mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
Fix compilation without deprecated OpenSSL 1.1 APIs
This commit is contained in:
Rosen Penev
Nikita Popov
parent
8f4e24eeef
commit
32e6d08dcd
@ -318,12 +318,14 @@ static void ftp_destructor_ftpbuf(zend_resource *rsrc)
|
||||
PHP_MINIT_FUNCTION(ftp)
|
||||
{
|
||||
#ifdef HAVE_FTP_SSL
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
SSL_library_init();
|
||||
OpenSSL_add_all_ciphers();
|
||||
OpenSSL_add_all_digests();
|
||||
OpenSSL_add_all_algorithms();
|
||||
|
||||
SSL_load_error_strings();
|
||||
#endif
|
||||
#endif
|
||||
|
||||
le_ftpbuf = zend_register_list_destructors_ex(ftp_destructor_ftpbuf, NULL, le_ftpbuf_name, module_number);
|
||||
|
||||
@ -705,6 +705,12 @@ static int X509_get_signature_nid(const X509 *x)
|
||||
|
||||
#endif
|
||||
|
||||
#define OpenSSL_version SSLeay_version
|
||||
#define OPENSSL_VERSION SSLEAY_VERSION
|
||||
#define X509_getm_notBefore X509_get_notBefore
|
||||
#define X509_getm_notAfter X509_get_notAfter
|
||||
#define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_cleanup
|
||||
|
||||
#endif
|
||||
/* }}} */
|
||||
|
||||
@ -1617,7 +1623,7 @@ PHP_MINFO_FUNCTION(openssl)
|
||||
{
|
||||
php_info_print_table_start();
|
||||
php_info_print_table_row(2, "OpenSSL support", "enabled");
|
||||
php_info_print_table_row(2, "OpenSSL Library Version", SSLeay_version(SSLEAY_VERSION));
|
||||
php_info_print_table_row(2, "OpenSSL Library Version", OpenSSL_version(OPENSSL_VERSION));
|
||||
php_info_print_table_row(2, "OpenSSL Header Version", OPENSSL_VERSION_TEXT);
|
||||
php_info_print_table_row(2, "Openssl default config", default_ssl_conf_filename);
|
||||
php_info_print_table_end();
|
||||
@ -2420,11 +2426,11 @@ PHP_FUNCTION(openssl_x509_parse)
|
||||
add_assoc_string(return_value, "serialNumberHex", hex_serial);
|
||||
OPENSSL_free(hex_serial);
|
||||
|
||||
php_openssl_add_assoc_asn1_string(return_value, "validFrom", X509_get_notBefore(cert));
|
||||
php_openssl_add_assoc_asn1_string(return_value, "validTo", X509_get_notAfter(cert));
|
||||
php_openssl_add_assoc_asn1_string(return_value, "validFrom", X509_getm_notBefore(cert));
|
||||
php_openssl_add_assoc_asn1_string(return_value, "validTo", X509_getm_notAfter(cert));
|
||||
|
||||
add_assoc_long(return_value, "validFrom_time_t", php_openssl_asn1_time_to_time_t(X509_get_notBefore(cert)));
|
||||
add_assoc_long(return_value, "validTo_time_t", php_openssl_asn1_time_to_time_t(X509_get_notAfter(cert)));
|
||||
add_assoc_long(return_value, "validFrom_time_t", php_openssl_asn1_time_to_time_t(X509_getm_notBefore(cert)));
|
||||
add_assoc_long(return_value, "validTo_time_t", php_openssl_asn1_time_to_time_t(X509_getm_notAfter(cert)));
|
||||
|
||||
tmpstr = (char *)X509_alias_get0(cert, NULL);
|
||||
if (tmpstr) {
|
||||
@ -3525,8 +3531,8 @@ PHP_FUNCTION(openssl_csr_sign)
|
||||
php_openssl_store_errors();
|
||||
goto cleanup;
|
||||
}
|
||||
X509_gmtime_adj(X509_get_notBefore(new_cert), 0);
|
||||
X509_gmtime_adj(X509_get_notAfter(new_cert), 60*60*24*(long)num_days);
|
||||
X509_gmtime_adj(X509_getm_notBefore(new_cert), 0);
|
||||
X509_gmtime_adj(X509_getm_notAfter(new_cert), 60*60*24*(long)num_days);
|
||||
i = X509_set_pubkey(new_cert, key);
|
||||
if (!i) {
|
||||
php_openssl_store_errors();
|
||||
@ -6197,7 +6203,7 @@ PHP_FUNCTION(openssl_seal)
|
||||
|
||||
/* allocate one byte extra to make room for \0 */
|
||||
buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
|
||||
EVP_CIPHER_CTX_cleanup(ctx);
|
||||
EVP_CIPHER_CTX_reset(ctx);
|
||||
|
||||
if (EVP_SealInit(ctx, cipher, eks, eksl, &iv_buf[0], pkeys, nkeys) <= 0 ||
|
||||
!EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) ||
|
||||
@ -6739,7 +6745,7 @@ PHP_OPENSSL_API zend_string* php_openssl_encrypt(char *data, size_t data_len, ch
|
||||
if (free_iv) {
|
||||
efree(iv);
|
||||
}
|
||||
EVP_CIPHER_CTX_cleanup(cipher_ctx);
|
||||
EVP_CIPHER_CTX_reset(cipher_ctx);
|
||||
EVP_CIPHER_CTX_free(cipher_ctx);
|
||||
return outbuf;
|
||||
}
|
||||
@ -6834,7 +6840,7 @@ PHP_OPENSSL_API zend_string* php_openssl_decrypt(char *data, size_t data_len, ch
|
||||
if (base64_str) {
|
||||
zend_string_release_ex(base64_str, 0);
|
||||
}
|
||||
EVP_CIPHER_CTX_cleanup(cipher_ctx);
|
||||
EVP_CIPHER_CTX_reset(cipher_ctx);
|
||||
EVP_CIPHER_CTX_free(cipher_ctx);
|
||||
return outbuf;
|
||||
}
|
||||
|
||||
@ -60,9 +60,19 @@
|
||||
#define STREAM_CRYPTO_METHOD_TLSv1_2 (1<<5)
|
||||
#define STREAM_CRYPTO_METHOD_TLSv1_3 (1<<6)
|
||||
|
||||
#ifndef OPENSSL_NO_TLS1_METHOD
|
||||
#define HAVE_TLS1 1
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_TLS1_1_METHOD
|
||||
#define HAVE_TLS11 1
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_TLS1_2_METHOD
|
||||
#define HAVE_TLS12 1
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10101000
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(OPENSSL_NO_TLS1_3)
|
||||
#define HAVE_TLS13 1
|
||||
#endif
|
||||
|
||||
@ -995,9 +1005,11 @@ static int php_openssl_get_crypto_method_ctx_flags(int method_flags) /* {{{ */
|
||||
ssl_ctx_options |= SSL_OP_NO_SSLv3;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_TLS1
|
||||
if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_0)) {
|
||||
ssl_ctx_options |= SSL_OP_NO_TLSv1;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_TLS11
|
||||
if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_1)) {
|
||||
ssl_ctx_options |= SSL_OP_NO_TLSv1_1;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user