archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-7.4' into PHP-8.0

Browse source 
* PHP-7.4:
  Suppress OpenSSL error on missing optional config
This commit is contained in:
Nikita Popov 2021-02-16 10:12:42 +01:00
commit 4fb8252186
2 changed files with 29 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

50
ext/openssl/openssl.c
View file

@ -719,6 +719,17 @@ static inline int php_openssl_config_check_syntax(const char * section_label, co
}
/* }}} */
static char *php_openssl_conf_get_string(
LHASH_OF(CONF_VALUE) *conf, const char *group, const char *name) {
char *str = CONF_get_string(conf, group, name);
if (str == NULL) {
/* OpenSSL reports an error if a configuration value is not found.
* However, we don't want to generate errors for optional configuration. */
ERR_clear_error();
}
return str;
}
static int php_openssl_add_oid_section(struct php_x509_request * req) /* {{{ */
{
char * str;
@ -726,9 +737,8 @@ static int php_openssl_add_oid_section(struct php_x509_request * req) /* {{{ */
CONF_VALUE * cnf;
int i;
str = CONF_get_string(req->req_config, NULL, "oid_section");
str = php_openssl_conf_get_string(req->req_config, NULL, "oid_section");
if (str == NULL) {
php_openssl_store_errors();
return SUCCESS;
}
sktmp = CONF_get_section(req->req_config, str);
@ -813,10 +823,8 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
}
/* read in the oids */
str = CONF_get_string(req->req_config, NULL, "oid_file");
if (str == NULL) {
php_openssl_store_errors();
} else if (!php_openssl_open_base_dir_chk(str)) {
str = php_openssl_conf_get_string(req->req_config, NULL, "oid_file");
if (str != NULL && !php_openssl_open_base_dir_chk(str)) {
BIO *oid_bio = BIO_new_file(str, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
if (oid_bio) {
OBJ_create_objects(oid_bio);
@ -828,11 +836,11 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
return FAILURE;
}
SET_OPTIONAL_STRING_ARG("digest_alg", req->digest_name,
CONF_get_string(req->req_config, req->section_name, "default_md"));
php_openssl_conf_get_string(req->req_config, req->section_name, "default_md"));
SET_OPTIONAL_STRING_ARG("x509_extensions", req->extensions_section,
CONF_get_string(req->req_config, req->section_name, "x509_extensions"));
php_openssl_conf_get_string(req->req_config, req->section_name, "x509_extensions"));
SET_OPTIONAL_STRING_ARG("req_extensions", req->request_extensions_section,
CONF_get_string(req->req_config, req->section_name, "req_extensions"));
php_openssl_conf_get_string(req->req_config, req->section_name, "req_extensions"));
SET_OPTIONAL_LONG_ARG("private_key_bits", req->priv_key_bits,
CONF_get_number(req->req_config, req->section_name, "default_bits"));
@ -841,11 +849,9 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
if (optional_args && (item = zend_hash_str_find(Z_ARRVAL_P(optional_args), "encrypt_key", sizeof("encrypt_key")-1)) != NULL) {
req->priv_key_encrypt = Z_TYPE_P(item) == IS_TRUE ? 1 : 0;
} else {
str = CONF_get_string(req->req_config, req->section_name, "encrypt_rsa_key");
str = php_openssl_conf_get_string(req->req_config, req->section_name, "encrypt_rsa_key");
if (str == NULL) {
str = CONF_get_string(req->req_config, req->section_name, "encrypt_key");
/* it is sure that there are some errors as str was NULL for encrypt_rsa_key */
php_openssl_store_errors();
str = php_openssl_conf_get_string(req->req_config, req->section_name, "encrypt_key");
}
if (str != NULL && strcmp(str, "no") == 0) {
req->priv_key_encrypt = 0;
@ -873,12 +879,10 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
/* digest alg */
if (req->digest_name == NULL) {
req->digest_name = CONF_get_string(req->req_config, req->section_name, "default_md");
req->digest_name = php_openssl_conf_get_string(req->req_config, req->section_name, "default_md");
}
if (req->digest_name != NULL) {
req->digest = req->md_alg = EVP_get_digestbyname(req->digest_name);
} else {
php_openssl_store_errors();
}
if (req->md_alg == NULL) {
req->md_alg = req->digest = EVP_sha1();
@ -900,10 +904,8 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
#endif
/* set the string mask */
str = CONF_get_string(req->req_config, req->section_name, "string_mask");
if (str == NULL) {
php_openssl_store_errors();
} else if (!ASN1_STRING_set_default_mask_asc(str)) {
str = php_openssl_conf_get_string(req->req_config, req->section_name, "string_mask");
if (str != NULL && !ASN1_STRING_set_default_mask_asc(str)) {
php_error_docref(NULL, E_WARNING, "Invalid global string mask setting %s", str);
return FAILURE;
}
@ -2836,9 +2838,8 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
php_openssl_store_errors();
return FAILURE;
}
attr_sect = CONF_get_string(req->req_config, req->section_name, "attributes");
attr_sect = php_openssl_conf_get_string(req->req_config, req->section_name, "attributes");
if (attr_sect == NULL) {
php_openssl_store_errors();
attr_sk = NULL;
} else {
attr_sk = CONF_get_section(req->req_config, attr_sect);
@ -3660,10 +3661,7 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req
return NULL;
}
randfile = CONF_get_string(req->req_config, req->section_name, "RANDFILE");
if (randfile == NULL) {
php_openssl_store_errors();
}
randfile = php_openssl_conf_get_string(req->req_config, req->section_name, "RANDFILE");
php_openssl_load_rand_file(randfile, &egdsocket, &seeded);
if ((req->priv_key = EVP_PKEY_new()) != NULL) {

6
ext/openssl/tests/bug80747.phpt
View file

@ -13,7 +13,11 @@ $conf = array(
'private_key_bits' => 511,
);
var_dump(openssl_pkey_new($conf));
while ($e = openssl_error_string()) {
echo $e, "\n";
}
?>
--EXPECT--
--EXPECTF--
bool(false)
error:%s:key size too small