[packages/php.git] / openssl.patch

diff -urNp -x '*.orig' php-7.1.33.org/ext/openssl/openssl.c php-7.1.33/ext/openssl/openssl.c
--- php-7.1.33.org/ext/openssl/openssl.c	2019-10-22 18:59:46.000000000 +0200
+++ php-7.1.33/ext/openssl/openssl.c	2022-01-20 15:55:08.279929919 +0100
@@ -1471,7 +1471,9 @@ PHP_MINIT_FUNCTION(openssl)
 	REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);
 
 	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
+#ifdef RSA_SSLV23_PADDING
 	REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT);
+#endif
 	REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
 
diff -urNp -x '*.orig' php-7.1.33.org/ext/openssl/xp_ssl.c php-7.1.33/ext/openssl/xp_ssl.c
--- php-7.1.33.org/ext/openssl/xp_ssl.c	2019-10-22 18:59:46.000000000 +0200
+++ php-7.1.33/ext/openssl/xp_ssl.c	2022-01-20 15:55:08.283263252 +0100
@@ -2571,7 +2571,7 @@ php_stream *php_openssl_ssl_socket_facto
 
 	if (strncmp(proto, "ssl", protolen) == 0) {
 		sslsock->enable_on_connect = 1;
-		sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_ANY_CLIENT);
+		sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT);
 	} else if (strncmp(proto, "sslv2", protolen) == 0) {
 		php_error_docref(NULL, E_WARNING, "SSLv2 unavailable in this PHP version");
 		php_stream_close(stream);
@@ -2587,7 +2587,7 @@ php_stream *php_openssl_ssl_socket_facto
 #endif
 	} else if (strncmp(proto, "tls", protolen) == 0) {
 		sslsock->enable_on_connect = 1;
-		sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+		sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT);
 	} else if (strncmp(proto, "tlsv1.0", protolen) == 0) {
 		sslsock->enable_on_connect = 1;
 		sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
diff -urNp -x '*.orig' php-7.1.33.org/main/streams/php_stream_transport.h php-7.1.33/main/streams/php_stream_transport.h
--- php-7.1.33.org/main/streams/php_stream_transport.h	2019-10-22 19:00:03.000000000 +0200
+++ php-7.1.33/main/streams/php_stream_transport.h	2022-01-20 15:55:08.283263252 +0100
@@ -172,8 +172,8 @@ typedef enum {
 	STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT = (1 << 3 | 1),
 	STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT = (1 << 4 | 1),
 	STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 | 1),
-	/* tls now equates only to the specific TLSv1 method for BC with pre-5.6 */
-	STREAM_CRYPTO_METHOD_TLS_CLIENT = (1 << 3 | 1),
+	/* TLS equates to TLS_ANY as of PHP 7.2 */
+	STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
 	STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
 	STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | 1),
 	STREAM_CRYPTO_METHOD_SSLv2_SERVER = (1 << 1),
@@ -183,8 +183,8 @@ typedef enum {
 	STREAM_CRYPTO_METHOD_TLSv1_0_SERVER = (1 << 3),
 	STREAM_CRYPTO_METHOD_TLSv1_1_SERVER = (1 << 4),
 	STREAM_CRYPTO_METHOD_TLSv1_2_SERVER = (1 << 5),
-	/* tls equates only to the specific TLSv1 method for BC with pre-5.6 */
-	STREAM_CRYPTO_METHOD_TLS_SERVER = (1 << 3),
+	/* TLS equates to TLS_ANY as of PHP 7.2 */
+	STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
 	STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
 	STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5))
 } php_stream_xport_crypt_method_t;
--- php-7.2.34/ext/openssl/xp_ssl.c.orig	2020-09-30 07:15:53.000000000 +0200
+++ php-7.2.34/ext/openssl/xp_ssl.c	2022-03-29 15:28:35.726548949 +0200
@@ -1014,6 +1014,10 @@ static int php_openssl_get_crypto_method
 {
 	int ssl_ctx_options = SSL_OP_ALL;
 
+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
+	ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
+#endif
+
 #ifdef SSL_OP_NO_SSLv2
 	ssl_ctx_options |= SSL_OP_NO_SSLv2;
 #endif
@@ -1261,6 +1265,10 @@ static int php_openssl_set_server_specif
 	zval *zv;
 	long ssl_ctx_options = SSL_CTX_get_options(ctx);
 
+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
+	ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
+#endif
+
 #if defined(HAVE_ECDH) && PHP_OPENSSL_API_VERSION < 0x10100
 	if (set_server_ecdh_curve(stream, ctx) == FAILURE) {
 		return FAILURE;
Commit	Line	Data
a71081b0 AM	1	diff -urNp -x '*.orig' php-7.1.33.org/ext/openssl/openssl.c php-7.1.33/ext/openssl/openssl.c
	2	--- php-7.1.33.org/ext/openssl/openssl.c 2019-10-22 18:59:46.000000000 +0200
	3	+++ php-7.1.33/ext/openssl/openssl.c 2022-01-20 15:55:08.279929919 +0100
	4	@@ -1471,7 +1471,9 @@ PHP_MINIT_FUNCTION(openssl)
3d361464 AM	5	REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS\|CONST_PERSISTENT);
	6
	7	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS\|CONST_PERSISTENT);
	8	+#ifdef RSA_SSLV23_PADDING
	9	REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS\|CONST_PERSISTENT);
	10	+#endif
	11	REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS\|CONST_PERSISTENT);
	12	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS\|CONST_PERSISTENT);
	13
a71081b0 AM	14	diff -urNp -x '*.orig' php-7.1.33.org/ext/openssl/xp_ssl.c php-7.1.33/ext/openssl/xp_ssl.c
	15	--- php-7.1.33.org/ext/openssl/xp_ssl.c 2019-10-22 18:59:46.000000000 +0200
	16	+++ php-7.1.33/ext/openssl/xp_ssl.c 2022-01-20 15:55:08.283263252 +0100
	17	@@ -2571,7 +2571,7 @@ php_stream *php_openssl_ssl_socket_facto
	18
	19	if (strncmp(proto, "ssl", protolen) == 0) {
	20	sslsock->enable_on_connect = 1;
	21	- sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_ANY_CLIENT);
	22	+ sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT);
	23	} else if (strncmp(proto, "sslv2", protolen) == 0) {
	24	php_error_docref(NULL, E_WARNING, "SSLv2 unavailable in this PHP version");
	25	php_stream_close(stream);
	26	@@ -2587,7 +2587,7 @@ php_stream *php_openssl_ssl_socket_facto
	27	#endif
	28	} else if (strncmp(proto, "tls", protolen) == 0) {
	29	sslsock->enable_on_connect = 1;
	30	- sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_CLIENT);
	31	+ sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT);
	32	} else if (strncmp(proto, "tlsv1.0", protolen) == 0) {
	33	sslsock->enable_on_connect = 1;
	34	sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
	35	diff -urNp -x '*.orig' php-7.1.33.org/main/streams/php_stream_transport.h php-7.1.33/main/streams/php_stream_transport.h
	36	--- php-7.1.33.org/main/streams/php_stream_transport.h 2019-10-22 19:00:03.000000000 +0200
	37	+++ php-7.1.33/main/streams/php_stream_transport.h 2022-01-20 15:55:08.283263252 +0100
	38	@@ -172,8 +172,8 @@ typedef enum {
	39	STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT = (1 << 3 \| 1),
	40	STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT = (1 << 4 \| 1),
	41	STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 \| 1),
	42	- /* tls now equates only to the specific TLSv1 method for BC with pre-5.6 */
	43	- STREAM_CRYPTO_METHOD_TLS_CLIENT = (1 << 3 \| 1),
	44	+ /* TLS equates to TLS_ANY as of PHP 7.2 */
	45	+ STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) \| (1 << 4) \| (1 << 5) \| 1),
	46	STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) \| (1 << 4) \| (1 << 5) \| 1),
	47	STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) \| (1 << 2) \| (1 << 3) \| (1 << 4) \| (1 << 5) \| 1),
	48	STREAM_CRYPTO_METHOD_SSLv2_SERVER = (1 << 1),
	49	@@ -183,8 +183,8 @@ typedef enum {
	50	STREAM_CRYPTO_METHOD_TLSv1_0_SERVER = (1 << 3),
	51	STREAM_CRYPTO_METHOD_TLSv1_1_SERVER = (1 << 4),
	52	STREAM_CRYPTO_METHOD_TLSv1_2_SERVER = (1 << 5),
	53	- /* tls equates only to the specific TLSv1 method for BC with pre-5.6 */
	54	- STREAM_CRYPTO_METHOD_TLS_SERVER = (1 << 3),
	55	+ /* TLS equates to TLS_ANY as of PHP 7.2 */
	56	+ STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) \| (1 << 4) \| (1 << 5)),
	57	STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) \| (1 << 4) \| (1 << 5)),
	58	STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) \| (1 << 2) \| (1 << 3) \| (1 << 4) \| (1 << 5))
	59	} php_stream_xport_crypt_method_t;
9298bf10 AM	60	--- php-7.2.34/ext/openssl/xp_ssl.c.orig 2020-09-30 07:15:53.000000000 +0200
	61	+++ php-7.2.34/ext/openssl/xp_ssl.c 2022-03-29 15:28:35.726548949 +0200
	62	@@ -1014,6 +1014,10 @@ static int php_openssl_get_crypto_method
	63	{
	64	int ssl_ctx_options = SSL_OP_ALL;
	65
	66	+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
	67	+ ssl_ctx_options \|= SSL_OP_IGNORE_UNEXPECTED_EOF;
	68	+#endif
	69	+
	70	#ifdef SSL_OP_NO_SSLv2
	71	ssl_ctx_options \|= SSL_OP_NO_SSLv2;
	72	#endif
	73	@@ -1261,6 +1265,10 @@ static int php_openssl_set_server_specif
	74	zval *zv;
	75	long ssl_ctx_options = SSL_CTX_get_options(ctx);
	76
	77	+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
	78	+ ssl_ctx_options \|= SSL_OP_IGNORE_UNEXPECTED_EOF;
	79	+#endif
	80	+
	81	#if defined(HAVE_ECDH) && PHP_OPENSSL_API_VERSION < 0x10100
	82	if (set_server_ecdh_curve(stream, ctx) == FAILURE) {
	83	return FAILURE;