LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15807 Commits
1 Branch
46 MiB
Tree: b95f19207e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b95f19207e'
${ noResults }
openwrt-packages-dist/lang/php7/patches/1020-openssl-deprecated.patch

169 lines
6.0 KiB
Raw Normal View History

php7: Fix compilation without deprecated OpenSSL APIs Refreshed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years ago
 
  1. --- a/ext/ftp/php_ftp.c

  2. +++ b/ext/ftp/php_ftp.c

  3. @@ -320,12 +320,14 @@ static void ftp_destructor_ftpbuf(zend_resource *rsrc)

  4.  PHP_MINIT_FUNCTION(ftp)
  5.  {
  6.  #ifdef HAVE_FTP_SSL
  7. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  8.  	SSL_library_init();
  9.  	OpenSSL_add_all_ciphers();
  10.  	OpenSSL_add_all_digests();
  11.  	OpenSSL_add_all_algorithms();
  12.  
  13.  	SSL_load_error_strings();
  14. +#endif

  15.  #endif
  16.  
  17.  	le_ftpbuf = zend_register_list_destructors_ex(ftp_destructor_ftpbuf, NULL, le_ftpbuf_name, module_number);
  18. --- a/ext/openssl/openssl.c

  19. +++ b/ext/openssl/openssl.c

  20. @@ -683,6 +683,12 @@ static const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *asn1)

  21.  	return M_ASN1_STRING_data(asn1);
  22.  }
  23.  
  24. +#define OpenSSL_version		OpenSSL_version

  25. +#define OPENSSL_VERSION		OPENSSL_VERSION

  26. +#define X509_getm_notBefore	X509_get_notBefore

  27. +#define X509_getm_notAfter	X509_get_notAfter

  28. +#define EVP_CIPHER_CTX_reset	EVP_CIPHER_CTX_cleanup

  29. +

  30.  #if PHP_OPENSSL_API_VERSION < 0x10002
  31.  
  32.  static int X509_get_signature_nid(const X509 *x)
  33. @@ -1587,7 +1593,7 @@ PHP_MINFO_FUNCTION(openssl)

  34.  {
  35.  	php_info_print_table_start();
  36.  	php_info_print_table_row(2, "OpenSSL support", "enabled");
  37. -	php_info_print_table_row(2, "OpenSSL Library Version", SSLeay_version(SSLEAY_VERSION));

  38. +	php_info_print_table_row(2, "OpenSSL Library Version", OpenSSL_version(OPENSSL_VERSION));

  39.  	php_info_print_table_row(2, "OpenSSL Header Version", OPENSSL_VERSION_TEXT);
  40.  	php_info_print_table_row(2, "Openssl default config", default_ssl_conf_filename);
  41.  	php_info_print_table_end();
  42. @@ -2361,11 +2367,11 @@ PHP_FUNCTION(openssl_x509_parse)

  43.  	add_assoc_string(return_value, "serialNumberHex", hex_serial);
  44.  	OPENSSL_free(hex_serial);
  45.  
  46. -	php_openssl_add_assoc_asn1_string(return_value, "validFrom", 	X509_get_notBefore(cert));

  47. -	php_openssl_add_assoc_asn1_string(return_value, "validTo", 		X509_get_notAfter(cert));

  48. +	php_openssl_add_assoc_asn1_string(return_value, "validFrom", 	X509_getm_notBefore(cert));

  49. +	php_openssl_add_assoc_asn1_string(return_value, "validTo", 		X509_getm_notAfter(cert));

  50.  
  51. -	add_assoc_long(return_value, "validFrom_time_t", php_openssl_asn1_time_to_time_t(X509_get_notBefore(cert)));

  52. -	add_assoc_long(return_value, "validTo_time_t",  php_openssl_asn1_time_to_time_t(X509_get_notAfter(cert)));

  53. +	add_assoc_long(return_value, "validFrom_time_t", php_openssl_asn1_time_to_time_t(X509_getm_notBefore(cert)));

  54. +	add_assoc_long(return_value, "validTo_time_t",  php_openssl_asn1_time_to_time_t(X509_getm_notAfter(cert)));

  55.  
  56.  	tmpstr = (char *)X509_alias_get0(cert, NULL);
  57.  	if (tmpstr) {
  58. @@ -3455,8 +3461,8 @@ PHP_FUNCTION(openssl_csr_sign)

  59.  		php_openssl_store_errors();
  60.  		goto cleanup;
  61.  	}
  62. -	X509_gmtime_adj(X509_get_notBefore(new_cert), 0);

  63. -	X509_gmtime_adj(X509_get_notAfter(new_cert), 60*60*24*(long)num_days);

  64. +	X509_gmtime_adj(X509_getm_notBefore(new_cert), 0);

  65. +	X509_gmtime_adj(X509_getm_notAfter(new_cert), 60*60*24*(long)num_days);

  66.  	i = X509_set_pubkey(new_cert, key);
  67.  	if (!i) {
  68.  		php_openssl_store_errors();
  69. @@ -6072,7 +6078,7 @@ PHP_FUNCTION(openssl_seal)

  70.  
  71.  	/* allocate one byte extra to make room for \0 */
  72.  	buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
  73. -	EVP_CIPHER_CTX_cleanup(ctx);

  74. +	EVP_CIPHER_CTX_reset(ctx);

  75.  
  76.  	if (EVP_SealInit(ctx, cipher, eks, eksl, &iv_buf[0], pkeys, nkeys) <= 0 ||
  77.  			!EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) ||
  78. @@ -6622,7 +6628,7 @@ PHP_FUNCTION(openssl_encrypt)

  79.  	if (free_iv) {
  80.  		efree(iv);
  81.  	}
  82. -	EVP_CIPHER_CTX_cleanup(cipher_ctx);

  83. +	EVP_CIPHER_CTX_reset(cipher_ctx);

  84.  	EVP_CIPHER_CTX_free(cipher_ctx);
  85.  }
  86.  /* }}} */
  87. @@ -6709,7 +6715,7 @@ PHP_FUNCTION(openssl_decrypt)

  88.  	if (base64_str) {
  89.  		zend_string_release(base64_str);
  90.  	}
  91. -	EVP_CIPHER_CTX_cleanup(cipher_ctx);

  92. +	EVP_CIPHER_CTX_reset(cipher_ctx);

  93.  	EVP_CIPHER_CTX_free(cipher_ctx);
  94.  }
  95.  /* }}} */
  96. --- a/ext/openssl/xp_ssl.c

  97. +++ b/ext/openssl/xp_ssl.c

  98. @@ -56,8 +56,21 @@

  99.  #define HAVE_SSL3 1
  100.  #endif
  101.  
  102. +#if PHP_OPENSSL_API_VERSION >= 0x10100

  103. +#define HAVE_TLS 1

  104. +#endif

  105. +

  106. +#ifndef OPENSSL_NO_TLS1_METHOD

  107. +#define HAVE_TLS1 1

  108. +#endif

  109. +

  110. +#ifndef OPENSSL_NO_TLS1_1_METHOD

  111.  #define HAVE_TLS11 1
  112. +#endif

  113. +

  114. +#ifndef OPENSSL_NO_TLS1_2_METHOD

  115.  #define HAVE_TLS12 1
  116. +#endif

  117.  
  118.  #ifndef OPENSSL_NO_ECDH
  119.  #define HAVE_ECDH 1
  120. @@ -78,9 +91,10 @@

  121.  #define STREAM_CRYPTO_IS_CLIENT            (1<<0)
  122.  #define STREAM_CRYPTO_METHOD_SSLv2         (1<<1)
  123.  #define STREAM_CRYPTO_METHOD_SSLv3         (1<<2)
  124. -#define STREAM_CRYPTO_METHOD_TLSv1_0       (1<<3)

  125. -#define STREAM_CRYPTO_METHOD_TLSv1_1       (1<<4)

  126. -#define STREAM_CRYPTO_METHOD_TLSv1_2       (1<<5)

  127. +#define STREAM_CRYPTO_METHOD_TLS           (1<<3)

  128. +#define STREAM_CRYPTO_METHOD_TLSv1_0       (1<<4)

  129. +#define STREAM_CRYPTO_METHOD_TLSv1_1       (1<<5)

  130. +#define STREAM_CRYPTO_METHOD_TLSv1_2       (1<<6)

  131.  
  132.  /* Simplify ssl context option retrieval */
  133.  #define GET_VER_OPT(name) \
  134. @@ -960,9 +974,23 @@ static const SSL_METHOD *php_openssl_select_crypto_method(zend_long method_value

  135.  		php_error_docref(NULL, E_WARNING,
  136.  				"SSLv3 unavailable in the OpenSSL library against which PHP is linked");
  137.  		return NULL;
  138. +#endif

  139. +	} else if (method_value == STREAM_CRYPTO_METHOD_TLS) {

  140. +#ifdef HAVE_TLS

  141. +		return is_client ? TLS_client_method() : TLS_server_method();

  142. +#else

  143. +		php_error_docref(NULL, E_WARNING,

  144. +				"TLS unavailable in the OpenSSL library against which PHP is linked");

  145. +		return NULL;

  146.  #endif
  147.  	} else if (method_value == STREAM_CRYPTO_METHOD_TLSv1_0) {
  148. +#ifdef HAVE_TLS1

  149.  		return is_client ? TLSv1_client_method() : TLSv1_server_method();
  150. +#else

  151. +		php_error_docref(NULL, E_WARNING,

  152. +				"TLSv1 unavailable in the OpenSSL library against which PHP is linked");

  153. +		return NULL;

  154. +#endif

  155.  	} else if (method_value == STREAM_CRYPTO_METHOD_TLSv1_1) {
  156.  #ifdef HAVE_TLS11
  157.  		return is_client ? TLSv1_1_client_method() : TLSv1_1_server_method();
  158. @@ -1014,9 +1042,11 @@ static int php_openssl_get_crypto_method_ctx_flags(int method_flags) /* {{{ */

  159.  		ssl_ctx_options |= SSL_OP_NO_SSLv3;
  160.  	}
  161.  #endif
  162. +#ifdef HAVE_TLS1

  163.  	if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_0)) {
  164.  		ssl_ctx_options |= SSL_OP_NO_TLSv1;
  165.  	}
  166. +#endif

  167.  #ifdef HAVE_TLS11
  168.  	if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_1)) {
  169.  		ssl_ctx_options |= SSL_OP_NO_TLSv1_1;