diff options
| author | Jakub Zelenka <bukka@php.net> | 2017-04-23 20:31:24 +0100 |
|---|---|---|
| committer | Jakub Zelenka <bukka@php.net> | 2017-04-23 20:31:24 +0100 |
| commit | ba83b18ce34afd53d595669138d98ca02818f8fe (patch) | |
| tree | 69d9ad3f42eb36d51c4a6ec79bc5f61ce4e05cbd | |
| parent | 144ddd3b423e42d3e102ec9676376cba0af8881a (diff) | |
| parent | 366b1640d09b982ebc69001bcb476268ab668ab8 (diff) | |
| download | php-git-ba83b18ce34afd53d595669138d98ca02818f8fe.tar.gz | |
Merge branch 'PHP-7.0' into PHP-7.1
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/openssl/openssl.c | 18 | ||||
| -rw-r--r-- | ext/openssl/tests/bug73711.cnf | 3 | ||||
| -rw-r--r-- | ext/openssl/tests/bug73711.phpt | 17 |
4 files changed, 26 insertions, 14 deletions
@@ -51,6 +51,8 @@ PHP NEWS . Fixed bug #74442 (Opcached version produces a nested array). (Nikita) - OpenSSL: + . Fixed bug #73711 (Segfault in openssl_pkey_new when generating DSA or DH + key). (Jakub Zelenka) . Fixed bug #74341 (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds). (Moritz Fain) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 1d99965bb8..1a8f4abb61 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -3870,13 +3870,8 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req case OPENSSL_KEYTYPE_DSA: PHP_OPENSSL_RAND_ADD_TIME(); { - DSA *dsaparam = NULL; -#if OPENSSL_VERSION_NUMBER < 0x10002000L - dsaparam = DSA_generate_parameters(req->priv_key_bits, NULL, 0, NULL, NULL, NULL, NULL); -#else - DSA_generate_parameters_ex(dsaparam, req->priv_key_bits, NULL, 0, NULL, NULL, NULL); -#endif - if (dsaparam) { + DSA *dsaparam = DSA_new(); + if (dsaparam && DSA_generate_parameters_ex(dsaparam, req->priv_key_bits, NULL, 0, NULL, NULL, NULL)) { DSA_set_method(dsaparam, DSA_get_default_method()); if (DSA_generate_key(dsaparam)) { if (EVP_PKEY_assign_DSA(req->priv_key, dsaparam)) { @@ -3899,13 +3894,8 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req PHP_OPENSSL_RAND_ADD_TIME(); { int codes = 0; - DH *dhparam = NULL; -#if OPENSSL_VERSION_NUMBER < 0x10002000L - dhparam = DH_generate_parameters(req->priv_key_bits, 2, NULL, NULL); -#else - DH_generate_parameters_ex(dhparam, req->priv_key_bits, 2, NULL); -#endif - if (dhparam) { + DH *dhparam = DH_new(); + if (dhparam && DH_generate_parameters_ex(dhparam, req->priv_key_bits, 2, NULL)) { DH_set_method(dhparam, DH_get_default_method()); if (DH_check(dhparam, &codes) && codes == 0 && DH_generate_key(dhparam)) { if (EVP_PKEY_assign_DH(req->priv_key, dhparam)) { diff --git a/ext/openssl/tests/bug73711.cnf b/ext/openssl/tests/bug73711.cnf new file mode 100644 index 0000000000..0d27d910d4 --- /dev/null +++ b/ext/openssl/tests/bug73711.cnf @@ -0,0 +1,3 @@ +[ req ] +default_bits = 384 + diff --git a/ext/openssl/tests/bug73711.phpt b/ext/openssl/tests/bug73711.phpt new file mode 100644 index 0000000000..791eec99c6 --- /dev/null +++ b/ext/openssl/tests/bug73711.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #73711: Segfault in openssl_pkey_new when generating DSA or DH key +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +?> +--FILE-- +<?php +$cnf = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'bug73711.cnf'; +var_dump(openssl_pkey_new(["private_key_type" => OPENSSL_KEYTYPE_DSA, 'config' => $cnf])); +var_dump(openssl_pkey_new(["private_key_type" => OPENSSL_KEYTYPE_DH, 'config' => $cnf])); +echo "DONE"; +?> +--EXPECTF-- +resource(%d) of type (OpenSSL key) +resource(%d) of type (OpenSSL key) +DONE |