[packages/php.git] / openssl.patch

diff -ur php-5.2.17/ext/openssl.org/openssl.c php-5.2.17/ext/openssl/openssl.c
--- php-5.2.17/ext/openssl.org/openssl.c	2018-09-28 10:44:23.152948019 +0200
+++ php-5.2.17/ext/openssl/openssl.c	2018-09-28 10:55:24.424744224 +0200
@@ -73,6 +73,13 @@
 		ZEND_ARG_PASS_INFO(1)
 	ZEND_END_ARG_INFO();
 
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0)
+#else
+#define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval()
+#endif
+
 /* FIXME: Use the openssl constants instead of
  * enum. It is now impossible to match real values
  * against php constants. Also sorry to break the
@@ -608,11 +615,6 @@
 #endif
 	if (file == NULL) {
 		file = RAND_file_name(buffer, sizeof(buffer));
-	} else if (RAND_egd(file) > 0) {
-		/* if the given filename is an EGD socket, don't
-		 * write anything back to it */
-		*egdsocket = 1;
-		return SUCCESS;
 	}
 	if (file == NULL || !RAND_load_file(file, -1)) {
 		if (RAND_status() == 0) {
@@ -666,9 +668,11 @@
 			mdtype = (EVP_MD *) EVP_md2();
 			break;
 #endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		case OPENSSL_ALGO_DSS1:
 			mdtype = (EVP_MD *) EVP_dss1();
 			break;
+#endif
 		default:
 			return NULL;
 			break;
@@ -688,14 +692,17 @@
 	le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number);
 	le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number);
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	OPENSSL_config(NULL);
 	SSL_library_init();
 	OpenSSL_add_all_ciphers();
 	OpenSSL_add_all_digests();
 	OpenSSL_add_all_algorithms();
 
-	ERR_load_ERR_strings();
-	ERR_load_crypto_strings();
-	ERR_load_EVP_strings();
+	SSL_load_error_strings();
+#else
+	OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
 
 	/* register a resource id number with openSSL so that we can map SSL -> stream structures in
 	 * openSSL callbacks */
@@ -1037,6 +1044,7 @@
 {
 	GENERAL_NAMES *names;
 	const X509V3_EXT_METHOD *method = NULL;
+	ASN1_OCTET_STRING *extension_data;
 	long i, length, num;
 	const unsigned char *p;
 
@@ -1045,8 +1053,9 @@
 		return -1;
 	}
 
-	p = extension->value->data;
-	length = extension->value->length;
+	extension_data = X509_EXTENSION_get_data(extension);
+	p = extension_data->data;
+	length = extension_data->length;
 	if (method->it) {
 		names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
 						       ASN1_ITEM_ptr(method->it)));
@@ -1109,6 +1118,8 @@
 	char * tmpstr;
 	zval * subitem;
 	X509_EXTENSION *extension;
+	X509_NAME *subject_name;
+	char *cert_name;
 	char *extname;
 	BIO  *bio_out;
 	BUF_MEM *bio_buf;
@@ -1123,12 +1134,12 @@
 	}
 	array_init(return_value);
 
-	if (cert->name) {
-		add_assoc_string(return_value, "name", cert->name, 1);
-	}
-/*	add_assoc_bool(return_value, "valid", cert->valid); */
+	subject_name = X509_get_subject_name(cert);
+	cert_name = X509_NAME_oneline(subject_name, NULL, 0);
+	add_assoc_string(return_value, "name", cert_name, 1);
+	OPENSSL_free(cert_name);
 
-	add_assoc_name_entry(return_value, "subject", 		X509_get_subject_name(cert), useshortnames TSRMLS_CC);
+	add_assoc_name_entry(return_value, "subject", 		subject_name, useshortnames TSRMLS_CC);
 	/* hash as used in CA directories to lookup cert by subject name */
 	{
 		char buf[32];
@@ -2592,13 +2603,20 @@
 {
 	assert(pkey != NULL);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 #ifndef NO_RSA
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
-			assert(pkey->pkey.rsa != NULL);
-			if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)) {
-				return 0;
+			{
+				RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+				if (rsa != NULL) {
+					const BIGNUM *p, *q;
+
+					RSA_get0_factors(rsa, &p, &q);
+					if (p == NULL || q == NULL) {
+						return 0;
+					}
+				}
 			}
 			break;
 #endif
@@ -2608,19 +2626,41 @@
 		case EVP_PKEY_DSA2:
 		case EVP_PKEY_DSA3:
 		case EVP_PKEY_DSA4:
-			assert(pkey->pkey.dsa != NULL);
+			{
+				DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+				if (dsa != NULL) {
+					const BIGNUM *p, *q, *g, *pub_key, *priv_key;
+
+					DSA_get0_pqg(dsa, &p, &q, &g);
+					if (p == NULL || q == NULL) {
+						return 0;
+					}
 
-			if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){ 
-				return 0;
+					DSA_get0_key(dsa, &pub_key, &priv_key);
+					if (priv_key == NULL) {
+						return 0;
+					}
+				}
 			}
 			break;
 #endif
 #ifndef NO_DH
 		case EVP_PKEY_DH:
-			assert(pkey->pkey.dh != NULL);
+			{
+				DH *dh = EVP_PKEY_get0_DH(pkey);
+				if (dh != NULL) {
+					const BIGNUM *p, *q, *g, *pub_key, *priv_key;
+
+					DH_get0_pqg(dh, &p, &q, &g);
+					if (p == NULL) {
+						return 0;
+					}
 
-			if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) {
-				return 0;
+					DH_get0_key(dh, &pub_key, &priv_key);
+					if (priv_key == NULL) {
+						return 0;
+					}
+				}
 			}
 			break;
 #endif
@@ -2861,7 +2901,7 @@
 	/*TODO: Use the real values once the openssl constants are used 
 	 * See the enum at the top of this file
 	 */
-	switch (EVP_PKEY_type(pkey->type)) {
+	switch (EVP_PKEY_base_id(pkey)) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
 			ktype = OPENSSL_KEYTYPE_RSA;
@@ -3398,13 +3438,13 @@
 	cryptedlen = EVP_PKEY_size(pkey);
 	cryptedbuf = emalloc(cryptedlen + 1);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
 			successful =  (RSA_private_encrypt(data_len, 
 						(unsigned char *)data, 
 						cryptedbuf, 
-						pkey->pkey.rsa, 
+						EVP_PKEY_get0_RSA(pkey), 
 						padding) == cryptedlen);
 			break;
 		default:
@@ -3456,13 +3496,13 @@
 	cryptedlen = EVP_PKEY_size(pkey);
 	crypttemp = emalloc(cryptedlen + 1);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
 			cryptedlen = RSA_private_decrypt(data_len, 
 					(unsigned char *)data, 
 					crypttemp, 
-					pkey->pkey.rsa, 
+					EVP_PKEY_get0_RSA(pkey), 
 					padding);
 			if (cryptedlen != -1) {
 				cryptedbuf = emalloc(cryptedlen + 1);
@@ -3521,13 +3561,13 @@
 	cryptedlen = EVP_PKEY_size(pkey);
 	cryptedbuf = emalloc(cryptedlen + 1);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
 			successful = (RSA_public_encrypt(data_len, 
 						(unsigned char *)data, 
 						cryptedbuf, 
-						pkey->pkey.rsa, 
+						EVP_PKEY_get0_RSA(pkey), 
 						padding) == cryptedlen);
 			break;
 		default:
@@ -3580,13 +3620,13 @@
 	cryptedlen = EVP_PKEY_size(pkey);
 	crypttemp = emalloc(cryptedlen + 1);
 
-	switch (pkey->type) {
+	switch (EVP_PKEY_id(pkey)) {
 		case EVP_PKEY_RSA:
 		case EVP_PKEY_RSA2:
 			cryptedlen = RSA_public_decrypt(data_len, 
 					(unsigned char *)data, 
 					crypttemp, 
-					pkey->pkey.rsa, 
+					EVP_PKEY_get0_RSA(pkey), 
 					padding);
 			if (cryptedlen != -1) {
 				cryptedbuf = emalloc(cryptedlen + 1);
@@ -3650,7 +3690,7 @@
 	long keyresource = -1;
 	char * data;
 	int data_len;
-	EVP_MD_CTX md_ctx;
+	EVP_MD_CTX *md_ctx;
 	long signature_algo = OPENSSL_ALGO_SHA1;
 	EVP_MD *mdtype;
 
@@ -3672,9 +3712,11 @@
 	siglen = EVP_PKEY_size(pkey);
 	sigbuf = emalloc(siglen + 1);
 
-	EVP_SignInit(&md_ctx, mdtype);
-	EVP_SignUpdate(&md_ctx, data, data_len);
-	if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) {
+	md_ctx = EVP_MD_CTX_create();
+	if (md_ctx != NULL &&
+			EVP_SignInit(md_ctx, mdtype) &&
+			EVP_SignUpdate(md_ctx, data, data_len) &&
+			EVP_SignFinal (md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) {
 		zval_dtor(signature);
 		sigbuf[siglen] = '\0';
 		ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0);
@@ -3684,7 +3726,7 @@
 		RETVAL_FALSE;
 	}
 #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
-	EVP_MD_CTX_cleanup(&md_ctx);
+	EVP_MD_CTX_free(md_ctx);
 #endif
 	if (keyresource == -1) {
 		EVP_PKEY_free(pkey);
@@ -3699,7 +3741,7 @@
 	zval **key;
 	EVP_PKEY *pkey;
 	int err;
-	EVP_MD_CTX     md_ctx;
+	EVP_MD_CTX     *md_ctx;
 	EVP_MD *mdtype;
 	long keyresource = -1;
 	char * data;	int data_len;
@@ -3722,11 +3764,13 @@
 		RETURN_FALSE;
 	}
 
-	EVP_VerifyInit   (&md_ctx, mdtype);
-	EVP_VerifyUpdate (&md_ctx, data, data_len);
-	err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey);
+	if (md_ctx != NULL) {
+		EVP_VerifyInit   (md_ctx, mdtype);
+		EVP_VerifyUpdate (md_ctx, data, data_len);
+		err = EVP_VerifyFinal (md_ctx, (unsigned char *)signature, signature_len, pkey);
+	}
 #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
-	EVP_MD_CTX_cleanup(&md_ctx);
+	EVP_MD_CTX_destroy(md_ctx);
 #endif
 
 	if (keyresource == -1) {
@@ -3748,7 +3792,7 @@
 	int i, len1, len2, *eksl, nkeys;
 	unsigned char *buf = NULL, **eks;
 	char * data; int data_len;
-	EVP_CIPHER_CTX ctx;
+	EVP_CIPHER_CTX *ctx;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/", &data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE) {
 		return;
@@ -3785,7 +3829,9 @@
 		i++;
 	}
 
-	if (!EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL)) {
+	ctx = EVP_CIPHER_CTX_new();
+	if (!EVP_EncryptInit(ctx,EVP_rc4(),NULL,NULL)) {
+		EVP_CIPHER_CTX_free(ctx);
 		RETVAL_FALSE;
 		goto clean_exit;
 	}
@@ -3796,15 +3842,16 @@
 	iv = ivlen ? emalloc(ivlen + 1) : NULL;
 #endif
 	/* allocate one byte extra to make room for \0 */
-	buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
+	buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
 
-	if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
+	if (!EVP_SealInit(ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) {
 		RETVAL_FALSE;
 		efree(buf);
+		EVP_CIPHER_CTX_free(ctx);
 		goto clean_exit;
 	}
 
-	EVP_SealFinal(&ctx, buf + len1, &len2);
+	EVP_SealFinal(ctx, buf + len1, &len2);
 
 	if (len1 + len2 > 0) {
 		zval_dtor(sealdata);
@@ -3833,6 +3880,7 @@
 		efree(buf);
 	}
 	RETVAL_LONG(len1 + len2);
+	EVP_CIPHER_CTX_free(ctx);
 
 clean_exit:
 	for (i=0; i<nkeys; i++) {
@@ -3859,7 +3907,7 @@
 	int len1, len2;
 	unsigned char *buf;
 	long keyresource = -1;
-	EVP_CIPHER_CTX ctx;
+	EVP_CIPHER_CTX *ctx;
 	char * data;	int data_len;
 	char * ekey;	int ekey_len;
 
@@ -3874,8 +3922,8 @@
 	}
 	buf = emalloc(data_len + 1);
 
-	if (EVP_OpenInit(&ctx, EVP_rc4(), (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
-		if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) {
+	if (EVP_OpenInit(ctx, EVP_rc4(), (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) {
+		if (!EVP_OpenFinal(ctx, buf + len1, &len2) || (len1 + len2 == 0)) {
 			efree(buf);
 			if (keyresource == -1) { 
 				EVP_PKEY_free(pkey);
diff -ur php-5.2.17/ext/openssl.org/xp_ssl.c php-5.2.17/ext/openssl/xp_ssl.c
--- php-5.2.17/ext/openssl.org/xp_ssl.c	2018-09-28 10:44:23.112946707 +0200
+++ php-5.2.17/ext/openssl/xp_ssl.c	2018-09-28 10:48:26.714263136 +0200
@@ -342,9 +342,14 @@
 			break;
 #endif
 		case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
+#ifdef OPENSSL_NO_SSL3
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
+			return -1;
+#else
 			sslsock->is_client = 1;
 			method = SSLv3_client_method();
 			break;
+#endif
 		case STREAM_CRYPTO_METHOD_TLS_CLIENT:
 			sslsock->is_client = 1;
 			method = TLSv1_client_method();
@@ -354,9 +359,14 @@
 			method = SSLv23_server_method();
 			break;
 		case STREAM_CRYPTO_METHOD_SSLv3_SERVER:
+#ifdef OPENSSL_NO_SSL3
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
+			return -1;
+#else
 			sslsock->is_client = 0;
 			method = SSLv3_server_method();
 			break;
+#endif
 		case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
 #ifdef OPENSSL_NO_SSL2
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
--- php-5.2.17/acinclude.m4~	2018-09-28 11:08:22.000000000 +0200
+++ php-5.2.17/acinclude.m4	2018-09-28 11:17:41.392940657 +0200
@@ -2325,8 +2325,10 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[
       AC_MSG_ERROR([OpenSSL version 0.9.6 or greater required.])
     fi
 
-    if test -n "$OPENSSL_LIBS" && test -n "$OPENSSL_INCS"; then
+    if test -n "$OPENSSL_LIBS"; then
       PHP_EVAL_LIBLINE($OPENSSL_LIBS, $1)
+    fi
+    if test -n "$OPENSSL_INCS"; then
       PHP_EVAL_INCLINE($OPENSSL_INCS)
     fi
   fi
--- php-5.3.29/ext/openssl/openssl.c~	2021-10-23 19:18:21.000000000 +0200
+++ php-5.3.29/ext/openssl/openssl.c	2021-10-23 19:19:01.483125024 +0200
@@ -1044,7 +1044,9 @@ PHP_MINIT_FUNCTION(openssl)
 	REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);
 
 	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
+#ifdef RSA_SSLV23_PADDING
 	REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT);
+#endif
 	REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
Commit	Line	Data
f432e880 AM	1	diff -ur php-5.2.17/ext/openssl.org/openssl.c php-5.2.17/ext/openssl/openssl.c
	2	--- php-5.2.17/ext/openssl.org/openssl.c 2018-09-28 10:44:23.152948019 +0200
	3	+++ php-5.2.17/ext/openssl/openssl.c 2018-09-28 10:55:24.424744224 +0200
	4	@@ -73,6 +73,13 @@
	5	ZEND_ARG_PASS_INFO(1)
	6	ZEND_END_ARG_INFO();
	7
	8	+
	9	+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
	10	+#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0)
	11	+#else
	12	+#define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval()
	13	+#endif
	14	+
	15	/* FIXME: Use the openssl constants instead of
	16	* enum. It is now impossible to match real values
	17	* against php constants. Also sorry to break the
	18	@@ -608,11 +615,6 @@
	19	#endif
	20	if (file == NULL) {
	21	file = RAND_file_name(buffer, sizeof(buffer));
	22	- } else if (RAND_egd(file) > 0) {
	23	- /* if the given filename is an EGD socket, don't
	24	- * write anything back to it */
	25	- *egdsocket = 1;
	26	- return SUCCESS;
	27	}
	28	if (file == NULL \|\| !RAND_load_file(file, -1)) {
	29	if (RAND_status() == 0) {
	30	@@ -666,9 +668,11 @@
	31	mdtype = (EVP_MD *) EVP_md2();
	32	break;
	33	#endif
	34	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
	35	case OPENSSL_ALGO_DSS1:
	36	mdtype = (EVP_MD *) EVP_dss1();
	37	break;
	38	+#endif
	39	default:
	40	return NULL;
	41	break;
	42	@@ -688,14 +692,17 @@
	43	le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number);
	44	le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number);
	45
	46	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
	47	+ OPENSSL_config(NULL);
	48	SSL_library_init();
	49	OpenSSL_add_all_ciphers();
	50	OpenSSL_add_all_digests();
	51	OpenSSL_add_all_algorithms();
	52
	53	- ERR_load_ERR_strings();
	54	- ERR_load_crypto_strings();
	55	- ERR_load_EVP_strings();
	56	+ SSL_load_error_strings();
	57	+#else
	58	+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
	59	+#endif
	60
	61	/* register a resource id number with openSSL so that we can map SSL -> stream structures in
	62	* openSSL callbacks */
	63	@@ -1037,6 +1044,7 @@
	64	{
65	GENERAL_NAMES *names;
66	const X509V3_EXT_METHOD *method = NULL;
67	+ ASN1_OCTET_STRING *extension_data;
68	long i, length, num;
69	const unsigned char *p;
70
71	@@ -1045,8 +1053,9 @@
72	return -1;
73	}
74
75	- p = extension->value->data;
76	- length = extension->value->length;
77	+ extension_data = X509_EXTENSION_get_data(extension);
78	+ p = extension_data->data;
79	+ length = extension_data->length;
80	if (method->it) {
81	names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
82	ASN1_ITEM_ptr(method->it)));
83	@@ -1109,6 +1118,8 @@
84	char * tmpstr;
85	zval * subitem;
86	X509_EXTENSION *extension;
87	+ X509_NAME *subject_name;
88	+ char *cert_name;
89	char *extname;
90	BIO *bio_out;
91	BUF_MEM *bio_buf;
92	@@ -1123,12 +1134,12 @@
93	}
94	array_init(return_value);
95
96	- if (cert->name) {
97	- add_assoc_string(return_value, "name", cert->name, 1);
98	- }
99	-/* add_assoc_bool(return_value, "valid", cert->valid); */
100	+ subject_name = X509_get_subject_name(cert);
101	+ cert_name = X509_NAME_oneline(subject_name, NULL, 0);
102	+ add_assoc_string(return_value, "name", cert_name, 1);
103	+ OPENSSL_free(cert_name);
104
105	- add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC);
106	+ add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC);
107	/* hash as used in CA directories to lookup cert by subject name */
108	{
109	char buf[32];
110	@@ -2592,13 +2603,20 @@
111	{
112	assert(pkey != NULL);
113
114	- switch (pkey->type) {
115	+ switch (EVP_PKEY_id(pkey)) {
116	#ifndef NO_RSA
117	case EVP_PKEY_RSA:
118	case EVP_PKEY_RSA2:
119	- assert(pkey->pkey.rsa != NULL);
120	- if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p \|\| NULL == pkey->pkey.rsa->q)) {
121	- return 0;
122	+ {
123	+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
124	+ if (rsa != NULL) {
125	+ const BIGNUM p, q;
126	+
127	+ RSA_get0_factors(rsa, &p, &q);
128	+ if (p == NULL \|\| q == NULL) {
129	+ return 0;
130	+ }
131	+ }
132	}
133	break;
134	#endif
135	@@ -2608,19 +2626,41 @@
136	case EVP_PKEY_DSA2:
137	case EVP_PKEY_DSA3:
138	case EVP_PKEY_DSA4:
139	- assert(pkey->pkey.dsa != NULL);
140	+ {
141	+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
142	+ if (dsa != NULL) {
143	+ const BIGNUM p, q, g, pub_key, *priv_key;
144	+
145	+ DSA_get0_pqg(dsa, &p, &q, &g);
146	+ if (p == NULL \|\| q == NULL) {
147	+ return 0;
148	+ }
149
150	- if (NULL == pkey->pkey.dsa->p \|\| NULL == pkey->pkey.dsa->q \|\| NULL == pkey->pkey.dsa->priv_key){
151	- return 0;
152	+ DSA_get0_key(dsa, &pub_key, &priv_key);
153	+ if (priv_key == NULL) {
154	+ return 0;
155	+ }
156	+ }
157	}
158	break;
159	#endif
160	#ifndef NO_DH
161	case EVP_PKEY_DH:
162	- assert(pkey->pkey.dh != NULL);
163	+ {
164	+ DH *dh = EVP_PKEY_get0_DH(pkey);
165	+ if (dh != NULL) {
166	+ const BIGNUM p, q, g, pub_key, *priv_key;
167	+
168	+ DH_get0_pqg(dh, &p, &q, &g);
169	+ if (p == NULL) {
170	+ return 0;
171	+ }
172
173	- if (NULL == pkey->pkey.dh->p \|\| NULL == pkey->pkey.dh->priv_key) {
174	- return 0;
175	+ DH_get0_key(dh, &pub_key, &priv_key);
176	+ if (priv_key == NULL) {
177	+ return 0;
178	+ }
179	+ }
180	}
181	break;
182	#endif
183	@@ -2861,7 +2901,7 @@
184	/*TODO: Use the real values once the openssl constants are used
185	* See the enum at the top of this file
186	*/
187	- switch (EVP_PKEY_type(pkey->type)) {
188	+ switch (EVP_PKEY_base_id(pkey)) {
189	case EVP_PKEY_RSA:
190	case EVP_PKEY_RSA2:
191	ktype = OPENSSL_KEYTYPE_RSA;
192	@@ -3398,13 +3438,13 @@
193	cryptedlen = EVP_PKEY_size(pkey);
194	cryptedbuf = emalloc(cryptedlen + 1);
195
196	- switch (pkey->type) {
197	+ switch (EVP_PKEY_id(pkey)) {
198	case EVP_PKEY_RSA:
199	case EVP_PKEY_RSA2:
200	successful = (RSA_private_encrypt(data_len,
201	(unsigned char *)data,
202	cryptedbuf,
203	- pkey->pkey.rsa,
204	+ EVP_PKEY_get0_RSA(pkey),
205	padding) == cryptedlen);
206	break;
207	default:
208	@@ -3456,13 +3496,13 @@
209	cryptedlen = EVP_PKEY_size(pkey);
210	crypttemp = emalloc(cryptedlen + 1);
211
212	- switch (pkey->type) {
213	+ switch (EVP_PKEY_id(pkey)) {
214	case EVP_PKEY_RSA:
215	case EVP_PKEY_RSA2:
216	cryptedlen = RSA_private_decrypt(data_len,
217	(unsigned char *)data,
218	crypttemp,
219	- pkey->pkey.rsa,
220	+ EVP_PKEY_get0_RSA(pkey),
221	padding);
222	if (cryptedlen != -1) {
223	cryptedbuf = emalloc(cryptedlen + 1);
224	@@ -3521,13 +3561,13 @@
225	cryptedlen = EVP_PKEY_size(pkey);
226	cryptedbuf = emalloc(cryptedlen + 1);
227
228	- switch (pkey->type) {
229	+ switch (EVP_PKEY_id(pkey)) {
230	case EVP_PKEY_RSA:
231	case EVP_PKEY_RSA2:
232	successful = (RSA_public_encrypt(data_len,
233	(unsigned char *)data,
234	cryptedbuf,
235	- pkey->pkey.rsa,
236	+ EVP_PKEY_get0_RSA(pkey),
237	padding) == cryptedlen);
238	break;
239	default:
240	@@ -3580,13 +3620,13 @@
241	cryptedlen = EVP_PKEY_size(pkey);
242	crypttemp = emalloc(cryptedlen + 1);
243
244	- switch (pkey->type) {
245	+ switch (EVP_PKEY_id(pkey)) {
246	case EVP_PKEY_RSA:
247	case EVP_PKEY_RSA2:
248	cryptedlen = RSA_public_decrypt(data_len,
249	(unsigned char *)data,
250	crypttemp,
251	- pkey->pkey.rsa,
252	+ EVP_PKEY_get0_RSA(pkey),
253	padding);
254	if (cryptedlen != -1) {
255	cryptedbuf = emalloc(cryptedlen + 1);
256	@@ -3650,7 +3690,7 @@
257	long keyresource = -1;
258	char * data;
259	int data_len;
260	- EVP_MD_CTX md_ctx;
261	+ EVP_MD_CTX *md_ctx;
262	long signature_algo = OPENSSL_ALGO_SHA1;
263	EVP_MD *mdtype;
264
265	@@ -3672,9 +3712,11 @@
266	siglen = EVP_PKEY_size(pkey);
267	sigbuf = emalloc(siglen + 1);
268
269	- EVP_SignInit(&md_ctx, mdtype);
270	- EVP_SignUpdate(&md_ctx, data, data_len);
271	- if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) {
272	+ md_ctx = EVP_MD_CTX_create();
273	+ if (md_ctx != NULL &&
274	+ EVP_SignInit(md_ctx, mdtype) &&
275	+ EVP_SignUpdate(md_ctx, data, data_len) &&
276	+ EVP_SignFinal (md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) {
277	zval_dtor(signature);
278	sigbuf[siglen] = '\0';
279	ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0);
280	@@ -3684,7 +3726,7 @@
281	RETVAL_FALSE;
282	}
283	#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
284	- EVP_MD_CTX_cleanup(&md_ctx);
285	+ EVP_MD_CTX_free(md_ctx);
286	#endif
287	if (keyresource == -1) {
288	EVP_PKEY_free(pkey);
289	@@ -3699,7 +3741,7 @@
290	zval **key;
291	EVP_PKEY *pkey;
292	int err;
293	- EVP_MD_CTX md_ctx;
294	+ EVP_MD_CTX *md_ctx;
295	EVP_MD *mdtype;
296	long keyresource = -1;
297	char * data; int data_len;
298	@@ -3722,11 +3764,13 @@
299	RETURN_FALSE;
300	}
301
302	- EVP_VerifyInit (&md_ctx, mdtype);
303	- EVP_VerifyUpdate (&md_ctx, data, data_len);
304	- err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey);
305	+ if (md_ctx != NULL) {
306	+ EVP_VerifyInit (md_ctx, mdtype);
307	+ EVP_VerifyUpdate (md_ctx, data, data_len);
308	+ err = EVP_VerifyFinal (md_ctx, (unsigned char *)signature, signature_len, pkey);
309	+ }
310	#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
311	- EVP_MD_CTX_cleanup(&md_ctx);
312	+ EVP_MD_CTX_destroy(md_ctx);
313	#endif
314
315	if (keyresource == -1) {
316	@@ -3748,7 +3792,7 @@
317	int i, len1, len2, *eksl, nkeys;
318	unsigned char buf = NULL, *eks;
319	char * data; int data_len;
320	- EVP_CIPHER_CTX ctx;
321	+ EVP_CIPHER_CTX *ctx;
322
323	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/", &data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE) {
324	return;
325	@@ -3785,7 +3829,9 @@
326	i++;
327	}
328
329	- if (!EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL)) {
330	+ ctx = EVP_CIPHER_CTX_new();
331	+ if (!EVP_EncryptInit(ctx,EVP_rc4(),NULL,NULL)) {
332	+ EVP_CIPHER_CTX_free(ctx);
333	RETVAL_FALSE;
334	goto clean_exit;
335	}
336	@@ -3796,15 +3842,16 @@
337	iv = ivlen ? emalloc(ivlen + 1) : NULL;
338	#endif
339	/* allocate one byte extra to make room for \0 */
340	- buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
341	+ buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
342
343	- if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys) \|\| !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
344	+ if (!EVP_SealInit(ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys) \|\| !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) {
345	RETVAL_FALSE;
346	efree(buf);
347	+ EVP_CIPHER_CTX_free(ctx);
348	goto clean_exit;
349	}
350
351	- EVP_SealFinal(&ctx, buf + len1, &len2);
352	+ EVP_SealFinal(ctx, buf + len1, &len2);
353
354	if (len1 + len2 > 0) {
355	zval_dtor(sealdata);
356	@@ -3833,6 +3880,7 @@
357	efree(buf);
358	}
359	RETVAL_LONG(len1 + len2);
360	+ EVP_CIPHER_CTX_free(ctx);
361
362	clean_exit:
363	for (i=0; i<nkeys; i++) {
364	@@ -3859,7 +3907,7 @@
365	int len1, len2;
366	unsigned char *buf;
367	long keyresource = -1;
368	- EVP_CIPHER_CTX ctx;
369	+ EVP_CIPHER_CTX *ctx;
370	char * data; int data_len;
371	char * ekey; int ekey_len;
372
373	@@ -3874,8 +3922,8 @@
374	}
375	buf = emalloc(data_len + 1);
376
377	- if (EVP_OpenInit(&ctx, EVP_rc4(), (unsigned char )ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char )data, data_len)) {
378	- if (!EVP_OpenFinal(&ctx, buf + len1, &len2) \|\| (len1 + len2 == 0)) {
379	+ if (EVP_OpenInit(ctx, EVP_rc4(), (unsigned char )ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(ctx, buf, &len1, (unsigned char )data, data_len)) {
380	+ if (!EVP_OpenFinal(ctx, buf + len1, &len2) \|\| (len1 + len2 == 0)) {
381	efree(buf);
382	if (keyresource == -1) {
383	EVP_PKEY_free(pkey);
384	diff -ur php-5.2.17/ext/openssl.org/xp_ssl.c php-5.2.17/ext/openssl/xp_ssl.c
385	--- php-5.2.17/ext/openssl.org/xp_ssl.c 2018-09-28 10:44:23.112946707 +0200
386	+++ php-5.2.17/ext/openssl/xp_ssl.c 2018-09-28 10:48:26.714263136 +0200
387	@@ -342,9 +342,14 @@
388	break;
389	#endif
390	case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
391	+#ifdef OPENSSL_NO_SSL3
392	+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
393	+ return -1;
394	+#else
395	sslsock->is_client = 1;
396	method = SSLv3_client_method();
397	break;
398	+#endif
399	case STREAM_CRYPTO_METHOD_TLS_CLIENT:
400	sslsock->is_client = 1;
401	method = TLSv1_client_method();
402	@@ -354,9 +359,14 @@
403	method = SSLv23_server_method();
404	break;
405	case STREAM_CRYPTO_METHOD_SSLv3_SERVER:
406	+#ifdef OPENSSL_NO_SSL3
407	+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
408	+ return -1;
409	+#else
410	sslsock->is_client = 0;
411	method = SSLv3_server_method();
412	break;
413	+#endif
414	case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
415	#ifdef OPENSSL_NO_SSL2
416	php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
417	--- php-5.2.17/acinclude.m4~ 2018-09-28 11:08:22.000000000 +0200
418	+++ php-5.2.17/acinclude.m4 2018-09-28 11:17:41.392940657 +0200
419	@@ -2325,8 +2325,10 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[
420	AC_MSG_ERROR([OpenSSL version 0.9.6 or greater required.])
421	fi
422
423	- if test -n "$OPENSSL_LIBS" && test -n "$OPENSSL_INCS"; then
424	+ if test -n "$OPENSSL_LIBS"; then
425	PHP_EVAL_LIBLINE($OPENSSL_LIBS, $1)
426	+ fi
427	+ if test -n "$OPENSSL_INCS"; then
428	PHP_EVAL_INCLINE($OPENSSL_INCS)
429	fi
430	fi
75564cd7 AM	431	--- php-5.3.29/ext/openssl/openssl.c~ 2021-10-23 19:18:21.000000000 +0200
	432	+++ php-5.3.29/ext/openssl/openssl.c 2021-10-23 19:19:01.483125024 +0200
	433	@@ -1044,7 +1044,9 @@ PHP_MINIT_FUNCTION(openssl)
	434	REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS\|CONST_PERSISTENT);
	435
	436	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS\|CONST_PERSISTENT);
	437	+#ifdef RSA_SSLV23_PADDING
	438	REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS\|CONST_PERSISTENT);
	439	+#endif
	440	REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS\|CONST_PERSISTENT);
	441	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS\|CONST_PERSISTENT);
	442