Stanislav Malyshev
b4a4db467b
Fix missing type checks in various functions
2014-07-27 02:42:49 -07:00
Paul Oehler
76a7fd893b
Added support for parsing ssl certificates using GeneralizedTime format.
...
fix bug #65698
fix bug #66636
2014-06-08 14:17:58 -07:00
Chuan Ma
a186312832
Fix #66942 : openssl_seal() memory leak
...
Fix #66952 : memory leak in openssl_open()
2014-04-14 13:24:14 -07:00
Remi Collet
17f6391bf8
Fixed Bug #66833 Default digest algo is still MD5
...
Switch to SHA1, which match internal openssl hardcoded algo.
In most case, won't even be noticed
- priority on user input (default_md)
- fallback on system config
- fallback on this default value
Recent system reject MD5 digest, noticed in bug36732.phpt failure.
While SHA1 is better than MD5, SHA256 is recommenced,
and defined as default algo in provided configuration on
recent system (Fedora 21, RHEL-7, ...). But the idea is to
keep in sync with openssl internal value for PHP internal value.
2014-03-14 09:50:15 +01:00
Michael Meyer
737c187013
Typo fix: sicret -> secret
2014-03-13 12:37:25 +02:00
Remi Collet
721b9a7c8d
Set default Digest Message to use SHA1 instead of MD5 in openssl tests
...
as MD5 signature are now rejected by newer openssl Version.
Noticed in RHEL-7 and Fedora 21 build.
2014-03-06 10:14:08 +01:00
Daniel Lowrey
633f898f15
Skip failing tests when EC unavailable (RHEL)
2014-02-19 03:57:37 -07:00
Daniel Lowrey
a80cec1190
Fixed broken build when EC unavailable
2014-02-17 18:55:39 -05:00
mk-j
19524fc6fe
Fix for bug66501 - "key type not supported in this PHP build"
2014-02-14 18:11:46 -07:00
Xinchen Hui
c0d060f5c0
Bump year
2014-01-03 11:04:26 +08:00
Anatol Belski
ff89066b3d
Merge branch 'PHP-5.3' into PHP-5.4
...
* PHP-5.3:
fix dir separator in cve-2013-6420 test
2013-12-11 13:32:49 +01:00
Anatol Belski
6f739318fd
fix dir separator in cve-2013-6420 test
2013-12-11 13:31:29 +01:00
Stanislav Malyshev
71daf3229b
Merge branch 'PHP-5.3' into PHP-5.4
...
* PHP-5.3:
5.3.29-dev
Fix CVE-2013-6420 - memory corruption in openssl_x509_parse
Conflicts:
configure.in
main/php_version.h
2013-12-10 11:34:35 -08:00
Stanislav Malyshev
c1224573c7
Fix CVE-2013-6420 - memory corruption in openssl_x509_parse
2013-12-10 11:03:49 -08:00
Michael Wallner
22700890d4
C89 compatibility
2013-10-09 12:30:31 +02:00
Daniel Lowrey
b026993a74
Fixed segfault when built with OpenSSL >= 1.0.1
...
(PR #481 )
2013-10-09 09:17:25 +02:00
Stanislav Malyshev
cf96aa155e
Merge branch 'PHP-5.3' into PHP-5.4
...
* PHP-5.3:
fix using wrong buffer pointer
2013-08-19 01:03:18 -07:00
Stanislav Malyshev
c1c49d6e39
fix using wrong buffer pointer
2013-08-19 01:02:12 -07:00
Mark Jones
9973658a44
Fix for php bug #64802 includes test case
2013-08-18 15:42:37 -07:00
Christopher Jones
9ad97cd489
Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.
2013-08-14 20:36:50 -07:00
Stanislav Malyshev
dcea4ec698
Fix CVE-2013-4073 - handling of certs with null bytes
2013-08-13 22:24:11 -07:00
Stanislav Malyshev
2874696a5a
Fix CVE-2013-4073 - handling of certs with null bytes
2013-08-13 22:20:33 -07:00
Stanislav Malyshev
ac40c0b562
Merge branch 'pull-request/341'
...
* pull-request/341: (23 commits)
typofixes
2013-06-10 14:20:18 -07:00
Stanislav Malyshev
7b0107cc5d
fix bug #61930 : openssl corrupts ssl key resource when using openssl_get_publickey()
2013-02-17 13:28:42 -08:00
Lars Strojny
836a2b1131
NEWS entry new OpenSSL option [doc]
2013-01-31 00:32:44 +01:00
Daniel Lowrey
4a01ddfb55
Added ssl context option, "disable_compression"
...
The CRIME attack vector exploits TLS compression. This patch adds a stream context option
allowing servers to disable TLS compression for versions of OpenSSL >= 1.0.0 (which first
introduced the SSL_OP_NO_COMPRESSION option). A summary rundown of the CRIME attack can
be found at https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
Thanks to @DaveRandom for pointing out the relevant section of code.
2013-01-31 00:31:10 +01:00
Xinchen Hui
0a7395e009
Happy New Year
2013-01-01 16:28:54 +08:00
Xinchen Hui
a2045ff332
Happy New Year~
2013-01-01 16:02:16 +08:00
Mark Jones
84202c367e
commit for php bug 61421
...
enabling SHA2 and RMD160 for openssl signature verification
2012-09-15 22:59:34 -07:00
Stanislav Malyshev
c7be96b08f
Revert "Add PBKDF2 support via openssl()"
...
This reverts commit b5b8ea1050
.
Looks like we don't have agreement yet on this for 5.4. Let's keep it in 5.5 for now.
2012-06-12 11:22:49 -07:00
Stanislav Malyshev
a2bfad051d
Revert "Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell."
...
This reverts commit bccd1e672f
.
Looks like we don't have agreement yet on this for 5.4. Let's keep it in 5.5 for now.
2012-06-12 11:21:54 -07:00
Scott MacVicar
bccd1e672f
Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell.
...
Summary:
Stas pointed out that this is named pretty poorly. Go for openssl_pbkdf2()
2012-06-11 15:41:41 -07:00
Scott MacVicar
b5b8ea1050
Add PBKDF2 support via openssl()
...
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.
Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.
Will backport to 5.4 potentially with Stas' approval.
Test Plan:
Ran newly added tests which came from RFC 6070
2012-06-11 13:35:25 -07:00
Anatoliy Belsky
270a406ac9
Fix bug #61413 ext\openssl\tests\openssl_encrypt_crash.phpt fails 5.3 only
2012-04-24 14:05:35 +02:00
Anatoliy Belsky
fa0d507923
Merge branch 'PHP-5.3' into PHP-5.4
...
* PHP-5.3:
Fix bug #61401 ext\openssl\tests\004.phpt fails
Fix bug #61404 ext\openssl\tests\021.phpt fails
Fix bug #61448 intl tests fail with icu >= 4.8
2012-03-28 17:13:16 +02:00
Anatoliy Belsky
bff8152565
Fix bug #61401 ext\openssl\tests\004.phpt fails
2012-03-28 17:11:58 +02:00
Anatoliy Belsky
4c5b427124
Fix bug #61404 ext\openssl\tests\021.phpt fails
2012-03-28 16:15:36 +02:00
Anatoliy Belsky
bd7bb973b1
Fix bug #61404 ext\openssl\tests\021.phpt fails
2012-03-28 16:04:56 +02:00
Anatoliy Belsky
8d7a489b97
Merge branch '5.3' into 5.4
...
* 5.3:
Fix bug #61405 ext\openssl\tests\022.phpt fails
Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
2012-03-27 16:15:15 +02:00
Anatoliy Belsky
b638d3020c
Fix bug #61405 ext\openssl\tests\022.phpt fails
2012-03-27 16:07:59 +02:00
Anatoliy Belsky
e55718b091
Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
2012-03-27 16:07:59 +02:00
Anatoliy Belsky
7fdd35d697
Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
2012-03-27 16:07:25 +02:00
Olivier DOUCET
ad832abba1
test for bug #61124
2012-02-25 13:27:57 +00:00
Olivier DOUCET
118dd43555
test for bug #61124
2012-02-25 13:27:57 +00:00
Scott MacVicar
5ef66f2cf5
Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
2012-02-23 01:26:46 +00:00
Scott MacVicar
f424fe8aed
Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
2012-02-23 01:26:46 +00:00
Christopher Jones
b0678ea229
Fix OpenSSL version-dependent diff. "Time Stamp signing" is not in openssl 0.9. Skip current test for 0.9. New test for 0.9 approved by Stas
2012-02-07 01:15:13 +00:00
Christopher Jones
73ccc0a5e9
Fix OpenSSL version-dependent diff. "Time Stamp signing" is not in openssl 0.9. Skip current test for 0.9. New test for 0.9 approved by Stas
2012-02-07 01:15:13 +00:00
Rasmus Lerdorf
f6f283c3e2
Another openssl test that is dependent on the openssl version. The output has
...
changed in more recent versions. Synch with newer output and consider changing
the test to only pick out the more stable fields instead of all of them.
2012-02-05 10:08:16 +00:00
Rasmus Lerdorf
8d5f83dde5
Another openssl test that is dependent on the openssl version. The output has
...
changed in more recent versions. Synch with newer output and consider changing
the test to only pick out the more stable fields instead of all of them.
2012-02-05 10:08:16 +00:00