]>
Commit | Line | Data |
---|---|---|
ef2959bf AO |
1 | diff -ruNp php-5.3.29.orig/acinclude.m4 php-5.3.29/acinclude.m4 |
2 | --- php-5.3.29.orig/acinclude.m4 2014-08-13 21:22:50.000000000 +0200 | |
3 | +++ php-5.3.29/acinclude.m4 2019-02-05 23:42:46.539242592 +0100 | |
4 | @@ -2331,8 +2331,10 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[ | |
d1949d9d AM |
5 | AC_MSG_ERROR([OpenSSL version 0.9.6 or greater required.]) |
6 | fi | |
7 | ||
8 | - if test -n "$OPENSSL_LIBS" && test -n "$OPENSSL_INCS"; then | |
9 | + if test -n "$OPENSSL_LIBS"; then | |
10 | PHP_EVAL_LIBLINE($OPENSSL_LIBS, $1) | |
11 | + fi | |
12 | + if test -n "$OPENSSL_INCS"; then | |
13 | PHP_EVAL_INCLINE($OPENSSL_INCS) | |
14 | fi | |
15 | fi | |
ef2959bf AO |
16 | diff -ruNp php-5.3.29.orig/ext/openssl/openssl.c php-5.3.29/ext/openssl/openssl.c |
17 | --- php-5.3.29.orig/ext/openssl/openssl.c 2014-08-13 21:22:50.000000000 +0200 | |
18 | +++ php-5.3.29/ext/openssl/openssl.c 2019-02-05 23:45:52.821213335 +0100 | |
c38d233d AM |
19 | @@ -68,6 +68,13 @@ |
20 | ||
21 | #define DEBUG_SMIME 0 | |
22 | ||
23 | + | |
24 | +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) | |
25 | +#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0) | |
26 | +#else | |
27 | +#define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval() | |
28 | +#endif | |
29 | + | |
30 | /* FIXME: Use the openssl constants instead of | |
31 | * enum. It is now impossible to match real values | |
32 | * against php constants. Also sorry to break the | |
d1949d9d | 33 | @@ -881,11 +888,6 @@ static int php_openssl_load_rand_file(co |
c38d233d AM |
34 | |
35 | if (file == NULL) { | |
36 | file = RAND_file_name(buffer, sizeof(buffer)); | |
37 | - } else if (RAND_egd(file) > 0) { | |
38 | - /* if the given filename is an EGD socket, don't | |
39 | - * write anything back to it */ | |
40 | - *egdsocket = 1; | |
41 | - return SUCCESS; | |
42 | } | |
43 | if (file == NULL || !RAND_load_file(file, -1)) { | |
44 | if (RAND_status() == 0) { | |
d1949d9d | 45 | @@ -939,9 +941,11 @@ static EVP_MD * php_openssl_get_evp_md_f |
c38d233d AM |
46 | mdtype = (EVP_MD *) EVP_md2(); |
47 | break; | |
48 | #endif | |
49 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | |
50 | case OPENSSL_ALGO_DSS1: | |
51 | mdtype = (EVP_MD *) EVP_dss1(); | |
52 | break; | |
53 | +#endif | |
54 | default: | |
55 | return NULL; | |
56 | break; | |
d1949d9d | 57 | @@ -989,14 +993,17 @@ PHP_MINIT_FUNCTION(openssl) |
7a3db4b1 AM |
58 | le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number); |
59 | le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number); | |
60 | ||
61 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | |
62 | + OPENSSL_config(NULL); | |
63 | SSL_library_init(); | |
64 | OpenSSL_add_all_ciphers(); | |
65 | OpenSSL_add_all_digests(); | |
66 | OpenSSL_add_all_algorithms(); | |
67 | ||
68 | - ERR_load_ERR_strings(); | |
69 | - ERR_load_crypto_strings(); | |
70 | - ERR_load_EVP_strings(); | |
71 | + SSL_load_error_strings(); | |
72 | +#else | |
73 | + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL); | |
74 | +#endif | |
75 | ||
76 | /* register a resource id number with OpenSSL so that we can map SSL -> stream structures in | |
77 | * OpenSSL callbacks */ | |
d1949d9d | 78 | @@ -1344,6 +1351,7 @@ static int openssl_x509v3_subjectAltName |
c38d233d AM |
79 | { |
80 | GENERAL_NAMES *names; | |
81 | const X509V3_EXT_METHOD *method = NULL; | |
82 | + ASN1_OCTET_STRING *extension_data; | |
83 | long i, length, num; | |
84 | const unsigned char *p; | |
85 | ||
d1949d9d | 86 | @@ -1352,8 +1360,9 @@ static int openssl_x509v3_subjectAltName |
c38d233d AM |
87 | return -1; |
88 | } | |
89 | ||
90 | - p = extension->value->data; | |
91 | - length = extension->value->length; | |
92 | + extension_data = X509_EXTENSION_get_data(extension); | |
93 | + p = extension_data->data; | |
94 | + length = extension_data->length; | |
95 | if (method->it) { | |
96 | names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, | |
97 | ASN1_ITEM_ptr(method->it))); | |
d1949d9d | 98 | @@ -1416,6 +1425,8 @@ PHP_FUNCTION(openssl_x509_parse) |
c38d233d AM |
99 | char * tmpstr; |
100 | zval * subitem; | |
101 | X509_EXTENSION *extension; | |
102 | + X509_NAME *subject_name; | |
103 | + char *cert_name; | |
104 | char *extname; | |
105 | BIO *bio_out; | |
106 | BUF_MEM *bio_buf; | |
d1949d9d | 107 | @@ -1430,12 +1441,12 @@ PHP_FUNCTION(openssl_x509_parse) |
c38d233d AM |
108 | } |
109 | array_init(return_value); | |
110 | ||
111 | - if (cert->name) { | |
112 | - add_assoc_string(return_value, "name", cert->name, 1); | |
113 | - } | |
114 | -/* add_assoc_bool(return_value, "valid", cert->valid); */ | |
115 | + subject_name = X509_get_subject_name(cert); | |
116 | + cert_name = X509_NAME_oneline(subject_name, NULL, 0); | |
117 | + add_assoc_string(return_value, "name", cert_name, 1); | |
118 | + OPENSSL_free(cert_name); | |
119 | ||
120 | - add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC); | |
121 | + add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC); | |
122 | /* hash as used in CA directories to lookup cert by subject name */ | |
123 | { | |
124 | char buf[32]; | |
d1949d9d | 125 | @@ -2921,13 +2932,20 @@ static int php_openssl_is_private_key(EV |
c38d233d AM |
126 | { |
127 | assert(pkey != NULL); | |
128 | ||
129 | - switch (pkey->type) { | |
130 | + switch (EVP_PKEY_id(pkey)) { | |
131 | #ifndef NO_RSA | |
132 | case EVP_PKEY_RSA: | |
133 | case EVP_PKEY_RSA2: | |
134 | - assert(pkey->pkey.rsa != NULL); | |
135 | - if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)) { | |
136 | - return 0; | |
137 | + { | |
138 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
139 | + if (rsa != NULL) { | |
140 | + const BIGNUM *p, *q; | |
141 | + | |
142 | + RSA_get0_factors(rsa, &p, &q); | |
143 | + if (p == NULL || q == NULL) { | |
144 | + return 0; | |
145 | + } | |
146 | + } | |
147 | } | |
148 | break; | |
149 | #endif | |
d1949d9d | 150 | @@ -2937,19 +2955,41 @@ static int php_openssl_is_private_key(EV |
c38d233d AM |
151 | case EVP_PKEY_DSA2: |
152 | case EVP_PKEY_DSA3: | |
153 | case EVP_PKEY_DSA4: | |
154 | - assert(pkey->pkey.dsa != NULL); | |
155 | + { | |
156 | + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
157 | + if (dsa != NULL) { | |
158 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
159 | + | |
160 | + DSA_get0_pqg(dsa, &p, &q, &g); | |
161 | + if (p == NULL || q == NULL) { | |
162 | + return 0; | |
163 | + } | |
164 | ||
165 | - if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){ | |
166 | - return 0; | |
167 | + DSA_get0_key(dsa, &pub_key, &priv_key); | |
168 | + if (priv_key == NULL) { | |
169 | + return 0; | |
170 | + } | |
171 | + } | |
172 | } | |
173 | break; | |
174 | #endif | |
175 | #ifndef NO_DH | |
176 | case EVP_PKEY_DH: | |
177 | - assert(pkey->pkey.dh != NULL); | |
178 | + { | |
179 | + DH *dh = EVP_PKEY_get0_DH(pkey); | |
180 | + if (dh != NULL) { | |
181 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
182 | + | |
183 | + DH_get0_pqg(dh, &p, &q, &g); | |
184 | + if (p == NULL) { | |
185 | + return 0; | |
186 | + } | |
187 | ||
188 | - if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) { | |
189 | - return 0; | |
190 | + DH_get0_key(dh, &pub_key, &priv_key); | |
191 | + if (priv_key == NULL) { | |
192 | + return 0; | |
193 | + } | |
194 | + } | |
195 | } | |
196 | break; | |
197 | #endif | |
d1949d9d | 198 | @@ -2961,6 +3001,31 @@ static int php_openssl_is_private_key(EV |
c38d233d AM |
199 | } |
200 | /* }}} */ | |
201 | ||
202 | +#define OPENSSL_GET_BN(_array, _bn, _name) do { \ | |
203 | + if (_bn != NULL) { \ | |
204 | + int len = BN_num_bytes(_bn); \ | |
205 | + char *str = emalloc(len + 1); \ | |
206 | + BN_bn2bin(_bn, (unsigned char*)str); \ | |
207 | + str[len] = 0; \ | |
ef2959bf | 208 | + add_assoc_stringl(_array, #_name, str, len, 0); \ |
c38d233d AM |
209 | + } \ |
210 | +} while (0); | |
211 | + | |
212 | +#define OPENSSL_PKEY_GET_BN(_type, _name) OPENSSL_GET_BN(_type, _name, _name) | |
213 | + | |
214 | +#define OPENSSL_PKEY_SET_BN(_data, _name) do { \ | |
215 | + zval **bn; \ | |
216 | + if (zend_hash_find(Z_ARRVAL_PP(_data), #_name, sizeof(#_name), (void**)bn) == SUCCESS && \ | |
217 | + Z_TYPE_PP(bn) == IS_STRING) { \ | |
218 | + _name = BN_bin2bn( \ | |
219 | + (unsigned char*)Z_STRVAL_PP(bn), \ | |
220 | + (int)Z_STRLEN_PP(bn), NULL); \ | |
221 | + } else { \ | |
222 | + _name = NULL; \ | |
223 | + } \ | |
224 | +} while (0); | |
225 | + | |
226 | +/* | |
227 | #define OPENSSL_PKEY_GET_BN(_type, _name) do { \ | |
228 | if (pkey->pkey._type->_name != NULL) { \ | |
229 | int len = BN_num_bytes(pkey->pkey._type->_name); \ | |
d1949d9d | 230 | @@ -2980,7 +3045,144 @@ static int php_openssl_is_private_key(EV |
c38d233d AM |
231 | Z_STRLEN_PP(bn), NULL); \ |
232 | } \ | |
233 | } while (0); | |
234 | +*/ | |
235 | + | |
236 | +/* {{{ php_openssl_pkey_init_rsa */ | |
237 | +zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa, zval **data) | |
238 | +{ | |
239 | + BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; | |
7a3db4b1 | 240 | + |
c38d233d AM |
241 | + OPENSSL_PKEY_SET_BN(data, n); |
242 | + OPENSSL_PKEY_SET_BN(data, e); | |
243 | + OPENSSL_PKEY_SET_BN(data, d); | |
244 | + if (!n || !d || !RSA_set0_key(rsa, n, e, d)) { | |
245 | + return 0; | |
246 | + } | |
247 | + | |
248 | + OPENSSL_PKEY_SET_BN(data, p); | |
249 | + OPENSSL_PKEY_SET_BN(data, q); | |
250 | + if ((p || q) && !RSA_set0_factors(rsa, p, q)) { | |
251 | + return 0; | |
252 | + } | |
253 | + | |
254 | + OPENSSL_PKEY_SET_BN(data, dmp1); | |
255 | + OPENSSL_PKEY_SET_BN(data, dmq1); | |
256 | + OPENSSL_PKEY_SET_BN(data, iqmp); | |
257 | + if ((dmp1 || dmq1 || iqmp) && !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) { | |
258 | + return 0; | |
259 | + } | |
260 | + | |
261 | + if (!EVP_PKEY_assign_RSA(pkey, rsa)) { | |
262 | + return 0; | |
263 | + } | |
264 | + | |
265 | + return 1; | |
266 | +} | |
267 | + | |
268 | +/* {{{ php_openssl_pkey_init_dsa */ | |
269 | +zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval **data) | |
270 | +{ | |
271 | + BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
272 | + const BIGNUM *priv_key_const, *pub_key_const; | |
273 | + | |
274 | + OPENSSL_PKEY_SET_BN(data, p); | |
275 | + OPENSSL_PKEY_SET_BN(data, q); | |
276 | + OPENSSL_PKEY_SET_BN(data, g); | |
277 | + if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) { | |
278 | + return 0; | |
279 | + } | |
280 | + OPENSSL_PKEY_SET_BN(data, pub_key); | |
281 | + OPENSSL_PKEY_SET_BN(data, priv_key); | |
282 | + if (pub_key) { | |
283 | + return DSA_set0_key(dsa, pub_key, priv_key); | |
284 | + } | |
285 | + | |
286 | + /* generate key */ | |
287 | + PHP_OPENSSL_RAND_ADD_TIME(); | |
288 | + if (!DSA_generate_key(dsa)) { | |
289 | + return 0; | |
290 | + } | |
291 | + /* if BN_mod_exp return -1, then DSA_generate_key succeed for failed key | |
292 | + * so we need to double check that public key is created */ | |
293 | + DSA_get0_key(dsa, &pub_key_const, &priv_key_const); | |
294 | + if (!pub_key_const || BN_is_zero(pub_key_const)) { | |
295 | + return 0; | |
296 | + } | |
297 | + /* all good */ | |
298 | + return 1; | |
299 | +} | |
300 | +/* }}} */ | |
7a3db4b1 | 301 | |
c38d233d AM |
302 | +/* {{{ php_openssl_dh_pub_from_priv */ |
303 | +static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM *p) | |
304 | +{ | |
305 | + BIGNUM *pub_key, *priv_key_const_time; | |
306 | + BN_CTX *ctx; | |
307 | + | |
308 | + pub_key = BN_new(); | |
309 | + if (pub_key == NULL) { | |
310 | + return NULL; | |
311 | + } | |
312 | + | |
313 | + priv_key_const_time = BN_new(); | |
314 | + if (priv_key_const_time == NULL) { | |
315 | + BN_free(pub_key); | |
316 | + return NULL; | |
317 | + } | |
318 | + ctx = BN_CTX_new(); | |
319 | + if (ctx == NULL) { | |
320 | + BN_free(pub_key); | |
321 | + BN_free(priv_key_const_time); | |
322 | + return NULL; | |
323 | + } | |
324 | + | |
325 | + BN_with_flags(priv_key_const_time, priv_key, BN_FLG_CONSTTIME); | |
326 | + | |
327 | + if (!BN_mod_exp_mont(pub_key, g, priv_key_const_time, p, ctx, NULL)) { | |
328 | + BN_free(pub_key); | |
329 | + pub_key = NULL; | |
330 | + } | |
331 | + | |
332 | + BN_free(priv_key_const_time); | |
333 | + BN_CTX_free(ctx); | |
334 | + | |
335 | + return pub_key; | |
336 | +} | |
337 | +/* }}} */ | |
338 | + | |
339 | +/* {{{ php_openssl_pkey_init_dh */ | |
340 | +zend_bool php_openssl_pkey_init_dh(DH *dh, zval **data) | |
341 | +{ | |
342 | + BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
343 | + | |
344 | + OPENSSL_PKEY_SET_BN(data, p); | |
345 | + OPENSSL_PKEY_SET_BN(data, q); | |
346 | + OPENSSL_PKEY_SET_BN(data, g); | |
347 | + if (!p || !g || !DH_set0_pqg(dh, p, q, g)) { | |
348 | + return 0; | |
349 | + } | |
350 | + OPENSSL_PKEY_SET_BN(data, priv_key); | |
351 | + OPENSSL_PKEY_SET_BN(data, pub_key); | |
352 | + if (pub_key) { | |
353 | + return DH_set0_key(dh, pub_key, priv_key); | |
354 | + } | |
355 | + if (priv_key) { | |
356 | + pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p); | |
357 | + if (pub_key == NULL) { | |
358 | + return 0; | |
359 | + } | |
360 | + return DH_set0_key(dh, pub_key, priv_key); | |
361 | + } | |
362 | + | |
363 | + /* generate key */ | |
364 | + PHP_OPENSSL_RAND_ADD_TIME(); | |
365 | + if (!DH_generate_key(dh)) { | |
366 | + return 0; | |
367 | + } | |
368 | + /* all good */ | |
369 | + return 1; | |
370 | +} | |
371 | +/* }}} */ | |
372 | ||
373 | /* {{{ proto resource openssl_pkey_new([array configargs]) | |
374 | Generates a new private key */ | |
d1949d9d | 375 | @@ -3004,18 +3206,8 @@ PHP_FUNCTION(openssl_pkey_new) |
c38d233d AM |
376 | if (pkey) { |
377 | RSA *rsa = RSA_new(); | |
378 | if (rsa) { | |
379 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, n); | |
380 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, e); | |
381 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, d); | |
382 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, p); | |
383 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, q); | |
384 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1); | |
385 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1); | |
386 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp); | |
387 | - if (rsa->n && rsa->d) { | |
388 | - if (EVP_PKEY_assign_RSA(pkey, rsa)) { | |
389 | - RETURN_RESOURCE(zend_list_insert(pkey, le_key)); | |
390 | - } | |
391 | + if (php_openssl_pkey_init_and_assign_rsa(pkey, rsa, data)) { | |
392 | + RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
393 | } | |
394 | RSA_free(rsa); | |
395 | } | |
d1949d9d | 396 | @@ -3028,15 +3220,7 @@ PHP_FUNCTION(openssl_pkey_new) |
c38d233d AM |
397 | if (pkey) { |
398 | DSA *dsa = DSA_new(); | |
399 | if (dsa) { | |
400 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, p); | |
401 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, q); | |
402 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g); | |
403 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key); | |
404 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key); | |
405 | - if (dsa->p && dsa->q && dsa->g) { | |
406 | - if (!dsa->priv_key && !dsa->pub_key) { | |
407 | - DSA_generate_key(dsa); | |
408 | - } | |
409 | + if (php_openssl_pkey_init_dsa(dsa, data)) { | |
410 | if (EVP_PKEY_assign_DSA(pkey, dsa)) { | |
411 | RETURN_RESOURCE(zend_list_insert(pkey, le_key)); | |
412 | } | |
d1949d9d | 413 | @@ -3052,14 +3236,7 @@ PHP_FUNCTION(openssl_pkey_new) |
c38d233d AM |
414 | if (pkey) { |
415 | DH *dh = DH_new(); | |
416 | if (dh) { | |
417 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, p); | |
418 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g); | |
419 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key); | |
420 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key); | |
421 | - if (dh->p && dh->g) { | |
422 | - if (!dh->pub_key) { | |
423 | - DH_generate_key(dh); | |
424 | - } | |
425 | + if (php_openssl_pkey_init_dh(dh, data)) { | |
426 | if (EVP_PKEY_assign_DH(pkey, dh)) { | |
427 | RETURN_RESOURCE(zend_list_insert(pkey, le_key)); | |
428 | } | |
ef2959bf | 429 | @@ -3289,63 +3466,82 @@ PHP_FUNCTION(openssl_pkey_get_details) |
c38d233d AM |
430 | /*TODO: Use the real values once the openssl constants are used |
431 | * See the enum at the top of this file | |
432 | */ | |
433 | - switch (EVP_PKEY_type(pkey->type)) { | |
434 | + switch (EVP_PKEY_base_id(pkey)) { | |
435 | case EVP_PKEY_RSA: | |
436 | case EVP_PKEY_RSA2: | |
437 | - ktype = OPENSSL_KEYTYPE_RSA; | |
438 | - | |
439 | - if (pkey->pkey.rsa != NULL) { | |
440 | - zval *rsa; | |
441 | - | |
442 | - ALLOC_INIT_ZVAL(rsa); | |
443 | - array_init(rsa); | |
444 | - OPENSSL_PKEY_GET_BN(rsa, n); | |
445 | - OPENSSL_PKEY_GET_BN(rsa, e); | |
446 | - OPENSSL_PKEY_GET_BN(rsa, d); | |
447 | - OPENSSL_PKEY_GET_BN(rsa, p); | |
448 | - OPENSSL_PKEY_GET_BN(rsa, q); | |
449 | - OPENSSL_PKEY_GET_BN(rsa, dmp1); | |
450 | - OPENSSL_PKEY_GET_BN(rsa, dmq1); | |
451 | - OPENSSL_PKEY_GET_BN(rsa, iqmp); | |
452 | - add_assoc_zval(return_value, "rsa", rsa); | |
453 | + { | |
454 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
455 | + ktype = OPENSSL_KEYTYPE_RSA; | |
456 | + | |
457 | + if (rsa != NULL) { | |
ef2959bf | 458 | + zval *z_rsa; |
c38d233d AM |
459 | + const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; |
460 | + | |
461 | + RSA_get0_key(rsa, &n, &e, &d); | |
462 | + RSA_get0_factors(rsa, &p, &q); | |
463 | + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); | |
464 | + | |
ef2959bf AO |
465 | + ALLOC_INIT_ZVAL(z_rsa); |
466 | + array_init(z_rsa); | |
c38d233d AM |
467 | + OPENSSL_PKEY_GET_BN(z_rsa, n); |
468 | + OPENSSL_PKEY_GET_BN(z_rsa, e); | |
469 | + OPENSSL_PKEY_GET_BN(z_rsa, d); | |
470 | + OPENSSL_PKEY_GET_BN(z_rsa, p); | |
471 | + OPENSSL_PKEY_GET_BN(z_rsa, q); | |
472 | + OPENSSL_PKEY_GET_BN(z_rsa, dmp1); | |
473 | + OPENSSL_PKEY_GET_BN(z_rsa, dmq1); | |
474 | + OPENSSL_PKEY_GET_BN(z_rsa, iqmp); | |
ef2959bf | 475 | + add_assoc_zval(return_value, "rsa", z_rsa); |
c38d233d AM |
476 | + } |
477 | } | |
478 | - | |
479 | break; | |
480 | case EVP_PKEY_DSA: | |
481 | case EVP_PKEY_DSA2: | |
482 | case EVP_PKEY_DSA3: | |
483 | case EVP_PKEY_DSA4: | |
484 | - ktype = OPENSSL_KEYTYPE_DSA; | |
485 | - | |
486 | - if (pkey->pkey.dsa != NULL) { | |
487 | - zval *dsa; | |
488 | - | |
489 | - ALLOC_INIT_ZVAL(dsa); | |
490 | - array_init(dsa); | |
491 | - OPENSSL_PKEY_GET_BN(dsa, p); | |
492 | - OPENSSL_PKEY_GET_BN(dsa, q); | |
493 | - OPENSSL_PKEY_GET_BN(dsa, g); | |
494 | - OPENSSL_PKEY_GET_BN(dsa, priv_key); | |
495 | - OPENSSL_PKEY_GET_BN(dsa, pub_key); | |
496 | - add_assoc_zval(return_value, "dsa", dsa); | |
497 | + { | |
498 | + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
499 | + ktype = OPENSSL_KEYTYPE_DSA; | |
500 | + | |
501 | + if (dsa != NULL) { | |
ef2959bf | 502 | + zval *z_dsa; |
c38d233d AM |
503 | + const BIGNUM *p, *q, *g, *priv_key, *pub_key; |
504 | + | |
505 | + DSA_get0_pqg(dsa, &p, &q, &g); | |
506 | + DSA_get0_key(dsa, &pub_key, &priv_key); | |
507 | + | |
ef2959bf AO |
508 | + ALLOC_INIT_ZVAL(z_dsa); |
509 | + array_init(z_dsa); | |
c38d233d AM |
510 | + OPENSSL_PKEY_GET_BN(z_dsa, p); |
511 | + OPENSSL_PKEY_GET_BN(z_dsa, q); | |
512 | + OPENSSL_PKEY_GET_BN(z_dsa, g); | |
513 | + OPENSSL_PKEY_GET_BN(z_dsa, priv_key); | |
514 | + OPENSSL_PKEY_GET_BN(z_dsa, pub_key); | |
ef2959bf | 515 | + add_assoc_zval(return_value, "dsa", z_dsa); |
c38d233d AM |
516 | + } |
517 | } | |
518 | break; | |
519 | case EVP_PKEY_DH: | |
520 | - | |
521 | - ktype = OPENSSL_KEYTYPE_DH; | |
522 | - | |
523 | - if (pkey->pkey.dh != NULL) { | |
524 | - zval *dh; | |
525 | - | |
526 | - ALLOC_INIT_ZVAL(dh); | |
527 | - array_init(dh); | |
528 | - OPENSSL_PKEY_GET_BN(dh, p); | |
529 | - OPENSSL_PKEY_GET_BN(dh, g); | |
530 | - OPENSSL_PKEY_GET_BN(dh, priv_key); | |
531 | - OPENSSL_PKEY_GET_BN(dh, pub_key); | |
532 | - add_assoc_zval(return_value, "dh", dh); | |
533 | + { | |
534 | + DH *dh = EVP_PKEY_get0_DH(pkey); | |
535 | + ktype = OPENSSL_KEYTYPE_DH; | |
536 | + | |
537 | + if (dh != NULL) { | |
ef2959bf | 538 | + zval *z_dh; |
c38d233d AM |
539 | + const BIGNUM *p, *q, *g, *priv_key, *pub_key; |
540 | + | |
541 | + DH_get0_pqg(dh, &p, &q, &g); | |
542 | + DH_get0_key(dh, &pub_key, &priv_key); | |
543 | + | |
ef2959bf AO |
544 | + ALLOC_INIT_ZVAL(z_dh); |
545 | + array_init(z_dh); | |
c38d233d AM |
546 | + OPENSSL_PKEY_GET_BN(z_dh, p); |
547 | + OPENSSL_PKEY_GET_BN(z_dh, g); | |
548 | + OPENSSL_PKEY_GET_BN(z_dh, priv_key); | |
549 | + OPENSSL_PKEY_GET_BN(z_dh, pub_key); | |
ef2959bf | 550 | + add_assoc_zval(return_value, "dh", z_dh); |
c38d233d AM |
551 | + } |
552 | } | |
553 | - | |
554 | break; | |
555 | #ifdef EVP_PKEY_EC | |
556 | case EVP_PKEY_EC: | |
ef2959bf | 557 | @@ -3844,13 +4040,13 @@ PHP_FUNCTION(openssl_private_encrypt) |
c38d233d AM |
558 | cryptedlen = EVP_PKEY_size(pkey); |
559 | cryptedbuf = emalloc(cryptedlen + 1); | |
560 | ||
561 | - switch (pkey->type) { | |
562 | + switch (EVP_PKEY_id(pkey)) { | |
563 | case EVP_PKEY_RSA: | |
564 | case EVP_PKEY_RSA2: | |
565 | successful = (RSA_private_encrypt(data_len, | |
566 | (unsigned char *)data, | |
567 | cryptedbuf, | |
568 | - pkey->pkey.rsa, | |
569 | + EVP_PKEY_get0_RSA(pkey), | |
570 | padding) == cryptedlen); | |
571 | break; | |
572 | default: | |
ef2959bf | 573 | @@ -3902,13 +4098,13 @@ PHP_FUNCTION(openssl_private_decrypt) |
c38d233d AM |
574 | cryptedlen = EVP_PKEY_size(pkey); |
575 | crypttemp = emalloc(cryptedlen + 1); | |
576 | ||
577 | - switch (pkey->type) { | |
578 | + switch (EVP_PKEY_id(pkey)) { | |
579 | case EVP_PKEY_RSA: | |
580 | case EVP_PKEY_RSA2: | |
581 | cryptedlen = RSA_private_decrypt(data_len, | |
582 | (unsigned char *)data, | |
583 | crypttemp, | |
584 | - pkey->pkey.rsa, | |
585 | + EVP_PKEY_get0_RSA(pkey), | |
586 | padding); | |
587 | if (cryptedlen != -1) { | |
588 | cryptedbuf = emalloc(cryptedlen + 1); | |
ef2959bf | 589 | @@ -3967,13 +4163,13 @@ PHP_FUNCTION(openssl_public_encrypt) |
c38d233d AM |
590 | cryptedlen = EVP_PKEY_size(pkey); |
591 | cryptedbuf = emalloc(cryptedlen + 1); | |
592 | ||
593 | - switch (pkey->type) { | |
594 | + switch (EVP_PKEY_id(pkey)) { | |
595 | case EVP_PKEY_RSA: | |
596 | case EVP_PKEY_RSA2: | |
597 | successful = (RSA_public_encrypt(data_len, | |
598 | (unsigned char *)data, | |
599 | cryptedbuf, | |
600 | - pkey->pkey.rsa, | |
601 | + EVP_PKEY_get0_RSA(pkey), | |
602 | padding) == cryptedlen); | |
603 | break; | |
604 | default: | |
ef2959bf | 605 | @@ -4026,13 +4222,13 @@ PHP_FUNCTION(openssl_public_decrypt) |
c38d233d AM |
606 | cryptedlen = EVP_PKEY_size(pkey); |
607 | crypttemp = emalloc(cryptedlen + 1); | |
608 | ||
609 | - switch (pkey->type) { | |
610 | + switch (EVP_PKEY_id(pkey)) { | |
611 | case EVP_PKEY_RSA: | |
612 | case EVP_PKEY_RSA2: | |
613 | cryptedlen = RSA_public_decrypt(data_len, | |
614 | (unsigned char *)data, | |
615 | crypttemp, | |
616 | - pkey->pkey.rsa, | |
617 | + EVP_PKEY_get0_RSA(pkey), | |
618 | padding); | |
619 | if (cryptedlen != -1) { | |
620 | cryptedbuf = emalloc(cryptedlen + 1); | |
ef2959bf | 621 | @@ -4096,7 +4292,7 @@ PHP_FUNCTION(openssl_sign) |
c38d233d AM |
622 | long keyresource = -1; |
623 | char * data; | |
624 | int data_len; | |
625 | - EVP_MD_CTX md_ctx; | |
626 | + EVP_MD_CTX *md_ctx; | |
627 | zval *method = NULL; | |
628 | long signature_algo = OPENSSL_ALGO_SHA1; | |
629 | const EVP_MD *mdtype; | |
ef2959bf | 630 | @@ -4129,9 +4325,11 @@ PHP_FUNCTION(openssl_sign) |
c38d233d AM |
631 | siglen = EVP_PKEY_size(pkey); |
632 | sigbuf = emalloc(siglen + 1); | |
633 | ||
634 | - EVP_SignInit(&md_ctx, mdtype); | |
635 | - EVP_SignUpdate(&md_ctx, data, data_len); | |
636 | - if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) { | |
637 | + md_ctx = EVP_MD_CTX_create(); | |
638 | + if (md_ctx != NULL && | |
639 | + EVP_SignInit(md_ctx, mdtype) && | |
640 | + EVP_SignUpdate(md_ctx, data, data_len) && | |
641 | + EVP_SignFinal (md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) { | |
642 | zval_dtor(signature); | |
643 | sigbuf[siglen] = '\0'; | |
644 | ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0); | |
ef2959bf | 645 | @@ -4140,7 +4338,7 @@ PHP_FUNCTION(openssl_sign) |
c38d233d AM |
646 | efree(sigbuf); |
647 | RETVAL_FALSE; | |
648 | } | |
649 | - EVP_MD_CTX_cleanup(&md_ctx); | |
650 | + EVP_MD_CTX_destroy(md_ctx); | |
651 | if (keyresource == -1) { | |
652 | EVP_PKEY_free(pkey); | |
653 | } | |
ef2959bf | 654 | @@ -4154,7 +4352,7 @@ PHP_FUNCTION(openssl_verify) |
c38d233d AM |
655 | zval **key; |
656 | EVP_PKEY *pkey; | |
657 | int err; | |
658 | - EVP_MD_CTX md_ctx; | |
659 | + EVP_MD_CTX *md_ctx; | |
660 | const EVP_MD *mdtype; | |
661 | long keyresource = -1; | |
662 | char * data; int data_len; | |
ef2959bf | 663 | @@ -4188,10 +4386,13 @@ PHP_FUNCTION(openssl_verify) |
c38d233d AM |
664 | RETURN_FALSE; |
665 | } | |
666 | ||
667 | - EVP_VerifyInit (&md_ctx, mdtype); | |
668 | - EVP_VerifyUpdate (&md_ctx, data, data_len); | |
669 | - err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey); | |
670 | - EVP_MD_CTX_cleanup(&md_ctx); | |
671 | + md_ctx = EVP_MD_CTX_create(); | |
672 | + if (md_ctx != NULL) { | |
673 | + EVP_VerifyInit (md_ctx, mdtype); | |
674 | + EVP_VerifyUpdate (md_ctx, data, data_len); | |
675 | + err = EVP_VerifyFinal (md_ctx, (unsigned char *)signature, signature_len, pkey); | |
676 | + } | |
677 | + EVP_MD_CTX_destroy(md_ctx); | |
678 | ||
679 | if (keyresource == -1) { | |
680 | EVP_PKEY_free(pkey); | |
ef2959bf | 681 | @@ -4215,7 +4416,7 @@ PHP_FUNCTION(openssl_seal) |
c38d233d AM |
682 | char *method =NULL; |
683 | int method_len = 0; | |
684 | const EVP_CIPHER *cipher; | |
685 | - EVP_CIPHER_CTX ctx; | |
686 | + EVP_CIPHER_CTX *ctx; | |
687 | ||
688 | if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/|s", &data, &data_len, &sealdata, &ekeys, &pubkeys, &method, &method_len) == FAILURE) { | |
689 | return; | |
ef2959bf | 690 | @@ -4261,7 +4462,9 @@ PHP_FUNCTION(openssl_seal) |
c38d233d AM |
691 | i++; |
692 | } | |
693 | ||
694 | - if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) { | |
695 | + ctx = EVP_CIPHER_CTX_new(); | |
696 | + if (ctx == NULL || !EVP_EncryptInit(ctx,cipher,NULL,NULL)) { | |
697 | + EVP_CIPHER_CTX_free(ctx); | |
698 | RETVAL_FALSE; | |
699 | goto clean_exit; | |
700 | } | |
ef2959bf | 701 | @@ -4272,15 +4475,16 @@ PHP_FUNCTION(openssl_seal) |
c38d233d AM |
702 | iv = ivlen ? emalloc(ivlen + 1) : NULL; |
703 | #endif | |
704 | /* allocate one byte extra to make room for \0 */ | |
705 | - buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx)); | |
706 | + buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx)); | |
707 | ||
708 | - if (!EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
709 | + if (!EVP_SealInit(ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
710 | RETVAL_FALSE; | |
711 | efree(buf); | |
712 | + EVP_CIPHER_CTX_free(ctx); | |
713 | goto clean_exit; | |
714 | } | |
715 | ||
716 | - EVP_SealFinal(&ctx, buf + len1, &len2); | |
717 | + EVP_SealFinal(ctx, buf + len1, &len2); | |
718 | ||
719 | if (len1 + len2 > 0) { | |
720 | zval_dtor(sealdata); | |
ef2959bf | 721 | @@ -4309,6 +4513,7 @@ PHP_FUNCTION(openssl_seal) |
c38d233d AM |
722 | efree(buf); |
723 | } | |
724 | RETVAL_LONG(len1 + len2); | |
725 | + EVP_CIPHER_CTX_free(ctx); | |
726 | ||
727 | clean_exit: | |
728 | for (i=0; i<nkeys; i++) { | |
ef2959bf | 729 | @@ -4335,7 +4540,7 @@ PHP_FUNCTION(openssl_open) |
c38d233d AM |
730 | int len1, len2; |
731 | unsigned char *buf; | |
732 | long keyresource = -1; | |
733 | - EVP_CIPHER_CTX ctx; | |
734 | + EVP_CIPHER_CTX *ctx; | |
735 | char * data; int data_len; | |
736 | char * ekey; int ekey_len; | |
737 | char *method =NULL; | |
ef2959bf | 738 | @@ -4364,28 +4569,22 @@ PHP_FUNCTION(openssl_open) |
c38d233d AM |
739 | |
740 | buf = emalloc(data_len + 1); | |
741 | ||
742 | - if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
743 | - if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) { | |
744 | - efree(buf); | |
745 | - if (keyresource == -1) { | |
746 | - EVP_PKEY_free(pkey); | |
747 | - } | |
748 | - RETURN_FALSE; | |
749 | - } | |
750 | + ctx = EVP_CIPHER_CTX_new(); | |
751 | + if (ctx != NULL && EVP_OpenInit(ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && | |
752 | + EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, data_len) && | |
753 | + EVP_OpenFinal(ctx, buf + len1, &len2) && (len1 + len2 > 0)) { | |
754 | + zval_dtor(opendata); | |
755 | + buf[len1 + len2] = '\0'; | |
756 | + ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); | |
757 | + RETVAL_TRUE; | |
758 | } else { | |
759 | - efree(buf); | |
760 | - if (keyresource == -1) { | |
761 | - EVP_PKEY_free(pkey); | |
762 | - } | |
763 | - RETURN_FALSE; | |
764 | + RETURN_FALSE; | |
765 | } | |
766 | + efree(buf); | |
767 | if (keyresource == -1) { | |
768 | EVP_PKEY_free(pkey); | |
769 | } | |
770 | - zval_dtor(opendata); | |
771 | - buf[len1 + len2] = '\0'; | |
772 | - ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); | |
773 | - RETURN_TRUE; | |
774 | + EVP_CIPHER_CTX_free(ctx); | |
775 | } | |
776 | /* }}} */ | |
777 | ||
ef2959bf | 778 | @@ -4690,7 +4889,7 @@ PHP_FUNCTION(openssl_digest) |
c38d233d AM |
779 | char *data, *method; |
780 | int data_len, method_len; | |
781 | const EVP_MD *mdtype; | |
782 | - EVP_MD_CTX md_ctx; | |
783 | + EVP_MD_CTX *md_ctx; | |
784 | int siglen; | |
785 | unsigned char *sigbuf; | |
786 | ||
ef2959bf | 787 | @@ -4706,9 +4905,11 @@ PHP_FUNCTION(openssl_digest) |
c38d233d AM |
788 | siglen = EVP_MD_size(mdtype); |
789 | sigbuf = emalloc(siglen + 1); | |
790 | ||
791 | - EVP_DigestInit(&md_ctx, mdtype); | |
792 | - EVP_DigestUpdate(&md_ctx, (unsigned char *)data, data_len); | |
793 | - if (EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) { | |
794 | + md_ctx = EVP_MD_CTX_create(); | |
795 | + if (md_ctx != NULL && | |
796 | + EVP_DigestInit(md_ctx, mdtype) && | |
797 | + EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len) && | |
798 | + EVP_DigestFinal (md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) { | |
799 | if (raw_output) { | |
800 | sigbuf[siglen] = '\0'; | |
801 | RETVAL_STRINGL((char *)sigbuf, siglen, 0); | |
ef2959bf | 802 | @@ -4724,6 +4925,7 @@ PHP_FUNCTION(openssl_digest) |
c38d233d AM |
803 | efree(sigbuf); |
804 | RETVAL_FALSE; | |
805 | } | |
806 | + EVP_MD_CTX_destroy(md_ctx); | |
807 | } | |
808 | /* }}} */ | |
809 | ||
ef2959bf | 810 | @@ -4769,7 +4971,7 @@ PHP_FUNCTION(openssl_encrypt) |
c38d233d AM |
811 | char *data, *method, *password, *iv = ""; |
812 | int data_len, method_len, password_len, iv_len = 0, max_iv_len; | |
813 | const EVP_CIPHER *cipher_type; | |
814 | - EVP_CIPHER_CTX cipher_ctx; | |
815 | + EVP_CIPHER_CTX *cipher_ctx; | |
816 | int i = 0, outlen, keylen; | |
817 | unsigned char *outbuf, *key; | |
818 | zend_bool free_iv; | |
ef2959bf | 819 | @@ -4783,6 +4985,12 @@ PHP_FUNCTION(openssl_encrypt) |
c38d233d AM |
820 | RETURN_FALSE; |
821 | } | |
822 | ||
823 | + cipher_ctx = EVP_CIPHER_CTX_new(); | |
824 | + if (!cipher_ctx) { | |
825 | + php_error_docref(NULL, E_WARNING, "Failed to create cipher context"); | |
826 | + RETURN_FALSE; | |
827 | + } | |
828 | + | |
829 | keylen = EVP_CIPHER_key_length(cipher_type); | |
830 | if (keylen > password_len) { | |
831 | key = emalloc(keylen); | |
ef2959bf | 832 | @@ -4801,16 +5009,16 @@ PHP_FUNCTION(openssl_encrypt) |
c38d233d AM |
833 | outlen = data_len + EVP_CIPHER_block_size(cipher_type); |
834 | outbuf = emalloc(outlen + 1); | |
835 | ||
836 | - EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL); | |
837 | + EVP_EncryptInit(cipher_ctx, cipher_type, NULL, NULL); | |
838 | if (password_len > keylen) { | |
839 | - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); | |
840 | + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); | |
841 | } | |
842 | - EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
843 | + EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
844 | if (data_len > 0) { | |
845 | - EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
846 | + EVP_EncryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
847 | } | |
848 | outlen = i; | |
849 | - if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
850 | + if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
851 | outlen += i; | |
852 | if (raw_output) { | |
853 | outbuf[outlen] = '\0'; | |
ef2959bf | 854 | @@ -4833,7 +5041,7 @@ PHP_FUNCTION(openssl_encrypt) |
c38d233d AM |
855 | if (free_iv) { |
856 | efree(iv); | |
857 | } | |
858 | - EVP_CIPHER_CTX_cleanup(&cipher_ctx); | |
859 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
860 | } | |
861 | /* }}} */ | |
862 | ||
ef2959bf | 863 | @@ -4845,7 +5053,7 @@ PHP_FUNCTION(openssl_decrypt) |
c38d233d AM |
864 | char *data, *method, *password, *iv = ""; |
865 | int data_len, method_len, password_len, iv_len = 0; | |
866 | const EVP_CIPHER *cipher_type; | |
867 | - EVP_CIPHER_CTX cipher_ctx; | |
868 | + EVP_CIPHER_CTX *cipher_ctx; | |
869 | int i, outlen, keylen; | |
870 | unsigned char *outbuf, *key; | |
871 | int base64_str_len; | |
ef2959bf | 872 | @@ -4867,10 +5075,17 @@ PHP_FUNCTION(openssl_decrypt) |
c38d233d AM |
873 | RETURN_FALSE; |
874 | } | |
875 | ||
876 | + cipher_ctx = EVP_CIPHER_CTX_new(); | |
877 | + if (!cipher_ctx) { | |
878 | + php_error_docref(NULL, E_WARNING, "Failed to create cipher context"); | |
879 | + RETURN_FALSE; | |
880 | + } | |
881 | + | |
882 | if (!raw_input) { | |
883 | base64_str = (char*)php_base64_decode((unsigned char*)data, data_len, &base64_str_len); | |
884 | if (!base64_str) { | |
885 | php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to base64 decode the input"); | |
886 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
887 | RETURN_FALSE; | |
888 | } | |
889 | data_len = base64_str_len; | |
ef2959bf | 890 | @@ -4891,14 +5106,14 @@ PHP_FUNCTION(openssl_decrypt) |
c38d233d AM |
891 | outlen = data_len + EVP_CIPHER_block_size(cipher_type); |
892 | outbuf = emalloc(outlen + 1); | |
893 | ||
894 | - EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL); | |
895 | + EVP_DecryptInit(cipher_ctx, cipher_type, NULL, NULL); | |
896 | if (password_len > keylen) { | |
897 | - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); | |
898 | + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); | |
899 | } | |
900 | - EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
901 | - EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
902 | + EVP_DecryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
903 | + EVP_DecryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
904 | outlen = i; | |
905 | - if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
906 | + if (EVP_DecryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
907 | outlen += i; | |
908 | outbuf[outlen] = '\0'; | |
909 | RETVAL_STRINGL((char *)outbuf, outlen, 0); | |
ef2959bf | 910 | @@ -4915,7 +5130,7 @@ PHP_FUNCTION(openssl_decrypt) |
c38d233d AM |
911 | if (base64_str) { |
912 | efree(base64_str); | |
913 | } | |
914 | - EVP_CIPHER_CTX_cleanup(&cipher_ctx); | |
915 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
916 | } | |
917 | /* }}} */ | |
918 | ||
ef2959bf | 919 | @@ -4953,6 +5168,7 @@ PHP_FUNCTION(openssl_dh_compute_key) |
c38d233d AM |
920 | zval *key; |
921 | char *pub_str; | |
922 | int pub_len; | |
923 | + DH *dh; | |
924 | EVP_PKEY *pkey; | |
925 | BIGNUM *pub; | |
926 | char *data; | |
ef2959bf | 927 | @@ -4961,15 +5177,18 @@ PHP_FUNCTION(openssl_dh_compute_key) |
c38d233d AM |
928 | if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sr", &pub_str, &pub_len, &key) == FAILURE) { |
929 | return; | |
930 | } | |
931 | - ZEND_FETCH_RESOURCE(pkey, EVP_PKEY *, &key, -1, "OpenSSL key", le_key); | |
932 | - if (!pkey || EVP_PKEY_type(pkey->type) != EVP_PKEY_DH || !pkey->pkey.dh) { | |
933 | + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) { | |
934 | + RETURN_FALSE; | |
935 | + } | |
936 | + dh = EVP_PKEY_get0_DH(pkey); | |
937 | + if (dh == NULL) { | |
938 | RETURN_FALSE; | |
939 | } | |
940 | ||
941 | pub = BN_bin2bn((unsigned char*)pub_str, pub_len, NULL); | |
942 | ||
943 | - data = emalloc(DH_size(pkey->pkey.dh) + 1); | |
944 | - len = DH_compute_key((unsigned char*)data, pub, pkey->pkey.dh); | |
945 | + data = emalloc(DH_size(dh) + 1); | |
946 | + len = DH_compute_key((unsigned char*)data, pub, dh); | |
947 | ||
948 | if (len >= 0) { | |
949 | data[len] = 0; | |
ef2959bf AO |
950 | diff -ruNp php-5.3.29.orig/ext/openssl/xp_ssl.c php-5.3.29/ext/openssl/xp_ssl.c |
951 | --- php-5.3.29.orig/ext/openssl/xp_ssl.c 2014-08-13 21:22:50.000000000 +0200 | |
952 | +++ php-5.3.29/ext/openssl/xp_ssl.c 2019-02-05 23:42:46.543242570 +0100 | |
d1949d9d | 953 | @@ -338,9 +338,14 @@ static inline int php_openssl_setup_cryp |
10ea1ccd AM |
954 | break; |
955 | #endif | |
956 | case STREAM_CRYPTO_METHOD_SSLv3_CLIENT: | |
957 | +#ifdef OPENSSL_NO_SSL3 | |
958 | + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against"); | |
959 | + return -1; | |
960 | +#else | |
961 | sslsock->is_client = 1; | |
962 | method = SSLv3_client_method(); | |
963 | break; | |
964 | +#endif | |
965 | case STREAM_CRYPTO_METHOD_TLS_CLIENT: | |
966 | sslsock->is_client = 1; | |
967 | method = TLSv1_client_method(); | |
d1949d9d | 968 | @@ -350,9 +355,14 @@ static inline int php_openssl_setup_cryp |
10ea1ccd AM |
969 | method = SSLv23_server_method(); |
970 | break; | |
971 | case STREAM_CRYPTO_METHOD_SSLv3_SERVER: | |
972 | +#ifdef OPENSSL_NO_SSL3 | |
973 | + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against"); | |
974 | + return -1; | |
975 | +#else | |
976 | sslsock->is_client = 0; | |
977 | method = SSLv3_server_method(); | |
978 | break; | |
979 | +#endif | |
980 | case STREAM_CRYPTO_METHOD_SSLv2_SERVER: | |
981 | #ifdef OPENSSL_NO_SSL2 | |
982 | php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against"); | |
876cabd6 AM |
983 | --- php-5.3.29/ext/openssl/openssl.c~ 2021-10-23 19:18:21.000000000 +0200 |
984 | +++ php-5.3.29/ext/openssl/openssl.c 2021-10-23 19:19:01.483125024 +0200 | |
985 | @@ -1044,7 +1044,9 @@ PHP_MINIT_FUNCTION(openssl) | |
986 | REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT); | |
987 | ||
988 | REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT); | |
989 | +#ifdef RSA_SSLV23_PADDING | |
990 | REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT); | |
991 | +#endif | |
992 | REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT); | |
993 | REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT); | |
994 |