1 --- php-4.4.9/ext/openssl/openssl.c.org 2010-04-11 08:09:20.114283832 +0200
2 +++ php-4.4.9/ext/openssl/openssl.c 2010-04-11 08:08:40.851370731 +0200
4 static char default_ssl_conf_filename[MAXPATHLEN];
6 struct php_x509_request {
7 +#if OPENSSL_VERSION_NUMBER >= 0x10000002L
8 + LHASH_OF(CONF_VALUE) * global_config; /* Global SSL config */
9 + LHASH_OF(CONF_VALUE) * req_config; /* SSL config for this request */
11 LHASH * global_config; /* Global SSL config */
12 LHASH * req_config; /* SSL config for this request */
14 const EVP_MD * md_alg;
15 const EVP_MD * digest;
18 const char * section_label,
19 const char * config_filename,
21 - LHASH * config TSRMLS_DC)
22 +#if OPENSSL_VERSION_NUMBER >= 0x10000002L
23 + LHASH_OF(CONF_VALUE) * config TSRMLS_DC
25 + LHASH * config TSRMLS_DC
31 --- php-4.4.9/ext/openssl/config0.m4 2018-09-14 15:52:03.411575594 +0200
32 +++ php-4.4.9.new/ext/openssl/config0.m4 2018-09-14 15:32:01.321716395 +0200
34 PHP_SETUP_KERBEROS(OPENSSL_SHARED_LIBADD)
37 + AC_CHECK_FUNCS([RAND_egd])
39 PHP_SETUP_OPENSSL(OPENSSL_SHARED_LIBADD,
41 if test "$ext_shared" = "yes"; then
42 --- php-4.4.9/ext/openssl/openssl.c 2018-09-14 15:52:03.468243972 +0200
43 +++ php-4.4.9.new/ext/openssl/openssl.c 2018-09-14 15:50:08.114771489 +0200
45 ZEND_GET_MODULE(openssl)
48 +/* {{{ OpenSSL compatibility functions and macros */
49 +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
50 +#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh
51 +#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa
52 +#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec
61 file = RAND_file_name(buffer, sizeof(buffer));
63 else if (RAND_egd(file) > 0) {
64 /* if the given filename is an EGD socket, don't
65 * write anything back to it */
70 if (file == NULL || !RAND_load_file(file, -1)) {
71 if (RAND_status() == 0) {
72 php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to load random state; not enough random data!");
77 - cert = (X509 *) PEM_ASN1_read_bio((char *(*)())d2i_X509,
78 + cert = (X509 *) PEM_ASN1_read_bio((d2i_of_void *)d2i_X509,
86 + X509_NAME *subject_name;
88 long certresource = -1;
90 zend_bool useshortnames = 1;
93 array_init(return_value);
96 - add_assoc_string(return_value, "name", cert->name, 1);
97 -/* add_assoc_bool(return_value, "valid", cert->valid); */
98 + subject_name = X509_get_subject_name(cert);
99 + cert_name = X509_NAME_oneline(subject_name, NULL, 0);
100 + add_assoc_string(return_value, "name", cert_name, 1);
101 + OPENSSL_free(cert_name);
103 - add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC);
104 + add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC);
105 /* hash as used in CA directories to lookup cert by subject name */
108 @@ -1863,14 +1875,21 @@
110 assert(pkey != NULL);
112 - switch (pkey->type) {
113 + switch (EVP_PKEY_id(pkey)) {
117 - assert(pkey->pkey.rsa != NULL);
119 - if (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)
122 + RSA *rsa = EVP_PKEY_get0_RSA(pkey);
124 + const BIGNUM *p, *q;
126 + RSA_get0_factors(rsa, &p, &q);
127 + if (p == NULL || q == NULL) {
135 @@ -1879,18 +1898,41 @@
139 - assert(pkey->pkey.dsa != NULL);
141 + DSA *dsa = EVP_PKEY_get0_DSA(pkey);
143 + const BIGNUM *p, *q, *g, *pub_key, *priv_key;
145 + DSA_get0_pqg(dsa, &p, &q, &g);
146 + if (p == NULL || q == NULL) {
150 - if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key)
153 + DSA_get0_key(dsa, &pub_key, &priv_key);
154 + if (priv_key == NULL) {
162 - assert(pkey->pkey.dh != NULL);
164 + DH *dh = EVP_PKEY_get0_DH(pkey);
166 + const BIGNUM *p, *q, *g, *pub_key, *priv_key;
168 + DH_get0_pqg(dh, &p, &q, &g);
173 - if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key)
175 + DH_get0_key(dh, &pub_key, &priv_key);
176 + if (priv_key == NULL) {
184 @@ -2521,13 +2563,13 @@
185 cryptedlen = EVP_PKEY_size(pkey);
186 cryptedbuf = emalloc(cryptedlen + 1);
188 - switch (pkey->type) {
189 + switch (EVP_PKEY_id(pkey)) {
192 successful = (RSA_private_encrypt(data_len,
196 + EVP_PKEY_get0_RSA(pkey),
197 padding) == cryptedlen);
200 @@ -2577,13 +2619,13 @@
201 cryptedlen = EVP_PKEY_size(pkey);
202 crypttemp = emalloc(cryptedlen + 1);
204 - switch (pkey->type) {
205 + switch (EVP_PKEY_id(pkey)) {
208 cryptedlen = RSA_private_decrypt(data_len,
212 + EVP_PKEY_get0_RSA(pkey),
214 if (cryptedlen != -1) {
215 cryptedbuf = emalloc(cryptedlen + 1);
216 @@ -2640,13 +2682,13 @@
217 cryptedlen = EVP_PKEY_size(pkey);
218 cryptedbuf = emalloc(cryptedlen + 1);
220 - switch (pkey->type) {
221 + switch (EVP_PKEY_id(pkey)) {
224 successful = (RSA_public_encrypt(data_len,
228 + EVP_PKEY_get0_RSA(pkey),
229 padding) == cryptedlen);
232 @@ -2697,13 +2739,13 @@
233 cryptedlen = EVP_PKEY_size(pkey);
234 crypttemp = emalloc(cryptedlen + 1);
236 - switch (pkey->type) {
237 + switch (EVP_PKEY_id(pkey)) {
240 cryptedlen = RSA_public_decrypt(data_len,
244 + EVP_PKEY_get0_RSA(pkey),
246 if (cryptedlen != -1) {
247 cryptedbuf = emalloc(cryptedlen + 1);
248 @@ -2767,7 +2809,7 @@
249 unsigned char *sigbuf;
250 long keyresource = -1;
251 char * data; int data_len;
253 + EVP_MD_CTX *md_ctx;
255 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz", &data, &data_len, &signature, &key) == FAILURE)
257 @@ -2781,9 +2823,11 @@
258 siglen = EVP_PKEY_size(pkey);
259 sigbuf = emalloc(siglen + 1);
261 - EVP_SignInit(&md_ctx, EVP_sha1());
262 - EVP_SignUpdate(&md_ctx, data, data_len);
263 - if (EVP_SignFinal (&md_ctx, sigbuf, &siglen, pkey)) {
264 + md_ctx = EVP_MD_CTX_create();
265 + if (md_ctx != NULL &&
266 + EVP_SignInit(md_ctx, EVP_sha1()) &&
267 + EVP_SignUpdate(md_ctx, data, data_len) &&
268 + EVP_SignFinal(md_ctx, (unsigned char*)sigbuf, &siglen, pkey)) {
269 zval_dtor(signature);
270 sigbuf[siglen] = '\0';
271 ZVAL_STRINGL(signature, sigbuf, siglen, 0);
272 @@ -2792,6 +2836,7 @@
276 + EVP_MD_CTX_destroy(md_ctx);
277 if (keyresource == -1)
280 @@ -2803,8 +2848,8 @@
287 + EVP_MD_CTX *md_ctx;
288 long keyresource = -1;
289 char * data; int data_len;
290 char * signature; int signature_len;
291 @@ -2819,9 +2864,13 @@
295 - EVP_VerifyInit (&md_ctx, EVP_sha1());
296 - EVP_VerifyUpdate (&md_ctx, data, data_len);
297 - err = EVP_VerifyFinal (&md_ctx, signature, signature_len, pkey);
298 + md_ctx = EVP_MD_CTX_create();
299 + if (md_ctx != NULL) {
300 + EVP_VerifyInit(md_ctx, EVP_sha1());
301 + EVP_VerifyUpdate (md_ctx, data, data_len);
302 + err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey);
304 + EVP_MD_CTX_destroy(md_ctx);
306 if (keyresource == -1)
308 @@ -2842,7 +2891,7 @@
309 int i, len1, len2, *eksl, nkeys;
310 unsigned char *buf = NULL, **eks;
311 char * data; int data_len;
312 - EVP_CIPHER_CTX ctx;
313 + EVP_CIPHER_CTX *ctx;
315 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/",
316 &data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE)
317 @@ -2878,7 +2927,9 @@
320 #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
321 - if (!EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL)) {
322 + ctx = EVP_CIPHER_CTX_new();
323 + if (ctx == NULL || !EVP_EncryptInit(ctx,EVP_rc4(),NULL,NULL)) {
324 + EVP_CIPHER_CTX_free(ctx);
328 @@ -2892,24 +2943,25 @@
329 iv = ivlen ? emalloc(ivlen + 1) : NULL;
331 /* allocate one byte extra to make room for \0 */
332 - buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
333 + buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
335 - if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys)
336 + if (!EVP_SealInit(ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys)
337 #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
338 - || !EVP_SealUpdate(&ctx, buf, &len1, data, data_len)
339 + || !EVP_SealUpdate(ctx, buf, &len1, data, data_len)
345 + EVP_CIPHER_CTX_free(ctx);
350 #if OPENSSL_VERSION_NUMBER < 0x0090600fL
351 - EVP_SealUpdate(&ctx, buf, &len1, data, data_len);
352 + EVP_SealUpdate(ctx, buf, &len1, data, data_len);
354 - EVP_SealFinal(&ctx, buf + len1, &len2);
355 + EVP_SealFinal(ctx, buf + len1, &len2);
357 if (len1 + len2 > 0) {
359 @@ -2944,6 +2996,7 @@
362 RETVAL_LONG(len1 + len2);
363 + EVP_CIPHER_CTX_free(ctx);
366 for (i=0; i<nkeys; i++) {
367 @@ -2968,7 +3021,7 @@
370 long keyresource = -1;
371 - EVP_CIPHER_CTX ctx;
372 + EVP_CIPHER_CTX *ctx;
373 char * data; int data_len;
374 char * ekey; int ekey_len;
376 @@ -2983,15 +3036,16 @@
378 buf = emalloc(data_len + 1);
380 - if (EVP_OpenInit(&ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey)
381 + ctx = EVP_CIPHER_CTX_new();
382 + if (ctx != NULL && EVP_OpenInit(ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey)
383 #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
384 - && EVP_OpenUpdate(&ctx, buf, &len1, data, data_len)
385 + && EVP_OpenUpdate(ctx, buf, &len1, data, data_len)
388 #if OPENSSL_VERSION_NUMBER < 0x0090600fL
389 - EVP_OpenUpdate(&ctx, buf, &len1, data, data_len);
390 + EVP_OpenUpdate(ctx, buf, &len1, data, data_len);
392 - if (!EVP_OpenFinal(&ctx, buf + len1, &len2) ||
393 + if (!EVP_OpenFinal(ctx, buf + len1, &len2) ||
394 (len1 + len2 == 0)) {
396 if (keyresource == -1)
397 @@ -3011,6 +3065,7 @@
399 buf[len1 + len2] = '\0';
400 ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
401 + EVP_CIPHER_CTX_free(ctx);