Last active
May 20, 2020 05:54
-
-
Save carlosescri/e9da26de265c142af60f4dc9d6a60413 to your computer and use it in GitHub Desktop.
This is a backup of a patched formula to install PHP 5.6 in Mac OS X Catalina.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Subject: [PATCH] PHP 5.6 - LibSSL 1.1 compatibility | |
| This patch does not try to backport the 7.1 openssl module, it is the | |
| improved version of the 5.6 original openssl module. | |
| https://github.com/oerdnj/deb.sury.org/issues/566 | |
| http://zettasystem.com/PHP-5.6.31-OpenSSL-1.1.0-compatibility-20170801.patch | |
| Upstream-Status: Deny [https://github.com/php/php-src/pull/2667] | |
| Reason: As PHP 5.6 is no longer actively supported only security fixes | |
| may land on this branch. As this change does not fall in this category, | |
| I'm closing this PR. (All higher versions of PHP already have OpenSSL | |
| 1.1 support.) | |
| Author: zsalab@github https://github.com/zsalab | |
| Only port source modification, do not include the test case | |
| Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | |
| --- | |
| ext/openssl/openssl.c | 683 +++++++++++++++++++++++++++++++++++++------------- | |
| ext/openssl/xp_ssl.c | 18 +- | |
| ext/phar/util.c | 13 +- | |
| 3 files changed, 527 insertions(+), 187 deletions(-) | |
| diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c | |
| index a78a8fb..b53114c 100644 | |
| --- a/ext/openssl/openssl.c | |
| +++ b/ext/openssl/openssl.c | |
| @@ -42,6 +42,12 @@ | |
| /* OpenSSL includes */ | |
| #include <openssl/evp.h> | |
| +#if OPENSSL_VERSION_NUMBER >= 0x10002000L | |
| +#include <openssl/bn.h> | |
| +#include <openssl/rsa.h> | |
| +#include <openssl/dsa.h> | |
| +#include <openssl/dh.h> | |
| +#endif | |
| #include <openssl/x509.h> | |
| #include <openssl/x509v3.h> | |
| #include <openssl/crypto.h> | |
| @@ -531,6 +537,133 @@ zend_module_entry openssl_module_entry = { | |
| ZEND_GET_MODULE(openssl) | |
| #endif | |
| +/* {{{ OpenSSL compatibility functions and macros */ | |
| +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) | |
| +#define EVP_PKEY_get0_RSA(_pkey) _pkey->pkey.rsa | |
| +#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh | |
| +#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa | |
| +#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec | |
| + | |
| +static int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) | |
| +{ | |
| + r->n = n; | |
| + r->e = e; | |
| + r->d = d; | |
| + | |
| + return 1; | |
| +} | |
| + | |
| +static int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) | |
| +{ | |
| + r->p = p; | |
| + r->q = q; | |
| + | |
| + return 1; | |
| +} | |
| + | |
| +static int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) | |
| +{ | |
| + r->dmp1 = dmp1; | |
| + r->dmq1 = dmq1; | |
| + r->iqmp = iqmp; | |
| + | |
| + return 1; | |
| +} | |
| + | |
| +static void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) | |
| +{ | |
| + *n = r->n; | |
| + *e = r->e; | |
| + *d = r->d; | |
| +} | |
| + | |
| +static void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) | |
| +{ | |
| + *p = r->p; | |
| + *q = r->q; | |
| +} | |
| + | |
| +static void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp) | |
| +{ | |
| + *dmp1 = r->dmp1; | |
| + *dmq1 = r->dmq1; | |
| + *iqmp = r->iqmp; | |
| +} | |
| + | |
| +static void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) | |
| +{ | |
| + *p = dh->p; | |
| + *q = dh->q; | |
| + *g = dh->g; | |
| +} | |
| + | |
| +static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) | |
| +{ | |
| + dh->p = p; | |
| + dh->q = q; | |
| + dh->g = g; | |
| + | |
| + return 1; | |
| +} | |
| + | |
| +static void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) | |
| +{ | |
| + *pub_key = dh->pub_key; | |
| + *priv_key = dh->priv_key; | |
| +} | |
| + | |
| +static int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) | |
| +{ | |
| + dh->pub_key = pub_key; | |
| + dh->priv_key = priv_key; | |
| + | |
| + return 1; | |
| +} | |
| + | |
| +static void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) | |
| +{ | |
| + *p = d->p; | |
| + *q = d->q; | |
| + *g = d->g; | |
| +} | |
| + | |
| +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) | |
| +{ | |
| + d->p = p; | |
| + d->q = q; | |
| + d->g = g; | |
| + | |
| + return 1; | |
| +} | |
| + | |
| +static void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) | |
| +{ | |
| + *pub_key = d->pub_key; | |
| + *priv_key = d->priv_key; | |
| +} | |
| + | |
| +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) | |
| +{ | |
| + d->pub_key = pub_key; | |
| + d->priv_key = priv_key; | |
| + | |
| + return 1; | |
| +} | |
| + | |
| +#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined (LIBRESSL_VERSION_NUMBER) | |
| +#define EVP_PKEY_id(_pkey) _pkey->type | |
| +#define EVP_PKEY_base_id(_key) EVP_PKEY_type(_key->type) | |
| + | |
| +static int X509_get_signature_nid(const X509 *x) | |
| +{ | |
| + return OBJ_obj2nid(x->sig_alg->algorithm); | |
| +} | |
| + | |
| +#endif | |
| + | |
| +#endif | |
| +/* }}} */ | |
| + | |
| static int le_key; | |
| static int le_x509; | |
| static int le_csr; | |
| @@ -825,7 +958,7 @@ static int add_oid_section(struct php_x509_request * req TSRMLS_DC) /* {{{ */ | |
| } | |
| for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { | |
| cnf = sk_CONF_VALUE_value(sktmp, i); | |
| - if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { | |
| + if (OBJ_sn2nid(cnf->name) == NID_undef && OBJ_ln2nid(cnf->name) == NID_undef && OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { | |
| php_error_docref(NULL TSRMLS_CC, E_WARNING, "problem creating object %s=%s", cnf->name, cnf->value); | |
| return FAILURE; | |
| } | |
| @@ -967,7 +1100,7 @@ static void php_openssl_dispose_config(struct php_x509_request * req TSRMLS_DC) | |
| } | |
| /* }}} */ | |
| -#ifdef PHP_WIN32 | |
| +#if defined(PHP_WIN32) || (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) | |
| #define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0) | |
| #else | |
| #define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval() | |
| @@ -1053,9 +1186,11 @@ static EVP_MD * php_openssl_get_evp_md_from_algo(long algo) { /* {{{ */ | |
| mdtype = (EVP_MD *) EVP_md2(); | |
| break; | |
| #endif | |
| +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) | |
| case OPENSSL_ALGO_DSS1: | |
| mdtype = (EVP_MD *) EVP_dss1(); | |
| break; | |
| +#endif | |
| #if OPENSSL_VERSION_NUMBER >= 0x0090708fL | |
| case OPENSSL_ALGO_SHA224: | |
| mdtype = (EVP_MD *) EVP_sha224(); | |
| @@ -1146,6 +1281,12 @@ PHP_MINIT_FUNCTION(openssl) | |
| OpenSSL_add_all_digests(); | |
| OpenSSL_add_all_algorithms(); | |
| +#if !defined(OPENSSL_NO_AES) && defined(EVP_CIPH_CCM_MODE) && OPENSSL_VERSION_NUMBER < 0x100020000 | |
| + EVP_add_cipher(EVP_aes_128_ccm()); | |
| + EVP_add_cipher(EVP_aes_192_ccm()); | |
| + EVP_add_cipher(EVP_aes_256_ccm()); | |
| +#endif | |
| + | |
| SSL_load_error_strings(); | |
| /* register a resource id number with OpenSSL so that we can map SSL -> stream structures in | |
| @@ -1173,7 +1314,9 @@ PHP_MINIT_FUNCTION(openssl) | |
| #ifdef HAVE_OPENSSL_MD2_H | |
| REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD2", OPENSSL_ALGO_MD2, CONST_CS|CONST_PERSISTENT); | |
| #endif | |
| +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) | |
| REGISTER_LONG_CONSTANT("OPENSSL_ALGO_DSS1", OPENSSL_ALGO_DSS1, CONST_CS|CONST_PERSISTENT); | |
| +#endif | |
| #if OPENSSL_VERSION_NUMBER >= 0x0090708fL | |
| REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA224", OPENSSL_ALGO_SHA224, CONST_CS|CONST_PERSISTENT); | |
| REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA256", OPENSSL_ALGO_SHA256, CONST_CS|CONST_PERSISTENT); | |
| @@ -1251,7 +1394,9 @@ PHP_MINIT_FUNCTION(openssl) | |
| } | |
| php_stream_xport_register("ssl", php_openssl_ssl_socket_factory TSRMLS_CC); | |
| +#ifndef OPENSSL_NO_SSL3 | |
| php_stream_xport_register("sslv3", php_openssl_ssl_socket_factory TSRMLS_CC); | |
| +#endif | |
| #ifndef OPENSSL_NO_SSL2 | |
| php_stream_xport_register("sslv2", php_openssl_ssl_socket_factory TSRMLS_CC); | |
| #endif | |
| @@ -1308,7 +1453,9 @@ PHP_MSHUTDOWN_FUNCTION(openssl) | |
| #ifndef OPENSSL_NO_SSL2 | |
| php_stream_xport_unregister("sslv2" TSRMLS_CC); | |
| #endif | |
| +#ifndef OPENSSL_NO_SSL3 | |
| php_stream_xport_unregister("sslv3" TSRMLS_CC); | |
| +#endif | |
| php_stream_xport_unregister("tls" TSRMLS_CC); | |
| php_stream_xport_unregister("tlsv1.0" TSRMLS_CC); | |
| #if OPENSSL_VERSION_NUMBER >= 0x10001001L | |
| @@ -1893,6 +2040,7 @@ static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) | |
| { | |
| GENERAL_NAMES *names; | |
| const X509V3_EXT_METHOD *method = NULL; | |
| + ASN1_OCTET_STRING *extension_data; | |
| long i, length, num; | |
| const unsigned char *p; | |
| @@ -1901,8 +2049,9 @@ static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) | |
| return -1; | |
| } | |
| - p = extension->value->data; | |
| - length = extension->value->length; | |
| + extension_data = X509_EXTENSION_get_data(extension); | |
| + p = extension_data->data; | |
| + length = extension_data->length; | |
| if (method->it) { | |
| names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, | |
| ASN1_ITEM_ptr(method->it))); | |
| @@ -1965,6 +2114,8 @@ PHP_FUNCTION(openssl_x509_parse) | |
| char * tmpstr; | |
| zval * subitem; | |
| X509_EXTENSION *extension; | |
| + X509_NAME *subject_name; | |
| + char *cert_name; | |
| char *extname; | |
| BIO *bio_out; | |
| BUF_MEM *bio_buf; | |
| @@ -1979,10 +2130,10 @@ PHP_FUNCTION(openssl_x509_parse) | |
| } | |
| array_init(return_value); | |
| - if (cert->name) { | |
| - add_assoc_string(return_value, "name", cert->name, 1); | |
| - } | |
| -/* add_assoc_bool(return_value, "valid", cert->valid); */ | |
| + subject_name = X509_get_subject_name(cert); | |
| + cert_name = X509_NAME_oneline(subject_name, NULL, 0); | |
| + add_assoc_string(return_value, "name", cert_name, 1); | |
| + OPENSSL_free(cert_name); | |
| add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC); | |
| /* hash as used in CA directories to lookup cert by subject name */ | |
| @@ -2008,7 +2159,7 @@ PHP_FUNCTION(openssl_x509_parse) | |
| add_assoc_string(return_value, "alias", tmpstr, 1); | |
| } | |
| - sig_nid = OBJ_obj2nid((cert)->sig_alg->algorithm); | |
| + sig_nid = X509_get_signature_nid(cert); | |
| add_assoc_string(return_value, "signatureTypeSN", (char*)OBJ_nid2sn(sig_nid), 1); | |
| add_assoc_string(return_value, "signatureTypeLN", (char*)OBJ_nid2ln(sig_nid), 1); | |
| add_assoc_long(return_value, "signatureTypeNID", sig_nid); | |
| @@ -3217,7 +3368,21 @@ PHP_FUNCTION(openssl_csr_get_public_key) | |
| RETURN_FALSE; | |
| } | |
| - tpubkey=X509_REQ_get_pubkey(csr); | |
| +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) | |
| + /* Due to changes in OpenSSL 1.1 related to locking when decoding CSR, | |
| + * the pub key is not changed after assigning. It means if we pass | |
| + * a private key, it will be returned including the private part. | |
| + * If we duplicate it, then we get just the public part which is | |
| + * the same behavior as for OpenSSL 1.0 */ | |
| + csr = X509_REQ_dup(csr); | |
| +#endif | |
| + /* Retrieve the public key from the CSR */ | |
| + tpubkey = X509_REQ_get_pubkey(csr); | |
| + | |
| +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) | |
| + /* We need to free the CSR as it was duplicated */ | |
| + X509_REQ_free(csr); | |
| +#endif | |
| RETVAL_RESOURCE(zend_list_insert(tpubkey, le_key TSRMLS_CC)); | |
| return; | |
| } | |
| @@ -3482,13 +3647,20 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey TSRMLS_DC) | |
| { | |
| assert(pkey != NULL); | |
| - switch (pkey->type) { | |
| + switch (EVP_PKEY_id(pkey)) { | |
| #ifndef NO_RSA | |
| case EVP_PKEY_RSA: | |
| case EVP_PKEY_RSA2: | |
| - assert(pkey->pkey.rsa != NULL); | |
| - if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)) { | |
| - return 0; | |
| + { | |
| + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
| + if (rsa != NULL) { | |
| + const BIGNUM *p, *q; | |
| + | |
| + RSA_get0_factors(rsa, &p, &q); | |
| + if (p == NULL || q == NULL) { | |
| + return 0; | |
| + } | |
| + } | |
| } | |
| break; | |
| #endif | |
| @@ -3498,28 +3670,51 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey TSRMLS_DC) | |
| case EVP_PKEY_DSA2: | |
| case EVP_PKEY_DSA3: | |
| case EVP_PKEY_DSA4: | |
| - assert(pkey->pkey.dsa != NULL); | |
| - | |
| - if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){ | |
| - return 0; | |
| + { | |
| + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
| + if (dsa != NULL) { | |
| + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
| + | |
| + DSA_get0_pqg(dsa, &p, &q, &g); | |
| + if (p == NULL || q == NULL) { | |
| + return 0; | |
| + } | |
| + | |
| + DSA_get0_key(dsa, &pub_key, &priv_key); | |
| + if (priv_key == NULL) { | |
| + return 0; | |
| + } | |
| + } | |
| } | |
| break; | |
| #endif | |
| #ifndef NO_DH | |
| case EVP_PKEY_DH: | |
| - assert(pkey->pkey.dh != NULL); | |
| - | |
| - if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) { | |
| - return 0; | |
| + { | |
| + DH *dh = EVP_PKEY_get0_DH(pkey); | |
| + if (dh != NULL) { | |
| + const BIGNUM *p, *q, *g, *pub_key, *priv_key; | |
| + | |
| + DH_get0_pqg(dh, &p, &q, &g); | |
| + if (p == NULL) { | |
| + return 0; | |
| + } | |
| + | |
| + DH_get0_key(dh, &pub_key, &priv_key); | |
| + if (priv_key == NULL) { | |
| + return 0; | |
| + } | |
| + } | |
| } | |
| break; | |
| #endif | |
| #ifdef HAVE_EVP_PKEY_EC | |
| case EVP_PKEY_EC: | |
| - assert(pkey->pkey.ec != NULL); | |
| - | |
| - if ( NULL == EC_KEY_get0_private_key(pkey->pkey.ec)) { | |
| - return 0; | |
| + { | |
| + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); | |
| + if (ec != NULL && NULL == EC_KEY_get0_private_key(ec)) { | |
| + return 0; | |
| + } | |
| } | |
| break; | |
| #endif | |
| @@ -3531,34 +3726,80 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey TSRMLS_DC) | |
| } | |
| /* }}} */ | |
| -#define OPENSSL_PKEY_GET_BN(_type, _name) do { \ | |
| - if (pkey->pkey._type->_name != NULL) { \ | |
| - int len = BN_num_bytes(pkey->pkey._type->_name); \ | |
| - char *str = emalloc(len + 1); \ | |
| - BN_bn2bin(pkey->pkey._type->_name, (unsigned char*)str); \ | |
| - str[len] = 0; \ | |
| - add_assoc_stringl(_type, #_name, str, len, 0); \ | |
| - } \ | |
| - } while (0) | |
| - | |
| -#define OPENSSL_PKEY_SET_BN(_ht, _type, _name) do { \ | |
| - zval **bn; \ | |
| - if (zend_hash_find(_ht, #_name, sizeof(#_name), (void**)&bn) == SUCCESS && \ | |
| - Z_TYPE_PP(bn) == IS_STRING) { \ | |
| - _type->_name = BN_bin2bn( \ | |
| - (unsigned char*)Z_STRVAL_PP(bn), \ | |
| - Z_STRLEN_PP(bn), NULL); \ | |
| - } \ | |
| +#define OPENSSL_GET_BN(_array, _bn, _name) do { \ | |
| + if (_bn != NULL) { \ | |
| + int len = BN_num_bytes(_bn); \ | |
| + char *str = emalloc(len + 1); \ | |
| + BN_bn2bin(_bn, (unsigned char*)str); \ | |
| + str[len] = 0; \ | |
| + add_assoc_stringl(_array, #_name, str, len, 0); \ | |
| + } \ | |
| } while (0); | |
| +#define OPENSSL_PKEY_GET_BN(_type, _name) OPENSSL_GET_BN(_type, _name, _name) | |
| + | |
| +#define OPENSSL_PKEY_SET_BN(_data, _name) do { \ | |
| + zval **bn; \ | |
| + if (zend_hash_find(Z_ARRVAL_P(_data), #_name, sizeof(#_name),(void**)&bn) == SUCCESS && \ | |
| + Z_TYPE_PP(bn) == IS_STRING) { \ | |
| + _name = BN_bin2bn( \ | |
| + (unsigned char*)Z_STRVAL_PP(bn), \ | |
| + Z_STRLEN_PP(bn), NULL); \ | |
| + } else { \ | |
| + _name = NULL; \ | |
| + } \ | |
| + } while (0); | |
| + | |
| +/* {{{ php_openssl_pkey_init_rsa */ | |
| +zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa, zval *data) | |
| +{ | |
| + BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; | |
| + | |
| + OPENSSL_PKEY_SET_BN(data, n); | |
| + OPENSSL_PKEY_SET_BN(data, e); | |
| + OPENSSL_PKEY_SET_BN(data, d); | |
| + if (!n || !d || !RSA_set0_key(rsa, n, e, d)) { | |
| + return 0; | |
| + } | |
| + | |
| + OPENSSL_PKEY_SET_BN(data, p); | |
| + OPENSSL_PKEY_SET_BN(data, q); | |
| + if ((p || q) && !RSA_set0_factors(rsa, p, q)) { | |
| + return 0; | |
| + } | |
| + | |
| + OPENSSL_PKEY_SET_BN(data, dmp1); | |
| + OPENSSL_PKEY_SET_BN(data, dmq1); | |
| + OPENSSL_PKEY_SET_BN(data, iqmp); | |
| + if ((dmp1 || dmq1 || iqmp) && !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) { | |
| + return 0; | |
| + } | |
| + | |
| + if (!EVP_PKEY_assign_RSA(pkey, rsa)) { | |
| + return 0; | |
| + } | |
| + | |
| + return 1; | |
| +} | |
| +/* }}} */ | |
| + | |
| /* {{{ php_openssl_pkey_init_dsa */ | |
| -zend_bool php_openssl_pkey_init_dsa(DSA *dsa) | |
| +zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval *data) | |
| { | |
| - if (!dsa->p || !dsa->q || !dsa->g) { | |
| + BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
| + const BIGNUM *priv_key_const, *pub_key_const; | |
| + | |
| + OPENSSL_PKEY_SET_BN(data, p); | |
| + OPENSSL_PKEY_SET_BN(data, q); | |
| + OPENSSL_PKEY_SET_BN(data, g); | |
| + if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) { | |
| return 0; | |
| } | |
| - if (dsa->priv_key || dsa->pub_key) { | |
| - return 1; | |
| + | |
| + OPENSSL_PKEY_SET_BN(data, pub_key); | |
| + OPENSSL_PKEY_SET_BN(data, priv_key); | |
| + if (pub_key) { | |
| + return DSA_set0_key(dsa, pub_key, priv_key); | |
| } | |
| PHP_OPENSSL_RAND_ADD_TIME(); | |
| if (!DSA_generate_key(dsa)) { | |
| @@ -3566,7 +3807,8 @@ zend_bool php_openssl_pkey_init_dsa(DSA *dsa) | |
| } | |
| /* if BN_mod_exp return -1, then DSA_generate_key succeed for failed key | |
| * so we need to double check that public key is created */ | |
| - if (!dsa->pub_key || BN_is_zero(dsa->pub_key)) { | |
| + DSA_get0_key(dsa, &pub_key_const, &priv_key_const); | |
| + if (!pub_key_const || BN_is_zero(pub_key_const)) { | |
| return 0; | |
| } | |
| /* all good */ | |
| @@ -3574,14 +3816,66 @@ zend_bool php_openssl_pkey_init_dsa(DSA *dsa) | |
| } | |
| /* }}} */ | |
| +/* {{{ php_openssl_dh_pub_from_priv */ | |
| +static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM *p) | |
| +{ | |
| + BIGNUM *pub_key, *priv_key_const_time; | |
| + BN_CTX *ctx; | |
| + | |
| + pub_key = BN_new(); | |
| + if (pub_key == NULL) { | |
| + return NULL; | |
| + } | |
| + | |
| + priv_key_const_time = BN_new(); | |
| + if (priv_key_const_time == NULL) { | |
| + BN_free(pub_key); | |
| + return NULL; | |
| + } | |
| + ctx = BN_CTX_new(); | |
| + if (ctx == NULL) { | |
| + BN_free(pub_key); | |
| + BN_free(priv_key_const_time); | |
| + return NULL; | |
| + } | |
| + | |
| + BN_with_flags(priv_key_const_time, priv_key, BN_FLG_CONSTTIME); | |
| + | |
| + if (!BN_mod_exp_mont(pub_key, g, priv_key_const_time, p, ctx, NULL)) { | |
| + BN_free(pub_key); | |
| + pub_key = NULL; | |
| + } | |
| + | |
| + BN_free(priv_key_const_time); | |
| + BN_CTX_free(ctx); | |
| + | |
| + return pub_key; | |
| +} | |
| +/* }}} */ | |
| + | |
| /* {{{ php_openssl_pkey_init_dh */ | |
| -zend_bool php_openssl_pkey_init_dh(DH *dh) | |
| +zend_bool php_openssl_pkey_init_dh(DH *dh, zval *data) | |
| { | |
| - if (!dh->p || !dh->g) { | |
| + BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
| + | |
| + OPENSSL_PKEY_SET_BN(data, p); | |
| + OPENSSL_PKEY_SET_BN(data, q); | |
| + OPENSSL_PKEY_SET_BN(data, g); | |
| + if (!p || !g || !DH_set0_pqg(dh, p, q, g)) { | |
| return 0; | |
| } | |
| - if (dh->pub_key) { | |
| - return 1; | |
| + | |
| + OPENSSL_PKEY_SET_BN(data, priv_key); | |
| + OPENSSL_PKEY_SET_BN(data, pub_key); | |
| + if (pub_key) { | |
| + return DH_set0_key(dh, pub_key, priv_key); | |
| + } | |
| + if (priv_key) { | |
| + pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p); | |
| + if (pub_key == NULL) { | |
| + return 0; | |
| + } | |
| + return DH_set0_key(dh, pub_key, priv_key); | |
| } | |
| PHP_OPENSSL_RAND_ADD_TIME(); | |
| if (!DH_generate_key(dh)) { | |
| @@ -3614,18 +3908,8 @@ PHP_FUNCTION(openssl_pkey_new) | |
| if (pkey) { | |
| RSA *rsa = RSA_new(); | |
| if (rsa) { | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, n); | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, e); | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, d); | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, p); | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, q); | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1); | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1); | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp); | |
| - if (rsa->n && rsa->d) { | |
| - if (EVP_PKEY_assign_RSA(pkey, rsa)) { | |
| - RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
| - } | |
| + if (php_openssl_pkey_init_and_assign_rsa(pkey, rsa, *data)) { | |
| + RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
| } | |
| RSA_free(rsa); | |
| } | |
| @@ -3638,12 +3922,7 @@ PHP_FUNCTION(openssl_pkey_new) | |
| if (pkey) { | |
| DSA *dsa = DSA_new(); | |
| if (dsa) { | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, p); | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, q); | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g); | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key); | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key); | |
| - if (php_openssl_pkey_init_dsa(dsa)) { | |
| + if (php_openssl_pkey_init_dsa(dsa, *data)) { | |
| if (EVP_PKEY_assign_DSA(pkey, dsa)) { | |
| RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
| } | |
| @@ -3659,11 +3938,7 @@ PHP_FUNCTION(openssl_pkey_new) | |
| if (pkey) { | |
| DH *dh = DH_new(); | |
| if (dh) { | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, p); | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g); | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key); | |
| - OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key); | |
| - if (php_openssl_pkey_init_dh(dh)) { | |
| + if (php_openssl_pkey_init_dh(dh, *data)) { | |
| if (EVP_PKEY_assign_DH(pkey, dh)) { | |
| RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC)); | |
| } | |
| @@ -3738,10 +4013,10 @@ PHP_FUNCTION(openssl_pkey_export_to_file) | |
| cipher = NULL; | |
| } | |
| - switch (EVP_PKEY_type(key->type)) { | |
| + switch (EVP_PKEY_base_id(key)) { | |
| #ifdef HAVE_EVP_PKEY_EC | |
| case EVP_PKEY_EC: | |
| - pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL); | |
| + pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get0_EC_KEY(key), cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL); | |
| break; | |
| #endif | |
| default: | |
| @@ -3807,7 +4082,7 @@ PHP_FUNCTION(openssl_pkey_export) | |
| cipher = NULL; | |
| } | |
| - switch (EVP_PKEY_type(key->type)) { | |
| + switch (EVP_PKEY_base_id(key)) { | |
| #ifdef HAVE_EVP_PKEY_EC | |
| case EVP_PKEY_EC: | |
| pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL); | |
| @@ -3928,25 +4203,33 @@ PHP_FUNCTION(openssl_pkey_get_details) | |
| /*TODO: Use the real values once the openssl constants are used | |
| * See the enum at the top of this file | |
| */ | |
| - switch (EVP_PKEY_type(pkey->type)) { | |
| + switch (EVP_PKEY_base_id(pkey)) { | |
| case EVP_PKEY_RSA: | |
| case EVP_PKEY_RSA2: | |
| - ktype = OPENSSL_KEYTYPE_RSA; | |
| - | |
| - if (pkey->pkey.rsa != NULL) { | |
| - zval *rsa; | |
| - | |
| - ALLOC_INIT_ZVAL(rsa); | |
| - array_init(rsa); | |
| - OPENSSL_PKEY_GET_BN(rsa, n); | |
| - OPENSSL_PKEY_GET_BN(rsa, e); | |
| - OPENSSL_PKEY_GET_BN(rsa, d); | |
| - OPENSSL_PKEY_GET_BN(rsa, p); | |
| - OPENSSL_PKEY_GET_BN(rsa, q); | |
| - OPENSSL_PKEY_GET_BN(rsa, dmp1); | |
| - OPENSSL_PKEY_GET_BN(rsa, dmq1); | |
| - OPENSSL_PKEY_GET_BN(rsa, iqmp); | |
| - add_assoc_zval(return_value, "rsa", rsa); | |
| + { | |
| + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
| + ktype = OPENSSL_KEYTYPE_RSA; | |
| + | |
| + if (rsa != NULL) { | |
| + zval *z_rsa; | |
| + const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; | |
| + | |
| + RSA_get0_key(rsa, &n, &e, &d); | |
| + RSA_get0_factors(rsa, &p, &q); | |
| + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); | |
| + | |
| + ALLOC_INIT_ZVAL(z_rsa); | |
| + array_init(z_rsa); | |
| + OPENSSL_PKEY_GET_BN(z_rsa, n); | |
| + OPENSSL_PKEY_GET_BN(z_rsa, e); | |
| + OPENSSL_PKEY_GET_BN(z_rsa, d); | |
| + OPENSSL_PKEY_GET_BN(z_rsa, p); | |
| + OPENSSL_PKEY_GET_BN(z_rsa, q); | |
| + OPENSSL_PKEY_GET_BN(z_rsa, dmp1); | |
| + OPENSSL_PKEY_GET_BN(z_rsa, dmq1); | |
| + OPENSSL_PKEY_GET_BN(z_rsa, iqmp); | |
| + add_assoc_zval(return_value, "rsa", z_rsa); | |
| + } | |
| } | |
| break; | |
| @@ -3954,42 +4237,55 @@ PHP_FUNCTION(openssl_pkey_get_details) | |
| case EVP_PKEY_DSA2: | |
| case EVP_PKEY_DSA3: | |
| case EVP_PKEY_DSA4: | |
| - ktype = OPENSSL_KEYTYPE_DSA; | |
| - | |
| - if (pkey->pkey.dsa != NULL) { | |
| - zval *dsa; | |
| - | |
| - ALLOC_INIT_ZVAL(dsa); | |
| - array_init(dsa); | |
| - OPENSSL_PKEY_GET_BN(dsa, p); | |
| - OPENSSL_PKEY_GET_BN(dsa, q); | |
| - OPENSSL_PKEY_GET_BN(dsa, g); | |
| - OPENSSL_PKEY_GET_BN(dsa, priv_key); | |
| - OPENSSL_PKEY_GET_BN(dsa, pub_key); | |
| - add_assoc_zval(return_value, "dsa", dsa); | |
| + { | |
| + DSA *dsa = EVP_PKEY_get0_DSA(pkey); | |
| + ktype = OPENSSL_KEYTYPE_DSA; | |
| + | |
| + if (dsa != NULL) { | |
| + zval *z_dsa; | |
| + const BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
| + | |
| + DSA_get0_pqg(dsa, &p, &q, &g); | |
| + DSA_get0_key(dsa, &pub_key, &priv_key); | |
| + | |
| + ALLOC_INIT_ZVAL(z_dsa); | |
| + array_init(z_dsa); | |
| + OPENSSL_PKEY_GET_BN(z_dsa, p); | |
| + OPENSSL_PKEY_GET_BN(z_dsa, q); | |
| + OPENSSL_PKEY_GET_BN(z_dsa, g); | |
| + OPENSSL_PKEY_GET_BN(z_dsa, priv_key); | |
| + OPENSSL_PKEY_GET_BN(z_dsa, pub_key); | |
| + add_assoc_zval(return_value, "dsa", z_dsa); | |
| + } | |
| } | |
| break; | |
| case EVP_PKEY_DH: | |
| - | |
| - ktype = OPENSSL_KEYTYPE_DH; | |
| - | |
| - if (pkey->pkey.dh != NULL) { | |
| - zval *dh; | |
| - | |
| - ALLOC_INIT_ZVAL(dh); | |
| - array_init(dh); | |
| - OPENSSL_PKEY_GET_BN(dh, p); | |
| - OPENSSL_PKEY_GET_BN(dh, g); | |
| - OPENSSL_PKEY_GET_BN(dh, priv_key); | |
| - OPENSSL_PKEY_GET_BN(dh, pub_key); | |
| - add_assoc_zval(return_value, "dh", dh); | |
| + { | |
| + DH *dh = EVP_PKEY_get0_DH(pkey); | |
| + ktype = OPENSSL_KEYTYPE_DH; | |
| + | |
| + if (dh != NULL) { | |
| + zval *z_dh; | |
| + const BIGNUM *p, *q, *g, *priv_key, *pub_key; | |
| + | |
| + DH_get0_pqg(dh, &p, &q, &g); | |
| + DH_get0_key(dh, &pub_key, &priv_key); | |
| + | |
| + ALLOC_INIT_ZVAL(z_dh); | |
| + array_init(z_dh); | |
| + OPENSSL_PKEY_GET_BN(z_dh, p); | |
| + OPENSSL_PKEY_GET_BN(z_dh, g); | |
| + OPENSSL_PKEY_GET_BN(z_dh, priv_key); | |
| + OPENSSL_PKEY_GET_BN(z_dh, pub_key); | |
| + add_assoc_zval(return_value, "dh", z_dh); | |
| + } | |
| } | |
| break; | |
| #ifdef HAVE_EVP_PKEY_EC | |
| case EVP_PKEY_EC: | |
| ktype = OPENSSL_KEYTYPE_EC; | |
| - if (pkey->pkey.ec != NULL) { | |
| + if (EVP_PKEY_get0_EC_KEY(pkey) != NULL) { | |
| zval *ec; | |
| const EC_GROUP *ec_group; | |
| int nid; | |
| @@ -4546,13 +4842,13 @@ PHP_FUNCTION(openssl_private_encrypt) | |
| cryptedlen = EVP_PKEY_size(pkey); | |
| cryptedbuf = emalloc(cryptedlen + 1); | |
| - switch (pkey->type) { | |
| + switch (EVP_PKEY_id(pkey)) { | |
| case EVP_PKEY_RSA: | |
| case EVP_PKEY_RSA2: | |
| successful = (RSA_private_encrypt(data_len, | |
| (unsigned char *)data, | |
| cryptedbuf, | |
| - pkey->pkey.rsa, | |
| + EVP_PKEY_get0_RSA(pkey), | |
| padding) == cryptedlen); | |
| break; | |
| default: | |
| @@ -4604,13 +4900,13 @@ PHP_FUNCTION(openssl_private_decrypt) | |
| cryptedlen = EVP_PKEY_size(pkey); | |
| crypttemp = emalloc(cryptedlen + 1); | |
| - switch (pkey->type) { | |
| + switch (EVP_PKEY_id(pkey)) { | |
| case EVP_PKEY_RSA: | |
| case EVP_PKEY_RSA2: | |
| cryptedlen = RSA_private_decrypt(data_len, | |
| (unsigned char *)data, | |
| crypttemp, | |
| - pkey->pkey.rsa, | |
| + EVP_PKEY_get0_RSA(pkey), | |
| padding); | |
| if (cryptedlen != -1) { | |
| cryptedbuf = emalloc(cryptedlen + 1); | |
| @@ -4669,13 +4965,13 @@ PHP_FUNCTION(openssl_public_encrypt) | |
| cryptedlen = EVP_PKEY_size(pkey); | |
| cryptedbuf = emalloc(cryptedlen + 1); | |
| - switch (pkey->type) { | |
| + switch (EVP_PKEY_id(pkey)) { | |
| case EVP_PKEY_RSA: | |
| case EVP_PKEY_RSA2: | |
| successful = (RSA_public_encrypt(data_len, | |
| (unsigned char *)data, | |
| cryptedbuf, | |
| - pkey->pkey.rsa, | |
| + EVP_PKEY_get0_RSA(pkey), | |
| padding) == cryptedlen); | |
| break; | |
| default: | |
| @@ -4728,13 +5024,13 @@ PHP_FUNCTION(openssl_public_decrypt) | |
| cryptedlen = EVP_PKEY_size(pkey); | |
| crypttemp = emalloc(cryptedlen + 1); | |
| - switch (pkey->type) { | |
| + switch (EVP_PKEY_id(pkey)) { | |
| case EVP_PKEY_RSA: | |
| case EVP_PKEY_RSA2: | |
| cryptedlen = RSA_public_decrypt(data_len, | |
| (unsigned char *)data, | |
| crypttemp, | |
| - pkey->pkey.rsa, | |
| + EVP_PKEY_get0_RSA(pkey), | |
| padding); | |
| if (cryptedlen != -1) { | |
| cryptedbuf = emalloc(cryptedlen + 1); | |
| @@ -4798,7 +5094,7 @@ PHP_FUNCTION(openssl_sign) | |
| long keyresource = -1; | |
| char * data; | |
| int data_len; | |
| - EVP_MD_CTX md_ctx; | |
| + EVP_MD_CTX *md_ctx; | |
| zval *method = NULL; | |
| long signature_algo = OPENSSL_ALGO_SHA1; | |
| const EVP_MD *mdtype; | |
| @@ -4831,9 +5127,10 @@ PHP_FUNCTION(openssl_sign) | |
| siglen = EVP_PKEY_size(pkey); | |
| sigbuf = emalloc(siglen + 1); | |
| - EVP_SignInit(&md_ctx, mdtype); | |
| - EVP_SignUpdate(&md_ctx, data, data_len); | |
| - if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) { | |
| + md_ctx = EVP_MD_CTX_create(); | |
| + EVP_SignInit(md_ctx, mdtype); | |
| + EVP_SignUpdate(md_ctx, data, data_len); | |
| + if (EVP_SignFinal (md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) { | |
| zval_dtor(signature); | |
| sigbuf[siglen] = '\0'; | |
| ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0); | |
| @@ -4842,7 +5139,7 @@ PHP_FUNCTION(openssl_sign) | |
| efree(sigbuf); | |
| RETVAL_FALSE; | |
| } | |
| - EVP_MD_CTX_cleanup(&md_ctx); | |
| + EVP_MD_CTX_destroy(md_ctx); | |
| if (keyresource == -1) { | |
| EVP_PKEY_free(pkey); | |
| } | |
| @@ -4856,7 +5153,7 @@ PHP_FUNCTION(openssl_verify) | |
| zval **key; | |
| EVP_PKEY *pkey; | |
| int err; | |
| - EVP_MD_CTX md_ctx; | |
| + EVP_MD_CTX *md_ctx; | |
| const EVP_MD *mdtype; | |
| long keyresource = -1; | |
| char * data; int data_len; | |
| @@ -4890,10 +5187,11 @@ PHP_FUNCTION(openssl_verify) | |
| RETURN_FALSE; | |
| } | |
| - EVP_VerifyInit (&md_ctx, mdtype); | |
| - EVP_VerifyUpdate (&md_ctx, data, data_len); | |
| - err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey); | |
| - EVP_MD_CTX_cleanup(&md_ctx); | |
| + md_ctx = EVP_MD_CTX_create(); | |
| + EVP_VerifyInit (md_ctx, mdtype); | |
| + EVP_VerifyUpdate (md_ctx, data, data_len); | |
| + err = EVP_VerifyFinal (md_ctx, (unsigned char *)signature, signature_len, pkey); | |
| + EVP_MD_CTX_destroy(md_ctx); | |
| if (keyresource == -1) { | |
| EVP_PKEY_free(pkey); | |
| @@ -4917,7 +5215,7 @@ PHP_FUNCTION(openssl_seal) | |
| char *method =NULL; | |
| int method_len = 0; | |
| const EVP_CIPHER *cipher; | |
| - EVP_CIPHER_CTX ctx; | |
| + EVP_CIPHER_CTX *ctx; | |
| if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/|s", &data, &data_len, &sealdata, &ekeys, &pubkeys, &method, &method_len) == FAILURE) { | |
| return; | |
| @@ -4950,6 +5248,7 @@ PHP_FUNCTION(openssl_seal) | |
| memset(eks, 0, sizeof(*eks) * nkeys); | |
| key_resources = safe_emalloc(nkeys, sizeof(long), 0); | |
| memset(key_resources, 0, sizeof(*key_resources) * nkeys); | |
| + memset(pkeys, 0, sizeof(*pkeys) * nkeys); | |
| /* get the public keys we are using to seal this data */ | |
| zend_hash_internal_pointer_reset_ex(pubkeysht, &pos); | |
| @@ -4967,27 +5266,28 @@ PHP_FUNCTION(openssl_seal) | |
| i++; | |
| } | |
| - if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) { | |
| + ctx = EVP_CIPHER_CTX_new(); | |
| + if (ctx == NULL || !EVP_EncryptInit(ctx,cipher,NULL,NULL)) { | |
| RETVAL_FALSE; | |
| - EVP_CIPHER_CTX_cleanup(&ctx); | |
| + EVP_CIPHER_CTX_free(ctx); | |
| goto clean_exit; | |
| } | |
| #if 0 | |
| /* Need this if allow ciphers that require initialization vector */ | |
| - ivlen = EVP_CIPHER_CTX_iv_length(&ctx); | |
| + ivlen = EVP_CIPHER_CTX_iv_length(ctx); | |
| iv = ivlen ? emalloc(ivlen + 1) : NULL; | |
| #endif | |
| /* allocate one byte extra to make room for \0 */ | |
| - buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx)); | |
| - EVP_CIPHER_CTX_cleanup(&ctx); | |
| + buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx)); | |
| + EVP_CIPHER_CTX_cleanup(ctx); | |
| - if (EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) <= 0 || | |
| - !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len) || | |
| - !EVP_SealFinal(&ctx, buf + len1, &len2)) { | |
| + if (EVP_SealInit(ctx, cipher, eks, eksl, NULL, pkeys, nkeys) <= 0 || | |
| + !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len) || | |
| + !EVP_SealFinal(ctx, buf + len1, &len2)) { | |
| RETVAL_FALSE; | |
| efree(buf); | |
| - EVP_CIPHER_CTX_cleanup(&ctx); | |
| + EVP_CIPHER_CTX_free(ctx); | |
| goto clean_exit; | |
| } | |
| @@ -5018,7 +5318,7 @@ PHP_FUNCTION(openssl_seal) | |
| efree(buf); | |
| } | |
| RETVAL_LONG(len1 + len2); | |
| - EVP_CIPHER_CTX_cleanup(&ctx); | |
| + EVP_CIPHER_CTX_free(ctx); | |
| clean_exit: | |
| for (i=0; i<nkeys; i++) { | |
| @@ -5045,7 +5345,7 @@ PHP_FUNCTION(openssl_open) | |
| int len1, len2; | |
| unsigned char *buf; | |
| long keyresource = -1; | |
| - EVP_CIPHER_CTX ctx; | |
| + EVP_CIPHER_CTX *ctx; | |
| char * data; int data_len; | |
| char * ekey; int ekey_len; | |
| char *method =NULL; | |
| @@ -5074,8 +5374,9 @@ PHP_FUNCTION(openssl_open) | |
| buf = emalloc(data_len + 1); | |
| - if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
| - if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) { | |
| + ctx = EVP_CIPHER_CTX_new(); | |
| + if (EVP_OpenInit(ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) { | |
| + if (!EVP_OpenFinal(ctx, buf + len1, &len2) || (len1 + len2 == 0)) { | |
| efree(buf); | |
| RETVAL_FALSE; | |
| } else { | |
| @@ -5091,7 +5392,7 @@ PHP_FUNCTION(openssl_open) | |
| if (keyresource == -1) { | |
| EVP_PKEY_free(pkey); | |
| } | |
| - EVP_CIPHER_CTX_cleanup(&ctx); | |
| + EVP_CIPHER_CTX_free(ctx); | |
| } | |
| /* }}} */ | |
| @@ -5151,7 +5452,7 @@ PHP_FUNCTION(openssl_digest) | |
| char *data, *method; | |
| int data_len, method_len; | |
| const EVP_MD *mdtype; | |
| - EVP_MD_CTX md_ctx; | |
| + EVP_MD_CTX *md_ctx; | |
| int siglen; | |
| unsigned char *sigbuf; | |
| @@ -5167,9 +5468,10 @@ PHP_FUNCTION(openssl_digest) | |
| siglen = EVP_MD_size(mdtype); | |
| sigbuf = emalloc(siglen + 1); | |
| - EVP_DigestInit(&md_ctx, mdtype); | |
| - EVP_DigestUpdate(&md_ctx, (unsigned char *)data, data_len); | |
| - if (EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) { | |
| + md_ctx = EVP_MD_CTX_create(); | |
| + EVP_DigestInit(md_ctx, mdtype); | |
| + EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len); | |
| + if (EVP_DigestFinal (md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) { | |
| if (raw_output) { | |
| sigbuf[siglen] = '\0'; | |
| RETVAL_STRINGL((char *)sigbuf, siglen, 0); | |
| @@ -5185,6 +5487,8 @@ PHP_FUNCTION(openssl_digest) | |
| efree(sigbuf); | |
| RETVAL_FALSE; | |
| } | |
| + | |
| + EVP_MD_CTX_destroy(md_ctx); | |
| } | |
| /* }}} */ | |
| @@ -5230,7 +5534,7 @@ PHP_FUNCTION(openssl_encrypt) | |
| char *data, *method, *password, *iv = ""; | |
| int data_len, method_len, password_len, iv_len = 0, max_iv_len; | |
| const EVP_CIPHER *cipher_type; | |
| - EVP_CIPHER_CTX cipher_ctx; | |
| + EVP_CIPHER_CTX *cipher_ctx; | |
| int i=0, outlen, keylen; | |
| unsigned char *outbuf, *key; | |
| zend_bool free_iv; | |
| @@ -5262,19 +5566,24 @@ PHP_FUNCTION(openssl_encrypt) | |
| outlen = data_len + EVP_CIPHER_block_size(cipher_type); | |
| outbuf = safe_emalloc(outlen, 1, 1); | |
| - EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL); | |
| + cipher_ctx = EVP_CIPHER_CTX_new(); | |
| + if (!cipher_ctx) { | |
| + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to create cipher context"); | |
| + RETURN_FALSE; | |
| + } | |
| + EVP_EncryptInit(cipher_ctx, cipher_type, NULL, NULL); | |
| if (password_len > keylen) { | |
| - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); | |
| + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); | |
| } | |
| - EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
| + EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
| if (options & OPENSSL_ZERO_PADDING) { | |
| - EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); | |
| + EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); | |
| } | |
| if (data_len > 0) { | |
| - EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
| + EVP_EncryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
| } | |
| outlen = i; | |
| - if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
| + if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
| outlen += i; | |
| if (options & OPENSSL_RAW_DATA) { | |
| outbuf[outlen] = '\0'; | |
| @@ -5301,7 +5610,8 @@ PHP_FUNCTION(openssl_encrypt) | |
| if (free_iv) { | |
| efree(iv); | |
| } | |
| - EVP_CIPHER_CTX_cleanup(&cipher_ctx); | |
| + EVP_CIPHER_CTX_cleanup(cipher_ctx); | |
| + EVP_CIPHER_CTX_free(cipher_ctx); | |
| } | |
| /* }}} */ | |
| @@ -5313,7 +5623,7 @@ PHP_FUNCTION(openssl_decrypt) | |
| char *data, *method, *password, *iv = ""; | |
| int data_len, method_len, password_len, iv_len = 0; | |
| const EVP_CIPHER *cipher_type; | |
| - EVP_CIPHER_CTX cipher_ctx; | |
| + EVP_CIPHER_CTX *cipher_ctx; | |
| int i, outlen, keylen; | |
| unsigned char *outbuf, *key; | |
| int base64_str_len; | |
| @@ -5359,17 +5669,23 @@ PHP_FUNCTION(openssl_decrypt) | |
| outlen = data_len + EVP_CIPHER_block_size(cipher_type); | |
| outbuf = emalloc(outlen + 1); | |
| - EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL); | |
| + cipher_ctx = EVP_CIPHER_CTX_new(); | |
| + if (!cipher_ctx) { | |
| + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to create cipher context"); | |
| + RETURN_FALSE; | |
| + } | |
| + | |
| + EVP_DecryptInit(cipher_ctx, cipher_type, NULL, NULL); | |
| if (password_len > keylen) { | |
| - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); | |
| + EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); | |
| } | |
| - EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
| + EVP_DecryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); | |
| if (options & OPENSSL_ZERO_PADDING) { | |
| - EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); | |
| + EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); | |
| } | |
| - EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
| + EVP_DecryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); | |
| outlen = i; | |
| - if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
| + if (EVP_DecryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) { | |
| outlen += i; | |
| outbuf[outlen] = '\0'; | |
| RETVAL_STRINGL((char *)outbuf, outlen, 0); | |
| @@ -5386,7 +5702,8 @@ PHP_FUNCTION(openssl_decrypt) | |
| if (base64_str) { | |
| efree(base64_str); | |
| } | |
| - EVP_CIPHER_CTX_cleanup(&cipher_ctx); | |
| + EVP_CIPHER_CTX_cleanup(cipher_ctx); | |
| + EVP_CIPHER_CTX_free(cipher_ctx); | |
| } | |
| /* }}} */ | |
| @@ -5424,6 +5741,7 @@ PHP_FUNCTION(openssl_dh_compute_key) | |
| zval *key; | |
| char *pub_str; | |
| int pub_len; | |
| + DH *dh; | |
| EVP_PKEY *pkey; | |
| BIGNUM *pub; | |
| char *data; | |
| @@ -5433,14 +5751,21 @@ PHP_FUNCTION(openssl_dh_compute_key) | |
| return; | |
| } | |
| ZEND_FETCH_RESOURCE(pkey, EVP_PKEY *, &key, -1, "OpenSSL key", le_key); | |
| - if (!pkey || EVP_PKEY_type(pkey->type) != EVP_PKEY_DH || !pkey->pkey.dh) { | |
| + if (pkey == NULL) { | |
| + RETURN_FALSE; | |
| + } | |
| + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) { | |
| + RETURN_FALSE; | |
| + } | |
| + dh = EVP_PKEY_get0_DH(pkey); | |
| + if (dh == NULL) { | |
| RETURN_FALSE; | |
| } | |
| pub = BN_bin2bn((unsigned char*)pub_str, pub_len, NULL); | |
| - data = emalloc(DH_size(pkey->pkey.dh) + 1); | |
| - len = DH_compute_key((unsigned char*)data, pub, pkey->pkey.dh); | |
| + data = emalloc(DH_size(dh) + 1); | |
| + len = DH_compute_key((unsigned char*)data, pub, dh); | |
| if (len >= 0) { | |
| data[len] = 0; | |
| diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c | |
| index d549033..c2d477c 100644 | |
| --- a/ext/openssl/xp_ssl.c | |
| +++ b/ext/openssl/xp_ssl.c | |
| @@ -935,7 +935,7 @@ static int set_local_cert(SSL_CTX *ctx, php_stream *stream TSRMLS_DC) /* {{{ */ | |
| static const SSL_METHOD *php_select_crypto_method(long method_value, int is_client TSRMLS_DC) /* {{{ */ | |
| { | |
| if (method_value == STREAM_CRYPTO_METHOD_SSLv2) { | |
| -#ifndef OPENSSL_NO_SSL2 | |
| +#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L | |
| return is_client ? SSLv2_client_method() : SSLv2_server_method(); | |
| #else | |
| php_error_docref(NULL TSRMLS_CC, E_WARNING, | |
| @@ -1588,12 +1588,26 @@ int php_openssl_setup_crypto(php_stream *stream, | |
| } | |
| /* }}} */ | |
| +#define PHP_SSL_MAX_VERSION_LEN 32 | |
| + | |
| +static char *php_ssl_cipher_get_version(const SSL_CIPHER *c, char *buffer, size_t max_len) /* {{{ */ | |
| +{ | |
| + const char *version = SSL_CIPHER_get_version(c); | |
| + strncpy(buffer, version, max_len); | |
| + if (max_len <= strlen(version)) { | |
| + buffer[max_len - 1] = 0; | |
| + } | |
| + return buffer; | |
| +} | |
| +/* }}} */ | |
| + | |
| static zval *capture_session_meta(SSL *ssl_handle) /* {{{ */ | |
| { | |
| zval *meta_arr; | |
| char *proto_str; | |
| long proto = SSL_version(ssl_handle); | |
| const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl_handle); | |
| + char version_str[PHP_SSL_MAX_VERSION_LEN]; | |
| switch (proto) { | |
| #if OPENSSL_VERSION_NUMBER >= 0x10001001L | |
| @@ -1611,7 +1625,7 @@ static zval *capture_session_meta(SSL *ssl_handle) /* {{{ */ | |
| add_assoc_string(meta_arr, "protocol", proto_str, 1); | |
| add_assoc_string(meta_arr, "cipher_name", (char *) SSL_CIPHER_get_name(cipher), 1); | |
| add_assoc_long(meta_arr, "cipher_bits", SSL_CIPHER_get_bits(cipher, NULL)); | |
| - add_assoc_string(meta_arr, "cipher_version", SSL_CIPHER_get_version(cipher), 1); | |
| + add_assoc_string(meta_arr, "cipher_version", php_ssl_cipher_get_version(cipher, version_str, PHP_SSL_MAX_VERSION_LEN), 1); | |
| return meta_arr; | |
| } | |
| diff --git a/ext/phar/util.c b/ext/phar/util.c | |
| index 828be8f..06e4e55 100644 | |
| --- a/ext/phar/util.c | |
| +++ b/ext/phar/util.c | |
| @@ -1531,7 +1531,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, php_uint32 sig_typ | |
| BIO *in; | |
| EVP_PKEY *key; | |
| EVP_MD *mdtype = (EVP_MD *) EVP_sha1(); | |
| - EVP_MD_CTX md_ctx; | |
| + EVP_MD_CTX *md_ctx; | |
| #else | |
| int tempsig; | |
| #endif | |
| @@ -1608,7 +1608,8 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, php_uint32 sig_typ | |
| return FAILURE; | |
| } | |
| - EVP_VerifyInit(&md_ctx, mdtype); | |
| + md_ctx = EVP_MD_CTX_create(); | |
| + EVP_VerifyInit(md_ctx, mdtype); | |
| read_len = end_of_phar; | |
| if (read_len > sizeof(buf)) { | |
| @@ -1620,7 +1621,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, php_uint32 sig_typ | |
| php_stream_seek(fp, 0, SEEK_SET); | |
| while (read_size && (len = php_stream_read(fp, (char*)buf, read_size)) > 0) { | |
| - EVP_VerifyUpdate (&md_ctx, buf, len); | |
| + EVP_VerifyUpdate (md_ctx, buf, len); | |
| read_len -= (off_t)len; | |
| if (read_len < read_size) { | |
| @@ -1628,9 +1629,9 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, php_uint32 sig_typ | |
| } | |
| } | |
| - if (EVP_VerifyFinal(&md_ctx, (unsigned char *)sig, sig_len, key) != 1) { | |
| + if (EVP_VerifyFinal(md_ctx, (unsigned char *)sig, sig_len, key) != 1) { | |
| /* 1: signature verified, 0: signature does not match, -1: failed signature operation */ | |
| - EVP_MD_CTX_cleanup(&md_ctx); | |
| + EVP_MD_CTX_destroy(md_ctx); | |
| if (error) { | |
| spprintf(error, 0, "broken openssl signature"); | |
| @@ -1639,7 +1640,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, php_uint32 sig_typ | |
| return FAILURE; | |
| } | |
| - EVP_MD_CTX_cleanup(&md_ctx); | |
| + EVP_MD_CTX_destroy(md_ctx); | |
| #endif | |
| *signature_len = phar_hex_str((const char*)sig, sig_len, signature TSRMLS_CC); | |
| -- | |
| 2.7.4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class PhpAT56 < Formula | |
| desc "General-purpose scripting language" | |
| homepage "https://secure.php.net/" | |
| url "https://php.net/get/php-5.6.40.tar.xz/from/this/mirror" | |
| sha256 "1369a51eee3995d7fbd1c5342e5cc917760e276d561595b6052b21ace2656d1c" | |
| bottle do | |
| root_url "https://dl.bintray.com/exolnet/bottles-deprecated" | |
| rebuild 2 | |
| sha256 "73b687b813a0984e201b53c5f3f579365f6d0d0e434c9acbeb08eae6d2328c06" => :mojave | |
| end | |
| keg_only :versioned_formula | |
| depends_on "httpd" => [:build, :test] | |
| depends_on "pkg-config" => :build | |
| depends_on "apr" | |
| depends_on "apr-util" | |
| depends_on "aspell" | |
| depends_on "autoconf" | |
| depends_on "curl-openssl" | |
| depends_on "freetds" | |
| depends_on "freetype" | |
| depends_on "gettext" | |
| depends_on "glib" | |
| depends_on "gmp" | |
| depends_on "icu4c" | |
| depends_on "jpeg" | |
| depends_on "libpng" | |
| depends_on "libpq" | |
| depends_on "libtool" | |
| depends_on "libzip" | |
| depends_on "mcrypt" | |
| depends_on "openldap" | |
| depends_on "openssl" | |
| depends_on "pcre" | |
| depends_on "sqlite" | |
| depends_on "tidy-html5" | |
| depends_on "unixodbc" | |
| # PHP build system incorrectly links system libraries | |
| # see https://github.com/php/php-src/pull/3472 | |
| patch :DATA | |
| # Make this formula compatible with OpenSSL 1.1 | |
| # see https://github.com/eXolnet/homebrew-deprecated/issues/23#issuecomment-619976586 | |
| patch do | |
| url "https://raw.githubusercontent.com/opencomputeproject/Rack-Manager/master/Contrib-Inspur/openbmc/meta-openembedded/meta-oe/recipes-devtools/php/php/0001-PHP-5.6-LibSSL-1.1-compatibility.patch" | |
| sha256 "c9715b544ae249c0e76136dfadd9d282237233459694b9e75d0e3e094ab0c993" | |
| end | |
| def install | |
| # Ensure that libxml2 will be detected correctly in older MacOS | |
| if MacOS.version == :el_capitan || MacOS.version == :sierra | |
| ENV["SDKROOT"] = MacOS.sdk_path | |
| end | |
| # buildconf required due to system library linking bug patch | |
| system "./buildconf", "--force" | |
| inreplace "configure" do |s| | |
| s.gsub! "APACHE_THREADED_MPM=`$APXS_HTTPD -V | grep 'threaded:.*yes'`", | |
| "APACHE_THREADED_MPM=" | |
| s.gsub! "APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR`", | |
| "APXS_LIBEXECDIR='$(INSTALL_ROOT)#{lib}/httpd/modules'" | |
| s.gsub! "-z `$APXS -q SYSCONFDIR`", | |
| "-z ''" | |
| # apxs will interpolate the @ in the versioned prefix: https://bz.apache.org/bugzilla/show_bug.cgi?id=61944 | |
| s.gsub! "LIBEXECDIR='$APXS_LIBEXECDIR'", | |
| "LIBEXECDIR='" + "#{lib}/httpd/modules".gsub("@", "\\@") + "'" | |
| end | |
| # Update error message in apache sapi to better explain the requirements | |
| # of using Apache http in combination with php if the non-compatible MPM | |
| # has been selected. Homebrew has chosen not to support being able to | |
| # compile a thread safe version of PHP and therefore it is not | |
| # possible to recompile as suggested in the original message | |
| inreplace "sapi/apache2handler/sapi_apache2.c", | |
| "You need to recompile PHP.", | |
| "Homebrew PHP does not support a thread-safe php binary. "\ | |
| "To use the PHP apache sapi please change "\ | |
| "your httpd config to use the prefork MPM" | |
| inreplace "sapi/fpm/php-fpm.conf.in", ";daemonize = yes", "daemonize = no" | |
| # API compatibility with tidy-html5 v5.0.0 - https://github.com/htacg/tidy-html5/issues/224 | |
| inreplace "ext/tidy/tidy.c", "buffio.h", "tidybuffio.h" | |
| # Required due to icu4c dependency | |
| ENV.cxx11 | |
| # icu4c 61.1 compatability | |
| ENV.append "CPPFLAGS", "-DU_USING_ICU_NAMESPACE=1" | |
| config_path = etc/"php/#{php_version}" | |
| # Prevent system pear config from inhibiting pear install | |
| (config_path/"pear.conf").delete if (config_path/"pear.conf").exist? | |
| # Prevent homebrew from harcoding path to sed shim in phpize script | |
| ENV["lt_cv_path_SED"] = "sed" | |
| # Each extension that is built on Mojave needs a direct reference to the | |
| # sdk path or it won't find the headers | |
| headers_path = "=#{MacOS.sdk_path_if_needed}/usr" | |
| args = %W[ | |
| --prefix=#{prefix} | |
| --localstatedir=#{var} | |
| --sysconfdir=#{config_path} | |
| --with-config-file-path=#{config_path} | |
| --with-config-file-scan-dir=#{config_path}/conf.d | |
| --with-pear=#{pkgshare}/pear | |
| --enable-bcmath | |
| --enable-calendar | |
| --enable-dba | |
| --enable-exif | |
| --enable-ftp | |
| --enable-fpm | |
| --enable-intl | |
| --enable-mbregex | |
| --enable-mbstring | |
| --enable-mysqlnd | |
| --enable-pcntl | |
| --enable-phpdbg | |
| --enable-shmop | |
| --enable-soap | |
| --enable-sockets | |
| --enable-sysvmsg | |
| --enable-sysvsem | |
| --enable-sysvshm | |
| --enable-wddx | |
| --enable-zip | |
| --with-apxs2=#{Formula["httpd"].opt_bin}/apxs | |
| --with-bz2#{headers_path} | |
| --with-curl=#{Formula["curl-openssl"].opt_prefix} | |
| --with-fpm-user=_www | |
| --with-fpm-group=_www | |
| --with-freetype-dir=#{Formula["freetype"].opt_prefix} | |
| --with-gd | |
| --with-gettext=#{Formula["gettext"].opt_prefix} | |
| --with-gmp=#{Formula["gmp"].opt_prefix} | |
| --with-iconv#{headers_path} | |
| --with-icu-dir=#{Formula["icu4c"].opt_prefix} | |
| --with-jpeg-dir=#{Formula["jpeg"].opt_prefix} | |
| --with-kerberos#{headers_path} | |
| --with-layout=GNU | |
| --with-ldap=#{Formula["openldap"].opt_prefix} | |
| --with-ldap-sasl#{headers_path} | |
| --with-libedit#{headers_path} | |
| --with-libxml-dir#{headers_path} | |
| --with-libzip | |
| --with-mcrypt=#{Formula["mcrypt"].opt_prefix} | |
| --with-mhash#{headers_path} | |
| --with-mysql-sock=/tmp/mysql.sock | |
| --with-mysqli=mysqlnd | |
| --with-mysql=mysqlnd | |
| --with-ndbm#{headers_path} | |
| --with-openssl=#{Formula["openssl"].opt_prefix} | |
| --with-pdo-dblib=#{Formula["freetds"].opt_prefix} | |
| --with-pdo-mysql=mysqlnd | |
| --with-pdo-odbc=unixODBC,#{Formula["unixodbc"].opt_prefix} | |
| --with-pdo-pgsql=#{Formula["libpq"].opt_prefix} | |
| --with-pdo-sqlite=#{Formula["sqlite"].opt_prefix} | |
| --with-pgsql=#{Formula["libpq"].opt_prefix} | |
| --with-pic | |
| --with-png-dir=#{Formula["libpng"].opt_prefix} | |
| --with-pspell=#{Formula["aspell"].opt_prefix} | |
| --with-sqlite3=#{Formula["sqlite"].opt_prefix} | |
| --with-tidy=#{Formula["tidy-html5"].opt_prefix} | |
| --with-unixODBC=#{Formula["unixodbc"].opt_prefix} | |
| --with-xmlrpc | |
| --with-xsl#{headers_path} | |
| --with-zlib#{headers_path} | |
| ] | |
| system "./configure", *args | |
| system "make" | |
| system "make", "install" | |
| # Allow pecl to install outside of Cellar | |
| extension_dir = Utils.popen_read("#{bin}/php-config --extension-dir").chomp | |
| orig_ext_dir = File.basename(extension_dir) | |
| inreplace bin/"php-config", lib/"php", prefix/"pecl" | |
| inreplace "php.ini-development", %r{; ?extension_dir = "\./"}, | |
| "extension_dir = \"#{HOMEBREW_PREFIX}/lib/php/pecl/#{orig_ext_dir}\"" | |
| config_files = { | |
| "php.ini-development" => "php.ini", | |
| "sapi/fpm/php-fpm.conf" => "php-fpm.conf", | |
| } | |
| config_files.each_value do |dst| | |
| dst_default = config_path/"#{dst}.default" | |
| rm dst_default if dst_default.exist? | |
| end | |
| config_path.install config_files | |
| unless (var/"log/php-fpm.log").exist? | |
| (var/"log").mkpath | |
| touch var/"log/php-fpm.log" | |
| end | |
| end | |
| def post_install | |
| pear_prefix = pkgshare/"pear" | |
| pear_files = %W[ | |
| #{pear_prefix}/.depdblock | |
| #{pear_prefix}/.filemap | |
| #{pear_prefix}/.depdb | |
| #{pear_prefix}/.lock | |
| ] | |
| %W[ | |
| #{pear_prefix}/.channels | |
| #{pear_prefix}/.channels/.alias | |
| ].each do |f| | |
| chmod 0755, f | |
| pear_files.concat(Dir["#{f}/*"]) | |
| end | |
| chmod 0644, pear_files | |
| # Custom location for extensions installed via pecl | |
| pecl_path = HOMEBREW_PREFIX/"lib/php/pecl" | |
| ln_s pecl_path, prefix/"pecl" unless (prefix/"pecl").exist? | |
| extension_dir = Utils.popen_read("#{bin}/php-config --extension-dir").chomp | |
| php_basename = File.basename(extension_dir) | |
| php_ext_dir = opt_prefix/"lib/php"/php_basename | |
| # fix pear config to install outside cellar | |
| pear_path = HOMEBREW_PREFIX/"share/pear@#{php_version}" | |
| cp_r pkgshare/"pear/.", pear_path | |
| { | |
| "php_ini" => etc/"php/#{php_version}/php.ini", | |
| "php_dir" => pear_path, | |
| "doc_dir" => pear_path/"doc", | |
| "ext_dir" => pecl_path/php_basename, | |
| "bin_dir" => opt_bin, | |
| "data_dir" => pear_path/"data", | |
| "cfg_dir" => pear_path/"cfg", | |
| "www_dir" => pear_path/"htdocs", | |
| "man_dir" => HOMEBREW_PREFIX/"share/man", | |
| "test_dir" => pear_path/"test", | |
| "php_bin" => opt_bin/"php", | |
| }.each do |key, value| | |
| value.mkpath if key =~ /(?<!bin|man)_dir$/ | |
| system bin/"pear", "config-set", key, value, "system" | |
| end | |
| system bin/"pear", "update-channels" | |
| %w[ | |
| opcache | |
| ].each do |e| | |
| ext_config_path = etc/"php/#{php_version}/conf.d/ext-#{e}.ini" | |
| extension_type = (e == "opcache") ? "zend_extension" : "extension" | |
| if ext_config_path.exist? | |
| inreplace ext_config_path, | |
| /#{extension_type}=.*$/, "#{extension_type}=#{php_ext_dir}/#{e}.so" | |
| else | |
| ext_config_path.write <<~EOS | |
| [#{e}] | |
| #{extension_type}="#{php_ext_dir}/#{e}.so" | |
| EOS | |
| end | |
| end | |
| end | |
| def caveats | |
| <<~EOS | |
| To enable PHP in Apache add the following to httpd.conf and restart Apache: | |
| LoadModule php5_module #{opt_lib}/httpd/modules/libphp5.so | |
| <FilesMatch \\.php$> | |
| SetHandler application/x-httpd-php | |
| </FilesMatch> | |
| Finally, check DirectoryIndex includes index.php | |
| DirectoryIndex index.php index.html | |
| The php.ini and php-fpm.ini file can be found in: | |
| #{etc}/php/#{php_version}/ | |
| EOS | |
| end | |
| def php_version | |
| version.to_s.split(".")[0..1].join(".") | |
| end | |
| plist_options :manual => "php-fpm" | |
| def plist; <<~EOS | |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>KeepAlive</key> | |
| <true/> | |
| <key>Label</key> | |
| <string>#{plist_name}</string> | |
| <key>ProgramArguments</key> | |
| <array> | |
| <string>#{opt_sbin}/php-fpm</string> | |
| <string>--nodaemonize</string> | |
| </array> | |
| <key>RunAtLoad</key> | |
| <true/> | |
| <key>WorkingDirectory</key> | |
| <string>#{var}</string> | |
| <key>StandardErrorPath</key> | |
| <string>#{var}/log/php-fpm.log</string> | |
| </dict> | |
| </plist> | |
| EOS | |
| end | |
| test do | |
| assert_match /^Zend OPcache$/, shell_output("#{bin}/php -i"), | |
| "Zend OPCache extension not loaded" | |
| # Test related to libxml2 and | |
| # https://github.com/Homebrew/homebrew-core/issues/28398 | |
| assert_includes MachO::Tools.dylibs("#{bin}/php"), | |
| "#{Formula["libpq"].opt_lib}/libpq.5.dylib" | |
| system "#{sbin}/php-fpm", "-t" | |
| system "#{bin}/phpdbg", "-V" | |
| system "#{bin}/php-cgi", "-m" | |
| # Prevent SNMP extension to be added | |
| assert_no_match /^snmp$/, shell_output("#{bin}/php -m"), | |
| "SNMP extension doesn't work reliably with Homebrew on High Sierra" | |
| begin | |
| require "socket" | |
| server = TCPServer.new(0) | |
| port = server.addr[1] | |
| server_fpm = TCPServer.new(0) | |
| port_fpm = server_fpm.addr[1] | |
| server.close | |
| server_fpm.close | |
| expected_output = /^Hello world!$/ | |
| (testpath/"index.php").write <<~EOS | |
| <?php | |
| echo 'Hello world!' . PHP_EOL; | |
| var_dump(ldap_connect()); | |
| EOS | |
| main_config = <<~EOS | |
| Listen #{port} | |
| ServerName localhost:#{port} | |
| DocumentRoot "#{testpath}" | |
| ErrorLog "#{testpath}/httpd-error.log" | |
| ServerRoot "#{Formula["httpd"].opt_prefix}" | |
| PidFile "#{testpath}/httpd.pid" | |
| LoadModule authz_core_module lib/httpd/modules/mod_authz_core.so | |
| LoadModule unixd_module lib/httpd/modules/mod_unixd.so | |
| LoadModule dir_module lib/httpd/modules/mod_dir.so | |
| DirectoryIndex index.php | |
| EOS | |
| (testpath/"httpd.conf").write <<~EOS | |
| #{main_config} | |
| LoadModule mpm_prefork_module lib/httpd/modules/mod_mpm_prefork.so | |
| LoadModule php5_module #{lib}/httpd/modules/libphp5.so | |
| <FilesMatch \\.(php|phar)$> | |
| SetHandler application/x-httpd-php | |
| </FilesMatch> | |
| EOS | |
| (testpath/"fpm.conf").write <<~EOS | |
| [global] | |
| daemonize=no | |
| [www] | |
| listen = 127.0.0.1:#{port_fpm} | |
| pm = dynamic | |
| pm.max_children = 5 | |
| pm.start_servers = 2 | |
| pm.min_spare_servers = 1 | |
| pm.max_spare_servers = 3 | |
| EOS | |
| (testpath/"httpd-fpm.conf").write <<~EOS | |
| #{main_config} | |
| LoadModule mpm_event_module lib/httpd/modules/mod_mpm_event.so | |
| LoadModule proxy_module lib/httpd/modules/mod_proxy.so | |
| LoadModule proxy_fcgi_module lib/httpd/modules/mod_proxy_fcgi.so | |
| <FilesMatch \\.(php|phar)$> | |
| SetHandler "proxy:fcgi://127.0.0.1:#{port_fpm}" | |
| </FilesMatch> | |
| EOS | |
| pid = fork do | |
| exec Formula["httpd"].opt_bin/"httpd", "-X", "-f", "#{testpath}/httpd.conf" | |
| end | |
| sleep 3 | |
| assert_match expected_output, shell_output("curl -s 127.0.0.1:#{port}") | |
| Process.kill("TERM", pid) | |
| Process.wait(pid) | |
| fpm_pid = fork do | |
| exec sbin/"php-fpm", "-y", "fpm.conf" | |
| end | |
| pid = fork do | |
| exec Formula["httpd"].opt_bin/"httpd", "-X", "-f", "#{testpath}/httpd-fpm.conf" | |
| end | |
| sleep 3 | |
| assert_match expected_output, shell_output("curl -s 127.0.0.1:#{port}") | |
| ensure | |
| if pid | |
| Process.kill("TERM", pid) | |
| Process.wait(pid) | |
| end | |
| if fpm_pid | |
| Process.kill("TERM", fpm_pid) | |
| Process.wait(fpm_pid) | |
| end | |
| end | |
| end | |
| end | |
| __END__ | |
| diff --git a/acinclude.m4 b/acinclude.m4 | |
| index 168c465f8d..6c087d152f 100644 | |
| --- a/acinclude.m4 | |
| +++ b/acinclude.m4 | |
| @@ -441,7 +441,11 @@ dnl | |
| dnl Adds a path to linkpath/runpath (LDFLAGS) | |
| dnl | |
| AC_DEFUN([PHP_ADD_LIBPATH],[ | |
| - if test "$1" != "/usr/$PHP_LIBDIR" && test "$1" != "/usr/lib"; then | |
| + case "$1" in | |
| + "/usr/$PHP_LIBDIR"|"/usr/lib"[)] ;; | |
| + /Library/Developer/CommandLineTools/SDKs/*/usr/lib[)] ;; | |
| + /Applications/Xcode*.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/*/usr/lib[)] ;; | |
| + *[)] | |
| PHP_EXPAND_PATH($1, ai_p) | |
| ifelse([$2],,[ | |
| _PHP_ADD_LIBPATH_GLOBAL([$ai_p]) | |
| @@ -452,8 +456,8 @@ AC_DEFUN([PHP_ADD_LIBPATH],[ | |
| else | |
| _PHP_ADD_LIBPATH_GLOBAL([$ai_p]) | |
| fi | |
| - ]) | |
| - fi | |
| + ]) ;; | |
| + esac | |
| ]) | |
| dnl | |
| @@ -487,7 +491,11 @@ dnl add an include path. | |
| dnl if before is 1, add in the beginning of INCLUDES. | |
| dnl | |
| AC_DEFUN([PHP_ADD_INCLUDE],[ | |
| - if test "$1" != "/usr/include"; then | |
| + case "$1" in | |
| + "/usr/include"[)] ;; | |
| + /Library/Developer/CommandLineTools/SDKs/*/usr/include[)] ;; | |
| + /Applications/Xcode*.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/*/usr/include[)] ;; | |
| + *[)] | |
| PHP_EXPAND_PATH($1, ai_p) | |
| PHP_RUN_ONCE(INCLUDEPATH, $ai_p, [ | |
| if test "$2"; then | |
| @@ -495,8 +503,8 @@ AC_DEFUN([PHP_ADD_INCLUDE],[ | |
| else | |
| INCLUDES="$INCLUDES -I$ai_p" | |
| fi | |
| - ]) | |
| - fi | |
| + ]) ;; | |
| + esac | |
| ]) | |
| dnl internal, don't use | |
| @@ -2411,7 +2419,8 @@ AC_DEFUN([PHP_SETUP_ICONV], [ | |
| fi | |
| if test -f $ICONV_DIR/$PHP_LIBDIR/lib$iconv_lib_name.a || | |
| - test -f $ICONV_DIR/$PHP_LIBDIR/lib$iconv_lib_name.$SHLIB_SUFFIX_NAME | |
| + test -f $ICONV_DIR/$PHP_LIBDIR/lib$iconv_lib_name.$SHLIB_SUFFIX_NAME || | |
| + test -f $ICONV_DIR/$PHP_LIBDIR/lib$iconv_lib_name.tbd | |
| then | |
| PHP_CHECK_LIBRARY($iconv_lib_name, libiconv, [ | |
| found_iconv=yes | |
| diff --git a/Zend/zend_compile.h b/Zend/zend_compile.h | |
| index a0955e34fe..09b4984f90 100644 | |
| --- a/Zend/zend_compile.h | |
| +++ b/Zend/zend_compile.h | |
| @@ -414,9 +414,6 @@ struct _zend_execute_data { | |
| #define EX(element) execute_data.element | |
| -#define EX_TMP_VAR(ex, n) ((temp_variable*)(((char*)(ex)) + ((int)(n)))) | |
| -#define EX_TMP_VAR_NUM(ex, n) (EX_TMP_VAR(ex, 0) - (1 + (n))) | |
| - | |
| #define EX_CV_NUM(ex, n) (((zval***)(((char*)(ex))+ZEND_MM_ALIGNED_SIZE(sizeof(zend_execute_data))))+(n)) | |
| diff --git a/Zend/zend_execute.h b/Zend/zend_execute.h | |
| index a7af67bc13..ae71a5c73f 100644 | |
| --- a/Zend/zend_execute.h | |
| +++ b/Zend/zend_execute.h | |
| @@ -71,6 +71,15 @@ ZEND_API int zend_eval_stringl_ex(char *str, int str_len, zval *retval_ptr, char | |
| ZEND_API char * zend_verify_arg_class_kind(const zend_arg_info *cur_arg_info, ulong fetch_type, const char **class_name, zend_class_entry **pce TSRMLS_DC); | |
| ZEND_API int zend_verify_arg_error(int error_type, const zend_function *zf, zend_uint arg_num, const char *need_msg, const char *need_kind, const char *given_msg, const char *given_kind TSRMLS_DC); | |
| +static zend_always_inline temp_variable *EX_TMP_VAR(void *ex, int n) | |
| +{ | |
| + return (temp_variable *)((zend_uintptr_t)ex + n); | |
| +} | |
| +static inline temp_variable *EX_TMP_VAR_NUM(void *ex, int n) | |
| +{ | |
| + return (temp_variable *)((zend_uintptr_t)ex - (1 + n) * sizeof(temp_variable)); | |
| +} | |
| + | |
| static zend_always_inline void i_zval_ptr_dtor(zval *zval_ptr ZEND_FILE_LINE_DC TSRMLS_DC) | |
| { | |
| if (!Z_DELREF_P(zval_ptr)) { |
Author
carlosescri
commented
May 20, 2020
eXolnet/homebrew-deprecated#23 (comment)
Ok so i've found a proper solution to this
Backgroud
So PHP 5.6 can be recompiled to support the latest icu4c version, thus fixing the
dyld: Library not loaded: /usr/local/opt/icu4c/lib/libicui18n.64.dyliberror, including any other legacy version errors of this nature.. that is swap the64to another number. However, there is a problem in that recompilation fails for users with OpenSSL 1.1.x due to the source code (the actual C code) of the openssl extensions within PHP 5.6 not being compatibile with OpenSSL 1.1.x. Essentially in OpenSSL 1.1.x you can not access public/private keys without going through it's newly created API interfaces, which PHP 5.6 does not do. Luckily, there is a patch for the PHP 5.6 source code to make it compatible with these new interfaces.Solutiuon
Ensure openssl, icu4c are at the current versions
$ brew update $ brew upgrade icu4c $ brew upgrade opensslEdit the ruby file for php@5.6 to add in the patch.
$ brew edit php@5.6In the text editor that opens add the following at lines 45-48
patch do url "https://raw.githubusercontent.com/opencomputeproject/Rack-Manager/master/Contrib-Inspur/openbmc/meta-openembedded/meta-oe/recipes-devtools/php/php/0001-PHP-5.6-LibSSL-1.1-compatibility.patch" sha256 "c9715b544ae249c0e76136dfadd9d282237233459694b9e75d0e3e094ab0c993" endReinstall PHP 5.6 building from source
$ brew reinstall --build-from-source php@5.6For me this is a much more viable soultion as i use multiple versions of PHP etc on my local machine via homebrew (https://github.com/JParkinson1991/homebrew-lemp), it would have become a nightmare for me if i had to keep installing specific legacy versions of certain packages as i was trying to switch. Patching PHP 5.6 allows me to switch between all major versions oh php without any headaches as they're all running off the same major dependencies.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment