--- a/ext/ftp/php_ftp.c +++ b/ext/ftp/php_ftp.c @@ -320,12 +320,14 @@ static void ftp_destructor_ftpbuf(zend_resource *rsrc) PHP_MINIT_FUNCTION(ftp) { #ifdef HAVE_FTP_SSL +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_library_init(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); +#endif #endif le_ftpbuf = zend_register_list_destructors_ex(ftp_destructor_ftpbuf, NULL, le_ftpbuf_name, module_number); --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -683,6 +683,12 @@ static const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *asn1) return M_ASN1_STRING_data(asn1); } +#define OpenSSL_version OpenSSL_version +#define OPENSSL_VERSION OPENSSL_VERSION +#define X509_getm_notBefore X509_get_notBefore +#define X509_getm_notAfter X509_get_notAfter +#define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_cleanup + #if PHP_OPENSSL_API_VERSION < 0x10002 static int X509_get_signature_nid(const X509 *x) @@ -1587,7 +1593,7 @@ PHP_MINFO_FUNCTION(openssl) { php_info_print_table_start(); php_info_print_table_row(2, "OpenSSL support", "enabled"); - php_info_print_table_row(2, "OpenSSL Library Version", SSLeay_version(SSLEAY_VERSION)); + php_info_print_table_row(2, "OpenSSL Library Version", OpenSSL_version(OPENSSL_VERSION)); php_info_print_table_row(2, "OpenSSL Header Version", OPENSSL_VERSION_TEXT); php_info_print_table_row(2, "Openssl default config", default_ssl_conf_filename); php_info_print_table_end(); @@ -2361,11 +2367,11 @@ PHP_FUNCTION(openssl_x509_parse) add_assoc_string(return_value, "serialNumberHex", hex_serial); OPENSSL_free(hex_serial); - php_openssl_add_assoc_asn1_string(return_value, "validFrom", X509_get_notBefore(cert)); - php_openssl_add_assoc_asn1_string(return_value, "validTo", X509_get_notAfter(cert)); + php_openssl_add_assoc_asn1_string(return_value, "validFrom", X509_getm_notBefore(cert)); + php_openssl_add_assoc_asn1_string(return_value, "validTo", X509_getm_notAfter(cert)); - add_assoc_long(return_value, "validFrom_time_t", php_openssl_asn1_time_to_time_t(X509_get_notBefore(cert))); - add_assoc_long(return_value, "validTo_time_t", php_openssl_asn1_time_to_time_t(X509_get_notAfter(cert))); + add_assoc_long(return_value, "validFrom_time_t", php_openssl_asn1_time_to_time_t(X509_getm_notBefore(cert))); + add_assoc_long(return_value, "validTo_time_t", php_openssl_asn1_time_to_time_t(X509_getm_notAfter(cert))); tmpstr = (char *)X509_alias_get0(cert, NULL); if (tmpstr) { @@ -3455,8 +3461,8 @@ PHP_FUNCTION(openssl_csr_sign) php_openssl_store_errors(); goto cleanup; } - X509_gmtime_adj(X509_get_notBefore(new_cert), 0); - X509_gmtime_adj(X509_get_notAfter(new_cert), 60*60*24*(long)num_days); + X509_gmtime_adj(X509_getm_notBefore(new_cert), 0); + X509_gmtime_adj(X509_getm_notAfter(new_cert), 60*60*24*(long)num_days); i = X509_set_pubkey(new_cert, key); if (!i) { php_openssl_store_errors(); @@ -6072,7 +6078,7 @@ PHP_FUNCTION(openssl_seal) /* allocate one byte extra to make room for \0 */ buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx)); - EVP_CIPHER_CTX_cleanup(ctx); + EVP_CIPHER_CTX_reset(ctx); if (EVP_SealInit(ctx, cipher, eks, eksl, &iv_buf[0], pkeys, nkeys) <= 0 || !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) || @@ -6622,7 +6628,7 @@ PHP_FUNCTION(openssl_encrypt) if (free_iv) { efree(iv); } - EVP_CIPHER_CTX_cleanup(cipher_ctx); + EVP_CIPHER_CTX_reset(cipher_ctx); EVP_CIPHER_CTX_free(cipher_ctx); } /* }}} */ @@ -6709,7 +6715,7 @@ PHP_FUNCTION(openssl_decrypt) if (base64_str) { zend_string_release(base64_str); } - EVP_CIPHER_CTX_cleanup(cipher_ctx); + EVP_CIPHER_CTX_reset(cipher_ctx); EVP_CIPHER_CTX_free(cipher_ctx); } /* }}} */ --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -56,8 +56,21 @@ #define HAVE_SSL3 1 #endif +#if PHP_OPENSSL_API_VERSION >= 0x10100 +#define HAVE_TLS 1 +#endif + +#ifndef OPENSSL_NO_TLS1_METHOD +#define HAVE_TLS1 1 +#endif + +#ifndef OPENSSL_NO_TLS1_1_METHOD #define HAVE_TLS11 1 +#endif + +#ifndef OPENSSL_NO_TLS1_2_METHOD #define HAVE_TLS12 1 +#endif #ifndef OPENSSL_NO_ECDH #define HAVE_ECDH 1 @@ -78,9 +91,10 @@ #define STREAM_CRYPTO_IS_CLIENT (1<<0) #define STREAM_CRYPTO_METHOD_SSLv2 (1<<1) #define STREAM_CRYPTO_METHOD_SSLv3 (1<<2) -#define STREAM_CRYPTO_METHOD_TLSv1_0 (1<<3) -#define STREAM_CRYPTO_METHOD_TLSv1_1 (1<<4) -#define STREAM_CRYPTO_METHOD_TLSv1_2 (1<<5) +#define STREAM_CRYPTO_METHOD_TLS (1<<3) +#define STREAM_CRYPTO_METHOD_TLSv1_0 (1<<4) +#define STREAM_CRYPTO_METHOD_TLSv1_1 (1<<5) +#define STREAM_CRYPTO_METHOD_TLSv1_2 (1<<6) /* Simplify ssl context option retrieval */ #define GET_VER_OPT(name) \ @@ -960,9 +974,23 @@ static const SSL_METHOD *php_openssl_select_crypto_method(zend_long method_value php_error_docref(NULL, E_WARNING, "SSLv3 unavailable in the OpenSSL library against which PHP is linked"); return NULL; +#endif + } else if (method_value == STREAM_CRYPTO_METHOD_TLS) { +#ifdef HAVE_TLS + return is_client ? TLS_client_method() : TLS_server_method(); +#else + php_error_docref(NULL, E_WARNING, + "TLS unavailable in the OpenSSL library against which PHP is linked"); + return NULL; #endif } else if (method_value == STREAM_CRYPTO_METHOD_TLSv1_0) { +#ifdef HAVE_TLS1 return is_client ? TLSv1_client_method() : TLSv1_server_method(); +#else + php_error_docref(NULL, E_WARNING, + "TLSv1 unavailable in the OpenSSL library against which PHP is linked"); + return NULL; +#endif } else if (method_value == STREAM_CRYPTO_METHOD_TLSv1_1) { #ifdef HAVE_TLS11 return is_client ? TLSv1_1_client_method() : TLSv1_1_server_method(); @@ -1014,9 +1042,11 @@ static int php_openssl_get_crypto_method_ctx_flags(int method_flags) /* {{{ */ ssl_ctx_options |= SSL_OP_NO_SSLv3; } #endif +#ifdef HAVE_TLS1 if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_0)) { ssl_ctx_options |= SSL_OP_NO_TLSv1; } +#endif #ifdef HAVE_TLS11 if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_1)) { ssl_ctx_options |= SSL_OP_NO_TLSv1_1;