1 diff -ur php-5.2.17/ext/openssl.org/openssl.c php-5.2.17/ext/openssl/openssl.c
2 --- php-5.2.17/ext/openssl.org/openssl.c 2018-09-28 10:44:23.152948019 +0200
3 +++ php-5.2.17/ext/openssl/openssl.c 2018-09-28 10:55:24.424744224 +0200
9 +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
10 +#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0)
12 +#define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval()
15 /* FIXME: Use the openssl constants instead of
16 * enum. It is now impossible to match real values
17 * against php constants. Also sorry to break the
21 file = RAND_file_name(buffer, sizeof(buffer));
22 - } else if (RAND_egd(file) > 0) {
23 - /* if the given filename is an EGD socket, don't
24 - * write anything back to it */
28 if (file == NULL || !RAND_load_file(file, -1)) {
29 if (RAND_status() == 0) {
31 mdtype = (EVP_MD *) EVP_md2();
34 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
35 case OPENSSL_ALGO_DSS1:
36 mdtype = (EVP_MD *) EVP_dss1();
43 le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number);
44 le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number);
46 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
47 + OPENSSL_config(NULL);
49 OpenSSL_add_all_ciphers();
50 OpenSSL_add_all_digests();
51 OpenSSL_add_all_algorithms();
53 - ERR_load_ERR_strings();
54 - ERR_load_crypto_strings();
55 - ERR_load_EVP_strings();
56 + SSL_load_error_strings();
58 + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
61 /* register a resource id number with openSSL so that we can map SSL -> stream structures in
62 * openSSL callbacks */
66 const X509V3_EXT_METHOD *method = NULL;
67 + ASN1_OCTET_STRING *extension_data;
69 const unsigned char *p;
75 - p = extension->value->data;
76 - length = extension->value->length;
77 + extension_data = X509_EXTENSION_get_data(extension);
78 + p = extension_data->data;
79 + length = extension_data->length;
81 names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
82 ASN1_ITEM_ptr(method->it)));
86 X509_EXTENSION *extension;
87 + X509_NAME *subject_name;
92 @@ -1123,12 +1134,12 @@
94 array_init(return_value);
97 - add_assoc_string(return_value, "name", cert->name, 1);
99 -/* add_assoc_bool(return_value, "valid", cert->valid); */
100 + subject_name = X509_get_subject_name(cert);
101 + cert_name = X509_NAME_oneline(subject_name, NULL, 0);
102 + add_assoc_string(return_value, "name", cert_name, 1);
103 + OPENSSL_free(cert_name);
105 - add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC);
106 + add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC);
107 /* hash as used in CA directories to lookup cert by subject name */
110 @@ -2592,13 +2603,20 @@
112 assert(pkey != NULL);
114 - switch (pkey->type) {
115 + switch (EVP_PKEY_id(pkey)) {
119 - assert(pkey->pkey.rsa != NULL);
120 - if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)) {
123 + RSA *rsa = EVP_PKEY_get0_RSA(pkey);
125 + const BIGNUM *p, *q;
127 + RSA_get0_factors(rsa, &p, &q);
128 + if (p == NULL || q == NULL) {
135 @@ -2608,19 +2626,41 @@
139 - assert(pkey->pkey.dsa != NULL);
141 + DSA *dsa = EVP_PKEY_get0_DSA(pkey);
143 + const BIGNUM *p, *q, *g, *pub_key, *priv_key;
145 + DSA_get0_pqg(dsa, &p, &q, &g);
146 + if (p == NULL || q == NULL) {
150 - if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){
152 + DSA_get0_key(dsa, &pub_key, &priv_key);
153 + if (priv_key == NULL) {
162 - assert(pkey->pkey.dh != NULL);
164 + DH *dh = EVP_PKEY_get0_DH(pkey);
166 + const BIGNUM *p, *q, *g, *pub_key, *priv_key;
168 + DH_get0_pqg(dh, &p, &q, &g);
173 - if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) {
175 + DH_get0_key(dh, &pub_key, &priv_key);
176 + if (priv_key == NULL) {
183 @@ -2861,7 +2901,7 @@
184 /*TODO: Use the real values once the openssl constants are used
185 * See the enum at the top of this file
187 - switch (EVP_PKEY_type(pkey->type)) {
188 + switch (EVP_PKEY_base_id(pkey)) {
191 ktype = OPENSSL_KEYTYPE_RSA;
192 @@ -3398,13 +3438,13 @@
193 cryptedlen = EVP_PKEY_size(pkey);
194 cryptedbuf = emalloc(cryptedlen + 1);
196 - switch (pkey->type) {
197 + switch (EVP_PKEY_id(pkey)) {
200 successful = (RSA_private_encrypt(data_len,
201 (unsigned char *)data,
204 + EVP_PKEY_get0_RSA(pkey),
205 padding) == cryptedlen);
208 @@ -3456,13 +3496,13 @@
209 cryptedlen = EVP_PKEY_size(pkey);
210 crypttemp = emalloc(cryptedlen + 1);
212 - switch (pkey->type) {
213 + switch (EVP_PKEY_id(pkey)) {
216 cryptedlen = RSA_private_decrypt(data_len,
217 (unsigned char *)data,
220 + EVP_PKEY_get0_RSA(pkey),
222 if (cryptedlen != -1) {
223 cryptedbuf = emalloc(cryptedlen + 1);
224 @@ -3521,13 +3561,13 @@
225 cryptedlen = EVP_PKEY_size(pkey);
226 cryptedbuf = emalloc(cryptedlen + 1);
228 - switch (pkey->type) {
229 + switch (EVP_PKEY_id(pkey)) {
232 successful = (RSA_public_encrypt(data_len,
233 (unsigned char *)data,
236 + EVP_PKEY_get0_RSA(pkey),
237 padding) == cryptedlen);
240 @@ -3580,13 +3620,13 @@
241 cryptedlen = EVP_PKEY_size(pkey);
242 crypttemp = emalloc(cryptedlen + 1);
244 - switch (pkey->type) {
245 + switch (EVP_PKEY_id(pkey)) {
248 cryptedlen = RSA_public_decrypt(data_len,
249 (unsigned char *)data,
252 + EVP_PKEY_get0_RSA(pkey),
254 if (cryptedlen != -1) {
255 cryptedbuf = emalloc(cryptedlen + 1);
256 @@ -3650,7 +3690,7 @@
257 long keyresource = -1;
261 + EVP_MD_CTX *md_ctx;
262 long signature_algo = OPENSSL_ALGO_SHA1;
265 @@ -3672,9 +3712,11 @@
266 siglen = EVP_PKEY_size(pkey);
267 sigbuf = emalloc(siglen + 1);
269 - EVP_SignInit(&md_ctx, mdtype);
270 - EVP_SignUpdate(&md_ctx, data, data_len);
271 - if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) {
272 + md_ctx = EVP_MD_CTX_create();
273 + if (md_ctx != NULL &&
274 + EVP_SignInit(md_ctx, mdtype) &&
275 + EVP_SignUpdate(md_ctx, data, data_len) &&
276 + EVP_SignFinal (md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) {
277 zval_dtor(signature);
278 sigbuf[siglen] = '\0';
279 ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0);
280 @@ -3684,7 +3726,7 @@
283 #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
284 - EVP_MD_CTX_cleanup(&md_ctx);
285 + EVP_MD_CTX_free(md_ctx);
287 if (keyresource == -1) {
289 @@ -3699,7 +3741,7 @@
294 + EVP_MD_CTX *md_ctx;
296 long keyresource = -1;
297 char * data; int data_len;
298 @@ -3722,11 +3764,13 @@
302 - EVP_VerifyInit (&md_ctx, mdtype);
303 - EVP_VerifyUpdate (&md_ctx, data, data_len);
304 - err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey);
305 + if (md_ctx != NULL) {
306 + EVP_VerifyInit (md_ctx, mdtype);
307 + EVP_VerifyUpdate (md_ctx, data, data_len);
308 + err = EVP_VerifyFinal (md_ctx, (unsigned char *)signature, signature_len, pkey);
310 #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
311 - EVP_MD_CTX_cleanup(&md_ctx);
312 + EVP_MD_CTX_destroy(md_ctx);
315 if (keyresource == -1) {
316 @@ -3748,7 +3792,7 @@
317 int i, len1, len2, *eksl, nkeys;
318 unsigned char *buf = NULL, **eks;
319 char * data; int data_len;
320 - EVP_CIPHER_CTX ctx;
321 + EVP_CIPHER_CTX *ctx;
323 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/", &data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE) {
325 @@ -3785,7 +3829,9 @@
329 - if (!EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL)) {
330 + ctx = EVP_CIPHER_CTX_new();
331 + if (!EVP_EncryptInit(ctx,EVP_rc4(),NULL,NULL)) {
332 + EVP_CIPHER_CTX_free(ctx);
336 @@ -3796,15 +3842,16 @@
337 iv = ivlen ? emalloc(ivlen + 1) : NULL;
339 /* allocate one byte extra to make room for \0 */
340 - buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
341 + buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
343 - if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
344 + if (!EVP_SealInit(ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) {
347 + EVP_CIPHER_CTX_free(ctx);
351 - EVP_SealFinal(&ctx, buf + len1, &len2);
352 + EVP_SealFinal(ctx, buf + len1, &len2);
354 if (len1 + len2 > 0) {
356 @@ -3833,6 +3880,7 @@
359 RETVAL_LONG(len1 + len2);
360 + EVP_CIPHER_CTX_free(ctx);
363 for (i=0; i<nkeys; i++) {
364 @@ -3859,7 +3907,7 @@
367 long keyresource = -1;
368 - EVP_CIPHER_CTX ctx;
369 + EVP_CIPHER_CTX *ctx;
370 char * data; int data_len;
371 char * ekey; int ekey_len;
373 @@ -3874,8 +3922,8 @@
375 buf = emalloc(data_len + 1);
377 - if (EVP_OpenInit(&ctx, EVP_rc4(), (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
378 - if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) {
379 + if (EVP_OpenInit(ctx, EVP_rc4(), (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) {
380 + if (!EVP_OpenFinal(ctx, buf + len1, &len2) || (len1 + len2 == 0)) {
382 if (keyresource == -1) {
384 diff -ur php-5.2.17/ext/openssl.org/xp_ssl.c php-5.2.17/ext/openssl/xp_ssl.c
385 --- php-5.2.17/ext/openssl.org/xp_ssl.c 2018-09-28 10:44:23.112946707 +0200
386 +++ php-5.2.17/ext/openssl/xp_ssl.c 2018-09-28 10:48:26.714263136 +0200
390 case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
391 +#ifdef OPENSSL_NO_SSL3
392 + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
395 sslsock->is_client = 1;
396 method = SSLv3_client_method();
399 case STREAM_CRYPTO_METHOD_TLS_CLIENT:
400 sslsock->is_client = 1;
401 method = TLSv1_client_method();
403 method = SSLv23_server_method();
405 case STREAM_CRYPTO_METHOD_SSLv3_SERVER:
406 +#ifdef OPENSSL_NO_SSL3
407 + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
410 sslsock->is_client = 0;
411 method = SSLv3_server_method();
414 case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
415 #ifdef OPENSSL_NO_SSL2
416 php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
417 --- php-5.2.17/acinclude.m4~ 2018-09-28 11:08:22.000000000 +0200
418 +++ php-5.2.17/acinclude.m4 2018-09-28 11:17:41.392940657 +0200
419 @@ -2325,8 +2325,10 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[
420 AC_MSG_ERROR([OpenSSL version 0.9.6 or greater required.])
423 - if test -n "$OPENSSL_LIBS" && test -n "$OPENSSL_INCS"; then
424 + if test -n "$OPENSSL_LIBS"; then
425 PHP_EVAL_LIBLINE($OPENSSL_LIBS, $1)
427 + if test -n "$OPENSSL_INCS"; then
428 PHP_EVAL_INCLINE($OPENSSL_INCS)