1 diff -ur php-5.4.45/ext/openssl.org/openssl.c php-5.4.45/ext/openssl/openssl.c
2 --- php-5.4.45/ext/openssl.org/openssl.c 2018-09-28 11:24:04.034698463 +0200
3 +++ php-5.4.45/ext/openssl/openssl.c 2018-09-28 11:40:22.438766155 +0200
5 #define HAVE_EVP_PKEY_EC 1
8 +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
9 +#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0)
11 +#define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval()
14 /* FIXME: Use the openssl constants instead of
15 * enum. It is now impossible to match real values
16 * against php constants. Also sorry to break the
18 ZEND_GET_MODULE(openssl)
21 +/* {{{ OpenSSL compatibility functions and macros */
22 +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
23 +#define EVP_PKEY_get0_RSA(_pkey) _pkey->pkey.rsa
24 +#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh
25 +#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa
26 +#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec
35 file = RAND_file_name(buffer, sizeof(buffer));
36 - } else if (RAND_egd(file) > 0) {
37 - /* if the given filename is an EGD socket, don't
38 - * write anything back to it */
42 if (file == NULL || !RAND_load_file(file, -1)) {
43 if (RAND_status() == 0) {
45 mdtype = (EVP_MD *) EVP_md2();
48 +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
49 case OPENSSL_ALGO_DSS1:
50 mdtype = (EVP_MD *) EVP_dss1();
53 #if OPENSSL_VERSION_NUMBER >= 0x0090708fL
54 case OPENSSL_ALGO_SHA224:
55 mdtype = (EVP_MD *) EVP_sha224();
56 @@ -1054,12 +1065,17 @@
57 le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number);
58 le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number);
60 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
61 + OPENSSL_config(NULL);
63 OpenSSL_add_all_ciphers();
64 OpenSSL_add_all_digests();
65 OpenSSL_add_all_algorithms();
67 SSL_load_error_strings();
69 + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
72 /* register a resource id number with OpenSSL so that we can map SSL -> stream structures in
73 * OpenSSL callbacks */
77 const X509V3_EXT_METHOD *method = NULL;
78 + ASN1_OCTET_STRING *extension_data;
80 const unsigned char *p;
86 - p = extension->value->data;
87 - length = extension->value->length;
88 + extension_data = X509_EXTENSION_get_data(extension);
89 + p = extension_data->data;
90 + length = extension_data->length;
92 names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
93 ASN1_ITEM_ptr(method->it)));
97 X509_EXTENSION *extension;
98 + X509_NAME *subject_name;
103 @@ -1508,12 +1528,12 @@
105 array_init(return_value);
108 - add_assoc_string(return_value, "name", cert->name, 1);
110 -/* add_assoc_bool(return_value, "valid", cert->valid); */
111 + subject_name = X509_get_subject_name(cert);
112 + cert_name = X509_NAME_oneline(subject_name, NULL, 0);
113 + add_assoc_string(return_value, "name", cert_name, 1);
114 + OPENSSL_free(cert_name);
116 - add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC);
117 + add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC);
118 /* hash as used in CA directories to lookup cert by subject name */
121 @@ -2999,13 +3019,20 @@
123 assert(pkey != NULL);
125 - switch (pkey->type) {
126 + switch (EVP_PKEY_id(pkey)) {
130 - assert(pkey->pkey.rsa != NULL);
131 - if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)) {
134 + RSA *rsa = EVP_PKEY_get0_RSA(pkey);
136 + const BIGNUM *p, *q;
138 + RSA_get0_factors(rsa, &p, &q);
139 + if (p == NULL || q == NULL) {
146 @@ -3015,28 +3042,51 @@
150 - assert(pkey->pkey.dsa != NULL);
152 + DSA *dsa = EVP_PKEY_get0_DSA(pkey);
154 + const BIGNUM *p, *q, *g, *pub_key, *priv_key;
156 + DSA_get0_pqg(dsa, &p, &q, &g);
157 + if (p == NULL || q == NULL) {
161 - if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){
163 + DSA_get0_key(dsa, &pub_key, &priv_key);
164 + if (priv_key == NULL) {
173 - assert(pkey->pkey.dh != NULL);
175 + DH *dh = EVP_PKEY_get0_DH(pkey);
177 + const BIGNUM *p, *q, *g, *pub_key, *priv_key;
179 + DH_get0_pqg(dh, &p, &q, &g);
184 - if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) {
186 + DH_get0_key(dh, &pub_key, &priv_key);
187 + if (priv_key == NULL) {
194 #ifdef HAVE_EVP_PKEY_EC
196 - assert(pkey->pkey.ec != NULL);
198 - if ( NULL == EC_KEY_get0_private_key(pkey->pkey.ec)) {
201 + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
202 + if (ec != NULL && NULL == EC_KEY_get0_private_key(ec)) {
208 @@ -3048,26 +3098,166 @@
212 -#define OPENSSL_PKEY_GET_BN(_type, _name) do { \
213 - if (pkey->pkey._type->_name != NULL) { \
214 - int len = BN_num_bytes(pkey->pkey._type->_name); \
215 - char *str = emalloc(len + 1); \
216 - BN_bn2bin(pkey->pkey._type->_name, (unsigned char*)str); \
218 - add_assoc_stringl(_type, #_name, str, len, 0); \
222 -#define OPENSSL_PKEY_SET_BN(_ht, _type, _name) do { \
224 - if (zend_hash_find(_ht, #_name, sizeof(#_name), (void**)&bn) == SUCCESS && \
225 - Z_TYPE_PP(bn) == IS_STRING) { \
226 - _type->_name = BN_bin2bn( \
227 - (unsigned char*)Z_STRVAL_PP(bn), \
228 - Z_STRLEN_PP(bn), NULL); \
231 +#define OPENSSL_GET_BN(_array, _bn, _name) do { \
232 + if (_bn != NULL) { \
233 + int len = BN_num_bytes(_bn); \
234 + char *str = emalloc(len + 1); \
235 + BN_bn2bin(_bn, (unsigned char*)str); \
237 + add_assoc_stringl(&_array, #_name, str, len, 0); \
241 +#define OPENSSL_PKEY_GET_BN(_type, _name) OPENSSL_GET_BN(_type, _name, _name)
243 +#define OPENSSL_PKEY_SET_BN(_data, _name) do { \
245 + if (zend_hash_find(Z_ARRVAL_PP(_data), #_name, sizeof(#_name), (void**)bn) == SUCCESS && \
246 + Z_TYPE_PP(bn) == IS_STRING) { \
247 + _name = BN_bin2bn( \
248 + (unsigned char*)Z_STRVAL_PP(bn), \
249 + (int)Z_STRLEN_PP(bn), NULL); \
255 +/* {{{ php_openssl_pkey_init_rsa */
256 +zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa, zval **data)
258 + BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
260 + OPENSSL_PKEY_SET_BN(data, n);
261 + OPENSSL_PKEY_SET_BN(data, e);
262 + OPENSSL_PKEY_SET_BN(data, d);
263 + if (!n || !d || !RSA_set0_key(rsa, n, e, d)) {
267 + OPENSSL_PKEY_SET_BN(data, p);
268 + OPENSSL_PKEY_SET_BN(data, q);
269 + if ((p || q) && !RSA_set0_factors(rsa, p, q)) {
273 + OPENSSL_PKEY_SET_BN(data, dmp1);
274 + OPENSSL_PKEY_SET_BN(data, dmq1);
275 + OPENSSL_PKEY_SET_BN(data, iqmp);
276 + if ((dmp1 || dmq1 || iqmp) && !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) {
280 + if (!EVP_PKEY_assign_RSA(pkey, rsa)) {
287 +/* {{{ php_openssl_pkey_init_dsa */
288 +zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval **data)
290 + BIGNUM *p, *q, *g, *priv_key, *pub_key;
291 + const BIGNUM *priv_key_const, *pub_key_const;
293 + OPENSSL_PKEY_SET_BN(data, p);
294 + OPENSSL_PKEY_SET_BN(data, q);
295 + OPENSSL_PKEY_SET_BN(data, g);
296 + if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) {
299 + OPENSSL_PKEY_SET_BN(data, pub_key);
300 + OPENSSL_PKEY_SET_BN(data, priv_key);
302 + return DSA_set0_key(dsa, pub_key, priv_key);
306 + PHP_OPENSSL_RAND_ADD_TIME();
307 + if (!DSA_generate_key(dsa)) {
310 + /* if BN_mod_exp return -1, then DSA_generate_key succeed for failed key
311 + * so we need to double check that public key is created */
312 + DSA_get0_key(dsa, &pub_key_const, &priv_key_const);
313 + if (!pub_key_const || BN_is_zero(pub_key_const)) {
321 +/* {{{ php_openssl_dh_pub_from_priv */
322 +static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM *p)
324 + BIGNUM *pub_key, *priv_key_const_time;
327 + pub_key = BN_new();
328 + if (pub_key == NULL) {
332 + priv_key_const_time = BN_new();
333 + if (priv_key_const_time == NULL) {
337 + ctx = BN_CTX_new();
340 + BN_free(priv_key_const_time);
344 + BN_with_flags(priv_key_const_time, priv_key, BN_FLG_CONSTTIME);
346 + if (!BN_mod_exp_mont(pub_key, g, priv_key_const_time, p, ctx, NULL)) {
351 + BN_free(priv_key_const_time);
358 +/* {{{ php_openssl_pkey_init_dh */
359 +zend_bool php_openssl_pkey_init_dh(DH *dh, zval **data)
361 + BIGNUM *p, *q, *g, *priv_key, *pub_key;
363 + OPENSSL_PKEY_SET_BN(data, p);
364 + OPENSSL_PKEY_SET_BN(data, q);
365 + OPENSSL_PKEY_SET_BN(data, g);
366 + if (!p || !g || !DH_set0_pqg(dh, p, q, g)) {
369 + OPENSSL_PKEY_SET_BN(data, priv_key);
370 + OPENSSL_PKEY_SET_BN(data, pub_key);
372 + return DH_set0_key(dh, pub_key, priv_key);
375 + pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p);
376 + if (pub_key == NULL) {
379 + return DH_set0_key(dh, pub_key, priv_key);
383 + PHP_OPENSSL_RAND_ADD_TIME();
384 + if (!DH_generate_key(dh)) {
392 /* {{{ proto resource openssl_pkey_new([array configargs])
393 Generates a new private key */
394 @@ -3091,18 +3281,8 @@
396 RSA *rsa = RSA_new();
398 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, n);
399 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, e);
400 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, d);
401 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, p);
402 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, q);
403 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1);
404 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1);
405 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp);
406 - if (rsa->n && rsa->d) {
407 - if (EVP_PKEY_assign_RSA(pkey, rsa)) {
408 - RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
410 + if (php_openssl_pkey_init_and_assign_rsa(pkey, rsa, data)) {
411 + RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
415 @@ -3115,15 +3295,7 @@
417 DSA *dsa = DSA_new();
419 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, p);
420 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, q);
421 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g);
422 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key);
423 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key);
424 - if (dsa->p && dsa->q && dsa->g) {
425 - if (!dsa->priv_key && !dsa->pub_key) {
426 - DSA_generate_key(dsa);
428 + if (php_openssl_pkey_init_dsa(dsa, data)) {
429 if (EVP_PKEY_assign_DSA(pkey, dsa)) {
430 RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
432 @@ -3139,14 +3311,7 @@
436 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, p);
437 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g);
438 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key);
439 - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key);
440 - if (dh->p && dh->g) {
441 - if (!dh->pub_key) {
442 - DH_generate_key(dh);
444 + if (php_openssl_pkey_init_dh(dh, data)) {
445 if (EVP_PKEY_assign_DH(pkey, dh)) {
446 RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
448 @@ -3382,25 +3547,32 @@
449 /*TODO: Use the real values once the openssl constants are used
450 * See the enum at the top of this file
452 - switch (EVP_PKEY_type(pkey->type)) {
453 + switch (EVP_PKEY_base_id(pkey)) {
456 - ktype = OPENSSL_KEYTYPE_RSA;
458 - if (pkey->pkey.rsa != NULL) {
461 - ALLOC_INIT_ZVAL(rsa);
463 - OPENSSL_PKEY_GET_BN(rsa, n);
464 - OPENSSL_PKEY_GET_BN(rsa, e);
465 - OPENSSL_PKEY_GET_BN(rsa, d);
466 - OPENSSL_PKEY_GET_BN(rsa, p);
467 - OPENSSL_PKEY_GET_BN(rsa, q);
468 - OPENSSL_PKEY_GET_BN(rsa, dmp1);
469 - OPENSSL_PKEY_GET_BN(rsa, dmq1);
470 - OPENSSL_PKEY_GET_BN(rsa, iqmp);
471 - add_assoc_zval(return_value, "rsa", rsa);
473 + RSA *rsa = EVP_PKEY_get0_RSA(pkey);
474 + ktype = OPENSSL_KEYTYPE_RSA;
478 + const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
480 + RSA_get0_key(rsa, &n, &e, &d);
481 + RSA_get0_factors(rsa, &p, &q);
482 + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
484 + array_init(&z_rsa);
485 + OPENSSL_PKEY_GET_BN(z_rsa, n);
486 + OPENSSL_PKEY_GET_BN(z_rsa, e);
487 + OPENSSL_PKEY_GET_BN(z_rsa, d);
488 + OPENSSL_PKEY_GET_BN(z_rsa, p);
489 + OPENSSL_PKEY_GET_BN(z_rsa, q);
490 + OPENSSL_PKEY_GET_BN(z_rsa, dmp1);
491 + OPENSSL_PKEY_GET_BN(z_rsa, dmq1);
492 + OPENSSL_PKEY_GET_BN(z_rsa, iqmp);
493 + add_assoc_zval(return_value, "rsa", &z_rsa);
498 @@ -3408,37 +3580,47 @@
502 - ktype = OPENSSL_KEYTYPE_DSA;
504 - if (pkey->pkey.dsa != NULL) {
507 - ALLOC_INIT_ZVAL(dsa);
509 - OPENSSL_PKEY_GET_BN(dsa, p);
510 - OPENSSL_PKEY_GET_BN(dsa, q);
511 - OPENSSL_PKEY_GET_BN(dsa, g);
512 - OPENSSL_PKEY_GET_BN(dsa, priv_key);
513 - OPENSSL_PKEY_GET_BN(dsa, pub_key);
514 - add_assoc_zval(return_value, "dsa", dsa);
516 + DSA *dsa = EVP_PKEY_get0_DSA(pkey);
517 + ktype = OPENSSL_KEYTYPE_DSA;
521 + const BIGNUM *p, *q, *g, *priv_key, *pub_key;
523 + DSA_get0_pqg(dsa, &p, &q, &g);
524 + DSA_get0_key(dsa, &pub_key, &priv_key);
526 + array_init(&z_dsa);
527 + OPENSSL_PKEY_GET_BN(z_dsa, p);
528 + OPENSSL_PKEY_GET_BN(z_dsa, q);
529 + OPENSSL_PKEY_GET_BN(z_dsa, g);
530 + OPENSSL_PKEY_GET_BN(z_dsa, priv_key);
531 + OPENSSL_PKEY_GET_BN(z_dsa, pub_key);
532 + add_assoc_zval(return_value, "dsa", &z_dsa);
538 - ktype = OPENSSL_KEYTYPE_DH;
540 - if (pkey->pkey.dh != NULL) {
543 - ALLOC_INIT_ZVAL(dh);
545 - OPENSSL_PKEY_GET_BN(dh, p);
546 - OPENSSL_PKEY_GET_BN(dh, g);
547 - OPENSSL_PKEY_GET_BN(dh, priv_key);
548 - OPENSSL_PKEY_GET_BN(dh, pub_key);
549 - add_assoc_zval(return_value, "dh", dh);
551 + DH *dh = EVP_PKEY_get0_DH(pkey);
552 + ktype = OPENSSL_KEYTYPE_DH;
556 + const BIGNUM *p, *q, *g, *priv_key, *pub_key;
558 + DH_get0_pqg(dh, &p, &q, &g);
559 + DH_get0_key(dh, &pub_key, &priv_key);
562 + OPENSSL_PKEY_GET_BN(z_dh, p);
563 + OPENSSL_PKEY_GET_BN(z_dh, g);
564 + OPENSSL_PKEY_GET_BN(z_dh, priv_key);
565 + OPENSSL_PKEY_GET_BN(z_dh, pub_key);
566 + add_assoc_zval(return_value, "dh", &z_dh);
571 #ifdef HAVE_EVP_PKEY_EC
573 @@ -3915,13 +4097,13 @@
574 cryptedlen = EVP_PKEY_size(pkey);
575 cryptedbuf = emalloc(cryptedlen + 1);
577 - switch (pkey->type) {
578 + switch (EVP_PKEY_id(pkey)) {
581 successful = (RSA_private_encrypt(data_len,
582 (unsigned char *)data,
585 + EVP_PKEY_get0_RSA(pkey),
586 padding) == cryptedlen);
589 @@ -3973,13 +4155,13 @@
590 cryptedlen = EVP_PKEY_size(pkey);
591 crypttemp = emalloc(cryptedlen + 1);
593 - switch (pkey->type) {
594 + switch (EVP_PKEY_id(pkey)) {
597 cryptedlen = RSA_private_decrypt(data_len,
598 (unsigned char *)data,
601 + EVP_PKEY_get0_RSA(pkey),
603 if (cryptedlen != -1) {
604 cryptedbuf = emalloc(cryptedlen + 1);
605 @@ -4038,13 +4220,13 @@
606 cryptedlen = EVP_PKEY_size(pkey);
607 cryptedbuf = emalloc(cryptedlen + 1);
609 - switch (pkey->type) {
610 + switch (EVP_PKEY_id(pkey)) {
613 successful = (RSA_public_encrypt(data_len,
614 (unsigned char *)data,
617 + EVP_PKEY_get0_RSA(pkey),
618 padding) == cryptedlen);
621 @@ -4097,13 +4279,13 @@
622 cryptedlen = EVP_PKEY_size(pkey);
623 crypttemp = emalloc(cryptedlen + 1);
625 - switch (pkey->type) {
626 + switch (EVP_PKEY_id(pkey)) {
629 cryptedlen = RSA_public_decrypt(data_len,
630 (unsigned char *)data,
633 + EVP_PKEY_get0_RSA(pkey),
635 if (cryptedlen != -1) {
636 cryptedbuf = emalloc(cryptedlen + 1);
637 @@ -4167,7 +4349,7 @@
638 long keyresource = -1;
642 + EVP_MD_CTX *md_ctx;
644 long signature_algo = OPENSSL_ALGO_SHA1;
645 const EVP_MD *mdtype;
646 @@ -4200,9 +4382,11 @@
647 siglen = EVP_PKEY_size(pkey);
648 sigbuf = emalloc(siglen + 1);
650 - EVP_SignInit(&md_ctx, mdtype);
651 - EVP_SignUpdate(&md_ctx, data, data_len);
652 - if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) {
653 + md_ctx = EVP_MD_CTX_create();
654 + if (md_ctx != NULL &&
655 + EVP_SignInit(md_ctx, mdtype) &&
656 + EVP_SignUpdate(md_ctx, data, data_len) &&
657 + EVP_SignFinal(md_ctx, (unsigned char*)sigbuf, &siglen, pkey)) {
658 zval_dtor(signature);
659 sigbuf[siglen] = '\0';
660 ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0);
661 @@ -4211,7 +4395,7 @@
665 - EVP_MD_CTX_cleanup(&md_ctx);
666 + EVP_MD_CTX_destroy(md_ctx);
667 if (keyresource == -1) {
670 @@ -4224,8 +4408,8 @@
677 + EVP_MD_CTX *md_ctx;
678 const EVP_MD *mdtype;
679 long keyresource = -1;
680 char * data; int data_len;
681 @@ -4259,10 +4443,13 @@
685 - EVP_VerifyInit (&md_ctx, mdtype);
686 - EVP_VerifyUpdate (&md_ctx, data, data_len);
687 - err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey);
688 - EVP_MD_CTX_cleanup(&md_ctx);
689 + md_ctx = EVP_MD_CTX_create();
690 + if (md_ctx != NULL) {
691 + EVP_VerifyInit(md_ctx, mdtype);
692 + EVP_VerifyUpdate (md_ctx, data, data_len);
693 + err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey);
695 + EVP_MD_CTX_destroy(md_ctx);
697 if (keyresource == -1) {
699 @@ -4286,7 +4473,7 @@
702 const EVP_CIPHER *cipher;
703 - EVP_CIPHER_CTX ctx;
704 + EVP_CIPHER_CTX *ctx;
706 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/|s", &data, &data_len, &sealdata, &ekeys, &pubkeys, &method, &method_len) == FAILURE) {
708 @@ -4333,9 +4520,10 @@
712 - if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) {
713 + ctx = EVP_CIPHER_CTX_new();
714 + if (ctx == NULL || !EVP_EncryptInit(ctx,cipher,NULL,NULL)) {
715 + EVP_CIPHER_CTX_free(ctx);
717 - EVP_CIPHER_CTX_cleanup(&ctx);
721 @@ -4345,17 +4533,17 @@
722 iv = ivlen ? emalloc(ivlen + 1) : NULL;
724 /* allocate one byte extra to make room for \0 */
725 - buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
726 - EVP_CIPHER_CTX_cleanup(&ctx);
727 + buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
728 + EVP_CIPHER_CTX_cleanup(ctx);
730 - if (!EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
731 + if (!EVP_SealInit(ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) {
734 - EVP_CIPHER_CTX_cleanup(&ctx);
735 + EVP_CIPHER_CTX_free(ctx);
739 - EVP_SealFinal(&ctx, buf + len1, &len2);
740 + EVP_SealFinal(ctx, buf + len1, &len2);
742 if (len1 + len2 > 0) {
744 @@ -4384,7 +4572,7 @@
747 RETVAL_LONG(len1 + len2);
748 - EVP_CIPHER_CTX_cleanup(&ctx);
749 + EVP_CIPHER_CTX_free(ctx);
752 for (i=0; i<nkeys; i++) {
753 @@ -4411,7 +4599,7 @@
756 long keyresource = -1;
757 - EVP_CIPHER_CTX ctx;
758 + EVP_CIPHER_CTX *ctx;
759 char * data; int data_len;
760 char * ekey; int ekey_len;
762 @@ -4440,24 +4628,23 @@
764 buf = emalloc(data_len + 1);
766 - if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
767 - if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) {
771 - zval_dtor(opendata);
772 - buf[len1 + len2] = '\0';
773 - ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
776 + ctx = EVP_CIPHER_CTX_new();
777 + if (ctx != NULL && EVP_OpenInit(ctx, cipher, (unsigned char *)ekey, (int)ekey_len, NULL, pkey) &&
778 + EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) &&
779 + EVP_OpenFinal(ctx, buf + len1, &len2) && (len1 + len2 > 0)) {
780 + zval_dtor(opendata);
781 + buf[len1 + len2] = '\0';
782 + ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
790 if (keyresource == -1) {
793 - EVP_CIPHER_CTX_cleanup(&ctx);
794 + EVP_CIPHER_CTX_free(ctx);
798 @@ -4765,7 +4952,7 @@
800 int data_len, method_len;
801 const EVP_MD *mdtype;
803 + EVP_MD_CTX *md_ctx;
805 unsigned char *sigbuf;
807 @@ -4781,9 +4968,10 @@
808 siglen = EVP_MD_size(mdtype);
809 sigbuf = emalloc(siglen + 1);
811 - EVP_DigestInit(&md_ctx, mdtype);
812 - EVP_DigestUpdate(&md_ctx, (unsigned char *)data, data_len);
813 - if (EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) {
814 + md_ctx = EVP_MD_CTX_create();
815 + if (EVP_DigestInit(md_ctx, mdtype) &&
816 + EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len) &&
817 + EVP_DigestFinal (md_ctx, (unsigned char *)sigbuf, &siglen)) {
819 sigbuf[siglen] = '\0';
820 RETVAL_STRINGL((char *)sigbuf, siglen, 0);
821 @@ -4799,6 +4987,8 @@
826 + EVP_MD_CTX_destroy(md_ctx);
830 @@ -4844,7 +5034,7 @@
831 char *data, *method, *password, *iv = "";
832 int data_len, method_len, password_len, iv_len = 0, max_iv_len;
833 const EVP_CIPHER *cipher_type;
834 - EVP_CIPHER_CTX cipher_ctx;
835 + EVP_CIPHER_CTX *cipher_ctx;
836 int i=0, outlen, keylen;
837 unsigned char *outbuf, *key;
839 @@ -4858,6 +5048,12 @@
843 + cipher_ctx = EVP_CIPHER_CTX_new();
845 + php_error_docref(NULL, E_WARNING, "Failed to create cipher context");
849 keylen = EVP_CIPHER_key_length(cipher_type);
850 if (keylen > password_len) {
851 key = emalloc(keylen);
852 @@ -4876,19 +5072,19 @@
853 outlen = data_len + EVP_CIPHER_block_size(cipher_type);
854 outbuf = emalloc(outlen + 1);
856 - EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL);
857 + EVP_EncryptInit(cipher_ctx, cipher_type, NULL, NULL);
858 if (password_len > keylen) {
859 - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
860 + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len);
862 - EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
863 + EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
864 if (options & OPENSSL_ZERO_PADDING) {
865 - EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
866 + EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
869 - EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
870 + EVP_EncryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
873 - if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
874 + if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) {
876 if (options & OPENSSL_RAW_DATA) {
877 outbuf[outlen] = '\0';
878 @@ -4911,7 +5107,7 @@
882 - EVP_CIPHER_CTX_cleanup(&cipher_ctx);
883 + EVP_CIPHER_CTX_free(cipher_ctx);
887 @@ -4923,7 +5119,7 @@
888 char *data, *method, *password, *iv = "";
889 int data_len, method_len, password_len, iv_len = 0;
890 const EVP_CIPHER *cipher_type;
891 - EVP_CIPHER_CTX cipher_ctx;
892 + EVP_CIPHER_CTX *cipher_ctx;
893 int i, outlen, keylen;
894 unsigned char *outbuf, *key;
896 @@ -4945,10 +5141,17 @@
900 + cipher_ctx = EVP_CIPHER_CTX_new();
902 + php_error_docref(NULL, E_WARNING, "Failed to create cipher context");
906 if (!(options & OPENSSL_RAW_DATA)) {
907 base64_str = (char*)php_base64_decode((unsigned char*)data, data_len, &base64_str_len);
909 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to base64 decode the input");
910 + EVP_CIPHER_CTX_free(cipher_ctx);
913 data_len = base64_str_len;
914 @@ -4969,17 +5172,17 @@
915 outlen = data_len + EVP_CIPHER_block_size(cipher_type);
916 outbuf = emalloc(outlen + 1);
918 - EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL);
919 + EVP_DecryptInit(cipher_ctx, cipher_type, NULL, NULL);
920 if (password_len > keylen) {
921 - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
922 + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len);
924 - EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
925 + EVP_DecryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
926 if (options & OPENSSL_ZERO_PADDING) {
927 - EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
928 + EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
930 - EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
931 + EVP_DecryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
933 - if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
934 + if (EVP_DecryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) {
936 outbuf[outlen] = '\0';
937 RETVAL_STRINGL((char *)outbuf, outlen, 0);
938 @@ -4996,7 +5199,7 @@
942 - EVP_CIPHER_CTX_cleanup(&cipher_ctx);
943 + EVP_CIPHER_CTX_free(cipher_ctx);
947 @@ -5034,6 +5237,7 @@
955 @@ -5043,14 +5247,18 @@
958 ZEND_FETCH_RESOURCE(pkey, EVP_PKEY *, &key, -1, "OpenSSL key", le_key);
959 - if (!pkey || EVP_PKEY_type(pkey->type) != EVP_PKEY_DH || !pkey->pkey.dh) {
960 + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) {
963 + dh = EVP_PKEY_get0_DH(pkey);
968 pub = BN_bin2bn((unsigned char*)pub_str, pub_len, NULL);
970 - data = emalloc(DH_size(pkey->pkey.dh) + 1);
971 - len = DH_compute_key((unsigned char*)data, pub, pkey->pkey.dh);
972 + data = emalloc(DH_size(dh) + 1);
973 + len = DH_compute_key((unsigned char*)data, pub, dh);
977 --- php-5.4.45/ext/openssl/xp_ssl.c~ 2015-09-01 22:09:37.000000000 +0200
978 +++ php-5.4.45/ext/openssl/xp_ssl.c 2018-09-28 14:06:51.890385590 +0200
979 @@ -339,8 +339,13 @@ static inline int php_openssl_setup_cryp
982 case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
983 +#ifdef OPENSSL_NO_SSL3
984 + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
987 sslsock->is_client = 1;
988 method = SSLv3_client_method();
991 case STREAM_CRYPTO_METHOD_TLS_CLIENT:
992 sslsock->is_client = 1;
993 @@ -351,8 +356,13 @@ static inline int php_openssl_setup_cryp
994 method = SSLv23_server_method();
996 case STREAM_CRYPTO_METHOD_SSLv3_SERVER:
997 +#ifdef OPENSSL_NO_SSL3
998 + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
1001 sslsock->is_client = 0;
1002 method = SSLv3_server_method();
1005 case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
1006 #ifdef OPENSSL_NO_SSL2
1007 --- php-5.3.29/ext/openssl/openssl.c~ 2021-10-23 19:18:21.000000000 +0200
1008 +++ php-5.3.29/ext/openssl/openssl.c 2021-10-23 19:19:01.483125024 +0200
1009 @@ -1044,7 +1044,9 @@ PHP_MINIT_FUNCTION(openssl)
1010 REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);
1012 REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
1013 +#ifdef RSA_SSLV23_PADDING
1014 REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT);
1016 REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
1017 REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);