[packages/php4.git] / php4-openssl.patch

--- php-4.4.9/ext/openssl/openssl.c.org	2010-04-11 08:09:20.114283832 +0200
+++ php-4.4.9/ext/openssl/openssl.c	2010-04-11 08:08:40.851370731 +0200
@@ -179,8 +179,13 @@
 static char default_ssl_conf_filename[MAXPATHLEN];
 
 struct php_x509_request {
+#if OPENSSL_VERSION_NUMBER >= 0x10000002L                                                                                                                    
+	LHASH_OF(CONF_VALUE) * global_config;   /* Global SSL config */                                                                                          
+	LHASH_OF(CONF_VALUE) * req_config;      /* SSL config for this request */
+#else
 	LHASH * global_config;	/* Global SSL config */
 	LHASH * req_config;		/* SSL config for this request */
+#endif
 	const EVP_MD * md_alg;
 	const EVP_MD * digest;
 	char	* section_name,
@@ -340,7 +345,12 @@
 		const char * section_label,
 		const char * config_filename,
 		const char * section,
-		LHASH * config TSRMLS_DC)
+#if OPENSSL_VERSION_NUMBER >= 0x10000002L
+		LHASH_OF(CONF_VALUE) * config TSRMLS_DC
+#else
+		LHASH * config TSRMLS_DC
+#endif
+		)
 {
 	X509V3_CTX ctx;
 	
--- php-4.4.9/ext/openssl/config0.m4	2018-09-14 15:52:03.411575594 +0200
+++ php-4.4.9.new/ext/openssl/config0.m4	2018-09-14 15:32:01.321716395 +0200
@@ -16,6 +16,8 @@
     PHP_SETUP_KERBEROS(OPENSSL_SHARED_LIBADD)
   fi
 
+  AC_CHECK_FUNCS([RAND_egd])
+
   PHP_SETUP_OPENSSL(OPENSSL_SHARED_LIBADD, 
   [
     if test "$ext_shared" = "yes"; then
--- php-4.4.9/ext/openssl/openssl.c	2018-09-14 15:52:03.468243972 +0200
+++ php-4.4.9.new/ext/openssl/openssl.c	2018-09-14 15:50:08.114771489 +0200
@@ -131,6 +131,13 @@
 ZEND_GET_MODULE(openssl)
 #endif
 
+/* {{{ OpenSSL compatibility functions and macros */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh
+#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa
+#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec
+#endif
+
 static int le_key;
 static int le_x509;
 static int le_csr;
@@ -524,12 +531,14 @@
 #endif
 	if (file == NULL)
 		file = RAND_file_name(buffer, sizeof(buffer));
+#ifdef HAVE_RAND_EGD
 	else if (RAND_egd(file) > 0) {
 		/* if the given filename is an EGD socket, don't
 		 * write anything back to it */
 		*egdsocket = 1;
 		return SUCCESS;
 	}
+#endif
 	if (file == NULL || !RAND_load_file(file, -1)) {
 		if (RAND_status() == 0) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to load random state; not enough random data!");
@@ -730,7 +739,7 @@
 		if (in == NULL)
 			return NULL;
 
-		cert = (X509 *) PEM_ASN1_read_bio((char *(*)())d2i_X509,
+		cert = (X509 *) PEM_ASN1_read_bio((d2i_of_void *)d2i_X509,
 				PEM_STRING_X509, in,
 				NULL, NULL, NULL);
 		BIO_free(in);
@@ -868,6 +877,8 @@
 {
 	zval * zcert;
 	X509 * cert = NULL;
+	X509_NAME *subject_name;
+	char *cert_name;
 	long certresource = -1;
 	int i;
 	zend_bool useshortnames = 1;
@@ -883,11 +894,12 @@
 
 	array_init(return_value);
 
-	if (cert->name)
-		add_assoc_string(return_value, "name", cert->name, 1);
-/*	add_assoc_bool(return_value, "valid", cert->valid); */
+	subject_name = X509_get_subject_name(cert);
+	cert_name = X509_NAME_oneline(subject_name, NULL, 0);
+	add_assoc_string(return_value, "name", cert_name, 1);
+	OPENSSL_free(cert_name);
 
-	add_assoc_name_entry(return_value, "subject", 		X509_get_subject_name(cert), useshortnames TSRMLS_CC);
+	add_assoc_name_entry(return_value, "subject", 		subject_name, useshortnames TSRMLS_CC);
 	/* hash as used in CA directories to lookup cert by subject name */
 	{
 		char buf[32];
@@ -1863,14 +1875,21 @@
 {
 	assert(pkey != NULL);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 #ifndef NO_RSA
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
-			assert(pkey->pkey.rsa != NULL);
-
-			if (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)
-				return 0;
+			{
+				RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+				if (rsa != NULL) {
+					const BIGNUM *p, *q;
+
+					RSA_get0_factors(rsa, &p, &q);
+					if (p == NULL || q == NULL) {
+						return 0;
+					}
+				}
+			}
 			break;
 #endif
 #ifndef NO_DSA
@@ -1879,18 +1898,41 @@
 		case EVP_PKEY_DSA2:
 		case EVP_PKEY_DSA3:
 		case EVP_PKEY_DSA4:
-			assert(pkey->pkey.dsa != NULL);
+			{
+				DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+				if (dsa != NULL) {
+					const BIGNUM *p, *q, *g, *pub_key, *priv_key;
+
+					DSA_get0_pqg(dsa, &p, &q, &g);
+					if (p == NULL || q == NULL) {
+						return 0;
+					}
 
-			if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key)
-				return 0;
-			break;
+					DSA_get0_key(dsa, &pub_key, &priv_key);
+					if (priv_key == NULL) {
+						return 0;
+					}
+				}
+			}
 #endif
 #ifndef NO_DH
 		case EVP_PKEY_DH:
-			assert(pkey->pkey.dh != NULL);
+			{
+				DH *dh = EVP_PKEY_get0_DH(pkey);
+				if (dh != NULL) {
+					const BIGNUM *p, *q, *g, *pub_key, *priv_key;
+
+					DH_get0_pqg(dh, &p, &q, &g);
+					if (p == NULL) {
+						return 0;
+					}
 
-			if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key)
-				return 0;
+					DH_get0_key(dh, &pub_key, &priv_key);
+					if (priv_key == NULL) {
+						return 0;
+					}
+				}
+			}
 			break;
 #endif
 		default:
@@ -2521,13 +2563,13 @@
 	cryptedlen = EVP_PKEY_size(pkey);
 	cryptedbuf = emalloc(cryptedlen + 1);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
 			successful =  (RSA_private_encrypt(data_len, 
 						data, 
 						cryptedbuf, 
-						pkey->pkey.rsa, 
+						EVP_PKEY_get0_RSA(pkey),
 						padding) == cryptedlen);
 			break;
 		default:
@@ -2577,13 +2619,13 @@
 	cryptedlen = EVP_PKEY_size(pkey);
 	crypttemp = emalloc(cryptedlen + 1);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
 			cryptedlen = RSA_private_decrypt(data_len, 
 					data, 
 					crypttemp, 
-					pkey->pkey.rsa, 
+					EVP_PKEY_get0_RSA(pkey),
 					padding);
 			if (cryptedlen != -1) {
 				cryptedbuf = emalloc(cryptedlen + 1);
@@ -2640,13 +2682,13 @@
 	cryptedlen = EVP_PKEY_size(pkey);
 	cryptedbuf = emalloc(cryptedlen + 1);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
 			successful = (RSA_public_encrypt(data_len, 
 						data, 
 						cryptedbuf, 
-						pkey->pkey.rsa, 
+						EVP_PKEY_get0_RSA(pkey),
 						padding) == cryptedlen);
 			break;
 		default:
@@ -2697,13 +2739,13 @@
 	cryptedlen = EVP_PKEY_size(pkey);
 	crypttemp = emalloc(cryptedlen + 1);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
 			cryptedlen = RSA_public_decrypt(data_len, 
 					data, 
 					crypttemp, 
-					pkey->pkey.rsa, 
+					EVP_PKEY_get0_RSA(pkey),
 					padding);
 			if (cryptedlen != -1) {
 				cryptedbuf = emalloc(cryptedlen + 1);
@@ -2767,7 +2809,7 @@
 	unsigned char *sigbuf;
 	long keyresource = -1;
 	char * data;	int data_len;
-	EVP_MD_CTX md_ctx;
+	EVP_MD_CTX *md_ctx;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz", &data, &data_len, &signature, &key) == FAILURE)
 		return;
@@ -2781,9 +2823,11 @@
 	siglen = EVP_PKEY_size(pkey);
 	sigbuf = emalloc(siglen + 1);
 
-	EVP_SignInit(&md_ctx, EVP_sha1());
-	EVP_SignUpdate(&md_ctx, data, data_len);
-	if (EVP_SignFinal (&md_ctx, sigbuf, &siglen, pkey)) {
+	md_ctx = EVP_MD_CTX_create();
+	if (md_ctx != NULL &&
+		EVP_SignInit(md_ctx, EVP_sha1()) &&
+		EVP_SignUpdate(md_ctx, data, data_len) &&
+		EVP_SignFinal(md_ctx, (unsigned char*)sigbuf, &siglen, pkey)) {
 		zval_dtor(signature);
 		sigbuf[siglen] = '\0';
 		ZVAL_STRINGL(signature, sigbuf, siglen, 0);
@@ -2792,6 +2836,7 @@
 		efree(sigbuf);
 		RETVAL_FALSE;
 	}
+	EVP_MD_CTX_destroy(md_ctx);
 	if (keyresource == -1)
 		EVP_PKEY_free(pkey);
 }
@@ -2803,8 +2848,8 @@
 {
 	zval *key;
 	EVP_PKEY *pkey;
-	int err;
-	EVP_MD_CTX     md_ctx;
+	int err = 0;
+	EVP_MD_CTX     *md_ctx;
 	long keyresource = -1;
 	char * data;	int data_len;
 	char * signature;	int signature_len;
@@ -2819,9 +2864,13 @@
 		RETURN_FALSE;
 	}
 
-	EVP_VerifyInit   (&md_ctx, EVP_sha1());
-	EVP_VerifyUpdate (&md_ctx, data, data_len);
-	err = EVP_VerifyFinal (&md_ctx, signature, signature_len, pkey);
+	md_ctx = EVP_MD_CTX_create();
+	if (md_ctx != NULL) {
+		EVP_VerifyInit(md_ctx, EVP_sha1());
+		EVP_VerifyUpdate (md_ctx, data, data_len);
+		err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey);
+	}
+	EVP_MD_CTX_destroy(md_ctx);
 
 	if (keyresource == -1)
 		EVP_PKEY_free(pkey);
@@ -2842,7 +2891,7 @@
 	int i, len1, len2, *eksl, nkeys;
 	unsigned char *buf = NULL, **eks;
 	char * data; int data_len;
-	EVP_CIPHER_CTX ctx;
+	EVP_CIPHER_CTX *ctx;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/",
 				&data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE)
@@ -2878,7 +2927,9 @@
 	}
 
 #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
-	if (!EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL)) {
+	ctx = EVP_CIPHER_CTX_new();
+	if (ctx == NULL || !EVP_EncryptInit(ctx,EVP_rc4(),NULL,NULL)) {
+		EVP_CIPHER_CTX_free(ctx);
 		RETVAL_FALSE;
 		goto clean_exit;
 	}
@@ -2892,24 +2943,25 @@
 	iv = ivlen ? emalloc(ivlen + 1) : NULL;
 #endif
 	/* allocate one byte extra to make room for \0 */
-	buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
+	buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
 
-	if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys)
+	if (!EVP_SealInit(ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys)
 #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
-			|| !EVP_SealUpdate(&ctx, buf, &len1, data, data_len)
+			|| !EVP_SealUpdate(ctx, buf, &len1, data, data_len)
 #endif
 		) 
 	{
 		RETVAL_FALSE;
 		efree(buf);
+		EVP_CIPHER_CTX_free(ctx);
 		goto clean_exit;
 
 	}
 
 #if OPENSSL_VERSION_NUMBER < 0x0090600fL
-	EVP_SealUpdate(&ctx, buf, &len1, data, data_len);
+	EVP_SealUpdate(ctx, buf, &len1, data, data_len);
 #endif
-	EVP_SealFinal(&ctx, buf + len1, &len2);
+	EVP_SealFinal(ctx, buf + len1, &len2);
 
 	if (len1 + len2 > 0) {
 		zval_dtor(sealdata);
@@ -2944,6 +2996,7 @@
 		efree(buf);
 
 	RETVAL_LONG(len1 + len2);
+	EVP_CIPHER_CTX_free(ctx);
 
 clean_exit:
 	for (i=0; i<nkeys; i++) {
@@ -2968,7 +3021,7 @@
 	int len1, len2;
 	unsigned char *buf;
 	long keyresource = -1;
-	EVP_CIPHER_CTX ctx;
+	EVP_CIPHER_CTX *ctx;
 	char * data;	int data_len;
 	char * ekey;	int ekey_len;
 
@@ -2983,15 +3036,16 @@
 	}
 	buf = emalloc(data_len + 1);
 
-	if (EVP_OpenInit(&ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey)
+	ctx = EVP_CIPHER_CTX_new();
+	if (ctx != NULL && EVP_OpenInit(ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey)
 #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
-			&& EVP_OpenUpdate(&ctx, buf, &len1, data, data_len)
+			&& EVP_OpenUpdate(ctx, buf, &len1, data, data_len)
 #endif
 		) {
 #if OPENSSL_VERSION_NUMBER < 0x0090600fL
-		EVP_OpenUpdate(&ctx, buf, &len1, data, data_len);
+		EVP_OpenUpdate(ctx, buf, &len1, data, data_len);
 #endif
-		if (!EVP_OpenFinal(&ctx, buf + len1, &len2) ||
+		if (!EVP_OpenFinal(ctx, buf + len1, &len2) ||
 				(len1 + len2 == 0)) {
 			efree(buf);
 			if (keyresource == -1)
@@ -3011,6 +3065,7 @@
 	zval_dtor(opendata);
 	buf[len1 + len2] = '\0';
 	ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
+	EVP_CIPHER_CTX_free(ctx);
 	RETURN_TRUE;
 }
 /* }}} */
Commit	Line	Data
5104523b AM	1	--- php-4.4.9/ext/openssl/openssl.c.org 2010-04-11 08:09:20.114283832 +0200
	2	+++ php-4.4.9/ext/openssl/openssl.c 2010-04-11 08:08:40.851370731 +0200
	3	@@ -179,8 +179,13 @@
	4	static char default_ssl_conf_filename[MAXPATHLEN];
	5
	6	struct php_x509_request {
	7	+#if OPENSSL_VERSION_NUMBER >= 0x10000002L
	8	+ LHASH_OF(CONF_VALUE) * global_config; /* Global SSL config */
	9	+ LHASH_OF(CONF_VALUE) * req_config; /* SSL config for this request */
	10	+#else
	11	LHASH * global_config; /* Global SSL config */
	12	LHASH * req_config; /* SSL config for this request */
	13	+#endif
	14	const EVP_MD * md_alg;
	15	const EVP_MD * digest;
	16	char * section_name,
	17	@@ -340,7 +345,12 @@
	18	const char * section_label,
	19	const char * config_filename,
	20	const char * section,
	21	- LHASH * config TSRMLS_DC)
	22	+#if OPENSSL_VERSION_NUMBER >= 0x10000002L
	23	+ LHASH_OF(CONF_VALUE) * config TSRMLS_DC
	24	+#else
	25	+ LHASH * config TSRMLS_DC
	26	+#endif
	27	+ )
	28	{
	29	X509V3_CTX ctx;
	30
472a0c05 AM	31	--- php-4.4.9/ext/openssl/config0.m4 2018-09-14 15:52:03.411575594 +0200
	32	+++ php-4.4.9.new/ext/openssl/config0.m4 2018-09-14 15:32:01.321716395 +0200
	33	@@ -16,6 +16,8 @@
	34	PHP_SETUP_KERBEROS(OPENSSL_SHARED_LIBADD)
	35	fi
	36
	37	+ AC_CHECK_FUNCS([RAND_egd])
	38	+
	39	PHP_SETUP_OPENSSL(OPENSSL_SHARED_LIBADD,
	40	[
	41	if test "$ext_shared" = "yes"; then
	42	--- php-4.4.9/ext/openssl/openssl.c 2018-09-14 15:52:03.468243972 +0200
	43	+++ php-4.4.9.new/ext/openssl/openssl.c 2018-09-14 15:50:08.114771489 +0200
	44	@@ -131,6 +131,13 @@
	45	ZEND_GET_MODULE(openssl)
	46	#endif
	47
	48	+/* {{{ OpenSSL compatibility functions and macros */
	49	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined (LIBRESSL_VERSION_NUMBER)
	50	+#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh
	51	+#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa
	52	+#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec
	53	+#endif
	54	+
	55	static int le_key;
	56	static int le_x509;
	57	static int le_csr;
	58	@@ -524,12 +531,14 @@
	59	#endif
	60	if (file == NULL)
	61	file = RAND_file_name(buffer, sizeof(buffer));
	62	+#ifdef HAVE_RAND_EGD
	63	else if (RAND_egd(file) > 0) {
	64	/* if the given filename is an EGD socket, don't
	65	* write anything back to it */
	66	*egdsocket = 1;
	67	return SUCCESS;
	68	}
	69	+#endif
	70	if (file == NULL \|\| !RAND_load_file(file, -1)) {
	71	if (RAND_status() == 0) {
	72	php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to load random state; not enough random data!");
	73	@@ -730,7 +739,7 @@
	74	if (in == NULL)
	75	return NULL;
	76
	77	- cert = (X509 ) PEM_ASN1_read_bio((char (*)())d2i_X509,
	78	+ cert = (X509 ) PEM_ASN1_read_bio((d2i_of_void )d2i_X509,
	79	PEM_STRING_X509, in,
	80	NULL, NULL, NULL);
	81	BIO_free(in);
	82	@@ -868,6 +877,8 @@
	83	{
	84	zval * zcert;
	85	X509 * cert = NULL;
	86	+ X509_NAME *subject_name;
	87	+ char *cert_name;
	88	long certresource = -1;
	89	int i;
	90	zend_bool useshortnames = 1;
	91	@@ -883,11 +894,12 @@
	92
	93	array_init(return_value);
	94
95	- if (cert->name)
96	- add_assoc_string(return_value, "name", cert->name, 1);
97	-/* add_assoc_bool(return_value, "valid", cert->valid); */
98	+ subject_name = X509_get_subject_name(cert);
99	+ cert_name = X509_NAME_oneline(subject_name, NULL, 0);
100	+ add_assoc_string(return_value, "name", cert_name, 1);
101	+ OPENSSL_free(cert_name);
102
103	- add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC);
104	+ add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC);
105	/* hash as used in CA directories to lookup cert by subject name */
106	{
107	char buf[32];
108	@@ -1863,14 +1875,21 @@
109	{
110	assert(pkey != NULL);
111
112	- switch (pkey->type) {
113	+ switch (EVP_PKEY_id(pkey)) {
114	#ifndef NO_RSA
115	case EVP_PKEY_RSA:
116	case EVP_PKEY_RSA2:
117	- assert(pkey->pkey.rsa != NULL);
118	-
119	- if (NULL == pkey->pkey.rsa->p \|\| NULL == pkey->pkey.rsa->q)
120	- return 0;
121	+ {
122	+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
123	+ if (rsa != NULL) {
124	+ const BIGNUM p, q;
125	+
126	+ RSA_get0_factors(rsa, &p, &q);
127	+ if (p == NULL \|\| q == NULL) {
128	+ return 0;
129	+ }
130	+ }
131	+ }
132	break;
133	#endif
134	#ifndef NO_DSA
135	@@ -1879,18 +1898,41 @@
136	case EVP_PKEY_DSA2:
137	case EVP_PKEY_DSA3:
138	case EVP_PKEY_DSA4:
139	- assert(pkey->pkey.dsa != NULL);
140	+ {
141	+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
142	+ if (dsa != NULL) {
143	+ const BIGNUM p, q, g, pub_key, *priv_key;
144	+
145	+ DSA_get0_pqg(dsa, &p, &q, &g);
146	+ if (p == NULL \|\| q == NULL) {
147	+ return 0;
148	+ }
149
150	- if (NULL == pkey->pkey.dsa->p \|\| NULL == pkey->pkey.dsa->q \|\| NULL == pkey->pkey.dsa->priv_key)
151	- return 0;
152	- break;
153	+ DSA_get0_key(dsa, &pub_key, &priv_key);
154	+ if (priv_key == NULL) {
155	+ return 0;
156	+ }
157	+ }
158	+ }
159	#endif
160	#ifndef NO_DH
161	case EVP_PKEY_DH:
162	- assert(pkey->pkey.dh != NULL);
163	+ {
164	+ DH *dh = EVP_PKEY_get0_DH(pkey);
165	+ if (dh != NULL) {
166	+ const BIGNUM p, q, g, pub_key, *priv_key;
167	+
168	+ DH_get0_pqg(dh, &p, &q, &g);
169	+ if (p == NULL) {
170	+ return 0;
171	+ }
172
173	- if (NULL == pkey->pkey.dh->p \|\| NULL == pkey->pkey.dh->priv_key)
174	- return 0;
175	+ DH_get0_key(dh, &pub_key, &priv_key);
176	+ if (priv_key == NULL) {
177	+ return 0;
178	+ }
179	+ }
180	+ }
181	break;
182	#endif
183	default:
184	@@ -2521,13 +2563,13 @@
185	cryptedlen = EVP_PKEY_size(pkey);
186	cryptedbuf = emalloc(cryptedlen + 1);
187
188	- switch (pkey->type) {
189	+ switch (EVP_PKEY_id(pkey)) {
190	case EVP_PKEY_RSA:
191	case EVP_PKEY_RSA2:
192	successful = (RSA_private_encrypt(data_len,
193	data,
194	cryptedbuf,
195	- pkey->pkey.rsa,
196	+ EVP_PKEY_get0_RSA(pkey),
197	padding) == cryptedlen);
198	break;
199	default:
200	@@ -2577,13 +2619,13 @@
201	cryptedlen = EVP_PKEY_size(pkey);
202	crypttemp = emalloc(cryptedlen + 1);
203
204	- switch (pkey->type) {
205	+ switch (EVP_PKEY_id(pkey)) {
206	case EVP_PKEY_RSA:
207	case EVP_PKEY_RSA2:
208	cryptedlen = RSA_private_decrypt(data_len,
209	data,
210	crypttemp,
211	- pkey->pkey.rsa,
212	+ EVP_PKEY_get0_RSA(pkey),
213	padding);
214	if (cryptedlen != -1) {
215	cryptedbuf = emalloc(cryptedlen + 1);
216	@@ -2640,13 +2682,13 @@
217	cryptedlen = EVP_PKEY_size(pkey);
218	cryptedbuf = emalloc(cryptedlen + 1);
219
220	- switch (pkey->type) {
221	+ switch (EVP_PKEY_id(pkey)) {
222	case EVP_PKEY_RSA:
223	case EVP_PKEY_RSA2:
224	successful = (RSA_public_encrypt(data_len,
225	data,
226	cryptedbuf,
227	- pkey->pkey.rsa,
228	+ EVP_PKEY_get0_RSA(pkey),
229	padding) == cryptedlen);
230	break;
231	default:
232	@@ -2697,13 +2739,13 @@
233	cryptedlen = EVP_PKEY_size(pkey);
234	crypttemp = emalloc(cryptedlen + 1);
235
236	- switch (pkey->type) {
237	+ switch (EVP_PKEY_id(pkey)) {
238	case EVP_PKEY_RSA:
239	case EVP_PKEY_RSA2:
240	cryptedlen = RSA_public_decrypt(data_len,
241	data,
242	crypttemp,
243	- pkey->pkey.rsa,
244	+ EVP_PKEY_get0_RSA(pkey),
245	padding);
246	if (cryptedlen != -1) {
247	cryptedbuf = emalloc(cryptedlen + 1);
248	@@ -2767,7 +2809,7 @@
249	unsigned char *sigbuf;
250	long keyresource = -1;
251	char * data; int data_len;
252	- EVP_MD_CTX md_ctx;
253	+ EVP_MD_CTX *md_ctx;
254
255	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz", &data, &data_len, &signature, &key) == FAILURE)
256	return;
257	@@ -2781,9 +2823,11 @@
258	siglen = EVP_PKEY_size(pkey);
259	sigbuf = emalloc(siglen + 1);
260
261	- EVP_SignInit(&md_ctx, EVP_sha1());
262	- EVP_SignUpdate(&md_ctx, data, data_len);
263	- if (EVP_SignFinal (&md_ctx, sigbuf, &siglen, pkey)) {
264	+ md_ctx = EVP_MD_CTX_create();
265	+ if (md_ctx != NULL &&
266	+ EVP_SignInit(md_ctx, EVP_sha1()) &&
267	+ EVP_SignUpdate(md_ctx, data, data_len) &&
268	+ EVP_SignFinal(md_ctx, (unsigned char*)sigbuf, &siglen, pkey)) {
269	zval_dtor(signature);
270	sigbuf[siglen] = '\0';
271	ZVAL_STRINGL(signature, sigbuf, siglen, 0);
272	@@ -2792,6 +2836,7 @@
273	efree(sigbuf);
274	RETVAL_FALSE;
275	}
276	+ EVP_MD_CTX_destroy(md_ctx);
277	if (keyresource == -1)
278	EVP_PKEY_free(pkey);
279	}
280	@@ -2803,8 +2848,8 @@
281	{
282	zval *key;
283	EVP_PKEY *pkey;
284	- int err;
285	- EVP_MD_CTX md_ctx;
286	+ int err = 0;
287	+ EVP_MD_CTX *md_ctx;
288	long keyresource = -1;
289	char * data; int data_len;
290	char * signature; int signature_len;
291	@@ -2819,9 +2864,13 @@
292	RETURN_FALSE;
293	}
294
295	- EVP_VerifyInit (&md_ctx, EVP_sha1());
296	- EVP_VerifyUpdate (&md_ctx, data, data_len);
297	- err = EVP_VerifyFinal (&md_ctx, signature, signature_len, pkey);
298	+ md_ctx = EVP_MD_CTX_create();
299	+ if (md_ctx != NULL) {
300	+ EVP_VerifyInit(md_ctx, EVP_sha1());
301	+ EVP_VerifyUpdate (md_ctx, data, data_len);
302	+ err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey);
303	+ }
304	+ EVP_MD_CTX_destroy(md_ctx);
305
306	if (keyresource == -1)
307	EVP_PKEY_free(pkey);
308	@@ -2842,7 +2891,7 @@
309	int i, len1, len2, *eksl, nkeys;
310	unsigned char buf = NULL, *eks;
311	char * data; int data_len;
312	- EVP_CIPHER_CTX ctx;
313	+ EVP_CIPHER_CTX *ctx;
314
315	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/",
316	&data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE)
317	@@ -2878,7 +2927,9 @@
318	}
319
320	#if OPENSSL_VERSION_NUMBER >= 0x0090600fL
321	- if (!EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL)) {
322	+ ctx = EVP_CIPHER_CTX_new();
323	+ if (ctx == NULL \|\| !EVP_EncryptInit(ctx,EVP_rc4(),NULL,NULL)) {
324	+ EVP_CIPHER_CTX_free(ctx);
325	RETVAL_FALSE;
326	goto clean_exit;
327	}
328	@@ -2892,24 +2943,25 @@
329	iv = ivlen ? emalloc(ivlen + 1) : NULL;
330	#endif
331	/* allocate one byte extra to make room for \0 */
332	- buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
333	+ buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
334
335	- if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys)
336	+ if (!EVP_SealInit(ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys)
337	#if OPENSSL_VERSION_NUMBER >= 0x0090600fL
338	- \|\| !EVP_SealUpdate(&ctx, buf, &len1, data, data_len)
339	+ \|\| !EVP_SealUpdate(ctx, buf, &len1, data, data_len)
340	#endif
341	)
342	{
343	RETVAL_FALSE;
344	efree(buf);
345	+ EVP_CIPHER_CTX_free(ctx);
346	goto clean_exit;
347
348	}
349
350	#if OPENSSL_VERSION_NUMBER < 0x0090600fL
351	- EVP_SealUpdate(&ctx, buf, &len1, data, data_len);
352	+ EVP_SealUpdate(ctx, buf, &len1, data, data_len);
353	#endif
354	- EVP_SealFinal(&ctx, buf + len1, &len2);
355	+ EVP_SealFinal(ctx, buf + len1, &len2);
356
357	if (len1 + len2 > 0) {
358	zval_dtor(sealdata);
359	@@ -2944,6 +2996,7 @@
360	efree(buf);
361
362	RETVAL_LONG(len1 + len2);
363	+ EVP_CIPHER_CTX_free(ctx);
364
365	clean_exit:
366	for (i=0; i<nkeys; i++) {
367	@@ -2968,7 +3021,7 @@
368	int len1, len2;
369	unsigned char *buf;
370	long keyresource = -1;
371	- EVP_CIPHER_CTX ctx;
372	+ EVP_CIPHER_CTX *ctx;
373	char * data; int data_len;
374	char * ekey; int ekey_len;
375
376	@@ -2983,15 +3036,16 @@
377	}
378	buf = emalloc(data_len + 1);
379
380	- if (EVP_OpenInit(&ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey)
381	+ ctx = EVP_CIPHER_CTX_new();
382	+ if (ctx != NULL && EVP_OpenInit(ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey)
383	#if OPENSSL_VERSION_NUMBER >= 0x0090600fL
384	- && EVP_OpenUpdate(&ctx, buf, &len1, data, data_len)
385	+ && EVP_OpenUpdate(ctx, buf, &len1, data, data_len)
386	#endif
387	) {
388	#if OPENSSL_VERSION_NUMBER < 0x0090600fL
389	- EVP_OpenUpdate(&ctx, buf, &len1, data, data_len);
390	+ EVP_OpenUpdate(ctx, buf, &len1, data, data_len);
391	#endif
392	- if (!EVP_OpenFinal(&ctx, buf + len1, &len2) \|\|
393	+ if (!EVP_OpenFinal(ctx, buf + len1, &len2) \|\|
394	(len1 + len2 == 0)) {
395	efree(buf);
396	if (keyresource == -1)
397	@@ -3011,6 +3065,7 @@
398	zval_dtor(opendata);
399	buf[len1 + len2] = '\0';
400	ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
401	+ EVP_CIPHER_CTX_free(ctx);
402	RETURN_TRUE;
403	}
404	/* }}} */