mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-01 13:54:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
70,957 Commits 500 Branches 1,381 Tags 824 MiB
7e870c596d
Commit Graph

430 Commits

Author SHA1 Message Date
Stanislav Malyshev
408b172017 Revert xp_ssl.c to the state of 5.4.32 due to regressions 2014-09-26 00:44:24 -07:00
Daniel Lowrey
372844918a Bug #41631: Fix regression from first attempt (6569db8) 2014-09-09 09:01:42 -06:00
Daniel Lowrey
f86b2193a4 Bug #67965: Fix blocking behavior in non-blocking crypto streams 2014-09-09 07:37:57 -06:00
Chris Wright
32be79dcfa Fix stream_select() issue with OpenSSL buffer 
Ensure data from OpenSSL internal buffer has been
transfered to PHP stream buffer before a select()
emulation operation is performed

Addresses bug #65137
https://bugs.php.net/bug.php?id=65137

Conflicts:
	ext/openssl/xp_ssl.c
 2014-08-27 13:25:50 +01:00
Anatol Belski
84a4041ba4 fix TS build 2014-08-07 19:49:59 +02:00
Daniel Lowrey
6569db8808 Bug #41631: Observe socket read timeouts in SSL streams 2014-08-07 11:47:42 -04:00
Stanislav Malyshev
b4a4db467b Fix missing type checks in various functions 2014-07-27 02:42:49 -07:00
Paul Oehler
76a7fd893b Added support for parsing ssl certificates using GeneralizedTime format. 
fix bug #65698
fix bug #66636
 2014-06-08 14:17:58 -07:00
Chuan Ma
a186312832 Fix #66942: openssl_seal() memory leak 
Fix #66952: memory leak in openssl_open()
 2014-04-14 13:24:14 -07:00
Remi Collet
17f6391bf8 Fixed Bug #66833 Default digest algo is still MD5 
Switch to SHA1, which match internal openssl hardcoded algo.

In most case, won't even be noticed
- priority on user input (default_md)
- fallback on system config
- fallback on this default value

Recent system reject MD5 digest, noticed in bug36732.phpt failure.

While SHA1 is better than MD5, SHA256 is recommenced,
and defined as default algo in provided configuration on
recent system (Fedora 21, RHEL-7, ...). But the idea is to
keep in sync with openssl internal value for PHP internal value.
 2014-03-14 09:50:15 +01:00
Michael Meyer
737c187013 Typo fix: sicret -> secret 2014-03-13 12:37:25 +02:00
Remi Collet
721b9a7c8d Set default Digest Message to use SHA1 instead of MD5 in openssl tests 
as MD5 signature are now rejected by newer openssl Version.

Noticed in RHEL-7 and Fedora 21 build.
 2014-03-06 10:14:08 +01:00
Daniel Lowrey
633f898f15 Skip failing tests when EC unavailable (RHEL) 2014-02-19 03:57:37 -07:00
Daniel Lowrey
a80cec1190 Fixed broken build when EC unavailable 2014-02-17 18:55:39 -05:00
mk-j
19524fc6fe Fix for bug66501 - "key type not supported in this PHP build" 2014-02-14 18:11:46 -07:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Anatol Belski
ff89066b3d Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  fix dir separator in cve-2013-6420 test
 2013-12-11 13:32:49 +01:00
Anatol Belski
6f739318fd fix dir separator in cve-2013-6420 test 2013-12-11 13:31:29 +01:00
Stanislav Malyshev
71daf3229b Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  5.3.29-dev
  Fix CVE-2013-6420 - memory corruption in openssl_x509_parse

Conflicts:
	configure.in
	main/php_version.h
 2013-12-10 11:34:35 -08:00
Stanislav Malyshev
c1224573c7 Fix CVE-2013-6420 - memory corruption in openssl_x509_parse 2013-12-10 11:03:49 -08:00
Michael Wallner
22700890d4 C89 compatibility 2013-10-09 12:30:31 +02:00
Daniel Lowrey
b026993a74 Fixed segfault when built with OpenSSL >= 1.0.1 
(PR #481)
 2013-10-09 09:17:25 +02:00
Stanislav Malyshev
cf96aa155e Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  fix using wrong buffer pointer
 2013-08-19 01:03:18 -07:00
Stanislav Malyshev
c1c49d6e39 fix using wrong buffer pointer 2013-08-19 01:02:12 -07:00
Mark Jones
9973658a44 Fix for php bug #64802 includes test case 2013-08-18 15:42:37 -07:00
Christopher Jones
9ad97cd489 Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings. 2013-08-14 20:36:50 -07:00
Stanislav Malyshev
dcea4ec698 Fix CVE-2013-4073 - handling of certs with null bytes 2013-08-13 22:24:11 -07:00
Stanislav Malyshev
2874696a5a Fix CVE-2013-4073 - handling of certs with null bytes 2013-08-13 22:20:33 -07:00
Stanislav Malyshev
ac40c0b562 Merge branch 'pull-request/341' 
* pull-request/341: (23 commits)
  typofixes
 2013-06-10 14:20:18 -07:00
Stanislav Malyshev
7b0107cc5d fix bug #61930: openssl corrupts ssl key resource when using openssl_get_publickey() 2013-02-17 13:28:42 -08:00
Lars Strojny
836a2b1131 NEWS entry new OpenSSL option [doc] 2013-01-31 00:32:44 +01:00
Daniel Lowrey
4a01ddfb55 Added ssl context option, "disable_compression" 
The CRIME attack vector exploits TLS compression. This patch adds a stream context option
allowing servers to disable TLS compression for versions of OpenSSL >= 1.0.0 (which first
introduced the SSL_OP_NO_COMPRESSION option). A summary rundown of the CRIME attack can
be found at https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls

Thanks to @DaveRandom for pointing out the relevant section of code.
 2013-01-31 00:31:10 +01:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Xinchen Hui
a2045ff332 Happy New Year~ 2013-01-01 16:02:16 +08:00
Mark Jones
84202c367e commit for php bug 61421 
enabling SHA2 and RMD160 for openssl signature verification
 2012-09-15 22:59:34 -07:00
Stanislav Malyshev
c7be96b08f Revert "Add PBKDF2 support via openssl()" 
This reverts commit b5b8ea1050.
Looks like we don't have agreement yet on this for 5.4. Let's keep it in 5.5 for now.
 2012-06-12 11:22:49 -07:00
Stanislav Malyshev
a2bfad051d Revert "Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell." 
This reverts commit bccd1e672f.
Looks like we don't have agreement yet on this for 5.4. Let's keep it in 5.5 for now.
 2012-06-12 11:21:54 -07:00
Scott MacVicar
bccd1e672f Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell. 
Summary:
Stas pointed out that this is named pretty poorly. Go for openssl_pbkdf2()
 2012-06-11 15:41:41 -07:00
Scott MacVicar
b5b8ea1050 Add PBKDF2 support via openssl() 
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.

Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.

Will backport to 5.4 potentially with Stas' approval.

Test Plan:
Ran newly added tests which came from RFC 6070
 2012-06-11 13:35:25 -07:00
Anatoliy Belsky
270a406ac9 Fix bug #61413 ext\openssl\tests\openssl_encrypt_crash.phpt fails 5.3 only 2012-04-24 14:05:35 +02:00
Anatoliy Belsky
fa0d507923 Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  Fix bug #61401 ext\openssl\tests\004.phpt fails
  Fix bug #61404 ext\openssl\tests\021.phpt fails
  Fix bug #61448 intl tests fail with icu >= 4.8
 2012-03-28 17:13:16 +02:00
Anatoliy Belsky
bff8152565 Fix bug #61401 ext\openssl\tests\004.phpt fails 2012-03-28 17:11:58 +02:00
Anatoliy Belsky
4c5b427124 Fix bug #61404 ext\openssl\tests\021.phpt fails 2012-03-28 16:15:36 +02:00
Anatoliy Belsky
bd7bb973b1 Fix bug #61404 ext\openssl\tests\021.phpt fails 2012-03-28 16:04:56 +02:00
Anatoliy Belsky
8d7a489b97 Merge branch '5.3' into 5.4 
* 5.3:
  Fix bug #61405 ext\openssl\tests\022.phpt fails
  Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 2012-03-27 16:15:15 +02:00
Anatoliy Belsky
b638d3020c Fix bug #61405 ext\openssl\tests\022.phpt fails 2012-03-27 16:07:59 +02:00
Anatoliy Belsky
e55718b091 Fix bug #61412 ext\openssl\tests\bug28382.phpt fails 2012-03-27 16:07:59 +02:00
Anatoliy Belsky
7fdd35d697 Fix bug #61412 ext\openssl\tests\bug28382.phpt fails 2012-03-27 16:07:25 +02:00
Olivier DOUCET
ad832abba1 test for bug #61124 2012-02-25 13:27:57 +00:00
Olivier DOUCET
118dd43555 test for bug #61124 2012-02-25 13:27:57 +00:00