[packages/php4] - rel 59; openssl 1.1.1 support
arekm
arekm at pld-linux.org
Fri Sep 14 15:56:27 CEST 2018
commit 472a0c05ae651c0458f904d5add1a358b3fbe5ad
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Fri Sep 14 15:56:19 2018 +0200
- rel 59; openssl 1.1.1 support
php4-openssl.patch | 374 +++++++++++++++++++++++++++++++++++++++++++++++++++++
php4.spec | 2 +-
2 files changed, 375 insertions(+), 1 deletion(-)
---
diff --git a/php4.spec b/php4.spec
index 22030e2..a765232 100644
--- a/php4.spec
+++ b/php4.spec
@@ -73,7 +73,7 @@
%undefine with_msession
%endif
-%define rel 58
+%define rel 59
Summary: PHP: Hypertext Preprocessor
Summary(fr.UTF-8): Le langage de script embarque-HTML PHP
Summary(pl.UTF-8): Język skryptowy PHP
diff --git a/php4-openssl.patch b/php4-openssl.patch
index 0171cd6..a9bd276 100644
--- a/php4-openssl.patch
+++ b/php4-openssl.patch
@@ -28,3 +28,377 @@
{
X509V3_CTX ctx;
+--- php-4.4.9/ext/openssl/config0.m4 2018-09-14 15:52:03.411575594 +0200
++++ php-4.4.9.new/ext/openssl/config0.m4 2018-09-14 15:32:01.321716395 +0200
+@@ -16,6 +16,8 @@
+ PHP_SETUP_KERBEROS(OPENSSL_SHARED_LIBADD)
+ fi
+
++ AC_CHECK_FUNCS([RAND_egd])
++
+ PHP_SETUP_OPENSSL(OPENSSL_SHARED_LIBADD,
+ [
+ if test "$ext_shared" = "yes"; then
+--- php-4.4.9/ext/openssl/openssl.c 2018-09-14 15:52:03.468243972 +0200
++++ php-4.4.9.new/ext/openssl/openssl.c 2018-09-14 15:50:08.114771489 +0200
+@@ -131,6 +131,13 @@
+ ZEND_GET_MODULE(openssl)
+ #endif
+
++/* {{{ OpenSSL compatibility functions and macros */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
++#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh
++#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa
++#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec
++#endif
++
+ static int le_key;
+ static int le_x509;
+ static int le_csr;
+@@ -524,12 +531,14 @@
+ #endif
+ if (file == NULL)
+ file = RAND_file_name(buffer, sizeof(buffer));
++#ifdef HAVE_RAND_EGD
+ else if (RAND_egd(file) > 0) {
+ /* if the given filename is an EGD socket, don't
+ * write anything back to it */
+ *egdsocket = 1;
+ return SUCCESS;
+ }
++#endif
+ if (file == NULL || !RAND_load_file(file, -1)) {
+ if (RAND_status() == 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to load random state; not enough random data!");
+@@ -730,7 +739,7 @@
+ if (in == NULL)
+ return NULL;
+
+- cert = (X509 *) PEM_ASN1_read_bio((char *(*)())d2i_X509,
++ cert = (X509 *) PEM_ASN1_read_bio((d2i_of_void *)d2i_X509,
+ PEM_STRING_X509, in,
+ NULL, NULL, NULL);
+ BIO_free(in);
+@@ -868,6 +877,8 @@
+ {
+ zval * zcert;
+ X509 * cert = NULL;
++ X509_NAME *subject_name;
++ char *cert_name;
+ long certresource = -1;
+ int i;
+ zend_bool useshortnames = 1;
+@@ -883,11 +894,12 @@
+
+ array_init(return_value);
+
+- if (cert->name)
+- add_assoc_string(return_value, "name", cert->name, 1);
+-/* add_assoc_bool(return_value, "valid", cert->valid); */
++ subject_name = X509_get_subject_name(cert);
++ cert_name = X509_NAME_oneline(subject_name, NULL, 0);
++ add_assoc_string(return_value, "name", cert_name, 1);
++ OPENSSL_free(cert_name);
+
+- add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC);
++ add_assoc_name_entry(return_value, "subject", subject_name, useshortnames TSRMLS_CC);
+ /* hash as used in CA directories to lookup cert by subject name */
+ {
+ char buf[32];
+@@ -1863,14 +1875,21 @@
+ {
+ assert(pkey != NULL);
+
+- switch (pkey->type) {
++ switch (EVP_PKEY_id(pkey)) {
+ #ifndef NO_RSA
+ case EVP_PKEY_RSA:
+ case EVP_PKEY_RSA2:
+- assert(pkey->pkey.rsa != NULL);
+-
+- if (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)
+- return 0;
++ {
++ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++ if (rsa != NULL) {
++ const BIGNUM *p, *q;
++
++ RSA_get0_factors(rsa, &p, &q);
++ if (p == NULL || q == NULL) {
++ return 0;
++ }
++ }
++ }
+ break;
+ #endif
+ #ifndef NO_DSA
+@@ -1879,18 +1898,41 @@
+ case EVP_PKEY_DSA2:
+ case EVP_PKEY_DSA3:
+ case EVP_PKEY_DSA4:
+- assert(pkey->pkey.dsa != NULL);
++ {
++ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++ if (dsa != NULL) {
++ const BIGNUM *p, *q, *g, *pub_key, *priv_key;
++
++ DSA_get0_pqg(dsa, &p, &q, &g);
++ if (p == NULL || q == NULL) {
++ return 0;
++ }
+
+- if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key)
+- return 0;
+- break;
++ DSA_get0_key(dsa, &pub_key, &priv_key);
++ if (priv_key == NULL) {
++ return 0;
++ }
++ }
++ }
+ #endif
+ #ifndef NO_DH
+ case EVP_PKEY_DH:
+- assert(pkey->pkey.dh != NULL);
++ {
++ DH *dh = EVP_PKEY_get0_DH(pkey);
++ if (dh != NULL) {
++ const BIGNUM *p, *q, *g, *pub_key, *priv_key;
++
++ DH_get0_pqg(dh, &p, &q, &g);
++ if (p == NULL) {
++ return 0;
++ }
+
+- if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key)
+- return 0;
++ DH_get0_key(dh, &pub_key, &priv_key);
++ if (priv_key == NULL) {
++ return 0;
++ }
++ }
++ }
+ break;
+ #endif
+ default:
+@@ -2521,13 +2563,13 @@
+ cryptedlen = EVP_PKEY_size(pkey);
+ cryptedbuf = emalloc(cryptedlen + 1);
+
+- switch (pkey->type) {
++ switch (EVP_PKEY_id(pkey)) {
+ case EVP_PKEY_RSA:
+ case EVP_PKEY_RSA2:
+ successful = (RSA_private_encrypt(data_len,
+ data,
+ cryptedbuf,
+- pkey->pkey.rsa,
++ EVP_PKEY_get0_RSA(pkey),
+ padding) == cryptedlen);
+ break;
+ default:
+@@ -2577,13 +2619,13 @@
+ cryptedlen = EVP_PKEY_size(pkey);
+ crypttemp = emalloc(cryptedlen + 1);
+
+- switch (pkey->type) {
++ switch (EVP_PKEY_id(pkey)) {
+ case EVP_PKEY_RSA:
+ case EVP_PKEY_RSA2:
+ cryptedlen = RSA_private_decrypt(data_len,
+ data,
+ crypttemp,
+- pkey->pkey.rsa,
++ EVP_PKEY_get0_RSA(pkey),
+ padding);
+ if (cryptedlen != -1) {
+ cryptedbuf = emalloc(cryptedlen + 1);
+@@ -2640,13 +2682,13 @@
+ cryptedlen = EVP_PKEY_size(pkey);
+ cryptedbuf = emalloc(cryptedlen + 1);
+
+- switch (pkey->type) {
++ switch (EVP_PKEY_id(pkey)) {
+ case EVP_PKEY_RSA:
+ case EVP_PKEY_RSA2:
+ successful = (RSA_public_encrypt(data_len,
+ data,
+ cryptedbuf,
+- pkey->pkey.rsa,
++ EVP_PKEY_get0_RSA(pkey),
+ padding) == cryptedlen);
+ break;
+ default:
+@@ -2697,13 +2739,13 @@
+ cryptedlen = EVP_PKEY_size(pkey);
+ crypttemp = emalloc(cryptedlen + 1);
+
+- switch (pkey->type) {
++ switch (EVP_PKEY_id(pkey)) {
+ case EVP_PKEY_RSA:
+ case EVP_PKEY_RSA2:
+ cryptedlen = RSA_public_decrypt(data_len,
+ data,
+ crypttemp,
+- pkey->pkey.rsa,
++ EVP_PKEY_get0_RSA(pkey),
+ padding);
+ if (cryptedlen != -1) {
+ cryptedbuf = emalloc(cryptedlen + 1);
+@@ -2767,7 +2809,7 @@
+ unsigned char *sigbuf;
+ long keyresource = -1;
+ char * data; int data_len;
+- EVP_MD_CTX md_ctx;
++ EVP_MD_CTX *md_ctx;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szz", &data, &data_len, &signature, &key) == FAILURE)
+ return;
+@@ -2781,9 +2823,11 @@
+ siglen = EVP_PKEY_size(pkey);
+ sigbuf = emalloc(siglen + 1);
+
+- EVP_SignInit(&md_ctx, EVP_sha1());
+- EVP_SignUpdate(&md_ctx, data, data_len);
+- if (EVP_SignFinal (&md_ctx, sigbuf, &siglen, pkey)) {
++ md_ctx = EVP_MD_CTX_create();
++ if (md_ctx != NULL &&
++ EVP_SignInit(md_ctx, EVP_sha1()) &&
++ EVP_SignUpdate(md_ctx, data, data_len) &&
++ EVP_SignFinal(md_ctx, (unsigned char*)sigbuf, &siglen, pkey)) {
+ zval_dtor(signature);
+ sigbuf[siglen] = '\0';
+ ZVAL_STRINGL(signature, sigbuf, siglen, 0);
+@@ -2792,6 +2836,7 @@
+ efree(sigbuf);
+ RETVAL_FALSE;
+ }
++ EVP_MD_CTX_destroy(md_ctx);
+ if (keyresource == -1)
+ EVP_PKEY_free(pkey);
+ }
+@@ -2803,8 +2848,8 @@
+ {
+ zval *key;
+ EVP_PKEY *pkey;
+- int err;
+- EVP_MD_CTX md_ctx;
++ int err = 0;
++ EVP_MD_CTX *md_ctx;
+ long keyresource = -1;
+ char * data; int data_len;
+ char * signature; int signature_len;
+@@ -2819,9 +2864,13 @@
+ RETURN_FALSE;
+ }
+
+- EVP_VerifyInit (&md_ctx, EVP_sha1());
+- EVP_VerifyUpdate (&md_ctx, data, data_len);
+- err = EVP_VerifyFinal (&md_ctx, signature, signature_len, pkey);
++ md_ctx = EVP_MD_CTX_create();
++ if (md_ctx != NULL) {
++ EVP_VerifyInit(md_ctx, EVP_sha1());
++ EVP_VerifyUpdate (md_ctx, data, data_len);
++ err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey);
++ }
++ EVP_MD_CTX_destroy(md_ctx);
+
+ if (keyresource == -1)
+ EVP_PKEY_free(pkey);
+@@ -2842,7 +2891,7 @@
+ int i, len1, len2, *eksl, nkeys;
+ unsigned char *buf = NULL, **eks;
+ char * data; int data_len;
+- EVP_CIPHER_CTX ctx;
++ EVP_CIPHER_CTX *ctx;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/",
+ &data, &data_len, &sealdata, &ekeys, &pubkeys) == FAILURE)
+@@ -2878,7 +2927,9 @@
+ }
+
+ #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
+- if (!EVP_EncryptInit(&ctx,EVP_rc4(),NULL,NULL)) {
++ ctx = EVP_CIPHER_CTX_new();
++ if (ctx == NULL || !EVP_EncryptInit(ctx,EVP_rc4(),NULL,NULL)) {
++ EVP_CIPHER_CTX_free(ctx);
+ RETVAL_FALSE;
+ goto clean_exit;
+ }
+@@ -2892,24 +2943,25 @@
+ iv = ivlen ? emalloc(ivlen + 1) : NULL;
+ #endif
+ /* allocate one byte extra to make room for \0 */
+- buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
++ buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
+
+- if (!EVP_SealInit(&ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys)
++ if (!EVP_SealInit(ctx, EVP_rc4(), eks, eksl, NULL, pkeys, nkeys)
+ #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
+- || !EVP_SealUpdate(&ctx, buf, &len1, data, data_len)
++ || !EVP_SealUpdate(ctx, buf, &len1, data, data_len)
+ #endif
+ )
+ {
+ RETVAL_FALSE;
+ efree(buf);
++ EVP_CIPHER_CTX_free(ctx);
+ goto clean_exit;
+
+ }
+
+ #if OPENSSL_VERSION_NUMBER < 0x0090600fL
+- EVP_SealUpdate(&ctx, buf, &len1, data, data_len);
++ EVP_SealUpdate(ctx, buf, &len1, data, data_len);
+ #endif
+- EVP_SealFinal(&ctx, buf + len1, &len2);
++ EVP_SealFinal(ctx, buf + len1, &len2);
+
+ if (len1 + len2 > 0) {
+ zval_dtor(sealdata);
+@@ -2944,6 +2996,7 @@
+ efree(buf);
+
+ RETVAL_LONG(len1 + len2);
++ EVP_CIPHER_CTX_free(ctx);
+
+ clean_exit:
+ for (i=0; i<nkeys; i++) {
+@@ -2968,7 +3021,7 @@
+ int len1, len2;
+ unsigned char *buf;
+ long keyresource = -1;
+- EVP_CIPHER_CTX ctx;
++ EVP_CIPHER_CTX *ctx;
+ char * data; int data_len;
+ char * ekey; int ekey_len;
+
+@@ -2983,15 +3036,16 @@
+ }
+ buf = emalloc(data_len + 1);
+
+- if (EVP_OpenInit(&ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey)
++ ctx = EVP_CIPHER_CTX_new();
++ if (ctx != NULL && EVP_OpenInit(ctx, EVP_rc4(), ekey, ekey_len, NULL, pkey)
+ #if OPENSSL_VERSION_NUMBER >= 0x0090600fL
+- && EVP_OpenUpdate(&ctx, buf, &len1, data, data_len)
++ && EVP_OpenUpdate(ctx, buf, &len1, data, data_len)
+ #endif
+ ) {
+ #if OPENSSL_VERSION_NUMBER < 0x0090600fL
+- EVP_OpenUpdate(&ctx, buf, &len1, data, data_len);
++ EVP_OpenUpdate(ctx, buf, &len1, data, data_len);
+ #endif
+- if (!EVP_OpenFinal(&ctx, buf + len1, &len2) ||
++ if (!EVP_OpenFinal(ctx, buf + len1, &len2) ||
+ (len1 + len2 == 0)) {
+ efree(buf);
+ if (keyresource == -1)
+@@ -3011,6 +3065,7 @@
+ zval_dtor(opendata);
+ buf[len1 + len2] = '\0';
+ ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
++ EVP_CIPHER_CTX_free(ctx);
+ RETURN_TRUE;
+ }
+ /* }}} */
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/php4.git/commitdiff/472a0c05ae651c0458f904d5add1a358b3fbe5ad
More information about the pld-cvs-commit
mailing list