--- php-4.4.9/ext/openssl/openssl.c.org	2010-04-11 08:09:20.114283832 +0200
+++ php-4.4.9/ext/openssl/openssl.c	2010-04-11 08:08:40.851370731 +0200
@@ -179,8 +179,13 @@
 static char default_ssl_conf_filename[MAXPATHLEN];
 
 struct php_x509_request {
+#if OPENSSL_VERSION_NUMBER >= 0x10000002L                                                                                                                    
+	LHASH_OF(CONF_VALUE) * global_config;   /* Global SSL config */                                                                                          
+	LHASH_OF(CONF_VALUE) * req_config;      /* SSL config for this request */
+#else
 	LHASH * global_config;	/* Global SSL config */
 	LHASH * req_config;		/* SSL config for this request */
+#endif
 	const EVP_MD * md_alg;
 	const EVP_MD * digest;
 	char	* section_name,
@@ -340,7 +345,12 @@
 		const char * section_label,
 		const char * config_filename,
 		const char * section,
-		LHASH * config TSRMLS_DC)
+#if OPENSSL_VERSION_NUMBER >= 0x10000002L
+		LHASH_OF(CONF_VALUE) * config TSRMLS_DC
+#else
+		LHASH * config TSRMLS_DC
+#endif
+		)
 {
 	X509V3_CTX ctx;
 	
--- php-4.4.9/ext/openssl/config0.m4	2018-09-14 15:52:03.411575594 +0200
+++ php-4.4.9.new/ext/openssl/config0.m4	2018-09-14 15:32:01.321716395 +0200
@@ -16,6 +16,8 @@
     PHP_SETUP_KERBEROS(OPENSSL_SHARED_LIBADD)
   fi
 
+  AC_CHECK_FUNCS([RAND_egd])
+
   PHP_SETUP_OPENSSL(OPENSSL_SHARED_LIBADD, 
   [
     if test "$ext_shared" = "yes"; then
--- php-4.4.9/ext/openssl/openssl.c	2018-09-14 15:52:03.468243972 +0200
+++ php-4.4.9.new/ext/openssl/openssl.c	2018-09-14 15:50:08.114771489 +0200
@@ -131,6 +131,13 @@
 ZEND_GET_MODULE(openssl)
 #endif
 
+/* {{{ OpenSSL compatibility functions and macros */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh
+#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa
+#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec
+#endif
+
 static int le_key;
 static int le_x509;
 static int le_csr;
@@ -524,12 +531,14 @@
 #endif
 	if (file == NULL)
 		file = RAND_file_name(buffer, sizeof(buffer));
+#ifdef HAVE_RAND_EGD
 	else if (RAND_egd(file) > 0) {
 		/* if the given filename is an EGD socket, don't
 		 * write anything back to it */
 		*egdsocket = 1;
 		return SUCCESS;
 	}
+#endif
 	if (file == NULL || !RAND_load_file(file, -1)) {
 		if (RAND_status() == 0) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to load random state; not enough random data!");
@@ -730,7 +739,7 @@
 		if (in == NULL)
 			return NULL;
 
-		cert = (X509 *) PEM_ASN1_read_bio((char *(*)())d2i_X509,
+		cert = (X509 *) PEM_ASN1_read_bio((d2i_of_void *)d2i_X509,
 				PEM_STRING_X509, in,
 				NULL, NULL, NULL);
 		BIO_free(in);
@@ -868,6 +877,8 @@
 {
 	zval * zcert;
 	X509 * cert = NULL;
+	X509_NAME *subject_name;
+	char *cert_name;
 	long certresource = -1;
 	int i;
 	zend_bool useshortnames = 1;
@@ -883,11 +894,12 @@
 
 	array_init(return_value);
 
-	if (cert->name)
-		add_assoc_string(return_value, "name", cert->name, 1);
-/*	add_assoc_bool(return_value, "valid", cert->valid); */
+	subject_name = X509_get_subject_name(cert);
+	cert_name = X509_NAME_oneline(subject_name, NULL, 0);
+	add_assoc_string(return_value, "name", cert_name, 1);
+	OPENSSL_free(cert_name);
 
-	add_assoc_name_entry(return_value, "subject", 		X509_get_subject_name(cert), useshortnames TSRMLS_CC);
+	add_assoc_name_entry(return_value, "subject", 		subject_name, useshortnames TSRMLS_CC);
 	/* hash as used in CA directories to lookup cert by subject name */
 	{
 		char buf[32];
@@ -1863,14 +1875,21 @@
 {
 	assert(pkey != NULL);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 #ifndef NO_RSA
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
-			assert(pkey->pkey.rsa != NULL);
-
-			if (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)
-				return 0;
+			{
+				RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+				if (rsa != NULL) {
+					const BIGNUM *p, *q;
+
+					RSA_get0_factors(rsa, &p, &q);
+					if (p == NULL || q == NULL) {
+						return 0;
+					}
+				}
+			}
 			break;
 #endif
 #ifndef NO_DSA
@@ -1879,18 +1898,41 @@
 		case EVP_PKEY_DSA2:
 		case EVP_PKEY_DSA3:
 		case EVP_PKEY_DSA4:
-			assert(pkey->pkey.dsa != NULL);
+			{
+				DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+				if (dsa != NULL) {
+					const BIGNUM *p, *q, *g, *pub_key, *priv_key;
+
+					DSA_get0_pqg(dsa, &p, &q, &g);
+					if (p == NULL || q == NULL) {
+						return 0;
+					}
 
-			if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key)
-				return 0;
-			break;
+					DSA_get0_key(dsa, &pub_key, &priv_key);
+					if (priv_key == NULL) {
+						return 0;
+					}
+				}
+			}
 #endif
 #ifndef NO_DH
 		case EVP_PKEY_DH:
-			assert(pkey->pkey.dh != NULL);
+			{
+				DH *dh = EVP_PKEY_get0_DH(pkey);
+				if (dh != NULL) {
+					const BIGNUM *p, *q, *g, *pub_key, *priv_key;
+
+					DH_get0_pqg(dh, &p, &q, &g);
+					if (p == NULL) {
+						return 0;
+					}
 
-			if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key)
-				return 0;
+					DH_get0_key(dh, &pub_key, &priv_key);
+					if (priv_key == NULL) {
+						return 0;
+					}
+				}
+			}
 			break;
 #endif
 		default:
@@ -2521,13 +2563,13 @@
 	cryptedlen = EVP_PKEY_size(pkey);
 	cryptedbuf = emalloc(cryptedlen + 1);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
 			successful =  (RSA_private_encrypt(data_len, 
 						data, 
 						cryptedbuf, 
-						pkey->pkey.rsa, 
+						EVP_PKEY_get0_RSA(pkey),
 						padding) == cryptedlen);
 			break;
 		default:
@@ -2577,13 +2619,13 @@
 	cryptedlen = EVP_PKEY_size(pkey);
 	crypttemp = emalloc(cryptedlen + 1);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
 			cryptedlen = RSA_private_decrypt(data_len, 
 					data, 
 					crypttemp, 
-					pkey->pkey.rsa, 
+					EVP_PKEY_get0_RSA(pkey),
 					padding);
 			if (cryptedlen != -1) {
 				cryptedbuf = emalloc(cryptedlen + 1);
@@ -2640,13 +2682,13 @@
 	cryptedlen = EVP_PKEY_size(pkey);
 	cryptedbuf = emalloc(cryptedlen + 1);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
 			successful = (RSA_public_encrypt(data_len, 
 						data, 
 						cryptedbuf, 
-						pkey->pkey.rsa, 
+						EVP_PKEY_get0_RSA(pkey),
 						padding) == cryptedlen);
 			break;
 		default:
@@ -2697,13 +2739,13 @@
 	cryptedlen = EVP_PKEY_size(pkey);
 	crypttemp = emalloc(cryptedlen + 1);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
 			cryptedlen = RSA_public_decrypt(data_len, 
 					data, 
 					crypttemp, 
-					pkey->pkey.rsa, 
+					EVP_PKEY_get0_RSA(pkey),
 					padding);
 			if (cryptedlen != -1) {
 				cryptedbuf = emalloc(cryptedlen + 1);
@@ -2767,7 +2809,7 @@
 	unsigned char *sigbuf;
 	long keyresource = -1;
 	char * data;	int data_len;
-	EVP_MD_CTX md_ctx;
+	EVP_MD_CTX *md_ctx;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz", &data, &data_len, &signature, &key) == FAILURE)
 		return;
@@ -2781,9 +2823,11 @@
 	siglen = EVP_PKEY_size(pkey);
 	sigbuf = emalloc(siglen + 1);
 
-	EVP_SignInit(&md_ctx, EVP_sha1());
-	EVP_SignUpdate(&md_ctx, data, data_len);
-	if (EVP_SignFinal (&md_ctx, sigbuf, &siglen, pkey)) {
+	md_ctx = EVP_MD_CTX_create();
+	if (md_ctx != NULL &&
+		EVP_SignInit(md_ctx, EVP_sha1()) &&
+		EVP_SignUpdate(md_ctx, data, data_len) &&
+		EVP_SignFinal(md_ctx, (unsigned char*)sigbuf, &siglen, pkey)) {
 		zval_dtor(signature);
 		sigbuf[siglen] = '\0';
 		ZVAL_STRINGL(signature, sigbuf, siglen, 0);
@@ -2792,6 +2836,7 @@
 		efree(sigbuf);
 		RETVAL_FALSE;
 	}
+	EVP_MD_CTX_destroy(md_ctx);
 	if (keyresource == -1)
 		EVP_PKEY_free(pkey);
 }
@@ -2803,8 +2848,8 @@
 {
 	zval *key;
 	EVP_PKEY *pkey;
-	int err;
-	EVP_MD_CTX     md_ctx;
+	int err = 0;
+	EVP_MD_CTX     *md_ctx;
 	long keyresource = -1;
 	char * data;	int data_len;
 	char * signature;	int signature_len;
@@ -2819,9 +2864,13 @@
 		RETURN_FALSE;
 	}
 
-	EVP_VerifyInit   (&md_ctx, EVP_sha1());
-	EVP_VerifyUpdate (&md_ctx, data, data_len);
-	err = EVP_VerifyFinal (&md_ctx, signature, signature_len, pkey);
+	md_ctx = EVP_MD_CTX_create();
+	if (md_ctx != NULL) {
+		EVP_VerifyInit(md_ctx, EVP_sha1());
+		EVP_VerifyUpdate (md_ctx, data, data_len);
+		err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey);
+	}
+	EVP_MD_CTX_destroy(md_ctx);
 
 	if (keyresource == -1)
 		EVP_PKEY_free(pkey);
@@ -2842,7 +2891,7 @@
 	int i, len1, len2, *eksl, nkeys;
 	unsigned char *buf = NULL, **eks;
 	char * data; int data_len;
-	EVP_CIPHER_CTX ctx;
+	EVP_CIPHER_CTX *ctx;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/",
 				&data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE)
@@ -2878,7 +2927,9 @@
 	}
 
 #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
-	if (!EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL)) {
+	ctx = EVP_CIPHER_CTX_new();
+	if (ctx == NULL || !EVP_EncryptInit(ctx,EVP_rc4(),NULL,NULL)) {
+		EVP_CIPHER_CTX_free(ctx);
 		RETVAL_FALSE;
 		goto clean_exit;
 	}
@@ -2892,24 +2943,25 @@
 	iv = ivlen ? emalloc(ivlen + 1) : NULL;
 #endif
 	/* allocate one byte extra to make room for \0 */
-	buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
+	buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
 
-	if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys)
+	if (!EVP_SealInit(ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys)
 #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
-			|| !EVP_SealUpdate(&ctx, buf, &len1, data, data_len)
+			|| !EVP_SealUpdate(ctx, buf, &len1, data, data_len)
 #endif
 		) 
 	{
 		RETVAL_FALSE;
 		efree(buf);
+		EVP_CIPHER_CTX_free(ctx);
 		goto clean_exit;
 
 	}
 
 #if OPENSSL_VERSION_NUMBER < 0x0090600fL
-	EVP_SealUpdate(&ctx, buf, &len1, data, data_len);
+	EVP_SealUpdate(ctx, buf, &len1, data, data_len);
 #endif
-	EVP_SealFinal(&ctx, buf + len1, &len2);
+	EVP_SealFinal(ctx, buf + len1, &len2);
 
 	if (len1 + len2 > 0) {
 		zval_dtor(sealdata);
@@ -2944,6 +2996,7 @@
 		efree(buf);
 
 	RETVAL_LONG(len1 + len2);
+	EVP_CIPHER_CTX_free(ctx);
 
 clean_exit:
 	for (i=0; i<nkeys; i++) {
@@ -2968,7 +3021,7 @@
 	int len1, len2;
 	unsigned char *buf;
 	long keyresource = -1;
-	EVP_CIPHER_CTX ctx;
+	EVP_CIPHER_CTX *ctx;
 	char * data;	int data_len;
 	char * ekey;	int ekey_len;
 
@@ -2983,15 +3036,16 @@
 	}
 	buf = emalloc(data_len + 1);
 
-	if (EVP_OpenInit(&ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey)
+	ctx = EVP_CIPHER_CTX_new();
+	if (ctx != NULL && EVP_OpenInit(ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey)
 #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
-			&& EVP_OpenUpdate(&ctx, buf, &len1, data, data_len)
+			&& EVP_OpenUpdate(ctx, buf, &len1, data, data_len)
 #endif
 		) {
 #if OPENSSL_VERSION_NUMBER < 0x0090600fL
-		EVP_OpenUpdate(&ctx, buf, &len1, data, data_len);
+		EVP_OpenUpdate(ctx, buf, &len1, data, data_len);
 #endif
-		if (!EVP_OpenFinal(&ctx, buf + len1, &len2) ||
+		if (!EVP_OpenFinal(ctx, buf + len1, &len2) ||
 				(len1 + len2 == 0)) {
 			efree(buf);
 			if (keyresource == -1)
@@ -3011,6 +3065,7 @@
 	zval_dtor(opendata);
 	buf[len1 + len2] = '\0';
 	ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
+	EVP_CIPHER_CTX_free(ctx);
 	RETURN_TRUE;
 }
 /* }}} */