equal.
show more ...
|
|
Revision tags: php-7.4.16RC1 |
|
| #
75667427 |
| 15-Feb-2021 |
Nikita Popov |
Suppress OpenSSL error on missing optional config
openssl_pkey_new() fetches various options from the config file --
most of these are optional, and not specifying them is not an error
Suppress OpenSSL error on missing optional config
openssl_pkey_new() fetches various options from the config file --
most of these are optional, and not specifying them is not an error
condition from the perspective of the user. Unfortunately, the
CONF_get_string() API pushes an error when accessing a key that
doesn't exist (_CONF_get_string does not, but that is presumably a
private API). This commit adds a helper php_openssl_conf_get_string()
that automatically clears the error in this case. I've found that
OpenSSL occasionally does the same thing internally:
https://github.com/openssl/openssl/blob/22040fb790c854cefb04bed98ed38ea6357daf83/apps/req.c#L515-L517
Closes GH-6699.
show more ...
|
| #
64b10854 |
| 15-Feb-2021 |
Nikita Popov |
Fixed bug #80747
If RSA key generation fails, actually report that failure.
|
| #
af56982a |
| 14-Feb-2021 |
Máté Kocsis |
Generate class entries from stubs for oci8, odbc, openssl, pcntl, pdo, pgsql
Closes GH-6691
|
|
Revision tags: php-8.0.2, php-7.4.15, php-7.3.27, php-8.0.2RC1, php-7.4.15RC2, php-7.4.15RC1 |
|
| #
3e01f5af |
| 15-Jan-2021 |
Nikita Popov |
Replace zend_bool uses with bool
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool
Replace zend_bool uses with bool
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool is retained as an alias.
show more ...
|
|
Revision tags: php-8.0.1, php-7.4.14, php-7.3.26, php-7.4.14RC1, php-8.0.1RC1, php-7.3.26RC1 |
|
| #
ecee3f12 |
| 30-Nov-2020 |
Nikita Popov |
Next attempt to fix bug #80368
Apparently treating LibreSSL as OpenSSL 1.1 is not just something
we did in our code, it's something that upstream LibreSSL claims,
despite not actuall
Next attempt to fix bug #80368
Apparently treating LibreSSL as OpenSSL 1.1 is not just something
we did in our code, it's something that upstream LibreSSL claims,
despite not actually being compatible. Duh.
Check for EVP_CIPH_OCB_MODE instead, which should reliably
determine support...
show more ...
|
| #
0f579fd7 |
| 27-Nov-2020 |
Nikita Popov |
Fixed bug #80368
We assume that usually LibreSSL supports everything OpenSSL 1.1 does.
In this instance, this is not the case.
|
|
Revision tags: php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1 |
|
| #
c3a6debc |
| 10-Oct-2020 |
Jakub Zelenka |
Bump minimal OpenSSL version to 1.0.2
|
| #
1359f793 |
| 20-Oct-2020 |
Nikita Popov |
Fix CCM tag length setting for old OpenSSL versions
While OpenSSL 1.1 allows unconditionally setting the CCM tag length
even for decryption, some older versions apparently do not. As suc
Fix CCM tag length setting for old OpenSSL versions
While OpenSSL 1.1 allows unconditionally setting the CCM tag length
even for decryption, some older versions apparently do not. As such,
we do need to treat CCM and OCB separately after all.
show more ...
|
| #
750a74ed |
| 14-Oct-2020 |
Nikita Popov |
Fix bug #79983: Add support for OCB mode
OCB mode ciphers were already exposed to openssl_encrypt/decrypt,
but misbehaved, because they were not treated as AEAD ciphers.
From that pe
Fix bug #79983: Add support for OCB mode
OCB mode ciphers were already exposed to openssl_encrypt/decrypt,
but misbehaved, because they were not treated as AEAD ciphers.
From that perspective, OCB should be treated the same way as GCM.
In OpenSSL 1.1 the necessary controls were unified under
EVP_CTRL_AEAD_* (and OCB is only supported since OpenSSL 1.1).
Closes GH-6337.
show more ...
|
| #
251af732 |
| 14-Oct-2020 |
Nikita Popov |
Fix nullability of openssl_cms_sign() parameter
|
| #
6c6a58e9 |
| 13-Oct-2020 |
Nikita Popov |
Allow passing $tag for non-authenticated encryption
openssl_encrypt() currently throws a warning if the $tag out
parameter is passed for a non-authenticated cipher. This violates
the
Allow passing $tag for non-authenticated encryption
openssl_encrypt() currently throws a warning if the $tag out
parameter is passed for a non-authenticated cipher. This violates
the principle that a function should behave the same if a parameter
is not passed, and if the default value is passed for the parameter.
I believe this warning should simply be dropped and the $tag be
populated with null, as is already the case. Otherwise, it is not
possible to use openssl_encrypt() in generic wrapper APIs, that are
compatible with both authenticated and non-authenticated encryption.
Closes GH-6333.
show more ...
|
| #
41e4a770 |
| 12-Oct-2020 |
Nikita Popov |
Revert "Add missing X509 purpose constants"
This reverts commit 1e53e14bc31aec98a408e517c7c8493ef4bf80cd.
This fails on Travis.
|
| #
1e53e14b |
| 09-Oct-2020 |
Vincent JARDIN |
Add missing X509 purpose constants
X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available
from OpenSSL for many years:
- X509_PURPOSE_OCSP_HELPER, since 2001
Add missing X509 purpose constants
X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available
from OpenSSL for many years:
- X509_PURPOSE_OCSP_HELPER, since 2001
- X509_PURPOSE_TIMESTAMP_SIGN, since 2006
Also drop the ifdef check for X509_PURPOSE_ANY, as it is always
available in supported OpenSSL versions.
Closes GH-6312.
show more ...
|
| #
62c6d695 |
| 01-Oct-2020 |
Nikita Popov |
Add test instantiating all objects
Intended to find issues in opaque object destructors.
Closes GH-6251.
|
|
Revision tags: php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23 |
|
| #
2f5cb702 |
| 27-Sep-2020 |
Stanislav Malyshev |
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
|
| #
0216630e |
| 27-Sep-2020 |
Stanislav Malyshev |
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
|
