Mark parameter in ext/openssl as sensitive

- openssl_cms_decrypt: $private_key
- openssl_cms_sign: $private_key
- openssl_csr_sign: $private_key
- openssl_decrypt: $data, $passphrase
- openssl_dh_compute_key: $private_key
- openssl_encrypt: $data, $passphrase
- openssl_free_key: $key
- openssl_get_privatekey: $private_key, $passphrase
- openssl_open: $output, $private_key
- openssl_pbkdf2: $password
- openssl_pkcs12_export_to_file: $private_key, $passphrase
- openssl_pkcs12_export: $private_key, $passphrase
- openssl_pkcs12_read: $passphrase
- openssl_pkcs7_decrypt: $private_key
- openssl_pkcs7_sign: $private_key
- openssl_pkey_derive: $private_key
- openssl_pkey_export_to_file: $key, $passphrase
- openssl_pkey_export: $key, $passphrase
- openssl_pkey_free: $key
- openssl_pkey_get_private: $private_key, $passphrase
- openssl_private_decrypt: $decrypted_data, $private_key
- openssl_private_encrypt: $data, $private_key
- openssl_public_decrypt: $decrypted_data, $data
- openssl_seal: $data
- openssl_sign: $private_key
- openssl_spki_new: $private_key
- openssl_x509_check_private_key: $private_key

Author: TimWolla

ext/openssl/openssl.c

@@ -27,6 +27,7 @@
 #include "php.h"
 #include "php_ini.h"
 #include "php_openssl.h"
+#include "zend_attributes.h"
 #include "zend_exceptions.h"
 
 /* PHP Includes */
@@ -1300,6 +1301,46 @@ PHP_MINIT_FUNCTION(openssl)
 
 	REGISTER_INI_ENTRIES();
 
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_cms_decrypt", 3 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_cms_sign", 3 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_csr_sign", 2 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_decrypt", 0 /* $data */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_decrypt", 2 /* $passphrase */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_dh_compute_key", 1 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_encrypt", 0 /* $data */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_encrypt", 2 /* $passphrase */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_free_key", 0 /* $key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_get_privatekey", 0 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_get_privatekey", 1 /* $passphrase */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_open", 1 /* $output */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_open", 3 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pbkdf2", 0 /* $password */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkcs12_export_to_file", 2 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkcs12_export_to_file", 3 /* $passphrase */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkcs12_export", 2 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkcs12_export", 3 /* $passphrase */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkcs12_read", 2 /* $passphrase */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkcs7_decrypt", 3 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkcs7_sign", 3 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkey_derive", 1 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkey_export_to_file", 0 /* $key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkey_export_to_file", 2 /* $passphrase */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkey_export", 0 /* $key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkey_export", 2 /* $passphrase */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkey_free", 0 /* $key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkey_get_private", 0 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_pkey_get_private", 1 /* $passphrase */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_private_decrypt", 1 /* $decrypted_data */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_private_decrypt", 2 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_private_encrypt", 0 /* $data */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_private_encrypt", 2 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_public_decrypt", 1 /* $decrypted_data */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_public_encrypt", 0 /* $data */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_seal", 0 /* $data */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_sign", 2 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_spki_new", 0 /* $private_key */);
+	zend_mark_function_parameter_as_sensitive(CG(function_table), "openssl_x509_check_private_key", 1 /* $private_key */);
+
 	return SUCCESS;
 }
 /* }}} */