This is very similar to the DH case, with the primary difference
that priv_key is ignored if pub_key is not given, rather than
generating pub_key from priv_key. Would be nice if these worked
the same (in which case we should probably also unify the keygen
for FFC algorithms, as it's very similar).
All other private keys are exported in PKCS#8 format, while EC
keys use traditional format. Switch them to use PKCS#8 format as
well.
As the OpenSSL docs say:
> PEM_write_bio_PrivateKey_traditional() writes out a private key
> in the "traditional" format with a simple private key marker and
> should only be used for compatibility with legacy programs.
Instead construct a proper EVP_PKEY for the public key and
perform a derive operation.
Unfortunately we can't use a common code path here, because
EVP_PKEY_set1_encoded_public_key() formerly known as
EVP_PKEY_set1_tls_encodedpoint() does not appear to work with
DH keys prior to OpenSSL 3.
Rather than querying whether the EVP_PKEY contains private key
information, determine this at time of construction and store it
in the PHP object.
OpenSSL doesn't provide an API for this purpose, and seems
somewhat reluctant to add one, see
https://github.com/openssl/openssl/issues/9467.
To avoid using deprecated low-level APIs to determine whether
something is a private key ourselves, remember it at the point
of construction.
The recent fix for bug 52093 is not compatible with LibreSSL ≥ 2.7.0,
which we recognize as mostly OpenSSL 1.1.0 compatible, but they still
do not support `ASN1_INTEGER_set_int64()`.
Closes GH-7339.
With OpenSSL 3 ciphers may be registered, but not provided. Make
sure that openssl_get_cipher_methods() only returns provided
ciphers, so that "in_array openssl_get_cipher_methods" style
checks continue working as expected.
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
As these hold on to some internal resource, there can't be two
"equal" objects with different identity. Make sure the lack of
public properties doesn't result in these being treated as always
equal.
openssl_pkey_new() fetches various options from the config file --
most of these are optional, and not specifying them is not an error
condition from the perspective of the user. Unfortunately, the
CONF_get_string() API pushes an error when accessing a key that
doesn't exist (_CONF_get_string does not, but that is presumably a
private API). This commit adds a helper php_openssl_conf_get_string()
that automatically clears the error in this case. I've found that
OpenSSL occasionally does the same thing internally:
22040fb790/apps/req.c (L515-L517)
Closes GH-6699.
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool is retained as an alias.
Apparently treating LibreSSL as OpenSSL 1.1 is not just something
we did in our code, it's something that upstream LibreSSL claims,
despite not actually being compatible. Duh.
Check for EVP_CIPH_OCB_MODE instead, which should reliably
determine support...
While OpenSSL 1.1 allows unconditionally setting the CCM tag length
even for decryption, some older versions apparently do not. As such,
we do need to treat CCM and OCB separately after all.
OCB mode ciphers were already exposed to openssl_encrypt/decrypt,
but misbehaved, because they were not treated as AEAD ciphers.
From that perspective, OCB should be treated the same way as GCM.
In OpenSSL 1.1 the necessary controls were unified under
EVP_CTRL_AEAD_* (and OCB is only supported since OpenSSL 1.1).
Closes GH-6337.
openssl_encrypt() currently throws a warning if the $tag out
parameter is passed for a non-authenticated cipher. This violates
the principle that a function should behave the same if a parameter
is not passed, and if the default value is passed for the parameter.
I believe this warning should simply be dropped and the $tag be
populated with null, as is already the case. Otherwise, it is not
possible to use openssl_encrypt() in generic wrapper APIs, that are
compatible with both authenticated and non-authenticated encryption.
Closes GH-6333.
X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available
from OpenSSL for many years:
- X509_PURPOSE_OCSP_HELPER, since 2001
- X509_PURPOSE_TIMESTAMP_SIGN, since 2006
Also drop the ifdef check for X509_PURPOSE_ANY, as it is always
available in supported OpenSSL versions.
Closes GH-6312.
