| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| | |
* PHP-5.4:
fix bug #61930: openssl corrupts ssl key resource when using openssl_get_publickey()
|
| |
| |
| |
| | |
openssl_get_publickey()
|
|\ \
| |/ |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The CRIME attack vector exploits TLS compression. This patch adds a stream context option
allowing servers to disable TLS compression for versions of OpenSSL >= 1.0.0 (which first
introduced the SSL_OP_NO_COMPRESSION option). A summary rundown of the CRIME attack can
be found at https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
Thanks to @DaveRandom for pointing out the relevant section of code.
|
| | |
|
| | |
|
|\ \
| |/
| |
| |
| |
| | |
* PHp-5.4:
news for bug #61421
commit for php bug 61421 enabling SHA2 and RMD160 for openssl signature verification
|
| |
| |
| |
| | |
enabling SHA2 and RMD160 for openssl signature verification
|
| |
| |
| |
| |
| | |
This reverts commit b5b8ea1050837fba5a6cee55e41b4574ed64158e.
Looks like we don't have agreement yet on this for 5.4. Let's keep it in 5.5 for now.
|
| |
| |
| |
| |
| |
| |
| | |
like a spell."
This reverts commit bccd1e672fabc3c788e93075221d47d9f077b167.
Looks like we don't have agreement yet on this for 5.4. Let's keep it in 5.5 for now.
|
| | |
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| | |
* 5.4:
Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell.
Add PBKDF2 support via openssl()
Conflicts:
ext/openssl/openssl.c
|
| |
| |
| |
| |
| | |
Summary:
Stas pointed out that this is named pretty poorly. Go for openssl_pbkdf2()
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.
Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.
Will backport to 5.4 potentially with Stas' approval.
Test Plan:
Ran newly added tests which came from RFC 6070
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.
Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.
Will backport to 5.4 potentially with Stas' approval.
Test Plan:
Ran newly added tests which came from RFC 6070
|
| |
| |
| |
| |
| | |
Summary:
Stas pointed out that this is named pretty poorly. Go for openssl_pbkdf2()
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
* 5.4:
Add PBKDF2 support via openssl()
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.
Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.
Will backport to 5.4 potentially with Stas' approval.
Test Plan:
Ran newly added tests which came from RFC 6070
|
|\ \
| |/
| |
| |
| |
| |
| |
| | |
* PHP-5.4:
Fix bug #61401 ext\openssl\tests\004.phpt fails
Fix bug #61404 ext\openssl\tests\021.phpt fails
Fix bug #61404 ext\openssl\tests\021.phpt fails
Fix bug #61448 intl tests fail with icu >= 4.8
|
| |\
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.3:
Fix bug #61401 ext\openssl\tests\004.phpt fails
Fix bug #61404 ext\openssl\tests\021.phpt fails
Fix bug #61448 intl tests fail with icu >= 4.8
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
* 5.4:
Fix bug #61405 ext\openssl\tests\022.phpt fails
Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
|
| |\ \
| | |/
| | |
| | |
| | |
| | | |
* 5.3:
Fix bug #61405 ext\openssl\tests\022.phpt fails
Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
* 5.4:
Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
|
| |\ \ \
| | |/ /
| |/| |
| | | |
| | | | |
* 5.3:
Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
|
| | |/ |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
0.9. Skip current test for 0.9. New test for 0.9 approved by Stas
|
| | |
| | |
| | |
| | |
| | |
| | | |
changed in more recent versions. Synch with newer output and consider changing
the test to only pick out the more stable fields instead of all of them.
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
it is just making sure we actually get a hash and don't crash.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
See: http://qa.php.net/reports/viewreports.php?version=5.3.10&test=%2Fext%2Fopenssl%2Ftests%2Fbug28382.phpt
I'm not sure if this is due to a change in the openssl library or in the extension, so perhaps the test
itself needs to change, but for now synch it with the new output and watch for failures.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
ssl_handle of session_stream is not initialized.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
option, scottmac)
# This caused bug #55283, we should investigate a proper solution without
# breaking anything.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
reading from SSL sockets could block indefinitely due to the lack
of timeout
|