| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |\ |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
A few additional tests have been added on master that require
lower security level.
(cherry picked from commit c2a6395dcbab20549702e56006f7cd389cefebcd)
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-8.0:
skip test with openssl < 1.1.0
|
| | |\ \
| | |/
| | |
| | |
| | | |
* PHP-7.4:
skip test with openssl < 1.1.0
|
| | | |
| | |
| | |
| | |
| | | |
The test fails, but without any crash
(this test is designed to catch a crash)
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-8.0:
Suppress OpenSSL error on missing optional config
|
| | |\ \
| | |/
| | |
| | |
| | | |
* PHP-7.4:
Suppress OpenSSL error on missing optional config
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
openssl_pkey_new() fetches various options from the config file --
most of these are optional, and not specifying them is not an error
condition from the perspective of the user. Unfortunately, the
CONF_get_string() API pushes an error when accessing a key that
doesn't exist (_CONF_get_string does not, but that is presumably a
private API). This commit adds a helper php_openssl_conf_get_string()
that automatically clears the error in this case. I've found that
OpenSSL occasionally does the same thing internally:
https://github.com/openssl/openssl/blob/22040fb790c854cefb04bed98ed38ea6357daf83/apps/req.c#L515-L517
Closes GH-6699.
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-8.0:
Fixed bug #80747
|
| | |\ \
| | |/
| | |
| | |
| | | |
* PHP-7.4:
Fixed bug #80747
|
| | | |
| | |
| | |
| | | |
If RSA key generation fails, actually report that failure.
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This deprecates passing null to non-nullable scale arguments of
internal functions, with the eventual goal of making the behavior
consistent with userland functions, where null is never accepted
for non-nullable arguments.
This change is expected to cause quite a lot of fallout. In most
cases, calling code should be adjusted to avoid passing null. In
some cases, PHP should be adjusted to make some function arguments
nullable. I have already fixed a number of functions before landing
this, but feel free to file a bug if you encounter a function that
doesn't accept null, but probably should. (The rule of thumb for
this to be applicable is that the function must have special behavior
for 0 or "", which is distinct from the natural behavior of the
parameter.)
RFC: https://wiki.php.net/rfc/deprecate_null_to_scalar_internal_arg
Closes GH-6475.
|
| | |
| |
| |
| | |
Make sure the server has started up before we try to connect to it.
|
| |\ \
| |/ |
|
| | |\ |
|
| | | | |
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.4:
Fix bug #79983: Add support for OCB mode
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OCB mode ciphers were already exposed to openssl_encrypt/decrypt,
but misbehaved, because they were not treated as AEAD ciphers.
From that perspective, OCB should be treated the same way as GCM.
In OpenSSL 1.1 the necessary controls were unified under
EVP_CTRL_AEAD_* (and OCB is only supported since OpenSSL 1.1).
Closes GH-6337.
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.4:
Allow passing $tag for non-authenticated encryption
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
openssl_encrypt() currently throws a warning if the $tag out
parameter is passed for a non-authenticated cipher. This violates
the principle that a function should behave the same if a parameter
is not passed, and if the default value is passed for the parameter.
I believe this warning should simply be dropped and the $tag be
populated with null, as is already the case. Otherwise, it is not
possible to use openssl_encrypt() in generic wrapper APIs, that are
compatible with both authenticated and non-authenticated encryption.
Closes GH-6333.
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.4:
Revert "Add missing X509 purpose constants"
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 1e53e14bc31aec98a408e517c7c8493ef4bf80cd.
This fails on Travis.
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.4:
Add missing X509 purpose constants
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available
from OpenSSL for many years:
- X509_PURPOSE_OCSP_HELPER, since 2001
- X509_PURPOSE_TIMESTAMP_SIGN, since 2006
Also drop the ifdef check for X509_PURPOSE_ANY, as it is always
available in supported OpenSSL versions.
Closes GH-6312.
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-7.4:
Update UPGRADING
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
|
| | |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-7.3:
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
|
| | | |\ \
| | | |/
| | |/|
| | | |
| | | |
| | | |
| | | | |
* PHP-7.2:
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
This should fix most of the remaining issues with tabs and spaces
being mixed in tests.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
Closes GH-6121
|
| | | | |
| | | |
| | | |
| | | | |
Since e8e4ddce
|
| | | | |
| | | |
| | | |
| | | | |
Closes GH-6025
|
| | | | |
| | | |
| | | |
| | | | |
Closes GH-5999
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
RC4 is considered insecure, and it's not possible to change the
default of these functions. As such, require the method to be
passed explicitly.
Closes GH-6093.
|
| | | | |
| | | |
| | | |
| | | | |
Closes GH-5111
|
| | | | |
| | | |
| | | |
| | | | |
Closes GH-5958
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Closes GH-5860
Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* PHP-7.4:
Fixed bug #79881
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
Closes GH-5779
|
| |\ \ \ \
| |/ / / |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
The putenv trick doesn't work on ZTS Windows, so generate a new
openssl config every time.
|
| |\ \ \ \
| |/ / / |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
We want to test the client side error here, so make sure the
server side can start up successfully.
|
| |\ \ \ \
| |/ / / |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
And switch tests using SAN certificates to the generator.
This is ugly, but there doesn't seem to be a more direct way
to privide SAN in PHP.
|
