archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
140069 commits 526 branches 1434 tags 865 MiB
Commit graph

2001 commits

Author SHA1 Message Date
Jakub Zelenka
f52a59ff4f
Merge branch 'PHP-8.3' into PHP-8.4 2025-08-09 17:44:25 +02:00
Jakub Zelenka
9e2aa658a8
Fix GH-19428: openssl_pkey_derive segfaults for DH derive with low key_length 
This happens only for OpenSSL 1.1.1 because key_length is ignored for
DH. It means that the provided string is overwritten with longer buffer.
 2025-08-09 17:43:04 +02:00
Niels Dossche
0f731b455c
Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix error return check of EVP_CIPHER_CTX_ctrl()
  Fix memleak on failure in collator_get_sort_key()
 2025-07-15 20:38:22 +02:00
Niels Dossche
cd8722304c
Fix error return check of EVP_CIPHER_CTX_ctrl() 
OpenSSL can return -1 on error [1, 2], and OpenBSD's docs confirm this
[3]. Change all checks to <= 0.

[1] b3161bd9a9/crypto/evp/evp_enc.c (L1530-L1531)
[2] b3161bd9a9/crypto/evp/evp_enc.c (L1611)
[3] https://man.openbsd.org/EVP_CIPHER_CTX_ctrl.3

Closes GH-18987.
 2025-07-15 20:37:33 +02:00
Niels Dossche
f938f356cb
Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-18986: OpenSSL backend: incorrect RAND_{load,write}_file() return value check
 2025-07-15 18:50:46 +02:00
Niels Dossche
a8086be81c
Fix GH-18986: OpenSSL backend: incorrect RAND_{load,write}_file() return value check 
As noted by the LibreSSL maintainer, these functions return -1 on error.
This is further confirmed by my static analyzer that inferred the same
thing for OpenSSL.

Closes GH-19013.
 2025-07-15 18:50:19 +02:00
Jakub Zelenka
0d19984cda
Merge branch 'PHP-8.3' into PHP-8.4 2025-07-15 11:24:34 +02:00
Jakub Zelenka
6b2b60f683
Fix bug #80770: openssl cafile not used in SNI SSL_CTX 
The issue is about not being able to connect as cafile for SNI
is not used in its SSL context. This sets it up so it is possible
to capture the client certificate which is only possible when
verify_peer is true.

Closes GH-18893
 2025-07-15 11:23:10 +02:00
Jakub Zelenka
7a15d2a5c0
Merge branch 'PHP-8.3' into PHP-8.4 2025-06-05 18:05:24 +02:00
Jakub Zelenka
444cc78a3e
Skip OpenSSL proxy test for bug #74796 on Windows 2025-06-05 16:18:06 +02:00
Jakub Zelenka
086a470208
Merge branch 'PHP-8.3' into PHP-8.4 2025-06-05 14:10:57 +02:00
Jakub Zelenka
42f6c15186
Fix bug #74796: Requests through http proxy set peer name 
This issue happens because http wrapper sets peer_name but then does not
remove so it stays in the context. The fix removes the peer name from
the context after enabling crypto.

In addition to bug #74796, this also fixes bug #76196.

In addition it should be a final fix for those SOAP bugs:

bug #69783
bug #52913
bug #61463
 2025-06-05 14:08:28 +02:00
Niels Dossche
87ff5479fc
Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure
 2025-06-03 23:46:21 +02:00
Niels Dossche
08a9579883
Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure 
Closes GH-18750.
 2025-06-03 23:45:51 +02:00
Niels Dossche
1e94f3423b
Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Split off php_set_sock_blocking() and s.is_blocked to a separate function
  Fix missing checks against php_set_blocking() in xp_ssl.c
 2025-05-20 08:08:39 +02:00
Niels Dossche
1863014fbd
Split off php_set_sock_blocking() and s.is_blocked to a separate function 
This makes it harder to forget the check and keeps the variable and
function call consistent.

Closes GH-18604.
 2025-05-20 08:08:06 +02:00
Niels Dossche
31ebb42268
Fix missing checks against php_set_blocking() in xp_ssl.c 2025-05-20 08:07:34 +02:00
Niels Dossche
8a927c284d
Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix potential leaks when writing to BIO fails
 2025-04-11 21:02:59 +02:00
Niels Dossche
29f96fb1f1
Fix potential leaks when writing to BIO fails 
When the BIO is created but writing fails, these can leak.

Closes GH-18186.
 2025-04-11 21:02:37 +02:00
Niels Dossche
a6e76ac010
Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix inverted call to php_openssl_store_errors()
  Fix openssl_random_pseudo_bytes() always setting strong_result to true
 2025-04-02 20:25:32 +02:00
Niels Dossche
5e68671f88
Fix inverted call to php_openssl_store_errors() 
This calls php_openssl_store_errors() in the success path right now,
change it to call php_openssl_store_errors() in the error path.
 2025-04-02 20:25:21 +02:00
Niels Dossche
0dc600c69a
Fix openssl_random_pseudo_bytes() always setting strong_result to true 
This regressed in 62c7432f, prior to that commit the value was set to
false in case random number generation failed, but now even if an
exception is thrown it is set to true. This likely does not _really_
matter as the user will handle the exception, still the value in
$strong_result is observable.
 2025-04-02 20:25:21 +02:00
Niels Dossche
d689ff63e8
Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix memory leak in openssl_sign() when passing invalid algorithm
 2025-04-02 20:18:57 +02:00
Niels Dossche
74720a22f3
Fix memory leak in openssl_sign() when passing invalid algorithm 
Closes GH-18185.
 2025-04-02 20:15:53 +02:00
Jakub Zelenka
4936c32772
Merge branch 'PHP-8.3' into PHP-8.4 2025-02-28 14:51:52 +01:00
Jakub Zelenka
6bb56fe0cf
Change openssl_x509_verify test to use cert generator (#17882) 
This also prevents verifying cert with SHA1 signature
 2025-02-28 14:51:12 +01:00
Jakub Zelenka
d2977b026f
Merge branch 'PHP-8.3' into PHP-8.4 2024-12-31 15:20:06 +01:00
Jakub Zelenka
e0dabe326f
Merge branch 'PHP-8.2' into PHP-8.3 2024-12-31 15:05:18 +01:00
Jakub Zelenka
37504f123d
Port OpenSSL gh10495, gh13860 and gh9310 test to use ephemeral ports 2024-12-31 15:02:08 +01:00
Jakub Zelenka
44a9154e75
Merge branch 'PHP-8.1' into PHP-8.2 2024-12-31 14:39:59 +01:00
Jakub Zelenka
b8731767d8
Fix GH-16955: Use empheral ports for OpenSSL server client tests 
And refactor some client server tests.

Closes GH-17180
 2024-12-31 14:25:19 +01:00
Niels Dossche
ef1e1868ed
Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix wrong merge
 2024-11-09 11:49:16 +01:00
Niels Dossche
80dd5a0306
Fix wrong merge 2024-11-09 11:49:08 +01:00
Niels Dossche
fd68e9ba2c
Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix memory leak in php_openssl_pkey_from_zval()
  Fix various memory leaks related to openssl exports
  Prevent unexpected array entry conversion when reading key
 2024-11-09 11:01:29 +01:00
Niels Dossche
591fe92724
Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix memory leak in php_openssl_pkey_from_zval()
  Fix various memory leaks related to openssl exports
  Prevent unexpected array entry conversion when reading key
 2024-11-09 11:01:21 +01:00
Niels Dossche
994e866cf2
Fix memory leak in php_openssl_pkey_from_zval() 
Closes GH-16691.
 2024-11-09 10:58:44 +01:00
Niels Dossche
2f4f09f7e6
Fix various memory leaks related to openssl exports 
Closes GH-16692.
 2024-11-09 10:58:17 +01:00
Niels Dossche
ac8d0e57d9
Prevent unexpected array entry conversion when reading key 
When passing an array, the key entry can get converted to a string if it
is an object, but this actually modifies the original array entry.
The test originally outputted:

```
array(2) {
  [0]=>
  string(...) => ...
  [1]=>
  string(0) ""
}
```

This is unexpected. Use zval_try_get_string() to prevent this behaviour.

Closes GH-16693.
 2024-11-09 10:57:50 +01:00
Niels Dossche
faef0dfb49
Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix various memory leaks on error conditions in openssl_x509_parse()
 2024-11-04 20:04:51 +01:00
Niels Dossche
673e8d1011
Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix various memory leaks on error conditions in openssl_x509_parse()
 2024-11-04 20:04:18 +01:00
Niels Dossche
5ddb75660d
Fix various memory leaks on error conditions in openssl_x509_parse() 
Closes GH-16690.
 2024-11-04 20:03:53 +01:00
Christoph M. Becker
ef1c3b82ff
Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16433: Large values for openssl_csr_sign() $days overflow
 2024-10-16 11:10:12 +02:00
Christoph M. Becker
931762c626
Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16433: Large values for openssl_csr_sign() $days overflow
 2024-10-16 11:09:00 +02:00
Christoph M. Becker
2bdf2f9100
Fix GH-16433: Large values for openssl_csr_sign() $days overflow 
The `offset_sec` parameter of `X509_gmtime_adj()` expects a `long`, but
the `$days` parameter of `openssl_csr_sign()` a `zend_long`.  We must
avoid signed integer overflow (UB), but also must not silently truncate.
Thus we check the given `$days` for the permissible range, and bail out
otherwise.

Closes GH-16437.
 2024-10-16 11:08:02 +02:00
Christoph M. Becker
33fab73730
Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16357: openssl may modify member types of certificate arrays
 2024-10-12 16:07:50 +02:00
Christoph M. Becker
76a819e7d1
Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16357: openssl may modify member types of certificate arrays
 2024-10-12 16:06:44 +02:00
Christoph M. Becker
549bcdb7fb
Fix GH-16357: openssl may modify member types of certificate arrays 
We must not use `try_convert_to_string()` on members of unseparated
array arguments; instead of separating, we use `zval_try_get_string()`.

Closes GH-16370.
 2024-10-12 16:05:31 +02:00
Jakub Zelenka
53cc92c85c
Fix failing openssl_private_decrypt tests 
We backport 11caf094f1af6b47ea2138c5fa907838911ebe01[1] as a step to
get back to a green CI.

[1] <11caf094f1>
 2024-10-07 01:06:04 +02:00
Jakub Zelenka
e05121563f
Merge branch 'PHP-8.3' into PHP-8.4 2024-09-28 16:29:18 +01:00
Jakub Zelenka
37a73a83c3
Merge branch 'PHP-8.2' into PHP-8.3 2024-09-28 16:24:01 +01:00