|
--- a/ext/ftp/php_ftp.c
|
|
+++ b/ext/ftp/php_ftp.c
|
|
@@ -320,12 +320,14 @@ static void ftp_destructor_ftpbuf(zend_resource *rsrc)
|
|
PHP_MINIT_FUNCTION(ftp)
|
|
{
|
|
#ifdef HAVE_FTP_SSL
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
SSL_library_init();
|
|
OpenSSL_add_all_ciphers();
|
|
OpenSSL_add_all_digests();
|
|
OpenSSL_add_all_algorithms();
|
|
|
|
SSL_load_error_strings();
|
|
+#endif
|
|
#endif
|
|
|
|
le_ftpbuf = zend_register_list_destructors_ex(ftp_destructor_ftpbuf, NULL, le_ftpbuf_name, module_number);
|
|
--- a/ext/openssl/openssl.c
|
|
+++ b/ext/openssl/openssl.c
|
|
@@ -683,6 +683,12 @@ static const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *asn1)
|
|
return M_ASN1_STRING_data(asn1);
|
|
}
|
|
|
|
+#define OpenSSL_version OpenSSL_version
|
|
+#define OPENSSL_VERSION OPENSSL_VERSION
|
|
+#define X509_getm_notBefore X509_get_notBefore
|
|
+#define X509_getm_notAfter X509_get_notAfter
|
|
+#define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_cleanup
|
|
+
|
|
#if PHP_OPENSSL_API_VERSION < 0x10002
|
|
|
|
static int X509_get_signature_nid(const X509 *x)
|
|
@@ -1587,7 +1593,7 @@ PHP_MINFO_FUNCTION(openssl)
|
|
{
|
|
php_info_print_table_start();
|
|
php_info_print_table_row(2, "OpenSSL support", "enabled");
|
|
- php_info_print_table_row(2, "OpenSSL Library Version", SSLeay_version(SSLEAY_VERSION));
|
|
+ php_info_print_table_row(2, "OpenSSL Library Version", OpenSSL_version(OPENSSL_VERSION));
|
|
php_info_print_table_row(2, "OpenSSL Header Version", OPENSSL_VERSION_TEXT);
|
|
php_info_print_table_row(2, "Openssl default config", default_ssl_conf_filename);
|
|
php_info_print_table_end();
|
|
@@ -2364,11 +2370,11 @@ PHP_FUNCTION(openssl_x509_parse)
|
|
add_assoc_string(return_value, "serialNumberHex", hex_serial);
|
|
OPENSSL_free(hex_serial);
|
|
|
|
- php_openssl_add_assoc_asn1_string(return_value, "validFrom", X509_get_notBefore(cert));
|
|
- php_openssl_add_assoc_asn1_string(return_value, "validTo", X509_get_notAfter(cert));
|
|
+ php_openssl_add_assoc_asn1_string(return_value, "validFrom", X509_getm_notBefore(cert));
|
|
+ php_openssl_add_assoc_asn1_string(return_value, "validTo", X509_getm_notAfter(cert));
|
|
|
|
- add_assoc_long(return_value, "validFrom_time_t", php_openssl_asn1_time_to_time_t(X509_get_notBefore(cert)));
|
|
- add_assoc_long(return_value, "validTo_time_t", php_openssl_asn1_time_to_time_t(X509_get_notAfter(cert)));
|
|
+ add_assoc_long(return_value, "validFrom_time_t", php_openssl_asn1_time_to_time_t(X509_getm_notBefore(cert)));
|
|
+ add_assoc_long(return_value, "validTo_time_t", php_openssl_asn1_time_to_time_t(X509_getm_notAfter(cert)));
|
|
|
|
tmpstr = (char *)X509_alias_get0(cert, NULL);
|
|
if (tmpstr) {
|
|
@@ -3459,8 +3465,8 @@ PHP_FUNCTION(openssl_csr_sign)
|
|
php_openssl_store_errors();
|
|
goto cleanup;
|
|
}
|
|
- X509_gmtime_adj(X509_get_notBefore(new_cert), 0);
|
|
- X509_gmtime_adj(X509_get_notAfter(new_cert), 60*60*24*(long)num_days);
|
|
+ X509_gmtime_adj(X509_getm_notBefore(new_cert), 0);
|
|
+ X509_gmtime_adj(X509_getm_notAfter(new_cert), 60*60*24*(long)num_days);
|
|
i = X509_set_pubkey(new_cert, key);
|
|
if (!i) {
|
|
php_openssl_store_errors();
|
|
@@ -6092,7 +6098,7 @@ PHP_FUNCTION(openssl_seal)
|
|
|
|
/* allocate one byte extra to make room for \0 */
|
|
buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
|
|
- EVP_CIPHER_CTX_cleanup(ctx);
|
|
+ EVP_CIPHER_CTX_reset(ctx);
|
|
|
|
if (EVP_SealInit(ctx, cipher, eks, eksl, &iv_buf[0], pkeys, nkeys) <= 0 ||
|
|
!EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) ||
|
|
@@ -6645,7 +6651,7 @@ PHP_FUNCTION(openssl_encrypt)
|
|
if (free_iv) {
|
|
efree(iv);
|
|
}
|
|
- EVP_CIPHER_CTX_cleanup(cipher_ctx);
|
|
+ EVP_CIPHER_CTX_reset(cipher_ctx);
|
|
EVP_CIPHER_CTX_free(cipher_ctx);
|
|
}
|
|
/* }}} */
|
|
@@ -6732,7 +6738,7 @@ PHP_FUNCTION(openssl_decrypt)
|
|
if (base64_str) {
|
|
zend_string_release(base64_str);
|
|
}
|
|
- EVP_CIPHER_CTX_cleanup(cipher_ctx);
|
|
+ EVP_CIPHER_CTX_reset(cipher_ctx);
|
|
EVP_CIPHER_CTX_free(cipher_ctx);
|
|
}
|
|
/* }}} */
|
|
--- a/ext/openssl/xp_ssl.c
|
|
+++ b/ext/openssl/xp_ssl.c
|
|
@@ -56,8 +56,21 @@
|
|
#define HAVE_SSL3 1
|
|
#endif
|
|
|
|
+#if PHP_OPENSSL_API_VERSION >= 0x10100
|
|
+#define HAVE_TLS 1
|
|
+#endif
|
|
+
|
|
+#if PHP_OPENSSL_API_VERSION < 0x10100
|
|
+#define HAVE_TLS1 1
|
|
+#endif
|
|
+
|
|
+#if PHP_OPENSSL_API_VERSION < 0x10100
|
|
#define HAVE_TLS11 1
|
|
+#endif
|
|
+
|
|
+#if PHP_OPENSSL_API_VERSION < 0x10100
|
|
#define HAVE_TLS12 1
|
|
+#endif
|
|
|
|
#ifndef OPENSSL_NO_ECDH
|
|
#define HAVE_ECDH 1
|
|
@@ -78,9 +91,10 @@
|
|
#define STREAM_CRYPTO_IS_CLIENT (1<<0)
|
|
#define STREAM_CRYPTO_METHOD_SSLv2 (1<<1)
|
|
#define STREAM_CRYPTO_METHOD_SSLv3 (1<<2)
|
|
-#define STREAM_CRYPTO_METHOD_TLSv1_0 (1<<3)
|
|
-#define STREAM_CRYPTO_METHOD_TLSv1_1 (1<<4)
|
|
-#define STREAM_CRYPTO_METHOD_TLSv1_2 (1<<5)
|
|
+#define STREAM_CRYPTO_METHOD_TLS (1<<3)
|
|
+#define STREAM_CRYPTO_METHOD_TLSv1_0 (1<<4)
|
|
+#define STREAM_CRYPTO_METHOD_TLSv1_1 (1<<5)
|
|
+#define STREAM_CRYPTO_METHOD_TLSv1_2 (1<<6)
|
|
|
|
/* Simplify ssl context option retrieval */
|
|
#define GET_VER_OPT(name) \
|
|
@@ -968,9 +982,23 @@ static const SSL_METHOD *php_openssl_select_crypto_method(zend_long method_value
|
|
php_error_docref(NULL, E_WARNING,
|
|
"SSLv3 unavailable in the OpenSSL library against which PHP is linked");
|
|
return NULL;
|
|
+#endif
|
|
+ } else if (method_value == STREAM_CRYPTO_METHOD_TLS) {
|
|
+#ifdef HAVE_TLS
|
|
+ return is_client ? TLS_client_method() : TLS_server_method();
|
|
+#else
|
|
+ php_error_docref(NULL, E_WARNING,
|
|
+ "TLS unavailable in the OpenSSL library against which PHP is linked");
|
|
+ return NULL;
|
|
#endif
|
|
} else if (method_value == STREAM_CRYPTO_METHOD_TLSv1_0) {
|
|
+#ifdef HAVE_TLS1
|
|
return is_client ? TLSv1_client_method() : TLSv1_server_method();
|
|
+#else
|
|
+ php_error_docref(NULL, E_WARNING,
|
|
+ "TLSv1 unavailable in the OpenSSL library against which PHP is linked");
|
|
+ return NULL;
|
|
+#endif
|
|
} else if (method_value == STREAM_CRYPTO_METHOD_TLSv1_1) {
|
|
#ifdef HAVE_TLS11
|
|
return is_client ? TLSv1_1_client_method() : TLSv1_1_server_method();
|
|
@@ -1022,9 +1050,11 @@ static int php_openssl_get_crypto_method_ctx_flags(int method_flags) /* {{{ */
|
|
ssl_ctx_options |= SSL_OP_NO_SSLv3;
|
|
}
|
|
#endif
|
|
+#ifdef HAVE_TLS1
|
|
if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_0)) {
|
|
ssl_ctx_options |= SSL_OP_NO_TLSv1;
|
|
}
|
|
+#endif
|
|
#ifdef HAVE_TLS11
|
|
if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_1)) {
|
|
ssl_ctx_options |= SSL_OP_NO_TLSv1_1;
|