* tree-wide: Replace `CHECK_NULL_PATH()` by `zend_char_has_nul_byte()`
The former is a direct alias of the latter with a more explicit name and the
former is explicitly documented as a “compatibility” alias.
* tree-wide: Replace `CHECK_ZVAL_NULL_PATH()` by its definition
The former is explicitly documented as a “compatibility” alias.
* zend_API: Remove `CHECK*NULL_PATH`
The `CHECK_ZVAL_NULL_PATH()` macro is unsafe, because it implicitly assumes
that the given `zval*` is `IS_STRING`.
Based on a GitHub search there does not seem to be any user outside of PHP, all
hits were just forks / copies of php-src.
* uri: Rename `uri_object_t` to `php_uri_object`
* uri: Rename `uri_(read|write)_component_*` to `php_uri_property_(read|write)_*_helper`
* uri: Rename `URI_SERIALIZED_PROPERTY_NAME` to `PHP_URI_SERIALIZE_URI_FIELD_NAME`
* uri: Rename `uri_internal_t` to `php_uri_internal`
* uri: Use proper `php_uri_ce_` prefix for all CEs
* uri: Make the object handlers `static` and remove them from the header
* uri: Rename `uri_recomposition_mode_t` to `php_uri_recomposition_mode`
* uri: Align the names of the `php_uri_recomposition_mode` values
* uri: Rename `uri_component_read_mode_t` to `php_uri_component_read_mode`
* uri: Align the names of the `php_uri_component_read_mode` values
* uri: Rename `uri_property_name_t` to `php_uri_property_name`
* uri: Align the names of the `php_uri_property_name` values
* uri: Rename `uri_property_handler_t` to `php_uri_property_handler`
* uri: Rename `uri_(read|write)_t` to `php_uri_property_handler_(read|write)`
* uri: Rename `php_uri_property_handler`’s `(read|write)_func` to `read|write`
The `_func` is implied by the data type and the name of the struct.
* uri: Rename `uri_parser_t` to `php_uri_parser`
* uri: Shorten the names of `php_uri_parser` fields
The `_uri` suffix is implied, because this is an URI parser.
The allows cipher_algo to be specified as a string. It means the not
only predefined ID ciphers are available which means that also auth
enveloped data can be created using AES GCM.
Closes GH-19459
This adds PKCS7_NOSMIMECAP, PKCS7_CRLFEOL, PKCS7_NOCRL and
PKCS7_NO_DUAL_CONTENT constants. They might be potentially useful
in some scenarious.
Test is not added as it is not clear if there is much need for those and
it would require much bigger effort just to test OpenSSL functionality.
Closes GH-19450
This does not seem like an issue as the aliases seem to be already
fetched most of the time. But there might be cases when it could be
failing like it was failing for MD in GH-19369.
It should be noted that the test does not fail without this change but
it seems useful anyway so it is added as part of this change. I
actually have not found the case where alias is not fetched for cipher
but there might be some.
Closes GH-19437
* Fix Windows test for openssl-3.5 upgrade
* Update ext/openssl/tests/check_default_conf_path.phpt
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
---------
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
Avoid initializing the same string content multiple times and make use of the
fact that the strings created to initialize attribute values are not freed by
simply making use of an existing zend_string with the same content if one is
available.
Specifically, it is added to openssl_public_encrypt() and
openssl_private_decrypt() functions. The purpose is to specify digest
algorithm for OEAP padding. It currently defaults to SHA1 for some
OpenSSL versions which is not preferred for modern setup and causes
problems in compatibility with web crypto.
Closes GH-19223
Instead of
* adding a zval on the stack
* initializing it
* copying the value to the attribute
Just initialize the value directly in the zend_attribute_arg
As noted by the LibreSSL maintainer, these functions return -1 on error.
This is further confirmed by my static analyzer that inferred the same
thing for OpenSSL.
Closes GH-19013.
The issue is about not being able to connect as cafile for SNI
is not used in its SSL context. This sets it up so it is possible
to capture the client certificate which is only possible when
verify_peer is true.
Closes GH-18893
Tim Düsterhus