]>
Commit | Line | Data |
---|---|---|
ba5a9013 AM |
1 | diff -ur php-5.5.38.org/ext/openssl/openssl.c php-5.5.38/ext/openssl/openssl.c |
2 | --- php-5.5.38.org/ext/openssl/openssl.c 2018-09-25 14:34:57.903784149 +0200 | |
3 | +++ php-5.5.38/ext/openssl/openssl.c 2018-09-25 14:55:18.919902725 +0200 | |
4 | @@ -81,6 +81,12 @@ | |
5 | #define HAVE_EVP_PKEY_EC 1 | |
6 | #endif | |
7 | ||
8 | +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) | |
9 | +#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0) | |
10 | +#else | |
11 | +#define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval() | |
12 | +#endif | |
13 | + | |
14 | /* FIXME: Use the openssl constants instead of | |
15 | * enum. It is now impossible to match real values | |
16 | * against php constants. Also sorry to break the | |
17 | @@ -493,6 +499,14 @@ | |
18 | ZEND_GET_MODULE(openssl) | |
19 | #endif | |
20 | ||
21 | +/* {{{ OpenSSL compatibility functions and macros */ | |
22 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) | |
23 | +#define EVP_PKEY_get0_RSA(_pkey) _pkey->pkey.rsa | |
24 | +#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh | |
25 | +#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa | |
26 | +#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec | |
27 | +#endif | |
28 | + | |
29 | static int le_key; | |
30 | static int le_x509; | |
31 | static int le_csr; | |
32 | @@ -987,9 +1001,11 @@ | |
33 | mdtype = (EVP_MD *) EVP_md2(); | |
34 | break; | |
35 | #endif | |
36 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) | |
37 | case OPENSSL_ALGO_DSS1: | |
38 | mdtype = (EVP_MD *) EVP_dss1(); | |
39 | break; | |
40 | +#endif | |
41 | #if OPENSSL_VERSION_NUMBER >= 0x0090708fL | |
42 | case OPENSSL_ALGO_SHA224: | |
43 | mdtype = (EVP_MD *) EVP_sha224(); | |
44 | @@ -1436,6 +1452,7 @@ | |
45 | { | |
46 | GENERAL_NAMES *names; | |
47 | const X509V3_EXT_METHOD *method = NULL; | |
48 | + ASN1_OCTET_STRING *extension_data; | |
49 | long i, length, num; | |
50 | const unsigned char *p; | |
51 | ||
52 | @@ -1444,8 +1461,9 @@ | |
53 | return -1; | |
54 | } | |
55 | ||
56 | - p = extension->value->data; | |
57 | - length = extension->value->length; | |
58 | + extension_data = X509_EXTENSION_get_data(extension); | |
59 | + p = extension_data->data; | |
60 | + length = extension_data->length; | |
61 | if (method->it) { | |
62 | names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, | |
63 | ASN1_ITEM_ptr(method->it))); | |
64 | @@ -1508,6 +1526,8 @@ | |
65 | char * tmpstr; | |
66 | zval * subitem; | |
67 | X509_EXTENSION *extension; | |
68 | + X509_NAME *subject_name; | |
69 | + char *cert_name; | |
70 | char *extname; | |
71 | BIO *bio_out; | |
72 | BUF_MEM *bio_buf; | |
73 | @@ -1522,12 +1542,12 @@ | |
74 | } | |
75 | array_init(return_value); | |
76 | ||
77 | - if (cert->name) { | |
78 | - add_assoc_string(return_value, "name", cert->name, 1); | |
79 | - } | |
80 | -/* add_assoc_bool(return_value, "valid", cert->valid); */ | |
81 | + subject_name = X509_get_subject_name(cert); | |
82 | + cert_name = X509_NAME_oneline(subject_name, NULL, 0); | |
83 | + add_assoc_string(return_value, "name", cert_name, 1); | |
84 | + OPENSSL_free(cert_name); | |
85 | ||
86 | - add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC); | |
87 | + add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC); | |
88 | /* hash as used in CA directories to lookup cert by subject name */ | |
89 | { | |
90 | char buf[32]; | |
91 | @@ -1551,7 +1571,7 @@ | |
92 | add_assoc_string(return_value, "alias", tmpstr, 1); | |
93 | } | |
94 | ||
95 | - sig_nid = OBJ_obj2nid((cert)->sig_alg->algorithm); | |
96 | + sig_nid = X509_get_signature_nid(cert); | |
97 | add_assoc_string(return_value, "signatureTypeSN", (char*)OBJ_nid2sn(sig_nid), 1); | |
98 | add_assoc_string(return_value, "signatureTypeLN", (char*)OBJ_nid2ln(sig_nid), 1); | |
99 | add_assoc_long(return_value, "signatureTypeNID", sig_nid); | |
100 | @@ -3014,13 +3034,20 @@ | |
101 | { | |
102 | assert(pkey != NULL); | |
103 | ||
104 | - switch (pkey->type) { | |
105 | + switch (EVP_PKEY_id(pkey)) { | |
106 | #ifndef NO_RSA | |
107 | case EVP_PKEY_RSA: | |
108 | case EVP_PKEY_RSA2: | |
109 | - assert(pkey->pkey.rsa != NULL); | |
110 | - if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)) { | |
111 | - return 0; | |
112 | + { | |
113 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
114 | + if (rsa != NULL) { | |
115 | + const BIGNUM *p, *q; | |
116 | + | |
117 | + RSA_get0_factors(rsa, &p, &q); | |
118 | + if (p == NULL || q == NULL) { | |
119 | + return 0; | |
120 | + } | |
121 | + } | |
122 | } | |
123 | break; | |
124 | #endif | |
125 | @@ -3030,28 +3057,51 @@ | |
126 | case EVP_PKEY_DSA2: | |
127 | case EVP_PKEY_DSA3: | |
128 | case EVP_PKEY_DSA4: | |
129 | - assert(pkey->pkey.dsa != NULL); | |
130 | + { | |
131 | + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
132 | + if (dsa != NULL) { | |
133 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
134 | + | |
135 | + DSA_get0_pqg(dsa, &p, &q, &g); | |
136 | + if (p == NULL || q == NULL) { | |
137 | + return 0; | |
138 | + } | |
139 | ||
140 | - if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){ | |
141 | - return 0; | |
142 | + DSA_get0_key(dsa, &pub_key, &priv_key); | |
143 | + if (priv_key == NULL) { | |
144 | + return 0; | |
145 | + } | |
146 | + } | |
147 | } | |
148 | break; | |
149 | #endif | |
150 | #ifndef NO_DH | |
151 | case EVP_PKEY_DH: | |
152 | - assert(pkey->pkey.dh != NULL); | |
153 | + { | |
154 | + DH *dh = EVP_PKEY_get0_DH(pkey); | |
155 | + if (dh != NULL) { | |
156 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
157 | + | |
158 | + DH_get0_pqg(dh, &p, &q, &g); | |
159 | + if (p == NULL) { | |
160 | + return 0; | |
161 | + } | |
162 | ||
163 | - if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) { | |
164 | - return 0; | |
165 | + DH_get0_key(dh, &pub_key, &priv_key); | |
166 | + if (priv_key == NULL) { | |
167 | + return 0; | |
168 | + } | |
169 | + } | |
170 | } | |
171 | break; | |
172 | #endif | |
173 | #ifdef HAVE_EVP_PKEY_EC | |
174 | case EVP_PKEY_EC: | |
175 | - assert(pkey->pkey.ec != NULL); | |
176 | - | |
177 | - if ( NULL == EC_KEY_get0_private_key(pkey->pkey.ec)) { | |
178 | - return 0; | |
179 | + { | |
180 | + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); | |
181 | + if (ec != NULL && NULL == EC_KEY_get0_private_key(ec)) { | |
182 | + return 0; | |
183 | + } | |
184 | } | |
185 | break; | |
186 | #endif | |
187 | @@ -3063,26 +3113,166 @@ | |
188 | } | |
189 | /* }}} */ | |
190 | ||
191 | -#define OPENSSL_PKEY_GET_BN(_type, _name) do { \ | |
192 | - if (pkey->pkey._type->_name != NULL) { \ | |
193 | - int len = BN_num_bytes(pkey->pkey._type->_name); \ | |
194 | - char *str = emalloc(len + 1); \ | |
195 | - BN_bn2bin(pkey->pkey._type->_name, (unsigned char*)str); \ | |
196 | - str[len] = 0; \ | |
197 | - add_assoc_stringl(_type, #_name, str, len, 0); \ | |
198 | - } \ | |
199 | - } while (0) | |
200 | - | |
201 | -#define OPENSSL_PKEY_SET_BN(_ht, _type, _name) do { \ | |
202 | - zval **bn; \ | |
203 | - if (zend_hash_find(_ht, #_name, sizeof(#_name), (void**)&bn) == SUCCESS && \ | |
204 | - Z_TYPE_PP(bn) == IS_STRING) { \ | |
205 | - _type->_name = BN_bin2bn( \ | |
206 | - (unsigned char*)Z_STRVAL_PP(bn), \ | |
207 | - Z_STRLEN_PP(bn), NULL); \ | |
208 | - } \ | |
209 | - } while (0); | |
210 | +#define OPENSSL_GET_BN(_array, _bn, _name) do { \ | |
211 | + if (_bn != NULL) { \ | |
212 | + int len = BN_num_bytes(_bn); \ | |
213 | + char *str = emalloc(len + 1); \ | |
214 | + BN_bn2bin(_bn, (unsigned char*)str); \ | |
215 | + str[len] = 0; \ | |
216 | + add_assoc_stringl(&_array, #_name, str, len, 0); \ | |
217 | + } \ | |
218 | +} while (0); | |
219 | + | |
220 | +#define OPENSSL_PKEY_GET_BN(_type, _name) OPENSSL_GET_BN(_type, _name, _name) | |
221 | + | |
222 | +#define OPENSSL_PKEY_SET_BN(_data, _name) do { \ | |
223 | + zval **bn; \ | |
224 | + if (zend_hash_find(Z_ARRVAL_PP(_data), #_name, sizeof(#_name), (void**)bn) == SUCCESS && \ | |
225 | + Z_TYPE_PP(bn) == IS_STRING) { \ | |
226 | + _name = BN_bin2bn( \ | |
227 | + (unsigned char*)Z_STRVAL_PP(bn), \ | |
228 | + (int)Z_STRLEN_PP(bn), NULL); \ | |
229 | + } else { \ | |
230 | + _name = NULL; \ | |
231 | + } \ | |
232 | +} while (0); | |
233 | + | |
234 | +/* {{{ php_openssl_pkey_init_rsa */ | |
235 | +zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa, zval **data) | |
236 | +{ | |
237 | + BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; | |
238 | + | |
239 | + OPENSSL_PKEY_SET_BN(data, n); | |
240 | + OPENSSL_PKEY_SET_BN(data, e); | |
241 | + OPENSSL_PKEY_SET_BN(data, d); | |
242 | + if (!n || !d || !RSA_set0_key(rsa, n, e, d)) { | |
243 | + return 0; | |
244 | + } | |
245 | + | |
246 | + OPENSSL_PKEY_SET_BN(data, p); | |
247 | + OPENSSL_PKEY_SET_BN(data, q); | |
248 | + if ((p || q) && !RSA_set0_factors(rsa, p, q)) { | |
249 | + return 0; | |
250 | + } | |
251 | + | |
252 | + OPENSSL_PKEY_SET_BN(data, dmp1); | |
253 | + OPENSSL_PKEY_SET_BN(data, dmq1); | |
254 | + OPENSSL_PKEY_SET_BN(data, iqmp); | |
255 | + if ((dmp1 || dmq1 || iqmp) && !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) { | |
256 | + return 0; | |
257 | + } | |
258 | + | |
259 | + if (!EVP_PKEY_assign_RSA(pkey, rsa)) { | |
260 | + return 0; | |
261 | + } | |
262 | + | |
263 | + return 1; | |
264 | +} | |
265 | + | |
266 | +/* {{{ php_openssl_pkey_init_dsa */ | |
267 | +zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval **data) | |
268 | +{ | |
269 | + BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
270 | + const BIGNUM *priv_key_const, *pub_key_const; | |
271 | + | |
272 | + OPENSSL_PKEY_SET_BN(data, p); | |
273 | + OPENSSL_PKEY_SET_BN(data, q); | |
274 | + OPENSSL_PKEY_SET_BN(data, g); | |
275 | + if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) { | |
276 | + return 0; | |
277 | + } | |
278 | + OPENSSL_PKEY_SET_BN(data, pub_key); | |
279 | + OPENSSL_PKEY_SET_BN(data, priv_key); | |
280 | + if (pub_key) { | |
281 | + return DSA_set0_key(dsa, pub_key, priv_key); | |
282 | + } | |
283 | + | |
284 | + /* generate key */ | |
285 | + PHP_OPENSSL_RAND_ADD_TIME(); | |
286 | + if (!DSA_generate_key(dsa)) { | |
287 | + return 0; | |
288 | + } | |
289 | + /* if BN_mod_exp return -1, then DSA_generate_key succeed for failed key | |
290 | + * so we need to double check that public key is created */ | |
291 | + DSA_get0_key(dsa, &pub_key_const, &priv_key_const); | |
292 | + if (!pub_key_const || BN_is_zero(pub_key_const)) { | |
293 | + return 0; | |
294 | + } | |
295 | + /* all good */ | |
296 | + return 1; | |
297 | +} | |
298 | +/* }}} */ | |
299 | + | |
300 | +/* {{{ php_openssl_dh_pub_from_priv */ | |
301 | +static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM *p) | |
302 | +{ | |
303 | + BIGNUM *pub_key, *priv_key_const_time; | |
304 | + BN_CTX *ctx; | |
305 | + | |
306 | + pub_key = BN_new(); | |
307 | + if (pub_key == NULL) { | |
308 | + return NULL; | |
309 | + } | |
310 | + | |
311 | + priv_key_const_time = BN_new(); | |
312 | + if (priv_key_const_time == NULL) { | |
313 | + BN_free(pub_key); | |
314 | + return NULL; | |
315 | + } | |
316 | + ctx = BN_CTX_new(); | |
317 | + if (ctx == NULL) { | |
318 | + BN_free(pub_key); | |
319 | + BN_free(priv_key_const_time); | |
320 | + return NULL; | |
321 | + } | |
322 | + | |
323 | + BN_with_flags(priv_key_const_time, priv_key, BN_FLG_CONSTTIME); | |
324 | + | |
325 | + if (!BN_mod_exp_mont(pub_key, g, priv_key_const_time, p, ctx, NULL)) { | |
326 | + BN_free(pub_key); | |
327 | + pub_key = NULL; | |
328 | + } | |
329 | + | |
330 | + BN_free(priv_key_const_time); | |
331 | + BN_CTX_free(ctx); | |
332 | + | |
333 | + return pub_key; | |
334 | +} | |
335 | +/* }}} */ | |
336 | + | |
337 | +/* {{{ php_openssl_pkey_init_dh */ | |
338 | +zend_bool php_openssl_pkey_init_dh(DH *dh, zval **data) | |
339 | +{ | |
340 | + BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
341 | ||
342 | + OPENSSL_PKEY_SET_BN(data, p); | |
343 | + OPENSSL_PKEY_SET_BN(data, q); | |
344 | + OPENSSL_PKEY_SET_BN(data, g); | |
345 | + if (!p || !g || !DH_set0_pqg(dh, p, q, g)) { | |
346 | + return 0; | |
347 | + } | |
348 | + OPENSSL_PKEY_SET_BN(data, priv_key); | |
349 | + OPENSSL_PKEY_SET_BN(data, pub_key); | |
350 | + if (pub_key) { | |
351 | + return DH_set0_key(dh, pub_key, priv_key); | |
352 | + } | |
353 | + if (priv_key) { | |
354 | + pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p); | |
355 | + if (pub_key == NULL) { | |
356 | + return 0; | |
357 | + } | |
358 | + return DH_set0_key(dh, pub_key, priv_key); | |
359 | + } | |
360 | + | |
361 | + /* generate key */ | |
362 | + PHP_OPENSSL_RAND_ADD_TIME(); | |
363 | + if (!DH_generate_key(dh)) { | |
364 | + return 0; | |
365 | + } | |
366 | + /* all good */ | |
367 | + return 1; | |
368 | +} | |
369 | +/* }}} */ | |
370 | ||
371 | /* {{{ proto resource openssl_pkey_new([array configargs]) | |
372 | Generates a new private key */ | |
373 | @@ -3106,18 +3296,8 @@ | |
374 | if (pkey) { | |
375 | RSA *rsa = RSA_new(); | |
376 | if (rsa) { | |
377 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, n); | |
378 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, e); | |
379 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, d); | |
380 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, p); | |
381 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, q); | |
382 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1); | |
383 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1); | |
384 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp); | |
385 | - if (rsa->n && rsa->d) { | |
386 | - if (EVP_PKEY_assign_RSA(pkey, rsa)) { | |
387 | - RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
388 | - } | |
389 | + if (php_openssl_pkey_init_and_assign_rsa(pkey, rsa, data)) { | |
390 | + RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
391 | } | |
392 | RSA_free(rsa); | |
393 | } | |
394 | @@ -3130,15 +3310,7 @@ | |
395 | if (pkey) { | |
396 | DSA *dsa = DSA_new(); | |
397 | if (dsa) { | |
398 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, p); | |
399 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, q); | |
400 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g); | |
401 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key); | |
402 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key); | |
403 | - if (dsa->p && dsa->q && dsa->g) { | |
404 | - if (!dsa->priv_key && !dsa->pub_key) { | |
405 | - DSA_generate_key(dsa); | |
406 | - } | |
407 | + if (php_openssl_pkey_init_dsa(dsa, data)) { | |
408 | if (EVP_PKEY_assign_DSA(pkey, dsa)) { | |
409 | RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
410 | } | |
411 | @@ -3154,14 +3326,7 @@ | |
412 | if (pkey) { | |
413 | DH *dh = DH_new(); | |
414 | if (dh) { | |
415 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, p); | |
416 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g); | |
417 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key); | |
418 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key); | |
419 | - if (dh->p && dh->g) { | |
420 | - if (!dh->pub_key) { | |
421 | - DH_generate_key(dh); | |
422 | - } | |
423 | + if (php_openssl_pkey_init_dh(dh, data)) { | |
424 | if (EVP_PKEY_assign_DH(pkey, dh)) { | |
425 | RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
426 | } | |
427 | @@ -3397,25 +3562,32 @@ | |
428 | /*TODO: Use the real values once the openssl constants are used | |
429 | * See the enum at the top of this file | |
430 | */ | |
431 | - switch (EVP_PKEY_type(pkey->type)) { | |
432 | + switch (EVP_PKEY_base_id(pkey)) { | |
433 | case EVP_PKEY_RSA: | |
434 | case EVP_PKEY_RSA2: | |
435 | - ktype = OPENSSL_KEYTYPE_RSA; | |
436 | - | |
437 | - if (pkey->pkey.rsa != NULL) { | |
438 | - zval *rsa; | |
439 | - | |
440 | - ALLOC_INIT_ZVAL(rsa); | |
441 | - array_init(rsa); | |
442 | - OPENSSL_PKEY_GET_BN(rsa, n); | |
443 | - OPENSSL_PKEY_GET_BN(rsa, e); | |
444 | - OPENSSL_PKEY_GET_BN(rsa, d); | |
445 | - OPENSSL_PKEY_GET_BN(rsa, p); | |
446 | - OPENSSL_PKEY_GET_BN(rsa, q); | |
447 | - OPENSSL_PKEY_GET_BN(rsa, dmp1); | |
448 | - OPENSSL_PKEY_GET_BN(rsa, dmq1); | |
449 | - OPENSSL_PKEY_GET_BN(rsa, iqmp); | |
450 | - add_assoc_zval(return_value, "rsa", rsa); | |
451 | + { | |
452 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
453 | + ktype = OPENSSL_KEYTYPE_RSA; | |
454 | + | |
455 | + if (rsa != NULL) { | |
456 | + zval z_rsa; | |
457 | + const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; | |
458 | + | |
459 | + RSA_get0_key(rsa, &n, &e, &d); | |
460 | + RSA_get0_factors(rsa, &p, &q); | |
461 | + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); | |
462 | + | |
463 | + array_init(&z_rsa); | |
464 | + OPENSSL_PKEY_GET_BN(z_rsa, n); | |
465 | + OPENSSL_PKEY_GET_BN(z_rsa, e); | |
466 | + OPENSSL_PKEY_GET_BN(z_rsa, d); | |
467 | + OPENSSL_PKEY_GET_BN(z_rsa, p); | |
468 | + OPENSSL_PKEY_GET_BN(z_rsa, q); | |
469 | + OPENSSL_PKEY_GET_BN(z_rsa, dmp1); | |
470 | + OPENSSL_PKEY_GET_BN(z_rsa, dmq1); | |
471 | + OPENSSL_PKEY_GET_BN(z_rsa, iqmp); | |
472 | + add_assoc_zval(return_value, "rsa", &z_rsa); | |
473 | + } | |
474 | } | |
475 | ||
476 | break; | |
477 | @@ -3423,37 +3595,47 @@ | |
478 | case EVP_PKEY_DSA2: | |
479 | case EVP_PKEY_DSA3: | |
480 | case EVP_PKEY_DSA4: | |
481 | - ktype = OPENSSL_KEYTYPE_DSA; | |
482 | - | |
483 | - if (pkey->pkey.dsa != NULL) { | |
484 | - zval *dsa; | |
485 | - | |
486 | - ALLOC_INIT_ZVAL(dsa); | |
487 | - array_init(dsa); | |
488 | - OPENSSL_PKEY_GET_BN(dsa, p); | |
489 | - OPENSSL_PKEY_GET_BN(dsa, q); | |
490 | - OPENSSL_PKEY_GET_BN(dsa, g); | |
491 | - OPENSSL_PKEY_GET_BN(dsa, priv_key); | |
492 | - OPENSSL_PKEY_GET_BN(dsa, pub_key); | |
493 | - add_assoc_zval(return_value, "dsa", dsa); | |
494 | + { | |
495 | + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
496 | + ktype = OPENSSL_KEYTYPE_DSA; | |
497 | + | |
498 | + if (dsa != NULL) { | |
499 | + zval z_dsa; | |
500 | + const BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
501 | + | |
502 | + DSA_get0_pqg(dsa, &p, &q, &g); | |
503 | + DSA_get0_key(dsa, &pub_key, &priv_key); | |
504 | + | |
505 | + array_init(&z_dsa); | |
506 | + OPENSSL_PKEY_GET_BN(z_dsa, p); | |
507 | + OPENSSL_PKEY_GET_BN(z_dsa, q); | |
508 | + OPENSSL_PKEY_GET_BN(z_dsa, g); | |
509 | + OPENSSL_PKEY_GET_BN(z_dsa, priv_key); | |
510 | + OPENSSL_PKEY_GET_BN(z_dsa, pub_key); | |
511 | + add_assoc_zval(return_value, "dsa", &z_dsa); | |
512 | + } | |
513 | } | |
514 | break; | |
515 | case EVP_PKEY_DH: | |
516 | - | |
517 | - ktype = OPENSSL_KEYTYPE_DH; | |
518 | - | |
519 | - if (pkey->pkey.dh != NULL) { | |
520 | - zval *dh; | |
521 | - | |
522 | - ALLOC_INIT_ZVAL(dh); | |
523 | - array_init(dh); | |
524 | - OPENSSL_PKEY_GET_BN(dh, p); | |
525 | - OPENSSL_PKEY_GET_BN(dh, g); | |
526 | - OPENSSL_PKEY_GET_BN(dh, priv_key); | |
527 | - OPENSSL_PKEY_GET_BN(dh, pub_key); | |
528 | - add_assoc_zval(return_value, "dh", dh); | |
529 | + { | |
530 | + DH *dh = EVP_PKEY_get0_DH(pkey); | |
531 | + ktype = OPENSSL_KEYTYPE_DH; | |
532 | + | |
533 | + if (dh != NULL) { | |
534 | + zval z_dh; | |
535 | + const BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
536 | + | |
537 | + DH_get0_pqg(dh, &p, &q, &g); | |
538 | + DH_get0_key(dh, &pub_key, &priv_key); | |
539 | + | |
540 | + array_init(&z_dh); | |
541 | + OPENSSL_PKEY_GET_BN(z_dh, p); | |
542 | + OPENSSL_PKEY_GET_BN(z_dh, g); | |
543 | + OPENSSL_PKEY_GET_BN(z_dh, priv_key); | |
544 | + OPENSSL_PKEY_GET_BN(z_dh, pub_key); | |
545 | + add_assoc_zval(return_value, "dh", &z_dh); | |
546 | + } | |
547 | } | |
548 | - | |
549 | break; | |
550 | #ifdef HAVE_EVP_PKEY_EC | |
551 | case EVP_PKEY_EC: | |
552 | @@ -3981,13 +4163,13 @@ | |
553 | cryptedlen = EVP_PKEY_size(pkey); | |
554 | cryptedbuf = emalloc(cryptedlen + 1); | |
555 | ||
556 | - switch (pkey->type) { | |
557 | + switch (EVP_PKEY_id(pkey)) { | |
558 | case EVP_PKEY_RSA: | |
559 | case EVP_PKEY_RSA2: | |
560 | successful = (RSA_private_encrypt(data_len, | |
561 | (unsigned char *)data, | |
562 | cryptedbuf, | |
563 | - pkey->pkey.rsa, | |
564 | + EVP_PKEY_get0_RSA(pkey), | |
565 | padding) == cryptedlen); | |
566 | break; | |
567 | default: | |
568 | @@ -4039,13 +4221,13 @@ | |
569 | cryptedlen = EVP_PKEY_size(pkey); | |
570 | crypttemp = emalloc(cryptedlen + 1); | |
571 | ||
572 | - switch (pkey->type) { | |
573 | + switch (EVP_PKEY_id(pkey)) { | |
574 | case EVP_PKEY_RSA: | |
575 | case EVP_PKEY_RSA2: | |
576 | cryptedlen = RSA_private_decrypt(data_len, | |
577 | (unsigned char *)data, | |
578 | crypttemp, | |
579 | - pkey->pkey.rsa, | |
580 | + EVP_PKEY_get0_RSA(pkey), | |
581 | padding); | |
582 | if (cryptedlen != -1) { | |
583 | cryptedbuf = emalloc(cryptedlen + 1); | |
584 | @@ -4104,13 +4286,13 @@ | |
585 | cryptedlen = EVP_PKEY_size(pkey); | |
586 | cryptedbuf = emalloc(cryptedlen + 1); | |
587 | ||
588 | - switch (pkey->type) { | |
589 | + switch (EVP_PKEY_id(pkey)) { | |
590 | case EVP_PKEY_RSA: | |
591 | case EVP_PKEY_RSA2: | |
592 | successful = (RSA_public_encrypt(data_len, | |
593 | (unsigned char *)data, | |
594 | - cryptedbuf, | |
595 | - pkey->pkey.rsa, | |
596 | + cryptedbuf, | |
597 | + EVP_PKEY_get0_RSA(pkey), | |
598 | padding) == cryptedlen); | |
599 | break; | |
600 | default: | |
601 | @@ -4163,13 +4345,13 @@ | |
602 | cryptedlen = EVP_PKEY_size(pkey); | |
603 | crypttemp = emalloc(cryptedlen + 1); | |
604 | ||
605 | - switch (pkey->type) { | |
606 | + switch (EVP_PKEY_id(pkey)) { | |
607 | case EVP_PKEY_RSA: | |
608 | case EVP_PKEY_RSA2: | |
609 | cryptedlen = RSA_public_decrypt(data_len, | |
610 | (unsigned char *)data, | |
611 | - crypttemp, | |
612 | - pkey->pkey.rsa, | |
613 | + crypttemp, | |
614 | + EVP_PKEY_get0_RSA(pkey), | |
615 | padding); | |
616 | if (cryptedlen != -1) { | |
617 | cryptedbuf = emalloc(cryptedlen + 1); | |
618 | @@ -4233,7 +4415,7 @@ | |
619 | long keyresource = -1; | |
620 | char * data; | |
621 | int data_len; | |
622 | - EVP_MD_CTX md_ctx; | |
623 | + EVP_MD_CTX *md_ctx; | |
624 | zval *method = NULL; | |
625 | long signature_algo = OPENSSL_ALGO_SHA1; | |
626 | const EVP_MD *mdtype; | |
627 | @@ -4266,9 +4448,11 @@ | |
628 | siglen = EVP_PKEY_size(pkey); | |
629 | sigbuf = emalloc(siglen + 1); | |
630 | ||
631 | - EVP_SignInit(&md_ctx, mdtype); | |
632 | - EVP_SignUpdate(&md_ctx, data, data_len); | |
633 | - if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) { | |
634 | + md_ctx = EVP_MD_CTX_create(); | |
635 | + if (md_ctx != NULL && | |
636 | + EVP_SignInit(md_ctx, mdtype) && | |
637 | + EVP_SignUpdate(md_ctx, data, data_len) && | |
638 | + EVP_SignFinal(md_ctx, (unsigned char*)sigbuf, &siglen, pkey)) { | |
639 | zval_dtor(signature); | |
640 | sigbuf[siglen] = '\0'; | |
641 | ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0); | |
642 | @@ -4277,7 +4461,7 @@ | |
643 | efree(sigbuf); | |
644 | RETVAL_FALSE; | |
645 | } | |
646 | - EVP_MD_CTX_cleanup(&md_ctx); | |
647 | + EVP_MD_CTX_destroy(md_ctx); | |
648 | if (keyresource == -1) { | |
649 | EVP_PKEY_free(pkey); | |
650 | } | |
651 | @@ -4290,8 +4474,8 @@ | |
652 | { | |
653 | zval **key; | |
654 | EVP_PKEY *pkey; | |
655 | - int err; | |
656 | - EVP_MD_CTX md_ctx; | |
657 | + int err = 0; | |
658 | + EVP_MD_CTX *md_ctx; | |
659 | const EVP_MD *mdtype; | |
660 | long keyresource = -1; | |
661 | char * data; int data_len; | |
662 | @@ -4325,10 +4509,13 @@ | |
663 | RETURN_FALSE; | |
664 | } | |
665 | ||
666 | - EVP_VerifyInit (&md_ctx, mdtype); | |
667 | - EVP_VerifyUpdate (&md_ctx, data, data_len); | |
668 | - err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey); | |
669 | - EVP_MD_CTX_cleanup(&md_ctx); | |
670 | + md_ctx = EVP_MD_CTX_create(); | |
671 | + if (md_ctx != NULL) { | |
672 | + EVP_VerifyInit(md_ctx, mdtype); | |
673 | + EVP_VerifyUpdate (md_ctx, data, data_len); | |
674 | + err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey); | |
675 | + } | |
676 | + EVP_MD_CTX_destroy(md_ctx); | |
677 | ||
678 | if (keyresource == -1) { | |
679 | EVP_PKEY_free(pkey); | |
680 | @@ -4352,7 +4539,7 @@ | |
681 | char *method =NULL; | |
682 | int method_len = 0; | |
683 | const EVP_CIPHER *cipher; | |
684 | - EVP_CIPHER_CTX ctx; | |
685 | + EVP_CIPHER_CTX *ctx; | |
686 | ||
687 | if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/|s", &data, &data_len, &sealdata, &ekeys, &pubkeys, &method, &method_len) == FAILURE) { | |
688 | return; | |
689 | @@ -4399,9 +4586,10 @@ | |
690 | i++; | |
691 | } | |
692 | ||
693 | - if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) { | |
694 | + ctx = EVP_CIPHER_CTX_new(); | |
695 | + if (ctx == NULL || !EVP_EncryptInit(ctx,cipher,NULL,NULL)) { | |
696 | + EVP_CIPHER_CTX_free(ctx); | |
697 | RETVAL_FALSE; | |
698 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
699 | goto clean_exit; | |
700 | } | |
701 | ||
702 | @@ -4411,17 +4599,17 @@ | |
703 | iv = ivlen ? emalloc(ivlen + 1) : NULL; | |
704 | #endif | |
705 | /* allocate one byte extra to make room for \0 */ | |
706 | - buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx)); | |
707 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
708 | + buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx)); | |
709 | + EVP_CIPHER_CTX_cleanup(ctx); | |
710 | ||
711 | - if (!EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
712 | + if (!EVP_SealInit(ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
713 | RETVAL_FALSE; | |
714 | efree(buf); | |
715 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
716 | + EVP_CIPHER_CTX_free(ctx); | |
717 | goto clean_exit; | |
718 | } | |
719 | ||
720 | - EVP_SealFinal(&ctx, buf + len1, &len2); | |
721 | + EVP_SealFinal(ctx, buf + len1, &len2); | |
722 | ||
723 | if (len1 + len2 > 0) { | |
724 | zval_dtor(sealdata); | |
725 | @@ -4450,7 +4638,7 @@ | |
726 | efree(buf); | |
727 | } | |
728 | RETVAL_LONG(len1 + len2); | |
729 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
730 | + EVP_CIPHER_CTX_free(ctx); | |
731 | ||
732 | clean_exit: | |
733 | for (i=0; i<nkeys; i++) { | |
734 | @@ -4477,7 +4665,7 @@ | |
735 | int len1, len2; | |
736 | unsigned char *buf; | |
737 | long keyresource = -1; | |
738 | - EVP_CIPHER_CTX ctx; | |
739 | + EVP_CIPHER_CTX *ctx; | |
740 | char * data; int data_len; | |
741 | char * ekey; int ekey_len; | |
742 | char *method =NULL; | |
743 | @@ -4503,27 +4691,26 @@ | |
744 | } else { | |
745 | cipher = EVP_rc4(); | |
746 | } | |
747 | - | |
748 | + | |
749 | buf = emalloc(data_len + 1); | |
750 | ||
751 | - if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
752 | - if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) { | |
753 | - efree(buf); | |
754 | - RETVAL_FALSE; | |
755 | - } else { | |
756 | - zval_dtor(opendata); | |
757 | - buf[len1 + len2] = '\0'; | |
758 | - ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); | |
759 | - RETVAL_TRUE; | |
760 | - } | |
761 | + ctx = EVP_CIPHER_CTX_new(); | |
762 | + if (ctx != NULL && EVP_OpenInit(ctx, cipher, (unsigned char *)ekey, (int)ekey_len, NULL, pkey) && | |
763 | + EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) && | |
764 | + EVP_OpenFinal(ctx, buf + len1, &len2) && (len1 + len2 > 0)) { | |
765 | + zval_dtor(opendata); | |
766 | + buf[len1 + len2] = '\0'; | |
767 | + ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); | |
768 | + RETVAL_TRUE; | |
769 | } else { | |
770 | - efree(buf); | |
771 | RETVAL_FALSE; | |
772 | } | |
773 | + | |
774 | + efree(buf); | |
775 | if (keyresource == -1) { | |
776 | EVP_PKEY_free(pkey); | |
777 | } | |
778 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
779 | + EVP_CIPHER_CTX_free(ctx); | |
780 | } | |
781 | /* }}} */ | |
782 | ||
783 | @@ -4831,7 +5018,7 @@ | |
784 | char *data, *method; | |
785 | int data_len, method_len; | |
786 | const EVP_MD *mdtype; | |
787 | - EVP_MD_CTX md_ctx; | |
788 | + EVP_MD_CTX *md_ctx; | |
789 | int siglen; | |
790 | unsigned char *sigbuf; | |
791 | ||
792 | @@ -4847,9 +5034,10 @@ | |
793 | siglen = EVP_MD_size(mdtype); | |
794 | sigbuf = emalloc(siglen + 1); | |
795 | ||
796 | - EVP_DigestInit(&md_ctx, mdtype); | |
797 | - EVP_DigestUpdate(&md_ctx, (unsigned char *)data, data_len); | |
798 | - if (EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) { | |
799 | + md_ctx = EVP_MD_CTX_create(); | |
800 | + if (EVP_DigestInit(md_ctx, mdtype) && | |
801 | + EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len) && | |
802 | + EVP_DigestFinal (md_ctx, (unsigned char *)sigbuf, &siglen)) { | |
803 | if (raw_output) { | |
804 | sigbuf[siglen] = '\0'; | |
805 | RETVAL_STRINGL((char *)sigbuf, siglen, 0); | |
806 | @@ -4865,6 +5053,8 @@ | |
807 | efree(sigbuf); | |
808 | RETVAL_FALSE; | |
809 | } | |
810 | + | |
811 | + EVP_MD_CTX_destroy(md_ctx); | |
812 | } | |
813 | /* }}} */ | |
814 | ||
815 | @@ -4910,7 +5100,7 @@ | |
816 | char *data, *method, *password, *iv = ""; | |
817 | int data_len, method_len, password_len, iv_len = 0, max_iv_len; | |
818 | const EVP_CIPHER *cipher_type; | |
819 | - EVP_CIPHER_CTX cipher_ctx; | |
820 | + EVP_CIPHER_CTX *cipher_ctx; | |
821 | int i=0, outlen, keylen; | |
822 | unsigned char *outbuf, *key; | |
823 | zend_bool free_iv; | |
824 | @@ -4924,6 +5114,12 @@ | |
825 | RETURN_FALSE; | |
826 | } | |
827 | ||
828 | + cipher_ctx = EVP_CIPHER_CTX_new(); | |
829 | + if (!cipher_ctx) { | |
830 | + php_error_docref(NULL, E_WARNING, "Failed to create cipher context"); | |
831 | + RETURN_FALSE; | |
832 | + } | |
833 | + | |
834 | keylen = EVP_CIPHER_key_length(cipher_type); | |
835 | if (keylen > password_len) { | |
836 | key = emalloc(keylen); | |
837 | @@ -4942,19 +5138,19 @@ | |
838 | outlen = data_len + EVP_CIPHER_block_size(cipher_type); | |
839 | outbuf = emalloc(outlen + 1); | |
840 | ||
841 | - EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL); | |
842 | + EVP_EncryptInit(cipher_ctx, cipher_type, NULL, NULL); | |
843 | if (password_len > keylen) { | |
844 | - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); | |
845 | + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); | |
846 | } | |
847 | - EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
848 | + EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
849 | if (options & OPENSSL_ZERO_PADDING) { | |
850 | - EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); | |
851 | + EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); | |
852 | } | |
853 | if (data_len > 0) { | |
854 | - EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
855 | + EVP_EncryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
856 | } | |
857 | outlen = i; | |
858 | - if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
859 | + if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
860 | outlen += i; | |
861 | if (options & OPENSSL_RAW_DATA) { | |
862 | outbuf[outlen] = '\0'; | |
863 | @@ -4977,7 +5173,7 @@ | |
864 | if (free_iv) { | |
865 | efree(iv); | |
866 | } | |
867 | - EVP_CIPHER_CTX_cleanup(&cipher_ctx); | |
868 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
869 | } | |
870 | /* }}} */ | |
871 | ||
872 | @@ -4989,7 +5185,7 @@ | |
873 | char *data, *method, *password, *iv = ""; | |
874 | int data_len, method_len, password_len, iv_len = 0; | |
875 | const EVP_CIPHER *cipher_type; | |
876 | - EVP_CIPHER_CTX cipher_ctx; | |
877 | + EVP_CIPHER_CTX *cipher_ctx; | |
878 | int i, outlen, keylen; | |
879 | unsigned char *outbuf, *key; | |
880 | int base64_str_len; | |
881 | @@ -5011,10 +5207,17 @@ | |
882 | RETURN_FALSE; | |
883 | } | |
884 | ||
885 | + cipher_ctx = EVP_CIPHER_CTX_new(); | |
886 | + if (!cipher_ctx) { | |
887 | + php_error_docref(NULL, E_WARNING, "Failed to create cipher context"); | |
888 | + RETURN_FALSE; | |
889 | + } | |
890 | + | |
891 | if (!(options & OPENSSL_RAW_DATA)) { | |
892 | base64_str = (char*)php_base64_decode((unsigned char*)data, data_len, &base64_str_len); | |
893 | if (!base64_str) { | |
894 | php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to base64 decode the input"); | |
895 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
896 | RETURN_FALSE; | |
897 | } | |
898 | data_len = base64_str_len; | |
899 | @@ -5035,17 +5238,17 @@ | |
900 | outlen = data_len + EVP_CIPHER_block_size(cipher_type); | |
901 | outbuf = emalloc(outlen + 1); | |
902 | ||
903 | - EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL); | |
904 | + EVP_DecryptInit(cipher_ctx, cipher_type, NULL, NULL); | |
905 | if (password_len > keylen) { | |
906 | - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); | |
907 | + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); | |
908 | } | |
909 | - EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
910 | + EVP_DecryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
911 | if (options & OPENSSL_ZERO_PADDING) { | |
912 | - EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); | |
913 | + EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); | |
914 | } | |
915 | - EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
916 | + EVP_DecryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
917 | outlen = i; | |
918 | - if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
919 | + if (EVP_DecryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
920 | outlen += i; | |
921 | outbuf[outlen] = '\0'; | |
922 | RETVAL_STRINGL((char *)outbuf, outlen, 0); | |
923 | @@ -5062,7 +5265,7 @@ | |
924 | if (base64_str) { | |
925 | efree(base64_str); | |
926 | } | |
927 | - EVP_CIPHER_CTX_cleanup(&cipher_ctx); | |
928 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
929 | } | |
930 | /* }}} */ | |
931 | ||
932 | @@ -5100,6 +5303,7 @@ | |
933 | zval *key; | |
934 | char *pub_str; | |
935 | int pub_len; | |
936 | + DH *dh; | |
937 | EVP_PKEY *pkey; | |
938 | BIGNUM *pub; | |
939 | char *data; | |
940 | @@ -5109,14 +5313,18 @@ | |
941 | return; | |
942 | } | |
943 | ZEND_FETCH_RESOURCE(pkey, EVP_PKEY *, &key, -1, "OpenSSL key", le_key); | |
944 | - if (!pkey || EVP_PKEY_type(pkey->type) != EVP_PKEY_DH || !pkey->pkey.dh) { | |
945 | + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) { | |
946 | + RETURN_FALSE; | |
947 | + } | |
948 | + dh = EVP_PKEY_get0_DH(pkey); | |
949 | + if (dh == NULL) { | |
950 | RETURN_FALSE; | |
951 | } | |
952 | ||
953 | pub = BN_bin2bn((unsigned char*)pub_str, pub_len, NULL); | |
954 | ||
955 | - data = emalloc(DH_size(pkey->pkey.dh) + 1); | |
956 | - len = DH_compute_key((unsigned char*)data, pub, pkey->pkey.dh); | |
957 | + data = emalloc(DH_size(dh) + 1); | |
958 | + len = DH_compute_key((unsigned char*)data, pub, dh); | |
959 | ||
960 | if (len >= 0) { | |
961 | data[len] = 0; | |
5b8714db AM |
962 | --- php-5.3.29/ext/openssl/openssl.c~ 2021-10-23 19:18:21.000000000 +0200 |
963 | +++ php-5.3.29/ext/openssl/openssl.c 2021-10-23 19:19:01.483125024 +0200 | |
964 | @@ -1044,7 +1044,9 @@ PHP_MINIT_FUNCTION(openssl) | |
965 | REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT); | |
966 | ||
967 | REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT); | |
968 | +#ifdef RSA_SSLV23_PADDING | |
969 | REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT); | |
970 | +#endif | |
971 | REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT); | |
972 | REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT); | |
973 | ||
1cb16249 AM |
974 | --- php-5.5.38.org/ext/openssl/xp_ssl.c 2016-07-20 10:41:48.000000000 +0200 |
975 | +++ php-5.5.38/ext/openssl/xp_ssl.c 2022-01-20 17:50:46.176594447 +0100 | |
976 | @@ -473,7 +473,7 @@ static inline int php_openssl_setup_cryp | |
977 | #endif | |
978 | case STREAM_CRYPTO_METHOD_TLS_CLIENT: | |
979 | sslsock->is_client = 1; | |
980 | - method = TLSv1_client_method(); | |
981 | + method = TLS_client_method(); | |
982 | break; | |
983 | case STREAM_CRYPTO_METHOD_SSLv23_SERVER: | |
984 | sslsock->is_client = 0; | |
985 | @@ -499,7 +499,7 @@ static inline int php_openssl_setup_cryp | |
986 | #endif | |
987 | case STREAM_CRYPTO_METHOD_TLS_SERVER: | |
988 | sslsock->is_client = 0; | |
989 | - method = TLSv1_server_method(); | |
990 | + method = TLS_server_method(); | |
991 | break; | |
992 | default: | |
993 | return -1; | |
994 | @@ -1076,7 +1076,7 @@ php_stream *php_openssl_ssl_socket_facto | |
995 | ||
996 | if (strncmp(proto, "ssl", protolen) == 0) { | |
997 | sslsock->enable_on_connect = 1; | |
998 | - sslsock->method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT; | |
999 | + sslsock->method = STREAM_CRYPTO_METHOD_TLS_CLIENT; | |
1000 | } else if (strncmp(proto, "sslv2", protolen) == 0) { | |
1001 | #ifdef OPENSSL_NO_SSL2 | |
1002 | php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against"); | |
1003 | @@ -1087,7 +1087,7 @@ php_stream *php_openssl_ssl_socket_facto | |
1004 | #endif | |
1005 | } else if (strncmp(proto, "sslv3", protolen) == 0) { | |
1006 | sslsock->enable_on_connect = 1; | |
1007 | - sslsock->method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT; | |
1008 | + sslsock->method = STREAM_CRYPTO_METHOD_TLS_CLIENT; | |
1009 | } else if (strncmp(proto, "tls", protolen) == 0) { | |
1010 | sslsock->enable_on_connect = 1; | |
1011 | sslsock->method = STREAM_CRYPTO_METHOD_TLS_CLIENT; | |
3fd39e70 AM |
1012 | --- php-5.5.38/ext/openssl/xp_ssl.c~ 2022-03-29 16:25:01.000000000 +0200 |
1013 | +++ php-5.5.38/ext/openssl/xp_ssl.c 2022-03-29 16:27:12.643215607 +0200 | |
1014 | @@ -445,6 +445,10 @@ static inline int php_openssl_setup_cryp | |
1015 | } | |
1016 | } | |
1017 | ||
1018 | +#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF | |
1019 | + ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF; | |
1020 | +#endif | |
1021 | + | |
1022 | /* need to do slightly different things, based on client/server method, | |
1023 | * so lets remember which method was selected */ | |
1024 |