]>
Commit | Line | Data |
---|---|---|
e52c962c AM |
1 | --- php-5.6.38/ext/openssl/openssl.c 2018-09-12 00:12:36.000000000 +0200 |
2 | +++ php-5.6.38/ext/openssl/openssl.c 2018-09-14 14:30:33.582224863 +0200 | |
3 | @@ -531,6 +531,14 @@ zend_module_entry openssl_module_entry = | |
4 | ZEND_GET_MODULE(openssl) | |
5 | #endif | |
6 | ||
7 | +/* {{{ OpenSSL compatibility functions and macros */ | |
8 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) | |
9 | +#define EVP_PKEY_get0_RSA(_pkey) _pkey->pkey.rsa | |
10 | +#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh | |
11 | +#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa | |
12 | +#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec | |
13 | +#endif | |
14 | + | |
15 | static int le_key; | |
16 | static int le_x509; | |
17 | static int le_csr; | |
18 | @@ -1053,9 +1061,11 @@ static EVP_MD * php_openssl_get_evp_md_f | |
19 | mdtype = (EVP_MD *) EVP_md2(); | |
20 | break; | |
21 | #endif | |
22 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) | |
23 | case OPENSSL_ALGO_DSS1: | |
24 | mdtype = (EVP_MD *) EVP_dss1(); | |
25 | break; | |
26 | +#endif | |
27 | #if OPENSSL_VERSION_NUMBER >= 0x0090708fL | |
28 | case OPENSSL_ALGO_SHA224: | |
29 | mdtype = (EVP_MD *) EVP_sha224(); | |
30 | @@ -1893,6 +1903,7 @@ static int openssl_x509v3_subjectAltName | |
31 | { | |
32 | GENERAL_NAMES *names; | |
33 | const X509V3_EXT_METHOD *method = NULL; | |
34 | + ASN1_OCTET_STRING *extension_data; | |
35 | long i, length, num; | |
36 | const unsigned char *p; | |
37 | ||
38 | @@ -1901,8 +1912,9 @@ static int openssl_x509v3_subjectAltName | |
39 | return -1; | |
40 | } | |
41 | ||
42 | - p = extension->value->data; | |
43 | - length = extension->value->length; | |
44 | + extension_data = X509_EXTENSION_get_data(extension); | |
45 | + p = extension_data->data; | |
46 | + length = extension_data->length; | |
47 | if (method->it) { | |
48 | names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, | |
49 | ASN1_ITEM_ptr(method->it))); | |
50 | @@ -1965,6 +1977,8 @@ PHP_FUNCTION(openssl_x509_parse) | |
51 | char * tmpstr; | |
52 | zval * subitem; | |
53 | X509_EXTENSION *extension; | |
54 | + X509_NAME *subject_name; | |
55 | + char *cert_name; | |
56 | char *extname; | |
57 | BIO *bio_out; | |
58 | BUF_MEM *bio_buf; | |
59 | @@ -1979,12 +1993,12 @@ PHP_FUNCTION(openssl_x509_parse) | |
60 | } | |
61 | array_init(return_value); | |
62 | ||
63 | - if (cert->name) { | |
64 | - add_assoc_string(return_value, "name", cert->name, 1); | |
65 | - } | |
66 | -/* add_assoc_bool(return_value, "valid", cert->valid); */ | |
67 | + subject_name = X509_get_subject_name(cert); | |
68 | + cert_name = X509_NAME_oneline(subject_name, NULL, 0); | |
69 | + add_assoc_string(return_value, "name", cert_name, 1); | |
70 | + OPENSSL_free(cert_name); | |
71 | ||
72 | - add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC); | |
73 | + add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC); | |
74 | /* hash as used in CA directories to lookup cert by subject name */ | |
75 | { | |
76 | char buf[32]; | |
77 | @@ -2008,7 +2022,7 @@ PHP_FUNCTION(openssl_x509_parse) | |
78 | add_assoc_string(return_value, "alias", tmpstr, 1); | |
79 | } | |
80 | ||
81 | - sig_nid = OBJ_obj2nid((cert)->sig_alg->algorithm); | |
82 | + sig_nid = X509_get_signature_nid(cert); | |
83 | add_assoc_string(return_value, "signatureTypeSN", (char*)OBJ_nid2sn(sig_nid), 1); | |
84 | add_assoc_string(return_value, "signatureTypeLN", (char*)OBJ_nid2ln(sig_nid), 1); | |
85 | add_assoc_long(return_value, "signatureTypeNID", sig_nid); | |
86 | @@ -3482,13 +3496,20 @@ static int php_openssl_is_private_key(EV | |
87 | { | |
88 | assert(pkey != NULL); | |
89 | ||
90 | - switch (pkey->type) { | |
91 | + switch (EVP_PKEY_id(pkey)) { | |
92 | #ifndef NO_RSA | |
93 | case EVP_PKEY_RSA: | |
94 | case EVP_PKEY_RSA2: | |
95 | - assert(pkey->pkey.rsa != NULL); | |
96 | - if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)) { | |
97 | - return 0; | |
98 | + { | |
99 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
100 | + if (rsa != NULL) { | |
101 | + const BIGNUM *p, *q; | |
102 | + | |
103 | + RSA_get0_factors(rsa, &p, &q); | |
104 | + if (p == NULL || q == NULL) { | |
105 | + return 0; | |
106 | + } | |
107 | + } | |
108 | } | |
109 | break; | |
110 | #endif | |
111 | @@ -3498,28 +3519,51 @@ static int php_openssl_is_private_key(EV | |
112 | case EVP_PKEY_DSA2: | |
113 | case EVP_PKEY_DSA3: | |
114 | case EVP_PKEY_DSA4: | |
115 | - assert(pkey->pkey.dsa != NULL); | |
116 | + { | |
117 | + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
118 | + if (dsa != NULL) { | |
119 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
120 | + | |
121 | + DSA_get0_pqg(dsa, &p, &q, &g); | |
122 | + if (p == NULL || q == NULL) { | |
123 | + return 0; | |
124 | + } | |
125 | ||
126 | - if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){ | |
127 | - return 0; | |
128 | + DSA_get0_key(dsa, &pub_key, &priv_key); | |
129 | + if (priv_key == NULL) { | |
130 | + return 0; | |
131 | + } | |
132 | + } | |
133 | } | |
134 | break; | |
135 | #endif | |
136 | #ifndef NO_DH | |
137 | case EVP_PKEY_DH: | |
138 | - assert(pkey->pkey.dh != NULL); | |
139 | + { | |
140 | + DH *dh = EVP_PKEY_get0_DH(pkey); | |
141 | + if (dh != NULL) { | |
142 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
143 | + | |
144 | + DH_get0_pqg(dh, &p, &q, &g); | |
145 | + if (p == NULL) { | |
146 | + return 0; | |
147 | + } | |
148 | ||
149 | - if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) { | |
150 | - return 0; | |
151 | + DH_get0_key(dh, &pub_key, &priv_key); | |
152 | + if (priv_key == NULL) { | |
153 | + return 0; | |
154 | + } | |
155 | + } | |
156 | } | |
157 | break; | |
158 | #endif | |
159 | #ifdef HAVE_EVP_PKEY_EC | |
160 | case EVP_PKEY_EC: | |
161 | - assert(pkey->pkey.ec != NULL); | |
162 | - | |
163 | - if ( NULL == EC_KEY_get0_private_key(pkey->pkey.ec)) { | |
164 | - return 0; | |
165 | + { | |
166 | + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); | |
167 | + if (ec != NULL && NULL == EC_KEY_get0_private_key(ec)) { | |
168 | + return 0; | |
169 | + } | |
170 | } | |
171 | break; | |
172 | #endif | |
173 | @@ -3531,42 +3575,89 @@ static int php_openssl_is_private_key(EV | |
174 | } | |
175 | /* }}} */ | |
176 | ||
177 | -#define OPENSSL_PKEY_GET_BN(_type, _name) do { \ | |
178 | - if (pkey->pkey._type->_name != NULL) { \ | |
179 | - int len = BN_num_bytes(pkey->pkey._type->_name); \ | |
180 | - char *str = emalloc(len + 1); \ | |
181 | - BN_bn2bin(pkey->pkey._type->_name, (unsigned char*)str); \ | |
182 | - str[len] = 0; \ | |
183 | - add_assoc_stringl(_type, #_name, str, len, 0); \ | |
184 | - } \ | |
185 | - } while (0) | |
186 | - | |
187 | -#define OPENSSL_PKEY_SET_BN(_ht, _type, _name) do { \ | |
188 | - zval **bn; \ | |
189 | - if (zend_hash_find(_ht, #_name, sizeof(#_name), (void**)&bn) == SUCCESS && \ | |
190 | - Z_TYPE_PP(bn) == IS_STRING) { \ | |
191 | - _type->_name = BN_bin2bn( \ | |
192 | - (unsigned char*)Z_STRVAL_PP(bn), \ | |
193 | - Z_STRLEN_PP(bn), NULL); \ | |
194 | - } \ | |
195 | - } while (0); | |
196 | +#define OPENSSL_GET_BN(_array, _bn, _name) do { \ | |
197 | + if (_bn != NULL) { \ | |
198 | + int len = BN_num_bytes(_bn); \ | |
199 | + char *str = emalloc(len + 1); \ | |
200 | + BN_bn2bin(_bn, (unsigned char*)str); \ | |
201 | + str[len] = 0; \ | |
202 | + add_assoc_stringl(&_array, #_name, str, len, 0); \ | |
203 | + } \ | |
204 | +} while (0); | |
205 | + | |
206 | +#define OPENSSL_PKEY_GET_BN(_type, _name) OPENSSL_GET_BN(_type, _name, _name) | |
207 | + | |
208 | +#define OPENSSL_PKEY_SET_BN(_data, _name) do { \ | |
209 | + zval **bn; \ | |
210 | + if (zend_hash_find(Z_ARRVAL_PP(_data), #_name, sizeof(#_name), (void**)bn) == SUCCESS && \ | |
211 | + Z_TYPE_PP(bn) == IS_STRING) { \ | |
212 | + _name = BN_bin2bn( \ | |
213 | + (unsigned char*)Z_STRVAL_PP(bn), \ | |
214 | + (int)Z_STRLEN_PP(bn), NULL); \ | |
215 | + } else { \ | |
216 | + _name = NULL; \ | |
217 | + } \ | |
218 | +} while (0); | |
219 | + | |
220 | +/* {{{ php_openssl_pkey_init_rsa */ | |
221 | +zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa, zval **data) | |
222 | +{ | |
223 | + BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; | |
224 | + | |
225 | + OPENSSL_PKEY_SET_BN(data, n); | |
226 | + OPENSSL_PKEY_SET_BN(data, e); | |
227 | + OPENSSL_PKEY_SET_BN(data, d); | |
228 | + if (!n || !d || !RSA_set0_key(rsa, n, e, d)) { | |
229 | + return 0; | |
230 | + } | |
231 | + | |
232 | + OPENSSL_PKEY_SET_BN(data, p); | |
233 | + OPENSSL_PKEY_SET_BN(data, q); | |
234 | + if ((p || q) && !RSA_set0_factors(rsa, p, q)) { | |
235 | + return 0; | |
236 | + } | |
237 | + | |
238 | + OPENSSL_PKEY_SET_BN(data, dmp1); | |
239 | + OPENSSL_PKEY_SET_BN(data, dmq1); | |
240 | + OPENSSL_PKEY_SET_BN(data, iqmp); | |
241 | + if ((dmp1 || dmq1 || iqmp) && !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) { | |
242 | + return 0; | |
243 | + } | |
244 | + | |
245 | + if (!EVP_PKEY_assign_RSA(pkey, rsa)) { | |
246 | + return 0; | |
247 | + } | |
248 | + | |
249 | + return 1; | |
250 | +} | |
251 | ||
252 | /* {{{ php_openssl_pkey_init_dsa */ | |
253 | -zend_bool php_openssl_pkey_init_dsa(DSA *dsa) | |
254 | +zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval **data) | |
255 | { | |
256 | - if (!dsa->p || !dsa->q || !dsa->g) { | |
257 | + BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
258 | + const BIGNUM *priv_key_const, *pub_key_const; | |
259 | + | |
260 | + OPENSSL_PKEY_SET_BN(data, p); | |
261 | + OPENSSL_PKEY_SET_BN(data, q); | |
262 | + OPENSSL_PKEY_SET_BN(data, g); | |
263 | + if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) { | |
264 | return 0; | |
265 | } | |
266 | - if (dsa->priv_key || dsa->pub_key) { | |
267 | - return 1; | |
268 | + OPENSSL_PKEY_SET_BN(data, pub_key); | |
269 | + OPENSSL_PKEY_SET_BN(data, priv_key); | |
270 | + if (pub_key) { | |
271 | + return DSA_set0_key(dsa, pub_key, priv_key); | |
272 | } | |
273 | + | |
274 | + /* generate key */ | |
275 | PHP_OPENSSL_RAND_ADD_TIME(); | |
276 | if (!DSA_generate_key(dsa)) { | |
277 | return 0; | |
278 | } | |
279 | /* if BN_mod_exp return -1, then DSA_generate_key succeed for failed key | |
280 | * so we need to double check that public key is created */ | |
281 | - if (!dsa->pub_key || BN_is_zero(dsa->pub_key)) { | |
282 | + DSA_get0_key(dsa, &pub_key_const, &priv_key_const); | |
283 | + if (!pub_key_const || BN_is_zero(pub_key_const)) { | |
284 | return 0; | |
285 | } | |
286 | /* all good */ | |
287 | @@ -3574,15 +3665,68 @@ zend_bool php_openssl_pkey_init_dsa(DSA | |
288 | } | |
289 | /* }}} */ | |
290 | ||
291 | +/* {{{ php_openssl_dh_pub_from_priv */ | |
292 | +static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM *p) | |
293 | +{ | |
294 | + BIGNUM *pub_key, *priv_key_const_time; | |
295 | + BN_CTX *ctx; | |
296 | + | |
297 | + pub_key = BN_new(); | |
298 | + if (pub_key == NULL) { | |
299 | + return NULL; | |
300 | + } | |
301 | + | |
302 | + priv_key_const_time = BN_new(); | |
303 | + if (priv_key_const_time == NULL) { | |
304 | + BN_free(pub_key); | |
305 | + return NULL; | |
306 | + } | |
307 | + ctx = BN_CTX_new(); | |
308 | + if (ctx == NULL) { | |
309 | + BN_free(pub_key); | |
310 | + BN_free(priv_key_const_time); | |
311 | + return NULL; | |
312 | + } | |
313 | + | |
314 | + BN_with_flags(priv_key_const_time, priv_key, BN_FLG_CONSTTIME); | |
315 | + | |
316 | + if (!BN_mod_exp_mont(pub_key, g, priv_key_const_time, p, ctx, NULL)) { | |
317 | + BN_free(pub_key); | |
318 | + pub_key = NULL; | |
319 | + } | |
320 | + | |
321 | + BN_free(priv_key_const_time); | |
322 | + BN_CTX_free(ctx); | |
323 | + | |
324 | + return pub_key; | |
325 | +} | |
326 | +/* }}} */ | |
327 | + | |
328 | /* {{{ php_openssl_pkey_init_dh */ | |
329 | -zend_bool php_openssl_pkey_init_dh(DH *dh) | |
330 | +zend_bool php_openssl_pkey_init_dh(DH *dh, zval **data) | |
331 | { | |
332 | - if (!dh->p || !dh->g) { | |
333 | + BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
334 | + | |
335 | + OPENSSL_PKEY_SET_BN(data, p); | |
336 | + OPENSSL_PKEY_SET_BN(data, q); | |
337 | + OPENSSL_PKEY_SET_BN(data, g); | |
338 | + if (!p || !g || !DH_set0_pqg(dh, p, q, g)) { | |
339 | return 0; | |
340 | } | |
341 | - if (dh->pub_key) { | |
342 | - return 1; | |
343 | + OPENSSL_PKEY_SET_BN(data, priv_key); | |
344 | + OPENSSL_PKEY_SET_BN(data, pub_key); | |
345 | + if (pub_key) { | |
346 | + return DH_set0_key(dh, pub_key, priv_key); | |
347 | + } | |
348 | + if (priv_key) { | |
349 | + pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p); | |
350 | + if (pub_key == NULL) { | |
351 | + return 0; | |
352 | + } | |
353 | + return DH_set0_key(dh, pub_key, priv_key); | |
354 | } | |
355 | + | |
356 | + /* generate key */ | |
357 | PHP_OPENSSL_RAND_ADD_TIME(); | |
358 | if (!DH_generate_key(dh)) { | |
359 | return 0; | |
360 | @@ -3614,18 +3758,8 @@ PHP_FUNCTION(openssl_pkey_new) | |
361 | if (pkey) { | |
362 | RSA *rsa = RSA_new(); | |
363 | if (rsa) { | |
364 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, n); | |
365 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, e); | |
366 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, d); | |
367 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, p); | |
368 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, q); | |
369 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1); | |
370 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1); | |
371 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp); | |
372 | - if (rsa->n && rsa->d) { | |
373 | - if (EVP_PKEY_assign_RSA(pkey, rsa)) { | |
374 | - RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
375 | - } | |
376 | + if (php_openssl_pkey_init_and_assign_rsa(pkey, rsa, data)) { | |
377 | + RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
378 | } | |
379 | RSA_free(rsa); | |
380 | } | |
381 | @@ -3638,12 +3772,7 @@ PHP_FUNCTION(openssl_pkey_new) | |
382 | if (pkey) { | |
383 | DSA *dsa = DSA_new(); | |
384 | if (dsa) { | |
385 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, p); | |
386 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, q); | |
387 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g); | |
388 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key); | |
389 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key); | |
390 | - if (php_openssl_pkey_init_dsa(dsa)) { | |
391 | + if (php_openssl_pkey_init_dsa(dsa, data)) { | |
392 | if (EVP_PKEY_assign_DSA(pkey, dsa)) { | |
393 | RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
394 | } | |
395 | @@ -3659,11 +3788,7 @@ PHP_FUNCTION(openssl_pkey_new) | |
396 | if (pkey) { | |
397 | DH *dh = DH_new(); | |
398 | if (dh) { | |
399 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, p); | |
400 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g); | |
401 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key); | |
402 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key); | |
403 | - if (php_openssl_pkey_init_dh(dh)) { | |
404 | + if (php_openssl_pkey_init_dh(dh, data)) { | |
405 | if (EVP_PKEY_assign_DH(pkey, dh)) { | |
406 | RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
407 | } | |
408 | @@ -3738,7 +3863,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file | |
409 | cipher = NULL; | |
410 | } | |
411 | ||
412 | - switch (EVP_PKEY_type(key->type)) { | |
413 | + switch (EVP_PKEY_base_id(key)) { | |
414 | #ifdef HAVE_EVP_PKEY_EC | |
415 | case EVP_PKEY_EC: | |
416 | pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL); | |
417 | @@ -3807,7 +3932,7 @@ PHP_FUNCTION(openssl_pkey_export) | |
418 | cipher = NULL; | |
419 | } | |
420 | ||
421 | - switch (EVP_PKEY_type(key->type)) { | |
422 | + switch (EVP_PKEY_base_id(key)) { | |
423 | #ifdef HAVE_EVP_PKEY_EC | |
424 | case EVP_PKEY_EC: | |
425 | pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL); | |
426 | @@ -3928,25 +4053,32 @@ PHP_FUNCTION(openssl_pkey_get_details) | |
427 | /*TODO: Use the real values once the openssl constants are used | |
428 | * See the enum at the top of this file | |
429 | */ | |
430 | - switch (EVP_PKEY_type(pkey->type)) { | |
431 | + switch (EVP_PKEY_base_id(pkey)) { | |
432 | case EVP_PKEY_RSA: | |
433 | case EVP_PKEY_RSA2: | |
434 | - ktype = OPENSSL_KEYTYPE_RSA; | |
435 | - | |
436 | - if (pkey->pkey.rsa != NULL) { | |
437 | - zval *rsa; | |
438 | - | |
439 | - ALLOC_INIT_ZVAL(rsa); | |
440 | - array_init(rsa); | |
441 | - OPENSSL_PKEY_GET_BN(rsa, n); | |
442 | - OPENSSL_PKEY_GET_BN(rsa, e); | |
443 | - OPENSSL_PKEY_GET_BN(rsa, d); | |
444 | - OPENSSL_PKEY_GET_BN(rsa, p); | |
445 | - OPENSSL_PKEY_GET_BN(rsa, q); | |
446 | - OPENSSL_PKEY_GET_BN(rsa, dmp1); | |
447 | - OPENSSL_PKEY_GET_BN(rsa, dmq1); | |
448 | - OPENSSL_PKEY_GET_BN(rsa, iqmp); | |
449 | - add_assoc_zval(return_value, "rsa", rsa); | |
450 | + { | |
451 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
452 | + ktype = OPENSSL_KEYTYPE_RSA; | |
453 | + | |
454 | + if (rsa != NULL) { | |
455 | + zval z_rsa; | |
456 | + const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; | |
457 | + | |
458 | + RSA_get0_key(rsa, &n, &e, &d); | |
459 | + RSA_get0_factors(rsa, &p, &q); | |
460 | + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); | |
461 | + | |
462 | + array_init(&z_rsa); | |
463 | + OPENSSL_PKEY_GET_BN(z_rsa, n); | |
464 | + OPENSSL_PKEY_GET_BN(z_rsa, e); | |
465 | + OPENSSL_PKEY_GET_BN(z_rsa, d); | |
466 | + OPENSSL_PKEY_GET_BN(z_rsa, p); | |
467 | + OPENSSL_PKEY_GET_BN(z_rsa, q); | |
468 | + OPENSSL_PKEY_GET_BN(z_rsa, dmp1); | |
469 | + OPENSSL_PKEY_GET_BN(z_rsa, dmq1); | |
470 | + OPENSSL_PKEY_GET_BN(z_rsa, iqmp); | |
471 | + add_assoc_zval(return_value, "rsa", &z_rsa); | |
472 | + } | |
473 | } | |
474 | ||
475 | break; | |
476 | @@ -3954,42 +4086,53 @@ PHP_FUNCTION(openssl_pkey_get_details) | |
477 | case EVP_PKEY_DSA2: | |
478 | case EVP_PKEY_DSA3: | |
479 | case EVP_PKEY_DSA4: | |
480 | - ktype = OPENSSL_KEYTYPE_DSA; | |
481 | - | |
482 | - if (pkey->pkey.dsa != NULL) { | |
483 | - zval *dsa; | |
484 | - | |
485 | - ALLOC_INIT_ZVAL(dsa); | |
486 | - array_init(dsa); | |
487 | - OPENSSL_PKEY_GET_BN(dsa, p); | |
488 | - OPENSSL_PKEY_GET_BN(dsa, q); | |
489 | - OPENSSL_PKEY_GET_BN(dsa, g); | |
490 | - OPENSSL_PKEY_GET_BN(dsa, priv_key); | |
491 | - OPENSSL_PKEY_GET_BN(dsa, pub_key); | |
492 | - add_assoc_zval(return_value, "dsa", dsa); | |
493 | + { | |
494 | + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
495 | + ktype = OPENSSL_KEYTYPE_DSA; | |
496 | + | |
497 | + if (dsa != NULL) { | |
498 | + zval z_dsa; | |
499 | + const BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
500 | + | |
501 | + DSA_get0_pqg(dsa, &p, &q, &g); | |
502 | + DSA_get0_key(dsa, &pub_key, &priv_key); | |
503 | + | |
504 | + array_init(&z_dsa); | |
505 | + OPENSSL_PKEY_GET_BN(z_dsa, p); | |
506 | + OPENSSL_PKEY_GET_BN(z_dsa, q); | |
507 | + OPENSSL_PKEY_GET_BN(z_dsa, g); | |
508 | + OPENSSL_PKEY_GET_BN(z_dsa, priv_key); | |
509 | + OPENSSL_PKEY_GET_BN(z_dsa, pub_key); | |
510 | + add_assoc_zval(return_value, "dsa", &z_dsa); | |
511 | + } | |
512 | } | |
513 | break; | |
514 | case EVP_PKEY_DH: | |
515 | - | |
516 | - ktype = OPENSSL_KEYTYPE_DH; | |
517 | - | |
518 | - if (pkey->pkey.dh != NULL) { | |
519 | - zval *dh; | |
520 | - | |
521 | - ALLOC_INIT_ZVAL(dh); | |
522 | - array_init(dh); | |
523 | - OPENSSL_PKEY_GET_BN(dh, p); | |
524 | - OPENSSL_PKEY_GET_BN(dh, g); | |
525 | - OPENSSL_PKEY_GET_BN(dh, priv_key); | |
526 | - OPENSSL_PKEY_GET_BN(dh, pub_key); | |
527 | - add_assoc_zval(return_value, "dh", dh); | |
528 | + { | |
529 | + DH *dh = EVP_PKEY_get0_DH(pkey); | |
530 | + ktype = OPENSSL_KEYTYPE_DH; | |
531 | + | |
532 | + if (dh != NULL) { | |
533 | + zval z_dh; | |
534 | + const BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
535 | + | |
536 | + DH_get0_pqg(dh, &p, &q, &g); | |
537 | + DH_get0_key(dh, &pub_key, &priv_key); | |
538 | + | |
539 | + array_init(&z_dh); | |
540 | + OPENSSL_PKEY_GET_BN(z_dh, p); | |
541 | + OPENSSL_PKEY_GET_BN(z_dh, g); | |
542 | + OPENSSL_PKEY_GET_BN(z_dh, priv_key); | |
543 | + OPENSSL_PKEY_GET_BN(z_dh, pub_key); | |
544 | + add_assoc_zval(return_value, "dh", &z_dh); | |
545 | + } | |
546 | } | |
547 | ||
548 | break; | |
549 | #ifdef HAVE_EVP_PKEY_EC | |
550 | case EVP_PKEY_EC: | |
551 | ktype = OPENSSL_KEYTYPE_EC; | |
552 | - if (pkey->pkey.ec != NULL) { | |
553 | + if (EVP_PKEY_get0_EC_KEY(pkey) != NULL) { | |
554 | zval *ec; | |
555 | const EC_GROUP *ec_group; | |
556 | int nid; | |
557 | @@ -4546,13 +4689,13 @@ PHP_FUNCTION(openssl_private_encrypt) | |
558 | cryptedlen = EVP_PKEY_size(pkey); | |
559 | cryptedbuf = emalloc(cryptedlen + 1); | |
560 | ||
561 | - switch (pkey->type) { | |
562 | + switch (EVP_PKEY_id(pkey)) { | |
563 | case EVP_PKEY_RSA: | |
564 | case EVP_PKEY_RSA2: | |
565 | successful = (RSA_private_encrypt(data_len, | |
566 | (unsigned char *)data, | |
567 | cryptedbuf, | |
568 | - pkey->pkey.rsa, | |
569 | + EVP_PKEY_get0_RSA(pkey), | |
570 | padding) == cryptedlen); | |
571 | break; | |
572 | default: | |
573 | @@ -4604,13 +4747,13 @@ PHP_FUNCTION(openssl_private_decrypt) | |
574 | cryptedlen = EVP_PKEY_size(pkey); | |
575 | crypttemp = emalloc(cryptedlen + 1); | |
576 | ||
577 | - switch (pkey->type) { | |
578 | + switch (EVP_PKEY_id(pkey)) { | |
579 | case EVP_PKEY_RSA: | |
580 | case EVP_PKEY_RSA2: | |
581 | cryptedlen = RSA_private_decrypt(data_len, | |
582 | (unsigned char *)data, | |
583 | crypttemp, | |
584 | - pkey->pkey.rsa, | |
585 | + EVP_PKEY_get0_RSA(pkey), | |
586 | padding); | |
587 | if (cryptedlen != -1) { | |
588 | cryptedbuf = emalloc(cryptedlen + 1); | |
589 | @@ -4669,13 +4812,13 @@ PHP_FUNCTION(openssl_public_encrypt) | |
590 | cryptedlen = EVP_PKEY_size(pkey); | |
591 | cryptedbuf = emalloc(cryptedlen + 1); | |
592 | ||
593 | - switch (pkey->type) { | |
594 | + switch (EVP_PKEY_id(pkey)) { | |
595 | case EVP_PKEY_RSA: | |
596 | case EVP_PKEY_RSA2: | |
597 | successful = (RSA_public_encrypt(data_len, | |
598 | (unsigned char *)data, | |
599 | - cryptedbuf, | |
600 | - pkey->pkey.rsa, | |
601 | + cryptedbuf, | |
602 | + EVP_PKEY_get0_RSA(pkey), | |
603 | padding) == cryptedlen); | |
604 | break; | |
605 | default: | |
606 | @@ -4728,13 +4871,13 @@ PHP_FUNCTION(openssl_public_decrypt) | |
607 | cryptedlen = EVP_PKEY_size(pkey); | |
608 | crypttemp = emalloc(cryptedlen + 1); | |
609 | ||
610 | - switch (pkey->type) { | |
611 | + switch (EVP_PKEY_id(pkey)) { | |
612 | case EVP_PKEY_RSA: | |
613 | case EVP_PKEY_RSA2: | |
614 | cryptedlen = RSA_public_decrypt(data_len, | |
615 | (unsigned char *)data, | |
616 | - crypttemp, | |
617 | - pkey->pkey.rsa, | |
618 | + crypttemp, | |
619 | + EVP_PKEY_get0_RSA(pkey), | |
620 | padding); | |
621 | if (cryptedlen != -1) { | |
622 | cryptedbuf = emalloc(cryptedlen + 1); | |
623 | @@ -4798,7 +4941,7 @@ PHP_FUNCTION(openssl_sign) | |
624 | long keyresource = -1; | |
625 | char * data; | |
626 | int data_len; | |
627 | - EVP_MD_CTX md_ctx; | |
628 | + EVP_MD_CTX *md_ctx; | |
629 | zval *method = NULL; | |
630 | long signature_algo = OPENSSL_ALGO_SHA1; | |
631 | const EVP_MD *mdtype; | |
632 | @@ -4831,9 +4974,11 @@ PHP_FUNCTION(openssl_sign) | |
633 | siglen = EVP_PKEY_size(pkey); | |
634 | sigbuf = emalloc(siglen + 1); | |
635 | ||
636 | - EVP_SignInit(&md_ctx, mdtype); | |
637 | - EVP_SignUpdate(&md_ctx, data, data_len); | |
638 | - if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) { | |
639 | + md_ctx = EVP_MD_CTX_create(); | |
640 | + if (md_ctx != NULL && | |
641 | + EVP_SignInit(md_ctx, mdtype) && | |
642 | + EVP_SignUpdate(md_ctx, data, data_len) && | |
643 | + EVP_SignFinal(md_ctx, (unsigned char*)sigbuf, &siglen, pkey)) { | |
644 | zval_dtor(signature); | |
645 | sigbuf[siglen] = '\0'; | |
646 | ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0); | |
647 | @@ -4842,7 +4987,7 @@ PHP_FUNCTION(openssl_sign) | |
648 | efree(sigbuf); | |
649 | RETVAL_FALSE; | |
650 | } | |
651 | - EVP_MD_CTX_cleanup(&md_ctx); | |
652 | + EVP_MD_CTX_destroy(md_ctx); | |
653 | if (keyresource == -1) { | |
654 | EVP_PKEY_free(pkey); | |
655 | } | |
656 | @@ -4855,8 +5000,8 @@ PHP_FUNCTION(openssl_verify) | |
657 | { | |
658 | zval **key; | |
659 | EVP_PKEY *pkey; | |
660 | - int err; | |
661 | - EVP_MD_CTX md_ctx; | |
662 | + int err = 0; | |
663 | + EVP_MD_CTX *md_ctx; | |
664 | const EVP_MD *mdtype; | |
665 | long keyresource = -1; | |
666 | char * data; int data_len; | |
667 | @@ -4890,10 +5035,13 @@ PHP_FUNCTION(openssl_verify) | |
668 | RETURN_FALSE; | |
669 | } | |
670 | ||
671 | - EVP_VerifyInit (&md_ctx, mdtype); | |
672 | - EVP_VerifyUpdate (&md_ctx, data, data_len); | |
673 | - err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey); | |
674 | - EVP_MD_CTX_cleanup(&md_ctx); | |
675 | + md_ctx = EVP_MD_CTX_create(); | |
676 | + if (md_ctx != NULL) { | |
677 | + EVP_VerifyInit(md_ctx, mdtype); | |
678 | + EVP_VerifyUpdate (md_ctx, data, data_len); | |
679 | + err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey); | |
680 | + } | |
681 | + EVP_MD_CTX_destroy(md_ctx); | |
682 | ||
683 | if (keyresource == -1) { | |
684 | EVP_PKEY_free(pkey); | |
685 | @@ -4917,7 +5065,7 @@ PHP_FUNCTION(openssl_seal) | |
686 | char *method =NULL; | |
687 | int method_len = 0; | |
688 | const EVP_CIPHER *cipher; | |
689 | - EVP_CIPHER_CTX ctx; | |
690 | + EVP_CIPHER_CTX *ctx; | |
691 | ||
692 | if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/|s", &data, &data_len, &sealdata, &ekeys, &pubkeys, &method, &method_len) == FAILURE) { | |
693 | return; | |
694 | @@ -4967,9 +5115,10 @@ PHP_FUNCTION(openssl_seal) | |
695 | i++; | |
696 | } | |
697 | ||
698 | - if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) { | |
699 | + ctx = EVP_CIPHER_CTX_new(); | |
700 | + if (ctx == NULL || !EVP_EncryptInit(ctx,cipher,NULL,NULL)) { | |
701 | + EVP_CIPHER_CTX_free(ctx); | |
702 | RETVAL_FALSE; | |
703 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
704 | goto clean_exit; | |
705 | } | |
706 | ||
707 | @@ -4979,15 +5128,15 @@ PHP_FUNCTION(openssl_seal) | |
708 | iv = ivlen ? emalloc(ivlen + 1) : NULL; | |
709 | #endif | |
710 | /* allocate one byte extra to make room for \0 */ | |
711 | - buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx)); | |
712 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
713 | + buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx)); | |
714 | + EVP_CIPHER_CTX_cleanup(ctx); | |
715 | ||
716 | - if (EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) <= 0 || | |
717 | - !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len) || | |
718 | - !EVP_SealFinal(&ctx, buf + len1, &len2)) { | |
719 | + if (EVP_SealInit(ctx, cipher, eks, eksl, NULL, pkeys, nkeys) <= 0 || | |
720 | + !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len) || | |
721 | + !EVP_SealFinal(ctx, buf + len1, &len2)) { | |
722 | RETVAL_FALSE; | |
723 | efree(buf); | |
724 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
725 | + EVP_CIPHER_CTX_free(ctx); | |
726 | goto clean_exit; | |
727 | } | |
728 | ||
729 | @@ -5018,5 +5167,5 @@ PHP_FUNCTION(openssl_seal) | |
730 | efree(buf); | |
731 | } | |
732 | RETVAL_LONG(len1 + len2); | |
733 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
734 | + EVP_CIPHER_CTX_free(ctx); | |
735 | ||
736 | @@ -5045,7 +5194,7 @@ PHP_FUNCTION(openssl_open) | |
737 | int len1, len2; | |
738 | unsigned char *buf; | |
739 | long keyresource = -1; | |
740 | - EVP_CIPHER_CTX ctx; | |
741 | + EVP_CIPHER_CTX *ctx; | |
742 | char * data; int data_len; | |
743 | char * ekey; int ekey_len; | |
744 | char *method =NULL; | |
745 | @@ -5071,27 +5220,26 @@ PHP_FUNCTION(openssl_open) | |
746 | } else { | |
747 | cipher = EVP_rc4(); | |
748 | } | |
749 | - | |
750 | + | |
751 | buf = emalloc(data_len + 1); | |
752 | ||
753 | - if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
754 | - if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) { | |
755 | - efree(buf); | |
756 | - RETVAL_FALSE; | |
757 | - } else { | |
758 | - zval_dtor(opendata); | |
759 | - buf[len1 + len2] = '\0'; | |
760 | - ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); | |
761 | - RETVAL_TRUE; | |
762 | - } | |
763 | + ctx = EVP_CIPHER_CTX_new(); | |
764 | + if (ctx != NULL && EVP_OpenInit(ctx, cipher, (unsigned char *)ekey, (int)ekey_len, NULL, pkey) && | |
765 | + EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) && | |
766 | + EVP_OpenFinal(ctx, buf + len1, &len2) && (len1 + len2 > 0)) { | |
767 | + zval_dtor(opendata); | |
768 | + buf[len1 + len2] = '\0'; | |
769 | + ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); | |
770 | + RETVAL_TRUE; | |
771 | } else { | |
772 | - efree(buf); | |
773 | RETVAL_FALSE; | |
774 | } | |
775 | + | |
776 | + efree(buf); | |
777 | if (keyresource == -1) { | |
778 | EVP_PKEY_free(pkey); | |
779 | } | |
780 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
781 | + EVP_CIPHER_CTX_free(ctx); | |
782 | } | |
783 | /* }}} */ | |
784 | ||
785 | @@ -5151,7 +5299,7 @@ PHP_FUNCTION(openssl_digest) | |
786 | char *data, *method; | |
787 | int data_len, method_len; | |
788 | const EVP_MD *mdtype; | |
789 | - EVP_MD_CTX md_ctx; | |
790 | + EVP_MD_CTX *md_ctx; | |
791 | int siglen; | |
792 | unsigned char *sigbuf; | |
793 | ||
794 | @@ -5167,9 +5315,10 @@ PHP_FUNCTION(openssl_digest) | |
795 | siglen = EVP_MD_size(mdtype); | |
796 | sigbuf = emalloc(siglen + 1); | |
797 | ||
798 | - EVP_DigestInit(&md_ctx, mdtype); | |
799 | - EVP_DigestUpdate(&md_ctx, (unsigned char *)data, data_len); | |
800 | - if (EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) { | |
801 | + md_ctx = EVP_MD_CTX_create(); | |
802 | + if (EVP_DigestInit(md_ctx, mdtype) && | |
803 | + EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len) && | |
804 | + EVP_DigestFinal (md_ctx, (unsigned char *)sigbuf, &siglen)) { | |
805 | if (raw_output) { | |
806 | sigbuf[siglen] = '\0'; | |
807 | RETVAL_STRINGL((char *)sigbuf, siglen, 0); | |
808 | @@ -5185,6 +5334,8 @@ PHP_FUNCTION(openssl_digest) | |
809 | efree(sigbuf); | |
810 | RETVAL_FALSE; | |
811 | } | |
812 | + | |
813 | + EVP_MD_CTX_destroy(md_ctx); | |
814 | } | |
815 | /* }}} */ | |
816 | ||
817 | @@ -5230,7 +5381,7 @@ PHP_FUNCTION(openssl_encrypt) | |
818 | char *data, *method, *password, *iv = ""; | |
819 | int data_len, method_len, password_len, iv_len = 0, max_iv_len; | |
820 | const EVP_CIPHER *cipher_type; | |
821 | - EVP_CIPHER_CTX cipher_ctx; | |
822 | + EVP_CIPHER_CTX *cipher_ctx; | |
823 | int i=0, outlen, keylen; | |
824 | unsigned char *outbuf, *key; | |
825 | zend_bool free_iv; | |
826 | @@ -5244,6 +5395,12 @@ PHP_FUNCTION(openssl_encrypt) | |
827 | RETURN_FALSE; | |
828 | } | |
829 | ||
830 | + cipher_ctx = EVP_CIPHER_CTX_new(); | |
831 | + if (!cipher_ctx) { | |
832 | + php_error_docref(NULL, E_WARNING, "Failed to create cipher context"); | |
833 | + RETURN_FALSE; | |
834 | + } | |
835 | + | |
836 | keylen = EVP_CIPHER_key_length(cipher_type); | |
837 | if (keylen > password_len) { | |
838 | key = emalloc(keylen); | |
839 | @@ -5262,19 +5419,19 @@ PHP_FUNCTION(openssl_encrypt) | |
840 | outlen = data_len + EVP_CIPHER_block_size(cipher_type); | |
841 | outbuf = safe_emalloc(outlen, 1, 1); | |
842 | ||
843 | - EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL); | |
844 | + EVP_EncryptInit(cipher_ctx, cipher_type, NULL, NULL); | |
845 | if (password_len > keylen) { | |
846 | - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); | |
847 | + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); | |
848 | } | |
849 | - EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
850 | + EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
851 | if (options & OPENSSL_ZERO_PADDING) { | |
852 | - EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); | |
853 | + EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); | |
854 | } | |
855 | if (data_len > 0) { | |
856 | - EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
857 | + EVP_EncryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
858 | } | |
859 | outlen = i; | |
860 | - if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
861 | + if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
862 | outlen += i; | |
863 | if (options & OPENSSL_RAW_DATA) { | |
864 | outbuf[outlen] = '\0'; | |
865 | @@ -5301,7 +5458,7 @@ PHP_FUNCTION(openssl_encrypt) | |
866 | if (free_iv) { | |
867 | efree(iv); | |
868 | } | |
869 | - EVP_CIPHER_CTX_cleanup(&cipher_ctx); | |
870 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
871 | } | |
872 | /* }}} */ | |
873 | ||
874 | @@ -5313,7 +5470,7 @@ PHP_FUNCTION(openssl_decrypt) | |
875 | char *data, *method, *password, *iv = ""; | |
876 | int data_len, method_len, password_len, iv_len = 0; | |
877 | const EVP_CIPHER *cipher_type; | |
878 | - EVP_CIPHER_CTX cipher_ctx; | |
879 | + EVP_CIPHER_CTX *cipher_ctx; | |
880 | int i, outlen, keylen; | |
881 | unsigned char *outbuf, *key; | |
882 | int base64_str_len; | |
883 | @@ -5335,10 +5492,17 @@ PHP_FUNCTION(openssl_decrypt) | |
884 | RETURN_FALSE; | |
885 | } | |
886 | ||
887 | + cipher_ctx = EVP_CIPHER_CTX_new(); | |
888 | + if (!cipher_ctx) { | |
889 | + php_error_docref(NULL, E_WARNING, "Failed to create cipher context"); | |
890 | + RETURN_FALSE; | |
891 | + } | |
892 | + | |
893 | if (!(options & OPENSSL_RAW_DATA)) { | |
894 | base64_str = (char*)php_base64_decode((unsigned char*)data, data_len, &base64_str_len); | |
895 | if (!base64_str) { | |
896 | php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to base64 decode the input"); | |
897 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
898 | RETURN_FALSE; | |
899 | } | |
900 | data_len = base64_str_len; | |
901 | @@ -5359,17 +5523,17 @@ PHP_FUNCTION(openssl_decrypt) | |
902 | outlen = data_len + EVP_CIPHER_block_size(cipher_type); | |
903 | outbuf = emalloc(outlen + 1); | |
904 | ||
905 | - EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL); | |
906 | + EVP_DecryptInit(cipher_ctx, cipher_type, NULL, NULL); | |
907 | if (password_len > keylen) { | |
908 | - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); | |
909 | + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); | |
910 | } | |
911 | - EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
912 | + EVP_DecryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
913 | if (options & OPENSSL_ZERO_PADDING) { | |
914 | - EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); | |
915 | + EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); | |
916 | } | |
917 | - EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
918 | + EVP_DecryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
919 | outlen = i; | |
920 | - if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
921 | + if (EVP_DecryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
922 | outlen += i; | |
923 | outbuf[outlen] = '\0'; | |
924 | RETVAL_STRINGL((char *)outbuf, outlen, 0); | |
925 | @@ -5386,7 +5550,7 @@ PHP_FUNCTION(openssl_decrypt) | |
926 | if (base64_str) { | |
927 | efree(base64_str); | |
928 | } | |
929 | - EVP_CIPHER_CTX_cleanup(&cipher_ctx); | |
930 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
931 | } | |
932 | /* }}} */ | |
933 | ||
934 | @@ -5424,6 +5588,7 @@ PHP_FUNCTION(openssl_dh_compute_key) | |
935 | zval *key; | |
936 | char *pub_str; | |
937 | int pub_len; | |
938 | + DH *dh; | |
939 | EVP_PKEY *pkey; | |
940 | BIGNUM *pub; | |
941 | char *data; | |
942 | @@ -5433,14 +5598,18 @@ PHP_FUNCTION(openssl_dh_compute_key) | |
943 | return; | |
944 | } | |
945 | ZEND_FETCH_RESOURCE(pkey, EVP_PKEY *, &key, -1, "OpenSSL key", le_key); | |
946 | - if (!pkey || EVP_PKEY_type(pkey->type) != EVP_PKEY_DH || !pkey->pkey.dh) { | |
947 | + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) { | |
948 | + RETURN_FALSE; | |
949 | + } | |
950 | + dh = EVP_PKEY_get0_DH(pkey); | |
951 | + if (dh == NULL) { | |
952 | RETURN_FALSE; | |
953 | } | |
954 | ||
955 | pub = BN_bin2bn((unsigned char*)pub_str, pub_len, NULL); | |
956 | ||
957 | - data = emalloc(DH_size(pkey->pkey.dh) + 1); | |
958 | - len = DH_compute_key((unsigned char*)data, pub, pkey->pkey.dh); | |
959 | + data = emalloc(DH_size(dh) + 1); | |
960 | + len = DH_compute_key((unsigned char*)data, pub, dh); | |
961 | ||
962 | if (len >= 0) { | |
963 | data[len] = 0; |