Imported Upstream version 5.3.9upstream/5.3.9

7 files changed, 71 insertions, 10 deletions

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index ce96c645d..bf68e982f 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2011 The PHP Group                                |
+   | Copyright (c) 1997-2012 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
@@ -20,7 +20,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: openssl.c 313665 2011-07-25 11:42:53Z felipe $ */
+/* $Id: openssl.c 321634 2012-01-01 13:15:04Z felipe $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -4713,7 +4713,9 @@ PHP_FUNCTION(openssl_encrypt)
 		EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
 	}
 	EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
-	EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
+	if (data_len > 0) {
+		EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
+	}
 	outlen = i;
 	if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
 		outlen += i;
diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h
index 0d15f41f8..19193d8b7 100644
--- a/ext/openssl/php_openssl.h
+++ b/ext/openssl/php_openssl.h
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2011 The PHP Group                                |
+   | Copyright (c) 1997-2012 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: php_openssl.h 306939 2011-01-01 02:19:59Z felipe $ */
+/* $Id: php_openssl.h 321634 2012-01-01 13:15:04Z felipe $ */
 
 #ifndef PHP_OPENSSL_H
 #define PHP_OPENSSL_H
diff --git a/ext/openssl/tests/bug36732.phpt b/ext/openssl/tests/bug36732.phpt
index 290c9e95e..ec8fedb9d 100644
--- a/ext/openssl/tests/bug36732.phpt
+++ b/ext/openssl/tests/bug36732.phpt
@@ -9,7 +9,8 @@ if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip");
 <?php 
 $configargs = array(
         "req_extensions" => "v3_req",
-        "x509_extensions" => "usr_cert"
+        "x509_extensions" => "usr_cert",
+		"config" => __DIR__."/openssl.cnf",
 );
 
 $dn = array(
diff --git a/ext/openssl/tests/bug54992.phpt b/ext/openssl/tests/bug54992.phpt
index d3a06310e..768b07378 100644
--- a/ext/openssl/tests/bug54992.phpt
+++ b/ext/openssl/tests/bug54992.phpt
@@ -8,7 +8,7 @@ if (!function_exists('pcntl_fork')) die("skip no fork");
 <?php
 $context = stream_context_create();
 
-stream_context_set_option($context, 'ssl', 'local_cert', "./bug54992.pem");
+stream_context_set_option($context, 'ssl', 'local_cert', __DIR__ . "/bug54992.pem");
 stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
 $server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
 	STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
@@ -22,7 +22,7 @@ if ($pid == -1) {
 		array(
 			'ssl' => array(
 				'verify_peer'		=> true,
-				'cafile'		=> 'bug54992-ca.pem',
+				'cafile'		=> __DIR__ . '/bug54992-ca.pem',
 				'CN_match'		=> 'buga_buga',
 			)
 		)
diff --git a/ext/openssl/tests/openssl.cnf b/ext/openssl/tests/openssl.cnf
new file mode 100644
index 000000000..10e69076c
--- /dev/null
+++ b/ext/openssl/tests/openssl.cnf
@@ -0,0 +1,43 @@
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+string_mask = MASK:4294967295
+
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+localityName			= Locality Name (eg, city)
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+organizationalUnitName		= Organizational Unit Name (eg, section)
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+unstructuredName		= An optional company name
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:true
+
+[ usr_cert ]
+basicConstraints=CA:FALSE
+
diff --git a/ext/openssl/tests/openssl_encrypt_crash.phpt b/ext/openssl/tests/openssl_encrypt_crash.phpt
new file mode 100644
index 000000000..b88782b0b
--- /dev/null
+++ b/ext/openssl/tests/openssl_encrypt_crash.phpt
@@ -0,0 +1,13 @@
+--TEST--
+openssl_encrypt() crash with old OpenSSL
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) print "skip"; ?>
+--FILE--
+<?php
+openssl_encrypt('', 'AES-128-CBC', 'foo');
+var_dump("done");
+?>
+--EXPECTF--
+
+Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in %s on line %d
+string(4) "done"
\ No newline at end of file
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 0cc04cbe7..c349b540e 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -2,7 +2,7 @@
   +----------------------------------------------------------------------+
   | PHP Version 5                                                        |
   +----------------------------------------------------------------------+
-  | Copyright (c) 1997-2011 The PHP Group                                |
+  | Copyright (c) 1997-2012 The PHP Group                                |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
@@ -16,7 +16,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: xp_ssl.c 315339 2011-08-23 08:12:58Z johannes $ */
+/* $Id: xp_ssl.c 321634 2012-01-01 13:15:04Z felipe $ */
 
 #include "php.h"
 #include "ext/standard/file.h"
@@ -406,6 +406,8 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
 	if (cparam->inputs.session) {
 		if (cparam->inputs.session->ops != &php_openssl_socket_ops) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "supplied session stream must be an SSL enabled stream");
+ 		} else if (((php_openssl_netstream_data_t*)cparam->inputs.session->abstract)->ssl_handle == NULL) {
+ 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "supplied SSL session stream is not initialized");
 		} else {
 			SSL_copy_session_id(sslsock->ssl_handle, ((php_openssl_netstream_data_t*)cparam->inputs.session->abstract)->ssl_handle);
 		}