]> git.pld-linux.org Git - packages/php.git/blame - openssl.patch
projects / packages / php.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- rel 23; disable ssl v2/3
[packages/php.git] / openssl.patch
CommitLineData
04b32545
AM		 1diff -ur php-5.4.45/ext/openssl.org/openssl.c php-5.4.45/ext/openssl/openssl.c
2--- php-5.4.45/ext/openssl.org/openssl.c 2018-09-28 11:24:04.034698463 +0200
3+++ php-5.4.45/ext/openssl/openssl.c 2018-09-28 11:40:22.438766155 +0200
4@@ -82,6 +82,12 @@
5 #define HAVE_EVP_PKEY_EC 1
6 #endif
7
8+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
9+#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0)
10+#else
11+#define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval()
12+#endif
13+
14 /* FIXME: Use the openssl constants instead of
15 * enum. It is now impossible to match real values
16 * against php constants. Also sorry to break the
17@@ -480,6 +486,14 @@
18 ZEND_GET_MODULE(openssl)
19 #endif
20
21+/* {{{ OpenSSL compatibility functions and macros */
22+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
23+#define EVP_PKEY_get0_RSA(_pkey) _pkey->pkey.rsa
24+#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh
25+#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa
26+#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec
27+#endif
28+
29 static int le_key;
30 static int le_x509;
31 static int le_csr;
32@@ -915,11 +929,6 @@
33
34 if (file == NULL) {
35 file = RAND_file_name(buffer, sizeof(buffer));
36- } else if (RAND_egd(file) > 0) {
37- /* if the given filename is an EGD socket, don't
38- * write anything back to it */
39- *egdsocket = 1;
40- return SUCCESS;
41 }
42 if (file == NULL || !RAND_load_file(file, -1)) {
43 if (RAND_status() == 0) {
44@@ -973,9 +982,11 @@
45 mdtype = (EVP_MD *) EVP_md2();
46 break;
47 #endif
48+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
49 case OPENSSL_ALGO_DSS1:
50 mdtype = (EVP_MD *) EVP_dss1();
51 break;
52+#endif
53 #if OPENSSL_VERSION_NUMBER >= 0x0090708fL
54 case OPENSSL_ALGO_SHA224:
55 mdtype = (EVP_MD *) EVP_sha224();
56@@ -1054,12 +1065,17 @@
57 le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number);
58 le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number);
59
60+#if OPENSSL_VERSION_NUMBER < 0x10100000L
61+ OPENSSL_config(NULL);
62 SSL_library_init();
63 OpenSSL_add_all_ciphers();
64 OpenSSL_add_all_digests();
65 OpenSSL_add_all_algorithms();
66
67 SSL_load_error_strings();
68+#else
69+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
70+#endif
71
72 /* register a resource id number with OpenSSL so that we can map SSL -> stream structures in
73 * OpenSSL callbacks */
74@@ -1422,6 +1438,7 @@
75 {
76 GENERAL_NAMES *names;
77 const X509V3_EXT_METHOD *method = NULL;
78+ ASN1_OCTET_STRING *extension_data;
79 long i, length, num;
80 const unsigned char *p;
81
82@@ -1430,8 +1447,9 @@
83 return -1;
84 }
85
86- p = extension->value->data;
87- length = extension->value->length;
88+ extension_data = X509_EXTENSION_get_data(extension);
89+ p = extension_data->data;
90+ length = extension_data->length;
91 if (method->it) {
92 names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
93 ASN1_ITEM_ptr(method->it)));
94@@ -1494,6 +1512,8 @@
95 char * tmpstr;
96 zval * subitem;
97 X509_EXTENSION *extension;
98+ X509_NAME *subject_name;
99+ char *cert_name;
100 char *extname;
101 BIO *bio_out;
102 BUF_MEM *bio_buf;
103@@ -1508,12 +1528,12 @@
104 }
105 array_init(return_value);
106
107- if (cert->name) {
108- add_assoc_string(return_value, "name", cert->name, 1);
109- }
110-/* add_assoc_bool(return_value, "valid", cert->valid); */
111+ subject_name = X509_get_subject_name(cert);
112+ cert_name = X509_NAME_oneline(subject_name, NULL, 0);
113+ add_assoc_string(return_value, "name", cert_name, 1);
114+ OPENSSL_free(cert_name);
115
116- add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC);
117+ add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC);
118 /* hash as used in CA directories to lookup cert by subject name */
119 {
120 char buf[32];
121@@ -2999,13 +3019,20 @@
122 {
123 assert(pkey != NULL);
124
125- switch (pkey->type) {
126+ switch (EVP_PKEY_id(pkey)) {
127 #ifndef NO_RSA
128 case EVP_PKEY_RSA:
129 case EVP_PKEY_RSA2:
130- assert(pkey->pkey.rsa != NULL);
131- if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)) {
132- return 0;
133+ {
134+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
135+ if (rsa != NULL) {
136+ const BIGNUM *p, *q;
137+
138+ RSA_get0_factors(rsa, &p, &q);
139+ if (p == NULL || q == NULL) {
140+ return 0;
141+ }
142+ }
143 }
144 break;
145 #endif
146@@ -3015,28 +3042,51 @@
147 case EVP_PKEY_DSA2:
148 case EVP_PKEY_DSA3:
149 case EVP_PKEY_DSA4:
150- assert(pkey->pkey.dsa != NULL);
151+ {
152+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
153+ if (dsa != NULL) {
154+ const BIGNUM *p, *q, *g, *pub_key, *priv_key;
155+
156+ DSA_get0_pqg(dsa, &p, &q, &g);
157+ if (p == NULL || q == NULL) {
158+ return 0;
159+ }
160
161- if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){
162- return 0;
163+ DSA_get0_key(dsa, &pub_key, &priv_key);
164+ if (priv_key == NULL) {
165+ return 0;
166+ }
167+ }
168 }
169 break;
170 #endif
171 #ifndef NO_DH
172 case EVP_PKEY_DH:
173- assert(pkey->pkey.dh != NULL);
174+ {
175+ DH *dh = EVP_PKEY_get0_DH(pkey);
176+ if (dh != NULL) {
177+ const BIGNUM *p, *q, *g, *pub_key, *priv_key;
178+
179+ DH_get0_pqg(dh, &p, &q, &g);
180+ if (p == NULL) {
181+ return 0;
182+ }
183
184- if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) {
185- return 0;
186+ DH_get0_key(dh, &pub_key, &priv_key);
187+ if (priv_key == NULL) {
188+ return 0;
189+ }
190+ }
191 }
192 break;
193 #endif
194 #ifdef HAVE_EVP_PKEY_EC
195 case EVP_PKEY_EC:
196- assert(pkey->pkey.ec != NULL);
197-
198- if ( NULL == EC_KEY_get0_private_key(pkey->pkey.ec)) {
199- return 0;
200+ {
201+ EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
202+ if (ec != NULL && NULL == EC_KEY_get0_private_key(ec)) {
203+ return 0;
204+ }
205 }
206 break;
207 #endif
208@@ -3048,26 +3098,166 @@
209 }
210 /* }}} */
211
212-#define OPENSSL_PKEY_GET_BN(_type, _name) do { \
213- if (pkey->pkey._type->_name != NULL) { \
214- int len = BN_num_bytes(pkey->pkey._type->_name); \
215- char *str = emalloc(len + 1); \
216- BN_bn2bin(pkey->pkey._type->_name, (unsigned char*)str); \
217- str[len] = 0; \
218- add_assoc_stringl(_type, #_name, str, len, 0); \
219- } \
220- } while (0)
221-
222-#define OPENSSL_PKEY_SET_BN(_ht, _type, _name) do { \
223- zval **bn; \
224- if (zend_hash_find(_ht, #_name, sizeof(#_name), (void**)&bn) == SUCCESS && \
225- Z_TYPE_PP(bn) == IS_STRING) { \
226- _type->_name = BN_bin2bn( \
227- (unsigned char*)Z_STRVAL_PP(bn), \
228- Z_STRLEN_PP(bn), NULL); \
229- } \
230- } while (0);
231+#define OPENSSL_GET_BN(_array, _bn, _name) do { \
232+ if (_bn != NULL) { \
233+ int len = BN_num_bytes(_bn); \
234+ char *str = emalloc(len + 1); \
235+ BN_bn2bin(_bn, (unsigned char*)str); \
236+ str[len] = 0; \
237+ add_assoc_stringl(&_array, #_name, str, len, 0); \
238+ } \
239+} while (0);
240+
241+#define OPENSSL_PKEY_GET_BN(_type, _name) OPENSSL_GET_BN(_type, _name, _name)
242+
243+#define OPENSSL_PKEY_SET_BN(_data, _name) do { \
244+ zval **bn; \
245+ if (zend_hash_find(Z_ARRVAL_PP(_data), #_name, sizeof(#_name), (void**)bn) == SUCCESS && \
246+ Z_TYPE_PP(bn) == IS_STRING) { \
247+ _name = BN_bin2bn( \
248+ (unsigned char*)Z_STRVAL_PP(bn), \
249+ (int)Z_STRLEN_PP(bn), NULL); \
250+ } else { \
251+ _name = NULL; \
252+ } \
253+} while (0);
254+
255+/* {{{ php_openssl_pkey_init_rsa */
256+zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa, zval **data)
257+{
258+ BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
259+
260+ OPENSSL_PKEY_SET_BN(data, n);
261+ OPENSSL_PKEY_SET_BN(data, e);
262+ OPENSSL_PKEY_SET_BN(data, d);
263+ if (!n || !d || !RSA_set0_key(rsa, n, e, d)) {
264+ return 0;
265+ }
266+
267+ OPENSSL_PKEY_SET_BN(data, p);
268+ OPENSSL_PKEY_SET_BN(data, q);
269+ if ((p || q) && !RSA_set0_factors(rsa, p, q)) {
270+ return 0;
271+ }
272+
273+ OPENSSL_PKEY_SET_BN(data, dmp1);
274+ OPENSSL_PKEY_SET_BN(data, dmq1);
275+ OPENSSL_PKEY_SET_BN(data, iqmp);
276+ if ((dmp1 || dmq1 || iqmp) && !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) {
277+ return 0;
278+ }
279
280+ if (!EVP_PKEY_assign_RSA(pkey, rsa)) {
281+ return 0;
282+ }
283+
284+ return 1;
285+}
286+
287+/* {{{ php_openssl_pkey_init_dsa */
288+zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval **data)
289+{
290+ BIGNUM *p, *q, *g, *priv_key, *pub_key;
291+ const BIGNUM *priv_key_const, *pub_key_const;
292+
293+ OPENSSL_PKEY_SET_BN(data, p);
294+ OPENSSL_PKEY_SET_BN(data, q);
295+ OPENSSL_PKEY_SET_BN(data, g);
296+ if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) {
297+ return 0;
298+ }
299+ OPENSSL_PKEY_SET_BN(data, pub_key);
300+ OPENSSL_PKEY_SET_BN(data, priv_key);
301+ if (pub_key) {
302+ return DSA_set0_key(dsa, pub_key, priv_key);
303+ }
304+
305+ /* generate key */
306+ PHP_OPENSSL_RAND_ADD_TIME();
307+ if (!DSA_generate_key(dsa)) {
308+ return 0;
309+ }
310+ /* if BN_mod_exp return -1, then DSA_generate_key succeed for failed key
311+ * so we need to double check that public key is created */
312+ DSA_get0_key(dsa, &pub_key_const, &priv_key_const);
313+ if (!pub_key_const || BN_is_zero(pub_key_const)) {
314+ return 0;
315+ }
316+ /* all good */
317+ return 1;
318+}
319+/* }}} */
320+
321+/* {{{ php_openssl_dh_pub_from_priv */
322+static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM *p)
323+{
324+ BIGNUM *pub_key, *priv_key_const_time;
325+ BN_CTX *ctx;
326+
327+ pub_key = BN_new();
328+ if (pub_key == NULL) {
329+ return NULL;
330+ }
331+
332+ priv_key_const_time = BN_new();
333+ if (priv_key_const_time == NULL) {
334+ BN_free(pub_key);
335+ return NULL;
336+ }
337+ ctx = BN_CTX_new();
338+ if (ctx == NULL) {
339+ BN_free(pub_key);
340+ BN_free(priv_key_const_time);
341+ return NULL;
342+ }
343+
344+ BN_with_flags(priv_key_const_time, priv_key, BN_FLG_CONSTTIME);
345+
346+ if (!BN_mod_exp_mont(pub_key, g, priv_key_const_time, p, ctx, NULL)) {
347+ BN_free(pub_key);
348+ pub_key = NULL;
349+ }
350+
351+ BN_free(priv_key_const_time);
352+ BN_CTX_free(ctx);
353+
354+ return pub_key;
355+}
356+/* }}} */
357+
358+/* {{{ php_openssl_pkey_init_dh */
359+zend_bool php_openssl_pkey_init_dh(DH *dh, zval **data)
360+{
361+ BIGNUM *p, *q, *g, *priv_key, *pub_key;
362+
363+ OPENSSL_PKEY_SET_BN(data, p);
364+ OPENSSL_PKEY_SET_BN(data, q);
365+ OPENSSL_PKEY_SET_BN(data, g);
366+ if (!p || !g || !DH_set0_pqg(dh, p, q, g)) {
367+ return 0;
368+ }
369+ OPENSSL_PKEY_SET_BN(data, priv_key);
370+ OPENSSL_PKEY_SET_BN(data, pub_key);
371+ if (pub_key) {
372+ return DH_set0_key(dh, pub_key, priv_key);
373+ }
374+ if (priv_key) {
375+ pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p);
376+ if (pub_key == NULL) {
377+ return 0;
378+ }
379+ return DH_set0_key(dh, pub_key, priv_key);
380+ }
381+
382+ /* generate key */
383+ PHP_OPENSSL_RAND_ADD_TIME();
384+ if (!DH_generate_key(dh)) {
385+ return 0;
386+ }
387+ /* all good */
388+ return 1;
389+}
390+/* }}} */
391
392 /* {{{ proto resource openssl_pkey_new([array configargs])
393 Generates a new private key */
394@@ -3091,18 +3281,8 @@
395 if (pkey) {
396 RSA *rsa = RSA_new();
397 if (rsa) {
398- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, n);
399- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, e);
400- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, d);
401- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, p);
402- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, q);
403- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1);
404- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1);
405- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp);
406- if (rsa->n && rsa->d) {
407- if (EVP_PKEY_assign_RSA(pkey, rsa)) {
408- RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
409- }
410+ if (php_openssl_pkey_init_and_assign_rsa(pkey, rsa, data)) {
411+ RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
412 }
413 RSA_free(rsa);
414 }
415@@ -3115,15 +3295,7 @@
416 if (pkey) {
417 DSA *dsa = DSA_new();
418 if (dsa) {
419- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, p);
420- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, q);
421- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g);
422- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key);
423- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key);
424- if (dsa->p && dsa->q && dsa->g) {
425- if (!dsa->priv_key && !dsa->pub_key) {
426- DSA_generate_key(dsa);
427- }
428+ if (php_openssl_pkey_init_dsa(dsa, data)) {
429 if (EVP_PKEY_assign_DSA(pkey, dsa)) {
430 RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
431 }
432@@ -3139,14 +3311,7 @@
433 if (pkey) {
434 DH *dh = DH_new();
435 if (dh) {
436- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, p);
437- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g);
438- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key);
439- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key);
440- if (dh->p && dh->g) {
441- if (!dh->pub_key) {
442- DH_generate_key(dh);
443- }
444+ if (php_openssl_pkey_init_dh(dh, data)) {
445 if (EVP_PKEY_assign_DH(pkey, dh)) {
446 RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
447 }
448@@ -3382,25 +3547,32 @@
449 /*TODO: Use the real values once the openssl constants are used
450 * See the enum at the top of this file
451 */
452- switch (EVP_PKEY_type(pkey->type)) {
453+ switch (EVP_PKEY_base_id(pkey)) {
454 case EVP_PKEY_RSA:
455 case EVP_PKEY_RSA2:
456- ktype = OPENSSL_KEYTYPE_RSA;
457-
458- if (pkey->pkey.rsa != NULL) {
459- zval *rsa;
460-
461- ALLOC_INIT_ZVAL(rsa);
462- array_init(rsa);
463- OPENSSL_PKEY_GET_BN(rsa, n);
464- OPENSSL_PKEY_GET_BN(rsa, e);
465- OPENSSL_PKEY_GET_BN(rsa, d);
466- OPENSSL_PKEY_GET_BN(rsa, p);
467- OPENSSL_PKEY_GET_BN(rsa, q);
468- OPENSSL_PKEY_GET_BN(rsa, dmp1);
469- OPENSSL_PKEY_GET_BN(rsa, dmq1);
470- OPENSSL_PKEY_GET_BN(rsa, iqmp);
471- add_assoc_zval(return_value, "rsa", rsa);
472+ {
473+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
474+ ktype = OPENSSL_KEYTYPE_RSA;
475+
476+ if (rsa != NULL) {
477+ zval z_rsa;
478+ const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
479+
480+ RSA_get0_key(rsa, &n, &e, &d);
481+ RSA_get0_factors(rsa, &p, &q);
482+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
483+
484+ array_init(&z_rsa);
485+ OPENSSL_PKEY_GET_BN(z_rsa, n);
486+ OPENSSL_PKEY_GET_BN(z_rsa, e);
487+ OPENSSL_PKEY_GET_BN(z_rsa, d);
488+ OPENSSL_PKEY_GET_BN(z_rsa, p);
489+ OPENSSL_PKEY_GET_BN(z_rsa, q);
490+ OPENSSL_PKEY_GET_BN(z_rsa, dmp1);
491+ OPENSSL_PKEY_GET_BN(z_rsa, dmq1);
492+ OPENSSL_PKEY_GET_BN(z_rsa, iqmp);
493+ add_assoc_zval(return_value, "rsa", &z_rsa);
494+ }
495 }
496
497 break;
498@@ -3408,37 +3580,47 @@
499 case EVP_PKEY_DSA2:
500 case EVP_PKEY_DSA3:
501 case EVP_PKEY_DSA4:
502- ktype = OPENSSL_KEYTYPE_DSA;
503-
504- if (pkey->pkey.dsa != NULL) {
505- zval *dsa;
506-
507- ALLOC_INIT_ZVAL(dsa);
508- array_init(dsa);
509- OPENSSL_PKEY_GET_BN(dsa, p);
510- OPENSSL_PKEY_GET_BN(dsa, q);
511- OPENSSL_PKEY_GET_BN(dsa, g);
512- OPENSSL_PKEY_GET_BN(dsa, priv_key);
513- OPENSSL_PKEY_GET_BN(dsa, pub_key);
514- add_assoc_zval(return_value, "dsa", dsa);
515+ {
516+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
517+ ktype = OPENSSL_KEYTYPE_DSA;
518+
519+ if (dsa != NULL) {
520+ zval z_dsa;
521+ const BIGNUM *p, *q, *g, *priv_key, *pub_key;
522+
523+ DSA_get0_pqg(dsa, &p, &q, &g);
524+ DSA_get0_key(dsa, &pub_key, &priv_key);
525+
526+ array_init(&z_dsa);
527+ OPENSSL_PKEY_GET_BN(z_dsa, p);
528+ OPENSSL_PKEY_GET_BN(z_dsa, q);
529+ OPENSSL_PKEY_GET_BN(z_dsa, g);
530+ OPENSSL_PKEY_GET_BN(z_dsa, priv_key);
531+ OPENSSL_PKEY_GET_BN(z_dsa, pub_key);
532+ add_assoc_zval(return_value, "dsa", &z_dsa);
533+ }
534 }
535 break;
536 case EVP_PKEY_DH:
537-
538- ktype = OPENSSL_KEYTYPE_DH;
539-
540- if (pkey->pkey.dh != NULL) {
541- zval *dh;
542-
543- ALLOC_INIT_ZVAL(dh);
544- array_init(dh);
545- OPENSSL_PKEY_GET_BN(dh, p);
546- OPENSSL_PKEY_GET_BN(dh, g);
547- OPENSSL_PKEY_GET_BN(dh, priv_key);
548- OPENSSL_PKEY_GET_BN(dh, pub_key);
549- add_assoc_zval(return_value, "dh", dh);
550+ {
551+ DH *dh = EVP_PKEY_get0_DH(pkey);
552+ ktype = OPENSSL_KEYTYPE_DH;
553+
554+ if (dh != NULL) {
555+ zval z_dh;
556+ const BIGNUM *p, *q, *g, *priv_key, *pub_key;
557+
558+ DH_get0_pqg(dh, &p, &q, &g);
559+ DH_get0_key(dh, &pub_key, &priv_key);
560+
561+ array_init(&z_dh);
562+ OPENSSL_PKEY_GET_BN(z_dh, p);
563+ OPENSSL_PKEY_GET_BN(z_dh, g);
564+ OPENSSL_PKEY_GET_BN(z_dh, priv_key);
565+ OPENSSL_PKEY_GET_BN(z_dh, pub_key);
566+ add_assoc_zval(return_value, "dh", &z_dh);
567+ }
568 }
569-
570 break;
571 #ifdef HAVE_EVP_PKEY_EC
572 case EVP_PKEY_EC:
573@@ -3915,13 +4097,13 @@
574 cryptedlen = EVP_PKEY_size(pkey);
575 cryptedbuf = emalloc(cryptedlen + 1);
576
577- switch (pkey->type) {
578+ switch (EVP_PKEY_id(pkey)) {
579 case EVP_PKEY_RSA:
580 case EVP_PKEY_RSA2:
581 successful = (RSA_private_encrypt(data_len,
582 (unsigned char *)data,
583 cryptedbuf,
584- pkey->pkey.rsa,
585+ EVP_PKEY_get0_RSA(pkey),
586 padding) == cryptedlen);
587 break;
588 default:
589@@ -3973,13 +4155,13 @@
590 cryptedlen = EVP_PKEY_size(pkey);
591 crypttemp = emalloc(cryptedlen + 1);
592
593- switch (pkey->type) {
594+ switch (EVP_PKEY_id(pkey)) {
595 case EVP_PKEY_RSA:
596 case EVP_PKEY_RSA2:
597 cryptedlen = RSA_private_decrypt(data_len,
598 (unsigned char *)data,
599 crypttemp,
600- pkey->pkey.rsa,
601+ EVP_PKEY_get0_RSA(pkey),
602 padding);
603 if (cryptedlen != -1) {
604 cryptedbuf = emalloc(cryptedlen + 1);
605@@ -4038,13 +4220,13 @@
606 cryptedlen = EVP_PKEY_size(pkey);
607 cryptedbuf = emalloc(cryptedlen + 1);
608
609- switch (pkey->type) {
610+ switch (EVP_PKEY_id(pkey)) {
611 case EVP_PKEY_RSA:
612 case EVP_PKEY_RSA2:
613 successful = (RSA_public_encrypt(data_len,
614 (unsigned char *)data,
615 cryptedbuf,
616- pkey->pkey.rsa,
617+ EVP_PKEY_get0_RSA(pkey),
618 padding) == cryptedlen);
619 break;
620 default:
621@@ -4097,13 +4279,13 @@
622 cryptedlen = EVP_PKEY_size(pkey);
623 crypttemp = emalloc(cryptedlen + 1);
624
625- switch (pkey->type) {
626+ switch (EVP_PKEY_id(pkey)) {
627 case EVP_PKEY_RSA:
628 case EVP_PKEY_RSA2:
629 cryptedlen = RSA_public_decrypt(data_len,
630 (unsigned char *)data,
631 crypttemp,
632- pkey->pkey.rsa,
633+ EVP_PKEY_get0_RSA(pkey),
634 padding);
635 if (cryptedlen != -1) {
636 cryptedbuf = emalloc(cryptedlen + 1);
637@@ -4167,7 +4349,7 @@
638 long keyresource = -1;
639 char * data;
640 int data_len;
641- EVP_MD_CTX md_ctx;
642+ EVP_MD_CTX *md_ctx;
643 zval *method = NULL;
644 long signature_algo = OPENSSL_ALGO_SHA1;
645 const EVP_MD *mdtype;
646@@ -4200,9 +4382,11 @@
647 siglen = EVP_PKEY_size(pkey);
648 sigbuf = emalloc(siglen + 1);
649
650- EVP_SignInit(&md_ctx, mdtype);
651- EVP_SignUpdate(&md_ctx, data, data_len);
652- if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) {
653+ md_ctx = EVP_MD_CTX_create();
654+ if (md_ctx != NULL &&
655+ EVP_SignInit(md_ctx, mdtype) &&
656+ EVP_SignUpdate(md_ctx, data, data_len) &&
657+ EVP_SignFinal(md_ctx, (unsigned char*)sigbuf, &siglen, pkey)) {
658 zval_dtor(signature);
659 sigbuf[siglen] = '\0';
660 ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0);
661@@ -4211,7 +4395,7 @@
662 efree(sigbuf);
663 RETVAL_FALSE;
664 }
665- EVP_MD_CTX_cleanup(&md_ctx);
666+ EVP_MD_CTX_destroy(md_ctx);
667 if (keyresource == -1) {
668 EVP_PKEY_free(pkey);
669 }
670@@ -4224,8 +4408,8 @@
671 {
672 zval **key;
673 EVP_PKEY *pkey;
674- int err;
675- EVP_MD_CTX md_ctx;
676+ int err = 0;
677+ EVP_MD_CTX *md_ctx;
678 const EVP_MD *mdtype;
679 long keyresource = -1;
680 char * data; int data_len;
681@@ -4259,10 +4443,13 @@
682 RETURN_FALSE;
683 }
684
685- EVP_VerifyInit (&md_ctx, mdtype);
686- EVP_VerifyUpdate (&md_ctx, data, data_len);
687- err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey);
688- EVP_MD_CTX_cleanup(&md_ctx);
689+ md_ctx = EVP_MD_CTX_create();
690+ if (md_ctx != NULL) {
691+ EVP_VerifyInit(md_ctx, mdtype);
692+ EVP_VerifyUpdate (md_ctx, data, data_len);
693+ err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey);
694+ }
695+ EVP_MD_CTX_destroy(md_ctx);
696
697 if (keyresource == -1) {
698 EVP_PKEY_free(pkey);
699@@ -4286,7 +4473,7 @@
700 char *method =NULL;
701 int method_len = 0;
702 const EVP_CIPHER *cipher;
703- EVP_CIPHER_CTX ctx;
704+ EVP_CIPHER_CTX *ctx;
705
706 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/|s", &data, &data_len, &sealdata, &ekeys, &pubkeys, &method, &method_len) == FAILURE) {
707 return;
708@@ -4333,9 +4520,10 @@
709 i++;
710 }
711
712- if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) {
713+ ctx = EVP_CIPHER_CTX_new();
714+ if (ctx == NULL || !EVP_EncryptInit(ctx,cipher,NULL,NULL)) {
715+ EVP_CIPHER_CTX_free(ctx);
716 RETVAL_FALSE;
717- EVP_CIPHER_CTX_cleanup(&ctx);
718 goto clean_exit;
719 }
720
721@@ -4345,17 +4533,17 @@
722 iv = ivlen ? emalloc(ivlen + 1) : NULL;
723 #endif
724 /* allocate one byte extra to make room for \0 */
725- buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
726- EVP_CIPHER_CTX_cleanup(&ctx);
727+ buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
728+ EVP_CIPHER_CTX_cleanup(ctx);
729
730- if (!EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
731+ if (!EVP_SealInit(ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) {
732 RETVAL_FALSE;
733 efree(buf);
734- EVP_CIPHER_CTX_cleanup(&ctx);
735+ EVP_CIPHER_CTX_free(ctx);
736 goto clean_exit;
737 }
738
739- EVP_SealFinal(&ctx, buf + len1, &len2);
740+ EVP_SealFinal(ctx, buf + len1, &len2);
741
742 if (len1 + len2 > 0) {
743 zval_dtor(sealdata);
744@@ -4384,7 +4572,7 @@
745 efree(buf);
746 }
747 RETVAL_LONG(len1 + len2);
748- EVP_CIPHER_CTX_cleanup(&ctx);
749+ EVP_CIPHER_CTX_free(ctx);
750
751 clean_exit:
752 for (i=0; i<nkeys; i++) {
753@@ -4411,7 +4599,7 @@
754 int len1, len2;
755 unsigned char *buf;
756 long keyresource = -1;
757- EVP_CIPHER_CTX ctx;
758+ EVP_CIPHER_CTX *ctx;
759 char * data; int data_len;
760 char * ekey; int ekey_len;
761 char *method =NULL;
762@@ -4440,24 +4628,23 @@
763
764 buf = emalloc(data_len + 1);
765
766- if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
767- if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) {
768- efree(buf);
769- RETVAL_FALSE;
770- } else {
771- zval_dtor(opendata);
772- buf[len1 + len2] = '\0';
773- ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
774- RETVAL_TRUE;
775- }
776+ ctx = EVP_CIPHER_CTX_new();
777+ if (ctx != NULL && EVP_OpenInit(ctx, cipher, (unsigned char *)ekey, (int)ekey_len, NULL, pkey) &&
778+ EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) &&
779+ EVP_OpenFinal(ctx, buf + len1, &len2) && (len1 + len2 > 0)) {
780+ zval_dtor(opendata);
781+ buf[len1 + len2] = '\0';
782+ ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
783+ RETVAL_TRUE;
784+
785 } else {
786- efree(buf);
787 RETVAL_FALSE;
788 }
789+ efree(buf);
790 if (keyresource == -1) {
791 EVP_PKEY_free(pkey);
792 }
793- EVP_CIPHER_CTX_cleanup(&ctx);
794+ EVP_CIPHER_CTX_free(ctx);
795 }
796 /* }}} */
797
798@@ -4765,7 +4952,7 @@
799 char *data, *method;
800 int data_len, method_len;
801 const EVP_MD *mdtype;
802- EVP_MD_CTX md_ctx;
803+ EVP_MD_CTX *md_ctx;
804 int siglen;
805 unsigned char *sigbuf;
806
807@@ -4781,9 +4968,10 @@
808 siglen = EVP_MD_size(mdtype);
809 sigbuf = emalloc(siglen + 1);
810
811- EVP_DigestInit(&md_ctx, mdtype);
812- EVP_DigestUpdate(&md_ctx, (unsigned char *)data, data_len);
813- if (EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) {
814+ md_ctx = EVP_MD_CTX_create();
815+ if (EVP_DigestInit(md_ctx, mdtype) &&
816+ EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len) &&
817+ EVP_DigestFinal (md_ctx, (unsigned char *)sigbuf, &siglen)) {
818 if (raw_output) {
819 sigbuf[siglen] = '\0';
820 RETVAL_STRINGL((char *)sigbuf, siglen, 0);
821@@ -4799,6 +4987,8 @@
822 efree(sigbuf);
823 RETVAL_FALSE;
824 }
825+
826+ EVP_MD_CTX_destroy(md_ctx);
827 }
828 /* }}} */
829
830@@ -4844,7 +5034,7 @@
831 char *data, *method, *password, *iv = "";
832 int data_len, method_len, password_len, iv_len = 0, max_iv_len;
833 const EVP_CIPHER *cipher_type;
834- EVP_CIPHER_CTX cipher_ctx;
835+ EVP_CIPHER_CTX *cipher_ctx;
836 int i=0, outlen, keylen;
837 unsigned char *outbuf, *key;
838 zend_bool free_iv;
839@@ -4858,6 +5048,12 @@
840 RETURN_FALSE;
841 }
842
843+ cipher_ctx = EVP_CIPHER_CTX_new();
844+ if (!cipher_ctx) {
845+ php_error_docref(NULL, E_WARNING, "Failed to create cipher context");
846+ RETURN_FALSE;
847+ }
848+
849 keylen = EVP_CIPHER_key_length(cipher_type);
850 if (keylen > password_len) {
851 key = emalloc(keylen);
852@@ -4876,19 +5072,19 @@
853 outlen = data_len + EVP_CIPHER_block_size(cipher_type);
854 outbuf = emalloc(outlen + 1);
855
856- EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL);
857+ EVP_EncryptInit(cipher_ctx, cipher_type, NULL, NULL);
858 if (password_len > keylen) {
859- EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
860+ EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len);
861 }
862- EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
863+ EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
864 if (options & OPENSSL_ZERO_PADDING) {
865- EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
866+ EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
867 }
868 if (data_len > 0) {
869- EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
870+ EVP_EncryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
871 }
872 outlen = i;
873- if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
874+ if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) {
875 outlen += i;
876 if (options & OPENSSL_RAW_DATA) {
877 outbuf[outlen] = '\0';
878@@ -4911,7 +5107,7 @@
879 if (free_iv) {
880 efree(iv);
881 }
882- EVP_CIPHER_CTX_cleanup(&cipher_ctx);
883+ EVP_CIPHER_CTX_free(cipher_ctx);
884 }
885 /* }}} */
886
887@@ -4923,7 +5119,7 @@
888 char *data, *method, *password, *iv = "";
889 int data_len, method_len, password_len, iv_len = 0;
890 const EVP_CIPHER *cipher_type;
891- EVP_CIPHER_CTX cipher_ctx;
892+ EVP_CIPHER_CTX *cipher_ctx;
893 int i, outlen, keylen;
894 unsigned char *outbuf, *key;
895 int base64_str_len;
896@@ -4945,10 +5141,17 @@
897 RETURN_FALSE;
898 }
899
900+ cipher_ctx = EVP_CIPHER_CTX_new();
901+ if (!cipher_ctx) {
902+ php_error_docref(NULL, E_WARNING, "Failed to create cipher context");
903+ RETURN_FALSE;
904+ }
905+
906 if (!(options & OPENSSL_RAW_DATA)) {
907 base64_str = (char*)php_base64_decode((unsigned char*)data, data_len, &base64_str_len);
908 if (!base64_str) {
909 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to base64 decode the input");
910+ EVP_CIPHER_CTX_free(cipher_ctx);
911 RETURN_FALSE;
912 }
913 data_len = base64_str_len;
914@@ -4969,17 +5172,17 @@
915 outlen = data_len + EVP_CIPHER_block_size(cipher_type);
916 outbuf = emalloc(outlen + 1);
917
918- EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL);
919+ EVP_DecryptInit(cipher_ctx, cipher_type, NULL, NULL);
920 if (password_len > keylen) {
921- EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
922+ EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len);
923 }
924- EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
925+ EVP_DecryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
926 if (options & OPENSSL_ZERO_PADDING) {
927- EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
928+ EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
929 }
930- EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
931+ EVP_DecryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
932 outlen = i;
933- if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
934+ if (EVP_DecryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) {
935 outlen += i;
936 outbuf[outlen] = '\0';
937 RETVAL_STRINGL((char *)outbuf, outlen, 0);
938@@ -4996,7 +5199,7 @@
939 if (base64_str) {
940 efree(base64_str);
941 }
942- EVP_CIPHER_CTX_cleanup(&cipher_ctx);
943+ EVP_CIPHER_CTX_free(cipher_ctx);
944 }
945 /* }}} */
946
947@@ -5034,6 +5237,7 @@
948 zval *key;
949 char *pub_str;
950 int pub_len;
951+ DH *dh;
952 EVP_PKEY *pkey;
953 BIGNUM *pub;
954 char *data;
955@@ -5043,14 +5247,18 @@
956 return;
957 }
958 ZEND_FETCH_RESOURCE(pkey, EVP_PKEY *, &key, -1, "OpenSSL key", le_key);
959- if (!pkey || EVP_PKEY_type(pkey->type) != EVP_PKEY_DH || !pkey->pkey.dh) {
960+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) {
961+ RETURN_FALSE;
962+ }
963+ dh = EVP_PKEY_get0_DH(pkey);
964+ if (dh == NULL) {
965 RETURN_FALSE;
966 }
967
968 pub = BN_bin2bn((unsigned char*)pub_str, pub_len, NULL);
969
970- data = emalloc(DH_size(pkey->pkey.dh) + 1);
971- len = DH_compute_key((unsigned char*)data, pub, pkey->pkey.dh);
972+ data = emalloc(DH_size(dh) + 1);
973+ len = DH_compute_key((unsigned char*)data, pub, dh);
974
975 if (len >= 0) {
976 data[len] = 0;
1f4804f9
AM		 977--- php-5.4.45/ext/openssl/xp_ssl.c~ 2015-09-01 22:09:37.000000000 +0200
978+++ php-5.4.45/ext/openssl/xp_ssl.c 2018-09-28 14:06:51.890385590 +0200
979@@ -339,8 +339,13 @@ static inline int php_openssl_setup_cryp
980 break;
981 #endif
982 case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
983+#ifdef OPENSSL_NO_SSL3
984+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
985+ return -1;
986+#else
987 sslsock->is_client = 1;
988 method = SSLv3_client_method();
989+#endif
990 break;
991 case STREAM_CRYPTO_METHOD_TLS_CLIENT:
992 sslsock->is_client = 1;
993@@ -351,8 +356,13 @@ static inline int php_openssl_setup_cryp
994 method = SSLv23_server_method();
995 break;
996 case STREAM_CRYPTO_METHOD_SSLv3_SERVER:
997+#ifdef OPENSSL_NO_SSL3
998+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
999+ return -1;
1000+#else
1001 sslsock->is_client = 0;
1002 method = SSLv3_server_method();
1003+#endif
1004 break;
1005 case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
1006 #ifdef OPENSSL_NO_SSL2
PHP: Hypertext Preprocessor
This page took 0.153845 seconds and 4 git commands to generate.