mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-15 21:05:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
82,787 Commits 503 Branches 1,384 Tags 823 MiB
9a31d70845
Commit Graph

706 Commits

Author SHA1 Message Date
Daniel Lowrey
bd9aa181dc Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed broken build when EC unavailable
 2014-02-17 19:38:30 -05:00
Daniel Lowrey
a80cec1190 Fixed broken build when EC unavailable 2014-02-17 18:55:39 -05:00
Daniel Lowrey
2a83295b14 Add tests for Bug #65538 2014-02-16 09:20:43 -07:00
Daniel Lowrey
c7220dc6c5 Fix Bug #65538 (cafile now supports stream wrappers) 2014-02-16 08:47:37 -07:00
Daniel Lowrey
b60cb2b88a Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix for bug66501 - "key type not supported in this PHP build"
 2014-02-14 18:20:01 -07:00
Daniel Lowrey
65adb74984 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix for bug66501 - "key type not supported in this PHP build"
 2014-02-14 18:15:24 -07:00
mk-j
19524fc6fe Fix for bug66501 - "key type not supported in this PHP build" 2014-02-14 18:11:46 -07:00
Daniel Lowrey
ce8dc0ede2 Bug #47030 (separate host and peer verification) 2014-02-14 15:17:30 -07:00
Daniel Lowrey
f073588e75 Fix test broken if openssl is compiled without sslv2 2014-02-14 13:39:02 -07:00
Daniel Lowrey
8582353700 Fix segfault accessing context when no context assigned 2014-02-14 10:24:08 -07:00
Daniel Lowrey
99fa59054d Fixed SNI failure from missing Z_STRVAL_PP 2014-02-04 19:11:56 -07:00
Daniel Lowrey
05c309f2d8 Remove #if PHP_VERSION_ID version checks 2014-02-01 08:01:13 -07:00
Daniel Lowrey
58293fb533 Use master-agnostic zend_is_true checks 2014-01-31 14:18:31 -07:00
Daniel Lowrey
43432c12f1 Fixed build breakage from b4b4d9697f 2014-01-29 17:57:59 -07:00
Daniel Lowrey
b4b4d9697f Verify peers by default in client socket operations 2014-01-28 10:05:56 -07:00
Daniel Lowrey
68883318aa Prevent invalid SAN peer verification on null byte prefix attack 2014-01-27 14:51:22 -07:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Xinchen Hui
47c9027772 Bump year 2014-01-03 11:06:16 +08:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Anatol Belski
39a2dcdeac Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed bug #65486 mysqli_poll() is broken on Win x64
 2013-12-12 10:46:21 +01:00
Anatol Belski
da62fd5ed8 Fixed bug #65486 mysqli_poll() is broken on Win x64 
While this issue is visible in mysqli_poll() functions, the cause
lays deeper in the stream to socket casting API. On Win x64 the
SOCKET datatype is a 64 or 32 bit unsigned, while on Linux/Unix-like
it's 32 bit signed integer. The game of casting 32 bit var to/from
64 bit pointer back and forth is the best way to break it.

Further more, while socket and file descriptors are always integers
on Linux, those are different things using different APIs on Windows.
Even though using integer instead of SOCKET might work on Windows, this
issue might need to be revamped more carefully later. By this time
this patch is tested well with phpt and apps and shows no regressions,
neither in mysqli_poll() nor in any other parts.
 2013-12-12 10:17:01 +01:00
Anatol Belski
e9efc16660 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fix dir separator in cve-2013-6420 test
 2013-12-11 13:33:37 +01:00
Anatol Belski
b6bcae5c10 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  fix dir separator in cve-2013-6420 test
 2013-12-11 13:33:16 +01:00
Anatol Belski
ff89066b3d Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  fix dir separator in cve-2013-6420 test
 2013-12-11 13:32:49 +01:00
Anatol Belski
6f739318fd fix dir separator in cve-2013-6420 test 2013-12-11 13:31:29 +01:00
Stanislav Malyshev
293984ac33 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  5.3.29-dev
  Fix CVE-2013-6420 - memory corruption in openssl_x509_parse
 2013-12-10 11:36:06 -08:00
Stanislav Malyshev
41cd533298 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  5.3.29-dev
  Fix CVE-2013-6420 - memory corruption in openssl_x509_parse
 2013-12-10 11:35:26 -08:00
Stanislav Malyshev
71daf3229b Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  5.3.29-dev
  Fix CVE-2013-6420 - memory corruption in openssl_x509_parse

Conflicts:
	configure.in
	main/php_version.h
 2013-12-10 11:34:35 -08:00
Stanislav Malyshev
c1224573c7 Fix CVE-2013-6420 - memory corruption in openssl_x509_parse 2013-12-10 11:03:49 -08:00
Michael Wallner
c86862cb3c Merge branch 'openssl_compile_warning_fix' of https://github.com/bukka/php-src 
* 'openssl_compile_warning_fix' of https://github.com/bukka/php-src:
  Fix compiler warnings in openssl.c
 2013-10-18 12:03:02 +02:00
Michael Wallner
b95f9fa0aa previous revert killed that file 2013-10-17 15:32:18 +02:00
Michael Wallner
3f2fba4c34 Merge branch 'updated_tls_support' of https://github.com/rdlowrey/php-src 
* 'updated_tls_support' of https://github.com/rdlowrey/php-src:
  Added support for TLSv1.1 and TLSv1.2

Conflicts:
	ext/openssl/xp_ssl.c
 2013-10-17 15:27:15 +02:00
Michael Wallner
dd3a4c303b Merge branch 'PHP-5.5' 
* PHP-5.5:
  Revert "TLS news"
  Revert "Added support for TLSv1.1 and TLSv1.2"
 2013-10-17 15:22:07 +02:00
Michael Wallner
8aaecef524 Revert "Added support for TLSv1.1 and TLSv1.2" 
This reverts commit 2aaa3d538a.
 2013-10-17 15:20:38 +02:00
Michael Wallner
ad0a85b9e2 fix ws 2013-10-17 15:09:28 +02:00
Michael Wallner
5a7ca69e56 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Added support for TLSv1.1 and TLSv1.2

Conflicts:
	ext/openssl/xp_ssl.c
 2013-10-17 14:53:50 +02:00
Daniel Lowrey
2aaa3d538a Added support for TLSv1.1 and TLSv1.2 
Conflicts:
	ext/openssl/xp_ssl.c
 2013-10-17 14:49:44 +02:00
Jakub Zelenka
c092d286fc Fix compiler warnings in openssl.c 2013-10-13 15:52:39 +01:00
Daniel Lowrey
9d57243794 Fixes broken zts build (recent openssl changes) 2013-10-12 22:28:15 +02:00
Michael Wallner
e2d123a720 C89 2013-10-09 17:16:25 +02:00
Michael Wallner
c85c50e35c Merge branch 'san_peer_matching' of https://github.com/rdlowrey/php-src 
* 'san_peer_matching' of https://github.com/rdlowrey/php-src:
  Changed return types to zend_bool, renamed test
  Added SAN matching during peer verification
 2013-10-09 17:09:03 +02:00
Daniel Lowrey
a40dd6e963 Changed return types to zend_bool, renamed test 2013-10-09 09:55:36 -04:00
Michael Wallner
302b9d4e5c Merge branch 'PHP-5.5' 
* PHP-5.5:
  C89 compatibility
 2013-10-09 12:30:51 +02:00
Michael Wallner
3b3c57e79e Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  C89 compatibility
 2013-10-09 12:30:42 +02:00
Michael Wallner
22700890d4 C89 compatibility 2013-10-09 12:30:31 +02:00
Michael Wallner
29d5ff75d5 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Fixed segfault when built with OpenSSL >= 1.0.1
  fixing a minor typo in CODING_STANDARDS document
  FIX BUG #65219 - Typo correction
  FIX BUG #65219 - USE DB not being sent for FreeTDS version < 0.92 FreeTDS <0.92 does not support DBSETLDBNAME option and therefore will not work with SQL Azure. Fallback to dbuse command in letter versions.
 2013-10-09 09:18:29 +02:00
Michael Wallner
36fb4ed968 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed segfault when built with OpenSSL >= 1.0.1
  fixing a minor typo in CODING_STANDARDS document
  FIX BUG #65219 - Typo correction
  FIX BUG #65219 - USE DB not being sent for FreeTDS version < 0.92 FreeTDS <0.92 does not support DBSETLDBNAME option and therefore will not work with SQL Azure. Fallback to dbuse command in letter versions.
 2013-10-09 09:17:48 +02:00
Daniel Lowrey
b026993a74 Fixed segfault when built with OpenSSL >= 1.0.1 
(PR #481)
 2013-10-09 09:17:25 +02:00
Daniel Lowrey
2ddefbd2b3 Added support for TLSv1.1 and TLSv1.2 2013-10-08 14:09:17 -04:00
Daniel Lowrey
1970b96443 Added SAN matching during peer verification 2013-10-08 12:37:44 -04:00
Michael Wallner
ea0578e223 Merge branch 'ssl-streams-crypto-method' of https://github.com/mj/php-src 
* 'ssl-streams-crypto-method' of https://github.com/mj/php-src:
  Add unit test that covers setting the crypto method.
  Streams for ssl:// transports can now be configured to use a specific crypto method (SSLv3, SSLv2 etc.) by calling
 2013-10-08 16:10:00 +02:00
Michael Wallner
8300ced2f7 Merge branch 'bug65729' of https://github.com/datibbaw/php-src 
* 'bug65729' of https://github.com/datibbaw/php-src:
  DNS name comparison is now case insensitive.
  Use zend_bool as return value for _match()
  Added two more test cases for CN matching.
  yay, reduced one variable
  Fixed bug that would lead to out of bounds memory access
  added better wildcard matching for CN
 2013-10-08 15:58:28 +02:00
datibbaw
6106896440 DNS name comparison is now case insensitive. 2013-10-08 10:07:54 +08:00
Tjerk Meesters
39c0daeb71 Use zend_bool as return value for _match() 2013-10-07 23:04:24 +08:00
Tjerk Meesters
674dd73f8c Added two more test cases for CN matching. 2013-10-07 22:10:05 +08:00
datibbaw
955bc1d91b Using SUCCESS and FAILURE for return values 
Using zend_bool for boolean arguments and return values
Reduced one level of zval indirection where possible
 2013-10-07 15:38:48 +08:00
Martin Jansen
047877e810 Add unit test that covers setting the crypto method. 2013-10-04 21:55:29 +02:00
Tjerk Meesters
e45eacd8fa show method in error message 2013-09-30 21:21:56 +08:00
datibbaw
edd93f3452 Support string and array for peer fingerprint matching 2013-09-27 14:13:11 +08:00
Tjerk Meesters
69bdc5aca8 who put that stupid newline there? 2013-09-23 23:42:31 +08:00
Tjerk Meesters
1c7cabb2ca add md5 and sha1 fingerprint tests 2013-09-23 23:29:17 +08:00
Tjerk Meesters
2bfc5a253b Renamed to be more descriptive of what it does 2013-09-23 00:51:17 +08:00
Martin Jansen
ce2789558a Streams for ssl:// transports can now be configured to use a specific 
crypto method (SSLv3, SSLv2 etc.) by calling

stream_context_set_option($ctx, "ssl", "crypto_method", $crypto_method)

where $crypto_method can be one of STREAM_CRYPTO_METHOD_SSLv2_CLIENT,
STREAM_CRYPTO_METHOD_SSLv3_CLIENT, STREAM_CRYPTO_METHOD_SSLv23_CLIENT
or STREAM_CRYPTO_METHOD_TLS_CLIENT. SSLv23 remains the default crypto
method.

This change makes it possible to fopen() SSL URLs that are only
provided using SSL v3.
 2013-09-21 21:26:40 +02:00
Tjerk Meesters
a820c3d6ba yay, reduced one variable 2013-09-21 20:42:52 +08:00
Tjerk Meesters
8e847b5845 Fixed bug that would lead to out of bounds memory access 2013-09-21 19:38:09 +08:00
Tjerk Meesters
521a5c9568 don't leak cert on errors, return null on zpp failure 2013-09-21 18:24:00 +08:00
Tjerk Meesters
8915c3fb4f added better wildcard matching for CN 2013-09-21 16:45:20 +08:00
Tjerk Meesters
a97aec16c0 Added test case for openssl_x509_digest() 2013-09-20 23:29:04 +08:00
Tjerk Meesters
574fe449dc removed the byref result 2013-09-20 22:50:30 +08:00
datibbaw
ce13f9fa32 indentation fail 2013-09-20 16:59:44 +08:00
datibbaw
b2881db9a9 added option for hash function 2013-09-20 16:56:50 +08:00
datibbaw
5cff92fb12 added option for raw output 2013-09-20 15:45:41 +08:00
datibbaw
b8f9a20286 added openssl_x509_digest(), output is binary sha1 2013-09-20 15:04:52 +08:00
Christopher Jones
24288eb4d1 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Remove compile warning:
      warning: unused variable ‘j’ [-Wunused-variable]
 2013-08-19 17:58:53 -07:00
Christopher Jones
1a00b9bd26 Remove compile warning: 
warning: unused variable ‘j’ [-Wunused-variable]
 2013-08-19 17:58:42 -07:00
Christopher Jones
5697aa5728 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Remove compile warnings:
      warning: variable ‘lastch’ set but not used [-Wunused-but-set-variable]
      warning: variable ‘buf’ set but not used [-Wunused-but-set-variable]
  Remove compile warning: variable ‘streamp’ set but not used [-Wunused-but-set-variable]
  Remove compile warnings:
      variable ‘obj_cnt’ set but not used [-Wunused-but-set-variable]
      unused variable ‘last’ [-Wunused-variable]
      unused variable ‘j’ [-Wunused-variable]
  Remove compile warning "variable ‘mekeylen’ set but not used"
 2013-08-19 17:51:04 -07:00
Christopher Jones
cf7f50748a Remove compile warnings: 
variable ‘obj_cnt’ set but not used [-Wunused-but-set-variable]
  unused variable ‘last’ [-Wunused-variable]
  unused variable ‘j’ [-Wunused-variable]
 2013-08-19 17:44:36 -07:00
Stanislav Malyshev
cfe5833579 Merge branch 'PHP-5.5' 
* PHP-5.5:
  fix using wrong buffer pointer
 2013-08-19 01:07:50 -07:00
Stanislav Malyshev
8e0f110099 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  fix using wrong buffer pointer
 2013-08-19 01:04:19 -07:00
Stanislav Malyshev
cf96aa155e Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  fix using wrong buffer pointer
 2013-08-19 01:03:18 -07:00
Stanislav Malyshev
c1c49d6e39 fix using wrong buffer pointer 2013-08-19 01:02:12 -07:00
Stanislav Malyshev
12c2a8a5eb Merge branch 'PHP-5.5' 
* PHP-5.5:
  Fix for php bug #64802 includes test case
 2013-08-18 16:55:03 -07:00
Stanislav Malyshev
bd29ff7c38 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix for php bug #64802 includes test case

Conflicts:
	ext/openssl/openssl.c
 2013-08-18 15:45:17 -07:00
Mark Jones
9973658a44 Fix for php bug #64802 includes test case 2013-08-18 15:42:37 -07:00
Christopher Jones
ac03b67e6a Remove unused variable 2013-08-14 21:21:17 -07:00
Christopher Jones
3c166c4758 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/gmp/gmp.c
 2013-08-14 20:47:00 -07:00
Christopher Jones
39612afc72 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/dba/libinifile/inifile.c
 2013-08-14 20:43:25 -07:00
Christopher Jones
9ad97cd489 Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings. 2013-08-14 20:36:50 -07:00
Stanislav Malyshev
4da6273092 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Fix CVE-2013-4073 - handling of certs with null bytes
  Fix CVE-2013-4073 - handling of certs with null bytes
 2013-08-13 22:26:32 -07:00
Stanislav Malyshev
2b9f5ac252 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix CVE-2013-4073 - handling of certs with null bytes
  Fix CVE-2013-4073 - handling of certs with null bytes
 2013-08-13 22:25:47 -07:00
Stanislav Malyshev
dcea4ec698 Fix CVE-2013-4073 - handling of certs with null bytes 2013-08-13 22:24:11 -07:00
Stanislav Malyshev
2874696a5a Fix CVE-2013-4073 - handling of certs with null bytes 2013-08-13 22:20:33 -07:00
Christopher Jones
4c3c9d1fe5 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Fix long-standing visual pain point: the misalignment of './configure help' text. Whitespace changes and a couple of grammar fixes.
 2013-08-06 11:09:12 -07:00
Christopher Jones
c6d977dd39 Fix long-standing visual pain point: the misalignment of './configure help' text. 
Whitespace changes and a couple of grammar fixes.
 2013-08-06 11:06:09 -07:00
Andrey Hristov
92d27ccb05 Constify streams API and a few other calls down the rabbit hole. 
(`char *` to `const char *` for parameters and few return values)
In a few places int len moved to size_t len.
 2013-07-30 12:49:36 +02:00
Anatol Belski
678ef6a133 Merge branch 'PHP-5.5' 
* PHP-5.5:
  fix missing include
 2013-07-23 18:07:16 +02:00
Anatol Belski
f00d796b7e fix missing include 2013-07-23 18:06:51 +02:00
Veres Lajos
6c4af15d6c typos (orig) 2013-07-15 00:19:32 -07:00
Stanislav Malyshev
8ac131503d Merge branch 'PHP-5.5' 
* PHP-5.5:
  Merge branch 'pull-request/341'
  Merge branch 'pull-request/341'
 2013-06-10 14:31:57 -07:00
Stanislav Malyshev
02e4d7a290 Merge branch 'pull-request/341' 
* pull-request/341: (23 commits)
  typofixes
 2013-06-10 14:30:59 -07:00
Stanislav Malyshev
ac40c0b562 Merge branch 'pull-request/341' 
* pull-request/341: (23 commits)
  typofixes
 2013-06-10 14:20:18 -07:00
jas-
525e27e1e5 Fix for challenge string length pointed out by Kalle Nielsen 2013-05-06 18:43:13 -06:00
jas-
8f56ac8401 Address feature request #38917 for native SPKAC (HTML5 keygen element) support 2013-05-06 16:36:06 -06:00
Stanislav Malyshev
0841eca580 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  fix bug #61930: openssl corrupts ssl key resource when using openssl_get_publickey()
 2013-02-17 13:29:34 -08:00
Stanislav Malyshev
7b0107cc5d fix bug #61930: openssl corrupts ssl key resource when using openssl_get_publickey() 2013-02-17 13:28:42 -08:00
Lars Strojny
6b48a86a17 Merge branch 'PHP-5.4' into PHP-5.5 2013-01-31 00:33:46 +01:00
Lars Strojny
836a2b1131 NEWS entry new OpenSSL option [doc] 2013-01-31 00:32:44 +01:00
Daniel Lowrey
4a01ddfb55 Added ssl context option, "disable_compression" 
The CRIME attack vector exploits TLS compression. This patch adds a stream context option
allowing servers to disable TLS compression for versions of OpenSSL >= 1.0.0 (which first
introduced the SSL_OP_NO_COMPRESSION option). A summary rundown of the CRIME attack can
be found at https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls

Thanks to @DaveRandom for pointing out the relevant section of code.
 2013-01-31 00:31:10 +01:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Xinchen Hui
a2045ff332 Happy New Year~ 2013-01-01 16:02:16 +08:00
Stanislav Malyshev
088640adb2 Merge branch 'PHp-5.4' 
* PHp-5.4:
  news for bug #61421
  commit for php bug 61421 enabling SHA2 and RMD160 for openssl signature verification
 2012-09-15 23:02:44 -07:00
Mark Jones
84202c367e commit for php bug 61421 
enabling SHA2 and RMD160 for openssl signature verification
 2012-09-15 22:59:34 -07:00
Stanislav Malyshev
c7be96b08f Revert "Add PBKDF2 support via openssl()" 
This reverts commit b5b8ea1050.
Looks like we don't have agreement yet on this for 5.4. Let's keep it in 5.5 for now.
 2012-06-12 11:22:49 -07:00
Stanislav Malyshev
a2bfad051d Revert "Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell." 
This reverts commit bccd1e672f.
Looks like we don't have agreement yet on this for 5.4. Let's keep it in 5.5 for now.
 2012-06-12 11:21:54 -07:00
Scott MacVicar
5b3c9f4fd1 One more time 2012-06-11 16:23:27 -07:00
Scott MacVicar
bcd671d999 Merge branch '5.4' 
* 5.4:
  Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell.
  Add PBKDF2 support via openssl()

Conflicts:
	ext/openssl/openssl.c
 2012-06-11 16:04:01 -07:00
Scott MacVicar
aadf59dfa4 Add PBKDF2 support via openssl() 
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.

Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.

Will backport to 5.4 potentially with Stas' approval.

Test Plan:
Ran newly added tests which came from RFC 6070
 2012-06-11 15:59:58 -07:00
Scott MacVicar
bccd1e672f Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell. 
Summary:
Stas pointed out that this is named pretty poorly. Go for openssl_pbkdf2()
 2012-06-11 15:41:41 -07:00
Scott MacVicar
b5b8ea1050 Add PBKDF2 support via openssl() 
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.

Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.

Will backport to 5.4 potentially with Stas' approval.

Test Plan:
Ran newly added tests which came from RFC 6070
 2012-06-11 13:35:25 -07:00
Scott MacVicar
b481ebae55 Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell. 
Summary:
Stas pointed out that this is named pretty poorly. Go for openssl_pbkdf2()
 2012-06-11 12:38:54 -07:00
Felipe Pena
733aaf23b1 - Fixed build (PKCS5_PBKDF2_HMAC is from 1.0.0) 2012-06-11 14:08:38 -03:00
Scott MacVicar
32040b574e Merge branch '5.4' 
* 5.4:
  Add PBKDF2 support via openssl()
 2012-06-11 00:29:02 -07:00
Scott MacVicar
f4847efc5d Add PBKDF2 support via openssl() 
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.

Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.

Will backport to 5.4 potentially with Stas' approval.

Test Plan:
Ran newly added tests which came from RFC 6070
 2012-06-11 00:24:44 -07:00
Anatoliy Belsky
270a406ac9 Fix bug #61413 ext\openssl\tests\openssl_encrypt_crash.phpt fails 5.3 only 2012-04-24 14:05:35 +02:00
Anatoliy Belsky
40bbc7a1ed Merge branch 'PHP-5.4' 
* PHP-5.4:
  Fix bug #61401 ext\openssl\tests\004.phpt fails
  Fix bug #61404 ext\openssl\tests\021.phpt fails
  Fix bug #61404 ext\openssl\tests\021.phpt fails
  Fix bug #61448 intl tests fail with icu >= 4.8
 2012-03-28 17:25:23 +02:00
Anatoliy Belsky
fa0d507923 Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  Fix bug #61401 ext\openssl\tests\004.phpt fails
  Fix bug #61404 ext\openssl\tests\021.phpt fails
  Fix bug #61448 intl tests fail with icu >= 4.8
 2012-03-28 17:13:16 +02:00
Anatoliy Belsky
bff8152565 Fix bug #61401 ext\openssl\tests\004.phpt fails 2012-03-28 17:11:58 +02:00
Anatoliy Belsky
b905167458 Fix bug #61404 ext\openssl\tests\021.phpt fails 2012-03-28 16:23:46 +02:00
Anatoliy Belsky
4c5b427124 Fix bug #61404 ext\openssl\tests\021.phpt fails 2012-03-28 16:15:36 +02:00
Anatoliy Belsky
bd7bb973b1 Fix bug #61404 ext\openssl\tests\021.phpt fails 2012-03-28 16:04:56 +02:00
Anatoliy Belsky
fe8494d781 Merge branch '5.4' 
* 5.4:
  Fix bug #61405 ext\openssl\tests\022.phpt fails
  Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
  Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 2012-03-27 16:32:14 +02:00
Anatoliy Belsky
8d7a489b97 Merge branch '5.3' into 5.4 
* 5.3:
  Fix bug #61405 ext\openssl\tests\022.phpt fails
  Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 2012-03-27 16:15:15 +02:00
Anatoliy Belsky
b638d3020c Fix bug #61405 ext\openssl\tests\022.phpt fails 2012-03-27 16:07:59 +02:00
Anatoliy Belsky
e55718b091 Fix bug #61412 ext\openssl\tests\bug28382.phpt fails 2012-03-27 16:07:59 +02:00
Anatoliy Belsky
7fdd35d697 Fix bug #61412 ext\openssl\tests\bug28382.phpt fails 2012-03-27 16:07:25 +02:00
Anatoliy Belsky
686effc677 Merge branch '5.4' 
* 5.4:
  Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 2012-03-27 15:34:57 +02:00
Anatoliy Belsky
5f3ba55a3c Merge branch '5.3' into 5.4 
* 5.3:
  Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 2012-03-27 15:27:20 +02:00
Anatoliy Belsky
5f6bed180e Fix bug #61412 ext\openssl\tests\bug28382.phpt fails 2012-03-27 15:23:01 +02:00
Olivier DOUCET
ad832abba1 test for bug #61124 2012-02-25 13:27:57 +00:00
Olivier DOUCET
118dd43555 test for bug #61124 2012-02-25 13:27:57 +00:00
Olivier DOUCET
f14a1e0aed test for bug #61124 2012-02-25 13:27:57 +00:00
Scott MacVicar
5ef66f2cf5 Fixed bug #61124 (Crash when decoding an invalid base64 encoded string). 2012-02-23 01:26:46 +00:00
Scott MacVicar
6c331093b4 Fixed bug #61124 (Crash when decoding an invalid base64 encoded string). 2012-02-23 01:26:46 +00:00
Scott MacVicar
f424fe8aed Fixed bug #61124 (Crash when decoding an invalid base64 encoded string). 2012-02-23 01:26:46 +00:00
Christopher Jones
b0678ea229 Fix OpenSSL version-dependent diff. "Time Stamp signing" is not in openssl 0.9. Skip current test for 0.9. New test for 0.9 approved by Stas 2012-02-07 01:15:13 +00:00
Christopher Jones
73ccc0a5e9 Fix OpenSSL version-dependent diff. "Time Stamp signing" is not in openssl 0.9. Skip current test for 0.9. New test for 0.9 approved by Stas 2012-02-07 01:15:13 +00:00
Christopher Jones
df02fbae3e Fix OpenSSL version-dependent diff. "Time Stamp signing" is not in openssl 0.9. Skip current test for 0.9. New test for 0.9 approved by Stas 2012-02-07 01:15:13 +00:00
Rasmus Lerdorf
f6f283c3e2 Another openssl test that is dependent on the openssl version. The output has 
changed in more recent versions. Synch with newer output and consider changing
the test to only pick out the more stable fields instead of all of them.
 2012-02-05 10:08:16 +00:00
Rasmus Lerdorf
8d5f83dde5 Another openssl test that is dependent on the openssl version. The output has 
changed in more recent versions. Synch with newer output and consider changing
the test to only pick out the more stable fields instead of all of them.
 2012-02-05 10:08:16 +00:00
Rasmus Lerdorf
38c3fd63e7 Another openssl test that is dependent on the openssl version. The output has 
changed in more recent versions. Synch with newer output and consider changing
the test to only pick out the more stable fields instead of all of them.
 2012-02-05 10:08:16 +00:00
Rasmus Lerdorf
60df9abf95 Need EXPECTF here, of course 2012-02-05 09:52:41 +00:00
Rasmus Lerdorf
db65a539a1 Need EXPECTF here, of course 2012-02-05 09:52:41 +00:00
Rasmus Lerdorf
e4fb44c8b6 Need EXPECTF here, of course 2012-02-05 09:52:41 +00:00
Rasmus Lerdorf
e24b6cdf56 Getting different hashes here. But this test isn't testing the hashes, 
it is just making sure we actually get a hash and don't crash.
 2012-02-05 09:50:14 +00:00
Rasmus Lerdorf
d99600ee4d Getting different hashes here. But this test isn't testing the hashes, 
it is just making sure we actually get a hash and don't crash.
 2012-02-05 09:50:14 +00:00
Rasmus Lerdorf
f3a7ba75cf Getting different hashes here. But this test isn't testing the hashes, 
it is just making sure we actually get a hash and don't crash.
 2012-02-05 09:50:14 +00:00
Rasmus Lerdorf
21c776850c According to the reports on qa this test is failing the same way for everyone. 
See: http://qa.php.net/reports/viewreports.php?version=5.3.10&test=%2Fext%2Fopenssl%2Ftests%2Fbug28382.phpt
I'm not sure if this is due to a change in the openssl library or in the extension, so perhaps the test
itself needs to change, but for now synch it with the new output and watch for failures.
 2012-02-05 09:32:20 +00:00
Rasmus Lerdorf
ee19012eab According to the reports on qa this test is failing the same way for everyone. 
See: http://qa.php.net/reports/viewreports.php?version=5.3.10&test=%2Fext%2Fopenssl%2Ftests%2Fbug28382.phpt
I'm not sure if this is due to a change in the openssl library or in the extension, so perhaps the test
itself needs to change, but for now synch it with the new output and watch for failures.
 2012-02-05 09:32:20 +00:00
Rasmus Lerdorf
a06e8ca56d According to the reports on qa this test is failing the same way for everyone. 
See: http://qa.php.net/reports/viewreports.php?version=5.3.10&test=%2Fext%2Fopenssl%2Ftests%2Fbug28382.phpt
I'm not sure if this is due to a change in the openssl library or in the extension, so perhaps the test
itself needs to change, but for now synch it with the new output and watch for failures.
 2012-02-05 09:32:20 +00:00
Scott MacVicar
398c6e6d11 MFH r322485 
Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
CVE-2011-3389
 2012-01-26 05:15:57 +00:00
Scott MacVicar
96aa2eb234 Fix CVE-2011-3389. Possible attack on CBC mode with TLS 1.0. 
See http://www.openssl.org/~bodo/tls-cbc.txt

The biggest reason for this mode being in SSL_OP_ALL was older versions
of IE (2002) talking to servers using OpenSSL.

Can hopefully get this into 5.4.
 2012-01-20 05:31:53 +00:00
Felipe Pena
e4ca0ed09f - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
8775a37559 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Stanislav Malyshev
d705b11a1e fix uninitialized var that may lead to crash 2011-12-26 02:16:37 +00:00
Stanislav Malyshev
2f15c1d717 fix uninitialized var that may lead to crash 2011-12-26 02:16:37 +00:00
Scott MacVicar
6c841dfda3 Add tests for OpenSSL crash. 2011-12-19 03:09:05 +00:00
Scott MacVicar
a020456d0b Add tests for OpenSSL crash. 2011-12-19 03:09:05 +00:00
Scott MacVicar
c36926ba4c Add tests for OpenSSL crash. 2011-12-19 03:09:05 +00:00
Scott MacVicar
095cbc48a8 Fix segfault in older versions of OpenSSL (before 0.9.8i) 2011-12-18 05:14:32 +00:00
Scott MacVicar
61f3d36ac1 Fix segfault in older versions of OpenSSL (before 0.9.8i) 2011-12-18 05:14:32 +00:00
Scott MacVicar
beda5efd41 Fix segfault in older versions of OpenSSL (before 0.9.8i) 2011-12-18 05:14:32 +00:00
Scott MacVicar
b69cfde570 Make sure that we set the strong crypto result to false as well as returning false. 2011-12-07 20:50:33 +00:00
Scott MacVicar
287e1917cf Make sure that we set the strong crypto result to false as well as returning false. 2011-12-07 20:50:33 +00:00
Mateusz Kocielski
2c970a52e8 - Fixed NULL pointer dereference in stream_socket_enable_crypto, case when 
ssl_handle of session_stream is not initialized.
 2011-11-12 10:36:55 +00:00
Mateusz Kocielski
a9482367f8 - Fixed NULL pointer dereference in stream_socket_enable_crypto, case when 
ssl_handle of session_stream is not initialized.
 2011-11-12 10:36:55 +00:00
Mateusz Kocielski
aaa59efafc Fixed NULL pointer dereference in stream_socket_enable_crypto, case when 
ssl_handle of session_stream is not initialized.
 2011-11-10 10:33:07 +00:00
Pierre Joye
2f3adeb083 - Revert r313616 (When we have a blocking SSL socket, respect the timeout 
option, scottmac)

# This caused bug #55283 and #55848, we should investigate a proper solution without
# breaking anything.
 2011-10-05 05:20:51 +00:00
Pierre Joye
abf58318d2 - Revert r313616 (When we have a blocking SSL socket, respect the timeout 
option, scottmac)

# This caused bug #55283 and #55848, we should investigate a proper solution without
# breaking anything.
 2011-10-05 05:20:51 +00:00
Gustavo André dos Santos Lopes
da4a27333d - ext/openssl/tests/bug36732.phpt more portable. 2011-09-14 10:55:46 +00:00
Gustavo André dos Santos Lopes
4de9123b85 - ext/openssl/tests/bug36732.phpt more portable. 2011-09-14 10:55:46 +00:00
Gustavo André dos Santos Lopes
0a74551c26 - ext/openssl/tests/bug36732.phpt more portable. 2011-09-14 10:55:46 +00:00
Gustavo André dos Santos Lopes
428ef23067 - Fixed test ext/openssl/tests/004.phpt. 
- Made ext/openssl/tests/bug55646.phpt more reproducible by giving it a custom
  openssl.cnf.
 2011-09-14 09:56:59 +00:00
Gustavo André dos Santos Lopes
8bf8989a4c - Fixed test ext/openssl/tests/004.phpt. 
- Made ext/openssl/tests/bug55646.phpt more reproducible by giving it a custom
  openssl.cnf.
 2011-09-14 09:56:59 +00:00
Gustavo André dos Santos Lopes
d7c7fe3587 - Test for bug #55646. 2011-09-12 20:05:07 +00:00
Gustavo André dos Santos Lopes
b6aabaae59 - Test for bug #55646. 2011-09-12 20:05:07 +00:00
Gustavo André dos Santos Lopes
1d5028be3d - Fixed bug #55646: textual data is returned in UTF-8, but is input in 
another encoding. 5.4 only as this implies a BC break.
 2011-09-12 17:23:10 +00:00
Gustavo André dos Santos Lopes
1fbf911905 - Fixed bug #55646: textual data is returned in UTF-8, but is input in 
another encoding. 5.4 only as this implies a BC break.
 2011-09-12 17:23:10 +00:00
Hannes Magnusson
41db75ccbe Fix the path to the .pem 2011-09-08 09:27:47 +00:00
Hannes Magnusson
cf11413db3 Fix the path to the .pem 2011-09-08 09:27:47 +00:00
Hannes Magnusson
7e986b2a46 Fix the path to the .pem 2011-09-08 09:27:47 +00:00
Johannes Schlüter
0d2a921916 - Revert r313616 (When we have a blocking SSL socket, respect the timeout 
option, scottmac)

# This caused bug #55283, we should investigate a proper solution without
# breaking anything.
 2011-08-22 21:32:04 +00:00
Felipe Pena
23e438594d - Make usage of new PHP_FE_END macro 2011-07-25 11:42:53 +00:00
Felipe Pena
4b30846b50 - Make usage of new PHP_FE_END macro 2011-07-25 11:35:02 +00:00
Felipe Pena
da376383e8 - Make usage of new PHP_FE_END macro 2011-07-25 11:35:02 +00:00
Scott MacVicar
04c2df66a3 When we have a blocking SSL socket, respect the timeout option. 
reading from SSL sockets could block indefinitely due to the lack
of timeout
 2011-07-23 01:29:44 +00:00
Scott MacVicar
ebbb2b1df1 When we have a blocking SSL socket, respect the timeout option. 
reading from SSL sockets could block indefinitely due to the lack
of timeout
 2011-07-23 01:29:44 +00:00
Scott MacVicar
39988d1263 When we have a blocking SSL socket, respect the timeout option. 
reading from SSL sockets could block indefinitely due to the lack
of timeout
 2011-07-23 01:29:44 +00:00
Ryan Biesemeyer
5dc5c26a5f removing openssl test for bug #55169 per Scott MacVicar's request; duplicate coverage of opensssl_random_pseudo_bytes.phpt 2011-07-20 21:25:39 +00:00