archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-17 22:48:57 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
131427 commits 526 branches 1434 tags 873 MiB
Commit graph

930 commits

Author SHA1 Message Date
Jakub Zelenka
72381b09ea Fix arginfo for openssl_decrypt (tag is not ref) 2016-01-03 17:21:57 +00:00
Lior Kaplan
3d5438bf7b Merge branch 'PHP-7.0' 
* PHP-7.0:
  Update header to PHP Version 7
  Happy new year (Update copyright to 2016)
  Happy new year (Update copyright to 2016)
 2016-01-01 20:04:31 +02:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Happy new year (Update copyright to 2016)
 2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Jakub Zelenka
52ffdf9fc3 Test and fix encrypting empty IV for AEAD mode 2015-12-31 16:33:57 +00:00
Jakub Zelenka
5e9540f77d Add AES CCM ciphers when linked with OpenSSL 1.0.1 
These ciphers are not added by OpenSSL_add_all_algorithms in 1.0.1
 2015-12-27 18:03:36 +00:00
Jakub Zelenka
213844de49 Fix EVP_EncryptFinal and EVP_DecryptFinal 2015-12-26 20:33:03 +00:00
Tom Van Looy
618b961124 Remove leftovers of TSRMLS in code 2015-12-25 11:13:39 +01:00
Jakub Zelenka
fc3575aaf1 Retrieve tag in AEAD cipher mode encryption 2015-12-13 19:05:19 +00:00
Jakub Zelenka
c54174255d Simplify AAD condition 2015-12-07 19:19:44 +00:00
Jakub Zelenka
da0c2a4b6b Implement AAD setting 2015-12-06 20:09:41 +00:00
Jakub Zelenka
32495cbfdd Add php_openssl_cipher_update to group enc and dec logic 2015-12-04 20:27:18 +00:00
Jakub Zelenka
e74368a8a1 Set AEAD tag or tag_len if supplied 2015-12-03 19:16:11 +00:00
Jakub Zelenka
c993151115 Add AEAD IV init 2015-12-01 19:34:12 +00:00
Jakub Zelenka
4b22c063bf Move password checkign to php_openssl_cipher_init 2015-11-15 19:11:24 +00:00
Jakub Zelenka
dcabd9403a Move php_openssl_validate_iv to php_openssl_cipher_init and fix some issues 2015-11-08 18:03:17 +00:00
Jakub Zelenka
3ce5e46338 Change return value from php_openssl_validate_iv 2015-11-03 19:35:02 +00:00
Jakub Zelenka
2eb3e2c3ba Use php_openssl_cipher_init in openssl_decrypt 2015-11-02 21:39:38 +00:00
Jakub Zelenka
789ee143b2 Use php_openssl_cipher_init in openssl_encrypt 2015-11-01 13:30:42 +00:00
Jakub Zelenka
c09f3e399e Use correct type for tag_len 2015-11-01 13:19:52 +00:00
Jakub Zelenka
496c46942f Add php_openssl_cipher_init 2015-10-26 19:08:24 +00:00
Jakub Zelenka
054b27d3f2 Merge branch 'master' into openssl_aead 2015-10-26 18:36:06 +00:00
Jakub Zelenka
2ee99f8954 Check EVP_SealFinal return code 
This can be done since we no longer support OpenSSL 0.9.6
 2015-10-25 17:53:39 +00:00
Jakub Zelenka
a6534b8f73 Use openssl allocated cipher context 2015-10-07 20:18:33 +01:00
Dmitry Stogov
ad4fa8f758 Fixed incorrect usage of HASH_OF() macro. Replaced HASH_OF() with more appropriate Z_ARRVAL_P() or Z_OBJPROP_P(). 2015-09-24 22:39:59 +03:00
Jakub Zelenka
2f744cd3c5 Add and use function for loading cipher mode info 2015-09-23 19:56:24 +01:00
Anatol Belski
ca89d9a797 expose openssl config path so it can be tested 2015-09-23 19:48:20 +02:00
Anatol Belski
15d43095d7 expose openssl config path so it can be tested 2015-09-23 14:17:03 +02:00
Jakub Zelenka
96698b5d6d Add and check AEAD params in openssl_encrypt and openssl_decrypt 2015-09-21 18:48:21 +01:00
Jakub Zelenka
2ed246ed89 Add an initial preparation for OpenSSL AEAD 2015-09-20 14:00:24 +01:00
Jakub Zelenka
6a81363405 Require at least OpenSSL version 0.9.8 2015-09-20 13:01:15 +01:00
Jakub Zelenka
76783a26d2 Merge branch 'PHP-5.6' into PHP-7.0 2015-09-20 12:38:58 +01:00
Jakub Zelenka
dcd569aad6 Use tabs for arg info indent in openssl.c 2015-09-20 12:34:35 +01:00
Jakub Zelenka
e235cb65fb Fix request #70438: Add IV parameter for openssl_seal and openssl_open 2015-09-06 19:09:56 +01:00
Jakub Zelenka
473ccf47a5 Merge branch 'PHP-5.6' 2015-09-06 16:42:37 +01:00
Jakub Zelenka
d47029167d Fix bug #60632: openssl_seal fails with AES 2015-09-06 16:39:59 +01:00
Christoph M. Becker
28e82cc714 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fix #70395: Missing ARG_INFO for openssl_seal()
 2015-09-05 03:19:43 +02:00
Christoph M. Becker
43b26c7b21 Fix #70395: Missing ARG_INFO for openssl_seal() 
This patch adds the missing ARG_INFO for the optional 5th parameter $method.
 2015-09-05 03:08:02 +02:00
Jakub Zelenka
6b9f31ab74 Merge branch 'PHP-5.6' 2015-08-27 20:17:33 +01:00
Jakub Zelenka
ad028ebc11 Use new range checks in openssl ext 2015-08-26 19:55:29 +01:00
Jakub Zelenka
c39336d1d8 Fix bug #55259 (openssl extension does not get the DH parameters from DH key resource) 2015-08-25 20:26:11 +01:00
Jakub Zelenka
7ad1703413 Add overflow check for openssl_pkcs12_read 2015-08-20 19:29:54 +01:00
Jakub Zelenka
c3f0c87564 Add overflow checks for openssl_pkey_* functions 2015-08-19 20:10:14 +01:00
Jakub Zelenka
478ecc674b Move overflow checks in openssl_pbkdf2 2015-08-19 20:06:58 +01:00
Jakub Zelenka
6a201b3651 Use macros for openssl overflow checks 
It reduces code duplications
 2015-08-18 20:17:04 +01:00
Jakub Zelenka
618c327a56 Fix possible overflow in openssl_pbkdf2 
Especially key_length would lead to the crash if it overflowed
to the negative value.
 2015-08-18 19:46:59 +01:00
Jakub Zelenka
c4a98e876c Check and use correct signature_len type for EVP_VerifyFinal 2015-08-17 18:43:02 +01:00
Jakub Zelenka
f3abea9f91 Fix some int overflows in openssl 
There might be more. I just did a quick check for enc/dec, rand
and one BN call.
 2015-08-16 15:43:00 +01:00
Stanislav Malyshev
ed709d5aa0 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c
 2015-08-04 15:29:13 -07:00
Stanislav Malyshev
69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
 2015-08-04 14:10:57 -07:00