LILiK
/
openwrt-packages-dist


								--- a/ext/ftp/php_ftp.c

								+++ b/ext/ftp/php_ftp.c

								@@ -320,12 +320,14 @@ static void ftp_destructor_ftpbuf(zend_resource *rsrc)

								 PHP_MINIT_FUNCTION(ftp)

								 {

								 #ifdef HAVE_FTP_SSL

								+#if OPENSSL_VERSION_NUMBER < 0x10100000L

								 	SSL_library_init();

								 	OpenSSL_add_all_ciphers();

								 	OpenSSL_add_all_digests();

								 	OpenSSL_add_all_algorithms();


								 	SSL_load_error_strings();

								+#endif

								 #endif


								 	le_ftpbuf = zend_register_list_destructors_ex(ftp_destructor_ftpbuf, NULL, le_ftpbuf_name, module_number);

								--- a/ext/openssl/openssl.c

								+++ b/ext/openssl/openssl.c

								@@ -683,6 +683,12 @@ static const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *asn1)

								 	return M_ASN1_STRING_data(asn1);

								 }


								+#define OpenSSL_version		OpenSSL_version

								+#define OPENSSL_VERSION		OPENSSL_VERSION

								+#define X509_getm_notBefore	X509_get_notBefore

								+#define X509_getm_notAfter	X509_get_notAfter

								+#define EVP_CIPHER_CTX_reset	EVP_CIPHER_CTX_cleanup

								+

								 #if PHP_OPENSSL_API_VERSION < 0x10002


								 static int X509_get_signature_nid(const X509 *x)

								@@ -1587,7 +1593,7 @@ PHP_MINFO_FUNCTION(openssl)

								 {

								 	php_info_print_table_start();

								 	php_info_print_table_row(2, "OpenSSL support", "enabled");

								-	php_info_print_table_row(2, "OpenSSL Library Version", SSLeay_version(SSLEAY_VERSION));

								+	php_info_print_table_row(2, "OpenSSL Library Version", OpenSSL_version(OPENSSL_VERSION));

								 	php_info_print_table_row(2, "OpenSSL Header Version", OPENSSL_VERSION_TEXT);

								 	php_info_print_table_row(2, "Openssl default config", default_ssl_conf_filename);

								 	php_info_print_table_end();

								@@ -2361,11 +2367,11 @@ PHP_FUNCTION(openssl_x509_parse)

								 	add_assoc_string(return_value, "serialNumberHex", hex_serial);

								 	OPENSSL_free(hex_serial);


								-	php_openssl_add_assoc_asn1_string(return_value, "validFrom", 	X509_get_notBefore(cert));

								-	php_openssl_add_assoc_asn1_string(return_value, "validTo", 		X509_get_notAfter(cert));

								+	php_openssl_add_assoc_asn1_string(return_value, "validFrom", 	X509_getm_notBefore(cert));

								+	php_openssl_add_assoc_asn1_string(return_value, "validTo", 		X509_getm_notAfter(cert));


								-	add_assoc_long(return_value, "validFrom_time_t", php_openssl_asn1_time_to_time_t(X509_get_notBefore(cert)));

								-	add_assoc_long(return_value, "validTo_time_t",  php_openssl_asn1_time_to_time_t(X509_get_notAfter(cert)));

								+	add_assoc_long(return_value, "validFrom_time_t", php_openssl_asn1_time_to_time_t(X509_getm_notBefore(cert)));

								+	add_assoc_long(return_value, "validTo_time_t",  php_openssl_asn1_time_to_time_t(X509_getm_notAfter(cert)));


								 	tmpstr = (char *)X509_alias_get0(cert, NULL);

								 	if (tmpstr) {

								@@ -3455,8 +3461,8 @@ PHP_FUNCTION(openssl_csr_sign)

								 		php_openssl_store_errors();

								 		goto cleanup;

								 	}

								-	X509_gmtime_adj(X509_get_notBefore(new_cert), 0);

								-	X509_gmtime_adj(X509_get_notAfter(new_cert), 60*60*24*(long)num_days);

								+	X509_gmtime_adj(X509_getm_notBefore(new_cert), 0);

								+	X509_gmtime_adj(X509_getm_notAfter(new_cert), 60*60*24*(long)num_days);

								 	i = X509_set_pubkey(new_cert, key);

								 	if (!i) {

								 		php_openssl_store_errors();

								@@ -6072,7 +6078,7 @@ PHP_FUNCTION(openssl_seal)


								 	/* allocate one byte extra to make room for \0 */

								 	buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));

								-	EVP_CIPHER_CTX_cleanup(ctx);

								+	EVP_CIPHER_CTX_reset(ctx);


								 	if (EVP_SealInit(ctx, cipher, eks, eksl, &iv_buf[0], pkeys, nkeys) <= 0 ||

								 			!EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) ||

								@@ -6622,7 +6628,7 @@ PHP_FUNCTION(openssl_encrypt)

								 	if (free_iv) {

								 		efree(iv);

								 	}

								-	EVP_CIPHER_CTX_cleanup(cipher_ctx);

								+	EVP_CIPHER_CTX_reset(cipher_ctx);

								 	EVP_CIPHER_CTX_free(cipher_ctx);

								 }

								 /* }}} */

								@@ -6709,7 +6715,7 @@ PHP_FUNCTION(openssl_decrypt)

								 	if (base64_str) {

								 		zend_string_release(base64_str);

								 	}

								-	EVP_CIPHER_CTX_cleanup(cipher_ctx);

								+	EVP_CIPHER_CTX_reset(cipher_ctx);

								 	EVP_CIPHER_CTX_free(cipher_ctx);

								 }

								 /* }}} */

								--- a/ext/openssl/xp_ssl.c

								+++ b/ext/openssl/xp_ssl.c

								@@ -56,8 +56,21 @@

								 #define HAVE_SSL3 1

								 #endif


								+#if PHP_OPENSSL_API_VERSION >= 0x10100

								+#define HAVE_TLS 1

								+#endif

								+

								+#ifndef OPENSSL_NO_TLS1_METHOD

								+#define HAVE_TLS1 1

								+#endif

								+

								+#ifndef OPENSSL_NO_TLS1_1_METHOD

								 #define HAVE_TLS11 1

								+#endif

								+

								+#ifndef OPENSSL_NO_TLS1_2_METHOD

								 #define HAVE_TLS12 1

								+#endif


								 #ifndef OPENSSL_NO_ECDH

								 #define HAVE_ECDH 1

								@@ -78,9 +91,10 @@

								 #define STREAM_CRYPTO_IS_CLIENT            (1<<0)

								 #define STREAM_CRYPTO_METHOD_SSLv2         (1<<1)

								 #define STREAM_CRYPTO_METHOD_SSLv3         (1<<2)

								-#define STREAM_CRYPTO_METHOD_TLSv1_0       (1<<3)

								-#define STREAM_CRYPTO_METHOD_TLSv1_1       (1<<4)

								-#define STREAM_CRYPTO_METHOD_TLSv1_2       (1<<5)

								+#define STREAM_CRYPTO_METHOD_TLS           (1<<3)

								+#define STREAM_CRYPTO_METHOD_TLSv1_0       (1<<4)

								+#define STREAM_CRYPTO_METHOD_TLSv1_1       (1<<5)

								+#define STREAM_CRYPTO_METHOD_TLSv1_2       (1<<6)


								 /* Simplify ssl context option retrieval */

								 #define GET_VER_OPT(name) \

								@@ -960,9 +974,23 @@ static const SSL_METHOD *php_openssl_select_crypto_method(zend_long method_value

								 		php_error_docref(NULL, E_WARNING,

								 				"SSLv3 unavailable in the OpenSSL library against which PHP is linked");

								 		return NULL;

								+#endif

								+	} else if (method_value == STREAM_CRYPTO_METHOD_TLS) {

								+#ifdef HAVE_TLS

								+		return is_client ? TLS_client_method() : TLS_server_method();

								+#else

								+		php_error_docref(NULL, E_WARNING,

								+				"TLS unavailable in the OpenSSL library against which PHP is linked");

								+		return NULL;

								 #endif

								 	} else if (method_value == STREAM_CRYPTO_METHOD_TLSv1_0) {

								+#ifdef HAVE_TLS1

								 		return is_client ? TLSv1_client_method() : TLSv1_server_method();

								+#else

								+		php_error_docref(NULL, E_WARNING,

								+				"TLSv1 unavailable in the OpenSSL library against which PHP is linked");

								+		return NULL;

								+#endif

								 	} else if (method_value == STREAM_CRYPTO_METHOD_TLSv1_1) {

								 #ifdef HAVE_TLS11

								 		return is_client ? TLSv1_1_client_method() : TLSv1_1_server_method();

								@@ -1014,9 +1042,11 @@ static int php_openssl_get_crypto_method_ctx_flags(int method_flags) /* {{{ */

								 		ssl_ctx_options |= SSL_OP_NO_SSLv3;

								 	}

								 #endif

								+#ifdef HAVE_TLS1

								 	if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_0)) {

								 		ssl_ctx_options |= SSL_OP_NO_TLSv1;

								 	}

								+#endif

								 #ifdef HAVE_TLS11

								 	if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_1)) {

								 		ssl_ctx_options |= SSL_OP_NO_TLSv1_1;