]>
Commit | Line | Data |
---|---|---|
7a3db4b1 AM |
1 | diff -urN php-5.3.29.org/ext/openssl/openssl.c php-5.3.29/ext/openssl/openssl.c |
2 | --- php-5.3.29.org/ext/openssl/openssl.c 2018-09-25 12:32:51.062376414 +0200 | |
3 | +++ php-5.3.29/ext/openssl/openssl.c 2018-09-25 12:38:20.995593826 +0200 | |
c38d233d AM |
4 | @@ -68,6 +68,13 @@ |
5 | ||
6 | #define DEBUG_SMIME 0 | |
7 | ||
8 | + | |
9 | +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) | |
10 | +#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0) | |
11 | +#else | |
12 | +#define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval() | |
13 | +#endif | |
14 | + | |
15 | /* FIXME: Use the openssl constants instead of | |
16 | * enum. It is now impossible to match real values | |
17 | * against php constants. Also sorry to break the | |
18 | @@ -881,11 +888,6 @@ | |
19 | ||
20 | if (file == NULL) { | |
21 | file = RAND_file_name(buffer, sizeof(buffer)); | |
22 | - } else if (RAND_egd(file) > 0) { | |
23 | - /* if the given filename is an EGD socket, don't | |
24 | - * write anything back to it */ | |
25 | - *egdsocket = 1; | |
26 | - return SUCCESS; | |
27 | } | |
28 | if (file == NULL || !RAND_load_file(file, -1)) { | |
29 | if (RAND_status() == 0) { | |
30 | @@ -939,9 +941,11 @@ | |
31 | mdtype = (EVP_MD *) EVP_md2(); | |
32 | break; | |
33 | #endif | |
34 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | |
35 | case OPENSSL_ALGO_DSS1: | |
36 | mdtype = (EVP_MD *) EVP_dss1(); | |
37 | break; | |
38 | +#endif | |
39 | default: | |
40 | return NULL; | |
41 | break; | |
7a3db4b1 AM |
42 | @@ -989,14 +993,17 @@ |
43 | le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number); | |
44 | le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number); | |
45 | ||
46 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | |
47 | + OPENSSL_config(NULL); | |
48 | SSL_library_init(); | |
49 | OpenSSL_add_all_ciphers(); | |
50 | OpenSSL_add_all_digests(); | |
51 | OpenSSL_add_all_algorithms(); | |
52 | ||
53 | - ERR_load_ERR_strings(); | |
54 | - ERR_load_crypto_strings(); | |
55 | - ERR_load_EVP_strings(); | |
56 | + SSL_load_error_strings(); | |
57 | +#else | |
58 | + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL); | |
59 | +#endif | |
60 | ||
61 | /* register a resource id number with OpenSSL so that we can map SSL -> stream structures in | |
62 | * OpenSSL callbacks */ | |
63 | @@ -1344,6 +1351,7 @@ | |
c38d233d AM |
64 | { |
65 | GENERAL_NAMES *names; | |
66 | const X509V3_EXT_METHOD *method = NULL; | |
67 | + ASN1_OCTET_STRING *extension_data; | |
68 | long i, length, num; | |
69 | const unsigned char *p; | |
70 | ||
7a3db4b1 | 71 | @@ -1352,8 +1360,9 @@ |
c38d233d AM |
72 | return -1; |
73 | } | |
74 | ||
75 | - p = extension->value->data; | |
76 | - length = extension->value->length; | |
77 | + extension_data = X509_EXTENSION_get_data(extension); | |
78 | + p = extension_data->data; | |
79 | + length = extension_data->length; | |
80 | if (method->it) { | |
81 | names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, | |
82 | ASN1_ITEM_ptr(method->it))); | |
7a3db4b1 | 83 | @@ -1416,6 +1425,8 @@ |
c38d233d AM |
84 | char * tmpstr; |
85 | zval * subitem; | |
86 | X509_EXTENSION *extension; | |
87 | + X509_NAME *subject_name; | |
88 | + char *cert_name; | |
89 | char *extname; | |
90 | BIO *bio_out; | |
91 | BUF_MEM *bio_buf; | |
7a3db4b1 | 92 | @@ -1430,12 +1441,12 @@ |
c38d233d AM |
93 | } |
94 | array_init(return_value); | |
95 | ||
96 | - if (cert->name) { | |
97 | - add_assoc_string(return_value, "name", cert->name, 1); | |
98 | - } | |
99 | -/* add_assoc_bool(return_value, "valid", cert->valid); */ | |
100 | + subject_name = X509_get_subject_name(cert); | |
101 | + cert_name = X509_NAME_oneline(subject_name, NULL, 0); | |
102 | + add_assoc_string(return_value, "name", cert_name, 1); | |
103 | + OPENSSL_free(cert_name); | |
104 | ||
105 | - add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC); | |
106 | + add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC); | |
107 | /* hash as used in CA directories to lookup cert by subject name */ | |
108 | { | |
109 | char buf[32]; | |
7a3db4b1 | 110 | @@ -2921,13 +2932,20 @@ |
c38d233d AM |
111 | { |
112 | assert(pkey != NULL); | |
113 | ||
114 | - switch (pkey->type) { | |
115 | + switch (EVP_PKEY_id(pkey)) { | |
116 | #ifndef NO_RSA | |
117 | case EVP_PKEY_RSA: | |
118 | case EVP_PKEY_RSA2: | |
119 | - assert(pkey->pkey.rsa != NULL); | |
120 | - if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)) { | |
121 | - return 0; | |
122 | + { | |
123 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
124 | + if (rsa != NULL) { | |
125 | + const BIGNUM *p, *q; | |
126 | + | |
127 | + RSA_get0_factors(rsa, &p, &q); | |
128 | + if (p == NULL || q == NULL) { | |
129 | + return 0; | |
130 | + } | |
131 | + } | |
132 | } | |
133 | break; | |
134 | #endif | |
7a3db4b1 | 135 | @@ -2937,19 +2955,41 @@ |
c38d233d AM |
136 | case EVP_PKEY_DSA2: |
137 | case EVP_PKEY_DSA3: | |
138 | case EVP_PKEY_DSA4: | |
139 | - assert(pkey->pkey.dsa != NULL); | |
140 | + { | |
141 | + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
142 | + if (dsa != NULL) { | |
143 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
144 | + | |
145 | + DSA_get0_pqg(dsa, &p, &q, &g); | |
146 | + if (p == NULL || q == NULL) { | |
147 | + return 0; | |
148 | + } | |
149 | ||
150 | - if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){ | |
151 | - return 0; | |
152 | + DSA_get0_key(dsa, &pub_key, &priv_key); | |
153 | + if (priv_key == NULL) { | |
154 | + return 0; | |
155 | + } | |
156 | + } | |
157 | } | |
158 | break; | |
159 | #endif | |
160 | #ifndef NO_DH | |
161 | case EVP_PKEY_DH: | |
162 | - assert(pkey->pkey.dh != NULL); | |
163 | + { | |
164 | + DH *dh = EVP_PKEY_get0_DH(pkey); | |
165 | + if (dh != NULL) { | |
166 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
167 | + | |
168 | + DH_get0_pqg(dh, &p, &q, &g); | |
169 | + if (p == NULL) { | |
170 | + return 0; | |
171 | + } | |
172 | ||
173 | - if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) { | |
174 | - return 0; | |
175 | + DH_get0_key(dh, &pub_key, &priv_key); | |
176 | + if (priv_key == NULL) { | |
177 | + return 0; | |
178 | + } | |
179 | + } | |
180 | } | |
181 | break; | |
182 | #endif | |
7a3db4b1 | 183 | @@ -2961,6 +3001,31 @@ |
c38d233d AM |
184 | } |
185 | /* }}} */ | |
186 | ||
187 | +#define OPENSSL_GET_BN(_array, _bn, _name) do { \ | |
188 | + if (_bn != NULL) { \ | |
189 | + int len = BN_num_bytes(_bn); \ | |
190 | + char *str = emalloc(len + 1); \ | |
191 | + BN_bn2bin(_bn, (unsigned char*)str); \ | |
192 | + str[len] = 0; \ | |
193 | + add_assoc_stringl(&_array, #_name, str, len, 0); \ | |
194 | + } \ | |
195 | +} while (0); | |
196 | + | |
197 | +#define OPENSSL_PKEY_GET_BN(_type, _name) OPENSSL_GET_BN(_type, _name, _name) | |
198 | + | |
199 | +#define OPENSSL_PKEY_SET_BN(_data, _name) do { \ | |
200 | + zval **bn; \ | |
201 | + if (zend_hash_find(Z_ARRVAL_PP(_data), #_name, sizeof(#_name), (void**)bn) == SUCCESS && \ | |
202 | + Z_TYPE_PP(bn) == IS_STRING) { \ | |
203 | + _name = BN_bin2bn( \ | |
204 | + (unsigned char*)Z_STRVAL_PP(bn), \ | |
205 | + (int)Z_STRLEN_PP(bn), NULL); \ | |
206 | + } else { \ | |
207 | + _name = NULL; \ | |
208 | + } \ | |
209 | +} while (0); | |
210 | + | |
211 | +/* | |
212 | #define OPENSSL_PKEY_GET_BN(_type, _name) do { \ | |
213 | if (pkey->pkey._type->_name != NULL) { \ | |
214 | int len = BN_num_bytes(pkey->pkey._type->_name); \ | |
7a3db4b1 | 215 | @@ -2980,7 +3045,144 @@ |
c38d233d AM |
216 | Z_STRLEN_PP(bn), NULL); \ |
217 | } \ | |
218 | } while (0); | |
219 | +*/ | |
220 | + | |
221 | +/* {{{ php_openssl_pkey_init_rsa */ | |
222 | +zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa, zval **data) | |
223 | +{ | |
224 | + BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; | |
7a3db4b1 | 225 | + |
c38d233d AM |
226 | + OPENSSL_PKEY_SET_BN(data, n); |
227 | + OPENSSL_PKEY_SET_BN(data, e); | |
228 | + OPENSSL_PKEY_SET_BN(data, d); | |
229 | + if (!n || !d || !RSA_set0_key(rsa, n, e, d)) { | |
230 | + return 0; | |
231 | + } | |
232 | + | |
233 | + OPENSSL_PKEY_SET_BN(data, p); | |
234 | + OPENSSL_PKEY_SET_BN(data, q); | |
235 | + if ((p || q) && !RSA_set0_factors(rsa, p, q)) { | |
236 | + return 0; | |
237 | + } | |
238 | + | |
239 | + OPENSSL_PKEY_SET_BN(data, dmp1); | |
240 | + OPENSSL_PKEY_SET_BN(data, dmq1); | |
241 | + OPENSSL_PKEY_SET_BN(data, iqmp); | |
242 | + if ((dmp1 || dmq1 || iqmp) && !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) { | |
243 | + return 0; | |
244 | + } | |
245 | + | |
246 | + if (!EVP_PKEY_assign_RSA(pkey, rsa)) { | |
247 | + return 0; | |
248 | + } | |
249 | + | |
250 | + return 1; | |
251 | +} | |
252 | + | |
253 | +/* {{{ php_openssl_pkey_init_dsa */ | |
254 | +zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval **data) | |
255 | +{ | |
256 | + BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
257 | + const BIGNUM *priv_key_const, *pub_key_const; | |
258 | + | |
259 | + OPENSSL_PKEY_SET_BN(data, p); | |
260 | + OPENSSL_PKEY_SET_BN(data, q); | |
261 | + OPENSSL_PKEY_SET_BN(data, g); | |
262 | + if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) { | |
263 | + return 0; | |
264 | + } | |
265 | + OPENSSL_PKEY_SET_BN(data, pub_key); | |
266 | + OPENSSL_PKEY_SET_BN(data, priv_key); | |
267 | + if (pub_key) { | |
268 | + return DSA_set0_key(dsa, pub_key, priv_key); | |
269 | + } | |
270 | + | |
271 | + /* generate key */ | |
272 | + PHP_OPENSSL_RAND_ADD_TIME(); | |
273 | + if (!DSA_generate_key(dsa)) { | |
274 | + return 0; | |
275 | + } | |
276 | + /* if BN_mod_exp return -1, then DSA_generate_key succeed for failed key | |
277 | + * so we need to double check that public key is created */ | |
278 | + DSA_get0_key(dsa, &pub_key_const, &priv_key_const); | |
279 | + if (!pub_key_const || BN_is_zero(pub_key_const)) { | |
280 | + return 0; | |
281 | + } | |
282 | + /* all good */ | |
283 | + return 1; | |
284 | +} | |
285 | +/* }}} */ | |
7a3db4b1 | 286 | |
c38d233d AM |
287 | +/* {{{ php_openssl_dh_pub_from_priv */ |
288 | +static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM *p) | |
289 | +{ | |
290 | + BIGNUM *pub_key, *priv_key_const_time; | |
291 | + BN_CTX *ctx; | |
292 | + | |
293 | + pub_key = BN_new(); | |
294 | + if (pub_key == NULL) { | |
295 | + return NULL; | |
296 | + } | |
297 | + | |
298 | + priv_key_const_time = BN_new(); | |
299 | + if (priv_key_const_time == NULL) { | |
300 | + BN_free(pub_key); | |
301 | + return NULL; | |
302 | + } | |
303 | + ctx = BN_CTX_new(); | |
304 | + if (ctx == NULL) { | |
305 | + BN_free(pub_key); | |
306 | + BN_free(priv_key_const_time); | |
307 | + return NULL; | |
308 | + } | |
309 | + | |
310 | + BN_with_flags(priv_key_const_time, priv_key, BN_FLG_CONSTTIME); | |
311 | + | |
312 | + if (!BN_mod_exp_mont(pub_key, g, priv_key_const_time, p, ctx, NULL)) { | |
313 | + BN_free(pub_key); | |
314 | + pub_key = NULL; | |
315 | + } | |
316 | + | |
317 | + BN_free(priv_key_const_time); | |
318 | + BN_CTX_free(ctx); | |
319 | + | |
320 | + return pub_key; | |
321 | +} | |
322 | +/* }}} */ | |
323 | + | |
324 | +/* {{{ php_openssl_pkey_init_dh */ | |
325 | +zend_bool php_openssl_pkey_init_dh(DH *dh, zval **data) | |
326 | +{ | |
327 | + BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
328 | + | |
329 | + OPENSSL_PKEY_SET_BN(data, p); | |
330 | + OPENSSL_PKEY_SET_BN(data, q); | |
331 | + OPENSSL_PKEY_SET_BN(data, g); | |
332 | + if (!p || !g || !DH_set0_pqg(dh, p, q, g)) { | |
333 | + return 0; | |
334 | + } | |
335 | + OPENSSL_PKEY_SET_BN(data, priv_key); | |
336 | + OPENSSL_PKEY_SET_BN(data, pub_key); | |
337 | + if (pub_key) { | |
338 | + return DH_set0_key(dh, pub_key, priv_key); | |
339 | + } | |
340 | + if (priv_key) { | |
341 | + pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p); | |
342 | + if (pub_key == NULL) { | |
343 | + return 0; | |
344 | + } | |
345 | + return DH_set0_key(dh, pub_key, priv_key); | |
346 | + } | |
347 | + | |
348 | + /* generate key */ | |
349 | + PHP_OPENSSL_RAND_ADD_TIME(); | |
350 | + if (!DH_generate_key(dh)) { | |
351 | + return 0; | |
352 | + } | |
353 | + /* all good */ | |
354 | + return 1; | |
355 | +} | |
356 | +/* }}} */ | |
357 | ||
358 | /* {{{ proto resource openssl_pkey_new([array configargs]) | |
359 | Generates a new private key */ | |
7a3db4b1 | 360 | @@ -3004,18 +3206,8 @@ |
c38d233d AM |
361 | if (pkey) { |
362 | RSA *rsa = RSA_new(); | |
363 | if (rsa) { | |
364 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, n); | |
365 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, e); | |
366 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, d); | |
367 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, p); | |
368 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, q); | |
369 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1); | |
370 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1); | |
371 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp); | |
372 | - if (rsa->n && rsa->d) { | |
373 | - if (EVP_PKEY_assign_RSA(pkey, rsa)) { | |
374 | - RETURN_RESOURCE(zend_list_insert(pkey, le_key)); | |
375 | - } | |
376 | + if (php_openssl_pkey_init_and_assign_rsa(pkey, rsa, data)) { | |
377 | + RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
378 | } | |
379 | RSA_free(rsa); | |
380 | } | |
7a3db4b1 | 381 | @@ -3028,15 +3220,7 @@ |
c38d233d AM |
382 | if (pkey) { |
383 | DSA *dsa = DSA_new(); | |
384 | if (dsa) { | |
385 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, p); | |
386 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, q); | |
387 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g); | |
388 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key); | |
389 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key); | |
390 | - if (dsa->p && dsa->q && dsa->g) { | |
391 | - if (!dsa->priv_key && !dsa->pub_key) { | |
392 | - DSA_generate_key(dsa); | |
393 | - } | |
394 | + if (php_openssl_pkey_init_dsa(dsa, data)) { | |
395 | if (EVP_PKEY_assign_DSA(pkey, dsa)) { | |
396 | RETURN_RESOURCE(zend_list_insert(pkey, le_key)); | |
397 | } | |
7a3db4b1 | 398 | @@ -3052,14 +3236,7 @@ |
c38d233d AM |
399 | if (pkey) { |
400 | DH *dh = DH_new(); | |
401 | if (dh) { | |
402 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, p); | |
403 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g); | |
404 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key); | |
405 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key); | |
406 | - if (dh->p && dh->g) { | |
407 | - if (!dh->pub_key) { | |
408 | - DH_generate_key(dh); | |
409 | - } | |
410 | + if (php_openssl_pkey_init_dh(dh, data)) { | |
411 | if (EVP_PKEY_assign_DH(pkey, dh)) { | |
412 | RETURN_RESOURCE(zend_list_insert(pkey, le_key)); | |
413 | } | |
7a3db4b1 | 414 | @@ -3289,63 +3466,79 @@ |
c38d233d AM |
415 | /*TODO: Use the real values once the openssl constants are used |
416 | * See the enum at the top of this file | |
417 | */ | |
418 | - switch (EVP_PKEY_type(pkey->type)) { | |
419 | + switch (EVP_PKEY_base_id(pkey)) { | |
420 | case EVP_PKEY_RSA: | |
421 | case EVP_PKEY_RSA2: | |
422 | - ktype = OPENSSL_KEYTYPE_RSA; | |
423 | - | |
424 | - if (pkey->pkey.rsa != NULL) { | |
425 | - zval *rsa; | |
426 | - | |
427 | - ALLOC_INIT_ZVAL(rsa); | |
428 | - array_init(rsa); | |
429 | - OPENSSL_PKEY_GET_BN(rsa, n); | |
430 | - OPENSSL_PKEY_GET_BN(rsa, e); | |
431 | - OPENSSL_PKEY_GET_BN(rsa, d); | |
432 | - OPENSSL_PKEY_GET_BN(rsa, p); | |
433 | - OPENSSL_PKEY_GET_BN(rsa, q); | |
434 | - OPENSSL_PKEY_GET_BN(rsa, dmp1); | |
435 | - OPENSSL_PKEY_GET_BN(rsa, dmq1); | |
436 | - OPENSSL_PKEY_GET_BN(rsa, iqmp); | |
437 | - add_assoc_zval(return_value, "rsa", rsa); | |
438 | + { | |
439 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
440 | + ktype = OPENSSL_KEYTYPE_RSA; | |
441 | + | |
442 | + if (rsa != NULL) { | |
443 | + zval z_rsa; | |
444 | + const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; | |
445 | + | |
446 | + RSA_get0_key(rsa, &n, &e, &d); | |
447 | + RSA_get0_factors(rsa, &p, &q); | |
448 | + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); | |
449 | + | |
450 | + array_init(&z_rsa); | |
451 | + OPENSSL_PKEY_GET_BN(z_rsa, n); | |
452 | + OPENSSL_PKEY_GET_BN(z_rsa, e); | |
453 | + OPENSSL_PKEY_GET_BN(z_rsa, d); | |
454 | + OPENSSL_PKEY_GET_BN(z_rsa, p); | |
455 | + OPENSSL_PKEY_GET_BN(z_rsa, q); | |
456 | + OPENSSL_PKEY_GET_BN(z_rsa, dmp1); | |
457 | + OPENSSL_PKEY_GET_BN(z_rsa, dmq1); | |
458 | + OPENSSL_PKEY_GET_BN(z_rsa, iqmp); | |
459 | + add_assoc_zval(return_value, "rsa", &z_rsa); | |
460 | + } | |
461 | } | |
462 | - | |
463 | break; | |
464 | case EVP_PKEY_DSA: | |
465 | case EVP_PKEY_DSA2: | |
466 | case EVP_PKEY_DSA3: | |
467 | case EVP_PKEY_DSA4: | |
468 | - ktype = OPENSSL_KEYTYPE_DSA; | |
469 | - | |
470 | - if (pkey->pkey.dsa != NULL) { | |
471 | - zval *dsa; | |
472 | - | |
473 | - ALLOC_INIT_ZVAL(dsa); | |
474 | - array_init(dsa); | |
475 | - OPENSSL_PKEY_GET_BN(dsa, p); | |
476 | - OPENSSL_PKEY_GET_BN(dsa, q); | |
477 | - OPENSSL_PKEY_GET_BN(dsa, g); | |
478 | - OPENSSL_PKEY_GET_BN(dsa, priv_key); | |
479 | - OPENSSL_PKEY_GET_BN(dsa, pub_key); | |
480 | - add_assoc_zval(return_value, "dsa", dsa); | |
481 | + { | |
482 | + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
483 | + ktype = OPENSSL_KEYTYPE_DSA; | |
484 | + | |
485 | + if (dsa != NULL) { | |
486 | + zval z_dsa; | |
487 | + const BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
488 | + | |
489 | + DSA_get0_pqg(dsa, &p, &q, &g); | |
490 | + DSA_get0_key(dsa, &pub_key, &priv_key); | |
491 | + | |
492 | + array_init(&z_dsa); | |
493 | + OPENSSL_PKEY_GET_BN(z_dsa, p); | |
494 | + OPENSSL_PKEY_GET_BN(z_dsa, q); | |
495 | + OPENSSL_PKEY_GET_BN(z_dsa, g); | |
496 | + OPENSSL_PKEY_GET_BN(z_dsa, priv_key); | |
497 | + OPENSSL_PKEY_GET_BN(z_dsa, pub_key); | |
498 | + add_assoc_zval(return_value, "dsa", &z_dsa); | |
499 | + } | |
500 | } | |
501 | break; | |
502 | case EVP_PKEY_DH: | |
503 | - | |
504 | - ktype = OPENSSL_KEYTYPE_DH; | |
505 | - | |
506 | - if (pkey->pkey.dh != NULL) { | |
507 | - zval *dh; | |
508 | - | |
509 | - ALLOC_INIT_ZVAL(dh); | |
510 | - array_init(dh); | |
511 | - OPENSSL_PKEY_GET_BN(dh, p); | |
512 | - OPENSSL_PKEY_GET_BN(dh, g); | |
513 | - OPENSSL_PKEY_GET_BN(dh, priv_key); | |
514 | - OPENSSL_PKEY_GET_BN(dh, pub_key); | |
515 | - add_assoc_zval(return_value, "dh", dh); | |
516 | + { | |
517 | + DH *dh = EVP_PKEY_get0_DH(pkey); | |
518 | + ktype = OPENSSL_KEYTYPE_DH; | |
519 | + | |
520 | + if (dh != NULL) { | |
521 | + zval z_dh; | |
522 | + const BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
523 | + | |
524 | + DH_get0_pqg(dh, &p, &q, &g); | |
525 | + DH_get0_key(dh, &pub_key, &priv_key); | |
526 | + | |
527 | + array_init(&z_dh); | |
528 | + OPENSSL_PKEY_GET_BN(z_dh, p); | |
529 | + OPENSSL_PKEY_GET_BN(z_dh, g); | |
530 | + OPENSSL_PKEY_GET_BN(z_dh, priv_key); | |
531 | + OPENSSL_PKEY_GET_BN(z_dh, pub_key); | |
532 | + add_assoc_zval(return_value, "dh", &z_dh); | |
533 | + } | |
534 | } | |
535 | - | |
536 | break; | |
537 | #ifdef EVP_PKEY_EC | |
538 | case EVP_PKEY_EC: | |
7a3db4b1 | 539 | @@ -3844,13 +4037,13 @@ |
c38d233d AM |
540 | cryptedlen = EVP_PKEY_size(pkey); |
541 | cryptedbuf = emalloc(cryptedlen + 1); | |
542 | ||
543 | - switch (pkey->type) { | |
544 | + switch (EVP_PKEY_id(pkey)) { | |
545 | case EVP_PKEY_RSA: | |
546 | case EVP_PKEY_RSA2: | |
547 | successful = (RSA_private_encrypt(data_len, | |
548 | (unsigned char *)data, | |
549 | cryptedbuf, | |
550 | - pkey->pkey.rsa, | |
551 | + EVP_PKEY_get0_RSA(pkey), | |
552 | padding) == cryptedlen); | |
553 | break; | |
554 | default: | |
7a3db4b1 | 555 | @@ -3902,13 +4095,13 @@ |
c38d233d AM |
556 | cryptedlen = EVP_PKEY_size(pkey); |
557 | crypttemp = emalloc(cryptedlen + 1); | |
558 | ||
559 | - switch (pkey->type) { | |
560 | + switch (EVP_PKEY_id(pkey)) { | |
561 | case EVP_PKEY_RSA: | |
562 | case EVP_PKEY_RSA2: | |
563 | cryptedlen = RSA_private_decrypt(data_len, | |
564 | (unsigned char *)data, | |
565 | crypttemp, | |
566 | - pkey->pkey.rsa, | |
567 | + EVP_PKEY_get0_RSA(pkey), | |
568 | padding); | |
569 | if (cryptedlen != -1) { | |
570 | cryptedbuf = emalloc(cryptedlen + 1); | |
7a3db4b1 | 571 | @@ -3967,13 +4160,13 @@ |
c38d233d AM |
572 | cryptedlen = EVP_PKEY_size(pkey); |
573 | cryptedbuf = emalloc(cryptedlen + 1); | |
574 | ||
575 | - switch (pkey->type) { | |
576 | + switch (EVP_PKEY_id(pkey)) { | |
577 | case EVP_PKEY_RSA: | |
578 | case EVP_PKEY_RSA2: | |
579 | successful = (RSA_public_encrypt(data_len, | |
580 | (unsigned char *)data, | |
581 | cryptedbuf, | |
582 | - pkey->pkey.rsa, | |
583 | + EVP_PKEY_get0_RSA(pkey), | |
584 | padding) == cryptedlen); | |
585 | break; | |
586 | default: | |
7a3db4b1 | 587 | @@ -4026,13 +4219,13 @@ |
c38d233d AM |
588 | cryptedlen = EVP_PKEY_size(pkey); |
589 | crypttemp = emalloc(cryptedlen + 1); | |
590 | ||
591 | - switch (pkey->type) { | |
592 | + switch (EVP_PKEY_id(pkey)) { | |
593 | case EVP_PKEY_RSA: | |
594 | case EVP_PKEY_RSA2: | |
595 | cryptedlen = RSA_public_decrypt(data_len, | |
596 | (unsigned char *)data, | |
597 | crypttemp, | |
598 | - pkey->pkey.rsa, | |
599 | + EVP_PKEY_get0_RSA(pkey), | |
600 | padding); | |
601 | if (cryptedlen != -1) { | |
602 | cryptedbuf = emalloc(cryptedlen + 1); | |
7a3db4b1 | 603 | @@ -4096,7 +4289,7 @@ |
c38d233d AM |
604 | long keyresource = -1; |
605 | char * data; | |
606 | int data_len; | |
607 | - EVP_MD_CTX md_ctx; | |
608 | + EVP_MD_CTX *md_ctx; | |
609 | zval *method = NULL; | |
610 | long signature_algo = OPENSSL_ALGO_SHA1; | |
611 | const EVP_MD *mdtype; | |
7a3db4b1 | 612 | @@ -4129,9 +4322,11 @@ |
c38d233d AM |
613 | siglen = EVP_PKEY_size(pkey); |
614 | sigbuf = emalloc(siglen + 1); | |
615 | ||
616 | - EVP_SignInit(&md_ctx, mdtype); | |
617 | - EVP_SignUpdate(&md_ctx, data, data_len); | |
618 | - if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) { | |
619 | + md_ctx = EVP_MD_CTX_create(); | |
620 | + if (md_ctx != NULL && | |
621 | + EVP_SignInit(md_ctx, mdtype) && | |
622 | + EVP_SignUpdate(md_ctx, data, data_len) && | |
623 | + EVP_SignFinal (md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) { | |
624 | zval_dtor(signature); | |
625 | sigbuf[siglen] = '\0'; | |
626 | ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0); | |
7a3db4b1 | 627 | @@ -4140,7 +4335,7 @@ |
c38d233d AM |
628 | efree(sigbuf); |
629 | RETVAL_FALSE; | |
630 | } | |
631 | - EVP_MD_CTX_cleanup(&md_ctx); | |
632 | + EVP_MD_CTX_destroy(md_ctx); | |
633 | if (keyresource == -1) { | |
634 | EVP_PKEY_free(pkey); | |
635 | } | |
7a3db4b1 | 636 | @@ -4154,7 +4349,7 @@ |
c38d233d AM |
637 | zval **key; |
638 | EVP_PKEY *pkey; | |
639 | int err; | |
640 | - EVP_MD_CTX md_ctx; | |
641 | + EVP_MD_CTX *md_ctx; | |
642 | const EVP_MD *mdtype; | |
643 | long keyresource = -1; | |
644 | char * data; int data_len; | |
7a3db4b1 | 645 | @@ -4188,10 +4383,13 @@ |
c38d233d AM |
646 | RETURN_FALSE; |
647 | } | |
648 | ||
649 | - EVP_VerifyInit (&md_ctx, mdtype); | |
650 | - EVP_VerifyUpdate (&md_ctx, data, data_len); | |
651 | - err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey); | |
652 | - EVP_MD_CTX_cleanup(&md_ctx); | |
653 | + md_ctx = EVP_MD_CTX_create(); | |
654 | + if (md_ctx != NULL) { | |
655 | + EVP_VerifyInit (md_ctx, mdtype); | |
656 | + EVP_VerifyUpdate (md_ctx, data, data_len); | |
657 | + err = EVP_VerifyFinal (md_ctx, (unsigned char *)signature, signature_len, pkey); | |
658 | + } | |
659 | + EVP_MD_CTX_destroy(md_ctx); | |
660 | ||
661 | if (keyresource == -1) { | |
662 | EVP_PKEY_free(pkey); | |
7a3db4b1 | 663 | @@ -4215,7 +4413,7 @@ |
c38d233d AM |
664 | char *method =NULL; |
665 | int method_len = 0; | |
666 | const EVP_CIPHER *cipher; | |
667 | - EVP_CIPHER_CTX ctx; | |
668 | + EVP_CIPHER_CTX *ctx; | |
669 | ||
670 | if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/|s", &data, &data_len, &sealdata, &ekeys, &pubkeys, &method, &method_len) == FAILURE) { | |
671 | return; | |
7a3db4b1 | 672 | @@ -4262,7 +4460,9 @@ |
c38d233d AM |
673 | i++; |
674 | } | |
675 | ||
676 | - if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) { | |
677 | + ctx = EVP_CIPHER_CTX_new(); | |
678 | + if (ctx == NULL || !EVP_EncryptInit(ctx,cipher,NULL,NULL)) { | |
679 | + EVP_CIPHER_CTX_free(ctx); | |
680 | RETVAL_FALSE; | |
681 | goto clean_exit; | |
682 | } | |
7a3db4b1 | 683 | @@ -4273,15 +4473,16 @@ |
c38d233d AM |
684 | iv = ivlen ? emalloc(ivlen + 1) : NULL; |
685 | #endif | |
686 | /* allocate one byte extra to make room for \0 */ | |
687 | - buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx)); | |
688 | + buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx)); | |
689 | ||
690 | - if (!EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
691 | + if (!EVP_SealInit(ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
692 | RETVAL_FALSE; | |
693 | efree(buf); | |
694 | + EVP_CIPHER_CTX_free(ctx); | |
695 | goto clean_exit; | |
696 | } | |
697 | ||
698 | - EVP_SealFinal(&ctx, buf + len1, &len2); | |
699 | + EVP_SealFinal(ctx, buf + len1, &len2); | |
700 | ||
701 | if (len1 + len2 > 0) { | |
702 | zval_dtor(sealdata); | |
7a3db4b1 | 703 | @@ -4310,6 +4511,7 @@ |
c38d233d AM |
704 | efree(buf); |
705 | } | |
706 | RETVAL_LONG(len1 + len2); | |
707 | + EVP_CIPHER_CTX_free(ctx); | |
708 | ||
709 | clean_exit: | |
710 | for (i=0; i<nkeys; i++) { | |
7a3db4b1 | 711 | @@ -4336,7 +4538,7 @@ |
c38d233d AM |
712 | int len1, len2; |
713 | unsigned char *buf; | |
714 | long keyresource = -1; | |
715 | - EVP_CIPHER_CTX ctx; | |
716 | + EVP_CIPHER_CTX *ctx; | |
717 | char * data; int data_len; | |
718 | char * ekey; int ekey_len; | |
719 | char *method =NULL; | |
7a3db4b1 | 720 | @@ -4365,28 +4567,22 @@ |
c38d233d AM |
721 | |
722 | buf = emalloc(data_len + 1); | |
723 | ||
724 | - if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
725 | - if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) { | |
726 | - efree(buf); | |
727 | - if (keyresource == -1) { | |
728 | - EVP_PKEY_free(pkey); | |
729 | - } | |
730 | - RETURN_FALSE; | |
731 | - } | |
732 | + ctx = EVP_CIPHER_CTX_new(); | |
733 | + if (ctx != NULL && EVP_OpenInit(ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && | |
734 | + EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, data_len) && | |
735 | + EVP_OpenFinal(ctx, buf + len1, &len2) && (len1 + len2 > 0)) { | |
736 | + zval_dtor(opendata); | |
737 | + buf[len1 + len2] = '\0'; | |
738 | + ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); | |
739 | + RETVAL_TRUE; | |
740 | } else { | |
741 | - efree(buf); | |
742 | - if (keyresource == -1) { | |
743 | - EVP_PKEY_free(pkey); | |
744 | - } | |
745 | - RETURN_FALSE; | |
746 | + RETURN_FALSE; | |
747 | } | |
748 | + efree(buf); | |
749 | if (keyresource == -1) { | |
750 | EVP_PKEY_free(pkey); | |
751 | } | |
752 | - zval_dtor(opendata); | |
753 | - buf[len1 + len2] = '\0'; | |
754 | - ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); | |
755 | - RETURN_TRUE; | |
756 | + EVP_CIPHER_CTX_free(ctx); | |
757 | } | |
758 | /* }}} */ | |
759 | ||
7a3db4b1 | 760 | @@ -4691,7 +4887,7 @@ |
c38d233d AM |
761 | char *data, *method; |
762 | int data_len, method_len; | |
763 | const EVP_MD *mdtype; | |
764 | - EVP_MD_CTX md_ctx; | |
765 | + EVP_MD_CTX *md_ctx; | |
766 | int siglen; | |
767 | unsigned char *sigbuf; | |
768 | ||
7a3db4b1 | 769 | @@ -4707,9 +4903,11 @@ |
c38d233d AM |
770 | siglen = EVP_MD_size(mdtype); |
771 | sigbuf = emalloc(siglen + 1); | |
772 | ||
773 | - EVP_DigestInit(&md_ctx, mdtype); | |
774 | - EVP_DigestUpdate(&md_ctx, (unsigned char *)data, data_len); | |
775 | - if (EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) { | |
776 | + md_ctx = EVP_MD_CTX_create(); | |
777 | + if (md_ctx != NULL && | |
778 | + EVP_DigestInit(md_ctx, mdtype) && | |
779 | + EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len) && | |
780 | + EVP_DigestFinal (md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) { | |
781 | if (raw_output) { | |
782 | sigbuf[siglen] = '\0'; | |
783 | RETVAL_STRINGL((char *)sigbuf, siglen, 0); | |
7a3db4b1 | 784 | @@ -4725,6 +4923,7 @@ |
c38d233d AM |
785 | efree(sigbuf); |
786 | RETVAL_FALSE; | |
787 | } | |
788 | + EVP_MD_CTX_destroy(md_ctx); | |
789 | } | |
790 | /* }}} */ | |
791 | ||
7a3db4b1 | 792 | @@ -4770,7 +4969,7 @@ |
c38d233d AM |
793 | char *data, *method, *password, *iv = ""; |
794 | int data_len, method_len, password_len, iv_len = 0, max_iv_len; | |
795 | const EVP_CIPHER *cipher_type; | |
796 | - EVP_CIPHER_CTX cipher_ctx; | |
797 | + EVP_CIPHER_CTX *cipher_ctx; | |
798 | int i = 0, outlen, keylen; | |
799 | unsigned char *outbuf, *key; | |
800 | zend_bool free_iv; | |
7a3db4b1 | 801 | @@ -4784,6 +4983,12 @@ |
c38d233d AM |
802 | RETURN_FALSE; |
803 | } | |
804 | ||
805 | + cipher_ctx = EVP_CIPHER_CTX_new(); | |
806 | + if (!cipher_ctx) { | |
807 | + php_error_docref(NULL, E_WARNING, "Failed to create cipher context"); | |
808 | + RETURN_FALSE; | |
809 | + } | |
810 | + | |
811 | keylen = EVP_CIPHER_key_length(cipher_type); | |
812 | if (keylen > password_len) { | |
813 | key = emalloc(keylen); | |
7a3db4b1 | 814 | @@ -4802,16 +5007,16 @@ |
c38d233d AM |
815 | outlen = data_len + EVP_CIPHER_block_size(cipher_type); |
816 | outbuf = emalloc(outlen + 1); | |
817 | ||
818 | - EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL); | |
819 | + EVP_EncryptInit(cipher_ctx, cipher_type, NULL, NULL); | |
820 | if (password_len > keylen) { | |
821 | - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); | |
822 | + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); | |
823 | } | |
824 | - EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
825 | + EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
826 | if (data_len > 0) { | |
827 | - EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
828 | + EVP_EncryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
829 | } | |
830 | outlen = i; | |
831 | - if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
832 | + if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
833 | outlen += i; | |
834 | if (raw_output) { | |
835 | outbuf[outlen] = '\0'; | |
7a3db4b1 | 836 | @@ -4834,7 +5039,7 @@ |
c38d233d AM |
837 | if (free_iv) { |
838 | efree(iv); | |
839 | } | |
840 | - EVP_CIPHER_CTX_cleanup(&cipher_ctx); | |
841 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
842 | } | |
843 | /* }}} */ | |
844 | ||
7a3db4b1 | 845 | @@ -4846,7 +5051,7 @@ |
c38d233d AM |
846 | char *data, *method, *password, *iv = ""; |
847 | int data_len, method_len, password_len, iv_len = 0; | |
848 | const EVP_CIPHER *cipher_type; | |
849 | - EVP_CIPHER_CTX cipher_ctx; | |
850 | + EVP_CIPHER_CTX *cipher_ctx; | |
851 | int i, outlen, keylen; | |
852 | unsigned char *outbuf, *key; | |
853 | int base64_str_len; | |
7a3db4b1 | 854 | @@ -4868,10 +5073,17 @@ |
c38d233d AM |
855 | RETURN_FALSE; |
856 | } | |
857 | ||
858 | + cipher_ctx = EVP_CIPHER_CTX_new(); | |
859 | + if (!cipher_ctx) { | |
860 | + php_error_docref(NULL, E_WARNING, "Failed to create cipher context"); | |
861 | + RETURN_FALSE; | |
862 | + } | |
863 | + | |
864 | if (!raw_input) { | |
865 | base64_str = (char*)php_base64_decode((unsigned char*)data, data_len, &base64_str_len); | |
866 | if (!base64_str) { | |
867 | php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to base64 decode the input"); | |
868 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
869 | RETURN_FALSE; | |
870 | } | |
871 | data_len = base64_str_len; | |
7a3db4b1 | 872 | @@ -4892,14 +5104,14 @@ |
c38d233d AM |
873 | outlen = data_len + EVP_CIPHER_block_size(cipher_type); |
874 | outbuf = emalloc(outlen + 1); | |
875 | ||
876 | - EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL); | |
877 | + EVP_DecryptInit(cipher_ctx, cipher_type, NULL, NULL); | |
878 | if (password_len > keylen) { | |
879 | - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); | |
880 | + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); | |
881 | } | |
882 | - EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
883 | - EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
884 | + EVP_DecryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
885 | + EVP_DecryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
886 | outlen = i; | |
887 | - if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
888 | + if (EVP_DecryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
889 | outlen += i; | |
890 | outbuf[outlen] = '\0'; | |
891 | RETVAL_STRINGL((char *)outbuf, outlen, 0); | |
7a3db4b1 | 892 | @@ -4916,7 +5128,7 @@ |
c38d233d AM |
893 | if (base64_str) { |
894 | efree(base64_str); | |
895 | } | |
896 | - EVP_CIPHER_CTX_cleanup(&cipher_ctx); | |
897 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
898 | } | |
899 | /* }}} */ | |
900 | ||
7a3db4b1 | 901 | @@ -4954,6 +5166,7 @@ |
c38d233d AM |
902 | zval *key; |
903 | char *pub_str; | |
904 | int pub_len; | |
905 | + DH *dh; | |
906 | EVP_PKEY *pkey; | |
907 | BIGNUM *pub; | |
908 | char *data; | |
7a3db4b1 | 909 | @@ -4962,15 +5175,18 @@ |
c38d233d AM |
910 | if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sr", &pub_str, &pub_len, &key) == FAILURE) { |
911 | return; | |
912 | } | |
913 | - ZEND_FETCH_RESOURCE(pkey, EVP_PKEY *, &key, -1, "OpenSSL key", le_key); | |
914 | - if (!pkey || EVP_PKEY_type(pkey->type) != EVP_PKEY_DH || !pkey->pkey.dh) { | |
915 | + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) { | |
916 | + RETURN_FALSE; | |
917 | + } | |
918 | + dh = EVP_PKEY_get0_DH(pkey); | |
919 | + if (dh == NULL) { | |
920 | RETURN_FALSE; | |
921 | } | |
922 | ||
923 | pub = BN_bin2bn((unsigned char*)pub_str, pub_len, NULL); | |
924 | ||
925 | - data = emalloc(DH_size(pkey->pkey.dh) + 1); | |
926 | - len = DH_compute_key((unsigned char*)data, pub, pkey->pkey.dh); | |
927 | + data = emalloc(DH_size(dh) + 1); | |
928 | + len = DH_compute_key((unsigned char*)data, pub, dh); | |
929 | ||
930 | if (len >= 0) { | |
931 | data[len] = 0; | |
7a3db4b1 AM |
932 | --- php-5.2.17/acinclude.m4~ 2018-09-25 11:43:17.000000000 +0200 |
933 | +++ php-5.2.17/acinclude.m4 2018-09-25 13:52:29.178130416 +0200 | |
934 | @@ -2325,8 +2325,10 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[ | |
935 | AC_MSG_ERROR([OpenSSL version 0.9.6 or greater required.]) | |
936 | fi | |
937 | ||
938 | - if test -n "$OPENSSL_LIBS" && test -n "$OPENSSL_INCS"; then | |
939 | + if test -n "$OPENSSL_LIBS"; then | |
940 | PHP_EVAL_LIBLINE($OPENSSL_LIBS, $1) | |
941 | + fi | |
942 | + if test -n "$OPENSSL_INCS"; then | |
943 | PHP_EVAL_INCLINE($OPENSSL_INCS) | |
944 | fi | |
945 | fi | |
10ea1ccd AM |
946 | commit 640214701c9cf259c899d283ea769b3045d2553c |
947 | Author: Daniel Lowrey <rdlowrey@php.net> | |
948 | Date: Mon Aug 25 17:28:09 2014 +0200 | |
949 | ||
950 | Bug #67850: Build when OpenSSL compiled without SSLv3 support | |
951 | ||
952 | diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c | |
953 | index b9a30df6cf..5fddf73c4e 100644 | |
954 | --- a/ext/openssl/xp_ssl.c | |
955 | +++ b/ext/openssl/xp_ssl.c | |
956 | @@ -385,9 +385,14 @@ static inline int php_openssl_setup_crypto(php_stream *stream, | |
957 | break; | |
958 | #endif | |
959 | case STREAM_CRYPTO_METHOD_SSLv3_CLIENT: | |
960 | +#ifdef OPENSSL_NO_SSL3 | |
961 | + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against"); | |
962 | + return -1; | |
963 | +#else | |
964 | sslsock->is_client = 1; | |
965 | method = SSLv3_client_method(); | |
966 | break; | |
967 | +#endif | |
968 | case STREAM_CRYPTO_METHOD_TLS_CLIENT: | |
969 | sslsock->is_client = 1; | |
970 | method = TLSv1_client_method(); | |
971 | @@ -397,9 +402,14 @@ static inline int php_openssl_setup_crypto(php_stream *stream, | |
972 | method = SSLv23_server_method(); | |
973 | break; | |
974 | case STREAM_CRYPTO_METHOD_SSLv3_SERVER: | |
975 | +#ifdef OPENSSL_NO_SSL3 | |
976 | + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against"); | |
977 | + return -1; | |
978 | +#else | |
979 | sslsock->is_client = 0; | |
980 | method = SSLv3_server_method(); | |
981 | break; | |
982 | +#endif | |
983 | case STREAM_CRYPTO_METHOD_SSLv2_SERVER: | |
984 | #ifdef OPENSSL_NO_SSL2 | |
985 | php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against"); |