Re: [PHP-CVS] cvs: php-src /ext/openssl openssl.c
I guess this does not happen in PHP_5_2..?
--Jani
Pierre-Alain Joye wrote:
pajoye Mon Jul 6 23:36:56 2009 UTC
Modified files:
/php-src/ext/openssl openssl.c
Log:
- #48116, fix build with openssl 1.0
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.181r2=1.182diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.181 php-src/ext/openssl/openssl.c:1.182
--- php-src/ext/openssl/openssl.c:1.181 Mon Apr 20 09:43:45 2009
+++ php-src/ext/openssl/openssl.c Mon Jul 6 23:36:56 2009
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.181 2009/04/20 09:43:45 mkoppanen Exp $ */
+/* $Id: openssl.c,v 1.182 2009/07/06 23:36:56 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -484,8 +484,13 @@
static char default_ssl_conf_filename[MAXPATHLEN];
struct php_x509_request { /* {{{ */
- LHASH * global_config; /* Global SSL config */
- LHASH * req_config; /* SSL config for this request */
+#if OPENSSL_VERSION_NUMBER = 0x1002L
+ LHASH_OF(CONF_VALUE) * global_config; /* Global SSL config */
+ LHASH_OF(CONF_VALUE) * req_config; /* SSL config for this
request */
+#else
+ LHASH * global_config; /* Global SSL config */
+ LHASH * req_config; /* SSL config for this request */
+#endif
const EVP_MD * md_alg;
const EVP_MD * digest;
char* section_name,
@@ -674,7 +679,11 @@
}
/* }}} */
+#if OPENSSL_VERSION_NUMBER = 0x1002L
+static inline int php_openssl_config_check_syntax(const char * section_label,
const char * config_filename, const char * section, LHASH_OF(CONF_VALUE) *
config TSRMLS_DC) /* {{{ */
+#else
static inline int php_openssl_config_check_syntax(const char * section_label,
const char * config_filename, const char * section, LHASH * config TSRMLS_DC)
/* {{{ */
+#endif
{
X509V3_CTX ctx;
@@ -1177,8 +1186,7 @@
if (in == NULL) {
return NULL;
}
-
- cert = (X509 *) PEM_ASN1_read_bio((char *(*)())d2i_X509,
PEM_STRING_X509, in, NULL, NULL, NULL);
+ cert = (X509 *) PEM_ASN1_read_bio((d2i_of_void *)d2i_X509,
PEM_STRING_X509, in, NULL, NULL, NULL);
BIO_free(in);
}
if (cert makeresource resourceval) {
@@ -2931,8 +2939,7 @@
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
assert(pkey-pkey.rsa != NULL);
-
- if (NULL == pkey-pkey.rsa-p || NULL ==
pkey-pkey.rsa-q) {
+ if (pkey-pkey.rsa != NULL (NULL == pkey-pkey.rsa-p ||
NULL == pkey-pkey.rsa-q)) {
return 0;
}
break;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Mon Jul 6 23:36:56 2009 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- #48116, fix build with openssl 1.0
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.181r2=1.182diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.181 php-src/ext/openssl/openssl.c:1.182
--- php-src/ext/openssl/openssl.c:1.181 Mon Apr 20 09:43:45 2009
+++ php-src/ext/openssl/openssl.c Mon Jul 6 23:36:56 2009
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.181 2009/04/20 09:43:45 mkoppanen Exp $ */
+/* $Id: openssl.c,v 1.182 2009/07/06 23:36:56 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -484,8 +484,13 @@
static char default_ssl_conf_filename[MAXPATHLEN];
struct php_x509_request { /* {{{ */
- LHASH * global_config; /* Global SSL config */
- LHASH * req_config; /* SSL config for this request */
+#if OPENSSL_VERSION_NUMBER = 0x1002L
+ LHASH_OF(CONF_VALUE) * global_config; /* Global SSL config */
+ LHASH_OF(CONF_VALUE) * req_config; /* SSL config for this
request */
+#else
+ LHASH * global_config; /* Global SSL config */
+ LHASH * req_config; /* SSL config for this request */
+#endif
const EVP_MD * md_alg;
const EVP_MD * digest;
char* section_name,
@@ -674,7 +679,11 @@
}
/* }}} */
+#if OPENSSL_VERSION_NUMBER = 0x1002L
+static inline int php_openssl_config_check_syntax(const char * section_label,
const char * config_filename, const char * section, LHASH_OF(CONF_VALUE) *
config TSRMLS_DC) /* {{{ */
+#else
static inline int php_openssl_config_check_syntax(const char * section_label,
const char * config_filename, const char * section, LHASH * config TSRMLS_DC)
/* {{{ */
+#endif
{
X509V3_CTX ctx;
@@ -1177,8 +1186,7 @@
if (in == NULL) {
return NULL;
}
-
- cert = (X509 *) PEM_ASN1_read_bio((char *(*)())d2i_X509,
PEM_STRING_X509, in, NULL, NULL, NULL);
+ cert = (X509 *) PEM_ASN1_read_bio((d2i_of_void *)d2i_X509,
PEM_STRING_X509, in, NULL, NULL, NULL);
BIO_free(in);
}
if (cert makeresource resourceval) {
@@ -2931,8 +2939,7 @@
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
assert(pkey-pkey.rsa != NULL);
-
- if (NULL == pkey-pkey.rsa-p || NULL ==
pkey-pkey.rsa-q) {
+ if (pkey-pkey.rsa != NULL (NULL ==
pkey-pkey.rsa-p || NULL == pkey-pkey.rsa-q)) {
return 0;
}
break;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
mkoppanen Mon Apr 20 09:43:45 2009 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
Closes #47991 SSL streams fail if error stack contains items
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.180r2=1.181diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.180 php-src/ext/openssl/openssl.c:1.181
--- php-src/ext/openssl/openssl.c:1.180 Sun Mar 29 23:32:17 2009
+++ php-src/ext/openssl/openssl.c Mon Apr 20 09:43:45 2009
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.180 2009/03/29 23:32:17 scottmac Exp $ */
+/* $Id: openssl.c,v 1.181 2009/04/20 09:43:45 mkoppanen Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -4628,6 +4628,7 @@
char *cipherlist = NULL;
int ok = 1;
+ ERR_clear_error();
/* look at context options in the stream and set appropriate
verification flags */
if (GET_VER_OPT(verify_peer) zval_is_true(*val)) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/openssl openssl.c
hi Scott,
How did you reproduce the crash (ssl version, and with which input or
config)? Please add a test case.
Also please keep an eye on the assign field of a bug report, it is
here for good reasons.
Cheers,
On Mon, Mar 30, 2009 at 1:32 AM, Scott MacVicar scott...@php.net wrote:
scottmac Sun Mar 29 23:32:17 2009 UTC
Modified files:
/php-src/ext/openssl openssl.c
Log:
Fix bug #47828 - Converting to UTF-8 can sometimes fail, check error codes
and avoid segfault.
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.179r2=1.180diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.179
php-src/ext/openssl/openssl.c:1.180
--- php-src/ext/openssl/openssl.c:1.179 Tue Mar 10 23:39:27 2009
+++ php-src/ext/openssl/openssl.c Sun Mar 29 23:32:17 2009
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.179 2009/03/10 23:39:27 helly Exp $ */
+/* $Id: openssl.c,v 1.180 2009/03/29 23:32:17 scottmac Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -557,10 +557,12 @@
str = X509_NAME_ENTRY_get_data(ne);
if (ASN1_STRING_type(str) !=
V_ASN1_UTF8STRING) {
to_add_len =
ASN1_STRING_to_UTF8(to_add, str);
-
add_next_index_utf8_stringl(subentries, (char *)to_add, to_add_len, 1);
} else {
to_add = ASN1_STRING_data(str);
to_add_len = ASN1_STRING_length(str);
+ }
+
+ if (to_add_len != -1) {
add_next_index_utf8_stringl(subentries, (char *)to_add, to_add_len, 1);
}
}
@@ -573,7 +575,7 @@
} else {
zval_dtor(subentries);
FREE_ZVAL(subentries);
- if (obj_cnt str) {
+ if (obj_cnt str to_add_len != -1) {
add_ascii_assoc_utf8_stringl(subitem, sname,
(char *)to_add, to_add_len, 1);
}
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Pierre
http://blog.thepimp.net | http://www.libgd.org
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
scottmacSun Mar 29 23:32:17 2009 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
Fix bug #47828 - Converting to UTF-8 can sometimes fail, check error codes
and avoid segfault.
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.179r2=1.180diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.179 php-src/ext/openssl/openssl.c:1.180
--- php-src/ext/openssl/openssl.c:1.179 Tue Mar 10 23:39:27 2009
+++ php-src/ext/openssl/openssl.c Sun Mar 29 23:32:17 2009
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.179 2009/03/10 23:39:27 helly Exp $ */
+/* $Id: openssl.c,v 1.180 2009/03/29 23:32:17 scottmac Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -557,10 +557,12 @@
str = X509_NAME_ENTRY_get_data(ne);
if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING)
{
to_add_len =
ASN1_STRING_to_UTF8(to_add, str);
- add_next_index_utf8_stringl(subentries,
(char *)to_add, to_add_len, 1);
} else {
to_add = ASN1_STRING_data(str);
to_add_len = ASN1_STRING_length(str);
+ }
+
+ if (to_add_len != -1) {
add_next_index_utf8_stringl(subentries,
(char *)to_add, to_add_len, 1);
}
}
@@ -573,7 +575,7 @@
} else {
zval_dtor(subentries);
FREE_ZVAL(subentries);
- if (obj_cnt str) {
+ if (obj_cnt str to_add_len != -1) {
add_ascii_assoc_utf8_stringl(subitem, sname,
(char *)to_add, to_add_len, 1);
}
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests openssl_random_pseudo_bytes.phpt
scottmacMon Nov 17 21:54:20 2008 UTC
Added files:
/php-src/ext/openssl/tests openssl_random_pseudo_bytes.phpt
Modified files:
/php-src/ext/opensslopenssl.c
Log:
Add openssl_random_pseudo_bytes() in order to expose access to a PRG, this
wraps around whatever the OS provides.
- OpenBSD uses arc4random()
- Windows uses the Windows Crypto API
- FreeBSD, Linux, etc use /dev/random or /dev/urandom if available
[DOC]
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.175r2=1.176diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.175 php-src/ext/openssl/openssl.c:1.176
--- php-src/ext/openssl/openssl.c:1.175 Mon Nov 17 11:26:22 2008
+++ php-src/ext/openssl/openssl.c Mon Nov 17 21:54:20 2008
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.175 2008/11/17 11:26:22 felipe Exp $ */
+/* $Id: openssl.c,v 1.176 2008/11/17 21:54:20 scottmac Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -91,6 +91,7 @@
PHP_FUNCTION(openssl_decrypt);
PHP_FUNCTION(openssl_dh_compute_key);
+PHP_FUNCTION(openssl_random_pseudo_bytes);
/* {{{ arginfo */
ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_x509_export_to_file, 0, 0, 2)
@@ -349,6 +350,11 @@
ZEND_ARG_INFO(0, pub_key)
ZEND_ARG_INFO(0, dh_key)
ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_random_pseudo_bytes, 0, 0, 1)
+ZEND_ARG_INFO(0, length)
+ZEND_ARG_INFO(1, returned_strong_result)
+ZEND_END_ARG_INFO()
/* }}} */
/* {{{ openssl_functions[]
@@ -413,6 +419,7 @@
PHP_FE(openssl_dh_compute_key, arginfo_openssl_dh_compute_key)
+ PHP_FE(openssl_random_pseudo_bytes,
arginfo_openssl_random_pseudo_bytes)
PHP_FE(openssl_error_string, arginfo_openssl_error_string)
{NULL, NULL, NULL}
};
@@ -4968,6 +4975,52 @@
}
/* }}} */
+/* {{{ proto string openssl_random_pseudo_bytes(integer length [, bool
returned_strong_result]) U
+ Returns a string of the length specified filled with random pseudo bytes */
+PHP_FUNCTION(openssl_random_pseudo_bytes)
+{
+ long buffer_length;
+ unsigned char *buffer = NULL;
+ zval *zstrong_result_returned = NULL;
+ int strong_result = 0;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, l|z,
buffer_length, zstrong_result_returned) == FAILURE) {
+ return;
+ }
+
+ if (buffer_length = 0) {
+ RETURN_FALSE;
+ }
+
+ if (zstrong_result_returned) {
+ zval_dtor(zstrong_result_returned);
+ ZVAL_BOOL(zstrong_result_returned, 0);
+ }
+
+ buffer = emalloc(buffer_length);
+
+ if (!buffer) {
+ RETURN_FALSE;
+ }
+
+#ifdef WINDOWS
+RAND_screen();
+#endif
+
+ if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) 0) {
+ RETVAL_FALSE;
+ } else {
+ RETVAL_STRINGL((char *)buffer, buffer_length, 1);
+
+ if (zstrong_result_returned) {
+ ZVAL_BOOL(zstrong_result_returned, strong_result);
+ }
+
+ }
+ efree(buffer);
+}
+/* }}} */
+
/*
* Local variables:
* tab-width: 8
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/openssl_random_pseudo_bytes.phpt?view=markuprev=1.1
Index: php-src/ext/openssl/tests/openssl_random_pseudo_bytes.phpt
+++ php-src/ext/openssl/tests/openssl_random_pseudo_bytes.phpt
--TEST--
openssl_random_pseudo_bytes() tests
--SKIPIF--
?php if (!extension_loaded(openssl)) print skip; ?
--FILE--
?php
for ($i = 0; $i 10; $i++) {
var_dump(bin2hex(openssl_random_pseudo_bytes($i, $strong)));
}
?
--EXPECTF--
unicode(0)
unicode(2) %s
unicode(4) %s
unicode(6) %s
unicode(8) %s
unicode(10) %s
unicode(12) %s
unicode(14) %s
unicode(16) %s
unicode(18) %s
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug41033.pem bug41033.phpt bug41033pub.pem
pajoye Tue Nov 18 02:12:48 2008 UTC Modified files: /php-src/ext/opensslopenssl.c /php-src/ext/openssl/tests bug41033.pem bug41033.phpt bug41033pub.pem Log: - MFB: #41033, enable signing with DSA keys http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.176r2=1.177diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.176 php-src/ext/openssl/openssl.c:1.177 --- php-src/ext/openssl/openssl.c:1.176 Mon Nov 17 21:54:20 2008 +++ php-src/ext/openssl/openssl.c Tue Nov 18 02:12:47 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.176 2008/11/17 21:54:20 scottmac Exp $ */ +/* $Id: openssl.c,v 1.177 2008/11/18 02:12:47 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -55,7 +55,7 @@ #define OPENSSL_ALGO_MD5 2 #define OPENSSL_ALGO_MD4 3 #define OPENSSL_ALGO_MD2 4 - +#define OPENSSL_ALGO_DSS1 5 #define DEBUG_SMIME0 /* FIXME: Use the openssl constants instead of @@ -904,6 +904,9 @@ case OPENSSL_ALGO_MD2: mdtype = (EVP_MD *) EVP_md2(); break; + case OPENSSL_ALGO_DSS1: + mdtype = (EVP_MD *) EVP_dss1(); + break; default: return NULL; break; @@ -983,6 +986,7 @@ REGISTER_LONG_CONSTANT(OPENSSL_ALGO_MD5, OPENSSL_ALGO_MD5, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT(OPENSSL_ALGO_MD4, OPENSSL_ALGO_MD4, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT(OPENSSL_ALGO_MD2, OPENSSL_ALGO_MD2, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT(OPENSSL_ALGO_DSS1, OPENSSL_ALGO_DSS1, CONST_CS|CONST_PERSISTENT); /* flags for S/MIME */ REGISTER_LONG_CONSTANT(PKCS7_DETACHED, PKCS7_DETACHED, CONST_CS|CONST_PERSISTENT); http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug41033.pem?r1=1.1r2=1.2diff_format=u Index: php-src/ext/openssl/tests/bug41033.pem diff -u /dev/null php-src/ext/openssl/tests/bug41033.pem:1.2 --- /dev/null Tue Nov 18 02:12:48 2008 +++ php-src/ext/openssl/tests/bug41033.pem Tue Nov 18 02:12:48 2008 @@ -0,0 +1,12 @@ +-BEGIN DSA PRIVATE KEY- +MIIBuwIBAAKBgQCrQ/By/Y5OQRmmc/e+W+eFVoeR5y8WPOkykwS2hc21aSNY5X3q +8ZHdV467thFd/QCoR55hHTRGRbYmfOkXSiscotU08ISlxIH39EEhFSzwqzkxFfak +cgHEu41AUOIfJ2Dz+vcmuasME159pDP0d0gt55pKRPcXoh916p2VS/FBiQIVAMnQ +C6W+K1brelHqpUqwQ1cdNJklAoGAN858gG/UIF+U3CYTcgl5/OUAqOzvitMV2ue+ +AkDEkGNEZs3KUAjpqHduf1E3znl7hJJIRr+33sul9USxn0vczDBkEJPralQjNX2C +dnYKDDhJ+UKlAFG2JZint4CBKPFiZC0tVo04iDQQUUfDC4c8K3cS5uzypebJyoLo +e5b8rScCgYBedJg6vklhMWv2wZD10hbQaXEX5r8T6EQujbfO0RcKpuaJziPPrXO8 +QwPtLt0f40yjTmPxN3LcpgMymiun9UCSTZ3MhVKekCmSNzs5+lQpCm1VlDrCg+jn +djw0VCX8Cm0lOPIyQ4eCNAB6nQLtBnXFWaqYuUS8iVDE7wmT0iwnkAIVAMKogWVA +ZOKwjTj9Yztv3lGj7VTa +-END DSA PRIVATE KEY- http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug41033.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/openssl/tests/bug41033.phpt diff -u /dev/null php-src/ext/openssl/tests/bug41033.phpt:1.2 --- /dev/null Tue Nov 18 02:12:48 2008 +++ php-src/ext/openssl/tests/bug41033.phpt Tue Nov 18 02:12:48 2008 @@ -0,0 +1,27 @@ +--TEST-- +#41033, enable signing with DSA keys +--SKIPIF-- +?php +if (!extension_loaded(openssl)) die(skip, openssl required); +if (OPENSSL_VERSION_NUMBER 0x009070af) die(skip); +? +--FILE-- +?php +$prv = 'file://' . dirname(__FILE__) . '/' . 'bug41033.pem'; +$pub = 'file://' . dirname(__FILE__) . '/' . 'bug41033pub.pem'; + + +$prkeyid = openssl_get_privatekey($prv, 1234); +$ct = bHello I am some text!; +openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_DSS1); +echo Signature: .base64_encode($signature) . \n; + +$pukeyid = openssl_get_publickey($pub); +$valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_DSS1); +echo Signature validity: . $valid . \n; + + +? +--EXPECTF-- +Signature: %s +Signature validity: 1 http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug41033pub.pem?r1=1.1r2=1.2diff_format=u Index: php-src/ext/openssl/tests/bug41033pub.pem diff -u /dev/null php-src/ext/openssl/tests/bug41033pub.pem:1.2 --- /dev/null Tue Nov 18 02:12:48 2008 +++ php-src/ext/openssl/tests/bug41033pub.pem Tue Nov 18 02:12:48 2008 @@ -0,0 +1,12 @@ +-BEGIN PUBLIC KEY- +MIIBtjCCASsGByqGSM44BAEwggEeAoGBAKtD8HL9jk5BGaZz975b54VWh5HnLxY8 +6TKTBLaFzbVpI1jlferxkd1Xjru2EV39AKhHnmEdNEZFtiZ86RdKKxyi1TTwhKXE +gff0QSEVLPCrOTEV9qRyAcS7jUBQ4h8nYPP69ya5qwwTXn2kM/R3SC3nmkpE9xei +H3XqnZVL8UGJAhUAydALpb4rVut6UeqlSrBDVx00mSUCgYA3znyAb9QgX5TcJhNy +CXn85QCo7O+K0xXa574CQMSQY0RmzcpQCOmod25/UTfOeXuEkkhGv7fey6X1RLGf +S9zMMGQQk+tqVCM1fYJ2dgoMOEn5QqUAUbYlmKe3gIEo8WJkLS1WjTiINBBRR8ML +hzwrdxLm7PKl5snKguh7lvytJwOBhAACgYBedJg6vklhMWv2wZD10hbQaXEX5r8T
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
iliaa Sun Oct 26 14:36:25 2008 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
MFB: Fixed compiler warning
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.172r2=1.173diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.172 php-src/ext/openssl/openssl.c:1.173
--- php-src/ext/openssl/openssl.c:1.172 Fri Oct 24 14:34:14 2008
+++ php-src/ext/openssl/openssl.c Sun Oct 26 14:36:25 2008
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.172 2008/10/24 14:34:14 felipe Exp $ */
+/* $Id: openssl.c,v 1.173 2008/10/26 14:36:25 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -3637,7 +3637,7 @@
}
}
- BIO_reset(infile);
+ (void)BIO_reset(infile);
/* write the encrypted data */
SMIME_write_PKCS7(outfile, p7, infile, flags);
@@ -3732,7 +3732,7 @@
goto clean_exit;
}
- BIO_reset(infile);
+ (void)BIO_reset(infile);
/* tack on extra headers */
if (zheaders) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
iliaa Tue Oct 14 23:39:02 2008 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
MFB: Fixed bug #46271 (local_cert option is not resolved to full path)
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.169r2=1.170diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.169 php-src/ext/openssl/openssl.c:1.170
--- php-src/ext/openssl/openssl.c:1.169 Tue Sep 30 14:40:58 2008
+++ php-src/ext/openssl/openssl.c Tue Oct 14 23:39:02 2008
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.169 2008/09/30 14:40:58 rrichards Exp $ */
+/* $Id: openssl.c,v 1.170 2008/10/14 23:39:02 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -4700,30 +4700,33 @@
X509 *cert = NULL;
EVP_PKEY *key = NULL;
SSL *tmpssl;
+ char resolved_path_buff[MAXPATHLEN];
- /* a certificate to use for authentication */
- if (SSL_CTX_use_certificate_chain_file(ctx, certfile) != 1) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, Unable to
set local cert chain file `%s'; Check that your cafile/capath settings include
details of your certificate and its issuer, certfile);
- return NULL;
- }
+ if (VCWD_REALPATH(certfile, resolved_path_buff)) {
+ /* a certificate to use for authentication */
+ if (SSL_CTX_use_certificate_chain_file(ctx,
resolved_path_buff) != 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
Unable to set local cert chain file `%s'; Check that your cafile/capath
settings include details of your certificate and its issuer, certfile);
+ return NULL;
+ }
- if (SSL_CTX_use_PrivateKey_file(ctx, certfile,
SSL_FILETYPE_PEM) != 1) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, Unable to
set private key file `%s', certfile);
- return NULL;
- }
+ if (SSL_CTX_use_PrivateKey_file(ctx,
resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
Unable to set private key file `%s', resolved_path_buff);
+ return NULL;
+ }
- tmpssl = SSL_new(ctx);
- cert = SSL_get_certificate(tmpssl);
+ tmpssl = SSL_new(ctx);
+ cert = SSL_get_certificate(tmpssl);
- if (cert) {
- key = X509_get_pubkey(cert);
- EVP_PKEY_copy_parameters(key,
SSL_get_privatekey(tmpssl));
- EVP_PKEY_free(key);
- }
- SSL_free(tmpssl);
+ if (cert) {
+ key = X509_get_pubkey(cert);
+ EVP_PKEY_copy_parameters(key,
SSL_get_privatekey(tmpssl));
+ EVP_PKEY_free(key);
+ }
+ SSL_free(tmpssl);
- if (!SSL_CTX_check_private_key(ctx)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, Private
key does not match certificate!);
+ if (!SSL_CTX_check_private_key(ctx)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
Private key does not match certificate!);
+ }
}
}
if (ok) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
rrichards Tue Sep 30 14:40:58 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: initialize keyresource http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.168r2=1.169diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.168 php-src/ext/openssl/openssl.c:1.169 --- php-src/ext/openssl/openssl.c:1.168 Thu Sep 18 16:02:09 2008 +++ php-src/ext/openssl/openssl.c Tue Sep 30 14:40:58 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.168 2008/09/18 16:02:09 scottmac Exp $ */ +/* $Id: openssl.c,v 1.169 2008/09/30 14:40:58 rrichards Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -2408,7 +2408,7 @@ X509 * cert = NULL, *new_cert = NULL; X509_REQ * csr; EVP_PKEY * key = NULL, *priv_key = NULL; - long csr_resource, certresource = 0, keyresource; + long csr_resource, certresource = 0, keyresource = -1; int i; struct php_x509_request req; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
scottmacThu Sep 18 16:02:09 2008 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
Show the library version currently loaded as well as the version the
extension was compiled with. Useful for checking PHP is using the latest
version.
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.167r2=1.168diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.167 php-src/ext/openssl/openssl.c:1.168
--- php-src/ext/openssl/openssl.c:1.167 Tue Aug 5 14:58:57 2008
+++ php-src/ext/openssl/openssl.c Thu Sep 18 16:02:09 2008
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.167 2008/08/05 14:58:57 tony2001 Exp $ */
+/* $Id: openssl.c,v 1.168 2008/09/18 16:02:09 scottmac Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1092,7 +1092,8 @@
{
php_info_print_table_start();
php_info_print_table_row(2, OpenSSL support, enabled);
- php_info_print_table_row(2, OpenSSL Version, OPENSSL_VERSION_TEXT);
+ php_info_print_table_row(2, OpenSSL Library Version,
SSLeay_version(SSLEAY_VERSION));
+ php_info_print_table_row(2, OpenSSL Header Version,
OPENSSL_VERSION_TEXT);
php_info_print_table_end();
}
/* }}} */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Tue Aug 5 14:58:57 2008 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
fix typo
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.166r2=1.167diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.166 php-src/ext/openssl/openssl.c:1.167
--- php-src/ext/openssl/openssl.c:1.166 Wed Jul 30 11:58:43 2008
+++ php-src/ext/openssl/openssl.c Tue Aug 5 14:58:57 2008
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.166 2008/07/30 11:58:43 tony2001 Exp $ */
+/* $Id: openssl.c,v 1.167 2008/08/05 14:58:57 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -3718,7 +3718,7 @@
char * outfilename; int outfilename_len;
char * extracertsfilename; int extracertsfilename_len;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, a!|ls,
ppinfilename,
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, a!|lZ,
ppinfilename,
ppoutfilename, zcert, zprivkey, zheaders,
flags, ppextracertsfilename) == FAILURE) {
return;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Wed Jul 30 11:58:44 2008 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
fix folding
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.165r2=1.166diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.165 php-src/ext/openssl/openssl.c:1.166
--- php-src/ext/openssl/openssl.c:1.165 Fri Jul 18 23:59:49 2008
+++ php-src/ext/openssl/openssl.c Wed Jul 30 11:58:43 2008
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.165 2008/07/18 23:59:49 hnangelo Exp $ */
+/* $Id: openssl.c,v 1.166 2008/07/30 11:58:43 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -392,6 +392,7 @@
ZEND_ARG_INFO(0, dh_key)
ZEND_END_ARG_INFO()
/* }}} */
+
/* {{{ openssl_functions[]
*/
const zend_function_entry openssl_functions[] = {
@@ -513,11 +514,11 @@
}
/* }}} */
-/* {{{ openssl - PHP bridging */
+/* openssl - PHP bridging */
/* true global; readonly after module startup */
static char default_ssl_conf_filename[MAXPATHLEN];
-struct php_x509_request {
+struct php_x509_request { /* {{{ */
LHASH * global_config; /* Global SSL config */
LHASH * req_config; /* SSL config for this request */
const EVP_MD * md_alg;
@@ -534,7 +535,7 @@
EVP_PKEY * priv_key;
};
-
+/* }}} */
static X509 * php_openssl_x509_from_zval(zval ** val, int makeresource, long *
resourceval TSRMLS_DC);
static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char
* passphrase, int makeresource, long * resourceval TSRMLS_DC);
@@ -544,7 +545,6 @@
static X509_REQ * php_openssl_csr_from_zval(zval ** val, int makeresource,
long * resourceval TSRMLS_DC);
static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request *
req TSRMLS_DC);
-
static void add_ascii_assoc_name_entry(zval * val, char * key, X509_NAME *
name, int shortname TSRMLS_DC) /* {{{ */
{
zval *subitem, *subentries;
@@ -707,12 +707,7 @@
}
/* }}} */
-static inline int php_openssl_config_check_syntax(
- const char * section_label,
- const char * config_filename,
- const char * section,
- LHASH * config TSRMLS_DC
- ) /* {{{ */
+static inline int php_openssl_config_check_syntax(const char * section_label,
const char * config_filename, const char * section, LHASH * config TSRMLS_DC)
/* {{{ */
{
X509V3_CTX ctx;
@@ -779,13 +774,7 @@
else \
varname = defval
-
-
-static int php_openssl_parse_config(
- struct php_x509_request * req,
- zval * optional_args
- TSRMLS_DC
- ) /* {{{ */
+static int php_openssl_parse_config(struct php_x509_request * req, zval *
optional_argsTSRMLS_DC) /* {{{ */
{
char * str;
zval ** item;
@@ -4980,7 +4969,6 @@
}
/* }}} */
-
/* {{{ proto string openssl_dh_compute_key(string pub_key, resource dh_key) U
Computes shared sicret for public value of remote DH key and local DH key */
PHP_FUNCTION(openssl_dh_compute_key)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
hnangeloFri Jul 18 23:59:49 2008 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
Add unicode suport to ext/openssl
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.164r2=1.165diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.164 php-src/ext/openssl/openssl.c:1.165
--- php-src/ext/openssl/openssl.c:1.164 Tue Jul 15 03:21:56 2008
+++ php-src/ext/openssl/openssl.c Fri Jul 18 23:59:49 2008
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.164 2008/07/15 03:21:56 hnangelo Exp $ */
+/* $Id: openssl.c,v 1.165 2008/07/18 23:59:49 hnangelo Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -545,7 +545,7 @@
static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request *
req TSRMLS_DC);
-static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int
shortname TSRMLS_DC) /* {{{ */
+static void add_ascii_assoc_name_entry(zval * val, char * key, X509_NAME *
name, int shortname TSRMLS_DC) /* {{{ */
{
zval *subitem, *subentries;
int i, j = -1, last = -1, obj_cnt = 0;
@@ -619,7 +619,7 @@
}
/* }}} */
-static void add_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str)
/* {{{ */
+static void add_ascii_assoc_asn1_string(zval * val, char * key, ASN1_STRING *
str) /* {{{ */
{
unsigned char *data;
int data_len;
@@ -764,7 +764,8 @@
req-config_filename, req-var, req-req_config
TSRMLS_CC) == FAILURE) return FAILURE
#define SET_OPTIONAL_STRING_ARG(key, varname, defval) \
- if (optional_args zend_ascii_hash_find(Z_ARRVAL_P(optional_args),
key, sizeof(key), (void**)item) == SUCCESS) { \
+ if (optional_args (zend_hash_find(Z_ARRVAL_P(optional_args), key,
sizeof(key), (void**)item) == SUCCESS || \
+ zend_ascii_hash_find(Z_ARRVAL_P(optional_args), key,
sizeof(key), (void**)item) == SUCCESS)) { \
convert_to_string_ex(item); \
varname = Z_STRVAL_PP(item); \
} else \
@@ -772,7 +773,8 @@
#define SET_OPTIONAL_LONG_ARG(key, varname, defval)\
- if (optional_args zend_ascii_hash_find(Z_ARRVAL_P(optional_args),
key, sizeof(key), (void**)item) == SUCCESS) \
+ if (optional_args (zend_hash_find(Z_ARRVAL_P(optional_args), key,
sizeof(key), (void**)item) == SUCCESS || \
+ zend_ascii_hash_find(Z_ARRVAL_P(optional_args), key,
sizeof(key), (void**)item) == SUCCESS)) \
varname = Z_LVAL_PP(item); \
else \
varname = defval
@@ -820,7 +822,8 @@
SET_OPTIONAL_LONG_ARG(private_key_type, req-priv_key_type,
OPENSSL_KEYTYPE_DEFAULT);
- if (optional_args zend_hash_find(Z_ARRVAL_P(optional_args),
encrypt_key, sizeof(encrypt_key), (void**)item) == SUCCESS) {
+ if (optional_args (zend_ascii_hash_find(Z_ARRVAL_P(optional_args),
encrypt_key, sizeof(encrypt_key), (void**)item) == SUCCESS ||
+ zend_hash_find(Z_ARRVAL_P(optional_args),
encrypt_key, sizeof(encrypt_key), (void**)item) == SUCCESS)) {
req-priv_key_encrypt = Z_BVAL_PP(item);
} else {
str = CONF_get_string(req-req_config, req-section_name,
encrypt_rsa_key);
@@ -1140,6 +1143,9 @@
static X509 * php_openssl_x509_from_zval(zval ** val, int makeresource, long *
resourceval TSRMLS_DC)
{
X509 *cert = NULL;
+ char *filename = NULL;
+ int filename_len;
+ UChar *unicode_tmp;
if (resourceval) {
*resourceval = -1;
@@ -1165,22 +1171,34 @@
return NULL;
}
- if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) {
+ if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_UNICODE ||
Z_TYPE_PP(val) == IS_OBJECT)) {
return NULL;
}
/* force it to be a string and check if it refers to a file */
- convert_to_string_ex(val);
+ if (Z_TYPE_PP(val) == IS_OBJECT) {
+ convert_to_string_ex(val);
+ }
+
+ /* use u_memcp() if type is unicode */
+ unicode_tmp = USTR_MAKE(file://);
+ if (Z_STRLEN_PP(val) 7 (memcmp(Z_STRVAL_PP(val), file://,
sizeof(file://) - 1) == 0 || u_memcmp(Z_USTRVAL_PP(val), unicode_tmp,
sizeof(file://) - 1) == 0)) {
+ if (php_stream_path_param_encode(val, filename, filename_len,
REPORT_ERRORS, FG(default_context)) == FAILURE) {
+ USTR_FREE(unicode_tmp);
+ return NULL;
+ }
+ filename += sizeof(file://) - 1;
+ }
+ USTR_FREE(unicode_tmp);
- if (Z_STRLEN_PP(val) 7 memcmp(Z_STRVAL_PP(val), file://,
sizeof(file://) - 1) == 0) {
- /* read cert from the named file */
+ if (filename) {
BIO *in;
-
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 006.phpt
hnangeloTue Jul 15 02:46:26 2008 UTC
Modified files:
/php-src/ext/opensslopenssl.c
/php-src/ext/openssl/tests 006.phpt
Log:
Fix segfault caused by openssl_pkey_new() in ext/openssl/tests/006.phpt
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.161r2=1.162diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.161 php-src/ext/openssl/openssl.c:1.162
--- php-src/ext/openssl/openssl.c:1.161 Sat Jun 28 09:24:18 2008
+++ php-src/ext/openssl/openssl.c Tue Jul 15 02:46:26 2008
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.161 2008/06/28 09:24:18 hnangelo Exp $ */
+/* $Id: openssl.c,v 1.162 2008/07/15 02:46:26 hnangelo Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -2950,8 +2950,10 @@
OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data),
rsa, dmp1);
OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data),
rsa, dmq1);
OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data),
rsa, iqmp);
- if (EVP_PKEY_assign_RSA(pkey, rsa)) {
-
RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+ if (rsa-n rsa-d) {
+ if (EVP_PKEY_assign_RSA(pkey,
rsa)) {
+
RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+ }
}
RSA_free(rsa);
}
@@ -2969,11 +2971,13 @@
OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data),
dsa, g);
OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data),
dsa, priv_key);
OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data),
dsa, pub_key);
- if (!dsa-priv_key !dsa-pub_key) {
- DSA_generate_key(dsa);
- }
- if (EVP_PKEY_assign_DSA(pkey, dsa)) {
-
RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+ if (dsa-p dsa-q dsa-g) {
+ if (!dsa-priv_key
!dsa-pub_key) {
+ DSA_generate_key(dsa);
+ }
+ if (EVP_PKEY_assign_DSA(pkey,
dsa)) {
+
RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+ }
}
DSA_free(dsa);
}
@@ -2990,11 +2994,13 @@
OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data),
dh, g);
OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data),
dh, priv_key);
OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data),
dh, pub_key);
- if (!dh-pub_key) {
- DH_generate_key(dh);
- }
- if (EVP_PKEY_assign_DH(pkey, dh)) {
-
RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+ if (dh-p dh-g) {
+ if (!dh-pub_key) {
+ DH_generate_key(dh);
+ }
+ if (EVP_PKEY_assign_DH(pkey,
dh)) {
+
RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+ }
}
DH_free(dh);
}
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/006.phpt?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/openssl/tests/006.phpt
diff -u /dev/null php-src/ext/openssl/tests/006.phpt:1.2
--- /dev/null Tue Jul 15 02:46:26 2008
+++ php-src/ext/openssl/tests/006.phpt Tue Jul 15 02:46:26 2008
@@ -0,0 +1,25 @@
+--TEST--
+openssl_pkey_new() with an empty sub-array arg generates a malformed resource
+--SKIPIF--
+?php if (!extension_loaded(openssl)) print skip; ?
+--FILE--
+?php
+/* openssl_pkey_get_details() segfaults when getting the information
+ from openssl_pkey_new() with an empty sub-array arg */
+
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 023.phpt 025.phpt cert.crt private.key
hnangeloTue Jul 15 03:04:26 2008 UTC
Modified files:
/php-src/ext/opensslopenssl.c
/php-src/ext/openssl/tests 023.phpt 025.phpt cert.crt private.key
Log:
Fix uninitilized variables in openssl_pkcs7_encrypt() and openssl_pkcs7_sign()
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.162r2=1.163diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.162 php-src/ext/openssl/openssl.c:1.163
--- php-src/ext/openssl/openssl.c:1.162 Tue Jul 15 02:46:26 2008
+++ php-src/ext/openssl/openssl.c Tue Jul 15 03:04:25 2008
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.162 2008/07/15 02:46:26 hnangelo Exp $ */
+/* $Id: openssl.c,v 1.163 2008/07/15 03:04:25 hnangelo Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -3513,6 +3513,7 @@
if (zheaders) {
zend_hash_internal_pointer_reset_ex(HASH_OF(zheaders), hpos);
while(zend_hash_get_current_data_ex(HASH_OF(zheaders),
(void**)zcertval, hpos) == SUCCESS) {
+ strindex.s = NULL;
zend_hash_get_current_key_ex(HASH_OF(zheaders),
strindex, strindexlen, intindex, 0, hpos);
convert_to_string_ex(zcertval);
@@ -3622,6 +3623,7 @@
if (zheaders) {
zend_hash_internal_pointer_reset_ex(HASH_OF(zheaders), hpos);
while(zend_hash_get_current_data_ex(HASH_OF(zheaders),
(void**)hval, hpos) == SUCCESS) {
+ strindex.s = NULL;
zend_hash_get_current_key_ex(HASH_OF(zheaders),
strindex, strindexlen, intindex, 0, hpos);
convert_to_string_ex(hval);
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/023.phpt?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/openssl/tests/023.phpt
diff -u /dev/null php-src/ext/openssl/tests/023.phpt:1.2
--- /dev/null Tue Jul 15 03:04:26 2008
+++ php-src/ext/openssl/tests/023.phpt Tue Jul 15 03:04:26 2008
@@ -0,0 +1,65 @@
+--TEST--
+openssl_pkcs7_encrypt() tests
+--SKIPIF--
+?php if (!extension_loaded(openssl)) print skip; ?
+--FILE--
+?php
+$infile = (binary) (dirname(__FILE__) . /cert.crt);
+$outfile = (binary) tempnam(b/tmp, bssl);
+if ($outfile === false)
+ die(failed to get a temporary filename!);
+
+$single_cert = (binary) (file:// . dirname(__FILE__) . /cert.crt);
+$multi_certs = array($single_cert, $single_cert);
+$assoc_headers = array(To = [EMAIL PROTECTED], Subject = testing
openssl_pkcs7_encrypt());
+$assoc_headers_bin = array(bTo = b[EMAIL PROTECTED], bSubject =
btesting openssl_pkcs7_encrypt());
+$headers = array([EMAIL PROTECTED], testing openssl_pkcs7_encrypt());
+$headers_bin = array(b[EMAIL PROTECTED], btesting openssl_pkcs7_encrypt());
+$empty_headers = array();
+$unicode_headers = array(\u0500 = test, test = invalid
unicode\u0500);
+$wrong = wrong;
+$wrong2 = bwrong;
+$empty = b;
+
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $headers));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $headers_bin));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert,
$assoc_headers));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert,
$assoc_headers_bin));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert,
$empty_headers));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert,
$unicode_headers));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $wrong));
+var_dump(openssl_pkcs7_encrypt($wrong, $outfile, $single_cert, $headers));
+var_dump(openssl_pkcs7_encrypt($empty, $outfile, $single_cert, $headers));
+var_dump(openssl_pkcs7_encrypt($infile, $empty, $single_cert, $headers));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong, $headers));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong2, $headers));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $empty, $headers));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $multi_certs, $headers));
+
+if (file_exists($outfile)) {
+ echo true\n;
+ unlink($outfile);
+}
+?
+--EXPECTF--
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+
+Warning: openssl_pkcs7_encrypt() expects parameter 4 to be array, Unicode
string given in %s on line %d
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+
+Warning: openssl_pkcs7_encrypt() expects parameter 4 to be array, binary
string given in %s on line %d
+bool(false)
+bool(true)
+true
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/025.phpt?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/openssl/tests/025.phpt
diff -u /dev/null php-src/ext/openssl/tests/025.phpt:1.2
--- /dev/null Tue Jul 15 03:04:26 2008
+++ php-src/ext/openssl/tests/025.phpt Tue Jul 15 03:04:26 2008
@@ -0,0
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
hnangeloSat Jun 28 09:24:18 2008 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
Fix a memory leak on openssl_decrypt()
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.160r2=1.161diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.160 php-src/ext/openssl/openssl.c:1.161
--- php-src/ext/openssl/openssl.c:1.160 Sun Jun 1 18:25:29 2008
+++ php-src/ext/openssl/openssl.c Sat Jun 28 09:24:18 2008
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.160 2008/06/01 18:25:29 bjori Exp $ */
+/* $Id: openssl.c,v 1.161 2008/06/28 09:24:18 hnangelo Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -4691,10 +4691,9 @@
return;
}
- if (!raw_input) {
- base64_str = (char*)php_base64_decode((unsigned char*)data,
data_len, base64_str_len);
- data_len = base64_str_len;
- data = base64_str;
+ if (!method_len) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Unknown cipher
algorithm);
+ RETURN_FALSE;
}
cipher_type = EVP_get_cipherbyname(method);
@@ -4703,6 +4702,12 @@
RETURN_FALSE;
}
+ if (!raw_input) {
+ base64_str = (char*)php_base64_decode((unsigned char*)data,
data_len, base64_str_len);
+ data_len = base64_str_len;
+ data = base64_str;
+ }
+
keylen = EVP_CIPHER_key_length(cipher_type);
if (keylen password_len) {
key = emalloc(keylen);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
bjori Sun Jun 1 18:25:29 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: MFB: fix arginfo http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.159r2=1.160diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.159 php-src/ext/openssl/openssl.c:1.160 --- php-src/ext/openssl/openssl.c:1.159 Sun Jun 1 18:21:05 2008 +++ php-src/ext/openssl/openssl.c Sun Jun 1 18:25:29 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.159 2008/06/01 18:21:05 bjori Exp $ */ +/* $Id: openssl.c,v 1.160 2008/06/01 18:25:29 bjori Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -288,7 +288,7 @@ static ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_private_encrypt, 0, 0, 3) ZEND_ARG_INFO(0, data) -ZEND_ARG_INFO(0, crypted) +ZEND_ARG_INFO(1, crypted) ZEND_ARG_INFO(0, key) ZEND_ARG_INFO(0, padding) ZEND_END_ARG_INFO() @@ -296,7 +296,7 @@ static ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_private_decrypt, 0, 0, 3) ZEND_ARG_INFO(0, data) -ZEND_ARG_INFO(0, crypted) +ZEND_ARG_INFO(1, crypted) ZEND_ARG_INFO(0, key) ZEND_ARG_INFO(0, padding) ZEND_END_ARG_INFO() @@ -304,7 +304,7 @@ static ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_public_encrypt, 0, 0, 3) ZEND_ARG_INFO(0, data) -ZEND_ARG_INFO(0, crypted) +ZEND_ARG_INFO(1, crypted) ZEND_ARG_INFO(0, key) ZEND_ARG_INFO(0, padding) ZEND_END_ARG_INFO() @@ -312,7 +312,7 @@ static ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_public_decrypt, 0, 0, 3) ZEND_ARG_INFO(0, data) -ZEND_ARG_INFO(0, crypted) +ZEND_ARG_INFO(1, crypted) ZEND_ARG_INFO(0, key) ZEND_ARG_INFO(0, padding) ZEND_END_ARG_INFO() -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
bjori Sun Jun 1 18:21:05 2008 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
MFB: Add arginfo fix protos
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.158r2=1.159diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.158 php-src/ext/openssl/openssl.c:1.159
--- php-src/ext/openssl/openssl.c:1.158 Sun May 4 21:16:22 2008
+++ php-src/ext/openssl/openssl.c Sun Jun 1 18:21:05 2008
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.158 2008/05/04 21:16:22 colder Exp $ */
+/* $Id: openssl.c,v 1.159 2008/06/01 18:21:05 bjori Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -58,13 +58,6 @@
#define DEBUG_SMIME0
-static
- ZEND_BEGIN_ARG_INFO(arg2and3_force_ref, 0)
- ZEND_ARG_PASS_INFO(0)
- ZEND_ARG_PASS_INFO(1)
- ZEND_ARG_PASS_INFO(1)
- ZEND_END_ARG_INFO();
-
/* FIXME: Use the openssl constants instead of
* enum. It is now impossible to match real values
* against php constants. Also sorry to break the
@@ -99,69 +92,369 @@
PHP_FUNCTION(openssl_dh_compute_key);
+/* {{{ arginfo */
+static
+ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_x509_export_to_file, 0, 0, 2)
+ZEND_ARG_INFO(0, x509)
+ZEND_ARG_INFO(0, outfilename)
+ZEND_ARG_INFO(0, notext)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_x509_export, 0, 0, 2)
+ZEND_ARG_INFO(0, x509)
+ZEND_ARG_INFO(1, out)
+ZEND_ARG_INFO(0, notext)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_x509_check_private_key, 0)
+ZEND_ARG_INFO(0, cert)
+ZEND_ARG_INFO(0, key)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_x509_parse, 0)
+ZEND_ARG_INFO(0, x509)
+ZEND_ARG_INFO(0, shortname)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_x509_checkpurpose, 0, 0, 3)
+ZEND_ARG_INFO(0, x509cert)
+ZEND_ARG_INFO(0, purpose)
+ZEND_ARG_INFO(0, cainfo) /* array */
+ZEND_ARG_INFO(0, untrustedfile)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_x509_read, 0)
+ZEND_ARG_INFO(0, cert)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_x509_free, 0)
+ZEND_ARG_INFO(0, x509)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkcs12_export_to_file, 0, 0, 4)
+ZEND_ARG_INFO(0, x509)
+ZEND_ARG_INFO(0, filename)
+ZEND_ARG_INFO(0, priv_key)
+ZEND_ARG_INFO(0, pass)
+ZEND_ARG_INFO(0, args) /* array */
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_pkcs12_export, 0)
+ZEND_ARG_INFO(0, x509)
+ZEND_ARG_INFO(1, out)
+ZEND_ARG_INFO(0, priv_key)
+ZEND_ARG_INFO(0, pass)
+ZEND_ARG_INFO(0, args) /* array */
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_pkcs12_read, 0)
+ZEND_ARG_INFO(0, PKCS12)
+ZEND_ARG_INFO(1, certs) /* array */
+ZEND_ARG_INFO(0, pass)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_csr_export_to_file, 0, 0, 2)
+ZEND_ARG_INFO(0, csr)
+ZEND_ARG_INFO(0, outfilename)
+ZEND_ARG_INFO(0, notext)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_csr_export, 0, 0, 2)
+ZEND_ARG_INFO(0, csr)
+ZEND_ARG_INFO(1, out)
+ZEND_ARG_INFO(0, notext)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_csr_sign, 0, 0, 4)
+ZEND_ARG_INFO(0, csr)
+ZEND_ARG_INFO(0, x509)
+ZEND_ARG_INFO(0, priv_key)
+ZEND_ARG_INFO(0, days)
+ZEND_ARG_INFO(0, config_args) /* array */
+ZEND_ARG_INFO(0, serial)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_csr_new, 0, 0, 2)
+ZEND_ARG_INFO(0, dn) /* array */
+ZEND_ARG_INFO(1, privkey)
+ZEND_ARG_INFO(0, configargs)
+ZEND_ARG_INFO(0, extraattribs)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_csr_get_subject, 0)
+ZEND_ARG_INFO(0, csr)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_csr_get_public_key, 0)
+ZEND_ARG_INFO(0, csr)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkey_new, 0, 0, 0)
+ZEND_ARG_INFO(0, configargs) /* array */
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkey_export_to_file, 0, 0, 2)
+ZEND_ARG_INFO(0, key)
+ZEND_ARG_INFO(0, outfilename)
+ZEND_ARG_INFO(0, passphrase)
+ZEND_ARG_INFO(0, config_args) /* array */
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkey_export, 0, 0, 2)
+ZEND_ARG_INFO(0, key)
+ZEND_ARG_INFO(1, out)
+ZEND_ARG_INFO(0, passphrase)
+ZEND_ARG_INFO(0, config_args) /* array */
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_pkey_get_public, 0)
+ZEND_ARG_INFO(0, cert)
+ZEND_END_ARG_INFO()
+
+static
+ZEND_BEGIN_ARG_INFO(arginfo_openssl_pkey_free, 0)
+ZEND_ARG_INFO(0, key)
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Wed Apr 2 14:35:17 2008 UTC Modified files: /php-src/ext/opensslopenssl.c Log: initialize variable http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.156r2=1.157diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.156 php-src/ext/openssl/openssl.c:1.157 --- php-src/ext/openssl/openssl.c:1.156 Thu Feb 28 14:16:13 2008 +++ php-src/ext/openssl/openssl.c Wed Apr 2 14:35:16 2008 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.156 2008/02/28 14:16:13 felipe Exp $ */ +/* $Id: openssl.c,v 1.157 2008/04/02 14:35:16 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -2051,7 +2051,7 @@ X509 * cert = NULL, *new_cert = NULL; X509_REQ * csr; EVP_PKEY * key = NULL, *priv_key = NULL; - long csr_resource, certresource, keyresource; + long csr_resource, certresource = 0, keyresource; int i; struct php_x509_request req; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
rrichards Tue Jan 15 15:12:12 2008 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
fix memleak in sign and verify functions
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.154r2=1.155diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.154 php-src/ext/openssl/openssl.c:1.155
--- php-src/ext/openssl/openssl.c:1.154 Wed Jan 9 16:46:52 2008
+++ php-src/ext/openssl/openssl.c Tue Jan 15 15:12:12 2008
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.154 2008/01/09 16:46:52 rrichards Exp $ */
+/* $Id: openssl.c,v 1.155 2008/01/15 15:12:12 rrichards Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -3754,6 +3754,7 @@
efree(sigbuf);
RETVAL_FALSE;
}
+ EVP_MD_CTX_cleanup(md_ctx);
if (keyresource == -1) {
EVP_PKEY_free(pkey);
}
@@ -3804,6 +3805,7 @@
EVP_VerifyInit (md_ctx, mdtype);
EVP_VerifyUpdate (md_ctx, data, data_len);
err = EVP_VerifyFinal (md_ctx, (unsigned char *)signature,
signature_len, pkey);
+ EVP_MD_CTX_cleanup(md_ctx);
if (keyresource == -1) {
EVP_PKEY_free(pkey);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
rrichards Wed Jan 9 16:46:52 2008 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
fix crash when using default algorithm
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.153r2=1.154diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.153 php-src/ext/openssl/openssl.c:1.154
--- php-src/ext/openssl/openssl.c:1.153 Mon Dec 31 07:12:12 2007
+++ php-src/ext/openssl/openssl.c Wed Jan 9 16:46:52 2008
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.153 2007/12/31 07:12:12 sebastian Exp $ */
+/* $Id: openssl.c,v 1.154 2008/01/09 16:46:52 rrichards Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -3725,7 +3725,7 @@
}
if (method == NULL || Z_TYPE_P(method) == IS_LONG) {
- if (Z_TYPE_P(method) == IS_LONG) {
+ if (method != NULL) {
signature_algo = Z_LVAL_P(method);
}
mdtype = php_openssl_get_evp_md_from_algo(signature_algo);
@@ -3780,7 +3780,7 @@
}
if (method == NULL || Z_TYPE_P(method) == IS_LONG) {
- if (Z_TYPE_P(method) == IS_LONG) {
+ if (method != NULL) {
signature_algo = Z_LVAL_P(method);
}
mdtype = php_openssl_get_evp_md_from_algo(signature_algo);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/openssl openssl.c
Hi!
Please see attached patch.
Cheers, Mattias.
On Wed, Aug 08, 2007 at 02:18:42AM +0400, Antony Dovgal wrote:
Two OpenSSL tests started to fail yesterday:
# cat ext/openssl/tests/004.diff
009+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed)
in /local/qa/5_2/ext/openssl/tests/004.php on line 7
009- Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min -
4 (failed) in %s on line %d
011+
012+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed)
in /local/qa/5_2/ext/openssl/tests/004.php on line 12
013+ bool(false)
011- resource(%d) of type (OpenSSL X.509 CSR)
# cat ext/openssl/tests/bug36732.diff
001+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed)
in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 16
002+
001- Ok
002- Ok
003+ Warning: openssl_csr_sign(): cannot get CSR from parameter 1 in
/local/qa/5_2/ext/openssl/tests/bug36732.php on line 17
004+
005+ Warning: openssl_csr_export() expects parameter 1 to be resource,
boolean given in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 20
006+
007+ Warning: openssl_x509_export(): cannot get cert from parameter 1 in
/local/qa/5_2/ext/openssl/tests/bug36732.php on line 25
On 06.08.2007 23:50, Pierre-Alain Joye wrote:
pajoye Mon Aug 6 19:50:16 2007 UTC
Modified files:
/php-src/ext/openssl openssl.c
Log:
- MFB: #4, forgot this one (thanks mattias)
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.147r2=1.148diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.147
php-src/ext/openssl/openssl.c:1.148
--- php-src/ext/openssl/openssl.c:1.147 Mon Aug 6 19:13:05 2007
+++ php-src/ext/openssl/openssl.cMon Aug 6 19:50:16 2007
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.147 2007/08/06 19:13:05 pajoye Exp $ */
+/* $Id: openssl.c,v 1.148 2007/08/06 19:50:16 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1818,9 +1818,10 @@
len = 200;
}
memcpy(buffer, type, len);
-buffer[len] = '\0';
+buffer[len - 1] = '\0';
+
type = buffer;
-
+
/* Skip past any leading X. X: X, etc to allow for
multiple
* instances */
for (str = type; *str; str++) {
--
Wbr,
Antony Dovgal
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Index: ext/openssl/openssl.c
===
RCS file: /repository/php-src/ext/openssl/openssl.c,v
retrieving revision 1.98.2.5.2.40
diff -u -a -r1.98.2.5.2.40 openssl.c
--- ext/openssl/openssl.c 6 Aug 2007 19:49:45 - 1.98.2.5.2.40
+++ ext/openssl/openssl.c 8 Aug 2007 06:19:40 -
@@ -1726,7 +1726,7 @@
/* Finally apply defaults from config file */
for(i = 0; i sk_CONF_VALUE_num(dn_sk); i++) {
int len;
- char buffer[200];
+ char buffer[200 + 1];
v = sk_CONF_VALUE_value(dn_sk, i);
type = v-name;
@@ -1743,7 +1743,7 @@
len = 200;
}
memcpy(buffer, type, len);
- buffer[len - 1] = '\0';
+ buffer[len] = '\0';
type = buffer;
/* Skip past any leading X. X: X, etc to allow for
multiple
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Wed Aug 8 06:30:56 2007 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- MFB: fix regressio introduced by #4
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.148r2=1.149diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.148 php-src/ext/openssl/openssl.c:1.149
--- php-src/ext/openssl/openssl.c:1.148 Mon Aug 6 19:50:16 2007
+++ php-src/ext/openssl/openssl.c Wed Aug 8 06:30:56 2007
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.148 2007/08/06 19:50:16 pajoye Exp $ */
+/* $Id: openssl.c,v 1.149 2007/08/08 06:30:56 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1801,7 +1801,7 @@
/* Finally apply defaults from config file */
for(i = 0; i sk_CONF_VALUE_num(dn_sk); i++) {
int len;
- char buffer[200];
+ char buffer[200 + 1]; /* 200 + \n !*/
v = sk_CONF_VALUE_value(dn_sk, i);
type = v-name;
@@ -1818,7 +1818,7 @@
len = 200;
}
memcpy(buffer, type, len);
- buffer[len - 1] = '\0';
+ buffer[len] = '\0';
type = buffer;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/openssl openssl.c
Hi Mattias,
Thanks for the patch (we came to the same conclusion yesterday :)
applied
On 8/8/07, Mattias Bengtsson [EMAIL PROTECTED] wrote:
Hi!
Please see attached patch.
Cheers, Mattias.
On Wed, Aug 08, 2007 at 02:18:42AM +0400, Antony Dovgal wrote:
Two OpenSSL tests started to fail yesterday:
# cat ext/openssl/tests/004.diff
009+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed)
in /local/qa/5_2/ext/openssl/tests/004.php on line 7
009- Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min -
4 (failed) in %s on line %d
011+
012+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed)
in /local/qa/5_2/ext/openssl/tests/004.php on line 12
013+ bool(false)
011- resource(%d) of type (OpenSSL X.509 CSR)
# cat ext/openssl/tests/bug36732.diff
001+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed)
in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 16
002+
001- Ok
002- Ok
003+ Warning: openssl_csr_sign(): cannot get CSR from parameter 1 in
/local/qa/5_2/ext/openssl/tests/bug36732.php on line 17
004+
005+ Warning: openssl_csr_export() expects parameter 1 to be resource,
boolean given in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 20
006+
007+ Warning: openssl_x509_export(): cannot get cert from parameter 1 in
/local/qa/5_2/ext/openssl/tests/bug36732.php on line 25
On 06.08.2007 23:50, Pierre-Alain Joye wrote:
pajoye Mon Aug 6 19:50:16 2007 UTC
Modified files:
/php-src/ext/openssl openssl.c
Log:
- MFB: #4, forgot this one (thanks mattias)
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.147r2=1.148diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.147
php-src/ext/openssl/openssl.c:1.148
--- php-src/ext/openssl/openssl.c:1.147 Mon Aug 6 19:13:05 2007
+++ php-src/ext/openssl/openssl.cMon Aug 6 19:50:16 2007
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.147 2007/08/06 19:13:05 pajoye Exp $ */
+/* $Id: openssl.c,v 1.148 2007/08/06 19:50:16 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1818,9 +1818,10 @@
len = 200;
}
memcpy(buffer, type, len);
-buffer[len] = '\0';
+buffer[len - 1] = '\0';
+
type = buffer;
-
+
/* Skip past any leading X. X: X, etc to allow for
multiple
* instances */
for (str = type; *str; str++) {
--
Wbr,
Antony Dovgal
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/openssl openssl.c
Two OpenSSL tests started to fail yesterday:
# cat ext/openssl/tests/004.diff
009+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in
/local/qa/5_2/ext/openssl/tests/004.php on line 7
009- Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min - 4
(failed) in %s on line %d
011+
012+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in
/local/qa/5_2/ext/openssl/tests/004.php on line 12
013+ bool(false)
011- resource(%d) of type (OpenSSL X.509 CSR)
# cat ext/openssl/tests/bug36732.diff
001+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in
/local/qa/5_2/ext/openssl/tests/bug36732.php on line 16
002+
001- Ok
002- Ok
003+ Warning: openssl_csr_sign(): cannot get CSR from parameter 1 in
/local/qa/5_2/ext/openssl/tests/bug36732.php on line 17
004+
005+ Warning: openssl_csr_export() expects parameter 1 to be resource, boolean
given in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 20
006+
007+ Warning: openssl_x509_export(): cannot get cert from parameter 1 in
/local/qa/5_2/ext/openssl/tests/bug36732.php on line 25
On 06.08.2007 23:50, Pierre-Alain Joye wrote:
pajoye Mon Aug 6 19:50:16 2007 UTC
Modified files:
/php-src/ext/openssl openssl.c
Log:
- MFB: #4, forgot this one (thanks mattias)
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.147r2=1.148diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.147 php-src/ext/openssl/openssl.c:1.148
--- php-src/ext/openssl/openssl.c:1.147 Mon Aug 6 19:13:05 2007
+++ php-src/ext/openssl/openssl.c Mon Aug 6 19:50:16 2007
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.147 2007/08/06 19:13:05 pajoye Exp $ */
+/* $Id: openssl.c,v 1.148 2007/08/06 19:50:16 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1818,9 +1818,10 @@
len = 200;
}
memcpy(buffer, type, len);
- buffer[len] = '\0';
+ buffer[len - 1] = '\0';
+
type = buffer;
-
+
/* Skip past any leading X. X: X, etc to allow for
multiple
* instances */
for (str = type; *str; str++) {
--
Wbr,
Antony Dovgal
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Mon Aug 6 19:13:05 2007 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- MFB: #4, truncate the _default to the buffer size (was 200 since day
#1, we don't need dynamic alloc here)
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.146r2=1.147diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.146 php-src/ext/openssl/openssl.c:1.147
--- php-src/ext/openssl/openssl.c:1.146 Mon Aug 6 08:43:43 2007
+++ php-src/ext/openssl/openssl.c Mon Aug 6 19:13:05 2007
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.146 2007/08/06 08:43:43 dmitry Exp $ */
+/* $Id: openssl.c,v 1.147 2007/08/06 19:13:05 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1814,7 +1814,9 @@
if (strcmp(_default, type + len) != 0) {
continue;
}
-
+ if (len 200) {
+ len = 200;
+ }
memcpy(buffer, type, len);
buffer[len] = '\0';
type = buffer;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Mon Aug 6 19:50:16 2007 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- MFB: #4, forgot this one (thanks mattias)
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.147r2=1.148diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.147 php-src/ext/openssl/openssl.c:1.148
--- php-src/ext/openssl/openssl.c:1.147 Mon Aug 6 19:13:05 2007
+++ php-src/ext/openssl/openssl.c Mon Aug 6 19:50:16 2007
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.147 2007/08/06 19:13:05 pajoye Exp $ */
+/* $Id: openssl.c,v 1.148 2007/08/06 19:50:16 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1818,9 +1818,10 @@
len = 200;
}
memcpy(buffer, type, len);
- buffer[len] = '\0';
+ buffer[len - 1] = '\0';
+
type = buffer;
-
+
/* Skip past any leading X. X: X, etc to allow for
multiple
* instances */
for (str = type; *str; str++) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 005.phpt bug28382.phpt
dmitry Wed Jul 11 12:10:28 2007 UTC
Modified files:
/php-src/ext/opensslopenssl.c
/php-src/ext/openssl/tests 005.phpt bug28382.phpt
Log:
Unicode support
improved openssl_x509_parse() extensions support
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.144r2=1.145diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.144 php-src/ext/openssl/openssl.c:1.145
--- php-src/ext/openssl/openssl.c:1.144 Wed Jul 11 07:35:53 2007
+++ php-src/ext/openssl/openssl.c Wed Jul 11 12:10:28 2007
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.144 2007/07/11 07:35:53 dmitry Exp $ */
+/* $Id: openssl.c,v 1.145 2007/07/11 12:10:28 dmitry Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -283,11 +283,11 @@
str = X509_NAME_ENTRY_get_data(ne);
if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING)
{
to_add_len =
ASN1_STRING_to_UTF8(to_add, str);
- add_next_index_stringl(subentries,
(char *)to_add, to_add_len, 1);
+ add_next_index_utf8_stringl(subentries,
(char *)to_add, to_add_len, 1);
} else {
to_add = ASN1_STRING_data(str);
to_add_len = ASN1_STRING_length(str);
- add_next_index_stringl(subentries,
(char *)to_add, to_add_len, 1);
+ add_next_index_utf8_stringl(subentries,
(char *)to_add, to_add_len, 1);
}
}
last = j;
@@ -295,24 +295,36 @@
i = last;
if (obj_cnt 1) {
- add_assoc_zval_ex(subitem, sname, strlen(sname) + 1,
subentries);
+ add_ascii_assoc_zval_ex(subitem, sname, strlen(sname) +
1, subentries);
} else {
zval_dtor(subentries);
FREE_ZVAL(subentries);
if (obj_cnt str) {
- add_assoc_stringl(subitem, sname, (char
*)to_add, to_add_len, 1);
+ add_ascii_assoc_utf8_stringl(subitem, sname,
(char *)to_add, to_add_len, 1);
}
}
}
if (key != NULL) {
- zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void
*)subitem, sizeof(subitem), NULL);
+ add_ascii_assoc_zval_ex(val, key, strlen(key) + 1, subitem);
}
}
/* }}} */
static void add_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str)
/* {{{ */
{
- add_assoc_stringl(val, key, (char *)str-data, str-length, 1);
+ unsigned char *data;
+ int data_len;
+ TSRMLS_FETCH();
+
+ if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) {
+ data = ASN1_STRING_data(str);
+ data_len = ASN1_STRING_length(str);
+ add_ascii_assoc_stringl(val, key, (char*)data, data_len, 1);
+ } else {
+ data = ASN1_STRING_data(str);
+ data_len = ASN1_STRING_length(str);
+ add_ascii_assoc_utf8_stringl(val, key, (char*)data, data_len,
1);
+ }
}
/* }}} */
@@ -443,13 +455,15 @@
req-config_filename, req-var, req-req_config
TSRMLS_CC) == FAILURE) return FAILURE
#define SET_OPTIONAL_STRING_ARG(key, varname, defval) \
- if (optional_args zend_hash_find(Z_ARRVAL_P(optional_args), key,
sizeof(key), (void**)item) == SUCCESS) \
+ if (optional_args zend_ascii_hash_find(Z_ARRVAL_P(optional_args),
key, sizeof(key), (void**)item) == SUCCESS) { \
+ convert_to_string_ex(item); \
varname = Z_STRVAL_PP(item); \
- else \
- varname = defval
+ } else \
+ varname = defval;
+
#define SET_OPTIONAL_LONG_ARG(key, varname, defval)\
- if (optional_args zend_hash_find(Z_ARRVAL_P(optional_args), key,
sizeof(key), (void**)item) == SUCCESS) \
+ if (optional_args zend_ascii_hash_find(Z_ARRVAL_P(optional_args),
key, sizeof(key), (void**)item) == SUCCESS) \
varname = Z_LVAL_PP(item); \
else \
varname = defval
@@ -985,8 +999,11 @@
char * tmpstr;
zval * subitem;
X509_EXTENSION *extension;
- ASN1_OCTET_STRING *extdata;
char *extname;
+ BIO *bio_out;
+ BUF_MEM *bio_buf;
+ char buf[256];
+
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z|b, zcert,
useshortnames) == FAILURE) {
return;
@@ -998,37 +1015,37 @@
array_init(return_value);
if (cert-name) {
-
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
dmitry Tue Jul 10 07:57:15 2007 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
Fixed bug #41353
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.141r2=1.142diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.141 php-src/ext/openssl/openssl.c:1.142
--- php-src/ext/openssl/openssl.c:1.141 Wed Jun 20 05:27:38 2007
+++ php-src/ext/openssl/openssl.c Tue Jul 10 07:57:15 2007
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.141 2007/06/20 05:27:38 pajoye Exp $ */
+/* $Id: openssl.c,v 1.142 2007/07/10 07:57:15 dmitry Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1559,7 +1559,7 @@
BIO * bio_in = NULL;
int i;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, szs, zp12,
zout, pass, pass_len) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, szs, zp12,
zp12_len, zout, pass, pass_len) == FAILURE) {
return;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Wed Jun 20 05:27:38 2007 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- MFB: Fixed a memory leak inside load_all_certs_file()
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.140r2=1.141diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.140 php-src/ext/openssl/openssl.c:1.141
--- php-src/ext/openssl/openssl.c:1.140 Mon May 28 23:33:13 2007
+++ php-src/ext/openssl/openssl.c Wed Jun 20 05:27:38 2007
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.140 2007/05/28 23:33:13 iliaa Exp $ */
+/* $Id: openssl.c,v 1.141 2007/06/20 05:27:38 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1095,17 +1095,20 @@
}
if (php_check_open_basedir(certfile TSRMLS_CC)) {
+ sk_X509_free(stack);
goto end;
}
if(!(in=BIO_new_file(certfile, r))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, error opening the
file, %s, certfile);
+ sk_X509_free(stack);
goto end;
}
/* This loads from a file, a stack of x509/crl/pkey sets */
if(!(sk=PEM_X509_INFO_read_bio(in, NULL, NULL, NULL))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, error reading the
file, %s, certfile);
+ sk_X509_free(stack);
goto end;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Mon May 28 13:53:54 2007 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- MFB: enable DSA key if HAVE_DSA_DEFAULT_METHOD is set
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.138r2=1.139diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.138 php-src/ext/openssl/openssl.c:1.139
--- php-src/ext/openssl/openssl.c:1.138 Sat May 19 22:04:27 2007
+++ php-src/ext/openssl/openssl.c Mon May 28 13:53:54 2007
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.138 2007/05/19 22:04:27 pajoye Exp $ */
+/* $Id: openssl.c,v 1.139 2007/05/28 13:53:54 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -2399,7 +2399,7 @@
return_val = req-priv_key;
}
break;
-#ifndef NO_DSA
+#if !defined(NO_DSA) defined(HAVE_DSA_DEFAULT_METHOD)
case OPENSSL_KEYTYPE_DSA:
{
DSA *dsapar =
DSA_generate_parameters(req-priv_key_bits, NULL, 0, NULL, NULL, NULL, NULL);
@@ -3278,7 +3278,7 @@
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
cryptedlen = RSA_private_decrypt(data_len,
- (char *)data,
+ (unsigned char *)data,
crypttemp,
pkey-pkey.rsa,
padding);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Sat May 19 22:04:28 2007 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- #41423, PHP assumes wrongly that certain ciphers are enabled in OpenSSL
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.137r2=1.138diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.137 php-src/ext/openssl/openssl.c:1.138
--- php-src/ext/openssl/openssl.c:1.137 Thu Apr 5 18:09:48 2007
+++ php-src/ext/openssl/openssl.c Sat May 19 22:04:27 2007
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.137 2007/04/05 18:09:48 rrichards Exp $ */
+/* $Id: openssl.c,v 1.138 2007/05/19 22:04:27 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -693,11 +693,15 @@
REGISTER_LONG_CONSTANT(OPENSSL_PKCS1_OAEP_PADDING,
RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
/* Ciphers */
+#ifndef OPENSSL_NO_RC2
REGISTER_LONG_CONSTANT(OPENSSL_CIPHER_RC2_40,
PHP_OPENSSL_CIPHER_RC2_40, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT(OPENSSL_CIPHER_RC2_128,
PHP_OPENSSL_CIPHER_RC2_128, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT(OPENSSL_CIPHER_RC2_64,
PHP_OPENSSL_CIPHER_RC2_64, CONST_CS|CONST_PERSISTENT);
+#endif
+#ifndef OPENSSL_NO_DES
REGISTER_LONG_CONSTANT(OPENSSL_CIPHER_DES, PHP_OPENSSL_CIPHER_DES,
CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT(OPENSSL_CIPHER_3DES, PHP_OPENSSL_CIPHER_3DES,
CONST_CS|CONST_PERSISTENT);
+#endif
/* Values for key types */
REGISTER_LONG_CONSTANT(OPENSSL_KEYTYPE_RSA, OPENSSL_KEYTYPE_RSA,
CONST_CS|CONST_PERSISTENT);
@@ -2930,6 +2934,7 @@
/* sanity check the cipher */
switch (cipherid) {
+#ifndef OPENSSL_NO_RC2
case PHP_OPENSSL_CIPHER_RC2_40:
cipher = EVP_rc2_40_cbc();
break;
@@ -2939,12 +2944,17 @@
case PHP_OPENSSL_CIPHER_RC2_128:
cipher = EVP_rc2_cbc();
break;
+#endif
+
+#ifndef OPENSSL_NO_DES
case PHP_OPENSSL_CIPHER_DES:
cipher = EVP_des_cbc();
break;
case PHP_OPENSSL_CIPHER_3DES:
cipher = EVP_des_ede3_cbc();
break;
+#endif
+
default:
php_error_docref(NULL TSRMLS_CC, E_WARNING, Invalid
cipher type `%ld', cipherid);
goto clean_exit;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c php_openssl.h /ext/openssl/tests 005.phpt
tony2001Thu Apr 5 07:24:21 2007 UTC
Modified files:
/php-src/ext/opensslopenssl.c php_openssl.h
/php-src/ext/openssl/tests 005.phpt
Log:
fix build test
improve coding style
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.135r2=1.136diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.135 php-src/ext/openssl/openssl.c:1.136
--- php-src/ext/openssl/openssl.c:1.135 Wed Apr 4 21:39:01 2007
+++ php-src/ext/openssl/openssl.c Thu Apr 5 07:24:21 2007
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.135 2007/04/04 21:39:01 pajoye Exp $ */
+/* $Id: openssl.c,v 1.136 2007/04/05 07:24:21 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -44,6 +44,7 @@
#include openssl/conf.h
#include openssl/rand.h
#include openssl/ssl.h
+#include openssl/pkcs12.h
#define DEFAULT_KEY_LENGTH 512
#define MIN_KEY_LENGTH 384
@@ -1308,7 +1309,7 @@
/* {{{ x509 CSR functions */
-static void php_sk_X509_free(STACK_OF(X509) * sk)
+static void php_sk_X509_free(STACK_OF(X509) * sk) /* {{{ */
{
for (;;) {
X509* x = sk_X509_pop(sk);
@@ -1317,8 +1318,9 @@
}
sk_X509_free(sk);
}
+/* }}} */
-static STACK_OF(X509) * php_array_to_X509_sk(zval ** zcerts)
+static STACK_OF(X509) * php_array_to_X509_sk(zval ** zcerts TSRMLS_DC) /* {{{
*/
{
HashPosition hpos;
zval ** zcertval;
@@ -1370,6 +1372,7 @@
clean_exit:
return sk;
}
+/* }}} */
/* {{{ proto bool openssl_pkcs12_export_to_file(mixed x509, string filename,
mixed priv_key, string pass[, array args])
Creates and exports a PKCS to file */
@@ -1389,8 +1392,9 @@
zval ** item;
STACK_OF(X509) *ca = NULL;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zszs|a, zcert,
filename, filename_len, zpkey, pass, pass_len, args) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zszs|a, zcert,
filename, filename_len, zpkey, pass, pass_len, args) == FAILURE) {
return;
+ }
RETVAL_FALSE;
@@ -1408,21 +1412,23 @@
php_error_docref(NULL TSRMLS_CC, E_WARNING, private key does
not correspond to cert);
goto cleanup;
}
- if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ if (php_check_open_basedir(filename TSRMLS_CC)) {
goto cleanup;
}
/* parse extra config from args array, promote this to an extra
function */
- if (args zend_hash_find(Z_ARRVAL_P(args), friendly_name,
sizeof(friendly_name), (void**)item) == SUCCESS)
+ if (args zend_hash_find(Z_ARRVAL_P(args), friendly_name,
sizeof(friendly_name), (void**)item) == SUCCESS) {
friendly_name = Z_STRVAL_PP(item);
+ }
/*
certpbe (default RC2-40)
keypbe (default 3DES)
friendly_caname
*/
- if (args zend_hash_find(Z_ARRVAL_P(args), extracerts,
sizeof(extracerts), (void**)item) == SUCCESS)
- ca = php_array_to_X509_sk(item);
+ if (args zend_hash_find(Z_ARRVAL_P(args), extracerts,
sizeof(extracerts), (void**)item) == SUCCESS) {
+ ca = php_array_to_X509_sk(item TSRMLS_CC);
+ }
/* end parse extra config */
/*
@@ -1473,8 +1479,9 @@
zval ** item;
STACK_OF(X509) *ca = NULL;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zzzs|a, zcert,
zout, zpkey, pass, pass_len, args) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zzzs|a, zcert,
zout, zpkey, pass, pass_len, args) == FAILURE) {
return;
+ }
RETVAL_FALSE;
@@ -1494,11 +1501,13 @@
}
/* parse extra config from args array, promote this to an extra
function */
- if (args zend_hash_find(Z_ARRVAL_P(args), friendly_name,
sizeof(friendly_name), (void**)item) == SUCCESS)
+ if (args zend_hash_find(Z_ARRVAL_P(args), friendly_name,
sizeof(friendly_name), (void**)item) == SUCCESS) {
friendly_name = Z_STRVAL_PP(item);
+ }
- if (args zend_hash_find(Z_ARRVAL_P(args), extracerts,
sizeof(extracerts), (void**)item) == SUCCESS)
- ca = php_array_to_X509_sk(item);
+ if (args zend_hash_find(Z_ARRVAL_P(args), extracerts,
sizeof(extracerts), (void**)item) == SUCCESS) {
+ ca = php_array_to_X509_sk(item TSRMLS_CC);
+ }
/* end parse extra config */
p12 = PKCS12_create(pass, friendly_name, priv_key, cert, ca, 0, 0, 0,
0, 0);
@@ -1543,8 +1552,9 @@
BIO * bio_in = NULL;
int i;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zzs, zp12,
zout, pass, pass_len) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zzs, zp12,
zout, pass, pass_len) ==
RE: [PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 005.phpt 005_crt.txt
1) HEAD is broken. 2) PHP_5_2 ZTS build is broken too. 3) ext/openssl/test/stests/005.phpt is broken. Dmitry. -Original Message- From: Pierre-Alain Joye [mailto:[EMAIL PROTECTED] Sent: Thursday, April 05, 2007 1:39 AM To: php-cvs@lists.php.net Subject: [PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 005.phpt 005_crt.txt pajoyeWed Apr 4 21:39:01 2007 UTC Added files: /php-src/ext/openssl/tests005_crt.txt Modified files: /php-src/ext/openssl openssl.c /php-src/ext/openssl/tests005.phpt Log: - MFB: - implement #39867, PKCS#12 support - Fix possible multibyte issues issue in the add_assoc function - add test for openssl_csr_get_subject -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
rrichards Thu Apr 5 18:09:48 2007 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
fix win32 build
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.136r2=1.137diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.136 php-src/ext/openssl/openssl.c:1.137
--- php-src/ext/openssl/openssl.c:1.136 Thu Apr 5 07:24:21 2007
+++ php-src/ext/openssl/openssl.c Thu Apr 5 18:09:48 2007
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.136 2007/04/05 07:24:21 tony2001 Exp $ */
+/* $Id: openssl.c,v 1.137 2007/04/05 18:09:48 rrichards Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1565,11 +1565,10 @@
if(d2i_PKCS12_bio(bio_in, p12)) {
if(PKCS12_parse(p12, pass, pkey, cert, ca)) {
+ BIO * bio_out;
zval_dtor(zout);
array_init(zout);
-
- BIO * bio_out;
bio_out = BIO_new(BIO_s_mem());
if (PEM_write_bio_X509(bio_out, cert)) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 005.phpt bug38261.phpt
rrichards Fri Jan 19 19:23:20 2007 UTC
Added files:
/php-src/ext/openssl/tests 005.phpt
Modified files:
/php-src/ext/opensslopenssl.c
/php-src/ext/openssl/tests bug38261.phpt
Log:
fix accessing public key from x509 resource
add test
fix test under win32
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.132r2=1.133diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.132 php-src/ext/openssl/openssl.c:1.133
--- php-src/ext/openssl/openssl.c:1.132 Mon Jan 1 09:29:26 2007
+++ php-src/ext/openssl/openssl.c Fri Jan 19 19:23:20 2007
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.132 2007/01/01 09:29:26 sebastian Exp $ */
+/* $Id: openssl.c,v 1.133 2007/01/19 19:23:20 rrichards Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1945,11 +1945,10 @@
/* got the key - return it */
return (EVP_PKEY*)what;
}
+ } else {
+ /* other types could be used here - eg: file pointers
and read in the data from them */
+ TMP_CLEAN;
}
-
- /* other types could be used here - eg: file pointers and read
in the data from them */
-
- TMP_CLEAN;
} else {
/* force it to be a string and check if it refers to a file */
/* passing non string values leaks, object uses toString, it
returns NULL
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug38261.phpt?r1=1.2r2=1.3diff_format=u
Index: php-src/ext/openssl/tests/bug38261.phpt
diff -u php-src/ext/openssl/tests/bug38261.phpt:1.2
php-src/ext/openssl/tests/bug38261.phpt:1.3
--- php-src/ext/openssl/tests/bug38261.phpt:1.2 Sun Jul 30 16:27:02 2006
+++ php-src/ext/openssl/tests/bug38261.phpt Fri Jan 19 19:23:20 2007
@@ -27,8 +27,8 @@
bool(false)
bool(false)
-Warning: openssl_x509_parse() expects at least 1 parameter, 0 given in
%s/bug38261.php on line %d
+Warning: openssl_x509_parse() expects at least 1 parameter, 0 given in
%sbug38261.php on line %d
NULL
bool(false)
-Catchable fatal error: Object of class stdClass could not be converted to
string in %s/bug38261.php on line %d
+Catchable fatal error: Object of class stdClass could not be converted to
string in %sbug38261.php on line %d
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/005.phpt?view=markuprev=1.1
Index: php-src/ext/openssl/tests/005.phpt
+++ php-src/ext/openssl/tests/005.phpt
--TEST--
openSSL: read public key from x.509 resource
--SKIPIF--
?php
if (!extension_loaded(openssl)) die(skip);
?
--FILE--
?php
$dir = dirname(__FILE__);
$file_pub = $dir . '/bug37820cert.pem';
$file_key = $dir . '/bug37820key.pem';
$priv_key = file_get_contents($file_key);
$priv_key_id = openssl_get_privatekey($priv_key);
$x509 = openssl_x509_read(file_get_contents($file_pub));
$pub_key_id = openssl_get_publickey($x509);
$data = some custom data;
if (!openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_MD5)) {
echo openssl_sign failed.;
}
$ok = openssl_verify($data, $signature, $pub_key_id, OPENSSL_ALGO_MD5);
if ($ok == 1) {
echo Ok;
} elseif ($ok == 0) {
echo openssl_verify failed.;
}
?
--EXPECTF--
Ok
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Fri Oct 20 23:21:06 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
fix #39217 (serialNumber is might be -1 when the value is too big)
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.128r2=1.129diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.128 php-src/ext/openssl/openssl.c:1.129
--- php-src/ext/openssl/openssl.c:1.128 Sun Oct 15 21:10:09 2006
+++ php-src/ext/openssl/openssl.c Fri Oct 20 23:21:06 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.128 2006/10/15 21:10:09 tony2001 Exp $ */
+/* $Id: openssl.c,v 1.129 2006/10/20 23:21:06 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -367,6 +367,40 @@
}
/* }}} */
+static void php_asn1_integer_to_string(ASN1_INTEGER *a, char **str, int
*str_len TSRMLS_DC) /* {{{ */
+{
+ int i;
+ static const char *h=0123456789ABCDEF;
+ zend_bool negative = 0;
+
+ *str = NULL;
+ *str_len = 0;
+
+ if (a == NULL) {
+ return;
+ }
+
+ if (a-type V_ASN1_NEG) {
+ negative = 1;
+ }
+
+ if (a-length == 0) {
+ *str_len = spprintf(str, 0, %s00, negative ? - : );
+ } else {
+ *str_len = a-length*2 + negative;
+ *str = emalloc(*str_len + 1);
+ if (negative) {
+ (*str)[0] = '-';
+ }
+ for (i=0; ia-length; i++) {
+ (*str)[i*2 + negative]=h[((unsigned
char)a-data[i]4)0x0f];
+ (*str)[i*2 + negative + 1]=h[((unsigned
char)a-data[i])0x0f];
+ }
+ (*str)[a-length*2 + negative] = '\0';
+ }
+}
+/* }}} */
+
static inline int php_openssl_config_check_syntax(
const char * section_label,
const char * config_filename,
@@ -964,6 +998,8 @@
X509_EXTENSION *extension;
ASN1_OCTET_STRING *extdata;
char *extname;
+ char *serial;
+ int serial_len;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z|b, zcert,
useshortnames) == FAILURE) {
return;
@@ -989,7 +1025,9 @@
add_assoc_name_entry(return_value, issuer,
X509_get_issuer_name(cert), useshortnames TSRMLS_CC);
add_assoc_long(return_value, version,
X509_get_version(cert));
- add_assoc_long(return_value, serialNumber,
ASN1_INTEGER_get(X509_get_serialNumber(cert)));
+
+ php_asn1_integer_to_string(X509_get_serialNumber(cert), serial,
serial_len TSRMLS_CC);
+ add_assoc_stringl(return_value, serialNumber, serial, serial_len, 0);
add_assoc_asn1_string(return_value, validFrom,
X509_get_notBefore(cert));
add_assoc_asn1_string(return_value, validTo,
X509_get_notAfter(cert));
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug39217.phpt bug39217cert1.txt bug39217cert2.txt
pajoye Sat Oct 21 00:28:55 2006 UTC
Added files:
/php-src/ext/openssl/tests bug39217.phpt bug39217cert1.txt
bug39217cert2.txt
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- #39217, use openssl i2s_ASN1_INTEGER to get a string representation of
the integer (large or not). It also keeps BC by using only decimal fmt
- add test
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.129r2=1.130diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.129 php-src/ext/openssl/openssl.c:1.130
--- php-src/ext/openssl/openssl.c:1.129 Fri Oct 20 23:21:06 2006
+++ php-src/ext/openssl/openssl.c Sat Oct 21 00:28:55 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.129 2006/10/20 23:21:06 tony2001 Exp $ */
+/* $Id: openssl.c,v 1.130 2006/10/21 00:28:55 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -367,40 +367,6 @@
}
/* }}} */
-static void php_asn1_integer_to_string(ASN1_INTEGER *a, char **str, int
*str_len TSRMLS_DC) /* {{{ */
-{
- int i;
- static const char *h=0123456789ABCDEF;
- zend_bool negative = 0;
-
- *str = NULL;
- *str_len = 0;
-
- if (a == NULL) {
- return;
- }
-
- if (a-type V_ASN1_NEG) {
- negative = 1;
- }
-
- if (a-length == 0) {
- *str_len = spprintf(str, 0, %s00, negative ? - : );
- } else {
- *str_len = a-length*2 + negative;
- *str = emalloc(*str_len + 1);
- if (negative) {
- (*str)[0] = '-';
- }
- for (i=0; ia-length; i++) {
- (*str)[i*2 + negative]=h[((unsigned
char)a-data[i]4)0x0f];
- (*str)[i*2 + negative + 1]=h[((unsigned
char)a-data[i])0x0f];
- }
- (*str)[a-length*2 + negative] = '\0';
- }
-}
-/* }}} */
-
static inline int php_openssl_config_check_syntax(
const char * section_label,
const char * config_filename,
@@ -998,8 +964,6 @@
X509_EXTENSION *extension;
ASN1_OCTET_STRING *extdata;
char *extname;
- char *serial;
- int serial_len;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z|b, zcert,
useshortnames) == FAILURE) {
return;
@@ -1026,8 +990,7 @@
add_assoc_name_entry(return_value, issuer,
X509_get_issuer_name(cert), useshortnames TSRMLS_CC);
add_assoc_long(return_value, version,
X509_get_version(cert));
- php_asn1_integer_to_string(X509_get_serialNumber(cert), serial,
serial_len TSRMLS_CC);
- add_assoc_stringl(return_value, serialNumber, serial, serial_len, 0);
+ add_assoc_string(return_value, serialNumber, i2s_ASN1_INTEGER(NULL,
X509_get_serialNumber(cert)), 1);
add_assoc_asn1_string(return_value, validFrom,
X509_get_notBefore(cert));
add_assoc_asn1_string(return_value, validTo,
X509_get_notAfter(cert));
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug39217.phpt?view=markuprev=1.1
Index: php-src/ext/openssl/tests/bug39217.phpt
+++ php-src/ext/openssl/tests/bug39217.phpt
--TEST--
#39217, Large serial number return -1
--SKIPIF--
?php
if (!extension_loaded(openssl)) die(skip);
?
--FILE--
?php
$dir = dirname(__FILE__);
$certs = array('bug39217cert2.txt', 'bug39217cert1.txt');
foreach($certs as $cert) {
$res = openssl_x509_parse(file_get_contents($dir . '/' . $cert));
print_r($res['serialNumber']);
echo \n;
}
?
--EXPECTF--
163040343498260435477161879008842183802
15
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug39217cert1.txt?view=markuprev=1.1
Index: php-src/ext/openssl/tests/bug39217cert1.txt
+++ php-src/ext/openssl/tests/bug39217cert1.txt
-BEGIN CERTIFICATE-
MIICvzCCAiigAwIBAgIBDzANBgkqhkiG9w0BAQUFADBbMRkwFwYDVQQKExBET0Ug
U2NpZW5jZSBHcmlkMSAwHgYDVQQLExdDZXJ0aWZpY2F0ZSBBdXRob3JpdGllczEc
MBoGA1UEAxMTQ2VydGlmaWNhdGUgTWFuYWdlcjAeFw0wMDA4MjkyMjI4MDJaFw0w
MTA4MjkyMjI4MDJaMHgxDTALBgNVBAoTBEdyaWQxLjAsBgNVBAoTJUxhd3JlbmNl
IEJlcmtlbGV5IE5hdGlvbmFsIExhYm9yYXRvcnkxIDAeBgNVBAsTF0NlcnRpZmlj
YXRlIEF1dGhvcml0aWVzMRUwEwYDVQQDEwxMQk5MLUdyaWQtQ0EwgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBAL2t4aX933WXYlofuY+L+16Tdl/KxpAammyfcW8u
kHHT6RYDjaQdfV1FpNEqfSrRjKNwGGGkrG4XHZWiUO0Di0AlBN04lsRY6jB68l6B
5byujfZv+8EeCI2c1ObBLYZYi4lToJf0sm0Hpn3GD7PZBv6BVHLOuwEFDl9z9Dnc
DFDdAgMBAAGjdjB0MBEGCWCGSAGG+EIBAQQEAwIAhzAOBgNVHQ8BAf8EBAMCAcYw
HQYDVR0OBBYEFIn+csPVyp+iprpYUIu1SziMQiDxMA8GA1UdEwEB/wQFMAMBAf8w
HwYDVR0jBBgwFoAUm85P8ry9WHAx1fIyDn6eveJRFOcwDQYJKoZIhvcNAQEFBQAD
gYEAHindWQ4P4VUmJVt5sUGA05hSAZriDJDDnkvkm/9AR7xgGxtsy21QruhUVe2E
eVFBws85zbwRqMpfUQyE/xHhUcka2GQTaKlBlcEjZTMnsh27Si2PMYU/UPr/PIpq
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Sat Oct 21 00:42:59 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- add signature_algo to the function signature
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.130r2=1.131diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.130 php-src/ext/openssl/openssl.c:1.131
--- php-src/ext/openssl/openssl.c:1.130 Sat Oct 21 00:28:55 2006
+++ php-src/ext/openssl/openssl.c Sat Oct 21 00:42:59 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.130 2006/10/21 00:28:55 pajoye Exp $ */
+/* $Id: openssl.c,v 1.131 2006/10/21 00:42:59 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -3146,7 +3146,7 @@
}
/* }}} */
-/* {{{ proto int openssl_verify(string data, string signature, mixed key)
+/* {{{ proto int openssl_verify(string data, string signature, mixed key [,
int signature_algo])
Verifys data */
PHP_FUNCTION(openssl_verify)
{
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Sun Oct 15 21:10:10 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
fix compile warning
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.127r2=1.128diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.127 php-src/ext/openssl/openssl.c:1.128
--- php-src/ext/openssl/openssl.c:1.127 Mon Oct 9 14:43:52 2006
+++ php-src/ext/openssl/openssl.c Sun Oct 15 21:10:09 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.127 2006/10/09 14:43:52 bjori Exp $ */
+/* $Id: openssl.c,v 1.128 2006/10/15 21:10:09 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1045,7 +1045,7 @@
for (i = 0; i X509_get_ext_count(cert); i++) {
extension = X509_get_ext(cert, i);
extdata = X509_EXTENSION_get_data(extension);
- extname =
OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
+ extname = (char
*)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
add_assoc_asn1_string(subitem, extname, extdata);
}
add_assoc_zval(return_value, extensions, subitem);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c php_openssl.h
bjori Mon Oct 9 14:43:52 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c php_openssl.h
Log:
MFB5.2
Constants:
- OPENSSL_VERSION_TEXT
- OPENSSL_VERSION_NUMBER
- OPENSSL_KEYTYPE_EC
Functions:
- openssl_pkey_get_details()
- openssl_csr_get_subject()
- openssl_csr_get_public_key
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.126r2=1.127diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.126 php-src/ext/openssl/openssl.c:1.127
--- php-src/ext/openssl/openssl.c:1.126 Mon Oct 9 00:06:40 2006
+++ php-src/ext/openssl/openssl.c Mon Oct 9 14:43:52 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.126 2006/10/09 00:06:40 pajoye Exp $ */
+/* $Id: openssl.c,v 1.127 2006/10/09 14:43:52 bjori Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -60,11 +60,19 @@
ZEND_ARG_PASS_INFO(1)
ZEND_END_ARG_INFO();
+/* FIXME: Use the openssl constants instead of
+ * enum. It is now impossible to match real values
+ * against php constants. Also sorry to break the
+ * enum principles here, BC...
+ */
enum php_openssl_key_type {
OPENSSL_KEYTYPE_RSA,
OPENSSL_KEYTYPE_DSA,
OPENSSL_KEYTYPE_DH,
- OPENSSL_KEYTYPE_DEFAULT = OPENSSL_KEYTYPE_RSA
+ OPENSSL_KEYTYPE_DEFAULT = OPENSSL_KEYTYPE_RSA,
+#ifdef EVP_PKEY_EC
+ OPENSSL_KEYTYPE_EC = OPENSSL_KEYTYPE_DH +1
+#endif
};
enum php_openssl_cipher_type {
@@ -87,6 +95,7 @@
PHP_FE(openssl_pkey_export_to_file, NULL)
PHP_FE(openssl_pkey_get_private,NULL)
PHP_FE(openssl_pkey_get_public, NULL)
+ PHP_FE(openssl_pkey_get_details,NULL)
PHP_FALIAS(openssl_free_key,openssl_pkey_free,
NULL)
PHP_FALIAS(openssl_get_privatekey, openssl_pkey_get_private,
NULL)
@@ -106,6 +115,8 @@
PHP_FE(openssl_csr_export, second_arg_force_ref)
PHP_FE(openssl_csr_export_to_file, NULL)
PHP_FE(openssl_csr_sign,NULL)
+ PHP_FE(openssl_csr_get_subject, NULL)
+ PHP_FE(openssl_csr_get_public_key, NULL)
PHP_FE(openssl_sign,second_arg_force_ref)
PHP_FE(openssl_verify, NULL)
@@ -227,9 +238,13 @@
ASN1_STRING * str = NULL;
ASN1_OBJECT * obj;
- MAKE_STD_ZVAL(subitem);
- array_init(subitem);
-
+ if (key != NULL) {
+ MAKE_STD_ZVAL(subitem);
+ array_init(subitem);
+ } else {
+ subitem = val;
+ }
+
for (i = 0; i X509_NAME_entry_count(name); i++) {
ne = X509_NAME_get_entry(name, i);
obj = X509_NAME_ENTRY_get_object(ne);
@@ -270,7 +285,9 @@
}
}
}
- zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void *)subitem,
sizeof(subitem), NULL);
+ if (key != NULL) {
+ zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void
*)subitem, sizeof(subitem), NULL);
+ }
}
/* }}} */
@@ -620,6 +637,9 @@
* openSSL callbacks */
ssl_stream_data_index = SSL_get_ex_new_index(0, PHP stream index,
NULL, NULL, NULL);
+ REGISTER_STRING_CONSTANT(OPENSSL_VERSION_TEXT, OPENSSL_VERSION_TEXT,
CONST_CS|CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT(OPENSSL_VERSION_NUMBER,
OPENSSL_VERSION_NUMBER, CONST_CS|CONST_PERSISTENT);
+
/* purposes for cert purpose checking */
REGISTER_LONG_CONSTANT(X509_PURPOSE_SSL_CLIENT,
X509_PURPOSE_SSL_CLIENT, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT(X509_PURPOSE_SSL_SERVER,
X509_PURPOSE_SSL_SERVER, CONST_CS|CONST_PERSISTENT);
@@ -666,6 +686,9 @@
REGISTER_LONG_CONSTANT(OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DSA,
CONST_CS|CONST_PERSISTENT);
#endif
REGISTER_LONG_CONSTANT(OPENSSL_KEYTYPE_DH, OPENSSL_KEYTYPE_DH,
CONST_CS|CONST_PERSISTENT);
+#ifdef EVP_PKEY_EC
+ REGISTER_LONG_CONSTANT(OPENSSL_KEYTYPE_EC, OPENSSL_KEYTYPE_EC,
CONST_CS|CONST_PERSISTENT);
+#endif
/* Determine default SSL configuration file */
config_filename = getenv(OPENSSL_CONF);
@@ -1507,8 +1530,6 @@
}
/* }}} */
-
-
/* {{{ proto bool openssl_csr_export(resource csr, string out [, bool
notext=true])
Exports a CSR to file or a var */
PHP_FUNCTION(openssl_csr_export)
@@ -1770,6 +1791,61 @@
}
/* }}} */
+/* {{{ proto mixed openssl_csr_get_subject(mixed csr)
+ Returns the subject of a CERT or FALSE on error */
+PHP_FUNCTION(openssl_csr_get_subject)
+{
+ zval * zcsr;
+ zend_bool use_shortnames = 1;
+ long csr_resource;
+ X509_NAME * subject;
+ X509_REQ * csr;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, z|b, zcsr,
use_shortnames) ==
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Mon Oct 9 00:06:40 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- MFB: fix possible segfault (see test 004) always exists and returns NULL
on error (thx Bjori for the head up)
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.125r2=1.126diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.125 php-src/ext/openssl/openssl.c:1.126
--- php-src/ext/openssl/openssl.c:1.125 Sun Oct 8 13:34:23 2006
+++ php-src/ext/openssl/openssl.c Mon Oct 9 00:06:40 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.125 2006/10/08 13:34:23 bjori Exp $ */
+/* $Id: openssl.c,v 1.126 2006/10/09 00:06:40 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1801,8 +1801,8 @@
#define TMP_CLEAN \
if (Z_TYPE(tmp) == IS_STRING) {\
zval_dtor(tmp); \
- return NULL; \
- }
+ } \
+ return NULL;
if (resourceval) {
*resourceval = -1;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
nlopess Sat Sep 16 12:05:42 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
MFB
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.123r2=1.124diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.123 php-src/ext/openssl/openssl.c:1.124
--- php-src/ext/openssl/openssl.c:1.123 Tue Sep 12 10:53:50 2006
+++ php-src/ext/openssl/openssl.c Sat Sep 16 12:05:42 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.123 2006/09/12 10:53:50 tony2001 Exp $ */
+/* $Id: openssl.c,v 1.124 2006/09/16 12:05:42 nlopess Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1022,7 +1022,7 @@
for (i = 0; i X509_get_ext_count(cert); i++) {
extension = X509_get_ext(cert, i);
extdata = X509_EXTENSION_get_data(extension);
- extname =
strdup(OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension;
+ extname =
OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
add_assoc_asn1_string(subitem, extname, extdata);
}
add_assoc_zval(return_value, extensions, subitem);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Tue Sep 12 10:53:51 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
remove a leftover
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.122r2=1.123diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.122 php-src/ext/openssl/openssl.c:1.123
--- php-src/ext/openssl/openssl.c:1.122 Fri Sep 8 20:09:07 2006
+++ php-src/ext/openssl/openssl.c Tue Sep 12 10:53:50 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.122 2006/09/08 20:09:07 tony2001 Exp $ */
+/* $Id: openssl.c,v 1.123 2006/09/12 10:53:50 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1816,7 +1816,7 @@
php_error_docref(NULL TSRMLS_CC, E_WARNING, key array
must be of the form array(0 = key, 1 = phrase));
TMP_CLEAN;
}
- //convert_to_string_ex(zphrase);
+
if (Z_TYPE_PP(zphrase) == IS_STRING) {
passphrase = Z_STRVAL_PP(zphrase);
} else {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Fri Sep 8 20:09:08 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
implement feature request #38731 (openssl_pkey_new does not support DSA key
generation)
patch by marci at balabit dot hu
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.121r2=1.122diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.121 php-src/ext/openssl/openssl.c:1.122
--- php-src/ext/openssl/openssl.c:1.121 Thu Sep 7 14:16:53 2006
+++ php-src/ext/openssl/openssl.c Fri Sep 8 20:09:07 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.121 2006/09/07 14:16:53 iliaa Exp $ */
+/* $Id: openssl.c,v 1.122 2006/09/08 20:09:07 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1963,9 +1963,27 @@
if ((req-priv_key = EVP_PKEY_new()) != NULL) {
switch(req-priv_key_type) {
case OPENSSL_KEYTYPE_RSA:
- if (EVP_PKEY_assign_RSA(req-priv_key,
RSA_generate_key(req-priv_key_bits, 0x10001, NULL, NULL)))
+ if (EVP_PKEY_assign_RSA(req-priv_key,
RSA_generate_key(req-priv_key_bits, 0x10001, NULL, NULL))) {
return_val = req-priv_key;
+ }
+ break;
+#ifndef NO_DSA
+ case OPENSSL_KEYTYPE_DSA:
+ {
+ DSA *dsapar =
DSA_generate_parameters(req-priv_key_bits, NULL, 0, NULL, NULL, NULL, NULL);
+ if (dsapar) {
+ DSA_set_method(dsapar,
DSA_get_default_method());
+ if (DSA_generate_key(dsapar)) {
+ if
(EVP_PKEY_assign_DSA(req-priv_key, dsapar)) {
+ return_val =
req-priv_key;
+ }
+ } else {
+ DSA_free(dsapar);
+ }
+ }
+ }
break;
+#endif
default:
php_error_docref(NULL TSRMLS_CC, E_WARNING,
Unsupported private key type);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
iliaa Thu Sep 7 14:16:53 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
MFB: Fixed memory leaks in openssl test #004
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.120r2=1.121diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.120 php-src/ext/openssl/openssl.c:1.121
--- php-src/ext/openssl/openssl.c:1.120 Tue Sep 5 13:59:07 2006
+++ php-src/ext/openssl/openssl.c Thu Sep 7 14:16:53 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.120 2006/09/05 13:59:07 tony2001 Exp $ */
+/* $Id: openssl.c,v 1.121 2006/09/07 14:16:53 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1746,6 +1746,7 @@
if (we_made_the_key) {
/* and a resource for
the private key */
+ zval_dtor(out_pkey);
ZVAL_RESOURCE(out_pkey,
zend_list_insert(req.priv_key, le_key));
req.priv_key = NULL; /*
make sure the cleanup code doesn't zap it! */
} else if (key_resource != -1) {
@@ -1793,7 +1794,16 @@
int free_cert = 0;
long cert_res = -1;
char * filename = NULL;
-
+ zval tmp;
+
+ Z_TYPE(tmp) = IS_NULL;
+
+#define TMP_CLEAN \
+ if (Z_TYPE(tmp) == IS_STRING) {\
+ zval_dtor(tmp); \
+ return NULL; \
+ }
+
if (resourceval) {
*resourceval = -1;
}
@@ -1804,15 +1814,21 @@
if (zend_hash_index_find(HASH_OF(*val), 1, (void **)zphrase)
== FAILURE) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, key array
must be of the form array(0 = key, 1 = phrase));
- return NULL;
+ TMP_CLEAN;
+ }
+ //convert_to_string_ex(zphrase);
+ if (Z_TYPE_PP(zphrase) == IS_STRING) {
+ passphrase = Z_STRVAL_PP(zphrase);
+ } else {
+ tmp = **zphrase;
+ zval_copy_ctor(tmp);
+ passphrase = Z_STRVAL(tmp);
}
- convert_to_string_ex(zphrase);
- passphrase = Z_STRVAL_PP(zphrase);
/* now set val to be the key param and continue */
if (zend_hash_index_find(HASH_OF(*val), 0, (void **)val) ==
FAILURE) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, key array
must be of the form array(0 = key, 1 = phrase));
- return NULL;
+ TMP_CLEAN;
}
}
@@ -1822,7 +1838,7 @@
what = zend_fetch_resource(val TSRMLS_CC, -1, OpenSSL
X.509/key, type, 2, le_x509, le_key);
if (!what) {
- return NULL;
+ TMP_CLEAN;
}
if (resourceval) {
*resourceval = Z_LVAL_PP(val);
@@ -1839,13 +1855,16 @@
/* check whether it is actually a private key if
requested */
if (!public_key !is_priv) {
php_error_docref(NULL TSRMLS_CC, E_WARNING,
supplied key param is a public key);
- return NULL;
+ TMP_CLEAN;
}
if (public_key is_priv) {
php_error_docref(NULL TSRMLS_CC, E_WARNING,
Don't know how to get public key from this private key);
- return NULL;
+ TMP_CLEAN;
} else {
+ if (Z_TYPE(tmp) == IS_STRING) {
+ zval_dtor(tmp);
+ }
/* got the key - return it */
return (EVP_PKEY*)what;
}
@@ -1853,14 +1872,14 @@
/* other types could be used here - eg: file pointers and read
in the data from them */
- return NULL;
+ TMP_CLEAN;
} else {
/* force it to be a string and check if it refers to a file */
/* passing non string values leaks, object uses toString, it
returns NULL
* bug38255.phpt
*/
if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) ==
IS_OBJECT)) {
- return NULL;
+ TMP_CLEAN;
}
convert_to_string_ex(val);
@@ -1881,7 +1900,7 @@
in =
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Tue Sep 5 13:59:07 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
init variables
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.119r2=1.120diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.119 php-src/ext/openssl/openssl.c:1.120
--- php-src/ext/openssl/openssl.c:1.119 Thu Aug 31 13:47:31 2006
+++ php-src/ext/openssl/openssl.c Tue Sep 5 13:59:07 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.119 2006/08/31 13:47:31 tony2001 Exp $ */
+/* $Id: openssl.c,v 1.120 2006/09/05 13:59:07 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1302,8 +1302,8 @@
/* apply values from the dn hash */
zend_hash_internal_pointer_reset_ex(HASH_OF(dn), hpos);
while(zend_hash_get_current_data_ex(HASH_OF(dn), (void**)item,
hpos) == SUCCESS) {
- zstr strindex;
- uint strindexlen;
+ zstr strindex = NULL_ZSTR;
+ uint strindexlen = 0;
ulong intindex;
zend_hash_get_current_key_ex(HASH_OF(dn), strindex,
strindexlen, intindex, 0, hpos);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
tony2001Thu Aug 31 13:47:31 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
fix problem with mixed arguments accepted as zval* causing leaks/segfaults
when converting to other types
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.118r2=1.119diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.118 php-src/ext/openssl/openssl.c:1.119
--- php-src/ext/openssl/openssl.c:1.118 Wed Aug 30 21:50:28 2006
+++ php-src/ext/openssl/openssl.c Thu Aug 31 13:47:31 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.118 2006/08/30 21:50:28 tony2001 Exp $ */
+/* $Id: openssl.c,v 1.119 2006/08/31 13:47:31 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -773,7 +773,7 @@
}
/* force it to be a string and check if it refers to a file */
- convert_to_string(*val);
+ convert_to_string_ex(val);
if (Z_STRLEN_PP(val) 7 memcmp(Z_STRVAL_PP(val), file://,
sizeof(file://) - 1) == 0) {
/* read cert from the named file */
@@ -813,19 +813,19 @@
PHP_FUNCTION(openssl_x509_export_to_file)
{
X509 * cert;
- zval * zcert = NULL;
+ zval ** zcert;
zend_bool notext = 1;
BIO * bio_out;
long certresource;
char * filename;
int filename_len;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, rs|b, zcert,
filename, filename_len, notext) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Zs|b, zcert,
filename, filename_len, notext) == FAILURE) {
return;
}
RETVAL_FALSE;
- cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC);
+ cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC);
if (cert == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, cannot get cert
from parameter 1);
return;
@@ -858,17 +858,17 @@
PHP_FUNCTION(openssl_x509_export)
{
X509 * cert;
- zval * zcert = NULL, *zout=NULL;
+ zval ** zcert, *zout;
zend_bool notext = 1;
BIO * bio_out;
long certresource;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, rz|b, zcert,
zout, notext) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Zz|b, zcert,
zout, notext) == FAILURE) {
return;
}
RETVAL_FALSE;
- cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC);
+ cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC);
if (cert == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, cannot get cert
from parameter 1);
return;
@@ -899,21 +899,21 @@
Checks if a private key corresponds to a CERT */
PHP_FUNCTION(openssl_x509_check_private_key)
{
- zval * zcert, *zkey;
+ zval ** zcert, **zkey;
X509 * cert = NULL;
EVP_PKEY * key = NULL;
long certresource = -1, keyresource = -1;
RETVAL_FALSE;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zz, zcert,
zkey) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ZZ, zcert,
zkey) == FAILURE) {
return;
}
- cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC);
+ cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC);
if (cert == NULL) {
RETURN_FALSE;
}
- key = php_openssl_evp_from_zval(zkey, 0, , 1, keyresource
TSRMLS_CC);
+ key = php_openssl_evp_from_zval(zkey, 0, , 1, keyresource TSRMLS_CC);
if (key) {
RETVAL_BOOL(X509_check_private_key(cert, key));
}
@@ -931,7 +931,7 @@
Returns an array of the fields/values of the CERT */
PHP_FUNCTION(openssl_x509_parse)
{
- zval * zcert;
+ zval ** zcert;
X509 * cert = NULL;
long certresource = -1;
int i;
@@ -942,10 +942,10 @@
ASN1_OCTET_STRING *extdata;
char *extname;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, z|b, zcert,
useshortnames) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z|b, zcert,
useshortnames) == FAILURE) {
return;
}
- cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC);
+ cert = php_openssl_x509_from_zval(zcert, 0, certresource TSRMLS_CC);
if (cert == NULL) {
RETURN_FALSE;
}
@@ -1113,7 +1113,7 @@
Checks the CERT to see if it can be used for the purpose in purpose. cainfo
holds information about trusted CAs */
PHP_FUNCTION(openssl_x509_checkpurpose)
{
- zval * zcert, * zcainfo = NULL;
+ zval ** zcert, * zcainfo = NULL;
X509_STORE * cainfo = NULL;
X509 * cert = NULL;
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 002.phpt
tony2001Wed Aug 30 20:49:45 2006 UTC Added files: /php-src/ext/openssl/tests 002.phpt Modified files: /php-src/ext/opensslopenssl.c Log: fix segfault in openssl_seal(), add test http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.116r2=1.117diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.116 php-src/ext/openssl/openssl.c:1.117 --- php-src/ext/openssl/openssl.c:1.116 Mon Jul 31 03:41:42 2006 +++ php-src/ext/openssl/openssl.c Wed Aug 30 20:49:44 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.116 2006/07/31 03:41:42 iliaa Exp $ */ +/* $Id: openssl.c,v 1.117 2006/08/30 20:49:44 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -3041,7 +3041,9 @@ pkeys = safe_emalloc(nkeys, sizeof(*pkeys), 0); eksl = safe_emalloc(nkeys, sizeof(*eksl), 0); eks = safe_emalloc(nkeys, sizeof(*eks), 0); + memset(eks, 0, sizeof(*eks) * nkeys); key_resources = safe_emalloc(nkeys, sizeof(long), 0); + memset(key_resources, 0, sizeof(*key_resources) * nkeys); /* get the public keys we are using to seal this data */ zend_hash_internal_pointer_reset_ex(pubkeysht, pos); http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/002.phpt?view=markuprev=1.1 Index: php-src/ext/openssl/tests/002.phpt +++ php-src/ext/openssl/tests/002.phpt --TEST-- openssl_seal() tests --SKIPIF-- ?php if (!extension_loaded(openssl)) print skip; ? --FILE-- ?php $a = 1; $b = array(1); $c = array(1); $d = array(1); var_dump(openssl_seal($a, $b, $c, $d)); var_dump(openssl_seal($a, $a, $a, array())); var_dump(openssl_seal($c, $c, $c, 1)); var_dump(openssl_seal($b, $b, $b, )); echo Done\n; ? --EXPECTF-- Warning: openssl_seal(): not a public key (0th member of pubkeys) in %s on line %d bool(false) Warning: openssl_seal(): Fourth argument to openssl_seal() must be a non-empty array in %s on line %d bool(false) Warning: openssl_seal() expects parameter 1 to be string, array given in %s on line %d NULL Warning: openssl_seal() expects parameter 1 to be string, array given in %s on line %d NULL Done --UEXPECTF-- Warning: openssl_seal(): not a public key (0th member of pubkeys) in %s on line %d bool(false) Warning: openssl_seal(): Fourth argument to openssl_seal() must be a non-empty array in %s on line %d bool(false) Warning: openssl_seal() expects parameter 1 to be binary string, array given in %s on line %d NULL Warning: openssl_seal() expects parameter 1 to be binary string, array given in %s on line %d NULL Done -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests 003.phpt
tony2001Wed Aug 30 21:50:28 2006 UTC
Added files:
/php-src/ext/openssl/tests 003.phpt
Modified files:
/php-src/ext/opensslopenssl.c
Log:
fix segfault/leak, add test
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.117r2=1.118diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.117 php-src/ext/openssl/openssl.c:1.118
--- php-src/ext/openssl/openssl.c:1.117 Wed Aug 30 20:49:44 2006
+++ php-src/ext/openssl/openssl.c Wed Aug 30 21:50:28 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.117 2006/08/30 20:49:44 tony2001 Exp $ */
+/* $Id: openssl.c,v 1.118 2006/08/30 21:50:28 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -773,7 +773,7 @@
}
/* force it to be a string and check if it refers to a file */
- convert_to_string_ex(val);
+ convert_to_string(*val);
if (Z_STRLEN_PP(val) 7 memcmp(Z_STRVAL_PP(val), file://,
sizeof(file://) - 1) == 0) {
/* read cert from the named file */
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/003.phpt?view=markuprev=1.1
Index: php-src/ext/openssl/tests/003.phpt
+++ php-src/ext/openssl/tests/003.phpt
--TEST--
openssl_pkcs7_decrypt() and invalid parameters
--SKIPIF--
?php if (!extension_loaded(openssl)) print skip; ?
--FILE--
?php
function myErrorHandler($errno, $errstr, $errfile, $errline) {
var_dump($errstr);
}
set_error_handler(myErrorHandler);
$a = 1;
$b = 1;
$c = new stdclass;
$d = new stdclass;
var_dump(openssl_pkcs7_decrypt($a, $b, $c, $d));
var_dump($c);
var_dump(openssl_pkcs7_decrypt($b, $b, $b, $b));
var_dump(openssl_pkcs7_decrypt($a, $b, , ));
var_dump(openssl_pkcs7_decrypt($a, $b, true, false));
var_dump(openssl_pkcs7_decrypt($a, $b, 0, 0));
echo Done\n;
?
--EXPECTF--
string(57) Object of class stdClass could not be converted to string
string(45) Object of class stdClass to string conversion
string(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert
bool(false)
string(6) Object
string(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert
bool(false)
string(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert
bool(false)
string(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert
bool(false)
string(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert
bool(false)
Done
--UEXPECTF--
unicode(64) Object of class stdClass could not be converted to binary string
unicode(45) Object of class stdClass to string conversion
unicode(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert
bool(false)
string(6) Object
unicode(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert
bool(false)
unicode(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert
bool(false)
unicode(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert
bool(false)
unicode(66) openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert
bool(false)
Done
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Sun Jul 30 08:28:48 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- MFB: vi happiness
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.110r2=1.111diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.110 php-src/ext/openssl/openssl.c:1.111
--- php-src/ext/openssl/openssl.c:1.110 Sat Jul 29 23:03:37 2006
+++ php-src/ext/openssl/openssl.c Sun Jul 30 08:28:48 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.110 2006/07/29 23:03:37 pajoye Exp $ */
+/* $Id: openssl.c,v 1.111 2006/07/30 08:28:48 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -156,10 +156,11 @@
static int le_csr;
static int ssl_stream_data_index;
-int php_openssl_get_x509_list_id(void)
+int php_openssl_get_x509_list_id(void) /* {{{ */
{
return le_x509;
}
+/* }}} */
/* {{{ resource destructors */
static void php_pkey_free(zend_rsrc_list_entry *rsrc TSRMLS_DC)
@@ -216,7 +217,7 @@
static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request *
req TSRMLS_DC);
-static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int
shortname TSRMLS_DC)
+static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int
shortname TSRMLS_DC) /* {{{ */
{
zval *subitem, *subentries;
int i, j = -1, last = -1, obj_cnt = 0;
@@ -271,13 +272,15 @@
}
zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void *)subitem,
sizeof(subitem), NULL);
}
+/* }}} */
-static void add_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str)
+static void add_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str)
/* {{{ */
{
add_assoc_stringl(val, key, str-data, str-length, 1);
}
+/* }}} */
-static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC)
+static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */
{
/*
This is how the time string is formatted:
@@ -345,12 +348,14 @@
return ret;
}
+/* }}} */
static inline int php_openssl_config_check_syntax(
const char * section_label,
const char * config_filename,
const char * section,
- LHASH * config TSRMLS_DC)
+ LHASH * config TSRMLS_DC
+ ) /* {{{ */
{
X509V3_CTX ctx;
@@ -365,8 +370,9 @@
}
return SUCCESS;
}
+/* }}} */
-static int add_oid_section(struct php_x509_request * req TSRMLS_DC)
+static int add_oid_section(struct php_x509_request * req TSRMLS_DC) /* {{{ */
{
char * str;
STACK_OF(CONF_VALUE) * sktmp;
@@ -391,6 +397,7 @@
}
return SUCCESS;
}
+/* }}} */
#define PHP_SSL_REQ_INIT(req) memset(req, 0, sizeof(*req))
#define PHP_SSL_REQ_DISPOSE(req) php_openssl_dispose_config(req
TSRMLS_CC)
@@ -417,7 +424,7 @@
struct php_x509_request * req,
zval * optional_args
TSRMLS_DC
- )
+ ) /* {{{ */
{
char * str;
zval ** item;
@@ -495,8 +502,9 @@
return SUCCESS;
}
+/* }}} */
-static void php_openssl_dispose_config(struct php_x509_request * req TSRMLS_DC)
+static void php_openssl_dispose_config(struct php_x509_request * req
TSRMLS_DC) /* {{{ */
{
if (req-priv_key) {
EVP_PKEY_free(req-priv_key);
@@ -511,8 +519,9 @@
req-req_config = NULL;
}
}
+/* }}} */
-static int php_openssl_load_rand_file(const char * file, int *egdsocket, int
*seeded)
+static int php_openssl_load_rand_file(const char * file, int *egdsocket, int
*seeded) /* {{{ */
{
char buffer[MAXPATHLEN];
@@ -542,8 +551,9 @@
*seeded = 1;
return SUCCESS;
}
+/* }}} */
-static int php_openssl_write_rand_file(const char * file, int egdsocket, int
seeded)
+static int php_openssl_write_rand_file(const char * file, int egdsocket, int
seeded) /* {{{ */
{
char buffer[MAXPATHLEN];
@@ -563,6 +573,7 @@
}
return SUCCESS;
}
+/* }}} */
static EVP_MD * php_openssl_get_evp_md_from_algo(long algo) { /* {{{ */
EVP_MD *mdtype;
@@ -3146,7 +3157,7 @@
#define GET_VER_OPT(name) (stream-context SUCCESS ==
php_stream_context_get_option(stream-context, ssl, name, val))
#define GET_VER_OPT_STRING(name, str) if (GET_VER_OPT(name)) {
convert_to_string_ex(val); str = Z_STRVAL_PP(val); }
-static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
+static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) /* {{{ */
{
php_stream *stream;
SSL *ssl;
@@ -3183,8 +3194,9 @@
return ret;
}
+/* }}} */
-int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer, php_stream
*stream TSRMLS_DC)
+int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer,
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Sun Jul 30 09:18:23 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- MFB: silent compiler warnins (signess)
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.111r2=1.112diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.111 php-src/ext/openssl/openssl.c:1.112
--- php-src/ext/openssl/openssl.c:1.111 Sun Jul 30 08:28:48 2006
+++ php-src/ext/openssl/openssl.c Sun Jul 30 09:18:23 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.111 2006/07/30 08:28:48 pajoye Exp $ */
+/* $Id: openssl.c,v 1.112 2006/07/30 09:18:23 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -254,7 +254,7 @@
obj_cnt++;
ne = X509_NAME_get_entry(name, j);
str = X509_NAME_ENTRY_get_data(ne);
- add_next_index_stringl(subentries, str-data,
str-length, 1);
+ add_next_index_stringl(subentries, (char
*)str-data, str-length, 1);
}
last = j;
}
@@ -266,7 +266,7 @@
zval_dtor(subentries);
FREE_ZVAL(subentries);
if (obj_cnt) {
- add_assoc_stringl(subitem, sname, str-data,
str-length, 1);
+ add_assoc_stringl(subitem, sname, (char
*)str-data, str-length, 1);
}
}
}
@@ -276,7 +276,7 @@
static void add_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str)
/* {{{ */
{
- add_assoc_stringl(val, key, str-data, str-length, 1);
+ add_assoc_stringl(val, key, (char *)str-data, str-length, 1);
}
/* }}} */
@@ -300,7 +300,7 @@
return (time_t)-1;
}
- strbuf = estrdup(timestr-data);
+ strbuf = estrdup((char *)timestr-data);
memset(thetime, 0, sizeof(thetime));
@@ -968,7 +968,7 @@
add_assoc_long(return_value, validFrom_time_t,
asn1_time_to_time_t(X509_get_notBefore(cert) TSRMLS_CC));
add_assoc_long(return_value, validTo_time_t,
asn1_time_to_time_t(X509_get_notAfter(cert) TSRMLS_CC));
- tmpstr = X509_alias_get0(cert, NULL);
+ tmpstr = (char *)X509_alias_get0(cert, NULL);
if (tmpstr) {
add_assoc_string(return_value, alias, tmpstr, 1);
}
@@ -1285,8 +1285,8 @@
zend_hash_internal_pointer_reset_ex(HASH_OF(dn), hpos);
while(zend_hash_get_current_data_ex(HASH_OF(dn), (void**)item,
hpos) == SUCCESS) {
zstr strindex;
- int strindexlen;
- long intindex;
+ uint strindexlen;
+ ulong intindex;
zend_hash_get_current_key_ex(HASH_OF(dn), strindex,
strindexlen, intindex, 0, hpos);
@@ -1360,8 +1360,8 @@
zend_hash_internal_pointer_reset_ex(HASH_OF(attribs),
hpos);
while(zend_hash_get_current_data_ex(HASH_OF(attribs),
(void**)item, hpos) == SUCCESS) {
zstr strindex;
- int strindexlen;
- long intindex;
+ uint strindexlen;
+ ulong intindex;
zend_hash_get_current_key_ex(HASH_OF(attribs),
strindex, strindexlen, intindex, 0, hpos);
convert_to_string_ex(item);
@@ -2053,7 +2053,7 @@
} else {
cipher = NULL;
}
- if (PEM_write_bio_PrivateKey(bio_out, key, cipher, passphrase,
passphrase_len, NULL, NULL)) {
+ if (PEM_write_bio_PrivateKey(bio_out, key, cipher,(unsigned
char *)passphrase, passphrase_len, NULL, NULL)) {
/* Success!
* If returning the output as a string, do so now */
RETVAL_TRUE;
@@ -2104,7 +2104,7 @@
} else {
cipher = NULL;
}
- if (PEM_write_bio_PrivateKey(bio_out, key, cipher, passphrase,
passphrase_len, NULL, NULL)) {
+ if (PEM_write_bio_PrivateKey(bio_out, key, cipher, (unsigned
char *)passphrase, passphrase_len, NULL, NULL)) {
/* Success!
* If returning the output as a string, do so now */
@@ -2664,7 +2664,7 @@
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
successful = (RSA_private_encrypt(data_len,
- data,
+ (unsigned char
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug38261.phpt
pajoye Sun Jul 30 16:27:02 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
/php-src/ext/openssl/tests bug38261.phpt
Log:
- MFB: #38261, openssl_x509_parse leaks with invalid certs
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.112r2=1.113diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.112 php-src/ext/openssl/openssl.c:1.113
--- php-src/ext/openssl/openssl.c:1.112 Sun Jul 30 09:18:23 2006
+++ php-src/ext/openssl/openssl.c Sun Jul 30 16:27:02 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.112 2006/07/30 09:18:23 pajoye Exp $ */
+/* $Id: openssl.c,v 1.113 2006/07/30 16:27:02 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -770,6 +770,11 @@
return NULL;
}
+
+ if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) {
+ return NULL;
+ }
+
/* force it to be a string and check if it refers to a file */
convert_to_string_ex(val);
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug38261.phpt?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/openssl/tests/bug38261.phpt
diff -u /dev/null php-src/ext/openssl/tests/bug38261.phpt:1.2
--- /dev/null Sun Jul 30 16:27:02 2006
+++ php-src/ext/openssl/tests/bug38261.phpt Sun Jul 30 16:27:02 2006
@@ -0,0 +1,34 @@
+--TEST--
+openssl key from zval leaks
+--SKIPIF--
+?php
+if (!extension_loaded(openssl)) die(skip);
+?
+--FILE--
+?php
+$cert = false;
+class test {
+ function __toString() {
+ return test object;
+ }
+}
+$t = new test;
+
+var_dump(openssl_x509_parse(foo));
+var_dump(openssl_x509_parse($t));
+var_dump(openssl_x509_parse(array()));
+var_dump(openssl_x509_parse());
+var_dump(openssl_x509_parse($cert));
+var_dump(openssl_x509_parse(new stdClass));
+
+?
+--EXPECTF--
+bool(false)
+bool(false)
+bool(false)
+
+Warning: openssl_x509_parse() expects at least 1 parameter, 0 given in
%s/bug38261.php on line %d
+NULL
+bool(false)
+
+Catchable fatal error: Object of class stdClass could not be converted to
string in %s/bug38261.php on line %d
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug28382.phpt bug28382cert.txt
pajoye Sun Jul 30 17:02:28 2006 UTC
Added files:
/php-src/ext/openssl/tests bug28382.phpt bug28382cert.txt
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- #28382, add support for x509 extensions
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.113r2=1.114diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.113 php-src/ext/openssl/openssl.c:1.114
--- php-src/ext/openssl/openssl.c:1.113 Sun Jul 30 16:27:02 2006
+++ php-src/ext/openssl/openssl.c Sun Jul 30 17:02:27 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.113 2006/07/30 16:27:02 pajoye Exp $ */
+/* $Id: openssl.c,v 1.114 2006/07/30 17:02:27 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -940,6 +940,9 @@
zend_bool useshortnames = 1;
char * tmpstr;
zval * subitem;
+ X509_EXTENSION *extension;
+ ASN1_OCTET_STRING *extdata;
+ char *extname;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, z|b, zcert,
useshortnames) == FAILURE) {
return;
@@ -1014,6 +1017,18 @@
}
add_assoc_zval(return_value, purposes, subitem);
+ MAKE_STD_ZVAL(subitem);
+ array_init(subitem);
+
+
+ for (i = 0; i X509_get_ext_count(cert); i++) {
+ extension = X509_get_ext(cert, i);
+ extdata = X509_EXTENSION_get_data(extension);
+ extname =
strdup(OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension;
+ add_assoc_asn1_string(subitem, extname, extdata);
+ }
+ add_assoc_zval(return_value, extensions, subitem);
+
if (certresource == -1 cert) {
X509_free(cert);
}
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug28382.phpt?view=markuprev=1.1
Index: php-src/ext/openssl/tests/bug28382.phpt
+++ php-src/ext/openssl/tests/bug28382.phpt
--TEST--
#28382, openssl_x509_parse extensions support
--SKIPIF--
?php
if (!extension_loaded(openssl)) die(skip);
?
--FILE--
?php
$cert = file_get_contents(dirname(__FILE__) . /bug28382cert.txt, rb);
$ext = openssl_x509_parse($cert);
var_dump($ext['extensions']);
?
--EXPECTF--
array(11) {
[basicConstraints]=
string(2) %s
[nsComment]=
string(40) %s
[nsCertType]=
string(4) %s
[crlDistributionPoints]=
string(56) %s
[nsCaPolicyUrl]=
string(40) %s
[subjectAltName]=
string(26) %s
[subjectKeyIdentifier]=
string(22) %s
[authorityKeyIdentifier]=
string(159) %s
[keyUsage]=
string(4) %s
[nsBaseUrl]=
string(22) %s
[UNDEF]=
string(4) %s
}
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug28382cert.txt?view=markuprev=1.1
Index: php-src/ext/openssl/tests/bug28382cert.txt
+++ php-src/ext/openssl/tests/bug28382cert.txt
-BEGIN CERTIFICATE-
MIIEoDCCBAmgAwIBAgIBJzANBgkqhkiG9w0BAQQFADCBkDELMAkGA1UEBhMCUk8x
EDAOBgNVBAgTB1JvbWFuaWExEDAOBgNVBAcTB0NyYWlvdmExDzANBgNVBAoTBlNl
cmdpdTETMBEGA1UECxMKU2VyZ2l1IFNSTDESMBAGA1UEAxMJU2VyZ2l1IENBMSMw
IQYJKoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTAeFw0wNDA1MTQxMzM0
NTZaFw0wNTA1MTQxMzM0NTZaMIGaMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9t
YW5pYTEQMA4GA1UEBxMHQ3JhaW92YTETMBEGA1UEChMKU2VyZ2l1IFNSTDETMBEG
A1UECxMKU2VyZ2l1IFNSTDEYMBYGA1UEAxMPU2VyZ2l1IHBlcnNvbmFsMSMwIQYJ
KoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEApNj7XXz8T8FcLIWpBniPYom3QcT6T7u0xRPHqtqzj5oboBYp
DJe5d354/y0gJTpiLt8+fTrPgWXnbHm3pOHgXzTcX6Arani0GDU0/xDi4VkCRGcS
YqX2sJpcDzAbmK9UDMt3xf/O1B8AJan3RfO0Bm3ozTEPziLMkmsiYr5b/L8CAwEA
AaOCAfwwggH4MAkGA1UdEwQCMAAwNQYJYIZIAYb4QgENBCgWJkZvciBHcmlkIHVz
ZSBvbmx5OyByZXF1ZXN0IHRhZyB1c2VyVGFnMBEGCWCGSAGG+EIBAQQEAwIF4DA/
BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vbW9iaWxlLmJsdWUtc29mdHdhcmUucm86
OTAvY2EvY3JsLnNodG1sMDUGCWCGSAGG+EIBCAQoFiZodHRwOi8vbW9iaWxlLmJs
dWUtc29mdHdhcmUucm86OTAvcHViLzAhBgNVHREEGjAYgRZzZXJnaXVAYmx1ZXNv
ZnR3YXJlLnJvMB0GA1UdDgQWBBSwp//5QRXeIzm93TEPl6CyonTg/DCBpwYDVR0j
BIGfMIGcoYGWpIGTMIGQMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9tYW5pYTEQ
MA4GA1UEBxMHQ3JhaW92YTEPMA0GA1UEChMGU2VyZ2l1MRMwEQYDVQQLEwpTZXJn
aXUgU1JMMRIwEAYDVQQDEwlTZXJnaXUgQ0ExIzAhBgkqhkiG9w0BCQEWFG5fc2Vy
Z2l1QGhvdG1haWwuY29tggEAMAsGA1UdDwQEAwIE8DAjBglghkgBhvhCAQIEFhYU
aHR0cDovLzYyLjIzMS45OC41Mi8wCwYDKgMEBAQ+52I0MA0GCSqGSIb3DQEBBAUA
A4GBAIBIOJ+iiLyQfNJEY+IMefayQea0nmuXYY+F+L1DFjSC7xChytgYoPNnKkhh
3dWPtxbswiqKYUnGi6y3Hi4UhDsOaDW29t2S305hSc2qgjOiNtRYQIVYQ8EHG1k7
Fl63S7uCOhnVJt+4MnUK1N6/pwgsp+Z2GvEsDG1qCKnvNpf6
-END CERTIFICATE-
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug36732.phpt
pajoye Mon Jul 31 00:36:09 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
/php-src/ext/openssl/tests bug36732.phpt
Log:
- MFB: #36732, add req_extensions support to openssl_csr_new and _sign
(ben at psc dot edu)
- MFB: fix leaks in openssl_csr_new and sig
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.114r2=1.115diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.114 php-src/ext/openssl/openssl.c:1.115
--- php-src/ext/openssl/openssl.c:1.114 Sun Jul 30 17:02:27 2006
+++ php-src/ext/openssl/openssl.c Mon Jul 31 00:36:09 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.114 2006/07/30 17:02:27 pajoye Exp $ */
+/* $Id: openssl.c,v 1.115 2006/07/31 00:36:09 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -454,8 +454,8 @@
CONF_get_string(req-req_config, req-section_name,
default_md));
SET_OPTIONAL_STRING_ARG(x509_extensions, req-extensions_section,
CONF_get_string(req-req_config, req-section_name,
x509_extensions));
- SET_OPTIONAL_STRING_ARG(req_extensions, req-extensions_section,
- CONF_get_string(req-req_config,
req-request_extensions_section, req_extensions));
+ SET_OPTIONAL_STRING_ARG(req_extensions,
req-request_extensions_section,
+ CONF_get_string(req-req_config, req-section_name,
req_extensions));
SET_OPTIONAL_LONG_ARG(private_key_bits, req-priv_key_bits,
CONF_get_number(req-req_config, req-section_name,
default_bits));
@@ -495,9 +495,6 @@
return FAILURE;
}
- if (req-request_extensions_section == NULL) {
- req-request_extensions_section =
CONF_get_string(req-req_config, req-section_name, req_extensions);
- }
PHP_SSL_CONFIG_SYNTAX_CHECK(request_extensions_section);
return SUCCESS;
@@ -865,8 +862,6 @@
zend_bool notext = 1;
BIO * bio_out;
long certresource;
- char * bio_mem_ptr;
- long bio_mem_len;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, rz|b, zcert,
zout, notext) == FAILURE) {
return;
@@ -883,12 +878,15 @@
if (!notext) {
X509_print(bio_out, cert);
}
- PEM_write_bio_X509(bio_out, cert);
+ if (PEM_write_bio_X509(bio_out, cert)) {
+ BUF_MEM *bio_buf;
- bio_mem_len = BIO_get_mem_data(bio_out, bio_mem_ptr);
- ZVAL_STRINGL(zout, bio_mem_ptr, bio_mem_len, 1);
+ zval_dtor(zout);
+ BIO_get_mem_ptr(bio_out, bio_buf);
+ ZVAL_STRINGL(zout, bio_buf-data, bio_buf-length, 1);
- RETVAL_TRUE;
+ RETVAL_TRUE;
+ }
if (certresource == -1 cert) {
X509_free(cert);
@@ -1519,9 +1517,8 @@
zval * zcsr = NULL, *zout=NULL;
zend_bool notext = 1;
BIO * bio_out;
+
long csr_resource;
- char * bio_mem_ptr;
- long bio_mem_len;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, rz|b, zcsr,
zout, notext) == FAILURE) {
return;
@@ -1540,12 +1537,16 @@
if (!notext) {
X509_REQ_print(bio_out, csr);
}
- PEM_write_bio_X509_REQ(bio_out, csr);
- bio_mem_len = BIO_get_mem_data(bio_out, bio_mem_ptr);
- ZVAL_STRINGL(zout, bio_mem_ptr, bio_mem_len, 1);
+ if (PEM_write_bio_X509_REQ(bio_out, csr)) {
+ BUF_MEM *bio_buf;
- RETVAL_TRUE;
+ BIO_get_mem_ptr(bio_out, bio_buf);
+ zval_dtor(zout);
+ ZVAL_STRINGL(zout, bio_buf-data, bio_buf-length, 1);
+
+ RETVAL_TRUE;
+ }
if (csr_resource == -1 csr) {
X509_REQ_free(csr);
@@ -1643,12 +1644,12 @@
if (!i) {
goto cleanup;
}
- if (req.request_extensions_section) {
+ if (req.extensions_section) {
X509V3_CTX ctx;
X509V3_set_ctx(ctx, cert, new_cert, csr, NULL, 0);
X509V3_set_conf_lhash(ctx, req.req_config);
- if (!X509V3_EXT_add_conf(req.req_config, ctx,
req.request_extensions_section, new_cert)) {
+ if (!X509V3_EXT_add_conf(req.req_config, ctx,
req.extensions_section, new_cert)) {
goto cleanup;
}
}
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug36732.phpt?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/openssl/tests/bug36732.phpt
diff -u /dev/null php-src/ext/openssl/tests/bug36732.phpt:1.2
--- /dev/null Mon Jul 31 00:36:09 2006
+++ php-src/ext/openssl/tests/bug36732.phpt Mon Jul 31 00:36:09 2006
@@ -0,0 +1,39 @@
+--TEST--
+#36732, add support for req_extensions in openss_csr_new and sign
+--SKIPIF--
+?php
+if
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
iliaa Mon Jul 31 03:41:42 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
MFB: Fixed compiler warning.
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.115r2=1.116diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.115 php-src/ext/openssl/openssl.c:1.116
--- php-src/ext/openssl/openssl.c:1.115 Mon Jul 31 00:36:09 2006
+++ php-src/ext/openssl/openssl.c Mon Jul 31 03:41:42 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.115 2006/07/31 00:36:09 pajoye Exp $ */
+/* $Id: openssl.c,v 1.116 2006/07/31 03:41:42 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -224,7 +224,7 @@
char *sname;
int nid;
X509_NAME_ENTRY * ne;
- ASN1_STRING * str;
+ ASN1_STRING * str = NULL;
ASN1_OBJECT * obj;
MAKE_STD_ZVAL(subitem);
@@ -265,7 +265,7 @@
} else {
zval_dtor(subentries);
FREE_ZVAL(subentries);
- if (obj_cnt) {
+ if (obj_cnt str) {
add_assoc_stringl(subitem, sname, (char
*)str-data, str-length, 1);
}
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug37820.phpt bug37820cert.pem bug37820key.pem
pajoye Sat Jul 29 21:54:45 2006 UTC
Added files:
/php-src/ext/openssl/tests bug37820key.pem bug37820cert.pem
bug37820.phpt
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- #37820, add support for algorithm type in openssl_verify()
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.106r2=1.107diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.106 php-src/ext/openssl/openssl.c:1.107
--- php-src/ext/openssl/openssl.c:1.106 Sun Apr 30 23:45:13 2006
+++ php-src/ext/openssl/openssl.c Sat Jul 29 21:54:45 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.106 2006/04/30 23:45:13 wez Exp $ */
+/* $Id: openssl.c,v 1.107 2006/07/29 21:54:45 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -563,6 +563,30 @@
}
return SUCCESS;
}
+
+static EVP_MD * php_openssl_get_evp_md_from_algo(long algo) { /* {{{ */
+ EVP_MD *mdtype;
+
+ switch (algo) {
+ case OPENSSL_ALGO_SHA1:
+ mdtype = (EVP_MD *) EVP_sha1();
+ break;
+ case OPENSSL_ALGO_MD5:
+ mdtype = (EVP_MD *) EVP_md5();
+ break;
+ case OPENSSL_ALGO_MD4:
+ mdtype = (EVP_MD *) EVP_md4();
+ break;
+ case OPENSSL_ALGO_MD2:
+ mdtype = (EVP_MD *) EVP_md2();
+ break;
+ default:
+ return NULL;
+ break;
+ }
+ return mdtype;
+}
+/* }}} */
/* }}} */
/* {{{ PHP_MINIT_FUNCTION
@@ -2860,7 +2884,7 @@
}
/* }}} */
-/* {{{ proto bool openssl_sign(string data, string signature, mixed key)
+/* {{{ proto bool openssl_sign(string data, string signature, mixed key[, int
signature_alg])
Signs data */
PHP_FUNCTION(openssl_sign)
{
@@ -2884,23 +2908,10 @@
RETURN_FALSE;
}
- switch (signature_algo) {
- case OPENSSL_ALGO_SHA1:
- mdtype = (EVP_MD *) EVP_sha1();
- break;
- case OPENSSL_ALGO_MD5:
- mdtype = (EVP_MD *) EVP_md5();
- break;
- case OPENSSL_ALGO_MD4:
- mdtype = (EVP_MD *) EVP_md4();
- break;
- case OPENSSL_ALGO_MD2:
- mdtype = (EVP_MD *) EVP_md2();
- break;
- default:
- php_error_docref(NULL TSRMLS_CC, E_WARNING, Unknown
signature algorithm.);
- RETURN_FALSE;
- break;
+ mdtype = php_openssl_get_evp_md_from_algo(signature_algo);
+ if (!mdtype) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Unknown signature
algorithm.);
+ RETURN_FALSE;
}
siglen = EVP_PKEY_size(pkey);
@@ -2931,21 +2942,29 @@
EVP_PKEY *pkey;
int err;
EVP_MD_CTX md_ctx;
+ EVP_MD *mdtype;
long keyresource = -1;
char * data;int data_len;
char * signature; int signature_len;
-
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ssz, data,
data_len, signature, signature_len, key) == FAILURE) {
+ long signature_algo = OPENSSL_ALGO_SHA1;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ssz|l, data,
data_len, signature, signature_len, key, signature_algo) == FAILURE) {
return;
}
-
+
+ mdtype = php_openssl_get_evp_md_from_algo(signature_algo);
+ if (!mdtype) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Unknown signature
algorithm.);
+ RETURN_FALSE;
+ }
+
pkey = php_openssl_evp_from_zval(key, 1, NULL, 0, keyresource
TSRMLS_CC);
if (pkey == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, supplied key param
cannot be coerced into a public key);
RETURN_FALSE;
}
- EVP_VerifyInit (md_ctx, EVP_sha1());
+ EVP_VerifyInit (md_ctx, mdtype);
EVP_VerifyUpdate (md_ctx, data, data_len);
err = EVP_VerifyFinal (md_ctx, signature, signature_len, pkey);
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug37820key.pem?view=markuprev=1.1
Index: php-src/ext/openssl/tests/bug37820key.pem
+++ php-src/ext/openssl/tests/bug37820key.pem
-BEGIN RSA PRIVATE KEY-
MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug38255.phpt
pajoye Sat Jul 29 22:24:48 2006 UTC
Added files:
/php-src/ext/openssl/tests bug38255.phpt
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- MFH: #38255, fix possible leak in php_openssl_evp_from_zval
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.107r2=1.108diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.107 php-src/ext/openssl/openssl.c:1.108
--- php-src/ext/openssl/openssl.c:1.107 Sat Jul 29 21:54:45 2006
+++ php-src/ext/openssl/openssl.c Sat Jul 29 22:24:48 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.107 2006/07/29 21:54:45 pajoye Exp $ */
+/* $Id: openssl.c,v 1.108 2006/07/29 22:24:48 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1824,6 +1824,9 @@
return NULL;
} else {
/* force it to be a string and check if it refers to a file */
+ if (Z_TYPE_PP(val) == IS_LONG || Z_TYPE_PP(val) == IS_BOOL) {
+ return NULL;
+ }
convert_to_string_ex(val);
if (Z_STRLEN_PP(val) 7 memcmp(Z_STRVAL_PP(val), file://,
sizeof(file://) - 1) == 0) {
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug38255.phpt?view=markuprev=1.1
Index: php-src/ext/openssl/tests/bug38255.phpt
+++ php-src/ext/openssl/tests/bug38255.phpt
--TEST--
openssl key from zval leaks
--SKIPIF--
?php
if (!extension_loaded(openssl)) die(skip);
?
--FILE--
?php
$pub_key_id = false;
$signature = '';
$ok = openssl_verify(foo, $signature, $pub_key_id, OPENSSL_ALGO_MD5);
?
--EXPECTF--
Warning: openssl_verify(): supplied key param cannot be coerced into a public
key in %s/bug38255.php on line %d
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Sat Jul 29 22:39:51 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- #38255, fails on array as well
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.108r2=1.109diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.108 php-src/ext/openssl/openssl.c:1.109
--- php-src/ext/openssl/openssl.c:1.108 Sat Jul 29 22:24:48 2006
+++ php-src/ext/openssl/openssl.c Sat Jul 29 22:39:51 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.108 2006/07/29 22:24:48 pajoye Exp $ */
+/* $Id: openssl.c,v 1.109 2006/07/29 22:39:51 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1824,7 +1824,8 @@
return NULL;
} else {
/* force it to be a string and check if it refers to a file */
- if (Z_TYPE_PP(val) == IS_LONG || Z_TYPE_PP(val) == IS_BOOL) {
+ if (Z_TYPE_PP(val) == IS_LONG || Z_TYPE_PP(val) == IS_BOOL
+ || Z_TYPE_PP(val) == IS_ARRAY) {
return NULL;
}
convert_to_string_ex(val);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
pajoye Sat Jul 29 23:03:37 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- make the test more obvious and add an explanation
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.109r2=1.110diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.109 php-src/ext/openssl/openssl.c:1.110
--- php-src/ext/openssl/openssl.c:1.109 Sat Jul 29 22:39:51 2006
+++ php-src/ext/openssl/openssl.c Sat Jul 29 23:03:37 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.109 2006/07/29 22:39:51 pajoye Exp $ */
+/* $Id: openssl.c,v 1.110 2006/07/29 23:03:37 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1824,8 +1824,10 @@
return NULL;
} else {
/* force it to be a string and check if it refers to a file */
- if (Z_TYPE_PP(val) == IS_LONG || Z_TYPE_PP(val) == IS_BOOL
- || Z_TYPE_PP(val) == IS_ARRAY) {
+ /* passing non string values leaks, object uses toString, it
returns NULL
+* bug38255.phpt
+*/
+ if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) ==
IS_OBJECT)) {
return NULL;
}
convert_to_string_ex(val);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c xp_ssl.c
wez Sun Apr 30 23:45:13 2006 UTC
Modified files:
/php-src/ext/opensslopenssl.c xp_ssl.c
Log:
merge from branch: peer certificate capture context options.
http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/openssl.c?r1=1.105r2=1.106diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.105 php-src/ext/openssl/openssl.c:1.106
--- php-src/ext/openssl/openssl.c:1.105 Tue Feb 21 20:12:42 2006
+++ php-src/ext/openssl/openssl.c Sun Apr 30 23:45:13 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.105 2006/02/21 20:12:42 dmitry Exp $ */
+/* $Id: openssl.c,v 1.106 2006/04/30 23:45:13 wez Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -156,6 +156,11 @@
static int le_csr;
static int ssl_stream_data_index;
+int php_openssl_get_x509_list_id(void)
+{
+ return le_x509;
+}
+
/* {{{ resource destructors */
static void php_pkey_free(zend_rsrc_list_entry *rsrc TSRMLS_DC)
{
http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/xp_ssl.c?r1=1.24r2=1.25diff_format=u
Index: php-src/ext/openssl/xp_ssl.c
diff -u php-src/ext/openssl/xp_ssl.c:1.24 php-src/ext/openssl/xp_ssl.c:1.25
--- php-src/ext/openssl/xp_ssl.c:1.24 Sun Jan 1 13:09:52 2006
+++ php-src/ext/openssl/xp_ssl.cSun Apr 30 23:45:13 2006
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: xp_ssl.c,v 1.24 2006/01/01 13:09:52 sniper Exp $ */
+/* $Id: xp_ssl.c,v 1.25 2006/04/30 23:45:13 wez Exp $ */
#include php.h
#include ext/standard/file.h
@@ -33,6 +33,7 @@
int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer, php_stream
*stream TSRMLS_DC);
SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC);
+int php_openssl_get_x509_list_id(void);
/* This implementation is very closely tied to the that of the native
* sockets implemented in the core.
@@ -414,9 +415,63 @@
SSL_shutdown(sslsock-ssl_handle);
} else {
sslsock-ssl_active = 1;
+
+ /* allow the script to capture the peer cert
+* and/or the certificate chain */
+ if (stream-context) {
+ zval **val, *zcert;
+
+ if (SUCCESS ==
php_stream_context_get_option(
+
stream-context, ssl,
+
capture_peer_cert, val)
+ zval_is_true(*val)) {
+ MAKE_STD_ZVAL(zcert);
+ ZVAL_RESOURCE(zcert,
zend_list_insert(peer_cert,
+
php_openssl_get_x509_list_id()));
+
php_stream_context_set_option(stream-context,
+ ssl,
peer_certificate,
+ zcert);
+ peer_cert = NULL;
+ }
+
+ if (SUCCESS ==
php_stream_context_get_option(
+
stream-context, ssl,
+
capture_peer_cert_chain, val)
+ zval_is_true(*val)) {
+ zval *arr;
+ STACK_OF(X509) *chain;
+
+ MAKE_STD_ZVAL(arr);
+ chain = SSL_get_peer_cert_chain(
+
sslsock-ssl_handle);
+
+ if (chain) {
+ int i;
+ array_init(arr);
+
+ for (i = 0; i
sk_X509_num(chain); i++) {
+ X509 *mycert =
X509_dup(
+
sk_X509_value(chain, i));
+
MAKE_STD_ZVAL(zcert);
+
ZVAL_RESOURCE(zcert,
+
zend_list_insert(mycert,
+
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
alan_k Mon Nov 28 05:28:18 2005 EDT Modified files: /php-src/ext/opensslopenssl.c Log: fix bug #35381 - ensure library is initialized before use http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.99r2=1.100ty=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.99 php-src/ext/openssl/openssl.c:1.100 --- php-src/ext/openssl/openssl.c:1.99 Thu Aug 18 09:33:58 2005 +++ php-src/ext/openssl/openssl.c Mon Nov 28 05:28:16 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.99 2005/08/18 13:33:58 sniper Exp $ */ +/* $Id: openssl.c,v 1.100 2005/11/28 10:28:16 alan_k Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -584,6 +584,7 @@ le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, OpenSSL X.509, module_number); le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, OpenSSL X.509 CSR, module_number); + SSL_library_init(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
wez Thu Jun 30 10:25:41 2005 EDT
Modified files:
/php-src/ext/opensslopenssl.c
Log:
Add optional parameter to openssl_pkcs7_verify() which specifies the name
of a file that will be filled with the verified data, but with the signature
information stripped.
Patch by Marton Kenyeres, mkenyeres (at) konvergencia dot hu
http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.96r2=1.97ty=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.96 php-src/ext/openssl/openssl.c:1.97
--- php-src/ext/openssl/openssl.c:1.96 Tue Apr 19 18:04:25 2005
+++ php-src/ext/openssl/openssl.c Thu Jun 30 10:25:39 2005
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.96 2005/04/19 22:04:25 sniper Exp $ */
+/* $Id: openssl.c,v 1.97 2005/06/30 14:25:39 wez Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -2152,7 +2152,7 @@
/* {{{ PKCS7 S/MIME functions */
-/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string
signerscerts [, array cainfo [, string extracerts]]])
+/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string
signerscerts [, array cainfo [, string extracerts [, string content)
Verifys that the data block is intact, the signer is who they say they are,
and returns the CERTs of the signers */
PHP_FUNCTION(openssl_pkcs7_verify)
{
@@ -2161,17 +2161,18 @@
STACK_OF(X509) *signers= NULL;
STACK_OF(X509) *others = NULL;
PKCS7 * p7 = NULL;
- BIO * in = NULL, * datain = NULL;
+ BIO * in = NULL, * datain = NULL, * dataout = NULL;
long flags = 0;
char * filename; int filename_len;
char * extracerts = NULL; int extracerts_len;
char * signersfilename = NULL; int signersfilename_len;
+ char * datafilename = NULL; int datafilename_len;
RETVAL_LONG(-1);
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, sl|sas,
filename, filename_len,
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, sl|sass,
filename, filename_len,
flags, signersfilename, signersfilename_len,
cainfo,
- extracerts, extracerts_len) == FAILURE) {
+ extracerts, extracerts_len, datafilename,
datafilename_len) == FAILURE) {
return;
}
@@ -2204,18 +2205,30 @@
#endif
goto clean_exit;
}
+
+ if (datafilename) {
+
+ if (php_openssl_safe_mode_chk(datafilename TSRMLS_CC)) {
+ goto clean_exit;
+ }
+
+ dataout = BIO_new_file(datafilename, w);
+ if (dataout == NULL) {
+ goto clean_exit;
+ }
+ }
#if DEBUG_SMIME
zend_printf(Calling PKCS7 verify\n);
#endif
- if (PKCS7_verify(p7, others, store, datain, NULL, flags)) {
+ if (PKCS7_verify(p7, others, store, datain, dataout, flags)) {
RETVAL_TRUE;
if (signersfilename) {
BIO *certout;
- if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ if (php_openssl_safe_mode_chk(signersfilename
TSRMLS_CC)) {
goto clean_exit;
}
@@ -2242,6 +2255,7 @@
X509_STORE_free(store);
BIO_free(datain);
BIO_free(in);
+ BIO_free(dataout);
PKCS7_free(p7);
sk_X509_free(others);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
sniper Tue Apr 19 18:04:32 2005 EDT
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- Never use Z_TYPE* macros on non-zvals.
http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.95r2=1.96ty=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.95 php-src/ext/openssl/openssl.c:1.96
--- php-src/ext/openssl/openssl.c:1.95 Mon Mar 14 19:27:51 2005
+++ php-src/ext/openssl/openssl.c Tue Apr 19 18:04:25 2005
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.95 2005/03/15 00:27:51 iliaa Exp $ */
+/* $Id: openssl.c,v 1.96 2005/04/19 22:04:25 sniper Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -2611,7 +2611,7 @@
cryptedlen = EVP_PKEY_size(pkey);
cryptedbuf = emalloc(cryptedlen + 1);
- switch (Z_TYPE_P(pkey)) {
+ switch (pkey-type) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
successful = (RSA_private_encrypt(data_len,
@@ -2669,7 +2669,7 @@
cryptedlen = EVP_PKEY_size(pkey);
crypttemp = emalloc(cryptedlen + 1);
- switch (Z_TYPE_P(pkey)) {
+ switch (pkey-type) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
cryptedlen = RSA_private_decrypt(data_len,
@@ -2734,7 +2734,7 @@
cryptedlen = EVP_PKEY_size(pkey);
cryptedbuf = emalloc(cryptedlen + 1);
- switch (Z_TYPE_P(pkey)) {
+ switch (pkey-type) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
successful = (RSA_public_encrypt(data_len,
@@ -2793,7 +2793,7 @@
cryptedlen = EVP_PKEY_size(pkey);
crypttemp = emalloc(cryptedlen + 1);
- switch (Z_TYPE_P(pkey)) {
+ switch (pkey-type) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
cryptedlen = RSA_public_decrypt(data_len,
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
sniper Mon Mar 14 16:00:04 2005 EDT
Modified files:
/php-src/ext/opensslopenssl.c
Log:
- Fixed bug #18613 (Multiple OUs in x509 certificate not handled properly)
http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.93r2=1.94ty=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.93 php-src/ext/openssl/openssl.c:1.94
--- php-src/ext/openssl/openssl.c:1.93 Wed Oct 27 07:07:25 2004
+++ php-src/ext/openssl/openssl.c Mon Mar 14 16:00:02 2005
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.93 2004/10/27 11:07:25 wez Exp $ */
+/* $Id: openssl.c,v 1.94 2005/03/14 21:00:02 sniper Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -227,9 +227,9 @@
static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int
shortname TSRMLS_DC)
{
- zval * subitem;
- int i;
- char * sn, * ln;
+ zval *subitem, *subentries;
+ int i, j = -1, last = -1, obj_cnt = 0;
+ char *sname;
int nid;
X509_NAME_ENTRY * ne;
ASN1_STRING * str;
@@ -241,14 +241,39 @@
for (i = 0; i X509_NAME_entry_count(name); i++) {
ne = X509_NAME_get_entry(name, i);
obj = X509_NAME_ENTRY_get_object(ne);
- str = X509_NAME_ENTRY_get_data(ne);
nid = OBJ_obj2nid(obj);
+ obj_cnt = 0;
+
if (shortname) {
- sn = (char*)OBJ_nid2sn(nid);
- add_assoc_stringl(subitem, sn, str-data, str-length,
1);
+ sname = (char *) OBJ_nid2sn(nid);
+ } else {
+ sname = (char *) OBJ_nid2ln(nid);
+ }
+
+ MAKE_STD_ZVAL(subentries);
+ array_init(subentries);
+
+ last = -1;
+ for (;;) {
+ j = X509_NAME_get_index_by_OBJ(name, obj, last);
+ if (j 0) {
+ if (last != -1) break;
+ } else {
+ obj_cnt++;
+ ne = X509_NAME_get_entry(name, j);
+ str = X509_NAME_ENTRY_get_data(ne);
+ add_next_index_stringl(subentries, str-data,
str-length, 1);
+ }
+ last = j;
+ }
+ i = last;
+
+ if (obj_cnt 1) {
+ add_assoc_zval_ex(subitem, sname, strlen(sname) + 1,
subentries);
} else {
- ln = (char*)OBJ_nid2ln(nid);
- add_assoc_stringl(subitem, ln, str-data, str-length,
1);
+ zval_dtor(subentries);
+ FREE_ZVAL(subentries);
+ add_assoc_stringl(subitem, sname, str-data,
str-length, 1);
}
}
zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void *)subitem,
sizeof(subitem), NULL);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
iliaa Mon Mar 14 19:27:52 2005 EDT
Modified files:
/php-src/ext/opensslopenssl.c
Log:
Fixed possible usage of str without being initialized.
http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.94r2=1.95ty=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.94 php-src/ext/openssl/openssl.c:1.95
--- php-src/ext/openssl/openssl.c:1.94 Mon Mar 14 16:00:02 2005
+++ php-src/ext/openssl/openssl.c Mon Mar 14 19:27:51 2005
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.94 2005/03/14 21:00:02 sniper Exp $ */
+/* $Id: openssl.c,v 1.95 2005/03/15 00:27:51 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -273,7 +273,9 @@
} else {
zval_dtor(subentries);
FREE_ZVAL(subentries);
- add_assoc_stringl(subitem, sname, str-data,
str-length, 1);
+ if (obj_cnt) {
+ add_assoc_stringl(subitem, sname, str-data,
str-length, 1);
+ }
}
}
zend_hash_update(HASH_OF(val), key, strlen(key) + 1, (void *)subitem,
sizeof(subitem), NULL);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
wez Wed Oct 27 07:07:25 2004 EDT
Modified files:
/php-src/ext/opensslopenssl.c
Log:
Fix possible crash; patch by Kamesh Jayachandran
http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.92r2=1.93ty=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.92 php-src/ext/openssl/openssl.c:1.93
--- php-src/ext/openssl/openssl.c:1.92 Tue Oct 26 05:24:06 2004
+++ php-src/ext/openssl/openssl.c Wed Oct 27 07:07:25 2004
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.92 2004/10/26 09:24:06 wez Exp $ */
+/* $Id: openssl.c,v 1.93 2004/10/27 11:07:25 wez Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1670,6 +1670,7 @@
if (we_made_the_key) {
/* and a resource for the
private key */
ZVAL_RESOURCE(out_pkey,
zend_list_insert(req.priv_key, le_key));
+ req.priv_key = NULL; /* make
sure the cleanup code doesn't zap it! */
} else if (key_resource != -1) {
req.priv_key = NULL; /* make
sure the cleanup code doesn't zap it! */
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
wez Tue Oct 26 05:24:07 2004 EDT
Modified files:
/php-src/ext/opensslopenssl.c
Log:
Fix for Bug #29418 (double free when openssl_csr_new fails).
Also hook up MSHUTDOWN function which appears to have never been enabled.
Patch by Kamesh Jayachandran
http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.91r2=1.92ty=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.91 php-src/ext/openssl/openssl.c:1.92
--- php-src/ext/openssl/openssl.c:1.91 Mon Sep 13 14:30:29 2004
+++ php-src/ext/openssl/openssl.c Tue Oct 26 05:24:06 2004
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.91 2004/09/13 18:30:29 magnus Exp $ */
+/* $Id: openssl.c,v 1.92 2004/10/26 09:24:06 wez Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -135,7 +135,7 @@
openssl,
openssl_functions,
PHP_MINIT(openssl),
- NULL,
+ PHP_MSHUTDOWN(openssl),
NULL,
NULL,
PHP_MINFO(openssl),
@@ -1675,6 +1675,12 @@
}
}
}
+ else {
+ if (!we_made_the_key) {
+ /* if we have not made the key we are
not supposed to zap it by calling dispose! */
+ req.priv_key = NULL;
+ }
+ }
}
}
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
magnus Mon Sep 13 14:30:30 2004 EDT Modified files: /php-src/ext/opensslopenssl.c Log: Add missing stream unregister for sslv2 and 3. http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.90r2=1.91ty=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.90 php-src/ext/openssl/openssl.c:1.91 --- php-src/ext/openssl/openssl.c:1.90 Fri Sep 10 07:43:45 2004 +++ php-src/ext/openssl/openssl.c Mon Sep 13 14:30:29 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.90 2004/09/10 11:43:45 wez Exp $ */ +/* $Id: openssl.c,v 1.91 2004/09/13 18:30:29 magnus Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -667,6 +667,8 @@ php_unregister_url_stream_wrapper(ftps TSRMLS_CC); php_stream_xport_unregister(ssl TSRMLS_CC); + php_stream_xport_unregister(sslv2 TSRMLS_CC); + php_stream_xport_unregister(sslv3 TSRMLS_CC); php_stream_xport_unregister(tls TSRMLS_CC); /* reinstate the default tcp handler */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c xp_ssl.c
wez Fri Sep 10 07:43:46 2004 EDT
Modified files:
/php-src/ext/opensslopenssl.c xp_ssl.c
Log:
Fix Bug #29296: add explicit sslv2 and sslv3 transports
http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.89r2=1.90ty=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.89 php-src/ext/openssl/openssl.c:1.90
--- php-src/ext/openssl/openssl.c:1.89 Wed Apr 21 19:02:04 2004
+++ php-src/ext/openssl/openssl.c Fri Sep 10 07:43:45 2004
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.89 2004/04/21 23:02:04 wez Exp $ */
+/* $Id: openssl.c,v 1.90 2004/09/10 11:43:45 wez Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -632,6 +632,8 @@
}
php_stream_xport_register(ssl, php_openssl_ssl_socket_factory TSRMLS_CC);
+ php_stream_xport_register(sslv3, php_openssl_ssl_socket_factory TSRMLS_CC);
+ php_stream_xport_register(sslv2, php_openssl_ssl_socket_factory TSRMLS_CC);
php_stream_xport_register(tls, php_openssl_ssl_socket_factory TSRMLS_CC);
/* override the default tcp socket provider */
http://cvs.php.net/diff.php/php-src/ext/openssl/xp_ssl.c?r1=1.16r2=1.17ty=u
Index: php-src/ext/openssl/xp_ssl.c
diff -u php-src/ext/openssl/xp_ssl.c:1.16 php-src/ext/openssl/xp_ssl.c:1.17
--- php-src/ext/openssl/xp_ssl.c:1.16 Sun May 23 06:35:58 2004
+++ php-src/ext/openssl/xp_ssl.cFri Sep 10 07:43:46 2004
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: xp_ssl.c,v 1.16 2004/05/23 10:35:58 wez Exp $ */
+/* $Id: xp_ssl.c,v 1.17 2004/09/10 11:43:46 wez Exp $ */
#include php.h
#include ext/standard/file.h
@@ -691,6 +691,12 @@
if (strncmp(proto, ssl, protolen) == 0) {
sslsock-enable_on_connect = 1;
sslsock-method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
+ } else if (strncmp(proto, sslv2, protolen) == 0) {
+ sslsock-enable_on_connect = 1;
+ sslsock-method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT;
+ } else if (strncmp(proto, sslv3, protolen) == 0) {
+ sslsock-enable_on_connect = 1;
+ sslsock-method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
} else if (strncmp(proto, tls, protolen) == 0) {
sslsock-enable_on_connect = 1;
sslsock-method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c xp_ssl.c
wez Wed Apr 21 19:02:04 2004 EDT
Modified files:
/php-src/ext/opensslopenssl.c xp_ssl.c
Log:
Fix bug #28096 - stream_socket_accept() on an SSL server socket doesn't
enable SSL on the accepted socket.
- Add cipher list context option
- Add helpful hint about why SSL server socket fails with mysterious
error (eg: you need an SSL certificate for most ciphers).
http://cvs.php.net/diff.php/php-src/ext/openssl/openssl.c?r1=1.88r2=1.89ty=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.88 php-src/ext/openssl/openssl.c:1.89
--- php-src/ext/openssl/openssl.c:1.88 Mon Mar 29 14:57:48 2004
+++ php-src/ext/openssl/openssl.c Wed Apr 21 19:02:04 2004
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.88 2004/03/29 19:57:48 iliaa Exp $ */
+/* $Id: openssl.c,v 1.89 2004/04/21 23:02:04 wez Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -3206,6 +3206,7 @@
char *cafile = NULL;
char *capath = NULL;
char *certfile = NULL;
+ char *cipherlist = NULL;
int ok = 1;
@@ -3240,6 +3241,12 @@
SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
}
+ GET_VER_OPT_STRING(ciphers, cipherlist);
+ if (!cipherlist) {
+ cipherlist = DEFAULT;
+ }
+ SSL_CTX_set_cipher_list(ctx, cipherlist);
+
GET_VER_OPT_STRING(local_cert, certfile);
if (certfile) {
X509 *cert = NULL;
http://cvs.php.net/diff.php/php-src/ext/openssl/xp_ssl.c?r1=1.14r2=1.15ty=u
Index: php-src/ext/openssl/xp_ssl.c
diff -u php-src/ext/openssl/xp_ssl.c:1.14 php-src/ext/openssl/xp_ssl.c:1.15
--- php-src/ext/openssl/xp_ssl.c:1.14 Thu Jan 8 03:16:39 2004
+++ php-src/ext/openssl/xp_ssl.cWed Apr 21 19:02:04 2004
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: xp_ssl.c,v 1.14 2004/01/08 08:16:39 andi Exp $ */
+/* $Id: xp_ssl.c,v 1.15 2004/04/21 23:02:04 wez Exp $ */
#include php.h
#include ext/standard/file.h
@@ -53,7 +53,7 @@
char esbuf[512];
char *ebuf = NULL, *wptr = NULL;
size_t ebuf_size = 0;
- unsigned long code;
+ unsigned long code, ecode;
int retry = 1;
switch(err) {
@@ -84,37 +84,49 @@
}
break;
}
+
+
/* fall through */
default:
/* some other error */
- while ((code = ERR_get_error()) != 0) {
- /* allow room for a NUL and an optional \n */
- if (ebuf) {
- esbuf[0] = '\n';
- esbuf[1] = '\0';
- ERR_error_string_n(code, esbuf + 1,
sizeof(esbuf) - 2);
- } else {
- esbuf[0] = '\0';
- ERR_error_string_n(code, esbuf, sizeof(esbuf)
- 1);
- }
- code = strlen(esbuf);
- esbuf[code] = '\0';
+ ecode = ERR_get_error();
+
+ switch (ERR_GET_REASON(ecode)) {
+ case SSL_R_NO_SHARED_CIPHER:
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
SSL_R_NO_SHARED_CIPHER: no suitable shared cipher could be used. This could be
because the server is missing an SSL certificate (local_cert context option));
+ retry = 0;
+ break;
- ebuf = erealloc(ebuf, ebuf_size + code + 1);
- if (wptr == NULL) {
- wptr = ebuf;
- }
-
- /* also copies the NUL */
- memcpy(wptr, esbuf, code + 1);
- wptr += code;
- }
-
- php_error_docref(NULL TSRMLS_CC, E_WARNING,
- SSL operation failed with code %d.%s%s,
- err,
- ebuf ? OpenSSL Error messages:\n : ,
- ebuf ? ebuf : );
+ default:
+ do {
+ /* allow room for a NUL and an
optional \n */
+ if (ebuf) {
+ esbuf[0] = '\n';
+
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
iliaa Sun Dec 21 13:17:19 2003 EDT
Modified files:
/php-src/ext/opensslopenssl.c
Log:
Fixed uninitialized usage of mdtype when unknown signature algorithm is
found.
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.85 php-src/ext/openssl/openssl.c:1.86
--- php-src/ext/openssl/openssl.c:1.85 Thu Nov 27 12:40:15 2003
+++ php-src/ext/openssl/openssl.c Sun Dec 21 13:17:18 2003
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.85 2003/11/27 17:40:15 wez Exp $ */
+/* $Id: openssl.c,v 1.86 2003/12/21 18:17:18 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -2838,9 +2838,6 @@
RETURN_FALSE;
}
- siglen = EVP_PKEY_size(pkey);
- sigbuf = emalloc(siglen + 1);
-
switch (signature_algo) {
case OPENSSL_ALGO_SHA1:
mdtype = (EVP_MD *) EVP_sha1();
@@ -2854,8 +2851,15 @@
case OPENSSL_ALGO_MD2:
mdtype = (EVP_MD *) EVP_md2();
break;
+ default:
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Unknown signature
algorithm.);
+ RETURN_FALSE;
+ break;
}
-
+
+ siglen = EVP_PKEY_size(pkey);
+ sigbuf = emalloc(siglen + 1);
+
EVP_SignInit(md_ctx, mdtype);
EVP_SignUpdate(md_ctx, data, data_len);
if (EVP_SignFinal (md_ctx, sigbuf, siglen, pkey)) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c xp_ssl.c
wez Thu Nov 27 12:40:16 2003 EDT
Modified files:
/php-src/ext/opensslopenssl.c xp_ssl.c
Log:
Port liveness and SSL CA validation from 4.3 branch.
Make stream_select() work on ssl-enabled sockets again.
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.84 php-src/ext/openssl/openssl.c:1.85
--- php-src/ext/openssl/openssl.c:1.84 Mon Oct 13 07:43:11 2003
+++ php-src/ext/openssl/openssl.c Thu Nov 27 12:40:15 2003
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.84 2003/10/13 11:43:11 wez Exp $ */
+/* $Id: openssl.c,v 1.85 2003/11/27 17:40:15 wez Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -41,6 +41,7 @@
#include openssl/err.h
#include openssl/conf.h
#include openssl/rand.h
+#include openssl/ssl.h
#define DEFAULT_KEY_LENGTH 512
#define MIN_KEY_LENGTH 384
@@ -153,6 +154,7 @@
static int le_key;
static int le_x509;
static int le_csr;
+static int ssl_stream_data_index;
/* {{{ resource destructors */
static void php_pkey_free(zend_rsrc_list_entry *rsrc TSRMLS_DC)
@@ -563,6 +565,10 @@
ERR_load_crypto_strings();
ERR_load_EVP_strings();
+ /* register a resource id number with openSSL so that we can map SSL - stream
structures in
+* openSSL callbacks */
+ ssl_stream_data_index = SSL_get_ex_new_index(0, PHP stream index, NULL,
NULL, NULL);
+
/* purposes for cert purpose checking */
REGISTER_LONG_CONSTANT(X509_PURPOSE_SSL_CLIENT, X509_PURPOSE_SSL_CLIENT,
CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT(X509_PURPOSE_SSL_SERVER, X509_PURPOSE_SSL_SERVER,
CONST_CS|CONST_PERSISTENT);
@@ -3060,6 +3066,222 @@
}
/* }}} */
+/* SSL verification functions */
+
+#define GET_VER_OPT(name) (stream-context SUCCESS ==
php_stream_context_get_option(stream-context, ssl, name, val))
+#define GET_VER_OPT_STRING(name, str) if (GET_VER_OPT(name)) {
convert_to_string_ex(val); str = Z_STRVAL_PP(val); }
+
+static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
+{
+ php_stream *stream;
+ SSL *ssl;
+ X509 *err_cert;
+ int err, depth, ret;
+ zval **val;
+ TSRMLS_FETCH();
+
+ ret = preverify_ok;
+
+ /* determine the status for the current cert */
+ err_cert = X509_STORE_CTX_get_current_cert(ctx);
+ err = X509_STORE_CTX_get_error(ctx);
+ depth = X509_STORE_CTX_get_error_depth(ctx);
+
+ /* conjure the stream context to use */
+ ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+ stream = (php_stream*)SSL_get_ex_data(ssl, ssl_stream_data_index);
+
+ /* if allow_self_signed is set, make sure that verification succeeds */
+ if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
GET_VER_OPT(allow_self_signed) zval_is_true(*val)) {
+ ret = 1;
+ }
+
+ /* check the depth */
+ if (GET_VER_OPT(verify_depth)) {
+ convert_to_long_ex(val);
+
+ if (depth Z_LVAL_PP(val)) {
+ ret = 0;
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_CHAIN_TOO_LONG);
+ }
+ }
+
+ return ret;
+
+}
+
+int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer, php_stream *stream
TSRMLS_DC)
+{
+ zval **val = NULL;
+ char *cnmatch = NULL;
+ X509_NAME *name;
+ char buf[1024];
+ int err;
+
+ /* verification is turned off */
+ if (!(GET_VER_OPT(verify_peer) zval_is_true(*val))) {
+ return SUCCESS;
+ }
+
+ if (peer == NULL) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Could not get peer
certificate);
+ return FAILURE;
+ }
+
+ err = SSL_get_verify_result(ssl);
+ switch (err) {
+ case X509_V_OK:
+ /* fine */
+ break;
+ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+ if (GET_VER_OPT(allow_self_signed) zval_is_true(*val)) {
+ /* allowed */
+ break;
+ }
+ /* not allowed, so fall through */
+ default:
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Could not verify
peer: code:%d %s, err, X509_verify_cert_error_string(err));
+ return FAILURE;
+ }
+
+ /* if the cert passed the usual checks, apply our own local policies now */
+
+ name = X509_get_subject_name(peer);
+
+ /* Does the common name match ? (used primarily for https://) */
+ GET_VER_OPT_STRING(CN_match, cnmatch);
+ if (cnmatch) {
+ int match = 0;
+
+ X509_NAME_get_text_by_NID(name, NID_commonName, buf, sizeof(buf));
+
+ match =
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
wez Mon Oct 13 07:43:12 2003 EDT Modified files: /php-src/ext/opensslopenssl.c Log: Fix unintialized variable. Patch by Joe Orton. Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.83 php-src/ext/openssl/openssl.c:1.84 --- php-src/ext/openssl/openssl.c:1.83 Tue Sep 23 15:29:33 2003 +++ php-src/ext/openssl/openssl.c Mon Oct 13 07:43:11 2003 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: openssl.c,v 1.83 2003/09/23 19:29:33 sniper Exp $ */ +/* $Id: openssl.c,v 1.84 2003/10/13 11:43:11 wez Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1477,7 +1477,7 @@ long serial = 0L; X509 * cert = NULL, *new_cert = NULL; X509_REQ * csr; - EVP_PKEY * key = NULL, *priv_key; + EVP_PKEY * key = NULL, *priv_key = NULL; long csr_resource, certresource, keyresource; int i; struct php_x509_request req; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c /ext/openssl/tests bug25614.phpt
wez Tue Sep 23 12:05:51 2003 EDT
Modified files:
/php-src/ext/opensslopenssl.c
/php-src/ext/openssl/tests bug25614.phpt
Log:
MFB 25614 fix
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.81 php-src/ext/openssl/openssl.c:1.82
--- php-src/ext/openssl/openssl.c:1.81 Sun Aug 31 16:45:42 2003
+++ php-src/ext/openssl/openssl.c Tue Sep 23 12:05:50 2003
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.81 2003/08/31 20:45:42 iliaa Exp $ */
+/* $Id: openssl.c,v 1.82 2003/09/23 16:05:50 wez Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1738,14 +1738,23 @@
cert = (X509*)what;
free_cert = 0;
} else if (type == le_key) {
+ int is_priv;
+
+ is_priv = php_openssl_is_private_key((EVP_PKEY*)what
TSRMLS_CC);
+
/* check whether it is actually a private key if requested */
- if (!public_key !php_openssl_is_private_key((EVP_PKEY*)what
TSRMLS_CC)) {
+ if (!public_key !ispriv) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, supplied
key param is a public key);
return NULL;
}
-
- /* got the key - return it */
- return (EVP_PKEY*)what;
+
+ if (public_key is_priv) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Don't
know how to get public key from this private key);
+ return NULL;
+ } else {
+ /* got the key - return it */
+ return (EVP_PKEY*)what;
+ }
}
/* other types could be used here - eg: file pointers and read in the
data from them */
Index: php-src/ext/openssl/tests/bug25614.phpt
diff -u /dev/null php-src/ext/openssl/tests/bug25614.phpt:1.2
--- /dev/null Tue Sep 23 12:05:51 2003
+++ php-src/ext/openssl/tests/bug25614.phpt Tue Sep 23 12:05:51 2003
@@ -0,0 +1,11 @@
+--TEST--
+openssl: get public key from generated private key
+--SKIPIF--
+?php if (!extension_loaded(openssl)) print skip; ?
+--FILE--
+?php
+$priv = openssl_pkey_new();
+$pub = openssl_pkey_get_public($priv);
+?
+--EXPECTF--
+Warning: openssl_pkey_get_public(): Don't know how to get public key from this
private key (the documentation lied) %s
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/openssl openssl.c
sr Sun Jul 13 05:54:40 2003 EDT
Modified files:
/php-src/ext/opensslopenssl.c
Log:
Allow setting of the serial number.
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.77 php-src/ext/openssl/openssl.c:1.78
--- php-src/ext/openssl/openssl.c:1.77 Sun Jul 13 05:38:31 2003
+++ php-src/ext/openssl/openssl.c Sun Jul 13 05:54:40 2003
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.77 2003/07/13 09:38:31 sr Exp $ */
+/* $Id: openssl.c,v 1.78 2003/07/13 09:54:40 sr Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1463,12 +1463,13 @@
}
/* }}} */
-/* {{{ proto resource openssl_csr_sign(mixed csr, mixed x509, mixed priv_key, long
days)
+/* {{{ proto resource openssl_csr_sign(mixed csr, mixed x509, mixed priv_key, long
days [, array config_args [, long serial]])
Signs a cert with another CERT */
PHP_FUNCTION(openssl_csr_sign)
{
zval * zcert = NULL, *zcsr, *zpkey, *args = NULL;
long num_days;
+ long serial = 0L;
X509 * cert = NULL, *new_cert = NULL;
X509_REQ * csr;
EVP_PKEY * key = NULL, *priv_key;
@@ -1476,7 +1477,7 @@
int i;
struct php_x509_request req;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zz!zl|a!, zcsr,
zcert, zpkey, num_days, args) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, zz!zl|a!l, zcsr,
zcert, zpkey, num_days, args, serial) == FAILURE)
return;
RETVAL_FALSE;
@@ -1535,8 +1536,7 @@
if (!X509_set_version(new_cert, 2))
goto cleanup;
- /* TODO: Allow specifying */
- ASN1_INTEGER_set(X509_get_serialNumber(new_cert), 0L);
+ ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial);
X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr));
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
