[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/openssl openssl.c
iliaa Tue Oct 14 23:40:25 2008 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/opensslopenssl.c /php-srcNEWS Log: MFB: Fixed bug #46271 (local_cert option is not resolved to full path) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.46&r2=1.98.2.5.2.47&diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.46 php-src/ext/openssl/openssl.c:1.98.2.5.2.47 --- php-src/ext/openssl/openssl.c:1.98.2.5.2.46 Sun May 4 21:19:17 2008 +++ php-src/ext/openssl/openssl.c Tue Oct 14 23:40:25 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.98.2.5.2.46 2008/05/04 21:19:17 colder Exp $ */ +/* $Id: openssl.c,v 1.98.2.5.2.47 2008/10/14 23:40:25 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -3918,30 +3918,33 @@ X509 *cert = NULL; EVP_PKEY *key = NULL; SSL *tmpssl; + char resolved_path_buff[MAXPATHLEN]; - /* a certificate to use for authentication */ - if (SSL_CTX_use_certificate_chain_file(ctx, certfile) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile); - return NULL; - } + if (VCWD_REALPATH(certfile, resolved_path_buff)) { + /* a certificate to use for authentication */ + if (SSL_CTX_use_certificate_chain_file(ctx, resolved_path_buff) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile); + return NULL; + } - if (SSL_CTX_use_PrivateKey_file(ctx, certfile, SSL_FILETYPE_PEM) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", certfile); - return NULL; - } + if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff); + return NULL; + } - tmpssl = SSL_new(ctx); - cert = SSL_get_certificate(tmpssl); + tmpssl = SSL_new(ctx); + cert = SSL_get_certificate(tmpssl); - if (cert) { - key = X509_get_pubkey(cert); - EVP_PKEY_copy_parameters(key, SSL_get_privatekey(tmpssl)); - EVP_PKEY_free(key); - } - SSL_free(tmpssl); + if (cert) { + key = X509_get_pubkey(cert); + EVP_PKEY_copy_parameters(key, SSL_get_privatekey(tmpssl)); + EVP_PKEY_free(key); + } + SSL_free(tmpssl); - if (!SSL_CTX_check_private_key(ctx)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Private key does not match certificate!"); + if (!SSL_CTX_check_private_key(ctx)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Private key does not match certificate!"); + } } } if (ok) { http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1256&r2=1.2027.2.547.2.1257&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.1256 php-src/NEWS:1.2027.2.547.2.1257 --- php-src/NEWS:1.2027.2.547.2.1256Tue Oct 14 17:43:19 2008 +++ php-src/NEWSTue Oct 14 23:40:25 2008 @@ -5,6 +5,7 @@ using FETCH_CLASSTYPE). (Felipe) - Fixed bug #46274, #46249 (pdo_pgsql always fill in NULL for empty BLOB and segfaults when returned by SELECT). (Felipe) +- Fixed bug #46271 (local_cert option is not resolved to full path). (Ilia) - Fixed bug #46246 (difference between call_user_func(array($this, $method)) and $this->$method()). (Dmitry) - Fixed bug #46139 (PDOStatement->setFetchMode() forgets FETCH_PROPS_LATE). -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/openssl openssl.c /ext/standard filestat.c php_filestat.h /ext/standard/tests/file 005_basic.phpt 005_error.phpt bug43137.phpt /main/streams plain_wrapp
janiWed Oct 31 13:23:07 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/standard/tests/filebug43137.phpt Modified files: /php-srcNEWS /php-src/ext/opensslopenssl.c /php-src/ext/standard filestat.c php_filestat.h /php-src/ext/standard/tests/file005_basic.phpt 005_error.phpt /php-src/main/streams plain_wrapper.c Log: MFH: - Fixed Bug #43137 (rmdir() and rename() do not clear statcache) http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.992&r2=1.2027.2.547.2.993&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.992 php-src/NEWS:1.2027.2.547.2.993 --- php-src/NEWS:1.2027.2.547.2.992 Wed Oct 31 12:58:24 2007 +++ php-src/NEWSWed Oct 31 13:23:05 2007 @@ -3,6 +3,7 @@ ?? ??? 2007, PHP 5.2.5RC2 - Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. (Dmitry) +- Fixed bug #43137 (rmdir() and rename() do not clear statcache). (Jani) 18 Oct 2007, PHP 5.2.5RC1 - Upgraded PCRE to version 7.3 (Nuno) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.41&r2=1.98.2.5.2.42&diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.41 php-src/ext/openssl/openssl.c:1.98.2.5.2.42 --- php-src/ext/openssl/openssl.c:1.98.2.5.2.41 Wed Aug 8 06:29:46 2007 +++ php-src/ext/openssl/openssl.c Wed Oct 31 13:23:06 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.98.2.5.2.41 2007/08/08 06:29:46 pajoye Exp $ */ +/* $Id: openssl.c,v 1.98.2.5.2.42 2007/10/31 13:23:06 jani Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -46,6 +46,9 @@ #include #include +/* Common */ +#include + #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/filestat.c?r1=1.136.2.8.2.14&r2=1.136.2.8.2.15&diff_format=u Index: php-src/ext/standard/filestat.c diff -u php-src/ext/standard/filestat.c:1.136.2.8.2.14 php-src/ext/standard/filestat.c:1.136.2.8.2.15 --- php-src/ext/standard/filestat.c:1.136.2.8.2.14 Fri Sep 21 14:05:18 2007 +++ php-src/ext/standard/filestat.c Wed Oct 31 13:23:06 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: filestat.c,v 1.136.2.8.2.14 2007/09/21 14:05:18 tony2001 Exp $ */ +/* $Id: filestat.c,v 1.136.2.8.2.15 2007/10/31 13:23:06 jani Exp $ */ #include "php.h" #include "safe_mode.h" @@ -698,14 +698,10 @@ /* }}} */ #endif -/* {{{ proto void clearstatcache(void) - Clear file stat cache */ -PHP_FUNCTION(clearstatcache) +/* {{{ php_clear_stat_cache() +*/ +PHPAPI void php_clear_stat_cache(TSRMLS_D) { - if (ZEND_NUM_ARGS()) { - WRONG_PARAM_COUNT; - } - if (BG(CurrentStatFile)) { efree(BG(CurrentStatFile)); BG(CurrentStatFile) = NULL; @@ -718,6 +714,17 @@ } /* }}} */ +/* {{{ proto void clearstatcache(void) + Clear file stat cache */ +PHP_FUNCTION(clearstatcache) +{ + if (ZEND_NUM_ARGS()) { + WRONG_PARAM_COUNT; + } + php_clear_stat_cache(TSRMLS_C); +} +/* }}} */ + #define IS_LINK_OPERATION(__t) ((__t) == FS_TYPE || (__t) == FS_IS_LINK || (__t) == FS_LSTAT) #define IS_EXISTS_CHECK(__t) ((__t) == FS_EXISTS || (__t) == FS_IS_W || (__t) == FS_IS_R || (__t) == FS_IS_X || (__t) == FS_IS_FILE || (__t) == FS_IS_DIR || (__t) == FS_IS_LINK) #define IS_ABLE_CHECK(__t) ((__t) == FS_IS_R || (__t) == FS_IS_W || (__t) == FS_IS_X) http://cvs.php.net/viewvc.cgi/php-src/ext/standard/php_filestat.h?r1=1.24.2.4.2.1&r2=1.24.2.4.2.2&diff_format=u Index: php-src/ext/standard/php_filestat.h diff -u php-src/ext/standard/php_filestat.h:1.24.2.4.2.1 php-src/ext/standard/php_filestat.h:1.24.2.4.2.2 --- php-src/ext/standard/php_filestat.h:1.24.2.4.2.1Mon Jan 1 09:36:08 2007 +++ php-src/ext/standard/php_filestat.h Wed Oct 31 13:23:06 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_filestat.h,v 1.24.2.4.2.1 2007/01/01 09:36:08 sebastian Exp $ */ +/* $Id: php_filestat.h,v 1.24.2.4.2.2 2007/10/31 13:23:06 jani Exp $ */ #ifndef PHP_FILESTAT_H #define PHP_FILESTAT_H @@ -87,6 +87,7 @@ typedef int php_stat_len; #endif +PHPAPI void php_clear_stat_cache(TSRMLS_D); PHPAPI void php_stat(const char *filename, php_stat_len filename_length, int type, zval *return_value TSRMLS_DC); /* Switches for various filestat functions: */ http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/file/005_basic.phpt?r1=1.1.2.1&r2=1.1.2.2&diff_format=u Index: php-src/ext/standard/tests/file/005_basic.phpt diff -u php-src/ext/standard/tests/file/005_basic.phpt:1.1.2.1 php-src/ext/standard/tests/file/005_basic.phpt:1.1.2.2 --- php-src/ext/standard/tests/file/005_basic.phpt:
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/openssl openssl.c /ext/openssl/tests bug28382.phpt
dmitry Wed Jul 11 12:18:14 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS /php-src/ext/opensslopenssl.c /php-src/ext/openssl/tests bug28382.phpt Log: mproced openssl_x509_parse() to return extensions in readable form http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.826&r2=1.2027.2.547.2.827&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.826 php-src/NEWS:1.2027.2.547.2.827 --- php-src/NEWS:1.2027.2.547.2.826 Tue Jul 10 20:25:49 2007 +++ php-src/NEWSWed Jul 11 12:18:13 2007 @@ -6,6 +6,7 @@ - Upgraded PCRE to version 7.2 (Nuno) - Updated timezone database to version 2007.6. (Derick) +- Improced openssl_x509_parse() to return extensions in readable form. (Dmitry) - Improved fix for MOPB-03-2007. (Ilia) - Corrected fix for CVE-2007-2872. (Ilia) - Enabled statement cache for non-persistent OCI8 connections. @@ -30,6 +31,7 @@ - Added CURLOPT_PRIVATE & CURLINFO_PRIVATE constants. (Andrey A. Belashkov, Tony) +- Fixed crash in OpenSSL extension because of non-strin passphrase. (Dmitry) - Fixed var_export() to use the new H modifier so that it can generate parseable PHP code for floats, independent of the locale. (Derick) - Fixed regression introduced by the fix for the libgd bug #74. (Pierre) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.37&r2=1.98.2.5.2.38&diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.37 php-src/ext/openssl/openssl.c:1.98.2.5.2.38 --- php-src/ext/openssl/openssl.c:1.98.2.5.2.37 Wed Jul 11 07:36:12 2007 +++ php-src/ext/openssl/openssl.c Wed Jul 11 12:18:14 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.98.2.5.2.37 2007/07/11 07:36:12 dmitry Exp $ */ +/* $Id: openssl.c,v 1.98.2.5.2.38 2007/07/11 12:18:14 dmitry Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -999,8 +999,10 @@ char * tmpstr; zval * subitem; X509_EXTENSION *extension; - ASN1_OCTET_STRING *extdata; char *extname; + BIO *bio_out; + BUF_MEM *bio_buf; + char buf[256]; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Z|b", &zcert, &useshortnames) == FAILURE) { return; @@ -1082,9 +1084,20 @@ for (i = 0; i < X509_get_ext_count(cert); i++) { extension = X509_get_ext(cert, i); - extdata = X509_EXTENSION_get_data(extension); - extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); - add_assoc_asn1_string(subitem, extname, extdata); + if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { + extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); + } else { + OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); + extname = buf; + } + bio_out = BIO_new(BIO_s_mem()); + if (X509V3_EXT_print(bio_out, extension, 0, 0)) { + BIO_get_mem_ptr(bio_out, &bio_buf); + add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); + } else { + add_assoc_asn1_string(subitem, extname, X509_EXTENSION_get_data(extension)); + } + BIO_free(bio_out); } add_assoc_zval(return_value, "extensions", subitem); http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug28382.phpt?r1=1.1.2.5&r2=1.1.2.6&diff_format=u Index: php-src/ext/openssl/tests/bug28382.phpt diff -u php-src/ext/openssl/tests/bug28382.phpt:1.1.2.5 php-src/ext/openssl/tests/bug28382.phpt:1.1.2.6 --- php-src/ext/openssl/tests/bug28382.phpt:1.1.2.5 Wed May 30 15:40:26 2007 +++ php-src/ext/openssl/tests/bug28382.phpt Wed Jul 11 12:18:14 2007 @@ -14,25 +14,28 @@ --EXPECTF-- array(11) { ["basicConstraints"]=> - string(2) "%s" + string(8) "CA:FALSE" ["nsComment"]=> - string(40) "%s" + string(38) "For Grid use only; request tag userTag" ["nsCertType"]=> - string(4) "%s" + string(30) "SSL Client, SSL Server, S/MIME" ["crlDistributionPoints"]=> - string(56) "%s" + string(51) "URI:http://mobile.blue-software.ro:90/ca/crl.shtml +" ["nsCaPolicyUrl"]=> - string(40) "%s" + string(38) "http://mobile.blue-software.ro:90/pub/"; ["subjectAltName"]=> - string(26) "%s" + string(28) "email:[EMAIL PROTECTED]" ["subjectKeyIdentifier"]=> - string(22) "%s" + string(59) "B0:A7:FF:F9:41:15:DE:23:39:BD:DD:31:0F:97:A0:B2:A2:74:E0:FC" ["authorityKeyIdentifier"]=> - string(159) "%s" + string(115) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/[EMAIL PROTECTED] +serial:00 +" ["keyUsage"]=> - string(4) "%s" + string(71) "Digital Signat
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/openssl openssl.c
pajoye Sat May 19 22:05:08 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS /php-src/ext/opensslopenssl.c Log: - #41423. PHP assumes wrongly that certain ciphers are enabled in OpenSSL http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.723&r2=1.2027.2.547.2.724&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.723 php-src/NEWS:1.2027.2.547.2.724 --- php-src/NEWS:1.2027.2.547.2.723 Sat May 19 20:30:35 2007 +++ php-src/NEWSSat May 19 22:05:08 2007 @@ -21,6 +21,8 @@ - Fixed segfault in strripos(). (Tony, Joxean Koret) - Fixed bug #41430 (Fatal error with negative values of maxlen parameter of file_get_contents()). (Tony) +- fixed bug #41423 (PHP assumes wrongly that certain ciphers are enabled in + OpenSSL) (Pierre) - Fixed bug #41421 (Uncaught exception from a stream wrapper segfaults). (Tony, Dmitry) - Fixed bug #41403 (json_decode cannot decode floats if localeconv http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.33&r2=1.98.2.5.2.34&diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.33 php-src/ext/openssl/openssl.c:1.98.2.5.2.34 --- php-src/ext/openssl/openssl.c:1.98.2.5.2.33 Sun May 13 17:37:32 2007 +++ php-src/ext/openssl/openssl.c Sat May 19 22:05:08 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.98.2.5.2.33 2007/05/13 17:37:32 iliaa Exp $ */ +/* $Id: openssl.c,v 1.98.2.5.2.34 2007/05/19 22:05:08 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -707,11 +707,15 @@ REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT); /* Ciphers */ +#ifndef OPENSSL_NO_RC2 REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_RC2_40", PHP_OPENSSL_CIPHER_RC2_40, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_RC2_128", PHP_OPENSSL_CIPHER_RC2_128, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_RC2_64", PHP_OPENSSL_CIPHER_RC2_64, CONST_CS|CONST_PERSISTENT); +#endif +#ifndef OPENSSL_NO_DES REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_DES", PHP_OPENSSL_CIPHER_DES, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("OPENSSL_CIPHER_3DES", PHP_OPENSSL_CIPHER_3DES, CONST_CS|CONST_PERSISTENT); +#endif /* Values for key types */ REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_RSA", OPENSSL_KEYTYPE_RSA, CONST_CS|CONST_PERSISTENT); @@ -2928,6 +2932,7 @@ /* sanity check the cipher */ switch (cipherid) { +#ifndef OPENSSL_NO_RC2 case PHP_OPENSSL_CIPHER_RC2_40: cipher = EVP_rc2_40_cbc(); break; @@ -2937,12 +2942,17 @@ case PHP_OPENSSL_CIPHER_RC2_128: cipher = EVP_rc2_cbc(); break; +#endif + +#ifndef OPENSSL_NO_DES case PHP_OPENSSL_CIPHER_DES: cipher = EVP_des_cbc(); break; case PHP_OPENSSL_CIPHER_3DES: cipher = EVP_des_ede3_cbc(); break; +#endif + default: php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid cipher type `%ld'", cipherid); goto clean_exit; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/openssl openssl.c /ext/openssl/tests bug41353.phpt
iliaa Sun May 13 17:37:33 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/openssl/tests bug41353.phpt Modified files: /php-srcNEWS /php-src/ext/opensslopenssl.c Log: Fixed bug #41353 (crash in openssl_pkcs12_read() on invalid input). http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.698&r2=1.2027.2.547.2.699&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.698 php-src/NEWS:1.2027.2.547.2.699 --- php-src/NEWS:1.2027.2.547.2.698 Fri May 11 12:22:00 2007 +++ php-src/NEWSSun May 13 17:37:32 2007 @@ -8,6 +8,7 @@ - Fixed altering $this via argument named "this". (Dmitry) - Fixed PHP CLI to use the php.ini from the binary location. (Hannes) - Fixed segfault in strripos(). (Tony, Joxean Koret) +- Fixed bug #41353 (crash in openssl_pkcs12_read() on invalid input). (Ilia) - Fixed bug #41351 (Invalid opcode with foreach ($a[] as $b)). (Dmitry, Tony) - Fixed bug #41347 (checkdnsrr() segfaults on empty hostname). (Scott) - Fixed bug #41337 (WSDL parsing doesn't ignore non soap bindings). (Dmitry) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.32&r2=1.98.2.5.2.33&diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.32 php-src/ext/openssl/openssl.c:1.98.2.5.2.33 --- php-src/ext/openssl/openssl.c:1.98.2.5.2.32 Thu Apr 5 18:08:42 2007 +++ php-src/ext/openssl/openssl.c Sun May 13 17:37:32 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.98.2.5.2.32 2007/04/05 18:08:42 rrichards Exp $ */ +/* $Id: openssl.c,v 1.98.2.5.2.33 2007/05/13 17:37:32 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -1541,13 +1541,13 @@ } /* }}} */ -/* {{{ proto bool openssl_pkcs12_read(mixed PKCS12, array &certs, string pass) +/* {{{ proto bool openssl_pkcs12_read(string PKCS12, array &certs, string pass) Parses a PKCS12 to an array */ PHP_FUNCTION(openssl_pkcs12_read) { - zval *zp12 = NULL, *zout = NULL, *zextracerts, *zcert, *zpkey; - char * pass; - int pass_len; + zval *zout = NULL, *zextracerts, *zcert, *zpkey; + char *pass, *zp12; + int pass_len, zp12_len; PKCS12 * p12 = NULL; EVP_PKEY * pkey = NULL; X509 * cert = NULL; @@ -1555,14 +1555,14 @@ BIO * bio_in = NULL; int i; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zzs", &zp12, &zout, &pass, &pass_len) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szs", &zp12, &zp12_len, &zout, &pass, &pass_len) == FAILURE) return; RETVAL_FALSE; bio_in = BIO_new(BIO_s_mem()); - if(!BIO_write(bio_in, Z_STRVAL_P(zp12), Z_STRLEN_P(zp12))) + if(!BIO_write(bio_in, zp12, zp12_len)) goto cleanup; if(d2i_PKCS12_bio(bio_in, &p12)) { http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug41353.phpt?view=markup&rev=1.1 Index: php-src/ext/openssl/tests/bug41353.phpt +++ php-src/ext/openssl/tests/bug41353.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/openssl openssl.c
pajoye Wed Nov 15 23:28:06 2006 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS /php-src/ext/opensslopenssl.c Log: - MFH: #39217, serialNumber might be -1 when the value is too big http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.365&r2=1.2027.2.547.2.366&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.365 php-src/NEWS:1.2027.2.547.2.366 --- php-src/NEWS:1.2027.2.547.2.365 Wed Nov 15 18:34:56 2006 +++ php-src/NEWSWed Nov 15 23:28:05 2006 @@ -65,6 +65,8 @@ of overloaded array). (Dmitry) - Fixed bug #39265 (Fixed path handling inside mod_files.sh). (michal dot taborsky at gmail dot com, Ilia) +- Fixed bug #39217 (serialNumber might be -1 when the value is too large) + (Pierre, Tony) - Fixed bug #39215 (Inappropriate close of stdin/stdout/stderr). (Wez,Ilia) - Fixed bug #39151 (Parse error in recursiveiteratoriterator.php). (Marcus) - Fixed bug #39121 (Incorrect return array handling in non-wsdl soap client). http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.23&r2=1.98.2.5.2.24&diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.23 php-src/ext/openssl/openssl.c:1.98.2.5.2.24 --- php-src/ext/openssl/openssl.c:1.98.2.5.2.23 Sun Oct 15 21:09:24 2006 +++ php-src/ext/openssl/openssl.c Wed Nov 15 23:28:06 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.98.2.5.2.23 2006/10/15 21:09:24 tony2001 Exp $ */ +/* $Id: openssl.c,v 1.98.2.5.2.24 2006/11/15 23:28:06 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -1003,7 +1003,8 @@ add_assoc_name_entry(return_value, "issuer", X509_get_issuer_name(cert), useshortnames TSRMLS_CC); add_assoc_long(return_value, "version", X509_get_version(cert)); - add_assoc_long(return_value, "serialNumber", ASN1_INTEGER_get(X509_get_serialNumber(cert))); + + add_assoc_string(return_value, "serialNumber", i2s_ASN1_INTEGER(NULL, X509_get_serialNumber(cert)), 1); add_assoc_asn1_string(return_value, "validFrom", X509_get_notBefore(cert)); add_assoc_asn1_string(return_value, "validTo", X509_get_notAfter(cert)); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/openssl openssl.c
tony2001Fri Sep 8 20:10:47 2006 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS /php-src/ext/opensslopenssl.c Log: implement feature request #38731 (openssl_pkey_new does not support DSA key generation) patch by marci at balabit dot hu http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.238&r2=1.2027.2.547.2.239&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.238 php-src/NEWS:1.2027.2.547.2.239 --- php-src/NEWS:1.2027.2.547.2.238 Wed Sep 6 17:25:57 2006 +++ php-src/NEWSFri Sep 8 20:10:46 2006 @@ -1,6 +1,8 @@ 'PHP NEWS ||| ?? Sep 2006, PHP 5.2.0RC4 +- Added DSA key generation support to openssl_pkey_new(), FR #38731 + (marci at balabit dot hu, Tony) - Removed current working directory from the php.ini search path for CLI and readded it for other SAPIs (restore to pre 5.1.x behaviour). (Edin) - Fixed bug #38700 (SoapClient::__getTypes never returns). (Dmitry) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.18&r2=1.98.2.5.2.19&diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.18 php-src/ext/openssl/openssl.c:1.98.2.5.2.19 --- php-src/ext/openssl/openssl.c:1.98.2.5.2.18 Thu Sep 7 14:11:05 2006 +++ php-src/ext/openssl/openssl.c Fri Sep 8 20:10:47 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.98.2.5.2.18 2006/09/07 14:11:05 iliaa Exp $ */ +/* $Id: openssl.c,v 1.98.2.5.2.19 2006/09/08 20:10:47 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -2051,9 +2051,27 @@ if ((req->priv_key = EVP_PKEY_new()) != NULL) { switch(req->priv_key_type) { case OPENSSL_KEYTYPE_RSA: - if (EVP_PKEY_assign_RSA(req->priv_key, RSA_generate_key(req->priv_key_bits, 0x10001, NULL, NULL))) + if (EVP_PKEY_assign_RSA(req->priv_key, RSA_generate_key(req->priv_key_bits, 0x10001, NULL, NULL))) { return_val = req->priv_key; + } + break; +#ifndef NO_DSA + case OPENSSL_KEYTYPE_DSA: + { + DSA *dsapar = DSA_generate_parameters(req->priv_key_bits, NULL, 0, NULL, NULL, NULL, NULL); + if (dsapar) { + DSA_set_method(dsapar, DSA_get_default_method()); + if (DSA_generate_key(dsapar)) { + if (EVP_PKEY_assign_DSA(req->priv_key, dsapar)) { + return_val = req->priv_key; + } + } else { + DSA_free(dsapar); + } + } + } break; +#endif default: php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unsupported private key type"); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/openssl openssl.c php_openssl.h
pajoye Tue Aug 15 20:27:20 2006 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS /php-src/ext/opensslphp_openssl.h openssl.c Log: - add openssl_csr_get_subject() and openssl_csr_get_public_key() http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.205&r2=1.2027.2.547.2.206&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.205 php-src/NEWS:1.2027.2.547.2.206 --- php-src/NEWS:1.2027.2.547.2.205 Tue Aug 15 20:13:47 2006 +++ php-src/NEWSTue Aug 15 20:27:20 2006 @@ -29,6 +29,7 @@ . Added openssl_pkey_get_details, returns the details of a key . Added x509 v3 extensions support . Added a new constant OPENSSL_KEYTYPE_EC + . Added openssl_csr_get_subject() and openssl_csr_get_public_key() - Fixed overflow on 64bit systems in str_repeat() and wordwrap(). (Stefan E.) - Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/php_openssl.h?r1=1.16.2.1.2.1&r2=1.16.2.1.2.2&diff_format=u Index: php-src/ext/openssl/php_openssl.h diff -u php-src/ext/openssl/php_openssl.h:1.16.2.1.2.1 php-src/ext/openssl/php_openssl.h:1.16.2.1.2.2 --- php-src/ext/openssl/php_openssl.h:1.16.2.1.2.1 Tue Aug 15 00:38:04 2006 +++ php-src/ext/openssl/php_openssl.h Tue Aug 15 20:27:20 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: php_openssl.h,v 1.16.2.1.2.1 2006/08/15 00:38:04 pajoye Exp $ */ +/* $Id: php_openssl.h,v 1.16.2.1.2.2 2006/08/15 20:27:20 pajoye Exp $ */ #ifndef PHP_OPENSSL_H #define PHP_OPENSSL_H @@ -67,7 +67,8 @@ PHP_FUNCTION(openssl_csr_export); PHP_FUNCTION(openssl_csr_export_to_file); PHP_FUNCTION(openssl_csr_sign); - +PHP_FUNCTION(openssl_csr_get_subject); +PHP_FUNCTION(openssl_csr_get_public_key); #else #define phpext_openssl_ptr NULL http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.10&r2=1.98.2.5.2.11&diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.10 php-src/ext/openssl/openssl.c:1.98.2.5.2.11 --- php-src/ext/openssl/openssl.c:1.98.2.5.2.10 Tue Aug 15 00:38:04 2006 +++ php-src/ext/openssl/openssl.c Tue Aug 15 20:27:20 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.98.2.5.2.10 2006/08/15 00:38:04 pajoye Exp $ */ +/* $Id: openssl.c,v 1.98.2.5.2.11 2006/08/15 20:27:20 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -113,6 +113,8 @@ PHP_FE(openssl_csr_export, second_arg_force_ref) PHP_FE(openssl_csr_export_to_file, NULL) PHP_FE(openssl_csr_sign,NULL) + PHP_FE(openssl_csr_get_subject, NULL) + PHP_FE(openssl_csr_get_public_key, NULL) PHP_FE(openssl_sign,second_arg_force_ref) PHP_FE(openssl_verify, NULL) @@ -248,9 +250,13 @@ ASN1_STRING * str = NULL; ASN1_OBJECT * obj; - MAKE_STD_ZVAL(subitem); - array_init(subitem); - + if (key != NULL) { + MAKE_STD_ZVAL(subitem); + array_init(subitem); + } else { + subitem = val; + } + for (i = 0; i < X509_NAME_entry_count(name); i++) { ne = X509_NAME_get_entry(name, i); obj = X509_NAME_ENTRY_get_object(ne); @@ -291,7 +297,9 @@ } } } - zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void *)&subitem, sizeof(subitem), NULL); + if (key != NULL) { + zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void *)&subitem, sizeof(subitem), NULL); + } } /* }}} */ @@ -1527,8 +1535,6 @@ } /* }}} */ - - /* {{{ proto bool openssl_csr_export(resource csr, string &out [, bool notext=true]) Exports a CSR to file or a var */ PHP_FUNCTION(openssl_csr_export) @@ -1789,6 +1795,61 @@ } /* }}} */ +/* {{{ proto mixed openssl_csr_get_subject(mixed csr) + Returns the subject of a CERT or FALSE on error */ +PHP_FUNCTION(openssl_csr_get_subject) +{ + zval * zcsr; + zend_bool use_shortnames = 1; + long csr_resource; + X509_NAME * subject; + X509_REQ * csr; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|b", &zcsr, &use_shortnames) == FAILURE) { + return; + } + + csr = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC); + + if (csr == NULL) { + RETURN_FALSE; + } + + subject = X509_REQ_get_subject_name(csr); + + array_init(return_value); + add_assoc_name_entry(return_value, NULL, subject, use_shortnames TSRMLS_CC); + return; +} +/* }}} */ + +/* {{{ proto mixed openssl_csr_get_public_key(mixed csr) + Returns the subject of a CERT or FALSE on error */ +PHP_FUNCTION(op
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/openssl openssl.c php_openssl.h
pajoye Tue Aug 15 00:38:04 2006 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS /php-src/ext/opensslopenssl.c php_openssl.h Log: - add OPENSSL_KEYTYPE_EC constant - openssl_pkey_get_details(), returns the key details http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.202&r2=1.2027.2.547.2.203&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.202 php-src/NEWS:1.2027.2.547.2.203 --- php-src/NEWS:1.2027.2.547.2.202 Mon Aug 14 20:11:52 2006 +++ php-src/NEWSTue Aug 15 00:38:04 2006 @@ -26,9 +26,9 @@ - Improved OpenSSL extension: (Pierre) . Added support for all supported algorithms in openssl_verify - . Implement #36732 (req/x509 extensions support for openssl_csr_new and -openssl_csr_sign) (ben at psc dot edu, Pierre) - . Implement #28382 (openssl_x509_parse() extensions support) + . Added openssl_pkey_get_details, returns the details of a key + . Added x509 v3 extensions support + . Added a new constant OPENSSL_KEYTYPE_EC - Fixed overflow on 64bit systems in str_repeat() and wordwrap(). (Stefan E.) - Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are @@ -106,8 +106,11 @@ destruction). (Ilia) - Fixed bug #37265 (Added missing safe_mode & open_basedir checks to imap_body()). (Ilia) +- Implement #36732 (req/x509 extensions support for openssl_csr_new and + openssl_csr_sign) (ben at psc dot edu, Pierre) - Fixed bug #35973 (Error ORA-24806 occurs when trying to fetch a NCLOB field). (Tony) +- Implement #28382 (openssl_x509_parse() extensions support) (Pierre) 24 Jul 2006, PHP 5.2.0RC1 - Updated bundled MySQL client library to version 5.0.22 in the Windows http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.9&r2=1.98.2.5.2.10&diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.9 php-src/ext/openssl/openssl.c:1.98.2.5.2.10 --- php-src/ext/openssl/openssl.c:1.98.2.5.2.9 Mon Jul 31 03:41:19 2006 +++ php-src/ext/openssl/openssl.c Tue Aug 15 00:38:04 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.98.2.5.2.9 2006/07/31 03:41:19 iliaa Exp $ */ +/* $Id: openssl.c,v 1.98.2.5.2.10 2006/08/15 00:38:04 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -60,11 +60,17 @@ ZEND_ARG_PASS_INFO(1) ZEND_END_ARG_INFO(); +/* FIXME: Use the openssl constants instead of + * enum. It is now impossible to match real values + * against php constants. Also sorry to break the + * enum principles here, BC... + */ enum php_openssl_key_type { OPENSSL_KEYTYPE_RSA, OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DH, - OPENSSL_KEYTYPE_DEFAULT = OPENSSL_KEYTYPE_RSA + OPENSSL_KEYTYPE_DEFAULT = OPENSSL_KEYTYPE_RSA, + OPENSSL_KEYTYPE_EC = OPENSSL_KEYTYPE_DH +1 }; enum php_openssl_cipher_type { @@ -87,6 +93,7 @@ PHP_FE(openssl_pkey_export_to_file, NULL) PHP_FE(openssl_pkey_get_private,NULL) PHP_FE(openssl_pkey_get_public, NULL) + PHP_FE(openssl_pkey_get_details,NULL) PHP_FALIAS(openssl_free_key,openssl_pkey_free, NULL) PHP_FALIAS(openssl_get_privatekey, openssl_pkey_get_private, NULL) @@ -680,6 +687,7 @@ REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_DSA", OPENSSL_KEYTYPE_DSA, CONST_CS|CONST_PERSISTENT); #endif REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_DH", OPENSSL_KEYTYPE_DH, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_EC", OPENSSL_KEYTYPE_EC, CONST_CS|CONST_PERSISTENT); /* Determine default SSL configuration file */ config_filename = getenv("OPENSSL_CONF"); @@ -2216,6 +2224,61 @@ /* }}} */ +/* {{{ proto resource openssl_pkey_get_details(resource key) + returns an array with the key details (bits, pkey, type)*/ +PHP_FUNCTION(openssl_pkey_get_details) +{ + zval *key; + EVP_PKEY *pkey; + BIO *out; + unsigned int pbio_len; + char *pbio; + long ktype; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &key) == FAILURE) { + return; + } + ZEND_FETCH_RESOURCE(pkey, EVP_PKEY *, &key, -1, "OpenSSL key", le_key); + if (!pkey) { + RETURN_FALSE; + } + out = BIO_new(BIO_s_mem()); + PEM_write_bio_PUBKEY(out, pkey); + pbio_len = BIO_get_mem_data(out, &pbio); + + array_init(return_value); + add_assoc_long(return_value, "bits", EVP_PKEY_bits(pkey)); + add_assoc_stringl(return_value, "key", pbio, pbio_len, 1); + /*TODO: Use the real values once the openssl constants are used +* See the enum at the top of this file +*/ + switch (EVP_PKEY_type(pkey->type)) { + case EVP_PKEY_RSA: + case EVP_PKEY_
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/openssl openssl.c /ext/openssl/tests bug38261.phpt
pajoye Sun Jul 30 16:26:19 2006 UTC Added files: (Branch: PHP_5_2) /php-src/ext/openssl/tests bug38261.phpt Modified files: /php-srcNEWS /php-src/ext/opensslopenssl.c Log: - 38261: openssl_x509_parse leaks with invalid certs http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.163&r2=1.2027.2.547.2.164&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.163 php-src/NEWS:1.2027.2.547.2.164 --- php-src/NEWS:1.2027.2.547.2.163 Sun Jul 30 11:19:56 2006 +++ php-src/NEWSSun Jul 30 16:26:19 2006 @@ -19,6 +19,7 @@ - Fixed phpinfo() cutoff of variables at \0. (Ilia) - Fixed a bug in the filter extension that prevented magic_quotes_gpc from being applied when RAW filter is used. (Ilia) +- Fixed bug #38261 (openssl_x509_parse() leaks with invalid cert) (Pierre) - Fixed bug #38255 (openssl possible leaks while passing keys) (Pierre) - Fixed bug #38253 (PDO produces segfault with default fetch mode). (Tony) - Fixed bug #38236 (Binary data gets corrupted on multipart/formdata POST). http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.5&r2=1.98.2.5.2.6&diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.5 php-src/ext/openssl/openssl.c:1.98.2.5.2.6 --- php-src/ext/openssl/openssl.c:1.98.2.5.2.5 Sun Jul 30 09:18:06 2006 +++ php-src/ext/openssl/openssl.c Sun Jul 30 16:26:19 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.98.2.5.2.5 2006/07/30 09:18:06 pajoye Exp $ */ +/* $Id: openssl.c,v 1.98.2.5.2.6 2006/07/30 16:26:19 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -784,6 +784,11 @@ return NULL; } + + if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) { + return NULL; + } + /* force it to be a string and check if it refers to a file */ convert_to_string_ex(val); http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug38261.phpt?view=markup&rev=1.1 Index: php-src/ext/openssl/tests/bug38261.phpt +++ php-src/ext/openssl/tests/bug38261.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php