archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-17 14:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
122692 commits 526 branches 1434 tags 869 MiB
Commit graph

635 commits

Author SHA1 Message Date
Nikita Popov
af7445b9ac Try to fix intermittent failures of stream_server_reneg_limit.phpt on macos 
Make sure the server has started up before we try to connect to it.
 2021-01-04 14:31:42 +01:00
Jakub Zelenka
a87d620543 Merge branch 'PHP-7.4' into PHP-8.0 2020-11-27 16:35:16 +00:00
Jakub Zelenka
b855907f54 Merge branch 'PHP-7.3' into PHP-7.4 2020-11-27 16:33:47 +00:00
Jakub Zelenka
685708160e Fix test for bug62890 to not depend on system cert store 2020-11-27 16:32:43 +00:00
Nikita Popov
7727a02276 Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix bug #79983: Add support for OCB mode
 2020-10-19 11:09:17 +02:00
Nikita Popov
750a74ed9c Fix bug #79983: Add support for OCB mode 
OCB mode ciphers were already exposed to openssl_encrypt/decrypt,
but misbehaved, because they were not treated as AEAD ciphers.
From that perspective, OCB should be treated the same way as GCM.
In OpenSSL 1.1 the necessary controls were unified under
EVP_CTRL_AEAD_* (and OCB is only supported since OpenSSL 1.1).

Closes GH-6337.
 2020-10-19 11:09:00 +02:00
Nikita Popov
2540f68d0e Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Allow passing $tag for non-authenticated encryption
 2020-10-14 10:56:51 +02:00
Nikita Popov
6c6a58e930 Allow passing $tag for non-authenticated encryption 
openssl_encrypt() currently throws a warning if the $tag out
parameter is passed for a non-authenticated cipher. This violates
the principle that a function should behave the same if a parameter
is not passed, and if the default value is passed for the parameter.

I believe this warning should simply be dropped and the $tag be
populated with null, as is already the case. Otherwise, it is not
possible to use openssl_encrypt() in generic wrapper APIs, that are
compatible with both authenticated and non-authenticated encryption.

Closes GH-6333.
 2020-10-14 10:54:06 +02:00
Nikita Popov
2cd2ca8884 Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Revert "Add missing X509 purpose constants"
 2020-10-12 12:56:21 +02:00
Nikita Popov
41e4a77077 Revert "Add missing X509 purpose constants" 
This reverts commit 1e53e14bc3.

This fails on Travis.
 2020-10-12 12:56:07 +02:00
Nikita Popov
da60849fa1 Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Add missing X509 purpose constants
 2020-10-12 11:53:22 +02:00
Vincent JARDIN
1e53e14bc3 Add missing X509 purpose constants 
X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available
from OpenSSL for many years:

  - X509_PURPOSE_OCSP_HELPER, since 2001
  - X509_PURPOSE_TIMESTAMP_SIGN, since 2006

Also drop the ifdef check for X509_PURPOSE_ANY, as it is always
available in supported OpenSSL versions.

Closes GH-6312.
 2020-10-12 11:51:08 +02:00
Stanislav Malyshev
e14f835d8c Merge branch 'PHP-7.4' 
* PHP-7.4:
  Update UPGRADING
  Update UPGRADING
  Update NEWS & UPGRADING
  Do not decode cookie names anymore
  Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
 2020-09-28 22:55:37 -07:00
Stanislav Malyshev
c4dc080245 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Update UPGRADING
  Update NEWS & UPGRADING
  Do not decode cookie names anymore
  Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
 2020-09-28 22:54:57 -07:00
Stanislav Malyshev
2f5cb702ff Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV) 2020-09-28 21:43:11 -07:00
Stanislav Malyshev
a9e4321846 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Update NEWS & UPGRADING
  Do not decode cookie names anymore
  Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
 2020-09-28 21:39:34 -07:00
Stanislav Malyshev
0216630ea2 Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV) 2020-09-26 23:46:53 -07:00
Nikita Popov
c5401854fc Run tidy 
This should fix most of the remaining issues with tabs and spaces
being mixed in tests.
 2020-09-18 14:28:32 +02:00
Remi Collet
effa3b0883 missing fix for test for new param. name 2020-09-16 07:58:53 +02:00
Máté Kocsis
fa5a25b8bb
Adjust ext/openssl parameter names 
Closes GH-6121
 2020-09-15 14:27:54 +02:00
Matteo Beccati
385423442a Fix broken test 
Since e8e4ddce
 2020-09-13 10:02:13 +02:00
Máté Kocsis
e8e4ddce77
Improve parameter handling in ext/openssl 
Closes GH-6025
 2020-09-12 22:08:41 +02:00
Máté Kocsis
9975986b7e
Improve error messages mentioning parameters instead of arguments 
Closes GH-5999
 2020-09-09 10:47:43 +02:00
Nikita Popov
3e14942756 Require $method parameter in openssl_seal/openssl_open 
RC4 is considered insecure, and it's not possible to change the
default of these functions. As such, require the method to be
passed explicitly.

Closes GH-6093.
 2020-09-08 14:21:01 +02:00
George Peter Banyard
4522cbb789 Promote various OpenSSL warnings into Errors 
Closes GH-5111
 2020-08-16 18:59:52 +02:00
Máté Kocsis
7aacc705d0
Add many missing closing PHP tags to tests 
Closes GH-5958
 2020-08-09 22:03:36 +02:00
Máté Kocsis
9f44eca6b6
Convert resources to objects in ext/openssl 
Closes GH-5860

Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
 2020-08-01 22:47:20 +02:00
Nikita Popov
80b4d49f90 Merge branch 'PHP-7.4' 
* PHP-7.4:
  Fixed bug #79881
 2020-07-22 10:21:29 +02:00
Nikita Popov
657a832a77 Fixed bug #79881 2020-07-22 10:21:24 +02:00
Fabien Villepinte
0c6d06ecfa Replace EXPECTF when possible 
Closes GH-5779
 2020-06-29 21:31:44 +02:00
Nikita Popov
cd7d96610c Merge branch 'PHP-7.4' 2020-06-19 09:44:56 +02:00
Nikita Popov
21a2da2349 Generate temporary config file when generating certificates 
The putenv trick doesn't work on ZTS Windows, so generate a new
openssl config every time.
 2020-06-19 09:43:56 +02:00
Nikita Popov
b5f5da4211 Merge branch 'PHP-7.4' 2020-06-18 15:56:14 +02:00
Nikita Popov
8ba0624a09 Downgrade server security level in security level test 
We want to test the client side error here, so make sure the
server side can start up successfully.
 2020-06-18 15:54:02 +02:00
Nikita Popov
472352f5a7 Merge branch 'PHP-7.4' 2020-06-18 15:49:43 +02:00
Nikita Popov
c7fe71c8b7 Add SubjectAltName support to certificate generator 
And switch tests using SAN certificates to the generator.

This is ugly, but there doesn't seem to be a more direct way
to privide SAN in PHP.
 2020-06-18 15:49:08 +02:00
Nikita Popov
c2a6395dcb Downgrade security level in tests using TLS < 1.2 
A few additional tests have been added on master that require
lower security level.
 2020-06-18 15:08:24 +02:00
Nikita Popov
f3ff070034 Merge branch 'PHP-7.4' 2020-06-18 15:02:02 +02:00
Nikita Popov
72b3987c2d Generate certificates for bug69215.phpt 2020-06-18 14:58:48 +02:00
Nikita Popov
58ca47aff6 Generate certificate for bug68920.phpt 
The certificate really doesn't matter here, but it still needs to
comply with security level...
 2020-06-18 14:49:15 +02:00
Nikita Popov
dd7d161ccf Generate certificate for bug65729.pem 
Make this test pass under security level 2.
 2020-06-18 14:43:57 +02:00
Nikita Popov
4f0ae4ad6e Merge branch 'PHP-7.4' 2020-06-18 14:22:29 +02:00
Nikita Popov
2c0d47c4b4 Revert "Fix tests regarding OpenSSL security_level" 
This reverts commit b281493503.
 2020-06-18 14:22:20 +02:00
Christoph M. Becker
5989b09d18 Merge branch 'PHP-7.4' 
* PHP-7.4:
  Fix tests regarding OpenSSL security_level
 2020-06-18 13:29:33 +02:00
Christoph M. Becker
b281493503 Fix tests regarding OpenSSL security_level 
The `security_level` stream option is only available as of OpenSSL
1.1.0, so we only set it for these versions.  Older OpenSSL versions
do not have security levels at all.
 2020-06-18 13:28:09 +02:00
Nikita Popov
20664d6023 Merge branch 'PHP-7.4' 2020-06-18 10:49:56 +02:00
Nikita Popov
6b702eea15 Migrate some tests to certificate generator 
This migrates all the tests using ext/openssl/tests/streams_crypto_method.pem
to the certificate generator, so we can easily adjust needed parameters.
In particular, this makes the cert security level 2 compatible.

However, we still need to downgrade security_level to 1 in a number
of tests, because they are testing TLS < 1.2 connections.
 2020-06-18 10:49:36 +02:00
Nikita Popov
9b70a831a2 Merge branch 'PHP-7.4' 2020-06-17 22:16:11 +02:00
Nikita Popov
52c2f1126d Use sha256 as digest algorithm in certificate generator 
This makes the generated certificates compatible with security
level 2, which is apparently the default on Ubuntu 20.04.

Unfortunately this does not fix all tests, because some are using
pre-generated certificates.
 2020-06-17 22:15:00 +02:00
Christoph M. Becker
4b76a2ddb3 Merge branch 'PHP-7.4' 
* PHP-7.4:
  Fix #62890: default_socket_timeout=-1 causes connection to timeout
 2020-06-09 16:48:41 +02:00