]> git.pld-linux.org Git - packages/php.git/blame - openssl.patch
projects / packages / php.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Rel 30. Add workaround for https://bugs.php.net/bug.php?id=79589
[packages/php.git] / openssl.patch
CommitLineData
ba5a9013
AM		 1diff -ur php-5.5.38.org/ext/openssl/openssl.c php-5.5.38/ext/openssl/openssl.c
2--- php-5.5.38.org/ext/openssl/openssl.c 2018-09-25 14:34:57.903784149 +0200
3+++ php-5.5.38/ext/openssl/openssl.c 2018-09-25 14:55:18.919902725 +0200
4@@ -81,6 +81,12 @@
5 #define HAVE_EVP_PKEY_EC 1
6 #endif
7
8+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
9+#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0)
10+#else
11+#define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval()
12+#endif
13+
14 /* FIXME: Use the openssl constants instead of
15 * enum. It is now impossible to match real values
16 * against php constants. Also sorry to break the
17@@ -493,6 +499,14 @@
18 ZEND_GET_MODULE(openssl)
19 #endif
20
21+/* {{{ OpenSSL compatibility functions and macros */
22+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
23+#define EVP_PKEY_get0_RSA(_pkey) _pkey->pkey.rsa
24+#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh
25+#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa
26+#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec
27+#endif
28+
29 static int le_key;
30 static int le_x509;
31 static int le_csr;
32@@ -987,9 +1001,11 @@
33 mdtype = (EVP_MD *) EVP_md2();
34 break;
35 #endif
36+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
37 case OPENSSL_ALGO_DSS1:
38 mdtype = (EVP_MD *) EVP_dss1();
39 break;
40+#endif
41 #if OPENSSL_VERSION_NUMBER >= 0x0090708fL
42 case OPENSSL_ALGO_SHA224:
43 mdtype = (EVP_MD *) EVP_sha224();
44@@ -1436,6 +1452,7 @@
45 {
46 GENERAL_NAMES *names;
47 const X509V3_EXT_METHOD *method = NULL;
48+ ASN1_OCTET_STRING *extension_data;
49 long i, length, num;
50 const unsigned char *p;
51
52@@ -1444,8 +1461,9 @@
53 return -1;
54 }
55
56- p = extension->value->data;
57- length = extension->value->length;
58+ extension_data = X509_EXTENSION_get_data(extension);
59+ p = extension_data->data;
60+ length = extension_data->length;
61 if (method->it) {
62 names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
63 ASN1_ITEM_ptr(method->it)));
64@@ -1508,6 +1526,8 @@
65 char * tmpstr;
66 zval * subitem;
67 X509_EXTENSION *extension;
68+ X509_NAME *subject_name;
69+ char *cert_name;
70 char *extname;
71 BIO *bio_out;
72 BUF_MEM *bio_buf;
73@@ -1522,12 +1542,12 @@
74 }
75 array_init(return_value);
76
77- if (cert->name) {
78- add_assoc_string(return_value, "name", cert->name, 1);
79- }
80-/* add_assoc_bool(return_value, "valid", cert->valid); */
81+ subject_name = X509_get_subject_name(cert);
82+ cert_name = X509_NAME_oneline(subject_name, NULL, 0);
83+ add_assoc_string(return_value, "name", cert_name, 1);
84+ OPENSSL_free(cert_name);
85
86- add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC);
87+ add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC);
88 /* hash as used in CA directories to lookup cert by subject name */
89 {
90 char buf[32];
91@@ -1551,7 +1571,7 @@
92 add_assoc_string(return_value, "alias", tmpstr, 1);
93 }
94
95- sig_nid = OBJ_obj2nid((cert)->sig_alg->algorithm);
96+ sig_nid = X509_get_signature_nid(cert);
97 add_assoc_string(return_value, "signatureTypeSN", (char*)OBJ_nid2sn(sig_nid), 1);
98 add_assoc_string(return_value, "signatureTypeLN", (char*)OBJ_nid2ln(sig_nid), 1);
99 add_assoc_long(return_value, "signatureTypeNID", sig_nid);
100@@ -3014,13 +3034,20 @@
101 {
102 assert(pkey != NULL);
103
104- switch (pkey->type) {
105+ switch (EVP_PKEY_id(pkey)) {
106 #ifndef NO_RSA
107 case EVP_PKEY_RSA:
108 case EVP_PKEY_RSA2:
109- assert(pkey->pkey.rsa != NULL);
110- if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)) {
111- return 0;
112+ {
113+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
114+ if (rsa != NULL) {
115+ const BIGNUM *p, *q;
116+
117+ RSA_get0_factors(rsa, &p, &q);
118+ if (p == NULL || q == NULL) {
119+ return 0;
120+ }
121+ }
122 }
123 break;
124 #endif
125@@ -3030,28 +3057,51 @@
126 case EVP_PKEY_DSA2:
127 case EVP_PKEY_DSA3:
128 case EVP_PKEY_DSA4:
129- assert(pkey->pkey.dsa != NULL);
130+ {
131+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
132+ if (dsa != NULL) {
133+ const BIGNUM *p, *q, *g, *pub_key, *priv_key;
134+
135+ DSA_get0_pqg(dsa, &p, &q, &g);
136+ if (p == NULL || q == NULL) {
137+ return 0;
138+ }
139
140- if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){
141- return 0;
142+ DSA_get0_key(dsa, &pub_key, &priv_key);
143+ if (priv_key == NULL) {
144+ return 0;
145+ }
146+ }
147 }
148 break;
149 #endif
150 #ifndef NO_DH
151 case EVP_PKEY_DH:
152- assert(pkey->pkey.dh != NULL);
153+ {
154+ DH *dh = EVP_PKEY_get0_DH(pkey);
155+ if (dh != NULL) {
156+ const BIGNUM *p, *q, *g, *pub_key, *priv_key;
157+
158+ DH_get0_pqg(dh, &p, &q, &g);
159+ if (p == NULL) {
160+ return 0;
161+ }
162
163- if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) {
164- return 0;
165+ DH_get0_key(dh, &pub_key, &priv_key);
166+ if (priv_key == NULL) {
167+ return 0;
168+ }
169+ }
170 }
171 break;
172 #endif
173 #ifdef HAVE_EVP_PKEY_EC
174 case EVP_PKEY_EC:
175- assert(pkey->pkey.ec != NULL);
176-
177- if ( NULL == EC_KEY_get0_private_key(pkey->pkey.ec)) {
178- return 0;
179+ {
180+ EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
181+ if (ec != NULL && NULL == EC_KEY_get0_private_key(ec)) {
182+ return 0;
183+ }
184 }
185 break;
186 #endif
187@@ -3063,26 +3113,166 @@
188 }
189 /* }}} */
190
191-#define OPENSSL_PKEY_GET_BN(_type, _name) do { \
192- if (pkey->pkey._type->_name != NULL) { \
193- int len = BN_num_bytes(pkey->pkey._type->_name); \
194- char *str = emalloc(len + 1); \
195- BN_bn2bin(pkey->pkey._type->_name, (unsigned char*)str); \
196- str[len] = 0; \
197- add_assoc_stringl(_type, #_name, str, len, 0); \
198- } \
199- } while (0)
200-
201-#define OPENSSL_PKEY_SET_BN(_ht, _type, _name) do { \
202- zval **bn; \
203- if (zend_hash_find(_ht, #_name, sizeof(#_name), (void**)&bn) == SUCCESS && \
204- Z_TYPE_PP(bn) == IS_STRING) { \
205- _type->_name = BN_bin2bn( \
206- (unsigned char*)Z_STRVAL_PP(bn), \
207- Z_STRLEN_PP(bn), NULL); \
208- } \
209- } while (0);
210+#define OPENSSL_GET_BN(_array, _bn, _name) do { \
211+ if (_bn != NULL) { \
212+ int len = BN_num_bytes(_bn); \
213+ char *str = emalloc(len + 1); \
214+ BN_bn2bin(_bn, (unsigned char*)str); \
215+ str[len] = 0; \
216+ add_assoc_stringl(&_array, #_name, str, len, 0); \
217+ } \
218+} while (0);
219+
220+#define OPENSSL_PKEY_GET_BN(_type, _name) OPENSSL_GET_BN(_type, _name, _name)
221+
222+#define OPENSSL_PKEY_SET_BN(_data, _name) do { \
223+ zval **bn; \
224+ if (zend_hash_find(Z_ARRVAL_PP(_data), #_name, sizeof(#_name), (void**)bn) == SUCCESS && \
225+ Z_TYPE_PP(bn) == IS_STRING) { \
226+ _name = BN_bin2bn( \
227+ (unsigned char*)Z_STRVAL_PP(bn), \
228+ (int)Z_STRLEN_PP(bn), NULL); \
229+ } else { \
230+ _name = NULL; \
231+ } \
232+} while (0);
233+
234+/* {{{ php_openssl_pkey_init_rsa */
235+zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa, zval **data)
236+{
237+ BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
238+
239+ OPENSSL_PKEY_SET_BN(data, n);
240+ OPENSSL_PKEY_SET_BN(data, e);
241+ OPENSSL_PKEY_SET_BN(data, d);
242+ if (!n || !d || !RSA_set0_key(rsa, n, e, d)) {
243+ return 0;
244+ }
245+
246+ OPENSSL_PKEY_SET_BN(data, p);
247+ OPENSSL_PKEY_SET_BN(data, q);
248+ if ((p || q) && !RSA_set0_factors(rsa, p, q)) {
249+ return 0;
250+ }
251+
252+ OPENSSL_PKEY_SET_BN(data, dmp1);
253+ OPENSSL_PKEY_SET_BN(data, dmq1);
254+ OPENSSL_PKEY_SET_BN(data, iqmp);
255+ if ((dmp1 || dmq1 || iqmp) && !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) {
256+ return 0;
257+ }
258+
259+ if (!EVP_PKEY_assign_RSA(pkey, rsa)) {
260+ return 0;
261+ }
262+
263+ return 1;
264+}
265+
266+/* {{{ php_openssl_pkey_init_dsa */
267+zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval **data)
268+{
269+ BIGNUM *p, *q, *g, *priv_key, *pub_key;
270+ const BIGNUM *priv_key_const, *pub_key_const;
271+
272+ OPENSSL_PKEY_SET_BN(data, p);
273+ OPENSSL_PKEY_SET_BN(data, q);
274+ OPENSSL_PKEY_SET_BN(data, g);
275+ if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) {
276+ return 0;
277+ }
278+ OPENSSL_PKEY_SET_BN(data, pub_key);
279+ OPENSSL_PKEY_SET_BN(data, priv_key);
280+ if (pub_key) {
281+ return DSA_set0_key(dsa, pub_key, priv_key);
282+ }
283+
284+ /* generate key */
285+ PHP_OPENSSL_RAND_ADD_TIME();
286+ if (!DSA_generate_key(dsa)) {
287+ return 0;
288+ }
289+ /* if BN_mod_exp return -1, then DSA_generate_key succeed for failed key
290+ * so we need to double check that public key is created */
291+ DSA_get0_key(dsa, &pub_key_const, &priv_key_const);
292+ if (!pub_key_const || BN_is_zero(pub_key_const)) {
293+ return 0;
294+ }
295+ /* all good */
296+ return 1;
297+}
298+/* }}} */
299+
300+/* {{{ php_openssl_dh_pub_from_priv */
301+static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM *p)
302+{
303+ BIGNUM *pub_key, *priv_key_const_time;
304+ BN_CTX *ctx;
305+
306+ pub_key = BN_new();
307+ if (pub_key == NULL) {
308+ return NULL;
309+ }
310+
311+ priv_key_const_time = BN_new();
312+ if (priv_key_const_time == NULL) {
313+ BN_free(pub_key);
314+ return NULL;
315+ }
316+ ctx = BN_CTX_new();
317+ if (ctx == NULL) {
318+ BN_free(pub_key);
319+ BN_free(priv_key_const_time);
320+ return NULL;
321+ }
322+
323+ BN_with_flags(priv_key_const_time, priv_key, BN_FLG_CONSTTIME);
324+
325+ if (!BN_mod_exp_mont(pub_key, g, priv_key_const_time, p, ctx, NULL)) {
326+ BN_free(pub_key);
327+ pub_key = NULL;
328+ }
329+
330+ BN_free(priv_key_const_time);
331+ BN_CTX_free(ctx);
332+
333+ return pub_key;
334+}
335+/* }}} */
336+
337+/* {{{ php_openssl_pkey_init_dh */
338+zend_bool php_openssl_pkey_init_dh(DH *dh, zval **data)
339+{
340+ BIGNUM *p, *q, *g, *priv_key, *pub_key;
341
342+ OPENSSL_PKEY_SET_BN(data, p);
343+ OPENSSL_PKEY_SET_BN(data, q);
344+ OPENSSL_PKEY_SET_BN(data, g);
345+ if (!p || !g || !DH_set0_pqg(dh, p, q, g)) {
346+ return 0;
347+ }
348+ OPENSSL_PKEY_SET_BN(data, priv_key);
349+ OPENSSL_PKEY_SET_BN(data, pub_key);
350+ if (pub_key) {
351+ return DH_set0_key(dh, pub_key, priv_key);
352+ }
353+ if (priv_key) {
354+ pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p);
355+ if (pub_key == NULL) {
356+ return 0;
357+ }
358+ return DH_set0_key(dh, pub_key, priv_key);
359+ }
360+
361+ /* generate key */
362+ PHP_OPENSSL_RAND_ADD_TIME();
363+ if (!DH_generate_key(dh)) {
364+ return 0;
365+ }
366+ /* all good */
367+ return 1;
368+}
369+/* }}} */
370
371 /* {{{ proto resource openssl_pkey_new([array configargs])
372 Generates a new private key */
373@@ -3106,18 +3296,8 @@
374 if (pkey) {
375 RSA *rsa = RSA_new();
376 if (rsa) {
377- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, n);
378- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, e);
379- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, d);
380- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, p);
381- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, q);
382- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1);
383- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1);
384- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp);
385- if (rsa->n && rsa->d) {
386- if (EVP_PKEY_assign_RSA(pkey, rsa)) {
387- RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
388- }
389+ if (php_openssl_pkey_init_and_assign_rsa(pkey, rsa, data)) {
390+ RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
391 }
392 RSA_free(rsa);
393 }
394@@ -3130,15 +3310,7 @@
395 if (pkey) {
396 DSA *dsa = DSA_new();
397 if (dsa) {
398- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, p);
399- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, q);
400- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g);
401- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key);
402- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key);
403- if (dsa->p && dsa->q && dsa->g) {
404- if (!dsa->priv_key && !dsa->pub_key) {
405- DSA_generate_key(dsa);
406- }
407+ if (php_openssl_pkey_init_dsa(dsa, data)) {
408 if (EVP_PKEY_assign_DSA(pkey, dsa)) {
409 RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
410 }
411@@ -3154,14 +3326,7 @@
412 if (pkey) {
413 DH *dh = DH_new();
414 if (dh) {
415- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, p);
416- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g);
417- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key);
418- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key);
419- if (dh->p && dh->g) {
420- if (!dh->pub_key) {
421- DH_generate_key(dh);
422- }
423+ if (php_openssl_pkey_init_dh(dh, data)) {
424 if (EVP_PKEY_assign_DH(pkey, dh)) {
425 RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
426 }
427@@ -3397,25 +3562,32 @@
428 /*TODO: Use the real values once the openssl constants are used
429 * See the enum at the top of this file
430 */
431- switch (EVP_PKEY_type(pkey->type)) {
432+ switch (EVP_PKEY_base_id(pkey)) {
433 case EVP_PKEY_RSA:
434 case EVP_PKEY_RSA2:
435- ktype = OPENSSL_KEYTYPE_RSA;
436-
437- if (pkey->pkey.rsa != NULL) {
438- zval *rsa;
439-
440- ALLOC_INIT_ZVAL(rsa);
441- array_init(rsa);
442- OPENSSL_PKEY_GET_BN(rsa, n);
443- OPENSSL_PKEY_GET_BN(rsa, e);
444- OPENSSL_PKEY_GET_BN(rsa, d);
445- OPENSSL_PKEY_GET_BN(rsa, p);
446- OPENSSL_PKEY_GET_BN(rsa, q);
447- OPENSSL_PKEY_GET_BN(rsa, dmp1);
448- OPENSSL_PKEY_GET_BN(rsa, dmq1);
449- OPENSSL_PKEY_GET_BN(rsa, iqmp);
450- add_assoc_zval(return_value, "rsa", rsa);
451+ {
452+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
453+ ktype = OPENSSL_KEYTYPE_RSA;
454+
455+ if (rsa != NULL) {
456+ zval z_rsa;
457+ const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
458+
459+ RSA_get0_key(rsa, &n, &e, &d);
460+ RSA_get0_factors(rsa, &p, &q);
461+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
462+
463+ array_init(&z_rsa);
464+ OPENSSL_PKEY_GET_BN(z_rsa, n);
465+ OPENSSL_PKEY_GET_BN(z_rsa, e);
466+ OPENSSL_PKEY_GET_BN(z_rsa, d);
467+ OPENSSL_PKEY_GET_BN(z_rsa, p);
468+ OPENSSL_PKEY_GET_BN(z_rsa, q);
469+ OPENSSL_PKEY_GET_BN(z_rsa, dmp1);
470+ OPENSSL_PKEY_GET_BN(z_rsa, dmq1);
471+ OPENSSL_PKEY_GET_BN(z_rsa, iqmp);
472+ add_assoc_zval(return_value, "rsa", &z_rsa);
473+ }
474 }
475
476 break;
477@@ -3423,37 +3595,47 @@
478 case EVP_PKEY_DSA2:
479 case EVP_PKEY_DSA3:
480 case EVP_PKEY_DSA4:
481- ktype = OPENSSL_KEYTYPE_DSA;
482-
483- if (pkey->pkey.dsa != NULL) {
484- zval *dsa;
485-
486- ALLOC_INIT_ZVAL(dsa);
487- array_init(dsa);
488- OPENSSL_PKEY_GET_BN(dsa, p);
489- OPENSSL_PKEY_GET_BN(dsa, q);
490- OPENSSL_PKEY_GET_BN(dsa, g);
491- OPENSSL_PKEY_GET_BN(dsa, priv_key);
492- OPENSSL_PKEY_GET_BN(dsa, pub_key);
493- add_assoc_zval(return_value, "dsa", dsa);
494+ {
495+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
496+ ktype = OPENSSL_KEYTYPE_DSA;
497+
498+ if (dsa != NULL) {
499+ zval z_dsa;
500+ const BIGNUM *p, *q, *g, *priv_key, *pub_key;
501+
502+ DSA_get0_pqg(dsa, &p, &q, &g);
503+ DSA_get0_key(dsa, &pub_key, &priv_key);
504+
505+ array_init(&z_dsa);
506+ OPENSSL_PKEY_GET_BN(z_dsa, p);
507+ OPENSSL_PKEY_GET_BN(z_dsa, q);
508+ OPENSSL_PKEY_GET_BN(z_dsa, g);
509+ OPENSSL_PKEY_GET_BN(z_dsa, priv_key);
510+ OPENSSL_PKEY_GET_BN(z_dsa, pub_key);
511+ add_assoc_zval(return_value, "dsa", &z_dsa);
512+ }
513 }
514 break;
515 case EVP_PKEY_DH:
516-
517- ktype = OPENSSL_KEYTYPE_DH;
518-
519- if (pkey->pkey.dh != NULL) {
520- zval *dh;
521-
522- ALLOC_INIT_ZVAL(dh);
523- array_init(dh);
524- OPENSSL_PKEY_GET_BN(dh, p);
525- OPENSSL_PKEY_GET_BN(dh, g);
526- OPENSSL_PKEY_GET_BN(dh, priv_key);
527- OPENSSL_PKEY_GET_BN(dh, pub_key);
528- add_assoc_zval(return_value, "dh", dh);
529+ {
530+ DH *dh = EVP_PKEY_get0_DH(pkey);
531+ ktype = OPENSSL_KEYTYPE_DH;
532+
533+ if (dh != NULL) {
534+ zval z_dh;
535+ const BIGNUM *p, *q, *g, *priv_key, *pub_key;
536+
537+ DH_get0_pqg(dh, &p, &q, &g);
538+ DH_get0_key(dh, &pub_key, &priv_key);
539+
540+ array_init(&z_dh);
541+ OPENSSL_PKEY_GET_BN(z_dh, p);
542+ OPENSSL_PKEY_GET_BN(z_dh, g);
543+ OPENSSL_PKEY_GET_BN(z_dh, priv_key);
544+ OPENSSL_PKEY_GET_BN(z_dh, pub_key);
545+ add_assoc_zval(return_value, "dh", &z_dh);
546+ }
547 }
548-
549 break;
550 #ifdef HAVE_EVP_PKEY_EC
551 case EVP_PKEY_EC:
552@@ -3981,13 +4163,13 @@
553 cryptedlen = EVP_PKEY_size(pkey);
554 cryptedbuf = emalloc(cryptedlen + 1);
555
556- switch (pkey->type) {
557+ switch (EVP_PKEY_id(pkey)) {
558 case EVP_PKEY_RSA:
559 case EVP_PKEY_RSA2:
560 successful = (RSA_private_encrypt(data_len,
561 (unsigned char *)data,
562 cryptedbuf,
563- pkey->pkey.rsa,
564+ EVP_PKEY_get0_RSA(pkey),
565 padding) == cryptedlen);
566 break;
567 default:
568@@ -4039,13 +4221,13 @@
569 cryptedlen = EVP_PKEY_size(pkey);
570 crypttemp = emalloc(cryptedlen + 1);
571
572- switch (pkey->type) {
573+ switch (EVP_PKEY_id(pkey)) {
574 case EVP_PKEY_RSA:
575 case EVP_PKEY_RSA2:
576 cryptedlen = RSA_private_decrypt(data_len,
577 (unsigned char *)data,
578 crypttemp,
579- pkey->pkey.rsa,
580+ EVP_PKEY_get0_RSA(pkey),
581 padding);
582 if (cryptedlen != -1) {
583 cryptedbuf = emalloc(cryptedlen + 1);
584@@ -4104,13 +4286,13 @@
585 cryptedlen = EVP_PKEY_size(pkey);
586 cryptedbuf = emalloc(cryptedlen + 1);
587
588- switch (pkey->type) {
589+ switch (EVP_PKEY_id(pkey)) {
590 case EVP_PKEY_RSA:
591 case EVP_PKEY_RSA2:
592 successful = (RSA_public_encrypt(data_len,
593 (unsigned char *)data,
594- cryptedbuf,
595- pkey->pkey.rsa,
596+ cryptedbuf,
597+ EVP_PKEY_get0_RSA(pkey),
598 padding) == cryptedlen);
599 break;
600 default:
601@@ -4163,13 +4345,13 @@
602 cryptedlen = EVP_PKEY_size(pkey);
603 crypttemp = emalloc(cryptedlen + 1);
604
605- switch (pkey->type) {
606+ switch (EVP_PKEY_id(pkey)) {
607 case EVP_PKEY_RSA:
608 case EVP_PKEY_RSA2:
609 cryptedlen = RSA_public_decrypt(data_len,
610 (unsigned char *)data,
611- crypttemp,
612- pkey->pkey.rsa,
613+ crypttemp,
614+ EVP_PKEY_get0_RSA(pkey),
615 padding);
616 if (cryptedlen != -1) {
617 cryptedbuf = emalloc(cryptedlen + 1);
618@@ -4233,7 +4415,7 @@
619 long keyresource = -1;
620 char * data;
621 int data_len;
622- EVP_MD_CTX md_ctx;
623+ EVP_MD_CTX *md_ctx;
624 zval *method = NULL;
625 long signature_algo = OPENSSL_ALGO_SHA1;
626 const EVP_MD *mdtype;
627@@ -4266,9 +4448,11 @@
628 siglen = EVP_PKEY_size(pkey);
629 sigbuf = emalloc(siglen + 1);
630
631- EVP_SignInit(&md_ctx, mdtype);
632- EVP_SignUpdate(&md_ctx, data, data_len);
633- if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) {
634+ md_ctx = EVP_MD_CTX_create();
635+ if (md_ctx != NULL &&
636+ EVP_SignInit(md_ctx, mdtype) &&
637+ EVP_SignUpdate(md_ctx, data, data_len) &&
638+ EVP_SignFinal(md_ctx, (unsigned char*)sigbuf, &siglen, pkey)) {
639 zval_dtor(signature);
640 sigbuf[siglen] = '\0';
641 ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0);
642@@ -4277,7 +4461,7 @@
643 efree(sigbuf);
644 RETVAL_FALSE;
645 }
646- EVP_MD_CTX_cleanup(&md_ctx);
647+ EVP_MD_CTX_destroy(md_ctx);
648 if (keyresource == -1) {
649 EVP_PKEY_free(pkey);
650 }
651@@ -4290,8 +4474,8 @@
652 {
653 zval **key;
654 EVP_PKEY *pkey;
655- int err;
656- EVP_MD_CTX md_ctx;
657+ int err = 0;
658+ EVP_MD_CTX *md_ctx;
659 const EVP_MD *mdtype;
660 long keyresource = -1;
661 char * data; int data_len;
662@@ -4325,10 +4509,13 @@
663 RETURN_FALSE;
664 }
665
666- EVP_VerifyInit (&md_ctx, mdtype);
667- EVP_VerifyUpdate (&md_ctx, data, data_len);
668- err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey);
669- EVP_MD_CTX_cleanup(&md_ctx);
670+ md_ctx = EVP_MD_CTX_create();
671+ if (md_ctx != NULL) {
672+ EVP_VerifyInit(md_ctx, mdtype);
673+ EVP_VerifyUpdate (md_ctx, data, data_len);
674+ err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey);
675+ }
676+ EVP_MD_CTX_destroy(md_ctx);
677
678 if (keyresource == -1) {
679 EVP_PKEY_free(pkey);
680@@ -4352,7 +4539,7 @@
681 char *method =NULL;
682 int method_len = 0;
683 const EVP_CIPHER *cipher;
684- EVP_CIPHER_CTX ctx;
685+ EVP_CIPHER_CTX *ctx;
686
687 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/|s", &data, &data_len, &sealdata, &ekeys, &pubkeys, &method, &method_len) == FAILURE) {
688 return;
689@@ -4399,9 +4586,10 @@
690 i++;
691 }
692
693- if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) {
694+ ctx = EVP_CIPHER_CTX_new();
695+ if (ctx == NULL || !EVP_EncryptInit(ctx,cipher,NULL,NULL)) {
696+ EVP_CIPHER_CTX_free(ctx);
697 RETVAL_FALSE;
698- EVP_CIPHER_CTX_cleanup(&ctx);
699 goto clean_exit;
700 }
701
702@@ -4411,17 +4599,17 @@
703 iv = ivlen ? emalloc(ivlen + 1) : NULL;
704 #endif
705 /* allocate one byte extra to make room for \0 */
706- buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
707- EVP_CIPHER_CTX_cleanup(&ctx);
708+ buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
709+ EVP_CIPHER_CTX_cleanup(ctx);
710
711- if (!EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
712+ if (!EVP_SealInit(ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) {
713 RETVAL_FALSE;
714 efree(buf);
715- EVP_CIPHER_CTX_cleanup(&ctx);
716+ EVP_CIPHER_CTX_free(ctx);
717 goto clean_exit;
718 }
719
720- EVP_SealFinal(&ctx, buf + len1, &len2);
721+ EVP_SealFinal(ctx, buf + len1, &len2);
722
723 if (len1 + len2 > 0) {
724 zval_dtor(sealdata);
725@@ -4450,7 +4638,7 @@
726 efree(buf);
727 }
728 RETVAL_LONG(len1 + len2);
729- EVP_CIPHER_CTX_cleanup(&ctx);
730+ EVP_CIPHER_CTX_free(ctx);
731
732 clean_exit:
733 for (i=0; i<nkeys; i++) {
734@@ -4477,7 +4665,7 @@
735 int len1, len2;
736 unsigned char *buf;
737 long keyresource = -1;
738- EVP_CIPHER_CTX ctx;
739+ EVP_CIPHER_CTX *ctx;
740 char * data; int data_len;
741 char * ekey; int ekey_len;
742 char *method =NULL;
743@@ -4503,27 +4691,26 @@
744 } else {
745 cipher = EVP_rc4();
746 }
747-
748+
749 buf = emalloc(data_len + 1);
750
751- if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
752- if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) {
753- efree(buf);
754- RETVAL_FALSE;
755- } else {
756- zval_dtor(opendata);
757- buf[len1 + len2] = '\0';
758- ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
759- RETVAL_TRUE;
760- }
761+ ctx = EVP_CIPHER_CTX_new();
762+ if (ctx != NULL && EVP_OpenInit(ctx, cipher, (unsigned char *)ekey, (int)ekey_len, NULL, pkey) &&
763+ EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) &&
764+ EVP_OpenFinal(ctx, buf + len1, &len2) && (len1 + len2 > 0)) {
765+ zval_dtor(opendata);
766+ buf[len1 + len2] = '\0';
767+ ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
768+ RETVAL_TRUE;
769 } else {
770- efree(buf);
771 RETVAL_FALSE;
772 }
773+
774+ efree(buf);
775 if (keyresource == -1) {
776 EVP_PKEY_free(pkey);
777 }
778- EVP_CIPHER_CTX_cleanup(&ctx);
779+ EVP_CIPHER_CTX_free(ctx);
780 }
781 /* }}} */
782
783@@ -4831,7 +5018,7 @@
784 char *data, *method;
785 int data_len, method_len;
786 const EVP_MD *mdtype;
787- EVP_MD_CTX md_ctx;
788+ EVP_MD_CTX *md_ctx;
789 int siglen;
790 unsigned char *sigbuf;
791
792@@ -4847,9 +5034,10 @@
793 siglen = EVP_MD_size(mdtype);
794 sigbuf = emalloc(siglen + 1);
795
796- EVP_DigestInit(&md_ctx, mdtype);
797- EVP_DigestUpdate(&md_ctx, (unsigned char *)data, data_len);
798- if (EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) {
799+ md_ctx = EVP_MD_CTX_create();
800+ if (EVP_DigestInit(md_ctx, mdtype) &&
801+ EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len) &&
802+ EVP_DigestFinal (md_ctx, (unsigned char *)sigbuf, &siglen)) {
803 if (raw_output) {
804 sigbuf[siglen] = '\0';
805 RETVAL_STRINGL((char *)sigbuf, siglen, 0);
806@@ -4865,6 +5053,8 @@
807 efree(sigbuf);
808 RETVAL_FALSE;
809 }
810+
811+ EVP_MD_CTX_destroy(md_ctx);
812 }
813 /* }}} */
814
815@@ -4910,7 +5100,7 @@
816 char *data, *method, *password, *iv = "";
817 int data_len, method_len, password_len, iv_len = 0, max_iv_len;
818 const EVP_CIPHER *cipher_type;
819- EVP_CIPHER_CTX cipher_ctx;
820+ EVP_CIPHER_CTX *cipher_ctx;
821 int i=0, outlen, keylen;
822 unsigned char *outbuf, *key;
823 zend_bool free_iv;
824@@ -4924,6 +5114,12 @@
825 RETURN_FALSE;
826 }
827
828+ cipher_ctx = EVP_CIPHER_CTX_new();
829+ if (!cipher_ctx) {
830+ php_error_docref(NULL, E_WARNING, "Failed to create cipher context");
831+ RETURN_FALSE;
832+ }
833+
834 keylen = EVP_CIPHER_key_length(cipher_type);
835 if (keylen > password_len) {
836 key = emalloc(keylen);
837@@ -4942,19 +5138,19 @@
838 outlen = data_len + EVP_CIPHER_block_size(cipher_type);
839 outbuf = emalloc(outlen + 1);
840
841- EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL);
842+ EVP_EncryptInit(cipher_ctx, cipher_type, NULL, NULL);
843 if (password_len > keylen) {
844- EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
845+ EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len);
846 }
847- EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
848+ EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
849 if (options & OPENSSL_ZERO_PADDING) {
850- EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
851+ EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
852 }
853 if (data_len > 0) {
854- EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
855+ EVP_EncryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
856 }
857 outlen = i;
858- if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
859+ if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) {
860 outlen += i;
861 if (options & OPENSSL_RAW_DATA) {
862 outbuf[outlen] = '\0';
863@@ -4977,7 +5173,7 @@
864 if (free_iv) {
865 efree(iv);
866 }
867- EVP_CIPHER_CTX_cleanup(&cipher_ctx);
868+ EVP_CIPHER_CTX_free(cipher_ctx);
869 }
870 /* }}} */
871
872@@ -4989,7 +5185,7 @@
873 char *data, *method, *password, *iv = "";
874 int data_len, method_len, password_len, iv_len = 0;
875 const EVP_CIPHER *cipher_type;
876- EVP_CIPHER_CTX cipher_ctx;
877+ EVP_CIPHER_CTX *cipher_ctx;
878 int i, outlen, keylen;
879 unsigned char *outbuf, *key;
880 int base64_str_len;
881@@ -5011,10 +5207,17 @@
882 RETURN_FALSE;
883 }
884
885+ cipher_ctx = EVP_CIPHER_CTX_new();
886+ if (!cipher_ctx) {
887+ php_error_docref(NULL, E_WARNING, "Failed to create cipher context");
888+ RETURN_FALSE;
889+ }
890+
891 if (!(options & OPENSSL_RAW_DATA)) {
892 base64_str = (char*)php_base64_decode((unsigned char*)data, data_len, &base64_str_len);
893 if (!base64_str) {
894 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to base64 decode the input");
895+ EVP_CIPHER_CTX_free(cipher_ctx);
896 RETURN_FALSE;
897 }
898 data_len = base64_str_len;
899@@ -5035,17 +5238,17 @@
900 outlen = data_len + EVP_CIPHER_block_size(cipher_type);
901 outbuf = emalloc(outlen + 1);
902
903- EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL);
904+ EVP_DecryptInit(cipher_ctx, cipher_type, NULL, NULL);
905 if (password_len > keylen) {
906- EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
907+ EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len);
908 }
909- EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
910+ EVP_DecryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
911 if (options & OPENSSL_ZERO_PADDING) {
912- EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
913+ EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
914 }
915- EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
916+ EVP_DecryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
917 outlen = i;
918- if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
919+ if (EVP_DecryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) {
920 outlen += i;
921 outbuf[outlen] = '\0';
922 RETVAL_STRINGL((char *)outbuf, outlen, 0);
923@@ -5062,7 +5265,7 @@
924 if (base64_str) {
925 efree(base64_str);
926 }
927- EVP_CIPHER_CTX_cleanup(&cipher_ctx);
928+ EVP_CIPHER_CTX_free(cipher_ctx);
929 }
930 /* }}} */
931
932@@ -5100,6 +5303,7 @@
933 zval *key;
934 char *pub_str;
935 int pub_len;
936+ DH *dh;
937 EVP_PKEY *pkey;
938 BIGNUM *pub;
939 char *data;
940@@ -5109,14 +5313,18 @@
941 return;
942 }
943 ZEND_FETCH_RESOURCE(pkey, EVP_PKEY *, &key, -1, "OpenSSL key", le_key);
944- if (!pkey || EVP_PKEY_type(pkey->type) != EVP_PKEY_DH || !pkey->pkey.dh) {
945+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) {
946+ RETURN_FALSE;
947+ }
948+ dh = EVP_PKEY_get0_DH(pkey);
949+ if (dh == NULL) {
950 RETURN_FALSE;
951 }
952
953 pub = BN_bin2bn((unsigned char*)pub_str, pub_len, NULL);
954
955- data = emalloc(DH_size(pkey->pkey.dh) + 1);
956- len = DH_compute_key((unsigned char*)data, pub, pkey->pkey.dh);
957+ data = emalloc(DH_size(dh) + 1);
958+ len = DH_compute_key((unsigned char*)data, pub, dh);
959
960 if (len >= 0) {
961 data[len] = 0;
5b8714db
AM		 962--- php-5.3.29/ext/openssl/openssl.c~ 2021-10-23 19:18:21.000000000 +0200
963+++ php-5.3.29/ext/openssl/openssl.c 2021-10-23 19:19:01.483125024 +0200
964@@ -1044,7 +1044,9 @@ PHP_MINIT_FUNCTION(openssl)
965 REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);
966
967 REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
968+#ifdef RSA_SSLV23_PADDING
969 REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT);
970+#endif
971 REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
972 REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
973
1cb16249
AM		 974--- php-5.5.38.org/ext/openssl/xp_ssl.c 2016-07-20 10:41:48.000000000 +0200
975+++ php-5.5.38/ext/openssl/xp_ssl.c 2022-01-20 17:50:46.176594447 +0100
976@@ -473,7 +473,7 @@ static inline int php_openssl_setup_cryp
977 #endif
978 case STREAM_CRYPTO_METHOD_TLS_CLIENT:
979 sslsock->is_client = 1;
980- method = TLSv1_client_method();
981+ method = TLS_client_method();
982 break;
983 case STREAM_CRYPTO_METHOD_SSLv23_SERVER:
984 sslsock->is_client = 0;
985@@ -499,7 +499,7 @@ static inline int php_openssl_setup_cryp
986 #endif
987 case STREAM_CRYPTO_METHOD_TLS_SERVER:
988 sslsock->is_client = 0;
989- method = TLSv1_server_method();
990+ method = TLS_server_method();
991 break;
992 default:
993 return -1;
994@@ -1076,7 +1076,7 @@ php_stream *php_openssl_ssl_socket_facto
995
996 if (strncmp(proto, "ssl", protolen) == 0) {
997 sslsock->enable_on_connect = 1;
998- sslsock->method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
999+ sslsock->method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
1000 } else if (strncmp(proto, "sslv2", protolen) == 0) {
1001 #ifdef OPENSSL_NO_SSL2
1002 php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
1003@@ -1087,7 +1087,7 @@ php_stream *php_openssl_ssl_socket_facto
1004 #endif
1005 } else if (strncmp(proto, "sslv3", protolen) == 0) {
1006 sslsock->enable_on_connect = 1;
1007- sslsock->method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
1008+ sslsock->method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
1009 } else if (strncmp(proto, "tls", protolen) == 0) {
1010 sslsock->enable_on_connect = 1;
1011 sslsock->method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
3fd39e70
AM		 1012--- php-5.5.38/ext/openssl/xp_ssl.c~ 2022-03-29 16:25:01.000000000 +0200
1013+++ php-5.5.38/ext/openssl/xp_ssl.c 2022-03-29 16:27:12.643215607 +0200
1014@@ -445,6 +445,10 @@ static inline int php_openssl_setup_cryp
1015 }
1016 }
1017
1018+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
1019+ ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
1020+#endif
1021+
1022 /* need to do slightly different things, based on client/server method,
1023 * so lets remember which method was selected */
1024
PHP: Hypertext Preprocessor
This page took 0.160369 seconds and 4 git commands to generate.