| #
dce0d976 |
| 25-Sep-2024 |
Jakub Zelenka |
Fix stub for openssl_csr_new
|
| #
32c5ce34 |
| 02-Sep-2024 |
Remi Collet |
Implement GH-13514 PASSWORD_ARGON2 from OpenSSL 3.2 (#13635)
* Implement GH-13514 PASSWORD_ARGON2 from OpenSSL 3.2
* simplify init/shutdown
* use php_base64_encode_ex
Implement GH-13514 PASSWORD_ARGON2 from OpenSSL 3.2 (#13635)
* Implement GH-13514 PASSWORD_ARGON2 from OpenSSL 3.2
* simplify init/shutdown
* use php_base64_encode_ex
* - rename macros - use openssl RAND_bytes - CS
* add --with-openssl-argon2 build option
* check OSSL_KDF_PARAM_ARGON2_LANES instead of OSSL_set_max_threads
* Cleanup and CS
* save/restore old threads config + CS
* remove unneeded check
show more ...
|
| #
29f98e74 |
| 10-Jul-2024 |
Tim Düsterhus |
Replace `@deprecated` by `#[\Deprecated]` for internal functions / class constants (#14750)
Co-authored-by: Gina Peter Banyard <girgias@php.net>
Co-authored-by: Niels Dossche <7771979+ni
Replace `@deprecated` by `#[\Deprecated]` for internal functions / class constants (#14750)
Co-authored-by: Gina Peter Banyard <girgias@php.net>
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
show more ...
|
| #
5f2a0c83 |
| 26-Apr-2024 |
Manuel Mausz |
Add support for Curve25519 + Curve448 based keys
For openssl_pkey_get_details we export the priv+pub parameters.
ED25519/ED448 do not support streaming, so we need to use
EVP_Di
Add support for Curve25519 + Curve448 based keys
For openssl_pkey_get_details we export the priv+pub parameters.
ED25519/ED448 do not support streaming, so we need to use
EVP_Digest{Sign,Verify} instead. In general the older EVP_{Sign,Verify}
interface should be avoided as the key is passed very late.
See BUGS section in OpenSSL manpages of EVP_{Sign,Verify}Final
Additionally per requirement we need to allow sign/verify without
digest. So we need to allow passing 0 as digest. In OpenSSL 3.0+ this also
corresponds to the default digest (see EVP_PKEY_get_default_digest_name).
For CSR creation we need to allow "null" as digest_alg option.
Closes GH-14052
show more ...
|
| #
98e2948c |
| 14-Jan-2024 |
Vincent JARDIN |
ext/openssl: Add X509 purpose constants.
- X509_PURPOSE_OCSP_HELPER.
- X509_PURPOSE_TIMESTAMP_SIGN.
- Also X509_PURPOSE_ANY is ok since 1.0.1+
Close GH-13149
|
| #
e0679f3d |
| 22-Dec-2023 |
Jakub Zelenka |
Introduce new serial_hex parameter to openssl_csr_sign
Co-authored-by: Florian Sowade <f.sowade@suora.com>
Closes GH-13023
Closes GH-9851
|
| #
fa10dfcc |
| 25-Feb-2023 |
Daniel Kesselberg |
Add PKCS7_NOOLDMIMETYPE and OPENSSL_CMS_OLDMIMETYPE
PKCS7_NOOLDMIMETYPE to use Content-Type application/pkcs7-mime
OPENSSL_CMS_OLDMIMETYPE to use Content-Type application/x-pkcs7-mime
Add PKCS7_NOOLDMIMETYPE and OPENSSL_CMS_OLDMIMETYPE
PKCS7_NOOLDMIMETYPE to use Content-Type application/pkcs7-mime
OPENSSL_CMS_OLDMIMETYPE to use Content-Type application/x-pkcs7-mime
SMIME_write_PKCS7 and SMIME_write_CMS are using SMIME_write_ASN1_ex.
The Content-Type application/x-pkcs7-mime is generated with the flag SMIME_OLDMIME (0x400).[^1]
SMIME_write_PKCS7 set SMIME_OLDMIME by default.[^2]
SMIME_write_CMS does not.[^3]
I picked OPENSSL_CMS_OLDMIMETYPE over OPENSSL_CMS_NOOLDMIMETYPE because that's what the flag actually does.
[^1]: https://github.com/openssl/openssl/blob/9a2f78e14a67eeaadefc77d05f0778fc9684d26c/crypto/asn1/asn_mime.c#L248-L251
[^2]: https://github.com/openssl/openssl/blob/9a2f78e14a67eeaadefc77d05f0778fc9684d26c/crypto/pkcs7/pk7_mime.c#L41-L43
[^3]: https://github.com/openssl/openssl/blob/9a2f78e14a67eeaadefc77d05f0778fc9684d26c/crypto/cms/cms_io.c#L93
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
show more ...
|
| #
3e2184f7 |
| 22-Oct-2022 |
Jakub Zelenka |
Fix OpenSSL conflicting merge for compilation issue with old digests
|
|
Revision tags: php-8.2.0RC1, php-8.1.10, php-8.0.23 |
|
| #
35e2a25d |
| 18-Aug-2022 |
Jakub Zelenka |
Add openssl_cipher_key_length function
This function works in exactly the same way as openssl_cipher_iv_length
but for a key length. This is especially useful to make sure that the
r
Add openssl_cipher_key_length function
This function works in exactly the same way as openssl_cipher_iv_length
but for a key length. This is especially useful to make sure that the
right key length is provided to openssl_encrypt and openssl_decrypt.
In addtion the change also updates implementation of
openssl_cipher_iv_length and adds a test for it.
show more ...
|
|
Revision tags: php-8.0.23RC1, php-8.1.10RC1, php-8.2.0beta3, php-8.2.0beta2, php-8.1.9, php-8.0.22 |
|
| #
b358834c |
| 20-Jul-2022 |
Máté Kocsis |
Declare ext/openssl constants in stubs (#9046)
|
|
Revision tags: php-8.1.9RC1, php-8.2.0beta1, php-8.0.22RC1 |
|
| #
342e18f1 |
| 12-Jul-2022 |
Tim Düsterhus |
Support the actual `#[\SensitiveParameter]` attribute in stubs (#8836)
|
|
Revision tags: php-8.0.21, php-8.1.8, php-8.2.0alpha3, php-8.1.8RC1, php-8.2.0alpha2, php-8.0.21RC1, php-8.0.20, php-8.1.7, php-8.2.0alpha1, php-7.4.30, php-8.1.7RC1, php-8.0.20RC1, php-8.1.6, php-8.0.19, php-8.1.6RC1, php-8.0.19RC1, php-8.0.18, php-8.1.5 |
|
| #
c311ab7e |
| 12-Apr-2022 |
Tim Düsterhus |
Mark parameter in ext/openssl as sensitive
|
| #
16bf8331 |
| 13-Apr-2022 |
Mikko Pesari |
Fix openssl_csr_export() stub
Closes GH-8362.
|
|
Revision tags: php-7.4.29, php-8.1.5RC1, php-8.0.18RC1, php-8.1.4, php-8.0.17, php-8.1.4RC1, php-8.0.17RC1, php-8.1.3, php-8.0.16, php-7.4.28, php-8.1.3RC1, php-8.0.16RC1, php-8.1.2, php-8.0.15, php-8.1.2RC1, php-8.0.15RC1, php-8.0.14, php-8.1.1, php-7.4.27, php-8.1.1RC1, php-8.0.14RC1, php-7.4.27RC1, php-8.1.0, php-8.0.13, php-7.4.26, php-7.3.33, php-8.1.0RC6, php-7.4.26RC1, php-8.0.13RC1, php-8.1.0RC5, php-7.3.32, php-7.4.25, php-8.0.12, php-8.1.0RC4 |
|
| #
7f0d3f54 |
| 08-Oct-2021 |
Nikita Popov |
Fixed bug #81502
Allow $tag to be null. This is the value that openssl_encrypt()
sets it to for non-AEAD ciphers, so we should also accept this
as an input to openssl_decrypt().
Fixed bug #81502
Allow $tag to be null. This is the value that openssl_encrypt()
sets it to for non-AEAD ciphers, so we should also accept this
as an input to openssl_decrypt().
Prior to PHP 8.1, null was accepted in weak mode due to the special
treatment of null arguments to internal functions.
show more ...
|
| #
d9e5e630 |
| 07-Oct-2021 |
Máté Kocsis |
Add more specific array return type hints for various extensions - part 6 (#7474)
|
|
Revision tags: php-8.0.12RC1, php-7.4.25RC1, php-8.1.0RC3, php-8.0.11, php-7.4.24, php-7.3.31, php-8.1.0RC2, php-7.4.24RC1, php-8.0.11RC1, php-8.1.0RC1, php-7.4.23, php-8.0.10, php-7.3.30, php-8.1.0beta3 |
|
| #
7b34db06 |
| 10-Aug-2021 |
Nikita Popov |
Switch default PKCS7/CMS cipher to AES-128-CBC
Switch default cipher for openssl_pkcs7_encrypt() and
openssl_cms_encrypt() from RC2-40 to AES-128-CBC.
The RC2-40 cipher is consi
Switch default PKCS7/CMS cipher to AES-128-CBC
Switch default cipher for openssl_pkcs7_encrypt() and
openssl_cms_encrypt() from RC2-40 to AES-128-CBC.
The RC2-40 cipher is considered insecure and is not loaded by
default in OpenSSL 3, which means that these functions will
always fail with default arguments.
As the used algorithm is embedded in the result (which makes this
different from the openssl_encrypt() case) changing the default
algorithm should be safe.
Closes GH-7357.
show more ...
|
|
Revision tags: php-8.0.10RC1, php-7.4.23RC1, php-8.1.0beta2, php-8.0.9, php-7.4.22, php-8.1.0beta1 |
|
| #
570d9b63 |
| 20-Jul-2021 |
Joe Watkins |
Not serializable flag permeation
|
| #
fc0d8983 |
| 19-Jul-2021 |
Máté Kocsis |
Fix some smaller formatting inconsistencies in stubs
|
|
Revision tags: php-7.4.22RC1, php-8.0.9RC1, php-8.1.0alpha3, php-7.4.21, php-7.3.29, php-8.0.8, php-8.1.0alpha2, php-7.4.21RC1, php-8.0.8RC1, php-8.1.0alpha1, php-8.0.7, php-7.4.20, php-8.0.7RC1, php-7.4.20RC1 |
|
| #
bb0107b6 |
| 04-May-2021 |
Vincent JARDIN |
openssl_pkcs7_read: input is data not filename
The argument should be an input string and not a filename.
Fix: https://github.com/php/doc-en/pull/559
Suggested-by: George Peter
openssl_pkcs7_read: input is data not filename
The argument should be an input string and not a filename.
Fix: https://github.com/php/doc-en/pull/559
Suggested-by: George Peter Banyard <girgias@php.net>
Closes GH-6942.
show more ...
|
|
Revision tags: php-8.0.6, php-7.4.19, php-7.4.18, php-7.3.28, php-8.0.5, php-8.0.5RC1, php-7.4.18RC1, php-8.0.4RC1, php-7.4.17RC1, php-8.0.3, php-7.4.16, php-8.0.3RC1, php-7.4.16RC1 |
|
| #
af56982a |
| 14-Feb-2021 |
Máté Kocsis |
Generate class entries from stubs for oci8, odbc, openssl, pcntl, pdo, pgsql
Closes GH-6691
|
|
Revision tags: php-8.0.2, php-7.4.15, php-7.3.27, php-8.0.2RC1, php-7.4.15RC2, php-7.4.15RC1, php-8.0.1, php-7.4.14, php-7.3.26, php-7.4.14RC1, php-8.0.1RC1, php-7.3.26RC1, php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23 |
|
| #
9d9bcc2b |
| 17-Sep-2020 |
Máté Kocsis |
Improve parameter names in ext/hash and ext/openssl
Closes GH-6156
|
|
Revision tags: php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1 |
|
| #
fa5a25b8 |
| 12-Sep-2020 |
Máté Kocsis |
Adjust ext/openssl parameter names
Closes GH-6121
|
|
Revision tags: php-8.0.0beta3, php-7.4.10, php-7.3.22 |
|
| #
e8e4ddce |
| 20-Aug-2020 |
Máté Kocsis |
Improve parameter handling in ext/openssl
Closes GH-6025
|
| #
3e149427 |
| 08-Sep-2020 |
Nikita Popov |
Require $method parameter in openssl_seal/openssl_open
RC4 is considered insecure, and it's not possible to change the
default of these functions. As such, require the method to be
p
Require $method parameter in openssl_seal/openssl_open
RC4 is considered insecure, and it's not possible to change the
default of these functions. As such, require the method to be
passed explicitly.
Closes GH-6093.
show more ...
|
|
Revision tags: php-8.0.0beta2, php-7.3.22RC1, php-7.4.10RC1 |
|
| #
ca20f36b |
| 14-Aug-2020 |
Nikita Popov |
Fix types in openssl stub
These two $recipcert parameters don't use proper union types
right now. They are a bit tricky due to the $recipkey -> $recipcert
fallback.
|
