- rel 59; openssl 1.1.1 support

author Arkadiusz Miśkiewicz <arekm@maven.pl>

Fri, 14 Sep 2018 13:56:19 +0000 (15:56 +0200)

committer Arkadiusz Miśkiewicz <arekm@maven.pl>

Fri, 14 Sep 2018 13:56:19 +0000 (15:56 +0200)
author Arkadiusz Miśkiewicz <arekm@maven.pl>
Fri, 14 Sep 2018 13:56:19 +0000 (15:56 +0200)
committer Arkadiusz Miśkiewicz <arekm@maven.pl>
Fri, 14 Sep 2018 13:56:19 +0000 (15:56 +0200)
diff --git a/php4-openssl.patch b/php4-openssl.patch

index 0171cd66dbee6a1f0526435e29b5223678709d73..a9bd276125b1e17ce51e23e5d0ded8ab4e21baf2 100644 (file)
--- a/php4-openssl.patch
+++ b/php4-openssl.patch
@@ -28,3 +28,377 @@
   {
         X509V3_CTX ctx;
         
+--- php-4.4.9/ext/openssl/config0.m4   2018-09-14 15:52:03.411575594 +0200
++++ php-4.4.9.new/ext/openssl/config0.m4       2018-09-14 15:32:01.321716395 +0200
+@@ -16,6 +16,8 @@
+     PHP_SETUP_KERBEROS(OPENSSL_SHARED_LIBADD)
+   fi
+ 
++  AC_CHECK_FUNCS([RAND_egd])
++
+   PHP_SETUP_OPENSSL(OPENSSL_SHARED_LIBADD, 
+   [
+     if test "$ext_shared" = "yes"; then
+--- php-4.4.9/ext/openssl/openssl.c    2018-09-14 15:52:03.468243972 +0200
++++ php-4.4.9.new/ext/openssl/openssl.c        2018-09-14 15:50:08.114771489 +0200
+@@ -131,6 +131,13 @@
+ ZEND_GET_MODULE(openssl)
+ #endif
+ 
++/* {{{ OpenSSL compatibility functions and macros */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
++#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh
++#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa
++#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec
++#endif
++
+ static int le_key;
+ static int le_x509;
+ static int le_csr;
+@@ -524,12 +531,14 @@
+ #endif
+       if (file == NULL)
+               file = RAND_file_name(buffer, sizeof(buffer));
++#ifdef HAVE_RAND_EGD
+       else if (RAND_egd(file) > 0) {
+               /* if the given filename is an EGD socket, don't
+                * write anything back to it */
+               *egdsocket = 1;
+               return SUCCESS;
+       }
++#endif
+       if (file == NULL || !RAND_load_file(file, -1)) {
+               if (RAND_status() == 0) {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to load random state; not enough random data!");
+@@ -730,7 +739,7 @@
+               if (in == NULL)
+                       return NULL;
+ 
+-              cert = (X509 *) PEM_ASN1_read_bio((char *(*)())d2i_X509,
++              cert = (X509 *) PEM_ASN1_read_bio((d2i_of_void *)d2i_X509,
+                               PEM_STRING_X509, in,
+                               NULL, NULL, NULL);
+               BIO_free(in);
+@@ -868,6 +877,8 @@
+ {
+       zval * zcert;
+       X509 * cert = NULL;
++      X509_NAME *subject_name;
++      char *cert_name;
+       long certresource = -1;
+       int i;
+       zend_bool useshortnames = 1;
+@@ -883,11 +894,12 @@
+ 
+       array_init(return_value);
+ 
+-      if (cert->name)
+-              add_assoc_string(return_value, "name", cert->name, 1);
+-/*    add_assoc_bool(return_value, "valid", cert->valid); */
++      subject_name = X509_get_subject_name(cert);
++      cert_name = X509_NAME_oneline(subject_name, NULL, 0);
++      add_assoc_string(return_value, "name", cert_name, 1);
++      OPENSSL_free(cert_name);
+ 
+-      add_assoc_name_entry(return_value, "subject",           X509_get_subject_name(cert), useshortnames TSRMLS_CC);
++      add_assoc_name_entry(return_value, "subject",           subject_name, useshortnames TSRMLS_CC);
+       /* hash as used in CA directories to lookup cert by subject name */
+       {
+               char buf[32];
+@@ -1863,14 +1875,21 @@
+ {
+       assert(pkey != NULL);
+ 
+-      switch (pkey->type) {
++      switch (EVP_PKEY_id(pkey)) {
+ #ifndef NO_RSA
+               case EVP_PKEY_RSA:
+               case EVP_PKEY_RSA2:
+-                      assert(pkey->pkey.rsa != NULL);
+-
+-                      if (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)
+-                              return 0;
++                      {
++                              RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++                              if (rsa != NULL) {
++                                      const BIGNUM *p, *q;
++
++                                      RSA_get0_factors(rsa, &p, &q);
++                                      if (p == NULL || q == NULL) {
++                                              return 0;
++                                      }
++                              }
++                      }
+                       break;
+ #endif
+ #ifndef NO_DSA
+@@ -1879,18 +1898,41 @@
+               case EVP_PKEY_DSA2:
+               case EVP_PKEY_DSA3:
+               case EVP_PKEY_DSA4:
+-                      assert(pkey->pkey.dsa != NULL);
++                      {
++                              DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++                              if (dsa != NULL) {
++                                      const BIGNUM *p, *q, *g, *pub_key, *priv_key;
++
++                                      DSA_get0_pqg(dsa, &p, &q, &g);
++                                      if (p == NULL || q == NULL) {
++                                              return 0;
++                                      }
+ 
+-                      if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key)
+-                              return 0;
+-                      break;
++                                      DSA_get0_key(dsa, &pub_key, &priv_key);
++                                      if (priv_key == NULL) {
++                                              return 0;
++                                      }
++                              }
++                      }
+ #endif
+ #ifndef NO_DH
+               case EVP_PKEY_DH:
+-                      assert(pkey->pkey.dh != NULL);
++                      {
++                              DH *dh = EVP_PKEY_get0_DH(pkey);
++                              if (dh != NULL) {
++                                      const BIGNUM *p, *q, *g, *pub_key, *priv_key;
++
++                                      DH_get0_pqg(dh, &p, &q, &g);
++                                      if (p == NULL) {
++                                              return 0;
++                                      }
+ 
+-                      if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key)
+-                              return 0;
++                                      DH_get0_key(dh, &pub_key, &priv_key);
++                                      if (priv_key == NULL) {
++                                              return 0;
++                                      }
++                              }
++                      }
+                       break;
+ #endif
+               default:
+@@ -2521,13 +2563,13 @@
+       cryptedlen = EVP_PKEY_size(pkey);
+       cryptedbuf = emalloc(cryptedlen + 1);
+ 
+-      switch (pkey->type) {
++      switch (EVP_PKEY_id(pkey)) {
+               case EVP_PKEY_RSA:
+               case EVP_PKEY_RSA2:
+                       successful =  (RSA_private_encrypt(data_len, 
+                                               data, 
+                                               cryptedbuf, 
+-                                              pkey->pkey.rsa, 
++                                              EVP_PKEY_get0_RSA(pkey),
+                                               padding) == cryptedlen);
+                       break;
+               default:
+@@ -2577,13 +2619,13 @@
+       cryptedlen = EVP_PKEY_size(pkey);
+       crypttemp = emalloc(cryptedlen + 1);
+ 
+-      switch (pkey->type) {
++      switch (EVP_PKEY_id(pkey)) {
+               case EVP_PKEY_RSA:
+               case EVP_PKEY_RSA2:
+                       cryptedlen = RSA_private_decrypt(data_len, 
+                                       data, 
+                                       crypttemp, 
+-                                      pkey->pkey.rsa, 
++                                      EVP_PKEY_get0_RSA(pkey),
+                                       padding);
+                       if (cryptedlen != -1) {
+                               cryptedbuf = emalloc(cryptedlen + 1);
+@@ -2640,13 +2682,13 @@
+       cryptedlen = EVP_PKEY_size(pkey);
+       cryptedbuf = emalloc(cryptedlen + 1);
+ 
+-      switch (pkey->type) {
++      switch (EVP_PKEY_id(pkey)) {
+               case EVP_PKEY_RSA:
+               case EVP_PKEY_RSA2:
+                       successful = (RSA_public_encrypt(data_len, 
+                                               data, 
+                                               cryptedbuf, 
+-                                              pkey->pkey.rsa, 
++                                              EVP_PKEY_get0_RSA(pkey),
+                                               padding) == cryptedlen);
+                       break;
+               default:
+@@ -2697,13 +2739,13 @@
+       cryptedlen = EVP_PKEY_size(pkey);
+       crypttemp = emalloc(cryptedlen + 1);
+ 
+-      switch (pkey->type) {
++      switch (EVP_PKEY_id(pkey)) {
+               case EVP_PKEY_RSA:
+               case EVP_PKEY_RSA2:
+                       cryptedlen = RSA_public_decrypt(data_len, 
+                                       data, 
+                                       crypttemp, 
+-                                      pkey->pkey.rsa, 
++                                      EVP_PKEY_get0_RSA(pkey),
+                                       padding);
+                       if (cryptedlen != -1) {
+                               cryptedbuf = emalloc(cryptedlen + 1);
+@@ -2767,7 +2809,7 @@
+       unsigned char *sigbuf;
+       long keyresource = -1;
+       char * data;    int data_len;
+-      EVP_MD_CTX md_ctx;
++      EVP_MD_CTX *md_ctx;
+ 
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz", &data, &data_len, &signature, &key) == FAILURE)
+               return;
+@@ -2781,9 +2823,11 @@
+       siglen = EVP_PKEY_size(pkey);
+       sigbuf = emalloc(siglen + 1);
+ 
+-      EVP_SignInit(&md_ctx, EVP_sha1());
+-      EVP_SignUpdate(&md_ctx, data, data_len);
+-      if (EVP_SignFinal (&md_ctx, sigbuf, &siglen, pkey)) {
++      md_ctx = EVP_MD_CTX_create();
++      if (md_ctx != NULL &&
++              EVP_SignInit(md_ctx, EVP_sha1()) &&
++              EVP_SignUpdate(md_ctx, data, data_len) &&
++              EVP_SignFinal(md_ctx, (unsigned char*)sigbuf, &siglen, pkey)) {
+               zval_dtor(signature);
+               sigbuf[siglen] = '\0';
+               ZVAL_STRINGL(signature, sigbuf, siglen, 0);
+@@ -2792,6 +2836,7 @@
+               efree(sigbuf);
+               RETVAL_FALSE;
+       }
++      EVP_MD_CTX_destroy(md_ctx);
+       if (keyresource == -1)
+               EVP_PKEY_free(pkey);
+ }
+@@ -2803,8 +2848,8 @@
+ {
+       zval *key;
+       EVP_PKEY *pkey;
+-      int err;
+-      EVP_MD_CTX     md_ctx;
++      int err = 0;
++      EVP_MD_CTX     *md_ctx;
+       long keyresource = -1;
+       char * data;    int data_len;
+       char * signature;       int signature_len;
+@@ -2819,9 +2864,13 @@
+               RETURN_FALSE;
+       }
+ 
+-      EVP_VerifyInit   (&md_ctx, EVP_sha1());
+-      EVP_VerifyUpdate (&md_ctx, data, data_len);
+-      err = EVP_VerifyFinal (&md_ctx, signature, signature_len, pkey);
++      md_ctx = EVP_MD_CTX_create();
++      if (md_ctx != NULL) {
++              EVP_VerifyInit(md_ctx, EVP_sha1());
++              EVP_VerifyUpdate (md_ctx, data, data_len);
++              err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey);
++      }
++      EVP_MD_CTX_destroy(md_ctx);
+ 
+       if (keyresource == -1)
+               EVP_PKEY_free(pkey);
+@@ -2842,7 +2891,7 @@
+       int i, len1, len2, *eksl, nkeys;
+       unsigned char *buf = NULL, **eks;
+       char * data; int data_len;
+-      EVP_CIPHER_CTX ctx;
++      EVP_CIPHER_CTX *ctx;
+ 
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/",
+                               &data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE)
+@@ -2878,7 +2927,9 @@
+       }
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
+-      if (!EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL)) {
++      ctx = EVP_CIPHER_CTX_new();
++      if (ctx == NULL || !EVP_EncryptInit(ctx,EVP_rc4(),NULL,NULL)) {
++              EVP_CIPHER_CTX_free(ctx);
+               RETVAL_FALSE;
+               goto clean_exit;
+       }
+@@ -2892,24 +2943,25 @@
+       iv = ivlen ? emalloc(ivlen + 1) : NULL;
+ #endif
+       /* allocate one byte extra to make room for \0 */
+-      buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
++      buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
+ 
+-      if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys)
++      if (!EVP_SealInit(ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys)
+ #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
+-                      || !EVP_SealUpdate(&ctx, buf, &len1, data, data_len)
++                      || !EVP_SealUpdate(ctx, buf, &len1, data, data_len)
+ #endif
+               ) 
+       {
+               RETVAL_FALSE;
+               efree(buf);
++              EVP_CIPHER_CTX_free(ctx);
+               goto clean_exit;
+ 
+       }
+ 
+ #if OPENSSL_VERSION_NUMBER < 0x0090600fL
+-      EVP_SealUpdate(&ctx, buf, &len1, data, data_len);
++      EVP_SealUpdate(ctx, buf, &len1, data, data_len);
+ #endif
+-      EVP_SealFinal(&ctx, buf + len1, &len2);
++      EVP_SealFinal(ctx, buf + len1, &len2);
+ 
+       if (len1 + len2 > 0) {
+               zval_dtor(sealdata);
+@@ -2944,6 +2996,7 @@
+               efree(buf);
+ 
+       RETVAL_LONG(len1 + len2);
++      EVP_CIPHER_CTX_free(ctx);
+ 
+ clean_exit:
+       for (i=0; i<nkeys; i++) {
+@@ -2968,7 +3021,7 @@
+       int len1, len2;
+       unsigned char *buf;
+       long keyresource = -1;
+-      EVP_CIPHER_CTX ctx;
++      EVP_CIPHER_CTX *ctx;
+       char * data;    int data_len;
+       char * ekey;    int ekey_len;
+ 
+@@ -2983,15 +3036,16 @@
+       }
+       buf = emalloc(data_len + 1);
+ 
+-      if (EVP_OpenInit(&ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey)
++      ctx = EVP_CIPHER_CTX_new();
++      if (ctx != NULL && EVP_OpenInit(ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey)
+ #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
+-                      && EVP_OpenUpdate(&ctx, buf, &len1, data, data_len)
++                      && EVP_OpenUpdate(ctx, buf, &len1, data, data_len)
+ #endif
+               ) {
+ #if OPENSSL_VERSION_NUMBER < 0x0090600fL
+-              EVP_OpenUpdate(&ctx, buf, &len1, data, data_len);
++              EVP_OpenUpdate(ctx, buf, &len1, data, data_len);
+ #endif
+-              if (!EVP_OpenFinal(&ctx, buf + len1, &len2) ||
++              if (!EVP_OpenFinal(ctx, buf + len1, &len2) ||
+                               (len1 + len2 == 0)) {
+                       efree(buf);
+                       if (keyresource == -1)
+@@ -3011,6 +3065,7 @@
+       zval_dtor(opendata);
+       buf[len1 + len2] = '\0';
+       ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
++      EVP_CIPHER_CTX_free(ctx);
+       RETURN_TRUE;
+ }
+ /* }}} */
diff --git a/php4.spec b/php4.spec

index 22030e21737311da3023e892fe5183386e4e0a24..a7652324c629df08913fdc0a3e1853f88ce648fb 100644 (file)
--- a/php4.spec
+++ b/php4.spec
@@ -73,7 +73,7 @@
  %undefine      with_msession
  %endif
  
-%define                rel 58
+%define                rel 59
  Summary:       PHP: Hypertext Preprocessor
  Summary(fr.UTF-8):     Le langage de script embarque-HTML PHP
  Summary(pl.UTF-8):     Język skryptowy PHP
author	Arkadiusz Miśkiewicz <arekm@maven.pl>
	Fri, 14 Sep 2018 13:56:19 +0000 (15:56 +0200)
committer	Arkadiusz Miśkiewicz <arekm@maven.pl>
	Fri, 14 Sep 2018 13:56:19 +0000 (15:56 +0200)
php4-openssl.patch		patch \| blob \| blame \| history
php4.spec		patch \| blob \| blame \| history