]>
Commit | Line | Data |
---|---|---|
f432e880 AM |
1 | diff -ur php-5.2.17/ext/openssl.org/openssl.c php-5.2.17/ext/openssl/openssl.c |
2 | --- php-5.2.17/ext/openssl.org/openssl.c 2018-09-28 10:44:23.152948019 +0200 | |
3 | +++ php-5.2.17/ext/openssl/openssl.c 2018-09-28 10:55:24.424744224 +0200 | |
4 | @@ -73,6 +73,13 @@ | |
5 | ZEND_ARG_PASS_INFO(1) | |
6 | ZEND_END_ARG_INFO(); | |
7 | ||
8 | + | |
9 | +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) | |
10 | +#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0) | |
11 | +#else | |
12 | +#define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval() | |
13 | +#endif | |
14 | + | |
15 | /* FIXME: Use the openssl constants instead of | |
16 | * enum. It is now impossible to match real values | |
17 | * against php constants. Also sorry to break the | |
18 | @@ -608,11 +615,6 @@ | |
19 | #endif | |
20 | if (file == NULL) { | |
21 | file = RAND_file_name(buffer, sizeof(buffer)); | |
22 | - } else if (RAND_egd(file) > 0) { | |
23 | - /* if the given filename is an EGD socket, don't | |
24 | - * write anything back to it */ | |
25 | - *egdsocket = 1; | |
26 | - return SUCCESS; | |
27 | } | |
28 | if (file == NULL || !RAND_load_file(file, -1)) { | |
29 | if (RAND_status() == 0) { | |
30 | @@ -666,9 +668,11 @@ | |
31 | mdtype = (EVP_MD *) EVP_md2(); | |
32 | break; | |
33 | #endif | |
34 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | |
35 | case OPENSSL_ALGO_DSS1: | |
36 | mdtype = (EVP_MD *) EVP_dss1(); | |
37 | break; | |
38 | +#endif | |
39 | default: | |
40 | return NULL; | |
41 | break; | |
42 | @@ -688,14 +692,17 @@ | |
43 | le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number); | |
44 | le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number); | |
45 | ||
46 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | |
47 | + OPENSSL_config(NULL); | |
48 | SSL_library_init(); | |
49 | OpenSSL_add_all_ciphers(); | |
50 | OpenSSL_add_all_digests(); | |
51 | OpenSSL_add_all_algorithms(); | |
52 | ||
53 | - ERR_load_ERR_strings(); | |
54 | - ERR_load_crypto_strings(); | |
55 | - ERR_load_EVP_strings(); | |
56 | + SSL_load_error_strings(); | |
57 | +#else | |
58 | + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL); | |
59 | +#endif | |
60 | ||
61 | /* register a resource id number with openSSL so that we can map SSL -> stream structures in | |
62 | * openSSL callbacks */ | |
63 | @@ -1037,6 +1044,7 @@ | |
64 | { | |
65 | GENERAL_NAMES *names; | |
66 | const X509V3_EXT_METHOD *method = NULL; | |
67 | + ASN1_OCTET_STRING *extension_data; | |
68 | long i, length, num; | |
69 | const unsigned char *p; | |
70 | ||
71 | @@ -1045,8 +1053,9 @@ | |
72 | return -1; | |
73 | } | |
74 | ||
75 | - p = extension->value->data; | |
76 | - length = extension->value->length; | |
77 | + extension_data = X509_EXTENSION_get_data(extension); | |
78 | + p = extension_data->data; | |
79 | + length = extension_data->length; | |
80 | if (method->it) { | |
81 | names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, | |
82 | ASN1_ITEM_ptr(method->it))); | |
83 | @@ -1109,6 +1118,8 @@ | |
84 | char * tmpstr; | |
85 | zval * subitem; | |
86 | X509_EXTENSION *extension; | |
87 | + X509_NAME *subject_name; | |
88 | + char *cert_name; | |
89 | char *extname; | |
90 | BIO *bio_out; | |
91 | BUF_MEM *bio_buf; | |
92 | @@ -1123,12 +1134,12 @@ | |
93 | } | |
94 | array_init(return_value); | |
95 | ||
96 | - if (cert->name) { | |
97 | - add_assoc_string(return_value, "name", cert->name, 1); | |
98 | - } | |
99 | -/* add_assoc_bool(return_value, "valid", cert->valid); */ | |
100 | + subject_name = X509_get_subject_name(cert); | |
101 | + cert_name = X509_NAME_oneline(subject_name, NULL, 0); | |
102 | + add_assoc_string(return_value, "name", cert_name, 1); | |
103 | + OPENSSL_free(cert_name); | |
104 | ||
105 | - add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC); | |
106 | + add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC); | |
107 | /* hash as used in CA directories to lookup cert by subject name */ | |
108 | { | |
109 | char buf[32]; | |
110 | @@ -2592,13 +2603,20 @@ | |
111 | { | |
112 | assert(pkey != NULL); | |
113 | ||
114 | - switch (pkey->type) { | |
115 | + switch (EVP_PKEY_id(pkey)) { | |
116 | #ifndef NO_RSA | |
117 | case EVP_PKEY_RSA: | |
118 | case EVP_PKEY_RSA2: | |
119 | - assert(pkey->pkey.rsa != NULL); | |
120 | - if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)) { | |
121 | - return 0; | |
122 | + { | |
123 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
124 | + if (rsa != NULL) { | |
125 | + const BIGNUM *p, *q; | |
126 | + | |
127 | + RSA_get0_factors(rsa, &p, &q); | |
128 | + if (p == NULL || q == NULL) { | |
129 | + return 0; | |
130 | + } | |
131 | + } | |
132 | } | |
133 | break; | |
134 | #endif | |
135 | @@ -2608,19 +2626,41 @@ | |
136 | case EVP_PKEY_DSA2: | |
137 | case EVP_PKEY_DSA3: | |
138 | case EVP_PKEY_DSA4: | |
139 | - assert(pkey->pkey.dsa != NULL); | |
140 | + { | |
141 | + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
142 | + if (dsa != NULL) { | |
143 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
144 | + | |
145 | + DSA_get0_pqg(dsa, &p, &q, &g); | |
146 | + if (p == NULL || q == NULL) { | |
147 | + return 0; | |
148 | + } | |
149 | ||
150 | - if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){ | |
151 | - return 0; | |
152 | + DSA_get0_key(dsa, &pub_key, &priv_key); | |
153 | + if (priv_key == NULL) { | |
154 | + return 0; | |
155 | + } | |
156 | + } | |
157 | } | |
158 | break; | |
159 | #endif | |
160 | #ifndef NO_DH | |
161 | case EVP_PKEY_DH: | |
162 | - assert(pkey->pkey.dh != NULL); | |
163 | + { | |
164 | + DH *dh = EVP_PKEY_get0_DH(pkey); | |
165 | + if (dh != NULL) { | |
166 | + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
167 | + | |
168 | + DH_get0_pqg(dh, &p, &q, &g); | |
169 | + if (p == NULL) { | |
170 | + return 0; | |
171 | + } | |
172 | ||
173 | - if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) { | |
174 | - return 0; | |
175 | + DH_get0_key(dh, &pub_key, &priv_key); | |
176 | + if (priv_key == NULL) { | |
177 | + return 0; | |
178 | + } | |
179 | + } | |
180 | } | |
181 | break; | |
182 | #endif | |
183 | @@ -2861,7 +2901,7 @@ | |
184 | /*TODO: Use the real values once the openssl constants are used | |
185 | * See the enum at the top of this file | |
186 | */ | |
187 | - switch (EVP_PKEY_type(pkey->type)) { | |
188 | + switch (EVP_PKEY_base_id(pkey)) { | |
189 | case EVP_PKEY_RSA: | |
190 | case EVP_PKEY_RSA2: | |
191 | ktype = OPENSSL_KEYTYPE_RSA; | |
192 | @@ -3398,13 +3438,13 @@ | |
193 | cryptedlen = EVP_PKEY_size(pkey); | |
194 | cryptedbuf = emalloc(cryptedlen + 1); | |
195 | ||
196 | - switch (pkey->type) { | |
197 | + switch (EVP_PKEY_id(pkey)) { | |
198 | case EVP_PKEY_RSA: | |
199 | case EVP_PKEY_RSA2: | |
200 | successful = (RSA_private_encrypt(data_len, | |
201 | (unsigned char *)data, | |
202 | cryptedbuf, | |
203 | - pkey->pkey.rsa, | |
204 | + EVP_PKEY_get0_RSA(pkey), | |
205 | padding) == cryptedlen); | |
206 | break; | |
207 | default: | |
208 | @@ -3456,13 +3496,13 @@ | |
209 | cryptedlen = EVP_PKEY_size(pkey); | |
210 | crypttemp = emalloc(cryptedlen + 1); | |
211 | ||
212 | - switch (pkey->type) { | |
213 | + switch (EVP_PKEY_id(pkey)) { | |
214 | case EVP_PKEY_RSA: | |
215 | case EVP_PKEY_RSA2: | |
216 | cryptedlen = RSA_private_decrypt(data_len, | |
217 | (unsigned char *)data, | |
218 | crypttemp, | |
219 | - pkey->pkey.rsa, | |
220 | + EVP_PKEY_get0_RSA(pkey), | |
221 | padding); | |
222 | if (cryptedlen != -1) { | |
223 | cryptedbuf = emalloc(cryptedlen + 1); | |
224 | @@ -3521,13 +3561,13 @@ | |
225 | cryptedlen = EVP_PKEY_size(pkey); | |
226 | cryptedbuf = emalloc(cryptedlen + 1); | |
227 | ||
228 | - switch (pkey->type) { | |
229 | + switch (EVP_PKEY_id(pkey)) { | |
230 | case EVP_PKEY_RSA: | |
231 | case EVP_PKEY_RSA2: | |
232 | successful = (RSA_public_encrypt(data_len, | |
233 | (unsigned char *)data, | |
234 | cryptedbuf, | |
235 | - pkey->pkey.rsa, | |
236 | + EVP_PKEY_get0_RSA(pkey), | |
237 | padding) == cryptedlen); | |
238 | break; | |
239 | default: | |
240 | @@ -3580,13 +3620,13 @@ | |
241 | cryptedlen = EVP_PKEY_size(pkey); | |
242 | crypttemp = emalloc(cryptedlen + 1); | |
243 | ||
244 | - switch (pkey->type) { | |
245 | + switch (EVP_PKEY_id(pkey)) { | |
246 | case EVP_PKEY_RSA: | |
247 | case EVP_PKEY_RSA2: | |
248 | cryptedlen = RSA_public_decrypt(data_len, | |
249 | (unsigned char *)data, | |
250 | crypttemp, | |
251 | - pkey->pkey.rsa, | |
252 | + EVP_PKEY_get0_RSA(pkey), | |
253 | padding); | |
254 | if (cryptedlen != -1) { | |
255 | cryptedbuf = emalloc(cryptedlen + 1); | |
256 | @@ -3650,7 +3690,7 @@ | |
257 | long keyresource = -1; | |
258 | char * data; | |
259 | int data_len; | |
260 | - EVP_MD_CTX md_ctx; | |
261 | + EVP_MD_CTX *md_ctx; | |
262 | long signature_algo = OPENSSL_ALGO_SHA1; | |
263 | EVP_MD *mdtype; | |
264 | ||
265 | @@ -3672,9 +3712,11 @@ | |
266 | siglen = EVP_PKEY_size(pkey); | |
267 | sigbuf = emalloc(siglen + 1); | |
268 | ||
269 | - EVP_SignInit(&md_ctx, mdtype); | |
270 | - EVP_SignUpdate(&md_ctx, data, data_len); | |
271 | - if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) { | |
272 | + md_ctx = EVP_MD_CTX_create(); | |
273 | + if (md_ctx != NULL && | |
274 | + EVP_SignInit(md_ctx, mdtype) && | |
275 | + EVP_SignUpdate(md_ctx, data, data_len) && | |
276 | + EVP_SignFinal (md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) { | |
277 | zval_dtor(signature); | |
278 | sigbuf[siglen] = '\0'; | |
279 | ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0); | |
280 | @@ -3684,7 +3726,7 @@ | |
281 | RETVAL_FALSE; | |
282 | } | |
283 | #if OPENSSL_VERSION_NUMBER >= 0x0090700fL | |
284 | - EVP_MD_CTX_cleanup(&md_ctx); | |
285 | + EVP_MD_CTX_free(md_ctx); | |
286 | #endif | |
287 | if (keyresource == -1) { | |
288 | EVP_PKEY_free(pkey); | |
289 | @@ -3699,7 +3741,7 @@ | |
290 | zval **key; | |
291 | EVP_PKEY *pkey; | |
292 | int err; | |
293 | - EVP_MD_CTX md_ctx; | |
294 | + EVP_MD_CTX *md_ctx; | |
295 | EVP_MD *mdtype; | |
296 | long keyresource = -1; | |
297 | char * data; int data_len; | |
298 | @@ -3722,11 +3764,13 @@ | |
299 | RETURN_FALSE; | |
300 | } | |
301 | ||
302 | - EVP_VerifyInit (&md_ctx, mdtype); | |
303 | - EVP_VerifyUpdate (&md_ctx, data, data_len); | |
304 | - err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey); | |
305 | + if (md_ctx != NULL) { | |
306 | + EVP_VerifyInit (md_ctx, mdtype); | |
307 | + EVP_VerifyUpdate (md_ctx, data, data_len); | |
308 | + err = EVP_VerifyFinal (md_ctx, (unsigned char *)signature, signature_len, pkey); | |
309 | + } | |
310 | #if OPENSSL_VERSION_NUMBER >= 0x0090700fL | |
311 | - EVP_MD_CTX_cleanup(&md_ctx); | |
312 | + EVP_MD_CTX_destroy(md_ctx); | |
313 | #endif | |
314 | ||
315 | if (keyresource == -1) { | |
316 | @@ -3748,7 +3792,7 @@ | |
317 | int i, len1, len2, *eksl, nkeys; | |
318 | unsigned char *buf = NULL, **eks; | |
319 | char * data; int data_len; | |
320 | - EVP_CIPHER_CTX ctx; | |
321 | + EVP_CIPHER_CTX *ctx; | |
322 | ||
323 | if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/", &data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE) { | |
324 | return; | |
325 | @@ -3785,7 +3829,9 @@ | |
326 | i++; | |
327 | } | |
328 | ||
329 | - if (!EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL)) { | |
330 | + ctx = EVP_CIPHER_CTX_new(); | |
331 | + if (!EVP_EncryptInit(ctx,EVP_rc4(),NULL,NULL)) { | |
332 | + EVP_CIPHER_CTX_free(ctx); | |
333 | RETVAL_FALSE; | |
334 | goto clean_exit; | |
335 | } | |
336 | @@ -3796,15 +3842,16 @@ | |
337 | iv = ivlen ? emalloc(ivlen + 1) : NULL; | |
338 | #endif | |
339 | /* allocate one byte extra to make room for \0 */ | |
340 | - buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx)); | |
341 | + buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx)); | |
342 | ||
343 | - if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
344 | + if (!EVP_SealInit(ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
345 | RETVAL_FALSE; | |
346 | efree(buf); | |
347 | + EVP_CIPHER_CTX_free(ctx); | |
348 | goto clean_exit; | |
349 | } | |
350 | ||
351 | - EVP_SealFinal(&ctx, buf + len1, &len2); | |
352 | + EVP_SealFinal(ctx, buf + len1, &len2); | |
353 | ||
354 | if (len1 + len2 > 0) { | |
355 | zval_dtor(sealdata); | |
356 | @@ -3833,6 +3880,7 @@ | |
357 | efree(buf); | |
358 | } | |
359 | RETVAL_LONG(len1 + len2); | |
360 | + EVP_CIPHER_CTX_free(ctx); | |
361 | ||
362 | clean_exit: | |
363 | for (i=0; i<nkeys; i++) { | |
364 | @@ -3859,7 +3907,7 @@ | |
365 | int len1, len2; | |
366 | unsigned char *buf; | |
367 | long keyresource = -1; | |
368 | - EVP_CIPHER_CTX ctx; | |
369 | + EVP_CIPHER_CTX *ctx; | |
370 | char * data; int data_len; | |
371 | char * ekey; int ekey_len; | |
372 | ||
373 | @@ -3874,8 +3922,8 @@ | |
374 | } | |
375 | buf = emalloc(data_len + 1); | |
376 | ||
377 | - if (EVP_OpenInit(&ctx, EVP_rc4(), (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
378 | - if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) { | |
379 | + if (EVP_OpenInit(ctx, EVP_rc4(), (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
380 | + if (!EVP_OpenFinal(ctx, buf + len1, &len2) || (len1 + len2 == 0)) { | |
381 | efree(buf); | |
382 | if (keyresource == -1) { | |
383 | EVP_PKEY_free(pkey); | |
384 | diff -ur php-5.2.17/ext/openssl.org/xp_ssl.c php-5.2.17/ext/openssl/xp_ssl.c | |
385 | --- php-5.2.17/ext/openssl.org/xp_ssl.c 2018-09-28 10:44:23.112946707 +0200 | |
386 | +++ php-5.2.17/ext/openssl/xp_ssl.c 2018-09-28 10:48:26.714263136 +0200 | |
387 | @@ -342,9 +342,14 @@ | |
388 | break; | |
389 | #endif | |
390 | case STREAM_CRYPTO_METHOD_SSLv3_CLIENT: | |
391 | +#ifdef OPENSSL_NO_SSL3 | |
392 | + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against"); | |
393 | + return -1; | |
394 | +#else | |
395 | sslsock->is_client = 1; | |
396 | method = SSLv3_client_method(); | |
397 | break; | |
398 | +#endif | |
399 | case STREAM_CRYPTO_METHOD_TLS_CLIENT: | |
400 | sslsock->is_client = 1; | |
401 | method = TLSv1_client_method(); | |
402 | @@ -354,9 +359,14 @@ | |
403 | method = SSLv23_server_method(); | |
404 | break; | |
405 | case STREAM_CRYPTO_METHOD_SSLv3_SERVER: | |
406 | +#ifdef OPENSSL_NO_SSL3 | |
407 | + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against"); | |
408 | + return -1; | |
409 | +#else | |
410 | sslsock->is_client = 0; | |
411 | method = SSLv3_server_method(); | |
412 | break; | |
413 | +#endif | |
414 | case STREAM_CRYPTO_METHOD_SSLv2_SERVER: | |
415 | #ifdef OPENSSL_NO_SSL2 | |
416 | php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against"); | |
417 | --- php-5.2.17/acinclude.m4~ 2018-09-28 11:08:22.000000000 +0200 | |
418 | +++ php-5.2.17/acinclude.m4 2018-09-28 11:17:41.392940657 +0200 | |
419 | @@ -2325,8 +2325,10 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[ | |
420 | AC_MSG_ERROR([OpenSSL version 0.9.6 or greater required.]) | |
421 | fi | |
422 | ||
423 | - if test -n "$OPENSSL_LIBS" && test -n "$OPENSSL_INCS"; then | |
424 | + if test -n "$OPENSSL_LIBS"; then | |
425 | PHP_EVAL_LIBLINE($OPENSSL_LIBS, $1) | |
426 | + fi | |
427 | + if test -n "$OPENSSL_INCS"; then | |
428 | PHP_EVAL_INCLINE($OPENSSL_INCS) | |
429 | fi | |
430 | fi | |
75564cd7 AM |
431 | --- php-5.3.29/ext/openssl/openssl.c~ 2021-10-23 19:18:21.000000000 +0200 |
432 | +++ php-5.3.29/ext/openssl/openssl.c 2021-10-23 19:19:01.483125024 +0200 | |
433 | @@ -1044,7 +1044,9 @@ PHP_MINIT_FUNCTION(openssl) | |
434 | REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT); | |
435 | ||
436 | REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT); | |
437 | +#ifdef RSA_SSLV23_PADDING | |
438 | REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT); | |
439 | +#endif | |
440 | REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT); | |
441 | REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT); | |
442 |