Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
hi!
Thanks for applying the patch!
Please add the test case as well.
Btw, did you check with Stas and David about 5.4? Not sure if it is OK
at this stage, but we may need another RC already anyway (commits done
since last RC).
On Thu, Feb 23, 2012 at 2:26 AM, Scott MacVicar wrote:
> scottmac Thu, 23 Feb 2012 01:26:46 +
>
> Revision: http://svn.php.net/viewvc?view=revision&revision=323440
>
> Log:
> Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
>
> Bug: https://bugs.php.net/61124 (Assigned) Segmentation fault
>
> Changed paths:
> U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
> U php/php-src/branches/PHP_5_4/NEWS
> U php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
> U php/php-src/trunk/ext/openssl/openssl.c
>
> Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
> ===
> --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2012-02-22 23:42:18
> UTC (rev 323439)
> +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2012-02-23 01:26:46
> UTC (rev 323440)
> @@ -4776,6 +4776,10 @@
>
> if (!raw_input) {
> base64_str = (char*)php_base64_decode((unsigned char*)data,
> data_len, &base64_str_len);
> + if (!base64_str) {
> + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed
> to base64 decode the input");
> + RETURN_FALSE;
> + }
> data_len = base64_str_len;
> data = base64_str;
> }
>
> Modified: php/php-src/branches/PHP_5_4/NEWS
> ===
> --- php/php-src/branches/PHP_5_4/NEWS 2012-02-22 23:42:18 UTC (rev 323439)
> +++ php/php-src/branches/PHP_5_4/NEWS 2012-02-23 01:26:46 UTC (rev 323440)
> @@ -1,6 +1,9 @@
> PHP
> NEWS
> |||
> ?? ??? 2012, PHP 5.4.0 RC 9
> +- OpenSSL:
> + . Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
> + (me at ktamura dot com, Scott)
>
> 15 Feb 2012, PHP 5.4.0 RC 8
> - Core:
>
> Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
> ===
> --- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2012-02-22 23:42:18
> UTC (rev 323439)
> +++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2012-02-23 01:26:46
> UTC (rev 323440)
> @@ -4803,6 +4803,10 @@
>
> if (!(options & OPENSSL_RAW_DATA)) {
> base64_str = (char*)php_base64_decode((unsigned char*)data,
> data_len, &base64_str_len);
> + if (!base64_str) {
> + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed
> to base64 decode the input");
> + RETURN_FALSE;
> + }
> data_len = base64_str_len;
> data = base64_str;
> }
>
> Modified: php/php-src/trunk/ext/openssl/openssl.c
> ===
> --- php/php-src/trunk/ext/openssl/openssl.c 2012-02-22 23:42:18 UTC (rev
> 323439)
> +++ php/php-src/trunk/ext/openssl/openssl.c 2012-02-23 01:26:46 UTC (rev
> 323440)
> @@ -4799,6 +4799,10 @@
>
> if (!(options & OPENSSL_RAW_DATA)) {
> base64_str = (char*)php_base64_decode((unsigned char*)data,
> data_len, &base64_str_len);
> + if (!base64_str) {
> + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed
> to base64 decode the input");
> + RETURN_FALSE;
> + }
> data_len = base64_str_len;
> data = base64_str;
> }
>
>
> --
> PHP CVS Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
scottmac Thu, 23 Feb 2012 01:26:46 +
Revision: http://svn.php.net/viewvc?view=revision&revision=323440
Log:
Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
Bug: https://bugs.php.net/61124 (Assigned) Segmentation fault
Changed paths:
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
U php/php-src/trunk/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2012-02-22 23:42:18 UTC
(rev 323439)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2012-02-23 01:26:46 UTC
(rev 323440)
@@ -4776,6 +4776,10 @@
if (!raw_input) {
base64_str = (char*)php_base64_decode((unsigned char*)data,
data_len, &base64_str_len);
+ if (!base64_str) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to
base64 decode the input");
+ RETURN_FALSE;
+ }
data_len = base64_str_len;
data = base64_str;
}
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-02-22 23:42:18 UTC (rev 323439)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-02-23 01:26:46 UTC (rev 323440)
@@ -1,6 +1,9 @@
PHPNEWS
|||
?? ??? 2012, PHP 5.4.0 RC 9
+- OpenSSL:
+ . Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
+(me at ktamura dot com, Scott)
15 Feb 2012, PHP 5.4.0 RC 8
- Core:
Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2012-02-22 23:42:18 UTC
(rev 323439)
+++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2012-02-23 01:26:46 UTC
(rev 323440)
@@ -4803,6 +4803,10 @@
if (!(options & OPENSSL_RAW_DATA)) {
base64_str = (char*)php_base64_decode((unsigned char*)data,
data_len, &base64_str_len);
+ if (!base64_str) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to
base64 decode the input");
+ RETURN_FALSE;
+ }
data_len = base64_str_len;
data = base64_str;
}
Modified: php/php-src/trunk/ext/openssl/openssl.c
===
--- php/php-src/trunk/ext/openssl/openssl.c 2012-02-22 23:42:18 UTC (rev
323439)
+++ php/php-src/trunk/ext/openssl/openssl.c 2012-02-23 01:26:46 UTC (rev
323440)
@@ -4799,6 +4799,10 @@
if (!(options & OPENSSL_RAW_DATA)) {
base64_str = (char*)php_base64_decode((unsigned char*)data,
data_len, &base64_str_len);
+ if (!base64_str) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to
base64 decode the input");
+ RETURN_FALSE;
+ }
data_len = base64_str_len;
data = base64_str;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
pajoye Thu, 16 Jun 2011 13:06:41 +
Revision: http://svn.php.net/viewvc?view=revision&revision=312209
Log:
- did I not kill that already? (do not use rand_screen, pointless on server and
not TS)
Changed paths:
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
U php/php-src/trunk/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-06-16 12:57:06 UTC
(rev 312208)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-06-16 13:06:41 UTC
(rev 312209)
@@ -4900,10 +4900,6 @@
buffer = emalloc(buffer_length + 1);
-#ifdef WINDOWS
-RAND_screen();
-#endif
-
if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) {
efree(buffer);
RETURN_FALSE;
Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-06-16 12:57:06 UTC
(rev 312208)
+++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-06-16 13:06:41 UTC
(rev 312209)
@@ -4920,10 +4920,6 @@
buffer = emalloc(buffer_length + 1);
-#ifdef WINDOWS
-RAND_screen();
-#endif
-
if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) {
efree(buffer);
RETURN_FALSE;
Modified: php/php-src/trunk/ext/openssl/openssl.c
===
--- php/php-src/trunk/ext/openssl/openssl.c 2011-06-16 12:57:06 UTC (rev
312208)
+++ php/php-src/trunk/ext/openssl/openssl.c 2011-06-16 13:06:41 UTC (rev
312209)
@@ -4920,10 +4920,6 @@
buffer = emalloc(buffer_length + 1);
-#ifdef WINDOWS
-RAND_screen();
-#endif
-
if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) {
efree(buffer);
RETURN_FALSE;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ext/openssl/ openssl.c xp_ssl.c
mj Mon, 25 Apr 2011 16:51:12 +
Revision: http://svn.php.net/viewvc?view=revision&revision=310477
Log:
MFH: The project calls itself OpenSSL and not openSSL, so let's keep it
that way in our code as well.
Changed paths:
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-04-25 16:50:30 UTC
(rev 310476)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-04-25 16:51:12 UTC
(rev 310477)
@@ -988,8 +988,8 @@
ERR_load_crypto_strings();
ERR_load_EVP_strings();
- /* register a resource id number with openSSL so that we can map SSL ->
stream structures in
-* openSSL callbacks */
+ /* register a resource id number with OpenSSL so that we can map SSL ->
stream structures in
+* OpenSSL callbacks */
ssl_stream_data_index = SSL_get_ex_new_index(0, "PHP stream index",
NULL, NULL, NULL);
REGISTER_STRING_CONSTANT("OPENSSL_VERSION_TEXT", OPENSSL_VERSION_TEXT,
CONST_CS|CONST_PERSISTENT);
Modified: php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c 2011-04-25 16:50:30 UTC
(rev 310476)
+++ php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c 2011-04-25 16:51:12 UTC
(rev 310477)
@@ -330,7 +330,7 @@
break;
case STREAM_CRYPTO_METHOD_SSLv2_CLIENT:
#ifdef OPENSSL_NO_SSL2
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2
support is not compiled into the openSSL library PHP is linked against");
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2
support is not compiled into the OpenSSL library PHP is linked against");
return -1;
#else
sslsock->is_client = 1;
@@ -355,7 +355,7 @@
break;
case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
#ifdef OPENSSL_NO_SSL2
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2
support is not compiled into the openSSL library PHP is linked against");
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2
support is not compiled into the OpenSSL library PHP is linked against");
return -1;
#else
sslsock->is_client = 0;
@@ -923,7 +923,7 @@
sslsock->method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
} else if (strncmp(proto, "sslv2", protolen) == 0) {
#ifdef OPENSSL_NO_SSL2
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is
not compiled into the openSSL library PHP is linked against");
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is
not compiled into the OpenSSL library PHP is linked against");
return NULL;
#else
sslsock->enable_on_connect = 1;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_3/ext/openssl/xp_ssl.c trunk/ext/openssl/openssl.c trunk/ext/openssl/xp_ssl.c
rasmus Sun, 24 Apr 2011 23:27:48 +
Revision: http://svn.php.net/viewvc?view=revision&revision=310458
Log:
SSLV2 patch cleanup
Changed paths:
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c
U php/php-src/trunk/ext/openssl/openssl.c
U php/php-src/trunk/ext/openssl/xp_ssl.c
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-04-24 22:08:11 UTC
(rev 310457)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-04-24 23:27:48 UTC
(rev 310458)
@@ -1074,7 +1074,9 @@
php_stream_xport_register("ssl", php_openssl_ssl_socket_factory
TSRMLS_CC);
php_stream_xport_register("sslv3", php_openssl_ssl_socket_factory
TSRMLS_CC);
+#ifndef OPENSSL_NO_SSL2
php_stream_xport_register("sslv2", php_openssl_ssl_socket_factory
TSRMLS_CC);
+#endif
php_stream_xport_register("tls", php_openssl_ssl_socket_factory
TSRMLS_CC);
/* override the default tcp socket provider */
@@ -1109,7 +,9 @@
php_unregister_url_stream_wrapper("ftps" TSRMLS_CC);
php_stream_xport_unregister("ssl" TSRMLS_CC);
+#ifndef OPENSSL_NO_SSL2
php_stream_xport_unregister("sslv2" TSRMLS_CC);
+#endif
php_stream_xport_unregister("sslv3" TSRMLS_CC);
php_stream_xport_unregister("tls" TSRMLS_CC);
Modified: php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c 2011-04-24 22:08:11 UTC
(rev 310457)
+++ php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c 2011-04-24 23:27:48 UTC
(rev 310458)
@@ -330,8 +330,8 @@
break;
case STREAM_CRYPTO_METHOD_SSLv2_CLIENT:
#ifdef OPENSSL_NO_SSL2
-php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not
compiled in openSSL");
-return -1;
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2
support is not compiled into the openSSL library PHP is linked against");
+ return -1;
#else
sslsock->is_client = 1;
method = SSLv2_client_method();
@@ -355,8 +355,8 @@
break;
case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
#ifdef OPENSSL_NO_SSL2
-php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not
compiled in openSSL");
-return -1;
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2
support is not compiled into the openSSL library PHP is linked against");
+ return -1;
#else
sslsock->is_client = 0;
method = SSLv2_server_method();
@@ -922,8 +922,13 @@
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
} else if (strncmp(proto, "sslv2", protolen) == 0) {
+#ifdef OPENSSL_NO_SSL2
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is
not compiled into the openSSL library PHP is linked against");
+ return NULL;
+#else
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT;
+#endif
} else if (strncmp(proto, "sslv3", protolen) == 0) {
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
Modified: php/php-src/trunk/ext/openssl/openssl.c
===
--- php/php-src/trunk/ext/openssl/openssl.c 2011-04-24 22:08:11 UTC (rev
310457)
+++ php/php-src/trunk/ext/openssl/openssl.c 2011-04-24 23:27:48 UTC (rev
310458)
@@ -,7 +,9 @@
php_stream_xport_register("ssl", php_openssl_ssl_socket_factory
TSRMLS_CC);
php_stream_xport_register("sslv3", php_openssl_ssl_socket_factory
TSRMLS_CC);
+#ifndef OPENSSL_NO_SSL2
php_stream_xport_register("sslv2", php_openssl_ssl_socket_factory
TSRMLS_CC);
+#endif
php_stream_xport_register("tls", php_openssl_ssl_socket_factory
TSRMLS_CC);
/* override the default tcp socket provider */
@@ -1146,7 +1148,9 @@
php_unregister_url_stream_wrapper("ftps" TSRMLS_CC);
php_stream_xport_unregister("ssl" TSRMLS_CC);
+#ifndef OPENSSL_NO_SSL2
php_stream_xport_unregister("sslv2" TSRMLS_CC);
+#endif
php_stream_xport_unregister("sslv3" TSRMLS_CC);
php_stream_xport_unregister("tls" TSRMLS_CC);
Modified: php/php-src/trunk/ext/openssl/xp_ssl.c
===
--- php/php-src/trunk/ext/openssl/xp_ssl.c 2011-04-24 22:08:11 UTC (rev
310457)
+++ php/php-src/trunk/ext/openssl/xp_ssl.c 2011-04-24 23:27:48 UTC (r
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ext/openssl/ openssl.c
pajoye Mon, 21 Feb 2011 10:09:50 +
Revision: http://svn.php.net/viewvc?view=revision&revision=308532
Log:
- fix test 025
Changed paths:
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-02-21 10:07:31 UTC
(rev 308531)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-02-21 10:09:50 UTC
(rev 308532)
@@ -3543,14 +3543,13 @@
char * outfilename; int outfilename_len;
char * extracertsfilename = NULL; int extracertsfilename_len;
- RETVAL_FALSE;
-
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZZa!|ls",
&infilename, &infilename_len, &outfilename,
&outfilename_len,
&zcert, &zprivkey, &zheaders, &flags,
&extracertsfilename,
&extracertsfilename_len) == FAILURE) {
return;
}
+ RETVAL_FALSE;
if (strlen(infilename) != infilename_len) {
return;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
pajoye Thu, 02 Dec 2010 11:37:43 +
Revision: http://svn.php.net/viewvc?view=revision&revision=305902
Log:
- not TS and useless on server, also not required anymore with the supported
windows versions
Changed paths:
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U php/php-src/trunk/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-12-02 10:23:19 UTC
(rev 305901)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-12-02 11:37:43 UTC
(rev 305902)
@@ -868,10 +868,7 @@
*egdsocket = 0;
*seeded = 0;
-
-#ifdef WINDOWS
- RAND_screen();
-#endif
+
if (file == NULL) {
file = RAND_file_name(buffer, sizeof(buffer));
} else if (RAND_egd(file) > 0) {
Modified: php/php-src/trunk/ext/openssl/openssl.c
===
--- php/php-src/trunk/ext/openssl/openssl.c 2010-12-02 10:23:19 UTC (rev
305901)
+++ php/php-src/trunk/ext/openssl/openssl.c 2010-12-02 11:37:43 UTC (rev
305902)
@@ -886,10 +886,7 @@
*egdsocket = 0;
*seeded = 0;
-
-#ifdef WINDOWS
- RAND_screen();
-#endif
+
if (file == NULL) {
file = RAND_file_name(buffer, sizeof(buffer));
} else if (RAND_egd(file) > 0) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
aharvey Wed, 13 Oct 2010 09:23:39 +
Revision: http://svn.php.net/viewvc?view=revision&revision=304368
Log:
Fix vim marker folds.
Changed paths:
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U php/php-src/trunk/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-10-13 09:22:51 UTC
(rev 304367)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-10-13 09:23:39 UTC
(rev 304368)
@@ -702,7 +702,7 @@
#if OPENSSL_VERSION_NUMBER >= 0x1002L
static inline int php_openssl_config_check_syntax(const char * section_label,
const char * config_filename, const char * section, LHASH_OF(CONF_VALUE) *
config TSRMLS_DC) /* {{{ */
#else
-static inline int php_openssl_config_check_syntax(const char * section_label,
const char * config_filename, const char * section, LHASH * config TSRMLS_DC)
/* {{{ */
+static inline int php_openssl_config_check_syntax(const char * section_label,
const char * config_filename, const char * section, LHASH * config TSRMLS_DC)
#endif
{
X509V3_CTX ctx;
Modified: php/php-src/trunk/ext/openssl/openssl.c
===
--- php/php-src/trunk/ext/openssl/openssl.c 2010-10-13 09:22:51 UTC (rev
304367)
+++ php/php-src/trunk/ext/openssl/openssl.c 2010-10-13 09:23:39 UTC (rev
304368)
@@ -704,7 +704,7 @@
#if OPENSSL_VERSION_NUMBER >= 0x1002L
static inline int php_openssl_config_check_syntax(const char * section_label,
const char * config_filename, const char * section, LHASH_OF(CONF_VALUE) *
config TSRMLS_DC) /* {{{ */
#else
-static inline int php_openssl_config_check_syntax(const char * section_label,
const char * config_filename, const char * section, LHASH * config TSRMLS_DC)
/* {{{ */
+static inline int php_openssl_config_check_syntax(const char * section_label,
const char * config_filename, const char * section, LHASH * config TSRMLS_DC)
#endif
{
X509V3_CTX ctx;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
iliaaThu, 07 Oct 2010 12:32:00 +
Revision: http://svn.php.net/viewvc?view=revision&revision=304179
Log:
Fixed extrenous warning inside openssl_encrypt() for cases where iv not
provided, but algo does not require an iv
Changed paths:
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U php/php-src/trunk/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-10-07 12:03:17 UTC
(rev 304178)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-10-07 12:32:00 UTC
(rev 304179)
@@ -4638,7 +4638,7 @@
{
zend_bool raw_output = 0;
char *data, *method, *password, *iv = "";
- int data_len, method_len, password_len, iv_len = 0;
+ int data_len, method_len, password_len, iv_len = 0, max_iv_len;
const EVP_CIPHER *cipher_type;
EVP_CIPHER_CTX cipher_ctx;
int i, outlen, keylen;
@@ -4663,10 +4663,11 @@
key = (unsigned char*)password;
}
- if (iv_len <= 0) {
+ max_iv_len = EVP_CIPHER_iv_length(cipher_type);
+ if (iv_len <= 0 && max_iv_len > 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Using an empty
Initialization Vector (iv) is potentially insecure and not recommended");
}
- free_iv = php_openssl_validate_iv(&iv, &iv_len,
EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC);
+ free_iv = php_openssl_validate_iv(&iv, &iv_len, max_iv_len TSRMLS_CC);
outlen = data_len + EVP_CIPHER_block_size(cipher_type);
outbuf = emalloc(outlen + 1);
Modified: php/php-src/trunk/ext/openssl/openssl.c
===
--- php/php-src/trunk/ext/openssl/openssl.c 2010-10-07 12:03:17 UTC (rev
304178)
+++ php/php-src/trunk/ext/openssl/openssl.c 2010-10-07 12:32:00 UTC (rev
304179)
@@ -4683,7 +4683,7 @@
{
zend_bool raw_output = 0;
char *data, *method, *password, *iv = "";
- int data_len, method_len, password_len, iv_len = 0;
+ int data_len, method_len, password_len, iv_len = 0, max_iv_len;
const EVP_CIPHER *cipher_type;
EVP_CIPHER_CTX cipher_ctx;
int i, outlen, keylen;
@@ -4708,10 +4708,11 @@
key = (unsigned char*)password;
}
- if (iv_len <= 0) {
+ max_iv_len = EVP_CIPHER_iv_length(cipher_type);
+ if (iv_len <= 0 && max_iv_len > 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Using an empty
Initialization Vector (iv) is potentially insecure and not recommended");
}
- free_iv = php_openssl_validate_iv(&iv, &iv_len,
EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC);
+ free_iv = php_openssl_validate_iv(&iv, &iv_len, max_iv_len TSRMLS_CC);
outlen = data_len + EVP_CIPHER_block_size(cipher_type);
outbuf = emalloc(outlen + 1);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
tony2001 Thu, 20 May 2010 11:20:44 +
Revision: http://svn.php.net/viewvc?view=revision&revision=299520
Log:
fix ZTS build
Changed paths:
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U php/php-src/trunk/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-05-20 03:58:58 UTC
(rev 299519)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-05-20 11:20:44 UTC
(rev 299520)
@@ -4598,7 +4598,7 @@
}
/* }}} */
-static zend_bool php_openssl_validate_iv(char **piv, int *piv_len, int
iv_required_len)
+static zend_bool php_openssl_validate_iv(char **piv, int *piv_len, int
iv_required_len TSRMLS_DC)
{
char *iv_new;
@@ -4666,7 +4666,7 @@
if (iv_len <= 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Using an empty
Initialization Vector (iv) is potentially insecure and not recommended");
}
- free_iv = php_openssl_validate_iv(&iv, &iv_len,
EVP_CIPHER_iv_length(cipher_type));
+ free_iv = php_openssl_validate_iv(&iv, &iv_len,
EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC);
outlen = data_len + EVP_CIPHER_block_size(cipher_type);
outbuf = emalloc(outlen + 1);
@@ -4745,7 +4745,7 @@
key = (unsigned char*)password;
}
- free_iv = php_openssl_validate_iv(&iv, &iv_len,
EVP_CIPHER_iv_length(cipher_type));
+ free_iv = php_openssl_validate_iv(&iv, &iv_len,
EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC);
outlen = data_len + EVP_CIPHER_block_size(cipher_type);
outbuf = emalloc(outlen + 1);
@@ -4777,7 +4777,7 @@
PHP_FUNCTION(openssl_cipher_iv_length)
{
char *method;
- int method_len, iv_len;
+ int method_len;
const EVP_CIPHER *cipher_type;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &method,
&method_len) == FAILURE) {
Modified: php/php-src/trunk/ext/openssl/openssl.c
===
--- php/php-src/trunk/ext/openssl/openssl.c 2010-05-20 03:58:58 UTC (rev
299519)
+++ php/php-src/trunk/ext/openssl/openssl.c 2010-05-20 11:20:44 UTC (rev
299520)
@@ -4593,7 +4593,7 @@
}
/* }}} */
-static zend_bool php_openssl_validate_iv(char **piv, int *piv_len, int
iv_required_len)
+static zend_bool php_openssl_validate_iv(char **piv, int *piv_len, int
iv_required_len TSRMLS_DC)
{
char *iv_new;
@@ -4661,7 +4661,7 @@
if (iv_len <= 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Using an empty
Initialization Vector (iv) is potentially insecure and not recommended");
}
- free_iv = php_openssl_validate_iv(&iv, &iv_len,
EVP_CIPHER_iv_length(cipher_type));
+ free_iv = php_openssl_validate_iv(&iv, &iv_len,
EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC);
outlen = data_len + EVP_CIPHER_block_size(cipher_type);
outbuf = emalloc(outlen + 1);
@@ -4740,7 +4740,7 @@
key = (unsigned char*)password;
}
- free_iv = php_openssl_validate_iv(&iv, &iv_len,
EVP_CIPHER_iv_length(cipher_type));
+ free_iv = php_openssl_validate_iv(&iv, &iv_len,
EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC);
outlen = data_len + EVP_CIPHER_block_size(cipher_type);
outbuf = emalloc(outlen + 1);
@@ -4772,7 +4772,7 @@
PHP_FUNCTION(openssl_cipher_iv_length)
{
char *method;
- int method_len, iv_len;
+ int method_len;
const EVP_CIPHER *cipher_type;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &method,
&method_len) == FAILURE) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
iliaaTue, 11 May 2010 14:31:00 +
Revision: http://svn.php.net/viewvc?view=revision&revision=299244
Log:
Removed double allocation of buffer inside openssl_random_pseudo_bytes() and
cleanup code
Changed paths:
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U php/php-src/trunk/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-05-11 14:12:30 UTC
(rev 299243)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-05-11 14:31:00 UTC
(rev 299244)
@@ -4785,27 +4785,23 @@
ZVAL_BOOL(zstrong_result_returned, 0);
}
- buffer = emalloc(buffer_length);
+ buffer = emalloc(buffer_length + 1);
- if (!buffer) {
- RETURN_FALSE;
- }
-
#ifdef WINDOWS
RAND_screen();
#endif
if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) {
- RETVAL_FALSE;
- } else {
- RETVAL_STRINGL((char *)buffer, buffer_length, 1);
+ efree(buffer);
+ RETURN_FALSE;
+ }
- if (zstrong_result_returned) {
- ZVAL_BOOL(zstrong_result_returned, strong_result);
- }
+ buffer[buffer_length] = 0;
+ RETVAL_STRINGL((char *)buffer, buffer_length, 0);
+ if (zstrong_result_returned) {
+ ZVAL_BOOL(zstrong_result_returned, strong_result);
}
- efree(buffer);
}
/* }}} */
Modified: php/php-src/trunk/ext/openssl/openssl.c
===
--- php/php-src/trunk/ext/openssl/openssl.c 2010-05-11 14:12:30 UTC (rev
299243)
+++ php/php-src/trunk/ext/openssl/openssl.c 2010-05-11 14:31:00 UTC (rev
299244)
@@ -4780,27 +4780,23 @@
ZVAL_BOOL(zstrong_result_returned, 0);
}
- buffer = emalloc(buffer_length);
+ buffer = emalloc(buffer_length + 1);
- if (!buffer) {
- RETURN_FALSE;
- }
-
#ifdef WINDOWS
RAND_screen();
#endif
if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) {
- RETVAL_FALSE;
- } else {
- RETVAL_STRINGL((char *)buffer, buffer_length, 1);
+ efree(buffer);
+ RETURN_FALSE;
+ }
- if (zstrong_result_returned) {
- ZVAL_BOOL(zstrong_result_returned, strong_result);
- }
+ buffer[buffer_length] = 0;
+ RETVAL_STRINGL((char *)buffer, buffer_length, 0);
+ if (zstrong_result_returned) {
+ ZVAL_BOOL(zstrong_result_returned, strong_result);
}
- efree(buffer);
}
/* }}} */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
Please open a new bug with the details + reproduce script. Thanks. On Fri, Apr 23, 2010 at 2:42 PM, Andrey Hristov wrote: > Tony, > > Antony Dovgal wrote: >> >> On 23.04.2010 15:05, Andrey Hristov wrote: >>> >>> "The SSL_CTX_use_PrivateKey_file function loads the private key for use >>> with Secure Sockets Layer (SSL) sessions using a specific context (CTX) >>> structure." >>> >>> However, what gets passed is path to a certificate, not to a private key. >>> So you reintroduce a bug, that is. >> >> AFAIK the certificate may contain several items, including the private >> key. >> At least that worked fine for me. > > after I checked this matter with a guy who knows a lot more about crypto > than me, it seems that the pem file can, but not always the case, include > the private key next to the public key. The original SSL code does not > support pem files which don't include the private key but the private key is > separate. Having the private key in a separate file is not a bad decision > but is not always the case, as we see. > > I have prepared a patch that doesn't segfault PHP when bug46127.phpt is ran > but allows one to use separate public and private key files. > > http://hristov.com/tmp/new_ssl_patch.txt > >>> And locally I reverted the patch that was reverting my changes, thus >>> introducing them again, and I got : >>> Number of tests : 41 38 >>> Tests skipped : 3 ( 7.3%) >>> Tests warned : 0 ( 0.0%) ( 0.0%) >>> Tests failed : 0 ( 0.0%) ( 0.0%) >>> Expected fail : 0 ( 0.0%) ( 0.0%) >>> Tests passed : 38 ( 92.7%) (100.0%) >>> - >>> Time taken : 3 seconds >>> = >> >> Oh, nice! >> Try to run ext/openssl/tests/bug46127.phpt with valgrind now. >> >>> So, I am going to revert the revert and reintroduce the code that fixes a >>> bug. >> >> Your fix fixes nothing, please don't reintroduce the segfaults. > > My fix fixes the situation described above. > >> If you're unable to reproduce them, I'm ready to do it for you: >> http://pastebin.com/TPCd7WUU >> > > Andrey > -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
Tony, Antony Dovgal wrote: On 23.04.2010 15:05, Andrey Hristov wrote: "The SSL_CTX_use_PrivateKey_file function loads the private key for use with Secure Sockets Layer (SSL) sessions using a specific context (CTX) structure." However, what gets passed is path to a certificate, not to a private key. So you reintroduce a bug, that is. AFAIK the certificate may contain several items, including the private key. At least that worked fine for me. after I checked this matter with a guy who knows a lot more about crypto than me, it seems that the pem file can, but not always the case, include the private key next to the public key. The original SSL code does not support pem files which don't include the private key but the private key is separate. Having the private key in a separate file is not a bad decision but is not always the case, as we see. I have prepared a patch that doesn't segfault PHP when bug46127.phpt is ran but allows one to use separate public and private key files. http://hristov.com/tmp/new_ssl_patch.txt And locally I reverted the patch that was reverting my changes, thus introducing them again, and I got : Number of tests : 4138 Tests skipped :3 ( 7.3%) Tests warned:0 ( 0.0%) ( 0.0%) Tests failed:0 ( 0.0%) ( 0.0%) Expected fail :0 ( 0.0%) ( 0.0%) Tests passed: 38 ( 92.7%) (100.0%) - Time taken :3 seconds = Oh, nice! Try to run ext/openssl/tests/bug46127.phpt with valgrind now. So, I am going to revert the revert and reintroduce the code that fixes a bug. Your fix fixes nothing, please don't reintroduce the segfaults. My fix fixes the situation described above. If you're unable to reproduce them, I'm ready to do it for you: http://pastebin.com/TPCd7WUU Andrey -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
Antony Dovgal wrote: On 23.04.2010 15:05, Andrey Hristov wrote: "The SSL_CTX_use_PrivateKey_file function loads the private key for use with Secure Sockets Layer (SSL) sessions using a specific context (CTX) structure." However, what gets passed is path to a certificate, not to a private key. So you reintroduce a bug, that is. AFAIK the certificate may contain several items, including the private key. At least that worked fine for me. This is my certificate file : http://hristov.com/tmp/client-cert.pem and here is the private key : http://hristov.com/tmp/client-key.pem And locally I reverted the patch that was reverting my changes, thus introducing them again, and I got : Number of tests : 4138 Tests skipped :3 ( 7.3%) Tests warned:0 ( 0.0%) ( 0.0%) Tests failed:0 ( 0.0%) ( 0.0%) Expected fail :0 ( 0.0%) ( 0.0%) Tests passed: 38 ( 92.7%) (100.0%) - Time taken :3 seconds = Oh, nice! Try to run ext/openssl/tests/bug46127.phpt with valgrind now. So, I am going to revert the revert and reintroduce the code that fixes a bug. Your fix fixes nothing, please don't reintroduce the segfaults. If you're unable to reproduce them, I'm ready to do it for you: http://pastebin.com/TPCd7WUU Andrey -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
On 23.04.2010 15:05, Andrey Hristov wrote: > "The SSL_CTX_use_PrivateKey_file function loads the private key for use > with Secure Sockets Layer (SSL) sessions using a specific context (CTX) > structure." > > However, what gets passed is path to a certificate, not to a private > key. So you reintroduce a bug, that is. AFAIK the certificate may contain several items, including the private key. At least that worked fine for me. > And locally I reverted the patch that was reverting my changes, thus > introducing them again, and I got : > Number of tests : 4138 > Tests skipped :3 ( 7.3%) > Tests warned:0 ( 0.0%) ( 0.0%) > Tests failed:0 ( 0.0%) ( 0.0%) > Expected fail :0 ( 0.0%) ( 0.0%) > Tests passed: 38 ( 92.7%) (100.0%) > - > Time taken :3 seconds > = Oh, nice! Try to run ext/openssl/tests/bug46127.phpt with valgrind now. > So, I am going to revert the revert and reintroduce the code that fixes > a bug. Your fix fixes nothing, please don't reintroduce the segfaults. If you're unable to reproduce them, I'm ready to do it for you: http://pastebin.com/TPCd7WUU -- Wbr, Antony Dovgal --- http://pinba.org - realtime statistics for PHP -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
On Fri, 2010-04-23 at 13:05 +0200, Andrey Hristov wrote:
> Pierre, Pierre,
> + if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff,
> SSL_FILETYPE_PEM) != 1) {
>
> this is what the revert gives back, if you go and check what this
> function does:
>
> "The SSL_CTX_use_PrivateKey_file function loads the private key for use
> with Secure Sockets Layer (SSL) sessions using a specific context (CTX)
> structure."
>
> However, what gets passed is path to a certificate, not to a private
> key. So you reintroduce a bug, that is.
>
> And locally I reverted the patch that was reverting my changes, thus
> introducing them again, and I got :
> Number of tests : 4138
> Tests skipped :3 ( 7.3%)
> Tests warned:0 ( 0.0%) ( 0.0%)
> Tests failed:0 ( 0.0%) ( 0.0%)
> Expected fail :0 ( 0.0%) ( 0.0%)
> Tests passed: 38 ( 92.7%) (100.0%)
> -
> Time taken :3 seconds
> =
The interesting question is: What's the difference between the systems?
Andrey's system doesn't show an issue, gcov's last run was fine
http://gcov.php.net/viewer.php?version=PHP_5_3&func=tests (ok, this is
5.3, but I don't see difference between trunk and 5.3)
What openssl versions yre you using? Any "special" compiler flags?
The patch itself is needed to so login using SSL certificate to an MySQL
server works under mysqlnd.
Maybe somebody who can reproduce the crash could take a deeper look
what's wrong?
thanks,
johannes
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
On Fri, Apr 23, 2010 at 1:05 PM, Andrey Hristov wrote: > > So, I am going to revert the revert and reintroduce the code that fixes a > bug. No. Don't do that. If you have found a bug in SSL please report a bug with a SSL specific test case and a patch if you have one. Thanks, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
Pierre, Pierre,
+ if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff,
SSL_FILETYPE_PEM) != 1) {
this is what the revert gives back, if you go and check what this
function does:
"The SSL_CTX_use_PrivateKey_file function loads the private key for use
with Secure Sockets Layer (SSL) sessions using a specific context (CTX)
structure."
However, what gets passed is path to a certificate, not to a private
key. So you reintroduce a bug, that is.
And locally I reverted the patch that was reverting my changes, thus
introducing them again, and I got :
Number of tests : 4138
Tests skipped :3 ( 7.3%)
Tests warned:0 ( 0.0%) ( 0.0%)
Tests failed:0 ( 0.0%) ( 0.0%)
Expected fail :0 ( 0.0%) ( 0.0%)
Tests passed: 38 ( 92.7%) (100.0%)
-
Time taken :3 seconds
=
So, I am going to revert the revert and reintroduce the code that fixes
a bug.
Have a nice day!
Andrey
Pierre Joye wrote:
hi,
On Fri, Apr 23, 2010 at 12:14 PM, Andrey Hristov wrote:
More info about the segfaults? Tests that show the segfaults and thus keep
us from regressions?
The tests we have in ext/openssl/tests crash.
However we were wondering why you did these changes and I did not see
any relation between the commit msg and this change. If there is a bug
in this code, please provide a reproduce case and a patch so we can be
sure it won't break ssl functions.
Cheers,
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
hi, On Fri, Apr 23, 2010 at 12:14 PM, Andrey Hristov wrote: > More info about the segfaults? Tests that show the segfaults and thus keep > us from regressions? The tests we have in ext/openssl/tests crash. However we were wondering why you did these changes and I did not see any relation between the commit msg and this change. If there is a bug in this code, please provide a reproduce case and a patch so we can be sure it won't break ssl functions. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
More info about the segfaults? Tests that show the segfaults and thus
keep us from regressions?
Andrey
Antony Dovgal wrote:
tony2001 Thu, 22 Apr 2010 15:59:44 +
Revision: http://svn.php.net/viewvc?view=revision&revision=298331
Log:
revert most of the Andrey's patch that causes segfaults
(as agreed with Pierre)
Changed paths:
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U php/php-src/trunk/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-22 15:51:03 UTC
(rev 298330)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-22 15:59:44 UTC
(rev 298331)
@@ -4445,7 +4445,6 @@
EVP_PKEY *key = NULL;
SSL *tmpssl;
char resolved_path_buff[MAXPATHLEN];
- const char * private_key = NULL;
if (VCWD_REALPATH(certfile, resolved_path_buff)) {
/* a certificate to use for authentication */
@@ -4454,10 +4453,8 @@
return NULL;
}
- GET_VER_OPT_STRING("local_pk", private_key);
-
- if (private_key && SSL_CTX_use_PrivateKey_file(ctx,
private_key, SSL_FILETYPE_PEM) != 1) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable
to set private key file `%s'", private_key);
+ if (SSL_CTX_use_PrivateKey_file(ctx,
resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable
to set private key file `%s'", resolved_path_buff);
return NULL;
}
Modified: php/php-src/trunk/ext/openssl/openssl.c
===
--- php/php-src/trunk/ext/openssl/openssl.c 2010-04-22 15:51:03 UTC (rev
298330)
+++ php/php-src/trunk/ext/openssl/openssl.c 2010-04-22 15:59:44 UTC (rev
298331)
@@ -4443,7 +4443,6 @@
EVP_PKEY *key = NULL;
SSL *tmpssl;
char resolved_path_buff[MAXPATHLEN];
- const char * private_key = NULL;
if (VCWD_REALPATH(certfile, resolved_path_buff)) {
/* a certificate to use for authentication */
@@ -4452,10 +4451,8 @@
return NULL;
}
- GET_VER_OPT_STRING("local_pk", private_key);
-
- if (private_key && SSL_CTX_use_PrivateKey_file(ctx,
private_key, SSL_FILETYPE_PEM) != 1) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable
to set private key file `%s'", private_key);
+ if (SSL_CTX_use_PrivateKey_file(ctx, reso,
SSL_FILETYPE_PEM) != 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable
to set private key file `%s'", resolved_path_buff);
return NULL;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
tony2001 Thu, 22 Apr 2010 15:59:44 +
Revision: http://svn.php.net/viewvc?view=revision&revision=298331
Log:
revert most of the Andrey's patch that causes segfaults
(as agreed with Pierre)
Changed paths:
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U php/php-src/trunk/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-22 15:51:03 UTC
(rev 298330)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-22 15:59:44 UTC
(rev 298331)
@@ -4445,7 +4445,6 @@
EVP_PKEY *key = NULL;
SSL *tmpssl;
char resolved_path_buff[MAXPATHLEN];
- const char * private_key = NULL;
if (VCWD_REALPATH(certfile, resolved_path_buff)) {
/* a certificate to use for authentication */
@@ -4454,10 +4453,8 @@
return NULL;
}
- GET_VER_OPT_STRING("local_pk", private_key);
-
- if (private_key && SSL_CTX_use_PrivateKey_file(ctx,
private_key, SSL_FILETYPE_PEM) != 1) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING,
"Unable to set private key file `%s'", private_key);
+ if (SSL_CTX_use_PrivateKey_file(ctx,
resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
"Unable to set private key file `%s'", resolved_path_buff);
return NULL;
}
Modified: php/php-src/trunk/ext/openssl/openssl.c
===
--- php/php-src/trunk/ext/openssl/openssl.c 2010-04-22 15:51:03 UTC (rev
298330)
+++ php/php-src/trunk/ext/openssl/openssl.c 2010-04-22 15:59:44 UTC (rev
298331)
@@ -4443,7 +4443,6 @@
EVP_PKEY *key = NULL;
SSL *tmpssl;
char resolved_path_buff[MAXPATHLEN];
- const char * private_key = NULL;
if (VCWD_REALPATH(certfile, resolved_path_buff)) {
/* a certificate to use for authentication */
@@ -4452,10 +4451,8 @@
return NULL;
}
- GET_VER_OPT_STRING("local_pk", private_key);
-
- if (private_key && SSL_CTX_use_PrivateKey_file(ctx,
private_key, SSL_FILETYPE_PEM) != 1) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING,
"Unable to set private key file `%s'", private_key);
+ if (SSL_CTX_use_PrivateKey_file(ctx, reso,
SSL_FILETYPE_PEM) != 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
"Unable to set private key file `%s'", resolved_path_buff);
return NULL;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
tony2001 Thu, 22 Apr 2010 11:56:08 +
Revision: http://svn.php.net/viewvc?view=revision&revision=298314
Log:
initialize variable. this code still segfaults in OpenSSL, no idea why
Changed paths:
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U php/php-src/trunk/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-22 11:49:10 UTC
(rev 298313)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-22 11:56:08 UTC
(rev 298314)
@@ -4445,7 +4445,7 @@
EVP_PKEY *key = NULL;
SSL *tmpssl;
char resolved_path_buff[MAXPATHLEN];
- const char * private_key;
+ const char * private_key = NULL;
if (VCWD_REALPATH(certfile, resolved_path_buff)) {
/* a certificate to use for authentication */
Modified: php/php-src/trunk/ext/openssl/openssl.c
===
--- php/php-src/trunk/ext/openssl/openssl.c 2010-04-22 11:49:10 UTC (rev
298313)
+++ php/php-src/trunk/ext/openssl/openssl.c 2010-04-22 11:56:08 UTC (rev
298314)
@@ -4443,7 +4443,7 @@
EVP_PKEY *key = NULL;
SSL *tmpssl;
char resolved_path_buff[MAXPATHLEN];
- const char * private_key;
+ const char * private_key = NULL;
if (VCWD_REALPATH(certfile, resolved_path_buff)) {
/* a certificate to use for authentication */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ext/openssl/ openssl.c tests/sni_001.phpt xp_ssl.c
lbarnaud Mon, 30 Nov 2009 13:31:53 +
Revision: http://svn.php.net/viewvc?view=revision&revision=291493
Log:
merge from trunk: openssl sni support (rev 289831)
Changed paths:
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
A + php/php-src/branches/PHP_5_3/ext/openssl/tests/sni_001.phpt
(from php/php-src/trunk/ext/openssl/tests/sni_001.phpt:r289831)
U php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2009-11-30 12:46:24 UTC (rev 291492)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2009-11-30 13:31:53 UTC (rev 291493)
@@ -1041,6 +1041,11 @@
REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_EC", OPENSSL_KEYTYPE_EC, CONST_CS|CONST_PERSISTENT);
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+ /* SNI support included in OpenSSL >= 0.9.8j */
+ REGISTER_LONG_CONSTANT("OPENSSL_TLSEXT_SERVER_NAME", 1, CONST_CS|CONST_PERSISTENT);
+#endif
+
/* Determine default SSL configuration file */
config_filename = getenv("OPENSSL_CONF");
if (config_filename == NULL) {
Copied: php/php-src/branches/PHP_5_3/ext/openssl/tests/sni_001.phpt (from rev 289831, php/php-src/trunk/ext/openssl/tests/sni_001.phpt)
===
--- php/php-src/branches/PHP_5_3/ext/openssl/tests/sni_001.phpt (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/openssl/tests/sni_001.phpt 2009-11-30 13:31:53 UTC (rev 291493)
@@ -0,0 +1,178 @@
+--TEST--
+SNI 001
+--SKIPIF--
+
+--FILE--
+https://sni.velox.ch/ and thus is disabled by default.
+ *
+ * sni.velox.ch uses 3 certificates :
+ * - CN=alice.sni.velox.ch (sent in response to server_name = alice.sni.velox.ch or not set)
+ * - CN=bob.sni.velox.ch (sent in response to server_name = bob.sni.velox.ch)
+ * - CN=*.sni.velox.ch (sent in response to server_name = mallory.sni.velox.ch or *.sni.velox.ch or sni.velox.ch)
+ *
+ * The test sends requests to the server, sending different names, and checks which certificate
+ * the server returned.
+ */
+
+function context() {
+ return stream_context_create(array(
+ 'ssl' => array(
+ 'capture_peer_cert' => true,
+ ),
+ ));
+}
+
+function get_CN($context) {
+
+ $ary = stream_context_get_options($context);
+ assert($ary);
+
+ $cert = $ary['ssl']['peer_certificate'];
+ assert($cert);
+
+ $cert_ary = openssl_x509_parse($cert);
+ return $cert_ary['subject']['CN'];
+}
+
+function do_http_test($url, $context) {
+
+ $fh = fopen($url, 'r', false, $context);
+ assert($fh);
+
+ var_dump(get_CN($context));
+}
+
+function do_ssl_test($url, $context) {
+
+ $fh = stream_socket_client($url, $errno, $errstr,
+ ini_get("default_socket_timeout"), STREAM_CLIENT_CONNECT, $context);
+ assert($fh);
+
+ var_dump(get_CN($context));
+}
+
+function do_enable_crypto_test($url, $context) {
+
+ $fh = stream_socket_client($url, $errno, $errstr,
+ ini_get("default_socket_timeout"), STREAM_CLIENT_CONNECT, $context);
+ assert($fh);
+
+ $r = stream_socket_enable_crypto($fh, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+ assert($r);
+
+ var_dump(get_CN($context));
+}
+
+/* Test https:// streams */
+
+echo "-- auto host name (1) --\n";
+do_http_test('https://alice.sni.velox.ch/', context());
+
+echo "-- auto host name (2) --\n";
+do_http_test('https://bob.sni.velox.ch/', context());
+
+echo "-- auto host name (3) --\n";
+do_http_test('https://bob.sni.velox.ch./', context());
+
+echo "-- user supplied server name --\n";
+
+$context = context();
+stream_context_set_option($context, 'ssl', 'SNI_server_name', 'bob.sni.velox.ch');
+stream_context_set_option($context, 'http', 'header', b'Host: bob.sni.velox.ch');
+do_http_test('https://alice.sni.velox.ch/', $context);
+
+echo "-- sni disabled --\n";
+
+$context = context();
+stream_context_set_option($context, 'ssl', 'SNI_enabled', false);
+do_http_test('https://bob.sni.velox.ch/', $context);
+
+/* Test ssl:// socket streams */
+
+echo "-- raw SSL stream (1) --\n";
+do_ssl_test('ssl://bob.sni.velox.ch:443', context());
+
+echo "-- raw SSL stream (2) --\n";
+do_ssl_test('ssl://mallory.sni.velox.ch:443', context());
+
+echo "-- raw SSL stream with user supplied sni --\n";
+
+$context = context();
+stream_context_set_option($context, 'ssl', 'SNI_server_name', 'bob.sni.velox.ch');
+
+do_ssl_test('ssl://mallory.sni.velox.ch:443', $context);
+
+echo "-- raw SSL stream with sni disabled --\n";
+
+$context = context();
+stream_context_set_option($context, 'ssl', 'SNI_enabled', false);
+
+do_ssl_test('ssl://mallory.sni.velox.ch:443', $context);
+
+/* Test tcp:// socket streams with SSL enabled */
+
+echo "-- stream_socket_enable_crypto (1) --\n";
+
+do_enable_crypto_test('tcp://bob.sni.velox.ch:443', context());
+
+echo "-- stream_socket_enable_crypto (2) --\n";
+
+do_enable_crypto_test('tcp://mallory.sni.velo
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
guenter Tue, 03 Nov 2009 21:26:39 + Revision: http://svn.php.net/viewvc?view=revision&revision=290191 Log: added timezone define for NetWare. Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2009-11-03 21:21:34 UTC (rev 290190) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2009-11-03 21:26:39 UTC (rev 290191) @@ -51,6 +51,10 @@ /* Common */ #include +#ifdef NETWARE +#define timezone _timezone /* timezone is called _timezone in LibC */ +#endif + #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2009-11-03 21:21:34 UTC (rev 290190) +++ php/php-src/trunk/ext/openssl/openssl.c 2009-11-03 21:26:39 UTC (rev 290191) @@ -48,6 +48,10 @@ #include #include +#ifdef NETWARE +#define timezone _timezone /* timezone is called _timezone in LibC */ +#endif + #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
