]>
Commit | Line | Data |
---|---|---|
5104523b AM |
1 | --- php-4.4.9/ext/openssl/openssl.c.org 2010-04-11 08:09:20.114283832 +0200 |
2 | +++ php-4.4.9/ext/openssl/openssl.c 2010-04-11 08:08:40.851370731 +0200 | |
3 | @@ -179,8 +179,13 @@ | |
4 | static char default_ssl_conf_filename[MAXPATHLEN]; | |
5 | ||
6 | struct php_x509_request { | |
7 | +#if OPENSSL_VERSION_NUMBER >= 0x10000002L | |
8 | + LHASH_OF(CONF_VALUE) * global_config; /* Global SSL config */ | |
9 | + LHASH_OF(CONF_VALUE) * req_config; /* SSL config for this request */ | |
10 | +#else | |
11 | LHASH * global_config; /* Global SSL config */ | |
12 | LHASH * req_config; /* SSL config for this request */ | |
13 | +#endif | |
14 | const EVP_MD * md_alg; | |
15 | const EVP_MD * digest; | |
16 | char * section_name, | |
17 | @@ -340,7 +345,12 @@ | |
18 | const char * section_label, | |
19 | const char * config_filename, | |
20 | const char * section, | |
21 | - LHASH * config TSRMLS_DC) | |
22 | +#if OPENSSL_VERSION_NUMBER >= 0x10000002L | |
23 | + LHASH_OF(CONF_VALUE) * config TSRMLS_DC | |
24 | +#else | |
25 | + LHASH * config TSRMLS_DC | |
26 | +#endif | |
27 | + ) | |
28 | { | |
29 | X509V3_CTX ctx; | |
30 | ||
472a0c05 AM |
31 | --- php-4.4.9/ext/openssl/config0.m4 2018-09-14 15:52:03.411575594 +0200 |
32 | +++ php-4.4.9.new/ext/openssl/config0.m4 2018-09-14 15:32:01.321716395 +0200 | |
33 | @@ -16,6 +16,8 @@ | |
34 | PHP_SETUP_KERBEROS(OPENSSL_SHARED_LIBADD) | |
35 | fi | |
36 | ||
37 | + AC_CHECK_FUNCS([RAND_egd]) | |
38 | + | |
39 | PHP_SETUP_OPENSSL(OPENSSL_SHARED_LIBADD, | |
40 | [ | |
41 | if test "$ext_shared" = "yes"; then | |
42 | --- php-4.4.9/ext/openssl/openssl.c 2018-09-14 15:52:03.468243972 +0200 | |
43 | +++ php-4.4.9.new/ext/openssl/openssl.c 2018-09-14 15:50:08.114771489 +0200 | |
44 | @@ -131,6 +131,13 @@ | |
45 | ZEND_GET_MODULE(openssl) | |
46 | #endif | |
47 | ||
48 | +/* {{{ OpenSSL compatibility functions and macros */ | |
49 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) | |
50 | +#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh | |
51 | +#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa | |
52 | +#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec | |
53 | +#endif | |
54 | + | |
55 | static int le_key; | |
56 | static int le_x509; | |
57 | static int le_csr; | |
58 | @@ -524,12 +531,14 @@ | |
59 | #endif | |
60 | if (file == NULL) | |
61 | file = RAND_file_name(buffer, sizeof(buffer)); | |
62 | +#ifdef HAVE_RAND_EGD | |
63 | else if (RAND_egd(file) > 0) { | |
64 | /* if the given filename is an EGD socket, don't | |
65 | * write anything back to it */ | |
66 | *egdsocket = 1; | |
67 | return SUCCESS; | |
68 | } | |
69 | +#endif | |
70 | if (file == NULL || !RAND_load_file(file, -1)) { | |
71 | if (RAND_status() == 0) { | |
72 | php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to load random state; not enough random data!"); | |
73 | @@ -730,7 +739,7 @@ | |
74 | if (in == NULL) | |
75 | return NULL; | |
76 | ||
77 | - cert = (X509 *) PEM_ASN1_read_bio((char *(*)())d2i_X509, | |
78 | + cert = (X509 *) PEM_ASN1_read_bio((d2i_of_void *)d2i_X509, | |
79 | PEM_STRING_X509, in, | |
80 | NULL, NULL, NULL); | |
81 | BIO_free(in); | |
82 | @@ -868,6 +877,8 @@ | |
83 | { | |
84 | zval * zcert; | |
85 | X509 * cert = NULL; | |
86 | + X509_NAME *subject_name; | |
87 | + char *cert_name; | |
88 | long certresource = -1; | |
89 | int i; | |
90 | zend_bool useshortnames = 1; | |
91 | @@ -883,11 +894,12 @@ | |
92 | ||
93 | array_init(return_value); | |
94 | ||
95 | - if (cert->name) | |
96 | - add_assoc_string(return_value, "name", cert->name, 1); | |
97 | -/* add_assoc_bool(return_value, "valid", cert->valid); */ | |
98 | + subject_name = X509_get_subject_name(cert); | |
99 | + cert_name = X509_NAME_oneline(subject_name, NULL, 0); | |
100 | + add_assoc_string(return_value, "name", cert_name, 1); | |
101 | + OPENSSL_free(cert_name); | |
102 | ||
103 | - add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC); | |
104 | + add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC); | |
105 | /* hash as used in CA directories to lookup cert by subject name */ | |
106 | { | |
107 | char buf[32]; | |
108 | @@ -1863,14 +1875,21 @@ | |
109 | { | |
110 | assert(pkey != NULL); | |
111 | ||
112 | - switch (pkey->type) { | |
113 | + switch (EVP_PKEY_id(pkey)) { | |
114 | #ifndef NO_RSA | |
115 | case EVP_PKEY_RSA: | |
116 | case EVP_PKEY_RSA2: | |
117 | - assert(pkey->pkey.rsa != NULL); | |
118 | - | |
119 | - if (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q) | |
120 | - return 0; | |
121 | + { | |
122 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
123 | + if (rsa != NULL) { | |
124 | + const BIGNUM *p, *q; | |
125 | + | |
126 | + RSA_get0_factors(rsa, &p, &q); | |
127 | + if (p == NULL || q == NULL) { | |
128 | + return 0; | |
129 | + } | |
130 | + } | |
131 | + } | |
132 | break; | |
133 | #endif | |
134 | #ifndef NO_DSA | |
135 | @@ -1879,18 +1898,41 @@ | |
136 | case EVP_PKEY_DSA2: | |
137 | case EVP_PKEY_DSA3: | |
138 | case EVP_PKEY_DSA4: | |
139 | - assert(pkey->pkey.dsa != NULL); | |
140 | + { | |
141 | + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
142 | + if (dsa != NULL) { | |
143 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
144 | + | |
145 | + DSA_get0_pqg(dsa, &p, &q, &g); | |
146 | + if (p == NULL || q == NULL) { | |
147 | + return 0; | |
148 | + } | |
149 | ||
150 | - if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key) | |
151 | - return 0; | |
152 | - break; | |
153 | + DSA_get0_key(dsa, &pub_key, &priv_key); | |
154 | + if (priv_key == NULL) { | |
155 | + return 0; | |
156 | + } | |
157 | + } | |
158 | + } | |
159 | #endif | |
160 | #ifndef NO_DH | |
161 | case EVP_PKEY_DH: | |
162 | - assert(pkey->pkey.dh != NULL); | |
163 | + { | |
164 | + DH *dh = EVP_PKEY_get0_DH(pkey); | |
165 | + if (dh != NULL) { | |
166 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
167 | + | |
168 | + DH_get0_pqg(dh, &p, &q, &g); | |
169 | + if (p == NULL) { | |
170 | + return 0; | |
171 | + } | |
172 | ||
173 | - if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) | |
174 | - return 0; | |
175 | + DH_get0_key(dh, &pub_key, &priv_key); | |
176 | + if (priv_key == NULL) { | |
177 | + return 0; | |
178 | + } | |
179 | + } | |
180 | + } | |
181 | break; | |
182 | #endif | |
183 | default: | |
184 | @@ -2521,13 +2563,13 @@ | |
185 | cryptedlen = EVP_PKEY_size(pkey); | |
186 | cryptedbuf = emalloc(cryptedlen + 1); | |
187 | ||
188 | - switch (pkey->type) { | |
189 | + switch (EVP_PKEY_id(pkey)) { | |
190 | case EVP_PKEY_RSA: | |
191 | case EVP_PKEY_RSA2: | |
192 | successful = (RSA_private_encrypt(data_len, | |
193 | data, | |
194 | cryptedbuf, | |
195 | - pkey->pkey.rsa, | |
196 | + EVP_PKEY_get0_RSA(pkey), | |
197 | padding) == cryptedlen); | |
198 | break; | |
199 | default: | |
200 | @@ -2577,13 +2619,13 @@ | |
201 | cryptedlen = EVP_PKEY_size(pkey); | |
202 | crypttemp = emalloc(cryptedlen + 1); | |
203 | ||
204 | - switch (pkey->type) { | |
205 | + switch (EVP_PKEY_id(pkey)) { | |
206 | case EVP_PKEY_RSA: | |
207 | case EVP_PKEY_RSA2: | |
208 | cryptedlen = RSA_private_decrypt(data_len, | |
209 | data, | |
210 | crypttemp, | |
211 | - pkey->pkey.rsa, | |
212 | + EVP_PKEY_get0_RSA(pkey), | |
213 | padding); | |
214 | if (cryptedlen != -1) { | |
215 | cryptedbuf = emalloc(cryptedlen + 1); | |
216 | @@ -2640,13 +2682,13 @@ | |
217 | cryptedlen = EVP_PKEY_size(pkey); | |
218 | cryptedbuf = emalloc(cryptedlen + 1); | |
219 | ||
220 | - switch (pkey->type) { | |
221 | + switch (EVP_PKEY_id(pkey)) { | |
222 | case EVP_PKEY_RSA: | |
223 | case EVP_PKEY_RSA2: | |
224 | successful = (RSA_public_encrypt(data_len, | |
225 | data, | |
226 | cryptedbuf, | |
227 | - pkey->pkey.rsa, | |
228 | + EVP_PKEY_get0_RSA(pkey), | |
229 | padding) == cryptedlen); | |
230 | break; | |
231 | default: | |
232 | @@ -2697,13 +2739,13 @@ | |
233 | cryptedlen = EVP_PKEY_size(pkey); | |
234 | crypttemp = emalloc(cryptedlen + 1); | |
235 | ||
236 | - switch (pkey->type) { | |
237 | + switch (EVP_PKEY_id(pkey)) { | |
238 | case EVP_PKEY_RSA: | |
239 | case EVP_PKEY_RSA2: | |
240 | cryptedlen = RSA_public_decrypt(data_len, | |
241 | data, | |
242 | crypttemp, | |
243 | - pkey->pkey.rsa, | |
244 | + EVP_PKEY_get0_RSA(pkey), | |
245 | padding); | |
246 | if (cryptedlen != -1) { | |
247 | cryptedbuf = emalloc(cryptedlen + 1); | |
248 | @@ -2767,7 +2809,7 @@ | |
249 | unsigned char *sigbuf; | |
250 | long keyresource = -1; | |
251 | char * data; int data_len; | |
252 | - EVP_MD_CTX md_ctx; | |
253 | + EVP_MD_CTX *md_ctx; | |
254 | ||
255 | if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz", &data, &data_len, &signature, &key) == FAILURE) | |
256 | return; | |
257 | @@ -2781,9 +2823,11 @@ | |
258 | siglen = EVP_PKEY_size(pkey); | |
259 | sigbuf = emalloc(siglen + 1); | |
260 | ||
261 | - EVP_SignInit(&md_ctx, EVP_sha1()); | |
262 | - EVP_SignUpdate(&md_ctx, data, data_len); | |
263 | - if (EVP_SignFinal (&md_ctx, sigbuf, &siglen, pkey)) { | |
264 | + md_ctx = EVP_MD_CTX_create(); | |
265 | + if (md_ctx != NULL && | |
266 | + EVP_SignInit(md_ctx, EVP_sha1()) && | |
267 | + EVP_SignUpdate(md_ctx, data, data_len) && | |
268 | + EVP_SignFinal(md_ctx, (unsigned char*)sigbuf, &siglen, pkey)) { | |
269 | zval_dtor(signature); | |
270 | sigbuf[siglen] = '\0'; | |
271 | ZVAL_STRINGL(signature, sigbuf, siglen, 0); | |
272 | @@ -2792,6 +2836,7 @@ | |
273 | efree(sigbuf); | |
274 | RETVAL_FALSE; | |
275 | } | |
276 | + EVP_MD_CTX_destroy(md_ctx); | |
277 | if (keyresource == -1) | |
278 | EVP_PKEY_free(pkey); | |
279 | } | |
280 | @@ -2803,8 +2848,8 @@ | |
281 | { | |
282 | zval *key; | |
283 | EVP_PKEY *pkey; | |
284 | - int err; | |
285 | - EVP_MD_CTX md_ctx; | |
286 | + int err = 0; | |
287 | + EVP_MD_CTX *md_ctx; | |
288 | long keyresource = -1; | |
289 | char * data; int data_len; | |
290 | char * signature; int signature_len; | |
291 | @@ -2819,9 +2864,13 @@ | |
292 | RETURN_FALSE; | |
293 | } | |
294 | ||
295 | - EVP_VerifyInit (&md_ctx, EVP_sha1()); | |
296 | - EVP_VerifyUpdate (&md_ctx, data, data_len); | |
297 | - err = EVP_VerifyFinal (&md_ctx, signature, signature_len, pkey); | |
298 | + md_ctx = EVP_MD_CTX_create(); | |
299 | + if (md_ctx != NULL) { | |
300 | + EVP_VerifyInit(md_ctx, EVP_sha1()); | |
301 | + EVP_VerifyUpdate (md_ctx, data, data_len); | |
302 | + err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey); | |
303 | + } | |
304 | + EVP_MD_CTX_destroy(md_ctx); | |
305 | ||
306 | if (keyresource == -1) | |
307 | EVP_PKEY_free(pkey); | |
308 | @@ -2842,7 +2891,7 @@ | |
309 | int i, len1, len2, *eksl, nkeys; | |
310 | unsigned char *buf = NULL, **eks; | |
311 | char * data; int data_len; | |
312 | - EVP_CIPHER_CTX ctx; | |
313 | + EVP_CIPHER_CTX *ctx; | |
314 | ||
315 | if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/", | |
316 | &data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE) | |
317 | @@ -2878,7 +2927,9 @@ | |
318 | } | |
319 | ||
320 | #if OPENSSL_VERSION_NUMBER >= 0x0090600fL | |
321 | - if (!EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL)) { | |
322 | + ctx = EVP_CIPHER_CTX_new(); | |
323 | + if (ctx == NULL || !EVP_EncryptInit(ctx,EVP_rc4(),NULL,NULL)) { | |
324 | + EVP_CIPHER_CTX_free(ctx); | |
325 | RETVAL_FALSE; | |
326 | goto clean_exit; | |
327 | } | |
328 | @@ -2892,24 +2943,25 @@ | |
329 | iv = ivlen ? emalloc(ivlen + 1) : NULL; | |
330 | #endif | |
331 | /* allocate one byte extra to make room for \0 */ | |
332 | - buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx)); | |
333 | + buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx)); | |
334 | ||
335 | - if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys) | |
336 | + if (!EVP_SealInit(ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys) | |
337 | #if OPENSSL_VERSION_NUMBER >= 0x0090600fL | |
338 | - || !EVP_SealUpdate(&ctx, buf, &len1, data, data_len) | |
339 | + || !EVP_SealUpdate(ctx, buf, &len1, data, data_len) | |
340 | #endif | |
341 | ) | |
342 | { | |
343 | RETVAL_FALSE; | |
344 | efree(buf); | |
345 | + EVP_CIPHER_CTX_free(ctx); | |
346 | goto clean_exit; | |
347 | ||
348 | } | |
349 | ||
350 | #if OPENSSL_VERSION_NUMBER < 0x0090600fL | |
351 | - EVP_SealUpdate(&ctx, buf, &len1, data, data_len); | |
352 | + EVP_SealUpdate(ctx, buf, &len1, data, data_len); | |
353 | #endif | |
354 | - EVP_SealFinal(&ctx, buf + len1, &len2); | |
355 | + EVP_SealFinal(ctx, buf + len1, &len2); | |
356 | ||
357 | if (len1 + len2 > 0) { | |
358 | zval_dtor(sealdata); | |
359 | @@ -2944,6 +2996,7 @@ | |
360 | efree(buf); | |
361 | ||
362 | RETVAL_LONG(len1 + len2); | |
363 | + EVP_CIPHER_CTX_free(ctx); | |
364 | ||
365 | clean_exit: | |
366 | for (i=0; i<nkeys; i++) { | |
367 | @@ -2968,7 +3021,7 @@ | |
368 | int len1, len2; | |
369 | unsigned char *buf; | |
370 | long keyresource = -1; | |
371 | - EVP_CIPHER_CTX ctx; | |
372 | + EVP_CIPHER_CTX *ctx; | |
373 | char * data; int data_len; | |
374 | char * ekey; int ekey_len; | |
375 | ||
376 | @@ -2983,15 +3036,16 @@ | |
377 | } | |
378 | buf = emalloc(data_len + 1); | |
379 | ||
380 | - if (EVP_OpenInit(&ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey) | |
381 | + ctx = EVP_CIPHER_CTX_new(); | |
382 | + if (ctx != NULL && EVP_OpenInit(ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey) | |
383 | #if OPENSSL_VERSION_NUMBER >= 0x0090600fL | |
384 | - && EVP_OpenUpdate(&ctx, buf, &len1, data, data_len) | |
385 | + && EVP_OpenUpdate(ctx, buf, &len1, data, data_len) | |
386 | #endif | |
387 | ) { | |
388 | #if OPENSSL_VERSION_NUMBER < 0x0090600fL | |
389 | - EVP_OpenUpdate(&ctx, buf, &len1, data, data_len); | |
390 | + EVP_OpenUpdate(ctx, buf, &len1, data, data_len); | |
391 | #endif | |
392 | - if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || | |
393 | + if (!EVP_OpenFinal(ctx, buf + len1, &len2) || | |
394 | (len1 + len2 == 0)) { | |
395 | efree(buf); | |
396 | if (keyresource == -1) | |
397 | @@ -3011,6 +3065,7 @@ | |
398 | zval_dtor(opendata); | |
399 | buf[len1 + len2] = '\0'; | |
400 | ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); | |
401 | + EVP_CIPHER_CTX_free(ctx); | |
402 | RETURN_TRUE; | |
403 | } | |
404 | /* }}} */ |