Jakub Zelenka
427c8c809d
Set DSA or DH key only if pub key supplied
2016-08-14 20:42:56 +01:00
Jakub Zelenka
c3c90abb17
Return false if tag is not supplied or cannot be retrieved in AEAD
...
It doesn't make sense to return just encoded string as it cannot be
used anyway (decryption without a tag will not work).
2016-08-14 19:34:03 +01:00
Jakub Zelenka
6822af2e73
Do not add already added object to the internal OpenSSL table
...
This fixes OpenSSL 1.1 where adding object with OID that has been
already added causes an error - preventing of duplication.
2016-08-03 20:01:41 +01:00
Nikita Popov
40b312d4c2
Use OPENSSL_RAW_DATA in raw data decryption tests
2016-07-22 18:30:30 +02:00
Lauri Kenttä
f775199ac7
Require strict base64 in openssl_decode
...
Using invalid data in a security-related context makes no sense,
and there's even a test which depends on invalid base64 data failing,
even though it currently fails for the wrong reasons by sheer luck.
2016-07-22 18:03:55 +02:00
Lauri Kenttä
76f6f3583c
Fix test: Use valid base64 even for invalid OpenSSL data
2016-07-22 18:03:55 +02:00
Jakub Zelenka
98ac90b7e2
Add missing X509_get_signature_nid for 1.0.1
2016-07-19 20:13:13 +01:00
Jakub Zelenka
d8580cb286
Use always non const SSL cipher version string
2016-07-19 20:01:20 +01:00
Jakub Zelenka
ea35d309b9
Update authors of openssl.c
2016-07-17 20:48:20 +01:00
Jakub Zelenka
6c497ad2d2
Use opaque EVP_PKEY for new EC logic in openssl_pkey_new
2016-07-17 20:44:33 +01:00
Jakub Zelenka
2ecce94756
Use opaque RSA, DSA and DH
2016-07-17 20:24:34 +01:00
Jakub Zelenka
329f74a11d
Add missing creating of md_ctx in openssl_digest
2016-07-17 20:01:37 +01:00
Jakub Zelenka
444adff0b2
Change sign method from ecdsa-with-SHA1 to SHA1
...
There are no message digest methods for public key
(e.g. ecdsa-with-SHA1, dsa*, DSA*) MD methods in OpenSSL 1.1.
2016-07-17 17:46:14 +01:00
Jakub Zelenka
e5780c8cd0
Add missing break in php_openssl_is_private_key
2016-07-17 17:46:14 +01:00
Jakub Zelenka
1008385959
Use SHA1 instead of DSS1 in test for bug #41033
2016-07-17 17:46:14 +01:00
Jakub Zelenka
069d20a33b
Hide setting server ECDH curve for OpenSSL 1.1
...
It seems to be done automatically
2016-07-17 17:46:14 +01:00
Jakub Zelenka
1123c85d79
Do not use tmp_rsa_cb for OpenSSL 1.1
...
The SSL_CTX_set_tmp_rsa_callback has been removed
2016-07-17 17:46:14 +01:00
Jakub Zelenka
0afa0b1f83
The DSS1 is not available in OpenSSL 1.1
2016-07-17 17:46:13 +01:00
Jakub Zelenka
d73735a750
Move and use opaque pkey in openssl_dh_compute_key
2016-07-17 17:43:34 +01:00
Jakub Zelenka
1a4e910e8d
Use opaque pkey in openssl_pkey_get_details
2016-07-17 17:43:34 +01:00
Jakub Zelenka
f08660bb58
Use EVP_PKEY_base_id where possible
2016-07-17 17:33:42 +01:00
Jakub Zelenka
f1de72293e
Use opaque EVP_PKEY in php_openssl_is_private_key
2016-07-17 17:33:42 +01:00
Jakub Zelenka
0598a8da2b
Do not use X509 props directly in openssl_x509_parse
2016-07-17 17:33:42 +01:00
Jakub Zelenka
e138b51dad
Do not use X509_EXTENSION data directly as it is opaque
2016-07-17 17:33:42 +01:00
Jakub Zelenka
84a291d4da
Wrap pkey id and rsa getters
2016-07-17 17:33:42 +01:00
Jakub Zelenka
fd9142a647
Use opaque md ctx in openssl_sign and openssl_verify
2016-07-17 17:33:42 +01:00
Jakub Zelenka
b8164673eb
Use opaque cipher ctx in openssl_seal and openssl_open
2016-07-17 17:33:42 +01:00
Jakub Zelenka
3a8531e767
Use opaque EVP_MD_CTX in openssl_digest
2016-07-17 17:33:41 +01:00
Jakub Zelenka
5f569cc03e
Bump minimal OpenSSL version to 1.0.1
2016-07-17 17:21:07 +01:00
Remi Collet
d30b6a85b2
force SSL_OP_NO_SSLv2
2016-07-17 16:41:47 +01:00
Remi Collet
642aee1deb
Cleanup all SSLv2 code, whatever OpenSSL version is
2016-07-17 16:41:47 +01:00
Jakub Zelenka
9fabb7cac7
Remove openssl test 029 as it is incomplete
2016-06-29 20:49:14 +01:00
Dmitry Stogov
f5dbba0d54
Revert "Skip new OpenSSL ECC tests on 32bit"
...
This reverts commit 0a4f89bc29
.
2016-06-29 11:43:31 +03:00
Jakub Zelenka
0a4f89bc29
Skip new OpenSSL ECC tests on 32bit
...
There has been reported that they fail on 32bit so
they will be skipped till the issue is investigated.
2016-06-28 20:39:31 +01:00
Dmitry Stogov
0cfb47651c
Fixed compilation warnings
2016-06-28 11:37:51 +03:00
Jakub Zelenka
e8a09ddc07
Improve openssl ecc keypair support implementation
2016-06-26 16:55:51 +01:00
Dominic Luechinger
9688138d38
Adds initial support to generate and work with ECC public key pair
...
New features:
- openssl_get_curve_names => list ECC curve names
- generate a ECC public key pair
- generate an CSR with an ECC key
- export x,y,d params of ECC public/private key
Thanks to @bukka for the review and feedback
2016-06-26 16:15:25 +01:00
Dmitry Stogov
323b2733f6
Fixed compilation warnings
2016-06-22 00:40:50 +03:00
Dmitry Stogov
1616038698
Added ZEND_ATTRIBUTE_FORMAT to some middind functions.
...
"%p" replaced by ZEND_LONG_FMT to avoid compilation warnings.
Fixed most incorrect use cases of format specifiers.
2016-06-21 16:00:37 +03:00
Jakub Zelenka
af79a58507
Merge branch 'openssl_error_store' into openssl_aead
2016-06-19 17:36:57 +01:00
Jakub Zelenka
d22d71b6c5
Remove test for incorrect fix of bug #69882
...
The fix just cleared the errors without storing which was wrong
2016-06-19 17:25:30 +01:00
Jakub Zelenka
e63a8540a6
Merge branch 'openssl_error_store' into openssl_aead
2016-06-19 17:05:48 +01:00
Jakub Zelenka
53071e6470
Remove expected openssl errors that are not needed anymore
2016-06-19 16:46:27 +01:00
Jakub Zelenka
c2b90805e8
Merge branch 'master' into openssl_error_store
2016-06-19 16:20:02 +01:00
Anatol Belski
d6b649f6da
fix test portability
2016-06-17 17:03:13 +02:00
Jakub Zelenka
e2904ffa65
Merge branch 'PHP-7.0'
2016-06-16 20:12:50 +01:00
Jakub Zelenka
307e546e1a
Merge branch 'PHP-5.6' into PHP-7.0
2016-06-16 20:11:54 +01:00
Jakub Zelenka
0c34f53c93
Fix incorrect error suppressing in openssl_error_string test
2016-06-16 20:11:02 +01:00
Jakub Zelenka
84948e6382
Fix occasionally failing OpenSSL DH bug test
...
The test was failing when first byte was 0
2016-06-16 20:09:17 +01:00
Jakub Zelenka
b44cf1a854
Merge branch 'PHP-7.0' into openssl_error_store
2016-06-12 18:56:55 +01:00