diff options
| -rw-r--r-- | php-7.0.17-openssl11.patch | 148 |
1 files changed, 97 insertions, 51 deletions
diff --git a/php-7.0.17-openssl11.patch b/php-7.0.17-openssl11.patch index bf5c6d0..0c0e691 100644 --- a/php-7.0.17-openssl11.patch +++ b/php-7.0.17-openssl11.patch @@ -1,3 +1,20 @@ +From d983347232dbf90cb6f5c187dc54686809fb04a0 Mon Sep 17 00:00:00 2001 +From: Remi Collet <fedora@famillecollet.com> +Date: Mon, 20 Mar 2017 11:41:46 +0100 +Subject: [PATCH] backport needed change for OpenSSL 1.1 + +--- + acinclude.m4 | 4 +- + ext/openssl/openssl.c | 522 ++++++++++++++-------- + ext/openssl/tests/001.phpt | 7 +- + ext/openssl/tests/bug41033.phpt | 4 +- + ext/openssl/tests/bug66501.phpt | 2 +- + ext/openssl/tests/openssl_error_string_basic.phpt | 6 +- + ext/openssl/tests/openssl_free_key.phpt | 5 +- + ext/openssl/tests/sni_server.phpt | 2 + + ext/phar/util.c | 13 +- + 9 files changed, 364 insertions(+), 201 deletions(-) + diff --git a/acinclude.m4 b/acinclude.m4 index 25c3c7d..ecbbe80 100644 --- a/acinclude.m4 @@ -14,10 +31,18 @@ index 25c3c7d..ecbbe80 100644 OPENSSL_LIBS=`$PKG_CONFIG --libs openssl` OPENSSL_INCS=`$PKG_CONFIG --cflags-only-I openssl` diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c -index da60bb9..2932e16 100644 +index da60bb9..4a26781 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c -@@ -1100,9 +1100,11 @@ static EVP_MD * php_openssl_get_evp_md_from_algo(zend_long algo) { /* {{{ */ +@@ -72,7 +72,6 @@ + #ifdef HAVE_OPENSSL_MD2_H + #define OPENSSL_ALGO_MD2 4 + #endif +-#define OPENSSL_ALGO_DSS1 5 + #if OPENSSL_VERSION_NUMBER >= 0x0090708fL + #define OPENSSL_ALGO_SHA224 6 + #define OPENSSL_ALGO_SHA256 7 +@@ -1100,9 +1099,11 @@ static EVP_MD * php_openssl_get_evp_md_from_algo(zend_long algo) { /* {{{ */ mdtype = (EVP_MD *) EVP_md2(); break; #endif @@ -29,7 +54,15 @@ index da60bb9..2932e16 100644 #if OPENSSL_VERSION_NUMBER >= 0x0090708fL case OPENSSL_ALGO_SHA224: mdtype = (EVP_MD *) EVP_sha224(); -@@ -1938,6 +1940,7 @@ static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) +@@ -1220,7 +1221,6 @@ PHP_MINIT_FUNCTION(openssl) + #ifdef HAVE_OPENSSL_MD2_H + REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD2", OPENSSL_ALGO_MD2, CONST_CS|CONST_PERSISTENT); + #endif +- REGISTER_LONG_CONSTANT("OPENSSL_ALGO_DSS1", OPENSSL_ALGO_DSS1, CONST_CS|CONST_PERSISTENT); + #if OPENSSL_VERSION_NUMBER >= 0x0090708fL + REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA224", OPENSSL_ALGO_SHA224, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA256", OPENSSL_ALGO_SHA256, CONST_CS|CONST_PERSISTENT); +@@ -1938,6 +1938,7 @@ static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) { GENERAL_NAMES *names; const X509V3_EXT_METHOD *method = NULL; @@ -37,7 +70,7 @@ index da60bb9..2932e16 100644 long i, length, num; const unsigned char *p; -@@ -1946,8 +1949,9 @@ static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) +@@ -1946,8 +1947,9 @@ static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) return -1; } @@ -49,7 +82,7 @@ index da60bb9..2932e16 100644 if (method->it) { names = (GENERAL_NAMES*) (ASN1_item_d2i(NULL, &p, length, ASN1_ITEM_ptr(method->it))); -@@ -2010,6 +2014,8 @@ PHP_FUNCTION(openssl_x509_parse) +@@ -2010,6 +2012,8 @@ PHP_FUNCTION(openssl_x509_parse) char * tmpstr; zval subitem; X509_EXTENSION *extension; @@ -58,7 +91,7 @@ index da60bb9..2932e16 100644 char *extname; BIO *bio_out; BUF_MEM *bio_buf; -@@ -2028,9 +2034,11 @@ PHP_FUNCTION(openssl_x509_parse) +@@ -2028,12 +2032,14 @@ PHP_FUNCTION(openssl_x509_parse) } array_init(return_value); @@ -72,8 +105,12 @@ index da60bb9..2932e16 100644 + /* add_assoc_bool(return_value, "valid", cert->valid); */ - add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames); -@@ -2078,7 +2086,7 @@ PHP_FUNCTION(openssl_x509_parse) +- add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames); ++ add_assoc_name_entry(return_value, "subject", subject_name, useshortnames); + /* hash as used in CA directories to lookup cert by subject name */ + { + char buf[32]; +@@ -2078,7 +2084,7 @@ PHP_FUNCTION(openssl_x509_parse) add_assoc_string(return_value, "alias", tmpstr); } @@ -82,7 +119,7 @@ index da60bb9..2932e16 100644 add_assoc_string(return_value, "signatureTypeSN", (char*)OBJ_nid2sn(sig_nid)); add_assoc_string(return_value, "signatureTypeLN", (char*)OBJ_nid2ln(sig_nid)); add_assoc_long(return_value, "signatureTypeNID", sig_nid); -@@ -3560,44 +3568,68 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey) +@@ -3560,44 +3566,68 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey) { assert(pkey != NULL); @@ -171,7 +208,7 @@ index da60bb9..2932e16 100644 } break; #endif -@@ -3609,42 +3641,91 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey) +@@ -3609,42 +3639,91 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey) } /* }}} */ @@ -286,7 +323,7 @@ index da60bb9..2932e16 100644 return 0; } /* all good */ -@@ -3652,15 +3733,69 @@ zend_bool php_openssl_pkey_init_dsa(DSA *dsa) +@@ -3652,15 +3731,69 @@ zend_bool php_openssl_pkey_init_dsa(DSA *dsa) } /* }}} */ @@ -360,7 +397,7 @@ index da60bb9..2932e16 100644 PHP_OPENSSL_RAND_ADD_TIME(); if (!DH_generate_key(dh)) { return 0; -@@ -3692,18 +3827,8 @@ PHP_FUNCTION(openssl_pkey_new) +@@ -3692,18 +3825,8 @@ PHP_FUNCTION(openssl_pkey_new) if (pkey) { RSA *rsa = RSA_new(); if (rsa) { @@ -381,7 +418,7 @@ index da60bb9..2932e16 100644 } RSA_free(rsa); } -@@ -3716,12 +3841,7 @@ PHP_FUNCTION(openssl_pkey_new) +@@ -3716,12 +3839,7 @@ PHP_FUNCTION(openssl_pkey_new) if (pkey) { DSA *dsa = DSA_new(); if (dsa) { @@ -395,7 +432,7 @@ index da60bb9..2932e16 100644 if (EVP_PKEY_assign_DSA(pkey, dsa)) { RETURN_RES(zend_register_resource(pkey, le_key)); } -@@ -3737,11 +3857,7 @@ PHP_FUNCTION(openssl_pkey_new) +@@ -3737,11 +3855,7 @@ PHP_FUNCTION(openssl_pkey_new) if (pkey) { DH *dh = DH_new(); if (dh) { @@ -408,7 +445,7 @@ index da60bb9..2932e16 100644 if (EVP_PKEY_assign_DH(pkey, dh)) { ZVAL_COPY_VALUE(return_value, zend_list_insert(pkey, le_key)); return; -@@ -3819,7 +3935,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file) +@@ -3819,7 +3933,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file) cipher = NULL; } @@ -417,7 +454,7 @@ index da60bb9..2932e16 100644 #ifdef HAVE_EVP_PKEY_EC case EVP_PKEY_EC: pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL); -@@ -3889,7 +4005,7 @@ PHP_FUNCTION(openssl_pkey_export) +@@ -3889,7 +4003,7 @@ PHP_FUNCTION(openssl_pkey_export) cipher = NULL; } @@ -426,7 +463,7 @@ index da60bb9..2932e16 100644 #ifdef HAVE_EVP_PKEY_EC case EVP_PKEY_EC: pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL); -@@ -4012,65 +4128,84 @@ PHP_FUNCTION(openssl_pkey_get_details) +@@ -4012,65 +4126,84 @@ PHP_FUNCTION(openssl_pkey_get_details) /*TODO: Use the real values once the openssl constants are used * See the enum at the top of this file */ @@ -554,7 +591,7 @@ index da60bb9..2932e16 100644 zval ec; const EC_GROUP *ec_group; int nid; -@@ -4627,13 +4762,13 @@ PHP_FUNCTION(openssl_private_encrypt) +@@ -4627,13 +4760,13 @@ PHP_FUNCTION(openssl_private_encrypt) cryptedlen = EVP_PKEY_size(pkey); cryptedbuf = zend_string_alloc(cryptedlen, 0); @@ -570,7 +607,7 @@ index da60bb9..2932e16 100644 (int)padding) == cryptedlen); break; default: -@@ -4687,13 +4822,13 @@ PHP_FUNCTION(openssl_private_decrypt) +@@ -4687,13 +4820,13 @@ PHP_FUNCTION(openssl_private_decrypt) cryptedlen = EVP_PKEY_size(pkey); crypttemp = emalloc(cryptedlen + 1); @@ -586,7 +623,7 @@ index da60bb9..2932e16 100644 (int)padding); if (cryptedlen != -1) { cryptedbuf = zend_string_alloc(cryptedlen, 0); -@@ -4753,13 +4888,13 @@ PHP_FUNCTION(openssl_public_encrypt) +@@ -4753,13 +4886,13 @@ PHP_FUNCTION(openssl_public_encrypt) cryptedlen = EVP_PKEY_size(pkey); cryptedbuf = zend_string_alloc(cryptedlen, 0); @@ -602,7 +639,7 @@ index da60bb9..2932e16 100644 (int)padding) == cryptedlen); break; default: -@@ -4814,13 +4949,13 @@ PHP_FUNCTION(openssl_public_decrypt) +@@ -4814,13 +4947,13 @@ PHP_FUNCTION(openssl_public_decrypt) cryptedlen = EVP_PKEY_size(pkey); crypttemp = emalloc(cryptedlen + 1); @@ -618,7 +655,7 @@ index da60bb9..2932e16 100644 (int)padding); if (cryptedlen != -1) { cryptedbuf = zend_string_alloc(cryptedlen, 0); -@@ -4884,7 +5019,7 @@ PHP_FUNCTION(openssl_sign) +@@ -4884,7 +5017,7 @@ PHP_FUNCTION(openssl_sign) zend_resource *keyresource = NULL; char * data; size_t data_len; @@ -627,7 +664,7 @@ index da60bb9..2932e16 100644 zval *method = NULL; zend_long signature_algo = OPENSSL_ALGO_SHA1; const EVP_MD *mdtype; -@@ -4917,9 +5052,11 @@ PHP_FUNCTION(openssl_sign) +@@ -4917,9 +5050,11 @@ PHP_FUNCTION(openssl_sign) siglen = EVP_PKEY_size(pkey); sigbuf = zend_string_alloc(siglen, 0); @@ -638,11 +675,11 @@ index da60bb9..2932e16 100644 + if (md_ctx != NULL && + EVP_SignInit(md_ctx, mdtype) && + EVP_SignUpdate(md_ctx, data, data_len) && -+ EVP_SignFinal (md_ctx, (unsigned char*)ZSTR_VAL(sigbuf), &siglen, pkey)) { ++ EVP_SignFinal(md_ctx, (unsigned char*)ZSTR_VAL(sigbuf), &siglen, pkey)) { zval_dtor(signature); ZSTR_VAL(sigbuf)[siglen] = '\0'; ZSTR_LEN(sigbuf) = siglen; -@@ -4929,7 +5066,7 @@ PHP_FUNCTION(openssl_sign) +@@ -4929,7 +5064,7 @@ PHP_FUNCTION(openssl_sign) efree(sigbuf); RETVAL_FALSE; } @@ -651,7 +688,7 @@ index da60bb9..2932e16 100644 if (keyresource == NULL) { EVP_PKEY_free(pkey); } -@@ -4942,8 +5079,8 @@ PHP_FUNCTION(openssl_verify) +@@ -4942,8 +5077,8 @@ PHP_FUNCTION(openssl_verify) { zval *key; EVP_PKEY *pkey; @@ -662,7 +699,7 @@ index da60bb9..2932e16 100644 const EVP_MD *mdtype; zend_resource *keyresource = NULL; char * data; -@@ -4981,10 +5118,13 @@ PHP_FUNCTION(openssl_verify) +@@ -4981,10 +5116,13 @@ PHP_FUNCTION(openssl_verify) RETURN_FALSE; } @@ -672,15 +709,15 @@ index da60bb9..2932e16 100644 - EVP_MD_CTX_cleanup(&md_ctx); + md_ctx = EVP_MD_CTX_create(); + if (md_ctx) { -+ EVP_VerifyInit (md_ctx, mdtype); -+ EVP_VerifyUpdate (md_ctx, data, data_len); ++ EVP_VerifyInit(md_ctx, mdtype); ++ EVP_VerifyUpdate(md_ctx, data, data_len); + err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey); + } + EVP_MD_CTX_destroy(md_ctx); if (keyresource == NULL) { EVP_PKEY_free(pkey); -@@ -5008,7 +5148,7 @@ PHP_FUNCTION(openssl_seal) +@@ -5008,7 +5146,7 @@ PHP_FUNCTION(openssl_seal) char *method =NULL; size_t method_len = 0; const EVP_CIPHER *cipher; @@ -689,7 +726,7 @@ index da60bb9..2932e16 100644 if (zend_parse_parameters(ZEND_NUM_ARGS(), "sz/z/a/|sz/", &data, &data_len, &sealdata, &ekeys, &pubkeys, &method, &method_len, &iv) == FAILURE) { -@@ -5061,22 +5201,23 @@ PHP_FUNCTION(openssl_seal) +@@ -5061,22 +5199,23 @@ PHP_FUNCTION(openssl_seal) i++; } ZEND_HASH_FOREACH_END(); @@ -721,7 +758,7 @@ index da60bb9..2932e16 100644 goto clean_exit; } -@@ -5104,7 +5245,7 @@ PHP_FUNCTION(openssl_seal) +@@ -5104,7 +5243,7 @@ PHP_FUNCTION(openssl_seal) efree(buf); } RETVAL_LONG(len1 + len2); @@ -730,7 +767,7 @@ index da60bb9..2932e16 100644 clean_exit: for (i=0; i<nkeys; i++) { -@@ -5131,7 +5272,7 @@ PHP_FUNCTION(openssl_open) +@@ -5131,7 +5270,7 @@ PHP_FUNCTION(openssl_open) int len1, len2, cipher_iv_len; unsigned char *buf, *iv_buf; zend_resource *keyresource = NULL; @@ -739,7 +776,7 @@ index da60bb9..2932e16 100644 char * data; size_t data_len; char * ekey; -@@ -5182,9 +5323,10 @@ PHP_FUNCTION(openssl_open) +@@ -5182,9 +5321,10 @@ PHP_FUNCTION(openssl_open) buf = emalloc(data_len + 1); @@ -753,7 +790,7 @@ index da60bb9..2932e16 100644 efree(buf); RETVAL_FALSE; } else { -@@ -5201,7 +5343,7 @@ PHP_FUNCTION(openssl_open) +@@ -5201,7 +5341,7 @@ PHP_FUNCTION(openssl_open) if (keyresource == NULL) { EVP_PKEY_free(pkey); } @@ -762,7 +799,7 @@ index da60bb9..2932e16 100644 } /* }}} */ -@@ -5259,7 +5401,7 @@ PHP_FUNCTION(openssl_digest) +@@ -5259,7 +5399,7 @@ PHP_FUNCTION(openssl_digest) char *data, *method; size_t data_len, method_len; const EVP_MD *mdtype; @@ -771,7 +808,7 @@ index da60bb9..2932e16 100644 unsigned int siglen; zend_string *sigbuf; -@@ -5275,9 +5417,10 @@ PHP_FUNCTION(openssl_digest) +@@ -5275,9 +5415,10 @@ PHP_FUNCTION(openssl_digest) siglen = EVP_MD_size(mdtype); sigbuf = zend_string_alloc(siglen, 0); @@ -781,11 +818,11 @@ index da60bb9..2932e16 100644 + md_ctx = EVP_MD_CTX_create(); + if (EVP_DigestInit(md_ctx, mdtype) && + EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len) && -+ EVP_DigestFinal (md_ctx, (unsigned char *)ZSTR_VAL(sigbuf), &siglen)) { ++ EVP_DigestFinal(md_ctx, (unsigned char *)ZSTR_VAL(sigbuf), &siglen)) { if (raw_output) { ZSTR_VAL(sigbuf)[siglen] = '\0'; ZSTR_LEN(sigbuf) = siglen; -@@ -5295,6 +5438,8 @@ PHP_FUNCTION(openssl_digest) +@@ -5295,6 +5436,8 @@ PHP_FUNCTION(openssl_digest) zend_string_release(sigbuf); RETVAL_FALSE; } @@ -794,7 +831,7 @@ index da60bb9..2932e16 100644 } /* }}} */ -@@ -5340,7 +5485,7 @@ PHP_FUNCTION(openssl_encrypt) +@@ -5340,7 +5483,7 @@ PHP_FUNCTION(openssl_encrypt) char *data, *method, *password, *iv = ""; size_t data_len, method_len, password_len, iv_len = 0, max_iv_len; const EVP_CIPHER *cipher_type; @@ -803,7 +840,7 @@ index da60bb9..2932e16 100644 int i=0, keylen; size_t outlen; zend_string *outbuf; -@@ -5356,6 +5501,12 @@ PHP_FUNCTION(openssl_encrypt) +@@ -5356,6 +5499,12 @@ PHP_FUNCTION(openssl_encrypt) RETURN_FALSE; } @@ -816,7 +853,7 @@ index da60bb9..2932e16 100644 PHP_OPENSSL_CHECK_SIZE_T_TO_INT(data_len, data); keylen = EVP_CIPHER_key_length(cipher_type); -@@ -5376,20 +5527,20 @@ PHP_FUNCTION(openssl_encrypt) +@@ -5376,20 +5525,20 @@ PHP_FUNCTION(openssl_encrypt) outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = zend_string_alloc(outlen, 0); @@ -843,17 +880,16 @@ index da60bb9..2932e16 100644 outlen += i; if (options & OPENSSL_RAW_DATA) { ZSTR_VAL(outbuf)[outlen] = '\0'; -@@ -5412,7 +5563,8 @@ PHP_FUNCTION(openssl_encrypt) +@@ -5412,7 +5561,7 @@ PHP_FUNCTION(openssl_encrypt) if (free_iv) { efree(iv); } - EVP_CIPHER_CTX_cleanup(&cipher_ctx); -+ EVP_CIPHER_CTX_cleanup(cipher_ctx); + EVP_CIPHER_CTX_free(cipher_ctx); } /* }}} */ -@@ -5424,7 +5576,7 @@ PHP_FUNCTION(openssl_decrypt) +@@ -5424,7 +5573,7 @@ PHP_FUNCTION(openssl_decrypt) char *data, *method, *password, *iv = ""; size_t data_len, method_len, password_len, iv_len = 0; const EVP_CIPHER *cipher_type; @@ -862,7 +898,7 @@ index da60bb9..2932e16 100644 int i, keylen; size_t outlen; zend_string *outbuf; -@@ -5440,6 +5592,11 @@ PHP_FUNCTION(openssl_decrypt) +@@ -5440,6 +5589,11 @@ PHP_FUNCTION(openssl_decrypt) php_error_docref(NULL, E_WARNING, "Unknown cipher algorithm"); RETURN_FALSE; } @@ -874,7 +910,15 @@ index da60bb9..2932e16 100644 PHP_OPENSSL_CHECK_SIZE_T_TO_INT(data_len, data); -@@ -5473,18 +5630,18 @@ PHP_FUNCTION(openssl_decrypt) +@@ -5453,6 +5607,7 @@ PHP_FUNCTION(openssl_decrypt) + base64_str = php_base64_decode((unsigned char*)data, data_len); + if (!base64_str) { + php_error_docref(NULL, E_WARNING, "Failed to base64 decode the input"); ++ EVP_CIPHER_CTX_free(cipher_ctx); + RETURN_FALSE; + } + data_len = ZSTR_LEN(base64_str); +@@ -5473,18 +5628,18 @@ PHP_FUNCTION(openssl_decrypt) outlen = data_len + EVP_CIPHER_block_size(cipher_type); outbuf = zend_string_alloc(outlen, 0); @@ -899,17 +943,16 @@ index da60bb9..2932e16 100644 outlen += i; ZSTR_VAL(outbuf)[outlen] = '\0'; ZSTR_LEN(outbuf) = outlen; -@@ -5502,7 +5659,8 @@ PHP_FUNCTION(openssl_decrypt) +@@ -5502,7 +5657,7 @@ PHP_FUNCTION(openssl_decrypt) if (base64_str) { zend_string_release(base64_str); } - EVP_CIPHER_CTX_cleanup(&cipher_ctx); -+ EVP_CIPHER_CTX_reset(cipher_ctx); + EVP_CIPHER_CTX_free(cipher_ctx); } /* }}} */ -@@ -5540,6 +5698,7 @@ PHP_FUNCTION(openssl_dh_compute_key) +@@ -5540,6 +5695,7 @@ PHP_FUNCTION(openssl_dh_compute_key) zval *key; char *pub_str; size_t pub_len; @@ -917,7 +960,7 @@ index da60bb9..2932e16 100644 EVP_PKEY *pkey; BIGNUM *pub; zend_string *data; -@@ -5551,15 +5710,19 @@ PHP_FUNCTION(openssl_dh_compute_key) +@@ -5551,15 +5707,19 @@ PHP_FUNCTION(openssl_dh_compute_key) if ((pkey = (EVP_PKEY *)zend_fetch_resource(Z_RES_P(key), "OpenSSL key", le_key)) == NULL) { RETURN_FALSE; } @@ -1119,3 +1162,6 @@ index 9f7fcae..f571429 100644 #endif *signature_len = phar_hex_str((const char*)sig, sig_len, signature); +-- +2.9.3 + |