History log of /PHP-8.4/ext/openssl/openssl.c (Results 51 – 75 of 760)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 5d62cfbc 27-Jul-2022 Christoph M. Becker

Tweak openssl_random_pseudo_bytes() upper bound error message

As suggested by @guilliamxavier.


# e52946eb 25-Jul-2022 Christoph M. Becker

Restrict range of buffer_length on all platforms to INT_MAX

This has only been done for Windows systems so far, and there was a
TODO comment about looping for larger values; that appears

Restrict range of buffer_length on all platforms to INT_MAX

This has only been done for Windows systems so far, and there was a
TODO comment about looping for larger values; that appears to be
overkill, though, since 2 million bytes should be sufficient for all
use cases, and if there is really the need for more, users can still
loop manually. Anyhow, checking the range upfront on all platforms
is clearer then silently casting to `int`.

We split the error message for the least possible BC break.

Closes GH-9126.

show more ...


# b358834c 20-Jul-2022 Máté Kocsis

Declare ext/openssl constants in stubs (#9046)


Revision tags: php-8.1.9RC1, php-8.2.0beta1, php-8.0.22RC1, php-8.0.21, php-8.1.8, php-8.2.0alpha3, php-8.1.8RC1, php-8.2.0alpha2, php-8.0.21RC1, php-8.0.20, php-8.1.7, php-8.2.0alpha1, php-7.4.30, php-8.1.7RC1, php-8.0.20RC1, php-8.1.6, php-8.0.19, php-8.1.6RC1, php-8.0.19RC1, php-8.0.18, php-8.1.5
# c311ab7e 12-Apr-2022 Tim Düsterhus

Mark parameter in ext/openssl as sensitive


# b765d4cd 21-May-2022 Jakub Zelenka

Fix bug #50293 and #81713: file path checking in OpenSSL functions

It introduces a single function to check file paths passed to OpenSSL
functions. It expands the path, check null bytes

Fix bug #50293 and #81713: file path checking in OpenSSL functions

It introduces a single function to check file paths passed to OpenSSL
functions. It expands the path, check null bytes and finally does
an open basedir check.

show more ...


# 2ecd46f4 22-May-2022 George Peter Banyard

Initialise zend_stat_t to fix MSAN build


Revision tags: php-7.4.29, php-8.1.5RC1, php-8.0.18RC1, php-8.1.4, php-8.0.17, php-8.1.4RC1, php-8.0.17RC1, php-8.1.3, php-8.0.16, php-7.4.28, php-8.1.3RC1, php-8.0.16RC1, php-8.1.2, php-8.0.15, php-8.1.2RC1, php-8.0.15RC1, php-8.0.14, php-8.1.1, php-7.4.27, php-8.1.1RC1, php-8.0.14RC1, php-7.4.27RC1, php-8.1.0, php-8.0.13, php-7.4.26, php-7.3.33, php-8.1.0RC6, php-7.4.26RC1, php-8.0.13RC1, php-8.1.0RC5, php-7.3.32, php-7.4.25, php-8.0.12, php-8.1.0RC4
# 7f0d3f54 08-Oct-2021 Nikita Popov

Fixed bug #81502

Allow $tag to be null. This is the value that openssl_encrypt()
sets it to for non-AEAD ciphers, so we should also accept this
as an input to openssl_decrypt().

Fixed bug #81502

Allow $tag to be null. This is the value that openssl_encrypt()
sets it to for non-AEAD ciphers, so we should also accept this
as an input to openssl_decrypt().

Prior to PHP 8.1, null was accepted in weak mode due to the special
treatment of null arguments to internal functions.

show more ...


Revision tags: php-8.0.12RC1, php-7.4.25RC1, php-8.1.0RC3, php-8.0.11, php-7.4.24, php-7.3.31, php-8.1.0RC2
# 6ee96f09 10-Sep-2021 Remi Collet

fix [-Wmaybe-uninitialized] build warnings


Revision tags: php-7.4.24RC1, php-8.0.11RC1, php-8.1.0RC1, php-7.4.23, php-8.0.10, php-7.3.30, php-8.1.0beta3
# 7b34db06 10-Aug-2021 Nikita Popov

Switch default PKCS7/CMS cipher to AES-128-CBC

Switch default cipher for openssl_pkcs7_encrypt() and
openssl_cms_encrypt() from RC2-40 to AES-128-CBC.

The RC2-40 cipher is consi

Switch default PKCS7/CMS cipher to AES-128-CBC

Switch default cipher for openssl_pkcs7_encrypt() and
openssl_cms_encrypt() from RC2-40 to AES-128-CBC.

The RC2-40 cipher is considered insecure and is not loaded by
default in OpenSSL 3, which means that these functions will
always fail with default arguments.

As the used algorithm is embedded in the result (which makes this
different from the openssl_encrypt() case) changing the default
algorithm should be safe.

Closes GH-7357.

show more ...


Revision tags: php-8.0.10RC1, php-7.4.23RC1
# c51af22f 05-Aug-2021 Remi Collet

implement openssl_256 and openssl_512 for phar singatures


# 7d2a2c7d 11-Aug-2021 Nikita Popov

Fix openssl memory leaks

Some leaks that snuck in during refactorings.


# 3724b49a 09-Aug-2021 Nikita Popov

Use param API to create RSA key

Instead of deprecated low-level API.

A caveat here is that when using the high-level API, OpenSSL 3
requires that if the prime factors are set, t

Use param API to create RSA key

Instead of deprecated low-level API.

A caveat here is that when using the high-level API, OpenSSL 3
requires that if the prime factors are set, the CRT parameters
are also set. See https://github.com/openssl/openssl/issues/16271.

As such, add CRT parameters to the manual construction test.

This fixes the last deprecation warnings in openssl.c, but there
are more elsewhere.

show more ...


# ff2a39e6 09-Aug-2021 Nikita Popov

Add missing unsigned qualifier

This previously got lost in the deprecation warning noise.


# 6db2c2db 06-Aug-2021 Nikita Popov

Use param API for openssl_pkey_get_details()

Now that the DSA/DH/EC keys are not created using the legacy API,
we can fetch the details using the param API as well, and not
run into

Use param API for openssl_pkey_get_details()

Now that the DSA/DH/EC keys are not created using the legacy API,
we can fetch the details using the param API as well, and not
run into buggy priv_key handling.

show more ...


# 26a51e8d 09-Aug-2021 Nikita Popov

Extract public key portion via PEM roundtrip

The workaround with cloning the X509_REQ no longer works in
OpenSSL 3. Instead extract the public key portion by round
tripping through P

Extract public key portion via PEM roundtrip

The workaround with cloning the X509_REQ no longer works in
OpenSSL 3. Instead extract the public key portion by round
tripping through PEM.

show more ...


# f9e701cd 09-Aug-2021 Nikita Popov

Use param API for creating EC keys

Rather than the deprecated low level APIs.


# 14d7c7e9 09-Aug-2021 Nikita Popov

Extract EC key initialization


# 94bc5fce 08-Aug-2021 Nikita Popov

Use OpenSSL NCONF APIs (#7337)


# a0972deb 08-Aug-2021 Remi Collet

minimal fix for openssl 3.0 (#7002)


# 2bf316fd 06-Aug-2021 Nikita Popov

Switch manual DSA key generation to param API

This is very similar to the DH case, with the primary difference
that priv_key is ignored if pub_key is not given, rather than
generatin

Switch manual DSA key generation to param API

This is very similar to the DH case, with the primary difference
that priv_key is ignored if pub_key is not given, rather than
generating pub_key from priv_key. Would be nice if these worked
the same (in which case we should probably also unify the keygen
for FFC algorithms, as it's very similar).

show more ...


# a7740a0b 06-Aug-2021 Nikita Popov

Switch manual DH key generation to param API

Instead of using the deprecated low-level interface.

This should also avoid issues with fetching parameters from
legacy keys, cf. ht

Switch manual DH key generation to param API

Instead of using the deprecated low-level interface.

This should also avoid issues with fetching parameters from
legacy keys, cf. https://github.com/openssl/openssl/issues/16247.

show more ...


# f2d3e759 06-Aug-2021 Nikita Popov

Do not special case export of EC keys

All other private keys are exported in PKCS#8 format, while EC
keys use traditional format. Switch them to use PKCS#8 format as
well.

A

Do not special case export of EC keys

All other private keys are exported in PKCS#8 format, while EC
keys use traditional format. Switch them to use PKCS#8 format as
well.

As the OpenSSL docs say:

> PEM_write_bio_PrivateKey_traditional() writes out a private key
> in the "traditional" format with a simple private key marker and
> should only be used for compatibility with legacy programs.

show more ...


# cb48260f 05-Aug-2021 Nikita Popov

Avoid DH_compute_key() with OpenSSL 3

Instead construct a proper EVP_PKEY for the public key and
perform a derive operation.

Unfortunately we can't use a common code path here,

Avoid DH_compute_key() with OpenSSL 3

Instead construct a proper EVP_PKEY for the public key and
perform a derive operation.

Unfortunately we can't use a common code path here, because
EVP_PKEY_set1_encoded_public_key() formerly known as
EVP_PKEY_set1_tls_encodedpoint() does not appear to work with
DH keys prior to OpenSSL 3.

show more ...


# c6542b2a 05-Aug-2021 Nikita Popov

Extract php_openssl_pkey_derive() function

To allow sharing it with the openssl_dh_compute_key() implementation.


# f878bbd9 05-Aug-2021 Nikita Popov

Store whether pkey object contains private key

Rather than querying whether the EVP_PKEY contains private key
information, determine this at time of construction and store it
in the

Store whether pkey object contains private key

Rather than querying whether the EVP_PKEY contains private key
information, determine this at time of construction and store it
in the PHP object.

OpenSSL doesn't provide an API for this purpose, and seems
somewhat reluctant to add one, see
https://github.com/openssl/openssl/issues/9467.

To avoid using deprecated low-level APIs to determine whether
something is a private key ourselves, remember it at the point
of construction.

show more ...


12345678910>>...31