]>
Commit | Line | Data |
---|---|---|
791b59e4 | 1 | diff -urNp -x '*.orig' php-5.6.40.org/ext/openssl/openssl.c php-5.6.40/ext/openssl/openssl.c |
d257ab18 AM |
2 | --- php-5.6.40.org/ext/openssl/openssl.c 2022-01-20 15:30:47.839929776 +0100 |
3 | +++ php-5.6.40/ext/openssl/openssl.c 2022-01-20 15:30:50.013263110 +0100 | |
e52c962c AM |
4 | @@ -531,6 +531,14 @@ zend_module_entry openssl_module_entry = |
5 | ZEND_GET_MODULE(openssl) | |
6 | #endif | |
7 | ||
8 | +/* {{{ OpenSSL compatibility functions and macros */ | |
9 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) | |
10 | +#define EVP_PKEY_get0_RSA(_pkey) _pkey->pkey.rsa | |
11 | +#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh | |
12 | +#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa | |
13 | +#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec | |
14 | +#endif | |
15 | + | |
16 | static int le_key; | |
17 | static int le_x509; | |
18 | static int le_csr; | |
19 | @@ -1053,9 +1061,11 @@ static EVP_MD * php_openssl_get_evp_md_f | |
20 | mdtype = (EVP_MD *) EVP_md2(); | |
21 | break; | |
22 | #endif | |
23 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) | |
24 | case OPENSSL_ALGO_DSS1: | |
25 | mdtype = (EVP_MD *) EVP_dss1(); | |
26 | break; | |
27 | +#endif | |
28 | #if OPENSSL_VERSION_NUMBER >= 0x0090708fL | |
29 | case OPENSSL_ALGO_SHA224: | |
30 | mdtype = (EVP_MD *) EVP_sha224(); | |
d257ab18 AM |
31 | @@ -1194,7 +1204,9 @@ PHP_MINIT_FUNCTION(openssl) |
32 | REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT); | |
33 | ||
34 | REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT); | |
35 | +#ifdef RSA_SSLV23_PADDING | |
36 | REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT); | |
37 | +#endif | |
38 | REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT); | |
39 | REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT); | |
40 | ||
41 | @@ -1893,6 +1905,7 @@ static int openssl_x509v3_subjectAltName | |
e52c962c AM |
42 | { |
43 | GENERAL_NAMES *names; | |
44 | const X509V3_EXT_METHOD *method = NULL; | |
45 | + ASN1_OCTET_STRING *extension_data; | |
46 | long i, length, num; | |
47 | const unsigned char *p; | |
48 | ||
d257ab18 | 49 | @@ -1901,8 +1914,9 @@ static int openssl_x509v3_subjectAltName |
e52c962c AM |
50 | return -1; |
51 | } | |
52 | ||
53 | - p = extension->value->data; | |
54 | - length = extension->value->length; | |
55 | + extension_data = X509_EXTENSION_get_data(extension); | |
56 | + p = extension_data->data; | |
57 | + length = extension_data->length; | |
58 | if (method->it) { | |
59 | names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, | |
60 | ASN1_ITEM_ptr(method->it))); | |
d257ab18 | 61 | @@ -1965,6 +1979,8 @@ PHP_FUNCTION(openssl_x509_parse) |
e52c962c AM |
62 | char * tmpstr; |
63 | zval * subitem; | |
64 | X509_EXTENSION *extension; | |
65 | + X509_NAME *subject_name; | |
66 | + char *cert_name; | |
67 | char *extname; | |
68 | BIO *bio_out; | |
69 | BUF_MEM *bio_buf; | |
d257ab18 | 70 | @@ -1979,12 +1995,12 @@ PHP_FUNCTION(openssl_x509_parse) |
e52c962c AM |
71 | } |
72 | array_init(return_value); | |
73 | ||
74 | - if (cert->name) { | |
75 | - add_assoc_string(return_value, "name", cert->name, 1); | |
76 | - } | |
77 | -/* add_assoc_bool(return_value, "valid", cert->valid); */ | |
78 | + subject_name = X509_get_subject_name(cert); | |
79 | + cert_name = X509_NAME_oneline(subject_name, NULL, 0); | |
80 | + add_assoc_string(return_value, "name", cert_name, 1); | |
81 | + OPENSSL_free(cert_name); | |
82 | ||
83 | - add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC); | |
84 | + add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC); | |
85 | /* hash as used in CA directories to lookup cert by subject name */ | |
86 | { | |
87 | char buf[32]; | |
d257ab18 | 88 | @@ -2008,7 +2024,7 @@ PHP_FUNCTION(openssl_x509_parse) |
e52c962c AM |
89 | add_assoc_string(return_value, "alias", tmpstr, 1); |
90 | } | |
91 | ||
92 | - sig_nid = OBJ_obj2nid((cert)->sig_alg->algorithm); | |
93 | + sig_nid = X509_get_signature_nid(cert); | |
94 | add_assoc_string(return_value, "signatureTypeSN", (char*)OBJ_nid2sn(sig_nid), 1); | |
95 | add_assoc_string(return_value, "signatureTypeLN", (char*)OBJ_nid2ln(sig_nid), 1); | |
96 | add_assoc_long(return_value, "signatureTypeNID", sig_nid); | |
d257ab18 | 97 | @@ -3482,13 +3498,20 @@ static int php_openssl_is_private_key(EV |
e52c962c AM |
98 | { |
99 | assert(pkey != NULL); | |
100 | ||
101 | - switch (pkey->type) { | |
102 | + switch (EVP_PKEY_id(pkey)) { | |
103 | #ifndef NO_RSA | |
104 | case EVP_PKEY_RSA: | |
105 | case EVP_PKEY_RSA2: | |
106 | - assert(pkey->pkey.rsa != NULL); | |
107 | - if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)) { | |
108 | - return 0; | |
109 | + { | |
110 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
111 | + if (rsa != NULL) { | |
112 | + const BIGNUM *p, *q; | |
113 | + | |
114 | + RSA_get0_factors(rsa, &p, &q); | |
115 | + if (p == NULL || q == NULL) { | |
116 | + return 0; | |
117 | + } | |
118 | + } | |
119 | } | |
120 | break; | |
121 | #endif | |
d257ab18 | 122 | @@ -3498,28 +3521,51 @@ static int php_openssl_is_private_key(EV |
e52c962c AM |
123 | case EVP_PKEY_DSA2: |
124 | case EVP_PKEY_DSA3: | |
125 | case EVP_PKEY_DSA4: | |
126 | - assert(pkey->pkey.dsa != NULL); | |
127 | + { | |
128 | + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
129 | + if (dsa != NULL) { | |
130 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
131 | + | |
132 | + DSA_get0_pqg(dsa, &p, &q, &g); | |
133 | + if (p == NULL || q == NULL) { | |
134 | + return 0; | |
135 | + } | |
136 | ||
137 | - if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){ | |
138 | - return 0; | |
139 | + DSA_get0_key(dsa, &pub_key, &priv_key); | |
140 | + if (priv_key == NULL) { | |
141 | + return 0; | |
142 | + } | |
143 | + } | |
144 | } | |
145 | break; | |
146 | #endif | |
147 | #ifndef NO_DH | |
148 | case EVP_PKEY_DH: | |
149 | - assert(pkey->pkey.dh != NULL); | |
150 | + { | |
151 | + DH *dh = EVP_PKEY_get0_DH(pkey); | |
152 | + if (dh != NULL) { | |
153 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
154 | + | |
155 | + DH_get0_pqg(dh, &p, &q, &g); | |
156 | + if (p == NULL) { | |
157 | + return 0; | |
158 | + } | |
159 | ||
160 | - if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) { | |
161 | - return 0; | |
162 | + DH_get0_key(dh, &pub_key, &priv_key); | |
163 | + if (priv_key == NULL) { | |
164 | + return 0; | |
165 | + } | |
166 | + } | |
167 | } | |
168 | break; | |
169 | #endif | |
170 | #ifdef HAVE_EVP_PKEY_EC | |
171 | case EVP_PKEY_EC: | |
172 | - assert(pkey->pkey.ec != NULL); | |
173 | - | |
174 | - if ( NULL == EC_KEY_get0_private_key(pkey->pkey.ec)) { | |
175 | - return 0; | |
176 | + { | |
177 | + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); | |
178 | + if (ec != NULL && NULL == EC_KEY_get0_private_key(ec)) { | |
179 | + return 0; | |
180 | + } | |
181 | } | |
182 | break; | |
183 | #endif | |
d257ab18 | 184 | @@ -3531,42 +3577,89 @@ static int php_openssl_is_private_key(EV |
e52c962c AM |
185 | } |
186 | /* }}} */ | |
187 | ||
188 | -#define OPENSSL_PKEY_GET_BN(_type, _name) do { \ | |
189 | - if (pkey->pkey._type->_name != NULL) { \ | |
190 | - int len = BN_num_bytes(pkey->pkey._type->_name); \ | |
191 | - char *str = emalloc(len + 1); \ | |
192 | - BN_bn2bin(pkey->pkey._type->_name, (unsigned char*)str); \ | |
193 | - str[len] = 0; \ | |
194 | - add_assoc_stringl(_type, #_name, str, len, 0); \ | |
195 | - } \ | |
196 | - } while (0) | |
197 | - | |
198 | -#define OPENSSL_PKEY_SET_BN(_ht, _type, _name) do { \ | |
199 | - zval **bn; \ | |
200 | - if (zend_hash_find(_ht, #_name, sizeof(#_name), (void**)&bn) == SUCCESS && \ | |
201 | - Z_TYPE_PP(bn) == IS_STRING) { \ | |
202 | - _type->_name = BN_bin2bn( \ | |
203 | - (unsigned char*)Z_STRVAL_PP(bn), \ | |
204 | - Z_STRLEN_PP(bn), NULL); \ | |
205 | - } \ | |
206 | - } while (0); | |
207 | +#define OPENSSL_GET_BN(_array, _bn, _name) do { \ | |
208 | + if (_bn != NULL) { \ | |
209 | + int len = BN_num_bytes(_bn); \ | |
210 | + char *str = emalloc(len + 1); \ | |
211 | + BN_bn2bin(_bn, (unsigned char*)str); \ | |
212 | + str[len] = 0; \ | |
213 | + add_assoc_stringl(&_array, #_name, str, len, 0); \ | |
214 | + } \ | |
215 | +} while (0); | |
216 | + | |
217 | +#define OPENSSL_PKEY_GET_BN(_type, _name) OPENSSL_GET_BN(_type, _name, _name) | |
218 | + | |
219 | +#define OPENSSL_PKEY_SET_BN(_data, _name) do { \ | |
220 | + zval **bn; \ | |
221 | + if (zend_hash_find(Z_ARRVAL_PP(_data), #_name, sizeof(#_name), (void**)bn) == SUCCESS && \ | |
222 | + Z_TYPE_PP(bn) == IS_STRING) { \ | |
223 | + _name = BN_bin2bn( \ | |
224 | + (unsigned char*)Z_STRVAL_PP(bn), \ | |
225 | + (int)Z_STRLEN_PP(bn), NULL); \ | |
226 | + } else { \ | |
227 | + _name = NULL; \ | |
228 | + } \ | |
229 | +} while (0); | |
230 | + | |
231 | +/* {{{ php_openssl_pkey_init_rsa */ | |
232 | +zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa, zval **data) | |
233 | +{ | |
234 | + BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; | |
235 | + | |
236 | + OPENSSL_PKEY_SET_BN(data, n); | |
237 | + OPENSSL_PKEY_SET_BN(data, e); | |
238 | + OPENSSL_PKEY_SET_BN(data, d); | |
239 | + if (!n || !d || !RSA_set0_key(rsa, n, e, d)) { | |
240 | + return 0; | |
241 | + } | |
242 | + | |
243 | + OPENSSL_PKEY_SET_BN(data, p); | |
244 | + OPENSSL_PKEY_SET_BN(data, q); | |
245 | + if ((p || q) && !RSA_set0_factors(rsa, p, q)) { | |
246 | + return 0; | |
247 | + } | |
248 | + | |
249 | + OPENSSL_PKEY_SET_BN(data, dmp1); | |
250 | + OPENSSL_PKEY_SET_BN(data, dmq1); | |
251 | + OPENSSL_PKEY_SET_BN(data, iqmp); | |
252 | + if ((dmp1 || dmq1 || iqmp) && !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) { | |
253 | + return 0; | |
254 | + } | |
255 | + | |
256 | + if (!EVP_PKEY_assign_RSA(pkey, rsa)) { | |
257 | + return 0; | |
258 | + } | |
259 | + | |
260 | + return 1; | |
261 | +} | |
262 | ||
263 | /* {{{ php_openssl_pkey_init_dsa */ | |
264 | -zend_bool php_openssl_pkey_init_dsa(DSA *dsa) | |
265 | +zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval **data) | |
266 | { | |
267 | - if (!dsa->p || !dsa->q || !dsa->g) { | |
268 | + BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
269 | + const BIGNUM *priv_key_const, *pub_key_const; | |
270 | + | |
271 | + OPENSSL_PKEY_SET_BN(data, p); | |
272 | + OPENSSL_PKEY_SET_BN(data, q); | |
273 | + OPENSSL_PKEY_SET_BN(data, g); | |
274 | + if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) { | |
275 | return 0; | |
276 | } | |
277 | - if (dsa->priv_key || dsa->pub_key) { | |
278 | - return 1; | |
279 | + OPENSSL_PKEY_SET_BN(data, pub_key); | |
280 | + OPENSSL_PKEY_SET_BN(data, priv_key); | |
281 | + if (pub_key) { | |
282 | + return DSA_set0_key(dsa, pub_key, priv_key); | |
283 | } | |
284 | + | |
285 | + /* generate key */ | |
286 | PHP_OPENSSL_RAND_ADD_TIME(); | |
287 | if (!DSA_generate_key(dsa)) { | |
288 | return 0; | |
289 | } | |
290 | /* if BN_mod_exp return -1, then DSA_generate_key succeed for failed key | |
291 | * so we need to double check that public key is created */ | |
292 | - if (!dsa->pub_key || BN_is_zero(dsa->pub_key)) { | |
293 | + DSA_get0_key(dsa, &pub_key_const, &priv_key_const); | |
294 | + if (!pub_key_const || BN_is_zero(pub_key_const)) { | |
295 | return 0; | |
296 | } | |
297 | /* all good */ | |
d257ab18 | 298 | @@ -3574,15 +3667,68 @@ zend_bool php_openssl_pkey_init_dsa(DSA |
e52c962c AM |
299 | } |
300 | /* }}} */ | |
301 | ||
302 | +/* {{{ php_openssl_dh_pub_from_priv */ | |
303 | +static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM *p) | |
304 | +{ | |
305 | + BIGNUM *pub_key, *priv_key_const_time; | |
306 | + BN_CTX *ctx; | |
307 | + | |
308 | + pub_key = BN_new(); | |
309 | + if (pub_key == NULL) { | |
310 | + return NULL; | |
311 | + } | |
312 | + | |
313 | + priv_key_const_time = BN_new(); | |
314 | + if (priv_key_const_time == NULL) { | |
315 | + BN_free(pub_key); | |
316 | + return NULL; | |
317 | + } | |
318 | + ctx = BN_CTX_new(); | |
319 | + if (ctx == NULL) { | |
320 | + BN_free(pub_key); | |
321 | + BN_free(priv_key_const_time); | |
322 | + return NULL; | |
323 | + } | |
324 | + | |
325 | + BN_with_flags(priv_key_const_time, priv_key, BN_FLG_CONSTTIME); | |
326 | + | |
327 | + if (!BN_mod_exp_mont(pub_key, g, priv_key_const_time, p, ctx, NULL)) { | |
328 | + BN_free(pub_key); | |
329 | + pub_key = NULL; | |
330 | + } | |
331 | + | |
332 | + BN_free(priv_key_const_time); | |
333 | + BN_CTX_free(ctx); | |
334 | + | |
335 | + return pub_key; | |
336 | +} | |
337 | +/* }}} */ | |
338 | + | |
339 | /* {{{ php_openssl_pkey_init_dh */ | |
340 | -zend_bool php_openssl_pkey_init_dh(DH *dh) | |
341 | +zend_bool php_openssl_pkey_init_dh(DH *dh, zval **data) | |
342 | { | |
343 | - if (!dh->p || !dh->g) { | |
344 | + BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
345 | + | |
346 | + OPENSSL_PKEY_SET_BN(data, p); | |
347 | + OPENSSL_PKEY_SET_BN(data, q); | |
348 | + OPENSSL_PKEY_SET_BN(data, g); | |
349 | + if (!p || !g || !DH_set0_pqg(dh, p, q, g)) { | |
350 | return 0; | |
351 | } | |
352 | - if (dh->pub_key) { | |
353 | - return 1; | |
354 | + OPENSSL_PKEY_SET_BN(data, priv_key); | |
355 | + OPENSSL_PKEY_SET_BN(data, pub_key); | |
356 | + if (pub_key) { | |
357 | + return DH_set0_key(dh, pub_key, priv_key); | |
358 | + } | |
359 | + if (priv_key) { | |
360 | + pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p); | |
361 | + if (pub_key == NULL) { | |
362 | + return 0; | |
363 | + } | |
364 | + return DH_set0_key(dh, pub_key, priv_key); | |
365 | } | |
366 | + | |
367 | + /* generate key */ | |
368 | PHP_OPENSSL_RAND_ADD_TIME(); | |
369 | if (!DH_generate_key(dh)) { | |
370 | return 0; | |
d257ab18 | 371 | @@ -3614,18 +3760,8 @@ PHP_FUNCTION(openssl_pkey_new) |
e52c962c AM |
372 | if (pkey) { |
373 | RSA *rsa = RSA_new(); | |
374 | if (rsa) { | |
375 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, n); | |
376 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, e); | |
377 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, d); | |
378 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, p); | |
379 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, q); | |
380 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1); | |
381 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1); | |
382 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp); | |
383 | - if (rsa->n && rsa->d) { | |
384 | - if (EVP_PKEY_assign_RSA(pkey, rsa)) { | |
385 | - RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
386 | - } | |
387 | + if (php_openssl_pkey_init_and_assign_rsa(pkey, rsa, data)) { | |
388 | + RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
389 | } | |
390 | RSA_free(rsa); | |
391 | } | |
d257ab18 | 392 | @@ -3638,12 +3774,7 @@ PHP_FUNCTION(openssl_pkey_new) |
e52c962c AM |
393 | if (pkey) { |
394 | DSA *dsa = DSA_new(); | |
395 | if (dsa) { | |
396 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, p); | |
397 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, q); | |
398 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g); | |
399 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key); | |
400 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key); | |
401 | - if (php_openssl_pkey_init_dsa(dsa)) { | |
402 | + if (php_openssl_pkey_init_dsa(dsa, data)) { | |
403 | if (EVP_PKEY_assign_DSA(pkey, dsa)) { | |
404 | RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
405 | } | |
d257ab18 | 406 | @@ -3659,11 +3790,7 @@ PHP_FUNCTION(openssl_pkey_new) |
e52c962c AM |
407 | if (pkey) { |
408 | DH *dh = DH_new(); | |
409 | if (dh) { | |
410 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, p); | |
411 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g); | |
412 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key); | |
413 | - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key); | |
414 | - if (php_openssl_pkey_init_dh(dh)) { | |
415 | + if (php_openssl_pkey_init_dh(dh, data)) { | |
416 | if (EVP_PKEY_assign_DH(pkey, dh)) { | |
417 | RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
418 | } | |
d257ab18 | 419 | @@ -3738,7 +3865,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file |
e52c962c AM |
420 | cipher = NULL; |
421 | } | |
422 | ||
423 | - switch (EVP_PKEY_type(key->type)) { | |
424 | + switch (EVP_PKEY_base_id(key)) { | |
425 | #ifdef HAVE_EVP_PKEY_EC | |
426 | case EVP_PKEY_EC: | |
427 | pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL); | |
d257ab18 | 428 | @@ -3807,7 +3934,7 @@ PHP_FUNCTION(openssl_pkey_export) |
e52c962c AM |
429 | cipher = NULL; |
430 | } | |
431 | ||
432 | - switch (EVP_PKEY_type(key->type)) { | |
433 | + switch (EVP_PKEY_base_id(key)) { | |
434 | #ifdef HAVE_EVP_PKEY_EC | |
435 | case EVP_PKEY_EC: | |
436 | pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL); | |
d257ab18 | 437 | @@ -3928,25 +4055,32 @@ PHP_FUNCTION(openssl_pkey_get_details) |
e52c962c AM |
438 | /*TODO: Use the real values once the openssl constants are used |
439 | * See the enum at the top of this file | |
440 | */ | |
441 | - switch (EVP_PKEY_type(pkey->type)) { | |
442 | + switch (EVP_PKEY_base_id(pkey)) { | |
443 | case EVP_PKEY_RSA: | |
444 | case EVP_PKEY_RSA2: | |
445 | - ktype = OPENSSL_KEYTYPE_RSA; | |
446 | - | |
447 | - if (pkey->pkey.rsa != NULL) { | |
448 | - zval *rsa; | |
449 | - | |
450 | - ALLOC_INIT_ZVAL(rsa); | |
451 | - array_init(rsa); | |
452 | - OPENSSL_PKEY_GET_BN(rsa, n); | |
453 | - OPENSSL_PKEY_GET_BN(rsa, e); | |
454 | - OPENSSL_PKEY_GET_BN(rsa, d); | |
455 | - OPENSSL_PKEY_GET_BN(rsa, p); | |
456 | - OPENSSL_PKEY_GET_BN(rsa, q); | |
457 | - OPENSSL_PKEY_GET_BN(rsa, dmp1); | |
458 | - OPENSSL_PKEY_GET_BN(rsa, dmq1); | |
459 | - OPENSSL_PKEY_GET_BN(rsa, iqmp); | |
460 | - add_assoc_zval(return_value, "rsa", rsa); | |
461 | + { | |
462 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
463 | + ktype = OPENSSL_KEYTYPE_RSA; | |
464 | + | |
465 | + if (rsa != NULL) { | |
466 | + zval z_rsa; | |
467 | + const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; | |
468 | + | |
469 | + RSA_get0_key(rsa, &n, &e, &d); | |
470 | + RSA_get0_factors(rsa, &p, &q); | |
471 | + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); | |
472 | + | |
473 | + array_init(&z_rsa); | |
474 | + OPENSSL_PKEY_GET_BN(z_rsa, n); | |
475 | + OPENSSL_PKEY_GET_BN(z_rsa, e); | |
476 | + OPENSSL_PKEY_GET_BN(z_rsa, d); | |
477 | + OPENSSL_PKEY_GET_BN(z_rsa, p); | |
478 | + OPENSSL_PKEY_GET_BN(z_rsa, q); | |
479 | + OPENSSL_PKEY_GET_BN(z_rsa, dmp1); | |
480 | + OPENSSL_PKEY_GET_BN(z_rsa, dmq1); | |
481 | + OPENSSL_PKEY_GET_BN(z_rsa, iqmp); | |
482 | + add_assoc_zval(return_value, "rsa", &z_rsa); | |
483 | + } | |
484 | } | |
485 | ||
486 | break; | |
d257ab18 | 487 | @@ -3954,42 +4088,53 @@ PHP_FUNCTION(openssl_pkey_get_details) |
e52c962c AM |
488 | case EVP_PKEY_DSA2: |
489 | case EVP_PKEY_DSA3: | |
490 | case EVP_PKEY_DSA4: | |
491 | - ktype = OPENSSL_KEYTYPE_DSA; | |
492 | - | |
493 | - if (pkey->pkey.dsa != NULL) { | |
494 | - zval *dsa; | |
495 | - | |
496 | - ALLOC_INIT_ZVAL(dsa); | |
497 | - array_init(dsa); | |
498 | - OPENSSL_PKEY_GET_BN(dsa, p); | |
499 | - OPENSSL_PKEY_GET_BN(dsa, q); | |
500 | - OPENSSL_PKEY_GET_BN(dsa, g); | |
501 | - OPENSSL_PKEY_GET_BN(dsa, priv_key); | |
502 | - OPENSSL_PKEY_GET_BN(dsa, pub_key); | |
503 | - add_assoc_zval(return_value, "dsa", dsa); | |
504 | + { | |
505 | + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
506 | + ktype = OPENSSL_KEYTYPE_DSA; | |
507 | + | |
508 | + if (dsa != NULL) { | |
509 | + zval z_dsa; | |
510 | + const BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
511 | + | |
512 | + DSA_get0_pqg(dsa, &p, &q, &g); | |
513 | + DSA_get0_key(dsa, &pub_key, &priv_key); | |
514 | + | |
515 | + array_init(&z_dsa); | |
516 | + OPENSSL_PKEY_GET_BN(z_dsa, p); | |
517 | + OPENSSL_PKEY_GET_BN(z_dsa, q); | |
518 | + OPENSSL_PKEY_GET_BN(z_dsa, g); | |
519 | + OPENSSL_PKEY_GET_BN(z_dsa, priv_key); | |
520 | + OPENSSL_PKEY_GET_BN(z_dsa, pub_key); | |
521 | + add_assoc_zval(return_value, "dsa", &z_dsa); | |
522 | + } | |
523 | } | |
524 | break; | |
525 | case EVP_PKEY_DH: | |
526 | - | |
527 | - ktype = OPENSSL_KEYTYPE_DH; | |
528 | - | |
529 | - if (pkey->pkey.dh != NULL) { | |
530 | - zval *dh; | |
531 | - | |
532 | - ALLOC_INIT_ZVAL(dh); | |
533 | - array_init(dh); | |
534 | - OPENSSL_PKEY_GET_BN(dh, p); | |
535 | - OPENSSL_PKEY_GET_BN(dh, g); | |
536 | - OPENSSL_PKEY_GET_BN(dh, priv_key); | |
537 | - OPENSSL_PKEY_GET_BN(dh, pub_key); | |
538 | - add_assoc_zval(return_value, "dh", dh); | |
539 | + { | |
540 | + DH *dh = EVP_PKEY_get0_DH(pkey); | |
541 | + ktype = OPENSSL_KEYTYPE_DH; | |
542 | + | |
543 | + if (dh != NULL) { | |
544 | + zval z_dh; | |
545 | + const BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
546 | + | |
547 | + DH_get0_pqg(dh, &p, &q, &g); | |
548 | + DH_get0_key(dh, &pub_key, &priv_key); | |
549 | + | |
550 | + array_init(&z_dh); | |
551 | + OPENSSL_PKEY_GET_BN(z_dh, p); | |
552 | + OPENSSL_PKEY_GET_BN(z_dh, g); | |
553 | + OPENSSL_PKEY_GET_BN(z_dh, priv_key); | |
554 | + OPENSSL_PKEY_GET_BN(z_dh, pub_key); | |
555 | + add_assoc_zval(return_value, "dh", &z_dh); | |
556 | + } | |
557 | } | |
558 | ||
559 | break; | |
560 | #ifdef HAVE_EVP_PKEY_EC | |
561 | case EVP_PKEY_EC: | |
562 | ktype = OPENSSL_KEYTYPE_EC; | |
563 | - if (pkey->pkey.ec != NULL) { | |
564 | + if (EVP_PKEY_get0_EC_KEY(pkey) != NULL) { | |
565 | zval *ec; | |
566 | const EC_GROUP *ec_group; | |
567 | int nid; | |
d257ab18 | 568 | @@ -4546,13 +4691,13 @@ PHP_FUNCTION(openssl_private_encrypt) |
e52c962c AM |
569 | cryptedlen = EVP_PKEY_size(pkey); |
570 | cryptedbuf = emalloc(cryptedlen + 1); | |
571 | ||
572 | - switch (pkey->type) { | |
573 | + switch (EVP_PKEY_id(pkey)) { | |
574 | case EVP_PKEY_RSA: | |
575 | case EVP_PKEY_RSA2: | |
576 | successful = (RSA_private_encrypt(data_len, | |
577 | (unsigned char *)data, | |
578 | cryptedbuf, | |
579 | - pkey->pkey.rsa, | |
580 | + EVP_PKEY_get0_RSA(pkey), | |
581 | padding) == cryptedlen); | |
582 | break; | |
583 | default: | |
d257ab18 | 584 | @@ -4604,13 +4749,13 @@ PHP_FUNCTION(openssl_private_decrypt) |
e52c962c AM |
585 | cryptedlen = EVP_PKEY_size(pkey); |
586 | crypttemp = emalloc(cryptedlen + 1); | |
587 | ||
588 | - switch (pkey->type) { | |
589 | + switch (EVP_PKEY_id(pkey)) { | |
590 | case EVP_PKEY_RSA: | |
591 | case EVP_PKEY_RSA2: | |
592 | cryptedlen = RSA_private_decrypt(data_len, | |
593 | (unsigned char *)data, | |
594 | crypttemp, | |
595 | - pkey->pkey.rsa, | |
596 | + EVP_PKEY_get0_RSA(pkey), | |
597 | padding); | |
598 | if (cryptedlen != -1) { | |
599 | cryptedbuf = emalloc(cryptedlen + 1); | |
d257ab18 | 600 | @@ -4669,13 +4814,13 @@ PHP_FUNCTION(openssl_public_encrypt) |
e52c962c AM |
601 | cryptedlen = EVP_PKEY_size(pkey); |
602 | cryptedbuf = emalloc(cryptedlen + 1); | |
603 | ||
604 | - switch (pkey->type) { | |
605 | + switch (EVP_PKEY_id(pkey)) { | |
606 | case EVP_PKEY_RSA: | |
607 | case EVP_PKEY_RSA2: | |
608 | successful = (RSA_public_encrypt(data_len, | |
609 | (unsigned char *)data, | |
610 | - cryptedbuf, | |
611 | - pkey->pkey.rsa, | |
612 | + cryptedbuf, | |
613 | + EVP_PKEY_get0_RSA(pkey), | |
614 | padding) == cryptedlen); | |
615 | break; | |
616 | default: | |
d257ab18 | 617 | @@ -4728,13 +4873,13 @@ PHP_FUNCTION(openssl_public_decrypt) |
e52c962c AM |
618 | cryptedlen = EVP_PKEY_size(pkey); |
619 | crypttemp = emalloc(cryptedlen + 1); | |
620 | ||
621 | - switch (pkey->type) { | |
622 | + switch (EVP_PKEY_id(pkey)) { | |
623 | case EVP_PKEY_RSA: | |
624 | case EVP_PKEY_RSA2: | |
625 | cryptedlen = RSA_public_decrypt(data_len, | |
626 | (unsigned char *)data, | |
627 | - crypttemp, | |
628 | - pkey->pkey.rsa, | |
629 | + crypttemp, | |
630 | + EVP_PKEY_get0_RSA(pkey), | |
631 | padding); | |
632 | if (cryptedlen != -1) { | |
633 | cryptedbuf = emalloc(cryptedlen + 1); | |
d257ab18 | 634 | @@ -4798,7 +4943,7 @@ PHP_FUNCTION(openssl_sign) |
e52c962c AM |
635 | long keyresource = -1; |
636 | char * data; | |
637 | int data_len; | |
638 | - EVP_MD_CTX md_ctx; | |
639 | + EVP_MD_CTX *md_ctx; | |
640 | zval *method = NULL; | |
641 | long signature_algo = OPENSSL_ALGO_SHA1; | |
642 | const EVP_MD *mdtype; | |
d257ab18 | 643 | @@ -4831,9 +4976,11 @@ PHP_FUNCTION(openssl_sign) |
e52c962c AM |
644 | siglen = EVP_PKEY_size(pkey); |
645 | sigbuf = emalloc(siglen + 1); | |
646 | ||
647 | - EVP_SignInit(&md_ctx, mdtype); | |
648 | - EVP_SignUpdate(&md_ctx, data, data_len); | |
649 | - if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) { | |
650 | + md_ctx = EVP_MD_CTX_create(); | |
651 | + if (md_ctx != NULL && | |
652 | + EVP_SignInit(md_ctx, mdtype) && | |
653 | + EVP_SignUpdate(md_ctx, data, data_len) && | |
654 | + EVP_SignFinal(md_ctx, (unsigned char*)sigbuf, &siglen, pkey)) { | |
655 | zval_dtor(signature); | |
656 | sigbuf[siglen] = '\0'; | |
657 | ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0); | |
d257ab18 | 658 | @@ -4842,7 +4989,7 @@ PHP_FUNCTION(openssl_sign) |
e52c962c AM |
659 | efree(sigbuf); |
660 | RETVAL_FALSE; | |
661 | } | |
662 | - EVP_MD_CTX_cleanup(&md_ctx); | |
663 | + EVP_MD_CTX_destroy(md_ctx); | |
664 | if (keyresource == -1) { | |
665 | EVP_PKEY_free(pkey); | |
666 | } | |
d257ab18 | 667 | @@ -4855,8 +5002,8 @@ PHP_FUNCTION(openssl_verify) |
e52c962c AM |
668 | { |
669 | zval **key; | |
670 | EVP_PKEY *pkey; | |
671 | - int err; | |
672 | - EVP_MD_CTX md_ctx; | |
673 | + int err = 0; | |
674 | + EVP_MD_CTX *md_ctx; | |
675 | const EVP_MD *mdtype; | |
676 | long keyresource = -1; | |
677 | char * data; int data_len; | |
d257ab18 | 678 | @@ -4890,10 +5037,13 @@ PHP_FUNCTION(openssl_verify) |
e52c962c AM |
679 | RETURN_FALSE; |
680 | } | |
681 | ||
682 | - EVP_VerifyInit (&md_ctx, mdtype); | |
683 | - EVP_VerifyUpdate (&md_ctx, data, data_len); | |
684 | - err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey); | |
685 | - EVP_MD_CTX_cleanup(&md_ctx); | |
686 | + md_ctx = EVP_MD_CTX_create(); | |
687 | + if (md_ctx != NULL) { | |
688 | + EVP_VerifyInit(md_ctx, mdtype); | |
689 | + EVP_VerifyUpdate (md_ctx, data, data_len); | |
690 | + err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey); | |
691 | + } | |
692 | + EVP_MD_CTX_destroy(md_ctx); | |
693 | ||
694 | if (keyresource == -1) { | |
695 | EVP_PKEY_free(pkey); | |
d257ab18 | 696 | @@ -4917,7 +5067,7 @@ PHP_FUNCTION(openssl_seal) |
e52c962c AM |
697 | char *method =NULL; |
698 | int method_len = 0; | |
699 | const EVP_CIPHER *cipher; | |
700 | - EVP_CIPHER_CTX ctx; | |
701 | + EVP_CIPHER_CTX *ctx; | |
702 | ||
703 | if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/|s", &data, &data_len, &sealdata, &ekeys, &pubkeys, &method, &method_len) == FAILURE) { | |
704 | return; | |
d257ab18 | 705 | @@ -4968,9 +5118,10 @@ PHP_FUNCTION(openssl_seal) |
e52c962c AM |
706 | i++; |
707 | } | |
708 | ||
709 | - if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) { | |
710 | + ctx = EVP_CIPHER_CTX_new(); | |
711 | + if (ctx == NULL || !EVP_EncryptInit(ctx,cipher,NULL,NULL)) { | |
712 | + EVP_CIPHER_CTX_free(ctx); | |
713 | RETVAL_FALSE; | |
714 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
715 | goto clean_exit; | |
716 | } | |
717 | ||
d257ab18 | 718 | @@ -4980,15 +5131,15 @@ PHP_FUNCTION(openssl_seal) |
e52c962c AM |
719 | iv = ivlen ? emalloc(ivlen + 1) : NULL; |
720 | #endif | |
721 | /* allocate one byte extra to make room for \0 */ | |
722 | - buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx)); | |
723 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
724 | + buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx)); | |
725 | + EVP_CIPHER_CTX_cleanup(ctx); | |
726 | ||
727 | - if (EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) <= 0 || | |
728 | - !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len) || | |
729 | - !EVP_SealFinal(&ctx, buf + len1, &len2)) { | |
730 | + if (EVP_SealInit(ctx, cipher, eks, eksl, NULL, pkeys, nkeys) <= 0 || | |
731 | + !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len) || | |
732 | + !EVP_SealFinal(ctx, buf + len1, &len2)) { | |
733 | RETVAL_FALSE; | |
734 | efree(buf); | |
735 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
736 | + EVP_CIPHER_CTX_free(ctx); | |
737 | goto clean_exit; | |
738 | } | |
739 | ||
d257ab18 | 740 | @@ -5019,7 +5170,7 @@ PHP_FUNCTION(openssl_seal) |
e52c962c AM |
741 | efree(buf); |
742 | } | |
743 | RETVAL_LONG(len1 + len2); | |
744 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
745 | + EVP_CIPHER_CTX_free(ctx); | |
746 | ||
791b59e4 JR |
747 | clean_exit: |
748 | for (i=0; i<nkeys; i++) { | |
d257ab18 | 749 | @@ -5046,7 +5197,7 @@ PHP_FUNCTION(openssl_open) |
e52c962c AM |
750 | int len1, len2; |
751 | unsigned char *buf; | |
752 | long keyresource = -1; | |
753 | - EVP_CIPHER_CTX ctx; | |
754 | + EVP_CIPHER_CTX *ctx; | |
755 | char * data; int data_len; | |
756 | char * ekey; int ekey_len; | |
757 | char *method =NULL; | |
d257ab18 | 758 | @@ -5072,27 +5223,26 @@ PHP_FUNCTION(openssl_open) |
e52c962c AM |
759 | } else { |
760 | cipher = EVP_rc4(); | |
761 | } | |
762 | - | |
763 | + | |
764 | buf = emalloc(data_len + 1); | |
765 | ||
766 | - if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
767 | - if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) { | |
768 | - efree(buf); | |
769 | - RETVAL_FALSE; | |
770 | - } else { | |
771 | - zval_dtor(opendata); | |
772 | - buf[len1 + len2] = '\0'; | |
773 | - ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); | |
774 | - RETVAL_TRUE; | |
775 | - } | |
776 | + ctx = EVP_CIPHER_CTX_new(); | |
777 | + if (ctx != NULL && EVP_OpenInit(ctx, cipher, (unsigned char *)ekey, (int)ekey_len, NULL, pkey) && | |
778 | + EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) && | |
779 | + EVP_OpenFinal(ctx, buf + len1, &len2) && (len1 + len2 > 0)) { | |
780 | + zval_dtor(opendata); | |
781 | + buf[len1 + len2] = '\0'; | |
782 | + ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); | |
783 | + RETVAL_TRUE; | |
784 | } else { | |
785 | - efree(buf); | |
786 | RETVAL_FALSE; | |
787 | } | |
788 | + | |
789 | + efree(buf); | |
790 | if (keyresource == -1) { | |
791 | EVP_PKEY_free(pkey); | |
792 | } | |
793 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
794 | + EVP_CIPHER_CTX_free(ctx); | |
795 | } | |
796 | /* }}} */ | |
797 | ||
d257ab18 | 798 | @@ -5152,7 +5302,7 @@ PHP_FUNCTION(openssl_digest) |
e52c962c AM |
799 | char *data, *method; |
800 | int data_len, method_len; | |
801 | const EVP_MD *mdtype; | |
802 | - EVP_MD_CTX md_ctx; | |
803 | + EVP_MD_CTX *md_ctx; | |
804 | int siglen; | |
805 | unsigned char *sigbuf; | |
806 | ||
d257ab18 | 807 | @@ -5168,9 +5318,10 @@ PHP_FUNCTION(openssl_digest) |
e52c962c AM |
808 | siglen = EVP_MD_size(mdtype); |
809 | sigbuf = emalloc(siglen + 1); | |
810 | ||
811 | - EVP_DigestInit(&md_ctx, mdtype); | |
812 | - EVP_DigestUpdate(&md_ctx, (unsigned char *)data, data_len); | |
813 | - if (EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) { | |
814 | + md_ctx = EVP_MD_CTX_create(); | |
815 | + if (EVP_DigestInit(md_ctx, mdtype) && | |
816 | + EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len) && | |
817 | + EVP_DigestFinal (md_ctx, (unsigned char *)sigbuf, &siglen)) { | |
818 | if (raw_output) { | |
819 | sigbuf[siglen] = '\0'; | |
820 | RETVAL_STRINGL((char *)sigbuf, siglen, 0); | |
d257ab18 | 821 | @@ -5186,6 +5337,8 @@ PHP_FUNCTION(openssl_digest) |
e52c962c AM |
822 | efree(sigbuf); |
823 | RETVAL_FALSE; | |
824 | } | |
825 | + | |
826 | + EVP_MD_CTX_destroy(md_ctx); | |
827 | } | |
828 | /* }}} */ | |
829 | ||
d257ab18 | 830 | @@ -5231,7 +5384,7 @@ PHP_FUNCTION(openssl_encrypt) |
e52c962c AM |
831 | char *data, *method, *password, *iv = ""; |
832 | int data_len, method_len, password_len, iv_len = 0, max_iv_len; | |
833 | const EVP_CIPHER *cipher_type; | |
834 | - EVP_CIPHER_CTX cipher_ctx; | |
835 | + EVP_CIPHER_CTX *cipher_ctx; | |
836 | int i=0, outlen, keylen; | |
837 | unsigned char *outbuf, *key; | |
838 | zend_bool free_iv; | |
d257ab18 | 839 | @@ -5245,6 +5398,12 @@ PHP_FUNCTION(openssl_encrypt) |
e52c962c AM |
840 | RETURN_FALSE; |
841 | } | |
842 | ||
843 | + cipher_ctx = EVP_CIPHER_CTX_new(); | |
844 | + if (!cipher_ctx) { | |
845 | + php_error_docref(NULL, E_WARNING, "Failed to create cipher context"); | |
846 | + RETURN_FALSE; | |
847 | + } | |
848 | + | |
849 | keylen = EVP_CIPHER_key_length(cipher_type); | |
850 | if (keylen > password_len) { | |
851 | key = emalloc(keylen); | |
d257ab18 | 852 | @@ -5263,19 +5422,19 @@ PHP_FUNCTION(openssl_encrypt) |
e52c962c AM |
853 | outlen = data_len + EVP_CIPHER_block_size(cipher_type); |
854 | outbuf = safe_emalloc(outlen, 1, 1); | |
855 | ||
856 | - EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL); | |
857 | + EVP_EncryptInit(cipher_ctx, cipher_type, NULL, NULL); | |
858 | if (password_len > keylen) { | |
859 | - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); | |
860 | + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); | |
861 | } | |
862 | - EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
863 | + EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
864 | if (options & OPENSSL_ZERO_PADDING) { | |
865 | - EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); | |
866 | + EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); | |
867 | } | |
868 | if (data_len > 0) { | |
869 | - EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
870 | + EVP_EncryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
871 | } | |
872 | outlen = i; | |
873 | - if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
874 | + if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
875 | outlen += i; | |
876 | if (options & OPENSSL_RAW_DATA) { | |
877 | outbuf[outlen] = '\0'; | |
d257ab18 | 878 | @@ -5302,7 +5461,7 @@ PHP_FUNCTION(openssl_encrypt) |
e52c962c AM |
879 | if (free_iv) { |
880 | efree(iv); | |
881 | } | |
882 | - EVP_CIPHER_CTX_cleanup(&cipher_ctx); | |
883 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
884 | } | |
885 | /* }}} */ | |
886 | ||
d257ab18 | 887 | @@ -5314,7 +5473,7 @@ PHP_FUNCTION(openssl_decrypt) |
e52c962c AM |
888 | char *data, *method, *password, *iv = ""; |
889 | int data_len, method_len, password_len, iv_len = 0; | |
890 | const EVP_CIPHER *cipher_type; | |
891 | - EVP_CIPHER_CTX cipher_ctx; | |
892 | + EVP_CIPHER_CTX *cipher_ctx; | |
893 | int i, outlen, keylen; | |
894 | unsigned char *outbuf, *key; | |
895 | int base64_str_len; | |
d257ab18 | 896 | @@ -5336,10 +5495,17 @@ PHP_FUNCTION(openssl_decrypt) |
e52c962c AM |
897 | RETURN_FALSE; |
898 | } | |
899 | ||
900 | + cipher_ctx = EVP_CIPHER_CTX_new(); | |
901 | + if (!cipher_ctx) { | |
902 | + php_error_docref(NULL, E_WARNING, "Failed to create cipher context"); | |
903 | + RETURN_FALSE; | |
904 | + } | |
905 | + | |
906 | if (!(options & OPENSSL_RAW_DATA)) { | |
907 | base64_str = (char*)php_base64_decode((unsigned char*)data, data_len, &base64_str_len); | |
908 | if (!base64_str) { | |
909 | php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to base64 decode the input"); | |
910 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
911 | RETURN_FALSE; | |
912 | } | |
913 | data_len = base64_str_len; | |
d257ab18 | 914 | @@ -5360,17 +5526,17 @@ PHP_FUNCTION(openssl_decrypt) |
e52c962c AM |
915 | outlen = data_len + EVP_CIPHER_block_size(cipher_type); |
916 | outbuf = emalloc(outlen + 1); | |
917 | ||
918 | - EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL); | |
919 | + EVP_DecryptInit(cipher_ctx, cipher_type, NULL, NULL); | |
920 | if (password_len > keylen) { | |
921 | - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); | |
922 | + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); | |
923 | } | |
924 | - EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
925 | + EVP_DecryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
926 | if (options & OPENSSL_ZERO_PADDING) { | |
927 | - EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); | |
928 | + EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); | |
929 | } | |
930 | - EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
931 | + EVP_DecryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
932 | outlen = i; | |
933 | - if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
934 | + if (EVP_DecryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
935 | outlen += i; | |
936 | outbuf[outlen] = '\0'; | |
937 | RETVAL_STRINGL((char *)outbuf, outlen, 0); | |
d257ab18 | 938 | @@ -5387,7 +5553,7 @@ PHP_FUNCTION(openssl_decrypt) |
e52c962c AM |
939 | if (base64_str) { |
940 | efree(base64_str); | |
941 | } | |
942 | - EVP_CIPHER_CTX_cleanup(&cipher_ctx); | |
943 | + EVP_CIPHER_CTX_free(cipher_ctx); | |
944 | } | |
945 | /* }}} */ | |
946 | ||
d257ab18 | 947 | @@ -5425,6 +5591,7 @@ PHP_FUNCTION(openssl_dh_compute_key) |
e52c962c AM |
948 | zval *key; |
949 | char *pub_str; | |
950 | int pub_len; | |
951 | + DH *dh; | |
952 | EVP_PKEY *pkey; | |
953 | BIGNUM *pub; | |
954 | char *data; | |
d257ab18 | 955 | @@ -5434,14 +5601,18 @@ PHP_FUNCTION(openssl_dh_compute_key) |
e52c962c AM |
956 | return; |
957 | } | |
958 | ZEND_FETCH_RESOURCE(pkey, EVP_PKEY *, &key, -1, "OpenSSL key", le_key); | |
959 | - if (!pkey || EVP_PKEY_type(pkey->type) != EVP_PKEY_DH || !pkey->pkey.dh) { | |
960 | + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) { | |
961 | + RETURN_FALSE; | |
962 | + } | |
963 | + dh = EVP_PKEY_get0_DH(pkey); | |
964 | + if (dh == NULL) { | |
965 | RETURN_FALSE; | |
966 | } | |
967 | ||
968 | pub = BN_bin2bn((unsigned char*)pub_str, pub_len, NULL); | |
969 | ||
970 | - data = emalloc(DH_size(pkey->pkey.dh) + 1); | |
971 | - len = DH_compute_key((unsigned char*)data, pub, pkey->pkey.dh); | |
972 | + data = emalloc(DH_size(dh) + 1); | |
973 | + len = DH_compute_key((unsigned char*)data, pub, dh); | |
974 | ||
975 | if (len >= 0) { | |
976 | data[len] = 0; | |
d257ab18 AM |
977 | diff -urNp -x '*.orig' php-5.6.40.org/ext/openssl/xp_ssl.c php-5.6.40/ext/openssl/xp_ssl.c |
978 | --- php-5.6.40.org/ext/openssl/xp_ssl.c 2019-01-09 10:54:13.000000000 +0100 | |
979 | +++ php-5.6.40/ext/openssl/xp_ssl.c 2022-01-20 15:30:50.013263110 +0100 | |
980 | @@ -2414,7 +2414,7 @@ php_stream *php_openssl_ssl_socket_facto | |
981 | ||
982 | if (strncmp(proto, "ssl", protolen) == 0) { | |
983 | sslsock->enable_on_connect = 1; | |
984 | - sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_ANY_CLIENT); | |
985 | + sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT); | |
986 | } else if (strncmp(proto, "sslv2", protolen) == 0) { | |
987 | #ifdef OPENSSL_NO_SSL2 | |
988 | php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against"); | |
989 | @@ -2433,7 +2433,7 @@ php_stream *php_openssl_ssl_socket_facto | |
990 | #endif | |
991 | } else if (strncmp(proto, "tls", protolen) == 0) { | |
992 | sslsock->enable_on_connect = 1; | |
993 | - sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_CLIENT); | |
994 | + sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT); | |
995 | } else if (strncmp(proto, "tlsv1.0", protolen) == 0) { | |
996 | sslsock->enable_on_connect = 1; | |
997 | sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT; | |
998 | diff -urNp -x '*.orig' php-5.6.40.org/main/streams/php_stream_transport.h php-5.6.40/main/streams/php_stream_transport.h | |
999 | --- php-5.6.40.org/main/streams/php_stream_transport.h 2019-01-09 10:54:13.000000000 +0100 | |
1000 | +++ php-5.6.40/main/streams/php_stream_transport.h 2022-01-20 15:30:50.013263110 +0100 | |
1001 | @@ -174,8 +174,8 @@ typedef enum { | |
1002 | STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT = (1 << 3 | 1), | |
1003 | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT = (1 << 4 | 1), | |
1004 | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 | 1), | |
1005 | - /* tls now equates only to the specific TLSv1 method for BC with pre-5.6 */ | |
1006 | - STREAM_CRYPTO_METHOD_TLS_CLIENT = (1 << 3 | 1), | |
1007 | + /* TLS equates to TLS_ANY as of PHP 7.2 */ | |
1008 | + STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1), | |
1009 | STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1), | |
1010 | STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | 1), | |
1011 | STREAM_CRYPTO_METHOD_SSLv2_SERVER = (1 << 1), | |
1012 | @@ -185,8 +185,8 @@ typedef enum { | |
1013 | STREAM_CRYPTO_METHOD_TLSv1_0_SERVER = (1 << 3), | |
1014 | STREAM_CRYPTO_METHOD_TLSv1_1_SERVER = (1 << 4), | |
1015 | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER = (1 << 5), | |
1016 | - /* tls equates only to the specific TLSv1 method for BC with pre-5.6 */ | |
1017 | - STREAM_CRYPTO_METHOD_TLS_SERVER = (1 << 3), | |
1018 | + /* TLS equates to TLS_ANY as of PHP 7.2 */ | |
1019 | + STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)), | |
1020 | STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)), | |
1021 | STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5)) | |
1022 | } php_stream_xport_crypt_method_t; | |
710193cf AM |
1023 | --- php-5.6.40/ext/openssl/xp_ssl.c~ 2022-03-29 16:13:39.000000000 +0200 |
1024 | +++ php-5.6.40/ext/openssl/xp_ssl.c 2022-03-29 16:16:30.196548935 +0200 | |
1025 | @@ -1242,6 +1242,10 @@ | |
1026 | } | |
1027 | #endif | |
1028 | ||
1029 | +#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF | |
1030 | + ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF; | |
1031 | +#endif | |
1032 | + | |
1033 | if (php_stream_context_get_option(stream->context, "ssl", "dh_param", &val) == SUCCESS) { | |
1034 | convert_to_string_ex(val); | |
1035 | if (FAILURE == set_server_dh_param(ctx, Z_STRVAL_PP(val) TSRMLS_CC)) { | |
1036 | @@ -1489,6 +1493,10 @@ | |
1037 | return FAILURE; | |
1038 | } | |
1039 | ||
1040 | +#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF | |
1041 | + ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF; | |
1042 | +#endif | |
1043 | + | |
1044 | #if OPENSSL_VERSION_NUMBER >= 0x0090806fL | |
1045 | if (GET_VER_OPT("no_ticket") && zend_is_true(*val)) { | |
1046 | ssl_ctx_options |= SSL_OP_NO_TICKET; |