archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
135757 commits 526 branches 1434 tags 865 MiB
Commit graph

964 commits

Author SHA1 Message Date
Niels Dossche
08a9579883
Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure 
Closes GH-18750.
 2025-06-03 23:45:51 +02:00
Niels Dossche
29f96fb1f1
Fix potential leaks when writing to BIO fails 
When the BIO is created but writing fails, these can leak.

Closes GH-18186.
 2025-04-11 21:02:37 +02:00
Niels Dossche
5e68671f88
Fix inverted call to php_openssl_store_errors() 
This calls php_openssl_store_errors() in the success path right now,
change it to call php_openssl_store_errors() in the error path.
 2025-04-02 20:25:21 +02:00
Niels Dossche
0dc600c69a
Fix openssl_random_pseudo_bytes() always setting strong_result to true 
This regressed in 62c7432f, prior to that commit the value was set to
false in case random number generation failed, but now even if an
exception is thrown it is set to true. This likely does not _really_
matter as the user will handle the exception, still the value in
$strong_result is observable.
 2025-04-02 20:25:21 +02:00
Niels Dossche
74720a22f3
Fix memory leak in openssl_sign() when passing invalid algorithm 
Closes GH-18185.
 2025-04-02 20:15:53 +02:00
Niels Dossche
80dd5a0306
Fix wrong merge 2024-11-09 11:49:08 +01:00
Niels Dossche
591fe92724
Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix memory leak in php_openssl_pkey_from_zval()
  Fix various memory leaks related to openssl exports
  Prevent unexpected array entry conversion when reading key
 2024-11-09 11:01:21 +01:00
Niels Dossche
994e866cf2
Fix memory leak in php_openssl_pkey_from_zval() 
Closes GH-16691.
 2024-11-09 10:58:44 +01:00
Niels Dossche
2f4f09f7e6
Fix various memory leaks related to openssl exports 
Closes GH-16692.
 2024-11-09 10:58:17 +01:00
Niels Dossche
ac8d0e57d9
Prevent unexpected array entry conversion when reading key 
When passing an array, the key entry can get converted to a string if it
is an object, but this actually modifies the original array entry.
The test originally outputted:

```
array(2) {
  [0]=>
  string(...) => ...
  [1]=>
  string(0) ""
}
```

This is unexpected. Use zval_try_get_string() to prevent this behaviour.

Closes GH-16693.
 2024-11-09 10:57:50 +01:00
Niels Dossche
673e8d1011
Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix various memory leaks on error conditions in openssl_x509_parse()
 2024-11-04 20:04:18 +01:00
Niels Dossche
5ddb75660d
Fix various memory leaks on error conditions in openssl_x509_parse() 
Closes GH-16690.
 2024-11-04 20:03:53 +01:00
Christoph M. Becker
931762c626
Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16433: Large values for openssl_csr_sign() $days overflow
 2024-10-16 11:09:00 +02:00
Christoph M. Becker
2bdf2f9100
Fix GH-16433: Large values for openssl_csr_sign() $days overflow 
The `offset_sec` parameter of `X509_gmtime_adj()` expects a `long`, but
the `$days` parameter of `openssl_csr_sign()` a `zend_long`.  We must
avoid signed integer overflow (UB), but also must not silently truncate.
Thus we check the given `$days` for the permissible range, and bail out
otherwise.

Closes GH-16437.
 2024-10-16 11:08:02 +02:00
Christoph M. Becker
76a819e7d1
Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16357: openssl may modify member types of certificate arrays
 2024-10-12 16:06:44 +02:00
Christoph M. Becker
549bcdb7fb
Fix GH-16357: openssl may modify member types of certificate arrays 
We must not use `try_convert_to_string()` on members of unseparated
array arguments; instead of separating, we use `zval_try_get_string()`.

Closes GH-16370.
 2024-10-12 16:05:31 +02:00
David Carlier
719c74e919 Merge branch 'PHP-8.2' into PHP-8.3 2024-01-14 18:24:08 +00:00
David Carlier
5e2a586c9a ext/openssl: fix libressl build. 
Close GH-12919
 2024-01-14 18:23:18 +00:00
Jakub Zelenka
3c176d4189
Merge branch 'PHP-8.2' into PHP-8.3 2023-12-21 16:43:16 +00:00
Jakub Zelenka
7c4763ab8b
Fix GH-12987: openssl_csr_sign might leak new cert on error 
Closes GH-12988
 2023-12-21 16:42:09 +00:00
Jakub Zelenka
b3947744c7
Merge branch 'PHP-8.2' into PHP-8.3 2023-11-17 19:43:34 +00:00
Jakub Zelenka
f90b40416f
Fix #50713: openssl_pkcs7_verify() may ignore untrusted CAs 
Closes GH-12499
 2023-11-17 19:42:28 +00:00
Jakub Zelenka
ac07b6e7ac
Merge branch 'PHP-8.2' into PHP-8.3 2023-10-22 13:23:10 +01:00
Jakub Zelenka
b2f6b6ea9c
Merge branch 'PHP-8.1' into PHP-8.2 2023-10-22 13:21:56 +01:00
Jakub Zelenka
83a242ec0c
Fix GH-12489: Missing sigbio creation checking in openssl_cms_verify 
Closes GH-12490
 2023-10-22 13:20:43 +01:00
Eno
0dadd6616a
Improve openssl ext to generate EC keys with custom EC parameters 
This change extends supported parameter when generating EC keys.

Specifically following parameters are now supported: p, a, b, order,
generator, seed, cofactory, g_x, g_y, x, y and d.

Those parameters can be passed to ec field in openssl_pkey_new options.

It also fixes some issues openssl_pkey_get_details related to SM2
support.

Closes GH-9991
 2023-07-06 15:51:50 +01:00
Florian Moser
4d4b9604ca
Fix GH-11054: Reset OpenSSL errors when using a PEM public key 
The error happens when the PEM contains a public key, as it will be
first tried to be parsed as a certificate. The parsing as a certificate
fails, which then leads to a corresponding error tracked by PHP with
the next call to php_openssl_store_errors().

This change introduces an error marking to be able to reset the stored
errors to the state before trying the certificate.

Closes GH-11055
 2023-05-06 11:56:31 +01:00
Niels Dossche
aef5250eae Merge branch 'PHP-8.2' 
* PHP-8.2:
  Add missing error check on PEM_write_bio_PKCS7()
  Add missing error check on PEM_write_bio_CMS()
  Add missing error check on i2d_PKCS12_bio()
  Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit()
 2023-03-05 22:16:23 +01:00
Niels Dossche
a13cca8a81 Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Add missing error check on PEM_write_bio_PKCS7()
  Add missing error check on PEM_write_bio_CMS()
  Add missing error check on i2d_PKCS12_bio()
  Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit()
 2023-03-05 22:12:36 +01:00
Niels Dossche
22c9e7e27e Add missing error check on PEM_write_bio_PKCS7() 
Closes GH-10752.
 2023-03-05 22:07:43 +01:00
nielsdos
51ea4a680d Add missing error check on PEM_write_bio_CMS() 
On failure, this function returns 0. 2 other callers of this function
already check the return value, but this one was missed.
 2023-03-05 22:06:23 +01:00
nielsdos
d2ef1561fb Add missing error check on i2d_PKCS12_bio() 
This function returns 0 on error and 1 on success. The error case was
not checked and the function therefore would've returned true.
The only other caller of i2d_PKCS12_bio() in the file has
a correct error check.

Closes GH-10761.
 2023-03-05 22:05:53 +01:00
George Peter Banyard
f13d541ca6
Fix GCC 12 compiler warnings (#10713) 
* Fix -Wunused-but-set-variable compiler warning in ext/mysqli

* Fix -Wstrict-prototypes compiler warning in ext/mysqlnd

* Fix -Wstrict-prototypes compiler warning in ext/soap

* Fix -Wunused-but-set-variable compiler warning in ext/exif

However, this code looks really sketchy...

* Fix -Wstrict-prototypes compiler warning in ext/openssl

* Fix -Wstrict-prototypes compiler warning in ext/dba

Add void to our bundled libraries

* Refactor bundled BCMath library

Fix -Wdeprecated-non-prototype compiler warnings
Use bool instead of char/int
Cleanup some useless header includes
 2023-02-28 14:21:01 +00:00
Niels Dossche
f0cfebc2b8 Use zend_result where appropriate in ext/openssl 
Remove dead code

s is always NULL, so the check is always false.

Closes GH-10704.
 2023-02-26 08:28:23 +00:00
Dmitry Stogov
0d011e4626 Revert "Merge branch 'PHP-8.0' into PHP-8.1" 
This reverts commit 0116864cd3, reversing
changes made to 1f715f5658.
 2023-01-16 11:15:30 +03:00
Tim Düsterhus
0116864cd3
Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Revert "Make build work with newer OpenSSL"
  [ci skip] Next release will be 8.0.28
  [ci skip] Prepare for PHP 8.0.27 GA
 2023-01-12 21:48:23 +01:00
Gabriel Caruso
255e08ac56
Revert "Make build work with newer OpenSSL" 
This reverts commit 5f90134bb6.
 2023-01-03 13:00:44 -03:00
Stanislav Malyshev
5f90134bb6 Make build work with newer OpenSSL 2022-12-18 22:52:30 -07:00
Jakub Zelenka
eb83e0206c
Merge branch 'PHP-8.2' 2022-11-25 14:08:17 +00:00
Jakub Zelenka
c8d8bf7c59
Merge branch 'PHP-8.1' into PHP-8.2 2022-11-25 14:07:41 +00:00
Jakub Zelenka
500b28ad04
Fix GH-10000: Test failures when OpenSSL compiled with no-dsa 2022-11-25 14:02:03 +00:00
Jakub Zelenka
d526773d20
Merge branch 'PHP-8.2' 2022-11-25 12:51:23 +00:00
Jakub Zelenka
c022ce92fb
Merge branch 'PHP-8.1' into PHP-8.2 2022-11-25 12:50:38 +00:00
Jakub Zelenka
ce57221376 Fix GH-9064: PHP fails to build if openssl was built with no-ec 2022-11-25 12:49:12 +00:00
Jakub Zelenka
ce58ae5e79
Merge branch 'PHP-8.2' 2022-11-24 18:30:57 +00:00
Jakub Zelenka
3d90a24e93
Fix GH-9997: OpenSSL engine clean up segfault 2022-11-24 18:29:44 +00:00
Jakub Zelenka
59f8f2df9c
Merge branch 'PHP-8.2' 2022-10-23 00:40:19 +01:00
Jakub Zelenka
3e2184f795
Fix OpenSSL conflicting merge for compilation issue with old digests 2022-10-23 00:39:42 +01:00
Jakub Zelenka
14c2480396
Merge branch 'PHP-8.2' 2022-10-22 22:15:12 +01:00
Jakub Zelenka
cb3d5a772d
Merge branch 'PHP-8.1' into PHP-8.2 2022-10-22 22:14:27 +01:00