← Back to branch summary

~clint-fewbar/ubuntu/precise/php5/php5-5.4-merge

« back to all changes in this revision

Viewing changes to ext/openssl/openssl.c

  • Committer: Package Import Robot
  • Author(s): Chuck Short
  • Date: 2011-02-22 09:46:37 UTC
  • mfrom: (1.1.20) (0.3.18 sid)
  • Revision ID: package-import@ubuntu.com-20110222094637-nlu2tvb7oqgaarl0
Tags: 5.3.5-1ubuntu1
* Merge from debian/unstable. Remaining changes:
 - debian/control:
    * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe.
    * Dropped libmysqlclient15-dev, build against mysql 5.1.
    * Dropped libcurl-dev not in the archive.
    * Suggest php5-suhosin rather than recommends.
    * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions 
      already in universe.
    * Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1)
    * Dropped locales-all.
  - modulelist: Drop imap, interbase, sybase, and mcrypt.
  - debian/rules:
    * Dropped building of mcrypt, imap, and interbase.
    * Install apport hook for php5.
    * stop mysql instance on clean just in case we failed in tests

Show diffs side-by-side

added added

removed removed

Lines of Context:
ext/openssl/openssl.c
20
20
   +----------------------------------------------------------------------+
21
21
 */
22
22
 
23
 
/* $Id: openssl.c 300764 2010-06-26 16:03:39Z felipe $ */
 
23
/* $Id: openssl.c 305902 2010-12-02 11:37:43Z pajoye $ */
24
24
 
25
25
#ifdef HAVE_CONFIG_H
26
26
#include "config.h"
702
702
#if OPENSSL_VERSION_NUMBER >= 0x10000002L
703
703
static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH_OF(CONF_VALUE) * config TSRMLS_DC) /* {{{ */
704
704
#else
705
 
static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH * config TSRMLS_DC) /* {{{ */
 
705
static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH * config TSRMLS_DC)
706
706
#endif
707
707
{
708
708
        X509V3_CTX ctx;
868
868
 
869
869
        *egdsocket = 0;
870
870
        *seeded = 0;
871
 
        
872
 
#ifdef WINDOWS
873
 
        RAND_screen();
874
 
#endif
 
871
 
875
872
        if (file == NULL) {
876
873
                file = RAND_file_name(buffer, sizeof(buffer));
877
874
        } else if (RAND_egd(file) > 0) {
1771
1768
                return;
1772
1769
 
1773
1770
        RETVAL_FALSE;
 
1771
 
 
1772
        if (strlen(filename) != filename_len) {
 
1773
                return;
 
1774
        }
1774
1775
        
1775
1776
        cert = php_openssl_x509_from_zval(zcert, 0, &certresource TSRMLS_CC);
1776
1777
        if (cert == NULL) {
2117
2118
                if (attribs) {
2118
2119
                        zend_hash_internal_pointer_reset_ex(HASH_OF(attribs), &hpos);
2119
2120
                        while(zend_hash_get_current_data_ex(HASH_OF(attribs), (void**)&item, &hpos) == SUCCESS) {
2120
 
                                char * strindex; uint strindexlen;
 
2121
                                char *strindex = NULL;
 
2122
                                uint strindexlen;
2121
2123
                                ulong intindex;
2122
2124
 
2123
2125
                                zend_hash_get_current_key_ex(HASH_OF(attribs), &strindex, &strindexlen, &intindex, 0, &hpos);
2218
2220
        }
2219
2221
        RETVAL_FALSE;
2220
2222
 
 
2223
        if (strlen(filename) != filename_len) {
 
2224
                return;
 
2225
        }
 
2226
 
2221
2227
        csr = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC);
2222
2228
        if (csr == NULL) {
2223
2229
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot get CSR from parameter 1");
3002
3008
        }
3003
3009
        RETVAL_FALSE;
3004
3010
 
 
3011
        if (strlen(filename) != filename_len) {
 
3012
                return;
 
3013
        }
 
3014
 
3005
3015
        key = php_openssl_evp_from_zval(zpkey, 0, passphrase, 0, &key_resource TSRMLS_CC);
3006
3016
 
3007
3017
        if (key == NULL) {
3394
3404
                                &outfilename, &outfilename_len, &zrecipcerts, &zheaders, &flags, &cipherid) == FAILURE)
3395
3405
                return;
3396
3406
 
3397
 
        
 
3407
        if (strlen(infilename) != infilename_len) {
 
3408
                return;
 
3409
        }
 
3410
 
 
3411
        if (strlen(outfilename) != outfilename_len) {
 
3412
                return;
 
3413
        }
 
3414
 
3398
3415
        if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
3399
3416
                return;
3400
3417
        }
3526
3543
        char * outfilename;     int outfilename_len;
3527
3544
        char * extracertsfilename = NULL; int extracertsfilename_len;
3528
3545
 
 
3546
        RETVAL_FALSE;
 
3547
 
3529
3548
        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZZa!|ls",
3530
3549
                                &infilename, &infilename_len, &outfilename, &outfilename_len,
3531
3550
                                &zcert, &zprivkey, &zheaders, &flags, &extracertsfilename,
3532
3551
                                &extracertsfilename_len) == FAILURE) {
3533
3552
                return;
3534
3553
        }
3535
 
        
3536
 
        RETVAL_FALSE;
 
3554
 
 
3555
        if (strlen(infilename) != infilename_len) {
 
3556
                return;
 
3557
        }
 
3558
 
 
3559
        if (strlen(outfilename) != outfilename_len) {
 
3560
                return;
 
3561
        }
3537
3562
 
3538
3563
        if (extracertsfilename) {
3539
3564
                others = load_all_certs_from_file(extracertsfilename);
3630
3655
        char * infilename;      int infilename_len;
3631
3656
        char * outfilename;     int outfilename_len;
3632
3657
 
 
3658
        RETVAL_FALSE;
 
3659
 
3633
3660
        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZ|Z", &infilename, &infilename_len,
3634
3661
                                &outfilename, &outfilename_len, &recipcert, &recipkey) == FAILURE) {
3635
3662
                return;
3636
3663
        }
3637
3664
 
3638
 
        RETVAL_FALSE;
 
3665
        if (strlen(infilename) != infilename_len) {
 
3666
                return;
 
3667
        }
 
3668
 
 
3669
        if (strlen(outfilename) != outfilename_len) {
 
3670
                return;
 
3671
        }
3639
3672
 
3640
3673
        cert = php_openssl_x509_from_zval(recipcert, 0, &certresval TSRMLS_CC);
3641
3674
        if (cert == NULL) {
4638
4671
{
4639
4672
        zend_bool raw_output = 0;
4640
4673
        char *data, *method, *password, *iv = "";
4641
 
        int data_len, method_len, password_len, iv_len = 0;
 
4674
        int data_len, method_len, password_len, iv_len = 0, max_iv_len;
4642
4675
        const EVP_CIPHER *cipher_type;
4643
4676
        EVP_CIPHER_CTX cipher_ctx;
4644
4677
        int i, outlen, keylen;
4663
4696
                key = (unsigned char*)password;
4664
4697
        }
4665
4698
 
4666
 
        if (iv_len <= 0) {
 
4699
        max_iv_len = EVP_CIPHER_iv_length(cipher_type);
 
4700
        if (iv_len <= 0 && max_iv_len > 0) {
4667
4701
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Using an empty Initialization Vector (iv) is potentially insecure and not recommended");
4668
4702
        }
4669
 
        free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC);
 
4703
        free_iv = php_openssl_validate_iv(&iv, &iv_len, max_iv_len TSRMLS_CC);
4670
4704
 
4671
4705
        outlen = data_len + EVP_CIPHER_block_size(cipher_type);
4672
4706
        outbuf = emalloc(outlen + 1);