1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
#1, #2:
libressl doesn't yet have sk_new_reserve.
#3:
This check doesn't make sense for EC keys. (Also it ignores the default
key size compiled into libcrypto, only looks at default_bits in openssl.cnf
and any settings in the php file, which results in bogus failures).
Index: ext/openssl/openssl_backend_common.c
--- ext/openssl/openssl_backend_common.c.orig
+++ ext/openssl/openssl_backend_common.c
@@ -709,7 +709,7 @@ STACK_OF(X509) *php_openssl_load_all_certs_from_file(
goto end;
}
- if(!(stack = sk_X509_new_reserve(NULL, sk_X509_INFO_num(sk)))) {
+ if(!(stack = sk_X509_new_null())) {
php_openssl_store_errors();
goto end;
}
@@ -718,7 +718,11 @@ STACK_OF(X509) *php_openssl_load_all_certs_from_file(
while (sk_X509_INFO_num(sk)) {
xi=sk_X509_INFO_shift(sk);
if (xi->x509 != NULL) {
- sk_X509_push(stack,xi->x509);
+ if(sk_X509_push(stack,xi->x509) == 0) {
+ php_error_docref(NULL, E_ERROR, "Memory allocation failure");
+ sk_X509_pop_free(stack,X509_free);
+ goto end;
+ }
xi->x509=NULL;
}
X509_INFO_free(xi);
@@ -1444,7 +1448,7 @@ static const char *php_openssl_get_evp_pkey_name(int k
EVP_PKEY *php_openssl_generate_private_key(struct php_x509_request * req)
{
- if (req->priv_key_bits < MIN_KEY_LENGTH) {
+ if (req->priv_key_type != OPENSSL_KEYTYPE_EC && req->priv_key_bits < MIN_KEY_LENGTH) {
php_error_docref(NULL, E_WARNING, "Private key length must be at least %d bits, configured to %d",
MIN_KEY_LENGTH, req->priv_key_bits);
return NULL;
|
