summaryrefslogtreecommitdiff
path: root/ext/openssl
Commit message (Collapse)AuthorAgeFilesLines
* Try to fix intermittent failures of stream_server_reneg_limit.phpt on macosNikita Popov2021-01-041-0/+2
| | | | Make sure the server has started up before we try to connect to it.
* Merge branch 'PHP-7.4' into PHP-8.0Nikita Popov2020-11-301-2/+3
|\ | | | | | | | | * PHP-7.4: Next attempt to fix bug #80368
| * Next attempt to fix bug #80368Nikita Popov2020-11-301-2/+3
| | | | | | | | | | | | | | | | | | Apparently treating LibreSSL as OpenSSL 1.1 is not just something we did in our code, it's something that upstream LibreSSL claims, despite not actually being compatible. Duh. Check for EVP_CIPH_OCB_MODE instead, which should reliably determine support...
* | Merge branch 'PHP-7.4' into PHP-8.0Jakub Zelenka2020-11-271-1/+2
|\ \ | |/
| * Merge branch 'PHP-7.3' into PHP-7.4Jakub Zelenka2020-11-271-1/+2
| |\
| | * Fix test for bug62890 to not depend on system cert storeJakub Zelenka2020-11-271-1/+2
| | |
| | * Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)Stanislav Malyshev2020-09-284-22/+57
| | |
* | | Merge branch 'PHP-7.4' into PHP-8.0Nikita Popov2020-11-271-1/+2
|\ \ \ | |/ / | | | | | | | | | * PHP-7.4: Fixed bug #80368
| * | Fixed bug #80368Nikita Popov2020-11-271-1/+2
| | | | | | | | | | | | | | | We assume that usually LibreSSL supports everything OpenSSL 1.1 does. In this instance, this is not the case.
* | | Merge branch 'PHP-7.4' into PHP-8.0Nikita Popov2020-10-201-11/+9
|\ \ \ | |/ / | | | | | | | | | * PHP-7.4: Fix CCM tag length setting for old OpenSSL versions
| * | Fix CCM tag length setting for old OpenSSL versionsNikita Popov2020-10-201-11/+9
| | | | | | | | | | | | | | | | | | While OpenSSL 1.1 allows unconditionally setting the CCM tag length even for decryption, some older versions apparently do not. As such, we do need to treat CCM and OCB separately after all.
* | | Merge branch 'PHP-7.4' into PHP-8.0Nikita Popov2020-10-194-7/+199
|\ \ \ | |/ / | | | | | | | | | * PHP-7.4: Fix bug #79983: Add support for OCB mode
| * | Fix bug #79983: Add support for OCB modeNikita Popov2020-10-194-7/+199
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OCB mode ciphers were already exposed to openssl_encrypt/decrypt, but misbehaved, because they were not treated as AEAD ciphers. From that perspective, OCB should be treated the same way as GCM. In OpenSSL 1.1 the necessary controls were unified under EVP_CTRL_AEAD_* (and OCB is only supported since OpenSSL 1.1). Closes GH-6337.
* | | Fix nullability of openssl_cms_sign() parameterNikita Popov2020-10-141-1/+1
| | |
* | | Merge branch 'PHP-7.4' into PHP-8.0Nikita Popov2020-10-144-13/+7
|\ \ \ | |/ / | | | | | | | | | * PHP-7.4: Allow passing $tag for non-authenticated encryption
| * | Allow passing $tag for non-authenticated encryptionNikita Popov2020-10-144-13/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | openssl_encrypt() currently throws a warning if the $tag out parameter is passed for a non-authenticated cipher. This violates the principle that a function should behave the same if a parameter is not passed, and if the default value is passed for the parameter. I believe this warning should simply be dropped and the $tag be populated with null, as is already the case. Otherwise, it is not possible to use openssl_encrypt() in generic wrapper APIs, that are compatible with both authenticated and non-authenticated encryption. Closes GH-6333.
* | | Merge branch 'PHP-7.4' into PHP-8.0Nikita Popov2020-10-122-14/+2
|\ \ \ | |/ / | | | | | | | | | * PHP-7.4: Revert "Add missing X509 purpose constants"
| * | Revert "Add missing X509 purpose constants"Nikita Popov2020-10-122-14/+2
| | | | | | | | | | | | | | | | | | This reverts commit 1e53e14bc31aec98a408e517c7c8493ef4bf80cd. This fails on Travis.
* | | Merge branch 'PHP-7.4' into PHP-8.0Nikita Popov2020-10-122-2/+14
|\ \ \ | |/ / | | | | | | | | | * PHP-7.4: Add missing X509 purpose constants
| * | Add missing X509 purpose constantsVincent JARDIN2020-10-122-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available from OpenSSL for many years: - X509_PURPOSE_OCSP_HELPER, since 2001 - X509_PURPOSE_TIMESTAMP_SIGN, since 2006 Also drop the ifdef check for X509_PURPOSE_ANY, as it is always available in supported OpenSSL versions. Closes GH-6312.
* | | Add test instantiating all objectsNikita Popov2020-10-011-4/+1
| | | | | | | | | | | | | | | | | | Intended to find issues in opaque object destructors. Closes GH-6251.
* | | Merge branch 'PHP-7.4'Stanislav Malyshev2020-09-284-22/+57
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | * PHP-7.4: Update UPGRADING Update UPGRADING Update NEWS & UPGRADING Do not decode cookie names anymore Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
| * | Merge branch 'PHP-7.3' into PHP-7.4Stanislav Malyshev2020-09-284-22/+57
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-7.3: Update UPGRADING Update NEWS & UPGRADING Do not decode cookie names anymore Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
| | * \ Merge branch 'PHP-7.2' into PHP-7.3Stanislav Malyshev2020-09-284-22/+57
| | |\ \ | | | |/ | | |/| | | | | | | | | | | | | | | | | * PHP-7.2: Update NEWS & UPGRADING Do not decode cookie names anymore Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
| | | * Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)Stanislav Malyshev2020-09-264-22/+57
| | | |
* | | | Improve parameter names in ext/hash and ext/opensslMáté Kocsis2020-09-242-26/+26
| | | | | | | | | | | | | | | | Closes GH-6156
* | | | Run tidyNikita Popov2020-09-186-9/+9
| | | | | | | | | | | | | | | | | | | | This should fix most of the remaining issues with tabs and spaces being mixed in tests.
* | | | missing fix for test for new param. nameRemi Collet2020-09-161-1/+1
| | | |
* | | | Adjust ext/openssl parameter namesMáté Kocsis2020-09-153-44/+54
| | | | | | | | | | | | | | | | Closes GH-6121
* | | | Fix broken testMatteo Beccati2020-09-131-1/+1
| | | | | | | | | | | | | | | | Since e8e4ddce
* | | | Improve parameter handling in ext/opensslMáté Kocsis2020-09-1216-308/+301
| | | | | | | | | | | | | | | | Closes GH-6025
* | | | Consolidate new union type ZPP macro namesMáté Kocsis2020-09-111-18/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | They will now follow the canonical order of types. Older macros are left intact due to maintaining BC. Closes GH-6112
* | | | Improve error messages mentioning parameters instead of argumentsMáté Kocsis2020-09-091-1/+1
| | | | | | | | | | | | | | | | Closes GH-5999
* | | | Require $method parameter in openssl_seal/openssl_openNikita Popov2020-09-088-72/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RC4 is considered insecure, and it's not possible to change the default of these functions. As such, require the method to be passed explicitly. Closes GH-6093.
* | | | Promote various OpenSSL warnings into ErrorsGeorge Peter Banyard2020-08-1610-142/+169
| | | | | | | | | | | | | | | | Closes GH-5111
* | | | Fix types in openssl stubNikita Popov2020-08-142-8/+14
| | | | | | | | | | | | | | | | | | | | | | | | These two $recipcert parameters don't use proper union types right now. They are a bit tricky due to the $recipkey -> $recipcert fallback.
* | | | Remove some unnnecessary null checks in opensslNikita Popov2020-08-101-69/+22
| | | | | | | | | | | | | | | | | | | | | | | | Remove null checks before EVP_PKEY_free and BIO_free. NULL is a no-op for both of these. Probably applies to most other freeing function as well...
* | | | Improve X509_PKEY management in OpenSSLNikita Popov2020-08-101-129/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove the free_pkey argument from php_openssl_pkey_from_zval, instead return an EVP_PKEY that always needs to be freed (by incrementing refcount if necessary). This makes the code simpler and fixes a number of bugs in the existing handling. Closes GH-5946.
* | | | Add many missing closing PHP tags to testsMáté Kocsis2020-08-091-0/+1
| | | | | | | | | | | | | | | | Closes GH-5958
* | | | Add a few missing types to stubsMáté Kocsis2020-08-012-4/+9
| | | |
* | | | Convert resources to objects in ext/opensslMáté Kocsis2020-08-0135-769/+1071
| | | | | | | | | | | | | | | | | | | | | | | | Closes GH-5860 Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
* | | | Merge branch 'PHP-7.4'Nikita Popov2020-07-222-4/+49
|\ \ \ \ | |/ / / | | | | | | | | | | | | * PHP-7.4: Fixed bug #79881
| * | | Fixed bug #79881Nikita Popov2020-07-222-4/+49
| | | |
* | | | Remove proto comments from C filesMax Semenik2020-07-061-129/+65
| | | | | | | | | | | | | | | | Closes GH-5758
* | | | Avoid some unnecessary uses of no_separation=0Nikita Popov2020-07-061-1/+1
| | | | | | | | | | | | | | | | | | | | For the rare cases where references are part of the API, construct them explicitly. Otherwise do not allow separation.
* | | | Replace EXPECTF when possibleFabien Villepinte2020-06-299-9/+9
| | | | | | | | | | | | | | | | Closes GH-5779
* | | | Include stub hash in generated arginfo filesNikita Popov2020-06-241-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The hash is used to check whether the arginfo file needs to be regenerated. PHP-Parser will only be downloaded if this is actually necessary. This ensures that release artifacts will never try to regenerate stubs and thus fetch PHP-Parser, as long as you do not modify any files. Closes GH-5739.
* | | | Merge branch 'PHP-7.4'Nikita Popov2020-06-192-37/+47
|\ \ \ \ | |/ / /
| * | | Generate temporary config file when generating certificatesNikita Popov2020-06-192-37/+47
| | | | | | | | | | | | | | | | | | | | The putenv trick doesn't work on ZTS Windows, so generate a new openssl config every time.
* | | | Merge branch 'PHP-7.4'Nikita Popov2020-06-181-1/+4
|\ \ \ \ | |/ / /
View Lorry Controller Status