]>
Commit | Line | Data |
---|---|---|
04b32545 AM |
1 | diff -ur php-5.4.45/ext/openssl.org/openssl.c php-5.4.45/ext/openssl/openssl.c |
2 | --- php-5.4.45/ext/openssl.org/openssl.c 2018-09-28 11:24:04.034698463 +0200 | |
3 | +++ php-5.4.45/ext/openssl/openssl.c 2018-09-28 11:40:22.438766155 +0200 | |
4 | @@ -82,6 +82,12 @@ | |
5 | #define HAVE_EVP_PKEY_EC 1 | |
6 | #endif | |
7 | ||
8 | +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) | |
9 | +#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0) | |
10 | +#else | |
11 | +#define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval() | |
12 | +#endif | |
13 | + | |
14 | /* FIXME: Use the openssl constants instead of | |
15 | * enum. It is now impossible to match real values | |
16 | * against php constants. Also sorry to break the | |
17 | @@ -480,6 +486,14 @@ | |
18 | ZEND_GET_MODULE(openssl) | |
19 | #endif | |
20 | ||
21 | +/* {{{ OpenSSL compatibility functions and macros */ | |
22 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) | |
23 | +#define EVP_PKEY_get0_RSA(_pkey) _pkey->pkey.rsa | |
24 | +#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh | |
25 | +#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa | |
26 | +#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec | |
27 | +#endif | |
28 | + | |
29 | static int le_key; | |
30 | static int le_x509; | |
31 | static int le_csr; | |
32 | @@ -915,11 +929,6 @@ | |
33 | ||
34 | if (file == NULL) { | |
35 | file = RAND_file_name(buffer, sizeof(buffer)); | |
36 | - } else if (RAND_egd(file) > 0) { | |
37 | - /* if the given filename is an EGD socket, don't | |
38 | - * write anything back to it */ | |
39 | - *egdsocket = 1; | |
40 | - return SUCCESS; | |
41 | } | |
42 | if (file == NULL || !RAND_load_file(file, -1)) { | |
43 | if (RAND_status() == 0) { | |
44 | @@ -973,9 +982,11 @@ | |
45 | mdtype = (EVP_MD *) EVP_md2(); | |
46 | break; | |
47 | #endif | |
48 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) | |
49 | case OPENSSL_ALGO_DSS1: | |
50 | mdtype = (EVP_MD *) EVP_dss1(); | |
51 | break; | |
52 | +#endif | |
53 | #if OPENSSL_VERSION_NUMBER >= 0x0090708fL | |
54 | case OPENSSL_ALGO_SHA224: | |
55 | mdtype = (EVP_MD *) EVP_sha224(); | |
56 | @@ -1054,12 +1065,17 @@ | |
57 | le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number); | |
58 | le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number); | |
59 | ||
60 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | |
61 | + OPENSSL_config(NULL); | |
62 | SSL_library_init(); | |
63 | OpenSSL_add_all_ciphers(); | |
64 | OpenSSL_add_all_digests(); | |
65 | OpenSSL_add_all_algorithms(); | |
66 | ||
67 | SSL_load_error_strings(); | |
68 | +#else | |
69 | + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL); | |
70 | +#endif | |
71 | ||
72 | /* register a resource id number with OpenSSL so that we can map SSL -> stream structures in | |
73 | * OpenSSL callbacks */ | |
74 | @@ -1422,6 +1438,7 @@ | |
75 | { | |
76 | GENERAL_NAMES *names; | |
77 | const X509V3_EXT_METHOD *method = NULL; | |
78 | + ASN1_OCTET_STRING *extension_data; | |
79 | long i, length, num; | |
80 | const unsigned char *p; | |
81 | ||
82 | @@ -1430,8 +1447,9 @@ | |
83 | return -1; | |
84 | } | |
85 | ||
86 | - p = extension->value->data; | |
87 | - length = extension->value->length; | |
88 | + extension_data = X509_EXTENSION_get_data(extension); | |
89 | + p = extension_data->data; | |
90 | + length = extension_data->length; | |
91 | if (method->it) { | |
92 | names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, | |
93 | ASN1_ITEM_ptr(method->it))); | |
94 | @@ -1494,6 +1512,8 @@ | |
95 | char * tmpstr; | |
96 | zval * subitem; | |
97 | X509_EXTENSION *extension; | |
98 | + X509_NAME *subject_name; | |
99 | + char *cert_name; | |
100 | char *extname; | |
101 | BIO *bio_out; | |
102 | BUF_MEM *bio_buf; | |
103 | @@ -1508,12 +1528,12 @@ | |
104 | } | |
105 | array_init(return_value); | |
106 | ||
107 | - if (cert->name) { | |
108 | - add_assoc_string(return_value, "name", cert->name, 1); | |
109 | - } | |
110 | -/* add_assoc_bool(return_value, "valid", cert->valid); */ | |
111 | + subject_name = X509_get_subject_name(cert); | |
112 | + cert_name = X509_NAME_oneline(subject_name, NULL, 0); | |
113 | + add_assoc_string(return_value, "name", cert_name, 1); | |
114 | + OPENSSL_free(cert_name); | |
115 | ||
116 | - add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC); | |
117 | + add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC); | |
118 | /* hash as used in CA directories to lookup cert by subject name */ | |
119 | { | |
120 | char buf[32]; | |
121 | @@ -2999,13 +3019,20 @@ | |
122 | { | |
123 | assert(pkey != NULL); | |
124 | ||
125 | - switch (pkey->type) { | |
126 | + switch (EVP_PKEY_id(pkey)) { | |
127 | #ifndef NO_RSA | |
128 | case EVP_PKEY_RSA: | |
129 | case EVP_PKEY_RSA2: | |
130 | - assert(pkey->pkey.rsa != NULL); | |
131 | - if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)) { | |
132 | - return 0; | |
133 | + { | |
134 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
135 | + if (rsa != NULL) { | |
136 | + const BIGNUM *p, *q; | |
137 | + | |
138 | + RSA_get0_factors(rsa, &p, &q); | |
139 | + if (p == NULL || q == NULL) { | |
140 | + return 0; | |
141 | + } | |
142 | + } | |
143 | } | |
144 | break; | |
145 | #endif | |
146 | @@ -3015,28 +3042,51 @@ | |
147 | case EVP_PKEY_DSA2: | |
148 | case EVP_PKEY_DSA3: | |
149 | case EVP_PKEY_DSA4: | |
150 | - assert(pkey->pkey.dsa != NULL); | |
151 | + { | |
152 | + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
153 | + if (dsa != NULL) { | |
154 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
155 | + | |
156 | + DSA_get0_pqg(dsa, &p, &q, &g); | |
157 | + if (p == NULL || q == NULL) { | |
158 | + return 0; | |
159 | + } | |
160 | ||
161 | - if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){ | |
162 | - return 0; | |
163 | + DSA_get0_key(dsa, &pub_key, &priv_key); | |
164 | + if (priv_key == NULL) { | |
165 | + return 0; | |
166 | + } | |
167 | + } | |
168 | } | |
169 | break; | |
170 | #endif | |
171 | #ifndef NO_DH | |
172 | case EVP_PKEY_DH: | |
173 | - assert(pkey->pkey.dh != NULL); | |
174 | + { | |
175 | + DH *dh = EVP_PKEY_get0_DH(pkey); | |
176 | + if (dh != NULL) { | |
177 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
178 | + | |
179 | + DH_get0_pqg(dh, &p, &q, &g); | |
180 | + if (p == NULL) { | |
181 | + return 0; | |
182 | + } | |
183 | ||
184 | - if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) { | |
185 | - return 0; | |
186 | + DH_get0_key(dh, &pub_key, &priv_key); | |
187 | + if (priv_key == NULL) { | |
188 | + return 0; | |
189 | + } | |
190 | + } | |
191 | } | |
192 | break; | |
193 | #endif | |
194 | #ifdef HAVE_EVP_PKEY_EC | |
195 | case EVP_PKEY_EC: | |
196 | - assert(pkey->pkey.ec != NULL); | |
197 | - | |
198 | - if ( NULL == EC_KEY_get0_private_key(pkey->pkey.ec)) { | |
199 | - return 0; | |
200 | + { | |
201 | + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); | |
202 | + if (ec != NULL && NULL == EC_KEY_get0_private_key(ec)) { | |
203 | + return 0; | |
204 | + } | |
205 | } | |
206 | break; | |
207 | #endif | |
208 | @@ -3048,26 +3098,166 @@ | |
209 | } | |
210 | /* }}} */ | |
211 | ||
212 | -#define OPENSSL_PKEY_GET_BN(_type, _name) do { \ | |
213 | - if (pkey->pkey._type->_name != NULL) { \ | |
214 | - int len = BN_num_bytes(pkey->pkey._type->_name); \ | |
215 | - char *str = emalloc(len + 1); \ | |
216 | - BN_bn2bin(pkey->pkey._type->_name, (unsigned char*)str); \ | |
217 | - str[len] = 0; \ | |
218 | - add_assoc_stringl(_type, #_name, str, len, 0); \ | |
219 | - } \ | |
220 | - } while (0) | |
221 | - | |
222 | -#define OPENSSL_PKEY_SET_BN(_ht, _type, _name) do { \ | |
223 | - zval **bn; \ | |
224 | - if (zend_hash_find(_ht, #_name, sizeof(#_name), (void**)&bn) == SUCCESS && \ | |
225 | - Z_TYPE_PP(bn) == IS_STRING) { \ | |
226 | - _type->_name = BN_bin2bn( \ | |
227 | - (unsigned char*)Z_STRVAL_PP(bn), \ | |
228 | - Z_STRLEN_PP(bn), NULL); \ | |
229 | - } \ | |
230 | - } while (0); | |
231 | +#define OPENSSL_GET_BN(_array, _bn, _name) do { \ | |
232 | + if (_bn != NULL) { \ | |
233 | + int len = BN_num_bytes(_bn); \ | |
234 | + char *str = emalloc(len + 1); \ | |
235 | + BN_bn2bin(_bn, (unsigned char*)str); \ | |
236 | + str[len] = 0; \ | |
237 | + add_assoc_stringl(&_array, #_name, str, len, 0); \ | |
238 | + } \ | |
239 | +} while (0); | |
240 | + | |
241 | +#define OPENSSL_PKEY_GET_BN(_type, _name) OPENSSL_GET_BN(_type, _name, _name) | |
242 | + | |
243 | +#define OPENSSL_PKEY_SET_BN(_data, _name) do { \ | |
244 | + zval **bn; \ | |
245 | + if (zend_hash_find(Z_ARRVAL_PP(_data), #_name, sizeof(#_name), (void**)bn) == SUCCESS && \ | |
246 | + Z_TYPE_PP(bn) == IS_STRING) { \ | |
247 | + _name = BN_bin2bn( \ | |
248 | + (unsigned char*)Z_STRVAL_PP(bn), \ | |
249 | + (int)Z_STRLEN_PP(bn), NULL); \ | |
250 | + } else { \ | |
251 | + _name = NULL; \ | |
252 | + } \ | |
253 | +} while (0); | |
254 | + | |
255 | +/* {{{ php_openssl_pkey_init_rsa */ | |
256 | +zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa, zval **data) | |
257 | +{ | |
258 | + BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; | |
259 | + | |
260 | + OPENSSL_PKEY_SET_BN(data, n); | |
261 | + OPENSSL_PKEY_SET_BN(data, e); | |
262 | + OPENSSL_PKEY_SET_BN(data, d); | |
263 | + if (!n || !d || !RSA_set0_key(rsa, n, e, d)) { | |
264 | + return 0; | |
265 | + } | |
266 | + | |
267 | + OPENSSL_PKEY_SET_BN(data, p); | |
268 | + OPENSSL_PKEY_SET_BN(data, q); | |
269 | + if ((p || q) && !RSA_set0_factors(rsa, p, q)) { | |
270 | + return 0; | |
271 | + } | |
272 | + | |
273 | + OPENSSL_PKEY_SET_BN(data, dmp1); | |
274 | + OPENSSL_PKEY_SET_BN(data, dmq1); | |
275 | + OPENSSL_PKEY_SET_BN(data, iqmp); | |
276 | + if ((dmp1 || dmq1 || iqmp) && !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) { | |
277 | + return 0; | |
278 | + } | |
279 | ||
280 | + if (!EVP_PKEY_assign_RSA(pkey, rsa)) { | |
281 | + return 0; | |
282 | + } | |
283 | + | |
284 | + return 1; | |
285 | +} | |
286 | + | |
287 | +/* {{{ php_openssl_pkey_init_dsa */ | |
288 | +zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval **data) | |
289 | +{ | |
290 | + BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
291 | + const BIGNUM *priv_key_const, *pub_key_const; | |
292 | + | |
293 | + OPENSSL_PKEY_SET_BN(data, p); | |
294 | + OPENSSL_PKEY_SET_BN(data, q); | |
295 | + OPENSSL_PKEY_SET_BN(data, g); | |
296 | + if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) { | |
297 | + return 0; | |
298 | + } | |
299 | + OPENSSL_PKEY_SET_BN(data, pub_key); | |
300 | + OPENSSL_PKEY_SET_BN(data, priv_key); | |
301 | + if (pub_key) { | |
302 | + return DSA_set0_key(dsa, pub_key, priv_key); | |
303 | + } | |
304 | + | |
305 | + /* generate key */ | |
306 | + PHP_OPENSSL_RAND_ADD_TIME(); | |
307 | + if (!DSA_generate_key(dsa)) { | |
308 | + return 0; | |
309 | + } | |
310 | + /* if BN_mod_exp return -1, then DSA_generate_key succeed for failed key | |
311 | + * so we need to double check that public key is created */ | |
312 | + DSA_get0_key(dsa, &pub_key_const, &priv_key_const); | |
313 | + if (!pub_key_const || BN_is_zero(pub_key_const)) { | |
314 | + return 0; | |
315 | + } | |
316 | + /* all good */ | |
317 | + return 1; | |
318 | +} | |
319 | +/* }}} */ | |
320 | + | |
321 | +/* {{{ php_openssl_dh_pub_from_priv */ | |
322 | +static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM *p) | |
323 | +{ | |
324 | + BIGNUM *pub_key, *priv_key_const_time; | |
325 | + BN_CTX *ctx; | |
326 | + | |
327 | + pub_key = BN_new(); | |
328 | + if (pub_key == NULL) { | |
329 | + return NULL; | |
330 | + } | |
331 | + | |
332 | + priv_key_const_time = BN_new(); | |
333 | + if (priv_key_const_time == NULL) { | |
334 | + BN_free(pub_key); | |
335 | + return NULL; | |
336 | + } | |
337 | + ctx = BN_CTX_new(); | |
338 | + if (ctx == NULL) { | |
339 | + BN_free(pub_key); | |
340 | + BN_free(priv_key_const_time); | |
341 | + return NULL; | |
342 | + } | |
343 | + | |
344 | + BN_with_flags(priv_key_const_time, priv_key, BN_FLG_CONSTTIME); | |
345 | + | |
346 | + if (!BN_mod_exp_mont(pub_key, g, priv_key_const_time, p, ctx, NULL)) { | |
347 | + BN_free(pub_key); | |
348 | + pub_key = NULL; | |
349 | + } | |
350 | + | |
351 | + BN_free(priv_key_const_time); | |
352 | + BN_CTX_free(ctx); | |
353 | + | |
354 | + return pub_key; | |
355 | +} | |
356 | +/* }}} */ | |
357 | + | |
358 | +/* {{{ php_openssl_pkey_init_dh */ | |
359 | +zend_bool php_openssl_pkey_init_dh(DH *dh, zval **data) | |
360 | +{ | |
361 | + BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
362 | + | |
363 | + OPENSSL_PKEY_SET_BN(data, p); | |
364 | + OPENSSL_PKEY_SET_BN(data, q); | |
365 | + OPENSSL_PKEY_SET_BN(data, g); | |
366 | + if (!p || !g || !DH_set0_pqg(dh, p, q, g)) { | |
367 | + return 0; | |
368 | + } | |
369 | + OPENSSL_PKEY_SET_BN(data, priv_key); | |
370 | + OPENSSL_PKEY_SET_BN(data, pub_key); | |
371 | + if (pub_key) { | |
372 | + return DH_set0_key(dh, pub_key, priv_key); | |
373 | + } | |
374 | + if (priv_key) { | |
375 | + pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p); | |
376 | + if (pub_key == NULL) { | |
377 | + return 0; | |
378 | + } | |
379 | + return DH_set0_key(dh, pub_key, priv_key); | |
380 | + } | |
381 | + | |
382 | + /* generate key */ | |
383 | + PHP_OPENSSL_RAND_ADD_TIME(); | |
384 | + if (!DH_generate_key(dh)) { | |
385 | + return 0; | |
386 | + } | |
387 | + /* all good */ | |
388 | + return 1; | |
389 | +} | |
390 | +/* }}} */ | |
391 | ||
392 | /* {{{ proto resource openssl_pkey_new([array configargs]) | |
393 | Generates a new private key */ | |
394 | @@ -3091,18 +3281,8 @@ | |
395 | if (pkey) { | |
396 | RSA *rsa = RSA_new(); | |
397 | if (rsa) { | |
398 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, n); | |
399 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, e); | |
400 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, d); | |
401 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, p); | |
402 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, q); | |
403 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1); | |
404 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1); | |
405 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp); | |
406 | - if (rsa->n && rsa->d) { | |
407 | - if (EVP_PKEY_assign_RSA(pkey, rsa)) { | |
408 | - RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
409 | - } | |
410 | + if (php_openssl_pkey_init_and_assign_rsa(pkey, rsa, data)) { | |
411 | + RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
412 | } | |
413 | RSA_free(rsa); | |
414 | } | |
415 | @@ -3115,15 +3295,7 @@ | |
416 | if (pkey) { | |
417 | DSA *dsa = DSA_new(); | |
418 | if (dsa) { | |
419 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, p); | |
420 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, q); | |
421 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g); | |
422 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key); | |
423 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key); | |
424 | - if (dsa->p && dsa->q && dsa->g) { | |
425 | - if (!dsa->priv_key && !dsa->pub_key) { | |
426 | - DSA_generate_key(dsa); | |
427 | - } | |
428 | + if (php_openssl_pkey_init_dsa(dsa, data)) { | |
429 | if (EVP_PKEY_assign_DSA(pkey, dsa)) { | |
430 | RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
431 | } | |
432 | @@ -3139,14 +3311,7 @@ | |
433 | if (pkey) { | |
434 | DH *dh = DH_new(); | |
435 | if (dh) { | |
436 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, p); | |
437 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g); | |
438 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key); | |
439 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key); | |
440 | - if (dh->p && dh->g) { | |
441 | - if (!dh->pub_key) { | |
442 | - DH_generate_key(dh); | |
443 | - } | |
444 | + if (php_openssl_pkey_init_dh(dh, data)) { | |
445 | if (EVP_PKEY_assign_DH(pkey, dh)) { | |
446 | RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
447 | } | |
448 | @@ -3382,25 +3547,32 @@ | |
449 | /*TODO: Use the real values once the openssl constants are used | |
450 | * See the enum at the top of this file | |
451 | */ | |
452 | - switch (EVP_PKEY_type(pkey->type)) { | |
453 | + switch (EVP_PKEY_base_id(pkey)) { | |
454 | case EVP_PKEY_RSA: | |
455 | case EVP_PKEY_RSA2: | |
456 | - ktype = OPENSSL_KEYTYPE_RSA; | |
457 | - | |
458 | - if (pkey->pkey.rsa != NULL) { | |
459 | - zval *rsa; | |
460 | - | |
461 | - ALLOC_INIT_ZVAL(rsa); | |
462 | - array_init(rsa); | |
463 | - OPENSSL_PKEY_GET_BN(rsa, n); | |
464 | - OPENSSL_PKEY_GET_BN(rsa, e); | |
465 | - OPENSSL_PKEY_GET_BN(rsa, d); | |
466 | - OPENSSL_PKEY_GET_BN(rsa, p); | |
467 | - OPENSSL_PKEY_GET_BN(rsa, q); | |
468 | - OPENSSL_PKEY_GET_BN(rsa, dmp1); | |
469 | - OPENSSL_PKEY_GET_BN(rsa, dmq1); | |
470 | - OPENSSL_PKEY_GET_BN(rsa, iqmp); | |
471 | - add_assoc_zval(return_value, "rsa", rsa); | |
472 | + { | |
473 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
474 | + ktype = OPENSSL_KEYTYPE_RSA; | |
475 | + | |
476 | + if (rsa != NULL) { | |
477 | + zval z_rsa; | |
478 | + const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; | |
479 | + | |
480 | + RSA_get0_key(rsa, &n, &e, &d); | |
481 | + RSA_get0_factors(rsa, &p, &q); | |
482 | + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); | |
483 | + | |
484 | + array_init(&z_rsa); | |
485 | + OPENSSL_PKEY_GET_BN(z_rsa, n); | |
486 | + OPENSSL_PKEY_GET_BN(z_rsa, e); | |
487 | + OPENSSL_PKEY_GET_BN(z_rsa, d); | |
488 | + OPENSSL_PKEY_GET_BN(z_rsa, p); | |
489 | + OPENSSL_PKEY_GET_BN(z_rsa, q); | |
490 | + OPENSSL_PKEY_GET_BN(z_rsa, dmp1); | |
491 | + OPENSSL_PKEY_GET_BN(z_rsa, dmq1); | |
492 | + OPENSSL_PKEY_GET_BN(z_rsa, iqmp); | |
493 | + add_assoc_zval(return_value, "rsa", &z_rsa); | |
494 | + } | |
495 | } | |
496 | ||
497 | break; | |
498 | @@ -3408,37 +3580,47 @@ | |
499 | case EVP_PKEY_DSA2: | |
500 | case EVP_PKEY_DSA3: | |
501 | case EVP_PKEY_DSA4: | |
502 | - ktype = OPENSSL_KEYTYPE_DSA; | |
503 | - | |
504 | - if (pkey->pkey.dsa != NULL) { | |
505 | - zval *dsa; | |
506 | - | |
507 | - ALLOC_INIT_ZVAL(dsa); | |
508 | - array_init(dsa); | |
509 | - OPENSSL_PKEY_GET_BN(dsa, p); | |
510 | - OPENSSL_PKEY_GET_BN(dsa, q); | |
511 | - OPENSSL_PKEY_GET_BN(dsa, g); | |
512 | - OPENSSL_PKEY_GET_BN(dsa, priv_key); | |
513 | - OPENSSL_PKEY_GET_BN(dsa, pub_key); | |
514 | - add_assoc_zval(return_value, "dsa", dsa); | |
515 | + { | |
516 | + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
517 | + ktype = OPENSSL_KEYTYPE_DSA; | |
518 | + | |
519 | + if (dsa != NULL) { | |
520 | + zval z_dsa; | |
521 | + const BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
522 | + | |
523 | + DSA_get0_pqg(dsa, &p, &q, &g); | |
524 | + DSA_get0_key(dsa, &pub_key, &priv_key); | |
525 | + | |
526 | + array_init(&z_dsa); | |
527 | + OPENSSL_PKEY_GET_BN(z_dsa, p); | |
528 | + OPENSSL_PKEY_GET_BN(z_dsa, q); | |
529 | + OPENSSL_PKEY_GET_BN(z_dsa, g); | |
530 | + OPENSSL_PKEY_GET_BN(z_dsa, priv_key); | |
531 | + OPENSSL_PKEY_GET_BN(z_dsa, pub_key); | |
532 | + add_assoc_zval(return_value, "dsa", &z_dsa); | |
533 | + } | |
534 | } | |
535 | break; | |
536 | case EVP_PKEY_DH: | |
537 | - | |
538 | - ktype = OPENSSL_KEYTYPE_DH; | |
539 | - | |
540 | - if (pkey->pkey.dh != NULL) { | |
541 | - zval *dh; | |
542 | - | |
543 | - ALLOC_INIT_ZVAL(dh); | |
544 | - array_init(dh); | |
545 | - OPENSSL_PKEY_GET_BN(dh, p); | |
546 | - OPENSSL_PKEY_GET_BN(dh, g); | |
547 | - OPENSSL_PKEY_GET_BN(dh, priv_key); | |
548 | - OPENSSL_PKEY_GET_BN(dh, pub_key); | |
549 | - add_assoc_zval(return_value, "dh", dh); | |
550 | + { | |
551 | + DH *dh = EVP_PKEY_get0_DH(pkey); | |
552 | + ktype = OPENSSL_KEYTYPE_DH; | |
553 | + | |
554 | + if (dh != NULL) { | |
555 | + zval z_dh; | |
556 | + const BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
557 | + | |
558 | + DH_get0_pqg(dh, &p, &q, &g); | |
559 | + DH_get0_key(dh, &pub_key, &priv_key); | |
560 | + | |
561 | + array_init(&z_dh); | |
562 | + OPENSSL_PKEY_GET_BN(z_dh, p); | |
563 | + OPENSSL_PKEY_GET_BN(z_dh, g); | |
564 | + OPENSSL_PKEY_GET_BN(z_dh, priv_key); | |
565 | + OPENSSL_PKEY_GET_BN(z_dh, pub_key); | |
566 | + add_assoc_zval(return_value, "dh", &z_dh); | |
567 | + } | |
568 | } | |
569 | - | |
570 | break; | |
571 | #ifdef HAVE_EVP_PKEY_EC | |
572 | case EVP_PKEY_EC: | |
573 | @@ -3915,13 +4097,13 @@ | |
574 | cryptedlen = EVP_PKEY_size(pkey); | |
575 | cryptedbuf = emalloc(cryptedlen + 1); | |
576 | ||
577 | - switch (pkey->type) { | |
578 | + switch (EVP_PKEY_id(pkey)) { | |
579 | case EVP_PKEY_RSA: | |
580 | case EVP_PKEY_RSA2: | |
581 | successful = (RSA_private_encrypt(data_len, | |
582 | (unsigned char *)data, | |
583 | cryptedbuf, | |
584 | - pkey->pkey.rsa, | |
585 | + EVP_PKEY_get0_RSA(pkey), | |
586 | padding) == cryptedlen); | |
587 | break; | |
588 | default: | |
589 | @@ -3973,13 +4155,13 @@ | |
590 | cryptedlen = EVP_PKEY_size(pkey); | |
591 | crypttemp = emalloc(cryptedlen + 1); | |
592 | ||
593 | - switch (pkey->type) { | |
594 | + switch (EVP_PKEY_id(pkey)) { | |
595 | case EVP_PKEY_RSA: | |
596 | case EVP_PKEY_RSA2: | |
597 | cryptedlen = RSA_private_decrypt(data_len, | |
598 | (unsigned char *)data, | |
599 | crypttemp, | |
600 | - pkey->pkey.rsa, | |
601 | + EVP_PKEY_get0_RSA(pkey), | |
602 | padding); | |
603 | if (cryptedlen != -1) { | |
604 | cryptedbuf = emalloc(cryptedlen + 1); | |
605 | @@ -4038,13 +4220,13 @@ | |
606 | cryptedlen = EVP_PKEY_size(pkey); | |
607 | cryptedbuf = emalloc(cryptedlen + 1); | |
608 | ||
609 | - switch (pkey->type) { | |
610 | + switch (EVP_PKEY_id(pkey)) { | |
611 | case EVP_PKEY_RSA: | |
612 | case EVP_PKEY_RSA2: | |
613 | successful = (RSA_public_encrypt(data_len, | |
614 | (unsigned char *)data, | |
615 | cryptedbuf, | |
616 | - pkey->pkey.rsa, | |
617 | + EVP_PKEY_get0_RSA(pkey), | |
618 | padding) == cryptedlen); | |
619 | break; | |
620 | default: | |
621 | @@ -4097,13 +4279,13 @@ | |
622 | cryptedlen = EVP_PKEY_size(pkey); | |
623 | crypttemp = emalloc(cryptedlen + 1); | |
624 | ||
625 | - switch (pkey->type) { | |
626 | + switch (EVP_PKEY_id(pkey)) { | |
627 | case EVP_PKEY_RSA: | |
628 | case EVP_PKEY_RSA2: | |
629 | cryptedlen = RSA_public_decrypt(data_len, | |
630 | (unsigned char *)data, | |
631 | crypttemp, | |
632 | - pkey->pkey.rsa, | |
633 | + EVP_PKEY_get0_RSA(pkey), | |
634 | padding); | |
635 | if (cryptedlen != -1) { | |
636 | cryptedbuf = emalloc(cryptedlen + 1); | |
637 | @@ -4167,7 +4349,7 @@ | |
638 | long keyresource = -1; | |
639 | char * data; | |
640 | int data_len; | |
641 | - EVP_MD_CTX md_ctx; | |
642 | + EVP_MD_CTX *md_ctx; | |
643 | zval *method = NULL; | |
644 | long signature_algo = OPENSSL_ALGO_SHA1; | |
645 | const EVP_MD *mdtype; | |
646 | @@ -4200,9 +4382,11 @@ | |
647 | siglen = EVP_PKEY_size(pkey); | |
648 | sigbuf = emalloc(siglen + 1); | |
649 | ||
650 | - EVP_SignInit(&md_ctx, mdtype); | |
651 | - EVP_SignUpdate(&md_ctx, data, data_len); | |
652 | - if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) { | |
653 | + md_ctx = EVP_MD_CTX_create(); | |
654 | + if (md_ctx != NULL && | |
655 | + EVP_SignInit(md_ctx, mdtype) && | |
656 | + EVP_SignUpdate(md_ctx, data, data_len) && | |
657 | + EVP_SignFinal(md_ctx, (unsigned char*)sigbuf, &siglen, pkey)) { | |
658 | zval_dtor(signature); | |
659 | sigbuf[siglen] = '\0'; | |
660 | ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0); | |
661 | @@ -4211,7 +4395,7 @@ | |
662 | efree(sigbuf); | |
663 | RETVAL_FALSE; | |
664 | } | |
665 | - EVP_MD_CTX_cleanup(&md_ctx); | |
666 | + EVP_MD_CTX_destroy(md_ctx); | |
667 | if (keyresource == -1) { | |
668 | EVP_PKEY_free(pkey); | |
669 | } | |
670 | @@ -4224,8 +4408,8 @@ | |
671 | { | |
672 | zval **key; | |
673 | EVP_PKEY *pkey; | |
674 | - int err; | |
675 | - EVP_MD_CTX md_ctx; | |
676 | + int err = 0; | |
677 | + EVP_MD_CTX *md_ctx; | |
678 | const EVP_MD *mdtype; | |
679 | long keyresource = -1; | |
680 | char * data; int data_len; | |
681 | @@ -4259,10 +4443,13 @@ | |
682 | RETURN_FALSE; | |
683 | } | |
684 | ||
685 | - EVP_VerifyInit (&md_ctx, mdtype); | |
686 | - EVP_VerifyUpdate (&md_ctx, data, data_len); | |
687 | - err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey); | |
688 | - EVP_MD_CTX_cleanup(&md_ctx); | |
689 | + md_ctx = EVP_MD_CTX_create(); | |
690 | + if (md_ctx != NULL) { | |
691 | + EVP_VerifyInit(md_ctx, mdtype); | |
692 | + EVP_VerifyUpdate (md_ctx, data, data_len); | |
693 | + err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey); | |
694 | + } | |
695 | + EVP_MD_CTX_destroy(md_ctx); | |
696 | ||
697 | if (keyresource == -1) { | |
698 | EVP_PKEY_free(pkey); | |
699 | @@ -4286,7 +4473,7 @@ | |
700 | char *method =NULL; | |
701 | int method_len = 0; | |
702 | const EVP_CIPHER *cipher; | |
703 | - EVP_CIPHER_CTX ctx; | |
704 | + EVP_CIPHER_CTX *ctx; | |
705 | ||
706 | if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/|s", &data, &data_len, &sealdata, &ekeys, &pubkeys, &method, &method_len) == FAILURE) { | |
707 | return; | |
708 | @@ -4333,9 +4520,10 @@ | |
709 | i++; | |
710 | } | |
711 | ||
712 | - if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) { | |
713 | + ctx = EVP_CIPHER_CTX_new(); | |
714 | + if (ctx == NULL || !EVP_EncryptInit(ctx,cipher,NULL,NULL)) { | |
715 | + EVP_CIPHER_CTX_free(ctx); | |
716 | RETVAL_FALSE; | |
717 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
718 | goto clean_exit; | |
719 | } | |
720 | ||
721 | @@ -4345,17 +4533,17 @@ | |
722 | iv = ivlen ? emalloc(ivlen + 1) : NULL; | |
723 | #endif | |
724 | /* allocate one byte extra to make room for \0 */ | |
725 | - buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx)); | |
726 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
727 | + buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx)); | |
728 | + EVP_CIPHER_CTX_cleanup(ctx); | |
729 | ||
730 | - if (!EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
731 | + if (!EVP_SealInit(ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
732 | RETVAL_FALSE; | |
733 | efree(buf); | |
734 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
735 | + EVP_CIPHER_CTX_free(ctx); | |
736 | goto clean_exit; | |
737 | } | |
738 | ||
739 | - EVP_SealFinal(&ctx, buf + len1, &len2); | |
740 | + EVP_SealFinal(ctx, buf + len1, &len2); | |
741 | ||
742 | if (len1 + len2 > 0) { | |
743 | zval_dtor(sealdata); | |
744 | @@ -4384,7 +4572,7 @@ | |
745 | efree(buf); | |
746 | } | |
747 | RETVAL_LONG(len1 + len2); | |
748 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
749 | + EVP_CIPHER_CTX_free(ctx); | |
750 | ||
751 | clean_exit: | |
752 | for (i=0; i<nkeys; i++) { | |
753 | @@ -4411,7 +4599,7 @@ | |
754 | int len1, len2; | |
755 | unsigned char *buf; | |
756 | long keyresource = -1; | |
757 | - EVP_CIPHER_CTX ctx; | |
758 | + EVP_CIPHER_CTX *ctx; | |
759 | char * data; int data_len; | |
760 | char * ekey; int ekey_len; | |
761 | char *method =NULL; | |
762 | @@ -4440,24 +4628,23 @@ | |
763 | ||
764 | buf = emalloc(data_len + 1); | |
765 | ||
766 | - if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
767 | - if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) { | |
768 | - efree(buf); | |
769 | - RETVAL_FALSE; | |
770 | - } else { | |
771 | - zval_dtor(opendata); | |
772 | - buf[len1 + len2] = '\0'; | |
773 | - ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); | |
774 | - RETVAL_TRUE; | |
775 | - } | |
776 | + ctx = EVP_CIPHER_CTX_new(); | |
777 | + if (ctx != NULL && EVP_OpenInit(ctx, cipher, (unsigned char *)ekey, (int)ekey_len, NULL, pkey) && | |
778 | + EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) && | |
779 | + EVP_OpenFinal(ctx, buf + len1, &len2) && (len1 + len2 > 0)) { | |
780 | + zval_dtor(opendata); | |
781 | + buf[len1 + len2] = '\0'; | |
782 | + ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); | |
783 | + RETVAL_TRUE; | |
784 | + | |
785 | } else { | |
786 | - efree(buf); | |
787 | RETVAL_FALSE; | |
788 | } | |
789 | + efree(buf); | |
790 | if (keyresource == -1) { | |
791 | EVP_PKEY_free(pkey); | |
792 | } | |
793 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
794 | + EVP_CIPHER_CTX_free(ctx); | |
795 | } | |
796 | /* }}} */ | |
797 | ||
798 | @@ -4765,7 +4952,7 @@ | |
799 | char *data, *method; | |
800 | int data_len, method_len; | |
801 | const EVP_MD *mdtype; | |
802 | - EVP_MD_CTX md_ctx; | |
803 | + EVP_MD_CTX *md_ctx; | |
804 | int siglen; | |
805 | unsigned char *sigbuf; | |
806 | ||
807 | @@ -4781,9 +4968,10 @@ | |
808 | siglen = EVP_MD_size(mdtype); | |
809 | sigbuf = emalloc(siglen + 1); | |
810 | ||
811 | - EVP_DigestInit(&md_ctx, mdtype); | |
812 | - EVP_DigestUpdate(&md_ctx, (unsigned char *)data, data_len); | |
813 | - if (EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) { | |
814 | + md_ctx = EVP_MD_CTX_create(); | |
815 | + if (EVP_DigestInit(md_ctx, mdtype) && | |
816 | + EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len) && | |
817 | + EVP_DigestFinal (md_ctx, (unsigned char *)sigbuf, &siglen)) { | |
818 | if (raw_output) { | |
819 | sigbuf[siglen] = '\0'; | |
820 | RETVAL_STRINGL((char *)sigbuf, siglen, 0); | |
821 | @@ -4799,6 +4987,8 @@ | |
822 | efree(sigbuf); | |
823 | RETVAL_FALSE; | |
824 | } | |
825 | + | |
826 | + EVP_MD_CTX_destroy(md_ctx); | |
827 | } | |
828 | /* }}} */ | |
829 | ||
830 | @@ -4844,7 +5034,7 @@ | |
831 | char *data, *method, *password, *iv = ""; | |
832 | int data_len, method_len, password_len, iv_len = 0, max_iv_len; | |
833 | const EVP_CIPHER *cipher_type; | |
834 | - EVP_CIPHER_CTX cipher_ctx; | |
835 | + EVP_CIPHER_CTX *cipher_ctx; | |
836 | int i=0, outlen, keylen; | |
837 | unsigned char *outbuf, *key; | |
838 | zend_bool free_iv; | |
839 | @@ -4858,6 +5048,12 @@ | |
840 | RETURN_FALSE; | |
841 | } | |
842 | ||
843 | + cipher_ctx = EVP_CIPHER_CTX_new(); | |
844 | + if (!cipher_ctx) { | |
845 | + php_error_docref(NULL, E_WARNING, "Failed to create cipher context"); | |
846 | + RETURN_FALSE; | |
847 | + } | |
848 | + | |
849 | keylen = EVP_CIPHER_key_length(cipher_type); | |
850 | if (keylen > password_len) { | |
851 | key = emalloc(keylen); | |
852 | @@ -4876,19 +5072,19 @@ | |
853 | outlen = data_len + EVP_CIPHER_block_size(cipher_type); | |
854 | outbuf = emalloc(outlen + 1); | |
855 | ||
856 | - EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL); | |
857 | + EVP_EncryptInit(cipher_ctx, cipher_type, NULL, NULL); | |
858 | if (password_len > keylen) { | |
859 | - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); | |
860 | + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); | |
861 | } | |
862 | - EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
863 | + EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
864 | if (options & OPENSSL_ZERO_PADDING) { | |
865 | - EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); | |
866 | + EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); | |
867 | } | |
868 | if (data_len > 0) { | |
869 | - EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
870 | + EVP_EncryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
871 | } | |
872 | outlen = i; | |
873 | - if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
874 | + if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
875 | outlen += i; | |
876 | if (options & OPENSSL_RAW_DATA) { | |
877 | outbuf[outlen] = '\0'; | |
878 | @@ -4911,7 +5107,7 @@ | |
879 | if (free_iv) { | |
880 | efree(iv); | |
881 | } | |
882 | - EVP_CIPHER_CTX_cleanup(&cipher_ctx); | |
883 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
884 | } | |
885 | /* }}} */ | |
886 | ||
887 | @@ -4923,7 +5119,7 @@ | |
888 | char *data, *method, *password, *iv = ""; | |
889 | int data_len, method_len, password_len, iv_len = 0; | |
890 | const EVP_CIPHER *cipher_type; | |
891 | - EVP_CIPHER_CTX cipher_ctx; | |
892 | + EVP_CIPHER_CTX *cipher_ctx; | |
893 | int i, outlen, keylen; | |
894 | unsigned char *outbuf, *key; | |
895 | int base64_str_len; | |
896 | @@ -4945,10 +5141,17 @@ | |
897 | RETURN_FALSE; | |
898 | } | |
899 | ||
900 | + cipher_ctx = EVP_CIPHER_CTX_new(); | |
901 | + if (!cipher_ctx) { | |
902 | + php_error_docref(NULL, E_WARNING, "Failed to create cipher context"); | |
903 | + RETURN_FALSE; | |
904 | + } | |
905 | + | |
906 | if (!(options & OPENSSL_RAW_DATA)) { | |
907 | base64_str = (char*)php_base64_decode((unsigned char*)data, data_len, &base64_str_len); | |
908 | if (!base64_str) { | |
909 | php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to base64 decode the input"); | |
910 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
911 | RETURN_FALSE; | |
912 | } | |
913 | data_len = base64_str_len; | |
914 | @@ -4969,17 +5172,17 @@ | |
915 | outlen = data_len + EVP_CIPHER_block_size(cipher_type); | |
916 | outbuf = emalloc(outlen + 1); | |
917 | ||
918 | - EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL); | |
919 | + EVP_DecryptInit(cipher_ctx, cipher_type, NULL, NULL); | |
920 | if (password_len > keylen) { | |
921 | - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); | |
922 | + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); | |
923 | } | |
924 | - EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
925 | + EVP_DecryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
926 | if (options & OPENSSL_ZERO_PADDING) { | |
927 | - EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); | |
928 | + EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); | |
929 | } | |
930 | - EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
931 | + EVP_DecryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
932 | outlen = i; | |
933 | - if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
934 | + if (EVP_DecryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
935 | outlen += i; | |
936 | outbuf[outlen] = '\0'; | |
937 | RETVAL_STRINGL((char *)outbuf, outlen, 0); | |
938 | @@ -4996,7 +5199,7 @@ | |
939 | if (base64_str) { | |
940 | efree(base64_str); | |
941 | } | |
942 | - EVP_CIPHER_CTX_cleanup(&cipher_ctx); | |
943 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
944 | } | |
945 | /* }}} */ | |
946 | ||
947 | @@ -5034,6 +5237,7 @@ | |
948 | zval *key; | |
949 | char *pub_str; | |
950 | int pub_len; | |
951 | + DH *dh; | |
952 | EVP_PKEY *pkey; | |
953 | BIGNUM *pub; | |
954 | char *data; | |
955 | @@ -5043,14 +5247,18 @@ | |
956 | return; | |
957 | } | |
958 | ZEND_FETCH_RESOURCE(pkey, EVP_PKEY *, &key, -1, "OpenSSL key", le_key); | |
959 | - if (!pkey || EVP_PKEY_type(pkey->type) != EVP_PKEY_DH || !pkey->pkey.dh) { | |
960 | + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) { | |
961 | + RETURN_FALSE; | |
962 | + } | |
963 | + dh = EVP_PKEY_get0_DH(pkey); | |
964 | + if (dh == NULL) { | |
965 | RETURN_FALSE; | |
966 | } | |
967 | ||
968 | pub = BN_bin2bn((unsigned char*)pub_str, pub_len, NULL); | |
969 | ||
970 | - data = emalloc(DH_size(pkey->pkey.dh) + 1); | |
971 | - len = DH_compute_key((unsigned char*)data, pub, pkey->pkey.dh); | |
972 | + data = emalloc(DH_size(dh) + 1); | |
973 | + len = DH_compute_key((unsigned char*)data, pub, dh); | |
974 | ||
975 | if (len >= 0) { | |
976 | data[len] = 0; | |
1f4804f9 AM |
977 | --- php-5.4.45/ext/openssl/xp_ssl.c~ 2015-09-01 22:09:37.000000000 +0200 |
978 | +++ php-5.4.45/ext/openssl/xp_ssl.c 2018-09-28 14:06:51.890385590 +0200 | |
979 | @@ -339,8 +339,13 @@ static inline int php_openssl_setup_cryp | |
980 | break; | |
981 | #endif | |
982 | case STREAM_CRYPTO_METHOD_SSLv3_CLIENT: | |
983 | +#ifdef OPENSSL_NO_SSL3 | |
984 | + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against"); | |
985 | + return -1; | |
986 | +#else | |
987 | sslsock->is_client = 1; | |
988 | method = SSLv3_client_method(); | |
989 | +#endif | |
990 | break; | |
991 | case STREAM_CRYPTO_METHOD_TLS_CLIENT: | |
992 | sslsock->is_client = 1; | |
993 | @@ -351,8 +356,13 @@ static inline int php_openssl_setup_cryp | |
994 | method = SSLv23_server_method(); | |
995 | break; | |
996 | case STREAM_CRYPTO_METHOD_SSLv3_SERVER: | |
997 | +#ifdef OPENSSL_NO_SSL3 | |
998 | + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against"); | |
999 | + return -1; | |
1000 | +#else | |
1001 | sslsock->is_client = 0; | |
1002 | method = SSLv3_server_method(); | |
1003 | +#endif | |
1004 | break; | |
1005 | case STREAM_CRYPTO_METHOD_SSLv2_SERVER: | |
1006 | #ifdef OPENSSL_NO_SSL2 |