Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
hi! Thanks for applying the patch! Please add the test case as well. Btw, did you check with Stas and David about 5.4? Not sure if it is OK at this stage, but we may need another RC already anyway (commits done since last RC). On Thu, Feb 23, 2012 at 2:26 AM, Scott MacVicar wrote: > scottmac Thu, 23 Feb 2012 01:26:46 + > > Revision: http://svn.php.net/viewvc?view=revision&revision=323440 > > Log: > Fixed bug #61124 (Crash when decoding an invalid base64 encoded string). > > Bug: https://bugs.php.net/61124 (Assigned) Segmentation fault > > Changed paths: > U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c > U php/php-src/branches/PHP_5_4/NEWS > U php/php-src/branches/PHP_5_4/ext/openssl/openssl.c > U php/php-src/trunk/ext/openssl/openssl.c > > Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c > === > --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2012-02-22 23:42:18 > UTC (rev 323439) > +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2012-02-23 01:26:46 > UTC (rev 323440) > @@ -4776,6 +4776,10 @@ > > if (!raw_input) { > base64_str = (char*)php_base64_decode((unsigned char*)data, > data_len, &base64_str_len); > + if (!base64_str) { > + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed > to base64 decode the input"); > + RETURN_FALSE; > + } > data_len = base64_str_len; > data = base64_str; > } > > Modified: php/php-src/branches/PHP_5_4/NEWS > === > --- php/php-src/branches/PHP_5_4/NEWS 2012-02-22 23:42:18 UTC (rev 323439) > +++ php/php-src/branches/PHP_5_4/NEWS 2012-02-23 01:26:46 UTC (rev 323440) > @@ -1,6 +1,9 @@ > PHP > NEWS > ||| > ?? ??? 2012, PHP 5.4.0 RC 9 > +- OpenSSL: > + . Fixed bug #61124 (Crash when decoding an invalid base64 encoded string). > + (me at ktamura dot com, Scott) > > 15 Feb 2012, PHP 5.4.0 RC 8 > - Core: > > Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c > === > --- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2012-02-22 23:42:18 > UTC (rev 323439) > +++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2012-02-23 01:26:46 > UTC (rev 323440) > @@ -4803,6 +4803,10 @@ > > if (!(options & OPENSSL_RAW_DATA)) { > base64_str = (char*)php_base64_decode((unsigned char*)data, > data_len, &base64_str_len); > + if (!base64_str) { > + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed > to base64 decode the input"); > + RETURN_FALSE; > + } > data_len = base64_str_len; > data = base64_str; > } > > Modified: php/php-src/trunk/ext/openssl/openssl.c > === > --- php/php-src/trunk/ext/openssl/openssl.c 2012-02-22 23:42:18 UTC (rev > 323439) > +++ php/php-src/trunk/ext/openssl/openssl.c 2012-02-23 01:26:46 UTC (rev > 323440) > @@ -4799,6 +4799,10 @@ > > if (!(options & OPENSSL_RAW_DATA)) { > base64_str = (char*)php_base64_decode((unsigned char*)data, > data_len, &base64_str_len); > + if (!base64_str) { > + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed > to base64 decode the input"); > + RETURN_FALSE; > + } > data_len = base64_str_len; > data = base64_str; > } > > > -- > PHP CVS Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
scottmac Thu, 23 Feb 2012 01:26:46 + Revision: http://svn.php.net/viewvc?view=revision&revision=323440 Log: Fixed bug #61124 (Crash when decoding an invalid base64 encoded string). Bug: https://bugs.php.net/61124 (Assigned) Segmentation fault Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2012-02-22 23:42:18 UTC (rev 323439) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2012-02-23 01:26:46 UTC (rev 323440) @@ -4776,6 +4776,10 @@ if (!raw_input) { base64_str = (char*)php_base64_decode((unsigned char*)data, data_len, &base64_str_len); + if (!base64_str) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to base64 decode the input"); + RETURN_FALSE; + } data_len = base64_str_len; data = base64_str; } Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-02-22 23:42:18 UTC (rev 323439) +++ php/php-src/branches/PHP_5_4/NEWS 2012-02-23 01:26:46 UTC (rev 323440) @@ -1,6 +1,9 @@ PHPNEWS ||| ?? ??? 2012, PHP 5.4.0 RC 9 +- OpenSSL: + . Fixed bug #61124 (Crash when decoding an invalid base64 encoded string). +(me at ktamura dot com, Scott) 15 Feb 2012, PHP 5.4.0 RC 8 - Core: Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2012-02-22 23:42:18 UTC (rev 323439) +++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2012-02-23 01:26:46 UTC (rev 323440) @@ -4803,6 +4803,10 @@ if (!(options & OPENSSL_RAW_DATA)) { base64_str = (char*)php_base64_decode((unsigned char*)data, data_len, &base64_str_len); + if (!base64_str) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to base64 decode the input"); + RETURN_FALSE; + } data_len = base64_str_len; data = base64_str; } Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2012-02-22 23:42:18 UTC (rev 323439) +++ php/php-src/trunk/ext/openssl/openssl.c 2012-02-23 01:26:46 UTC (rev 323440) @@ -4799,6 +4799,10 @@ if (!(options & OPENSSL_RAW_DATA)) { base64_str = (char*)php_base64_decode((unsigned char*)data, data_len, &base64_str_len); + if (!base64_str) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to base64 decode the input"); + RETURN_FALSE; + } data_len = base64_str_len; data = base64_str; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
pajoye Thu, 16 Jun 2011 13:06:41 + Revision: http://svn.php.net/viewvc?view=revision&revision=312209 Log: - did I not kill that already? (do not use rand_screen, pointless on server and not TS) Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/branches/PHP_5_4/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-06-16 12:57:06 UTC (rev 312208) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-06-16 13:06:41 UTC (rev 312209) @@ -4900,10 +4900,6 @@ buffer = emalloc(buffer_length + 1); -#ifdef WINDOWS -RAND_screen(); -#endif - if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) { efree(buffer); RETURN_FALSE; Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-06-16 12:57:06 UTC (rev 312208) +++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-06-16 13:06:41 UTC (rev 312209) @@ -4920,10 +4920,6 @@ buffer = emalloc(buffer_length + 1); -#ifdef WINDOWS -RAND_screen(); -#endif - if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) { efree(buffer); RETURN_FALSE; Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2011-06-16 12:57:06 UTC (rev 312208) +++ php/php-src/trunk/ext/openssl/openssl.c 2011-06-16 13:06:41 UTC (rev 312209) @@ -4920,10 +4920,6 @@ buffer = emalloc(buffer_length + 1); -#ifdef WINDOWS -RAND_screen(); -#endif - if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) { efree(buffer); RETURN_FALSE; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ext/openssl/ openssl.c xp_ssl.c
mj Mon, 25 Apr 2011 16:51:12 + Revision: http://svn.php.net/viewvc?view=revision&revision=310477 Log: MFH: The project calls itself OpenSSL and not openSSL, so let's keep it that way in our code as well. Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-04-25 16:50:30 UTC (rev 310476) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-04-25 16:51:12 UTC (rev 310477) @@ -988,8 +988,8 @@ ERR_load_crypto_strings(); ERR_load_EVP_strings(); - /* register a resource id number with openSSL so that we can map SSL -> stream structures in -* openSSL callbacks */ + /* register a resource id number with OpenSSL so that we can map SSL -> stream structures in +* OpenSSL callbacks */ ssl_stream_data_index = SSL_get_ex_new_index(0, "PHP stream index", NULL, NULL, NULL); REGISTER_STRING_CONSTANT("OPENSSL_VERSION_TEXT", OPENSSL_VERSION_TEXT, CONST_CS|CONST_PERSISTENT); Modified: php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c 2011-04-25 16:50:30 UTC (rev 310476) +++ php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c 2011-04-25 16:51:12 UTC (rev 310477) @@ -330,7 +330,7 @@ break; case STREAM_CRYPTO_METHOD_SSLv2_CLIENT: #ifdef OPENSSL_NO_SSL2 - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the openSSL library PHP is linked against"); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against"); return -1; #else sslsock->is_client = 1; @@ -355,7 +355,7 @@ break; case STREAM_CRYPTO_METHOD_SSLv2_SERVER: #ifdef OPENSSL_NO_SSL2 - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the openSSL library PHP is linked against"); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against"); return -1; #else sslsock->is_client = 0; @@ -923,7 +923,7 @@ sslsock->method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT; } else if (strncmp(proto, "sslv2", protolen) == 0) { #ifdef OPENSSL_NO_SSL2 - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the openSSL library PHP is linked against"); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against"); return NULL; #else sslsock->enable_on_connect = 1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_3/ext/openssl/xp_ssl.c trunk/ext/openssl/openssl.c trunk/ext/openssl/xp_ssl.c
rasmus Sun, 24 Apr 2011 23:27:48 + Revision: http://svn.php.net/viewvc?view=revision&revision=310458 Log: SSLV2 patch cleanup Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c U php/php-src/trunk/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/xp_ssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-04-24 22:08:11 UTC (rev 310457) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-04-24 23:27:48 UTC (rev 310458) @@ -1074,7 +1074,9 @@ php_stream_xport_register("ssl", php_openssl_ssl_socket_factory TSRMLS_CC); php_stream_xport_register("sslv3", php_openssl_ssl_socket_factory TSRMLS_CC); +#ifndef OPENSSL_NO_SSL2 php_stream_xport_register("sslv2", php_openssl_ssl_socket_factory TSRMLS_CC); +#endif php_stream_xport_register("tls", php_openssl_ssl_socket_factory TSRMLS_CC); /* override the default tcp socket provider */ @@ -1109,7 +,9 @@ php_unregister_url_stream_wrapper("ftps" TSRMLS_CC); php_stream_xport_unregister("ssl" TSRMLS_CC); +#ifndef OPENSSL_NO_SSL2 php_stream_xport_unregister("sslv2" TSRMLS_CC); +#endif php_stream_xport_unregister("sslv3" TSRMLS_CC); php_stream_xport_unregister("tls" TSRMLS_CC); Modified: php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c 2011-04-24 22:08:11 UTC (rev 310457) +++ php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c 2011-04-24 23:27:48 UTC (rev 310458) @@ -330,8 +330,8 @@ break; case STREAM_CRYPTO_METHOD_SSLv2_CLIENT: #ifdef OPENSSL_NO_SSL2 -php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled in openSSL"); -return -1; + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the openSSL library PHP is linked against"); + return -1; #else sslsock->is_client = 1; method = SSLv2_client_method(); @@ -355,8 +355,8 @@ break; case STREAM_CRYPTO_METHOD_SSLv2_SERVER: #ifdef OPENSSL_NO_SSL2 -php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled in openSSL"); -return -1; + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the openSSL library PHP is linked against"); + return -1; #else sslsock->is_client = 0; method = SSLv2_server_method(); @@ -922,8 +922,13 @@ sslsock->enable_on_connect = 1; sslsock->method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT; } else if (strncmp(proto, "sslv2", protolen) == 0) { +#ifdef OPENSSL_NO_SSL2 + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the openSSL library PHP is linked against"); + return NULL; +#else sslsock->enable_on_connect = 1; sslsock->method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT; +#endif } else if (strncmp(proto, "sslv3", protolen) == 0) { sslsock->enable_on_connect = 1; sslsock->method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT; Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2011-04-24 22:08:11 UTC (rev 310457) +++ php/php-src/trunk/ext/openssl/openssl.c 2011-04-24 23:27:48 UTC (rev 310458) @@ -,7 +,9 @@ php_stream_xport_register("ssl", php_openssl_ssl_socket_factory TSRMLS_CC); php_stream_xport_register("sslv3", php_openssl_ssl_socket_factory TSRMLS_CC); +#ifndef OPENSSL_NO_SSL2 php_stream_xport_register("sslv2", php_openssl_ssl_socket_factory TSRMLS_CC); +#endif php_stream_xport_register("tls", php_openssl_ssl_socket_factory TSRMLS_CC); /* override the default tcp socket provider */ @@ -1146,7 +1148,9 @@ php_unregister_url_stream_wrapper("ftps" TSRMLS_CC); php_stream_xport_unregister("ssl" TSRMLS_CC); +#ifndef OPENSSL_NO_SSL2 php_stream_xport_unregister("sslv2" TSRMLS_CC); +#endif php_stream_xport_unregister("sslv3" TSRMLS_CC); php_stream_xport_unregister("tls" TSRMLS_CC); Modified: php/php-src/trunk/ext/openssl/xp_ssl.c === --- php/php-src/trunk/ext/openssl/xp_ssl.c 2011-04-24 22:08:11 UTC (rev 310457) +++ php/php-src/trunk/ext/openssl/xp_ssl.c 2011-04-24 23:27:48 UTC (r
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ext/openssl/ openssl.c
pajoye Mon, 21 Feb 2011 10:09:50 + Revision: http://svn.php.net/viewvc?view=revision&revision=308532 Log: - fix test 025 Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-02-21 10:07:31 UTC (rev 308531) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-02-21 10:09:50 UTC (rev 308532) @@ -3543,14 +3543,13 @@ char * outfilename; int outfilename_len; char * extracertsfilename = NULL; int extracertsfilename_len; - RETVAL_FALSE; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZZa!|ls", &infilename, &infilename_len, &outfilename, &outfilename_len, &zcert, &zprivkey, &zheaders, &flags, &extracertsfilename, &extracertsfilename_len) == FAILURE) { return; } + RETVAL_FALSE; if (strlen(infilename) != infilename_len) { return; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
pajoye Thu, 02 Dec 2010 11:37:43 + Revision: http://svn.php.net/viewvc?view=revision&revision=305902 Log: - not TS and useless on server, also not required anymore with the supported windows versions Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-12-02 10:23:19 UTC (rev 305901) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-12-02 11:37:43 UTC (rev 305902) @@ -868,10 +868,7 @@ *egdsocket = 0; *seeded = 0; - -#ifdef WINDOWS - RAND_screen(); -#endif + if (file == NULL) { file = RAND_file_name(buffer, sizeof(buffer)); } else if (RAND_egd(file) > 0) { Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2010-12-02 10:23:19 UTC (rev 305901) +++ php/php-src/trunk/ext/openssl/openssl.c 2010-12-02 11:37:43 UTC (rev 305902) @@ -886,10 +886,7 @@ *egdsocket = 0; *seeded = 0; - -#ifdef WINDOWS - RAND_screen(); -#endif + if (file == NULL) { file = RAND_file_name(buffer, sizeof(buffer)); } else if (RAND_egd(file) > 0) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
aharvey Wed, 13 Oct 2010 09:23:39 + Revision: http://svn.php.net/viewvc?view=revision&revision=304368 Log: Fix vim marker folds. Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-10-13 09:22:51 UTC (rev 304367) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-10-13 09:23:39 UTC (rev 304368) @@ -702,7 +702,7 @@ #if OPENSSL_VERSION_NUMBER >= 0x1002L static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH_OF(CONF_VALUE) * config TSRMLS_DC) /* {{{ */ #else -static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH * config TSRMLS_DC) /* {{{ */ +static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH * config TSRMLS_DC) #endif { X509V3_CTX ctx; Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2010-10-13 09:22:51 UTC (rev 304367) +++ php/php-src/trunk/ext/openssl/openssl.c 2010-10-13 09:23:39 UTC (rev 304368) @@ -704,7 +704,7 @@ #if OPENSSL_VERSION_NUMBER >= 0x1002L static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH_OF(CONF_VALUE) * config TSRMLS_DC) /* {{{ */ #else -static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH * config TSRMLS_DC) /* {{{ */ +static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH * config TSRMLS_DC) #endif { X509V3_CTX ctx; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
iliaaThu, 07 Oct 2010 12:32:00 + Revision: http://svn.php.net/viewvc?view=revision&revision=304179 Log: Fixed extrenous warning inside openssl_encrypt() for cases where iv not provided, but algo does not require an iv Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-10-07 12:03:17 UTC (rev 304178) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-10-07 12:32:00 UTC (rev 304179) @@ -4638,7 +4638,7 @@ { zend_bool raw_output = 0; char *data, *method, *password, *iv = ""; - int data_len, method_len, password_len, iv_len = 0; + int data_len, method_len, password_len, iv_len = 0, max_iv_len; const EVP_CIPHER *cipher_type; EVP_CIPHER_CTX cipher_ctx; int i, outlen, keylen; @@ -4663,10 +4663,11 @@ key = (unsigned char*)password; } - if (iv_len <= 0) { + max_iv_len = EVP_CIPHER_iv_length(cipher_type); + if (iv_len <= 0 && max_iv_len > 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Using an empty Initialization Vector (iv) is potentially insecure and not recommended"); } - free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC); + free_iv = php_openssl_validate_iv(&iv, &iv_len, max_iv_len TSRMLS_CC); outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2010-10-07 12:03:17 UTC (rev 304178) +++ php/php-src/trunk/ext/openssl/openssl.c 2010-10-07 12:32:00 UTC (rev 304179) @@ -4683,7 +4683,7 @@ { zend_bool raw_output = 0; char *data, *method, *password, *iv = ""; - int data_len, method_len, password_len, iv_len = 0; + int data_len, method_len, password_len, iv_len = 0, max_iv_len; const EVP_CIPHER *cipher_type; EVP_CIPHER_CTX cipher_ctx; int i, outlen, keylen; @@ -4708,10 +4708,11 @@ key = (unsigned char*)password; } - if (iv_len <= 0) { + max_iv_len = EVP_CIPHER_iv_length(cipher_type); + if (iv_len <= 0 && max_iv_len > 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Using an empty Initialization Vector (iv) is potentially insecure and not recommended"); } - free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC); + free_iv = php_openssl_validate_iv(&iv, &iv_len, max_iv_len TSRMLS_CC); outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
tony2001 Thu, 20 May 2010 11:20:44 + Revision: http://svn.php.net/viewvc?view=revision&revision=299520 Log: fix ZTS build Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-05-20 03:58:58 UTC (rev 299519) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-05-20 11:20:44 UTC (rev 299520) @@ -4598,7 +4598,7 @@ } /* }}} */ -static zend_bool php_openssl_validate_iv(char **piv, int *piv_len, int iv_required_len) +static zend_bool php_openssl_validate_iv(char **piv, int *piv_len, int iv_required_len TSRMLS_DC) { char *iv_new; @@ -4666,7 +4666,7 @@ if (iv_len <= 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Using an empty Initialization Vector (iv) is potentially insecure and not recommended"); } - free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type)); + free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC); outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); @@ -4745,7 +4745,7 @@ key = (unsigned char*)password; } - free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type)); + free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC); outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); @@ -4777,7 +4777,7 @@ PHP_FUNCTION(openssl_cipher_iv_length) { char *method; - int method_len, iv_len; + int method_len; const EVP_CIPHER *cipher_type; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &method, &method_len) == FAILURE) { Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2010-05-20 03:58:58 UTC (rev 299519) +++ php/php-src/trunk/ext/openssl/openssl.c 2010-05-20 11:20:44 UTC (rev 299520) @@ -4593,7 +4593,7 @@ } /* }}} */ -static zend_bool php_openssl_validate_iv(char **piv, int *piv_len, int iv_required_len) +static zend_bool php_openssl_validate_iv(char **piv, int *piv_len, int iv_required_len TSRMLS_DC) { char *iv_new; @@ -4661,7 +4661,7 @@ if (iv_len <= 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Using an empty Initialization Vector (iv) is potentially insecure and not recommended"); } - free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type)); + free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC); outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); @@ -4740,7 +4740,7 @@ key = (unsigned char*)password; } - free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type)); + free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC); outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = emalloc(outlen + 1); @@ -4772,7 +4772,7 @@ PHP_FUNCTION(openssl_cipher_iv_length) { char *method; - int method_len, iv_len; + int method_len; const EVP_CIPHER *cipher_type; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &method, &method_len) == FAILURE) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
iliaaTue, 11 May 2010 14:31:00 + Revision: http://svn.php.net/viewvc?view=revision&revision=299244 Log: Removed double allocation of buffer inside openssl_random_pseudo_bytes() and cleanup code Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-05-11 14:12:30 UTC (rev 299243) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-05-11 14:31:00 UTC (rev 299244) @@ -4785,27 +4785,23 @@ ZVAL_BOOL(zstrong_result_returned, 0); } - buffer = emalloc(buffer_length); + buffer = emalloc(buffer_length + 1); - if (!buffer) { - RETURN_FALSE; - } - #ifdef WINDOWS RAND_screen(); #endif if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) { - RETVAL_FALSE; - } else { - RETVAL_STRINGL((char *)buffer, buffer_length, 1); + efree(buffer); + RETURN_FALSE; + } - if (zstrong_result_returned) { - ZVAL_BOOL(zstrong_result_returned, strong_result); - } + buffer[buffer_length] = 0; + RETVAL_STRINGL((char *)buffer, buffer_length, 0); + if (zstrong_result_returned) { + ZVAL_BOOL(zstrong_result_returned, strong_result); } - efree(buffer); } /* }}} */ Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2010-05-11 14:12:30 UTC (rev 299243) +++ php/php-src/trunk/ext/openssl/openssl.c 2010-05-11 14:31:00 UTC (rev 299244) @@ -4780,27 +4780,23 @@ ZVAL_BOOL(zstrong_result_returned, 0); } - buffer = emalloc(buffer_length); + buffer = emalloc(buffer_length + 1); - if (!buffer) { - RETURN_FALSE; - } - #ifdef WINDOWS RAND_screen(); #endif if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) { - RETVAL_FALSE; - } else { - RETVAL_STRINGL((char *)buffer, buffer_length, 1); + efree(buffer); + RETURN_FALSE; + } - if (zstrong_result_returned) { - ZVAL_BOOL(zstrong_result_returned, strong_result); - } + buffer[buffer_length] = 0; + RETVAL_STRINGL((char *)buffer, buffer_length, 0); + if (zstrong_result_returned) { + ZVAL_BOOL(zstrong_result_returned, strong_result); } - efree(buffer); } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
Please open a new bug with the details + reproduce script. Thanks. On Fri, Apr 23, 2010 at 2:42 PM, Andrey Hristov wrote: > Tony, > > Antony Dovgal wrote: >> >> On 23.04.2010 15:05, Andrey Hristov wrote: >>> >>> "The SSL_CTX_use_PrivateKey_file function loads the private key for use >>> with Secure Sockets Layer (SSL) sessions using a specific context (CTX) >>> structure." >>> >>> However, what gets passed is path to a certificate, not to a private key. >>> So you reintroduce a bug, that is. >> >> AFAIK the certificate may contain several items, including the private >> key. >> At least that worked fine for me. > > after I checked this matter with a guy who knows a lot more about crypto > than me, it seems that the pem file can, but not always the case, include > the private key next to the public key. The original SSL code does not > support pem files which don't include the private key but the private key is > separate. Having the private key in a separate file is not a bad decision > but is not always the case, as we see. > > I have prepared a patch that doesn't segfault PHP when bug46127.phpt is ran > but allows one to use separate public and private key files. > > http://hristov.com/tmp/new_ssl_patch.txt > >>> And locally I reverted the patch that was reverting my changes, thus >>> introducing them again, and I got : >>> Number of tests : 41 38 >>> Tests skipped : 3 ( 7.3%) >>> Tests warned : 0 ( 0.0%) ( 0.0%) >>> Tests failed : 0 ( 0.0%) ( 0.0%) >>> Expected fail : 0 ( 0.0%) ( 0.0%) >>> Tests passed : 38 ( 92.7%) (100.0%) >>> - >>> Time taken : 3 seconds >>> = >> >> Oh, nice! >> Try to run ext/openssl/tests/bug46127.phpt with valgrind now. >> >>> So, I am going to revert the revert and reintroduce the code that fixes a >>> bug. >> >> Your fix fixes nothing, please don't reintroduce the segfaults. > > My fix fixes the situation described above. > >> If you're unable to reproduce them, I'm ready to do it for you: >> http://pastebin.com/TPCd7WUU >> > > Andrey > -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
Tony, Antony Dovgal wrote: On 23.04.2010 15:05, Andrey Hristov wrote: "The SSL_CTX_use_PrivateKey_file function loads the private key for use with Secure Sockets Layer (SSL) sessions using a specific context (CTX) structure." However, what gets passed is path to a certificate, not to a private key. So you reintroduce a bug, that is. AFAIK the certificate may contain several items, including the private key. At least that worked fine for me. after I checked this matter with a guy who knows a lot more about crypto than me, it seems that the pem file can, but not always the case, include the private key next to the public key. The original SSL code does not support pem files which don't include the private key but the private key is separate. Having the private key in a separate file is not a bad decision but is not always the case, as we see. I have prepared a patch that doesn't segfault PHP when bug46127.phpt is ran but allows one to use separate public and private key files. http://hristov.com/tmp/new_ssl_patch.txt And locally I reverted the patch that was reverting my changes, thus introducing them again, and I got : Number of tests : 4138 Tests skipped :3 ( 7.3%) Tests warned:0 ( 0.0%) ( 0.0%) Tests failed:0 ( 0.0%) ( 0.0%) Expected fail :0 ( 0.0%) ( 0.0%) Tests passed: 38 ( 92.7%) (100.0%) - Time taken :3 seconds = Oh, nice! Try to run ext/openssl/tests/bug46127.phpt with valgrind now. So, I am going to revert the revert and reintroduce the code that fixes a bug. Your fix fixes nothing, please don't reintroduce the segfaults. My fix fixes the situation described above. If you're unable to reproduce them, I'm ready to do it for you: http://pastebin.com/TPCd7WUU Andrey -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
Antony Dovgal wrote: On 23.04.2010 15:05, Andrey Hristov wrote: "The SSL_CTX_use_PrivateKey_file function loads the private key for use with Secure Sockets Layer (SSL) sessions using a specific context (CTX) structure." However, what gets passed is path to a certificate, not to a private key. So you reintroduce a bug, that is. AFAIK the certificate may contain several items, including the private key. At least that worked fine for me. This is my certificate file : http://hristov.com/tmp/client-cert.pem and here is the private key : http://hristov.com/tmp/client-key.pem And locally I reverted the patch that was reverting my changes, thus introducing them again, and I got : Number of tests : 4138 Tests skipped :3 ( 7.3%) Tests warned:0 ( 0.0%) ( 0.0%) Tests failed:0 ( 0.0%) ( 0.0%) Expected fail :0 ( 0.0%) ( 0.0%) Tests passed: 38 ( 92.7%) (100.0%) - Time taken :3 seconds = Oh, nice! Try to run ext/openssl/tests/bug46127.phpt with valgrind now. So, I am going to revert the revert and reintroduce the code that fixes a bug. Your fix fixes nothing, please don't reintroduce the segfaults. If you're unable to reproduce them, I'm ready to do it for you: http://pastebin.com/TPCd7WUU Andrey -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
On 23.04.2010 15:05, Andrey Hristov wrote: > "The SSL_CTX_use_PrivateKey_file function loads the private key for use > with Secure Sockets Layer (SSL) sessions using a specific context (CTX) > structure." > > However, what gets passed is path to a certificate, not to a private > key. So you reintroduce a bug, that is. AFAIK the certificate may contain several items, including the private key. At least that worked fine for me. > And locally I reverted the patch that was reverting my changes, thus > introducing them again, and I got : > Number of tests : 4138 > Tests skipped :3 ( 7.3%) > Tests warned:0 ( 0.0%) ( 0.0%) > Tests failed:0 ( 0.0%) ( 0.0%) > Expected fail :0 ( 0.0%) ( 0.0%) > Tests passed: 38 ( 92.7%) (100.0%) > - > Time taken :3 seconds > = Oh, nice! Try to run ext/openssl/tests/bug46127.phpt with valgrind now. > So, I am going to revert the revert and reintroduce the code that fixes > a bug. Your fix fixes nothing, please don't reintroduce the segfaults. If you're unable to reproduce them, I'm ready to do it for you: http://pastebin.com/TPCd7WUU -- Wbr, Antony Dovgal --- http://pinba.org - realtime statistics for PHP -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
On Fri, 2010-04-23 at 13:05 +0200, Andrey Hristov wrote: > Pierre, Pierre, > + if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, > SSL_FILETYPE_PEM) != 1) { > > this is what the revert gives back, if you go and check what this > function does: > > "The SSL_CTX_use_PrivateKey_file function loads the private key for use > with Secure Sockets Layer (SSL) sessions using a specific context (CTX) > structure." > > However, what gets passed is path to a certificate, not to a private > key. So you reintroduce a bug, that is. > > And locally I reverted the patch that was reverting my changes, thus > introducing them again, and I got : > Number of tests : 4138 > Tests skipped :3 ( 7.3%) > Tests warned:0 ( 0.0%) ( 0.0%) > Tests failed:0 ( 0.0%) ( 0.0%) > Expected fail :0 ( 0.0%) ( 0.0%) > Tests passed: 38 ( 92.7%) (100.0%) > - > Time taken :3 seconds > = The interesting question is: What's the difference between the systems? Andrey's system doesn't show an issue, gcov's last run was fine http://gcov.php.net/viewer.php?version=PHP_5_3&func=tests (ok, this is 5.3, but I don't see difference between trunk and 5.3) What openssl versions yre you using? Any "special" compiler flags? The patch itself is needed to so login using SSL certificate to an MySQL server works under mysqlnd. Maybe somebody who can reproduce the crash could take a deeper look what's wrong? thanks, johannes -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
On Fri, Apr 23, 2010 at 1:05 PM, Andrey Hristov wrote: > > So, I am going to revert the revert and reintroduce the code that fixes a > bug. No. Don't do that. If you have found a bug in SSL please report a bug with a SSL specific test case and a patch if you have one. Thanks, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
Pierre, Pierre, + if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) { this is what the revert gives back, if you go and check what this function does: "The SSL_CTX_use_PrivateKey_file function loads the private key for use with Secure Sockets Layer (SSL) sessions using a specific context (CTX) structure." However, what gets passed is path to a certificate, not to a private key. So you reintroduce a bug, that is. And locally I reverted the patch that was reverting my changes, thus introducing them again, and I got : Number of tests : 4138 Tests skipped :3 ( 7.3%) Tests warned:0 ( 0.0%) ( 0.0%) Tests failed:0 ( 0.0%) ( 0.0%) Expected fail :0 ( 0.0%) ( 0.0%) Tests passed: 38 ( 92.7%) (100.0%) - Time taken :3 seconds = So, I am going to revert the revert and reintroduce the code that fixes a bug. Have a nice day! Andrey Pierre Joye wrote: hi, On Fri, Apr 23, 2010 at 12:14 PM, Andrey Hristov wrote: More info about the segfaults? Tests that show the segfaults and thus keep us from regressions? The tests we have in ext/openssl/tests crash. However we were wondering why you did these changes and I did not see any relation between the commit msg and this change. If there is a bug in this code, please provide a reproduce case and a patch so we can be sure it won't break ssl functions. Cheers, -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
hi, On Fri, Apr 23, 2010 at 12:14 PM, Andrey Hristov wrote: > More info about the segfaults? Tests that show the segfaults and thus keep > us from regressions? The tests we have in ext/openssl/tests crash. However we were wondering why you did these changes and I did not see any relation between the commit msg and this change. If there is a bug in this code, please provide a reproduce case and a patch so we can be sure it won't break ssl functions. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
More info about the segfaults? Tests that show the segfaults and thus keep us from regressions? Andrey Antony Dovgal wrote: tony2001 Thu, 22 Apr 2010 15:59:44 + Revision: http://svn.php.net/viewvc?view=revision&revision=298331 Log: revert most of the Andrey's patch that causes segfaults (as agreed with Pierre) Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-22 15:51:03 UTC (rev 298330) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-22 15:59:44 UTC (rev 298331) @@ -4445,7 +4445,6 @@ EVP_PKEY *key = NULL; SSL *tmpssl; char resolved_path_buff[MAXPATHLEN]; - const char * private_key = NULL; if (VCWD_REALPATH(certfile, resolved_path_buff)) { /* a certificate to use for authentication */ @@ -4454,10 +4453,8 @@ return NULL; } - GET_VER_OPT_STRING("local_pk", private_key); - - if (private_key && SSL_CTX_use_PrivateKey_file(ctx, private_key, SSL_FILETYPE_PEM) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", private_key); + if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff); return NULL; } Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2010-04-22 15:51:03 UTC (rev 298330) +++ php/php-src/trunk/ext/openssl/openssl.c 2010-04-22 15:59:44 UTC (rev 298331) @@ -4443,7 +4443,6 @@ EVP_PKEY *key = NULL; SSL *tmpssl; char resolved_path_buff[MAXPATHLEN]; - const char * private_key = NULL; if (VCWD_REALPATH(certfile, resolved_path_buff)) { /* a certificate to use for authentication */ @@ -4452,10 +4451,8 @@ return NULL; } - GET_VER_OPT_STRING("local_pk", private_key); - - if (private_key && SSL_CTX_use_PrivateKey_file(ctx, private_key, SSL_FILETYPE_PEM) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", private_key); + if (SSL_CTX_use_PrivateKey_file(ctx, reso, SSL_FILETYPE_PEM) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff); return NULL; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
tony2001 Thu, 22 Apr 2010 15:59:44 + Revision: http://svn.php.net/viewvc?view=revision&revision=298331 Log: revert most of the Andrey's patch that causes segfaults (as agreed with Pierre) Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-22 15:51:03 UTC (rev 298330) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-22 15:59:44 UTC (rev 298331) @@ -4445,7 +4445,6 @@ EVP_PKEY *key = NULL; SSL *tmpssl; char resolved_path_buff[MAXPATHLEN]; - const char * private_key = NULL; if (VCWD_REALPATH(certfile, resolved_path_buff)) { /* a certificate to use for authentication */ @@ -4454,10 +4453,8 @@ return NULL; } - GET_VER_OPT_STRING("local_pk", private_key); - - if (private_key && SSL_CTX_use_PrivateKey_file(ctx, private_key, SSL_FILETYPE_PEM) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", private_key); + if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff); return NULL; } Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2010-04-22 15:51:03 UTC (rev 298330) +++ php/php-src/trunk/ext/openssl/openssl.c 2010-04-22 15:59:44 UTC (rev 298331) @@ -4443,7 +4443,6 @@ EVP_PKEY *key = NULL; SSL *tmpssl; char resolved_path_buff[MAXPATHLEN]; - const char * private_key = NULL; if (VCWD_REALPATH(certfile, resolved_path_buff)) { /* a certificate to use for authentication */ @@ -4452,10 +4451,8 @@ return NULL; } - GET_VER_OPT_STRING("local_pk", private_key); - - if (private_key && SSL_CTX_use_PrivateKey_file(ctx, private_key, SSL_FILETYPE_PEM) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", private_key); + if (SSL_CTX_use_PrivateKey_file(ctx, reso, SSL_FILETYPE_PEM) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff); return NULL; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
tony2001 Thu, 22 Apr 2010 11:56:08 + Revision: http://svn.php.net/viewvc?view=revision&revision=298314 Log: initialize variable. this code still segfaults in OpenSSL, no idea why Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-22 11:49:10 UTC (rev 298313) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-22 11:56:08 UTC (rev 298314) @@ -4445,7 +4445,7 @@ EVP_PKEY *key = NULL; SSL *tmpssl; char resolved_path_buff[MAXPATHLEN]; - const char * private_key; + const char * private_key = NULL; if (VCWD_REALPATH(certfile, resolved_path_buff)) { /* a certificate to use for authentication */ Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2010-04-22 11:49:10 UTC (rev 298313) +++ php/php-src/trunk/ext/openssl/openssl.c 2010-04-22 11:56:08 UTC (rev 298314) @@ -4443,7 +4443,7 @@ EVP_PKEY *key = NULL; SSL *tmpssl; char resolved_path_buff[MAXPATHLEN]; - const char * private_key; + const char * private_key = NULL; if (VCWD_REALPATH(certfile, resolved_path_buff)) { /* a certificate to use for authentication */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ext/openssl/ openssl.c tests/sni_001.phpt xp_ssl.c
lbarnaud Mon, 30 Nov 2009 13:31:53 + Revision: http://svn.php.net/viewvc?view=revision&revision=291493 Log: merge from trunk: openssl sni support (rev 289831) Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c A + php/php-src/branches/PHP_5_3/ext/openssl/tests/sni_001.phpt (from php/php-src/trunk/ext/openssl/tests/sni_001.phpt:r289831) U php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2009-11-30 12:46:24 UTC (rev 291492) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2009-11-30 13:31:53 UTC (rev 291493) @@ -1041,6 +1041,11 @@ REGISTER_LONG_CONSTANT("OPENSSL_KEYTYPE_EC", OPENSSL_KEYTYPE_EC, CONST_CS|CONST_PERSISTENT); #endif +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) + /* SNI support included in OpenSSL >= 0.9.8j */ + REGISTER_LONG_CONSTANT("OPENSSL_TLSEXT_SERVER_NAME", 1, CONST_CS|CONST_PERSISTENT); +#endif + /* Determine default SSL configuration file */ config_filename = getenv("OPENSSL_CONF"); if (config_filename == NULL) { Copied: php/php-src/branches/PHP_5_3/ext/openssl/tests/sni_001.phpt (from rev 289831, php/php-src/trunk/ext/openssl/tests/sni_001.phpt) === --- php/php-src/branches/PHP_5_3/ext/openssl/tests/sni_001.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/openssl/tests/sni_001.phpt 2009-11-30 13:31:53 UTC (rev 291493) @@ -0,0 +1,178 @@ +--TEST-- +SNI 001 +--SKIPIF-- + +--FILE-- +https://sni.velox.ch/ and thus is disabled by default. + * + * sni.velox.ch uses 3 certificates : + * - CN=alice.sni.velox.ch (sent in response to server_name = alice.sni.velox.ch or not set) + * - CN=bob.sni.velox.ch (sent in response to server_name = bob.sni.velox.ch) + * - CN=*.sni.velox.ch (sent in response to server_name = mallory.sni.velox.ch or *.sni.velox.ch or sni.velox.ch) + * + * The test sends requests to the server, sending different names, and checks which certificate + * the server returned. + */ + +function context() { + return stream_context_create(array( + 'ssl' => array( + 'capture_peer_cert' => true, + ), + )); +} + +function get_CN($context) { + + $ary = stream_context_get_options($context); + assert($ary); + + $cert = $ary['ssl']['peer_certificate']; + assert($cert); + + $cert_ary = openssl_x509_parse($cert); + return $cert_ary['subject']['CN']; +} + +function do_http_test($url, $context) { + + $fh = fopen($url, 'r', false, $context); + assert($fh); + + var_dump(get_CN($context)); +} + +function do_ssl_test($url, $context) { + + $fh = stream_socket_client($url, $errno, $errstr, + ini_get("default_socket_timeout"), STREAM_CLIENT_CONNECT, $context); + assert($fh); + + var_dump(get_CN($context)); +} + +function do_enable_crypto_test($url, $context) { + + $fh = stream_socket_client($url, $errno, $errstr, + ini_get("default_socket_timeout"), STREAM_CLIENT_CONNECT, $context); + assert($fh); + + $r = stream_socket_enable_crypto($fh, true, STREAM_CRYPTO_METHOD_TLS_CLIENT); + assert($r); + + var_dump(get_CN($context)); +} + +/* Test https:// streams */ + +echo "-- auto host name (1) --\n"; +do_http_test('https://alice.sni.velox.ch/', context()); + +echo "-- auto host name (2) --\n"; +do_http_test('https://bob.sni.velox.ch/', context()); + +echo "-- auto host name (3) --\n"; +do_http_test('https://bob.sni.velox.ch./', context()); + +echo "-- user supplied server name --\n"; + +$context = context(); +stream_context_set_option($context, 'ssl', 'SNI_server_name', 'bob.sni.velox.ch'); +stream_context_set_option($context, 'http', 'header', b'Host: bob.sni.velox.ch'); +do_http_test('https://alice.sni.velox.ch/', $context); + +echo "-- sni disabled --\n"; + +$context = context(); +stream_context_set_option($context, 'ssl', 'SNI_enabled', false); +do_http_test('https://bob.sni.velox.ch/', $context); + +/* Test ssl:// socket streams */ + +echo "-- raw SSL stream (1) --\n"; +do_ssl_test('ssl://bob.sni.velox.ch:443', context()); + +echo "-- raw SSL stream (2) --\n"; +do_ssl_test('ssl://mallory.sni.velox.ch:443', context()); + +echo "-- raw SSL stream with user supplied sni --\n"; + +$context = context(); +stream_context_set_option($context, 'ssl', 'SNI_server_name', 'bob.sni.velox.ch'); + +do_ssl_test('ssl://mallory.sni.velox.ch:443', $context); + +echo "-- raw SSL stream with sni disabled --\n"; + +$context = context(); +stream_context_set_option($context, 'ssl', 'SNI_enabled', false); + +do_ssl_test('ssl://mallory.sni.velox.ch:443', $context); + +/* Test tcp:// socket streams with SSL enabled */ + +echo "-- stream_socket_enable_crypto (1) --\n"; + +do_enable_crypto_test('tcp://bob.sni.velox.ch:443', context()); + +echo "-- stream_socket_enable_crypto (2) --\n"; + +do_enable_crypto_test('tcp://mallory.sni.velo
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
guenter Tue, 03 Nov 2009 21:26:39 + Revision: http://svn.php.net/viewvc?view=revision&revision=290191 Log: added timezone define for NetWare. Changed paths: U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2009-11-03 21:21:34 UTC (rev 290190) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2009-11-03 21:26:39 UTC (rev 290191) @@ -51,6 +51,10 @@ /* Common */ #include +#ifdef NETWARE +#define timezone _timezone /* timezone is called _timezone in LibC */ +#endif + #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2009-11-03 21:21:34 UTC (rev 290190) +++ php/php-src/trunk/ext/openssl/openssl.c 2009-11-03 21:26:39 UTC (rev 290191) @@ -48,6 +48,10 @@ #include #include +#ifdef NETWARE +#define timezone _timezone /* timezone is called _timezone in LibC */ +#endif + #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php