Skip to content

Instantly share code, notes, and snippets.

@carlosescri

carlosescri/0001-PHP-5.6-LibSSL-1.1-compatibility.patch

Last active May 20, 2020 05:54
Show Gist options
  • Save carlosescri/e9da26de265c142af60f4dc9d6a60413 to your computer and use it in GitHub Desktop.
Save carlosescri/e9da26de265c142af60f4dc9d6a60413 to your computer and use it in GitHub Desktop.
Download ZIP
This is a backup of a patched formula to install PHP 5.6 in Mac OS X Catalina.
Raw
0001-PHP-5.6-LibSSL-1.1-compatibility.patch
Subject: [PATCH] PHP 5.6 - LibSSL 1.1 compatibility
This patch does not try to backport the 7.1 openssl module, it is the
improved version of the 5.6 original openssl module.
https://github.com/oerdnj/deb.sury.org/issues/566
http://zettasystem.com/PHP-5.6.31-OpenSSL-1.1.0-compatibility-20170801.patch
Upstream-Status: Deny [https://github.com/php/php-src/pull/2667]
Reason: As PHP 5.6 is no longer actively supported only security fixes
may land on this branch. As this change does not fall in this category,
I'm closing this PR. (All higher versions of PHP already have OpenSSL
1.1 support.)
Author: zsalab@github https://github.com/zsalab
Only port source modification, do not include the test case
Signed-off-by: Hongxu Jia <[email protected]>
---
ext/openssl/openssl.c | 683 +++++++++++++++++++++++++++++++++++++-------------
ext/openssl/xp_ssl.c | 18 +-
ext/phar/util.c | 13 +-
3 files changed, 527 insertions(+), 187 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index a78a8fb..b53114c 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -42,6 +42,12 @@
/* OpenSSL includes */
#include <openssl/evp.h>
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#endif
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/crypto.h>
@@ -531,6 +537,133 @@ zend_module_entry openssl_module_entry = {
ZEND_GET_MODULE(openssl)
#endif
+/* {{{ OpenSSL compatibility functions and macros */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+#define EVP_PKEY_get0_RSA(_pkey) _pkey->pkey.rsa
+#define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh
+#define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa
+#define EVP_PKEY_get0_EC_KEY(_pkey) _pkey->pkey.ec
+
+static int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+ r->n = n;
+ r->e = e;
+ r->d = d;
+
+ return 1;
+}
+
+static int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
+{
+ r->p = p;
+ r->q = q;
+
+ return 1;
+}
+
+static int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
+{
+ r->dmp1 = dmp1;
+ r->dmq1 = dmq1;
+ r->iqmp = iqmp;
+
+ return 1;
+}
+
+static void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+ *n = r->n;
+ *e = r->e;
+ *d = r->d;
+}
+
+static void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
+{
+ *p = r->p;
+ *q = r->q;
+}
+
+static void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp)
+{
+ *dmp1 = r->dmp1;
+ *dmq1 = r->dmq1;
+ *iqmp = r->iqmp;
+}
+
+static void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+ *p = dh->p;
+ *q = dh->q;
+ *g = dh->g;
+}
+
+static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+ dh->p = p;
+ dh->q = q;
+ dh->g = g;
+
+ return 1;
+}
+
+static void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+ *pub_key = dh->pub_key;
+ *priv_key = dh->priv_key;
+}
+
+static int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+ dh->pub_key = pub_key;
+ dh->priv_key = priv_key;
+
+ return 1;
+}
+
+static void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+ *p = d->p;
+ *q = d->q;
+ *g = d->g;
+}
+
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+ d->p = p;
+ d->q = q;
+ d->g = g;
+
+ return 1;
+}
+
+static void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+ *pub_key = d->pub_key;
+ *priv_key = d->priv_key;
+}
+
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+ d->pub_key = pub_key;
+ d->priv_key = priv_key;
+
+ return 1;
+}
+
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined (LIBRESSL_VERSION_NUMBER)
+#define EVP_PKEY_id(_pkey) _pkey->type
+#define EVP_PKEY_base_id(_key) EVP_PKEY_type(_key->type)
+
+static int X509_get_signature_nid(const X509 *x)
+{
+ return OBJ_obj2nid(x->sig_alg->algorithm);
+}
+
+#endif
+
+#endif
+/* }}} */
+
static int le_key;
static int le_x509;
static int le_csr;
@@ -825,7 +958,7 @@ static int add_oid_section(struct php_x509_request * req TSRMLS_DC) /* {{{ */
}
for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
cnf = sk_CONF_VALUE_value(sktmp, i);
- if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+ if (OBJ_sn2nid(cnf->name) == NID_undef && OBJ_ln2nid(cnf->name) == NID_undef && OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "problem creating object %s=%s", cnf->name, cnf->value);
return FAILURE;
}
@@ -967,7 +1100,7 @@ static void php_openssl_dispose_config(struct php_x509_request * req TSRMLS_DC)
}
/* }}} */
-#ifdef PHP_WIN32
+#if defined(PHP_WIN32) || (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER))
#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0)
#else
#define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval()
@@ -1053,9 +1186,11 @@ static EVP_MD * php_openssl_get_evp_md_from_algo(long algo) { /* {{{ */
mdtype = (EVP_MD *) EVP_md2();
break;
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
case OPENSSL_ALGO_DSS1:
mdtype = (EVP_MD *) EVP_dss1();
break;
+#endif
#if OPENSSL_VERSION_NUMBER >= 0x0090708fL
case OPENSSL_ALGO_SHA224:
mdtype = (EVP_MD *) EVP_sha224();
@@ -1146,6 +1281,12 @@ PHP_MINIT_FUNCTION(openssl)
OpenSSL_add_all_digests();
OpenSSL_add_all_algorithms();
+#if !defined(OPENSSL_NO_AES) && defined(EVP_CIPH_CCM_MODE) && OPENSSL_VERSION_NUMBER < 0x100020000
+ EVP_add_cipher(EVP_aes_128_ccm());
+ EVP_add_cipher(EVP_aes_192_ccm());
+ EVP_add_cipher(EVP_aes_256_ccm());
+#endif
+
SSL_load_error_strings();
/* register a resource id number with OpenSSL so that we can map SSL -> stream structures in
@@ -1173,7 +1314,9 @@ PHP_MINIT_FUNCTION(openssl)
#ifdef HAVE_OPENSSL_MD2_H
REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD2", OPENSSL_ALGO_MD2, CONST_CS|CONST_PERSISTENT);
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
REGISTER_LONG_CONSTANT("OPENSSL_ALGO_DSS1", OPENSSL_ALGO_DSS1, CONST_CS|CONST_PERSISTENT);
+#endif
#if OPENSSL_VERSION_NUMBER >= 0x0090708fL
REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA224", OPENSSL_ALGO_SHA224, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA256", OPENSSL_ALGO_SHA256, CONST_CS|CONST_PERSISTENT);
@@ -1251,7 +1394,9 @@ PHP_MINIT_FUNCTION(openssl)
}
php_stream_xport_register("ssl", php_openssl_ssl_socket_factory TSRMLS_CC);
+#ifndef OPENSSL_NO_SSL3
php_stream_xport_register("sslv3", php_openssl_ssl_socket_factory TSRMLS_CC);
+#endif
#ifndef OPENSSL_NO_SSL2
php_stream_xport_register("sslv2", php_openssl_ssl_socket_factory TSRMLS_CC);
#endif
@@ -1308,7 +1453,9 @@ PHP_MSHUTDOWN_FUNCTION(openssl)
#ifndef OPENSSL_NO_SSL2
php_stream_xport_unregister("sslv2" TSRMLS_CC);
#endif
+#ifndef OPENSSL_NO_SSL3
php_stream_xport_unregister("sslv3" TSRMLS_CC);
+#endif
php_stream_xport_unregister("tls" TSRMLS_CC);
php_stream_xport_unregister("tlsv1.0" TSRMLS_CC);
#if OPENSSL_VERSION_NUMBER >= 0x10001001L
@@ -1893,6 +2040,7 @@ static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
{
GENERAL_NAMES *names;
const X509V3_EXT_METHOD *method = NULL;
+ ASN1_OCTET_STRING *extension_data;
long i, length, num;
const unsigned char *p;
@@ -1901,8 +2049,9 @@ static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
return -1;
}
- p = extension->value->data;
- length = extension->value->length;
+ extension_data = X509_EXTENSION_get_data(extension);
+ p = extension_data->data;
+ length = extension_data->length;
if (method->it) {
names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
ASN1_ITEM_ptr(method->it)));
@@ -1965,6 +2114,8 @@ PHP_FUNCTION(openssl_x509_parse)
char * tmpstr;
zval * subitem;
X509_EXTENSION *extension;
+ X509_NAME *subject_name;
+ char *cert_name;
char *extname;
BIO *bio_out;
BUF_MEM *bio_buf;
@@ -1979,10 +2130,10 @@ PHP_FUNCTION(openssl_x509_parse)
}
array_init(return_value);
- if (cert->name) {
- add_assoc_string(return_value, "name", cert->name, 1);
- }
-/* add_assoc_bool(return_value, "valid", cert->valid); */
+ subject_name = X509_get_subject_name(cert);
+ cert_name = X509_NAME_oneline(subject_name, NULL, 0);
+ add_assoc_string(return_value, "name", cert_name, 1);
+ OPENSSL_free(cert_name);
add_assoc_name_entry(return_value, "subject", X509_get_subject_name(cert), useshortnames TSRMLS_CC);
/* hash as used in CA directories to lookup cert by subject name */
@@ -2008,7 +2159,7 @@ PHP_FUNCTION(openssl_x509_parse)
add_assoc_string(return_value, "alias", tmpstr, 1);
}
- sig_nid = OBJ_obj2nid((cert)->sig_alg->algorithm);
+ sig_nid = X509_get_signature_nid(cert);
add_assoc_string(return_value, "signatureTypeSN", (char*)OBJ_nid2sn(sig_nid), 1);
add_assoc_string(return_value, "signatureTypeLN", (char*)OBJ_nid2ln(sig_nid), 1);
add_assoc_long(return_value, "signatureTypeNID", sig_nid);
@@ -3217,7 +3368,21 @@ PHP_FUNCTION(openssl_csr_get_public_key)
RETURN_FALSE;
}
- tpubkey=X509_REQ_get_pubkey(csr);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ /* Due to changes in OpenSSL 1.1 related to locking when decoding CSR,
+ * the pub key is not changed after assigning. It means if we pass
+ * a private key, it will be returned including the private part.
+ * If we duplicate it, then we get just the public part which is
+ * the same behavior as for OpenSSL 1.0 */
+ csr = X509_REQ_dup(csr);
+#endif
+ /* Retrieve the public key from the CSR */
+ tpubkey = X509_REQ_get_pubkey(csr);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ /* We need to free the CSR as it was duplicated */
+ X509_REQ_free(csr);
+#endif
RETVAL_RESOURCE(zend_list_insert(tpubkey, le_key TSRMLS_CC));
return;
}
@@ -3482,13 +3647,20 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey TSRMLS_DC)
{
assert(pkey != NULL);
- switch (pkey->type) {
+ switch (EVP_PKEY_id(pkey)) {
#ifndef NO_RSA
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
- assert(pkey->pkey.rsa != NULL);
- if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q)) {
- return 0;
+ {
+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ if (rsa != NULL) {
+ const BIGNUM *p, *q;
+
+ RSA_get0_factors(rsa, &p, &q);
+ if (p == NULL || q == NULL) {
+ return 0;
+ }
+ }
}
break;
#endif
@@ -3498,28 +3670,51 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey TSRMLS_DC)
case EVP_PKEY_DSA2:
case EVP_PKEY_DSA3:
case EVP_PKEY_DSA4:
- assert(pkey->pkey.dsa != NULL);
-
- if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key){
- return 0;
+ {
+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+ if (dsa != NULL) {
+ const BIGNUM *p, *q, *g, *pub_key, *priv_key;
+
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ if (p == NULL || q == NULL) {
+ return 0;
+ }
+
+ DSA_get0_key(dsa, &pub_key, &priv_key);
+ if (priv_key == NULL) {
+ return 0;
+ }
+ }
}
break;
#endif
#ifndef NO_DH
case EVP_PKEY_DH:
- assert(pkey->pkey.dh != NULL);
-
- if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key) {
- return 0;
+ {
+ DH *dh = EVP_PKEY_get0_DH(pkey);
+ if (dh != NULL) {
+ const BIGNUM *p, *q, *g, *pub_key, *priv_key;
+
+ DH_get0_pqg(dh, &p, &q, &g);
+ if (p == NULL) {
+ return 0;
+ }
+
+ DH_get0_key(dh, &pub_key, &priv_key);
+ if (priv_key == NULL) {
+ return 0;
+ }
+ }
}
break;
#endif
#ifdef HAVE_EVP_PKEY_EC
case EVP_PKEY_EC:
- assert(pkey->pkey.ec != NULL);
-
- if ( NULL == EC_KEY_get0_private_key(pkey->pkey.ec)) {
- return 0;
+ {
+ EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+ if (ec != NULL && NULL == EC_KEY_get0_private_key(ec)) {
+ return 0;
+ }
}
break;
#endif
@@ -3531,34 +3726,80 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey TSRMLS_DC)
}
/* }}} */
-#define OPENSSL_PKEY_GET_BN(_type, _name) do { \
- if (pkey->pkey._type->_name != NULL) { \
- int len = BN_num_bytes(pkey->pkey._type->_name); \
- char *str = emalloc(len + 1); \
- BN_bn2bin(pkey->pkey._type->_name, (unsigned char*)str); \
- str[len] = 0; \
- add_assoc_stringl(_type, #_name, str, len, 0); \
- } \
- } while (0)
-
-#define OPENSSL_PKEY_SET_BN(_ht, _type, _name) do { \
- zval **bn; \
- if (zend_hash_find(_ht, #_name, sizeof(#_name), (void**)&bn) == SUCCESS && \
- Z_TYPE_PP(bn) == IS_STRING) { \
- _type->_name = BN_bin2bn( \
- (unsigned char*)Z_STRVAL_PP(bn), \
- Z_STRLEN_PP(bn), NULL); \
- } \
+#define OPENSSL_GET_BN(_array, _bn, _name) do { \
+ if (_bn != NULL) { \
+ int len = BN_num_bytes(_bn); \
+ char *str = emalloc(len + 1); \
+ BN_bn2bin(_bn, (unsigned char*)str); \
+ str[len] = 0; \
+ add_assoc_stringl(_array, #_name, str, len, 0); \
+ } \
} while (0);
+#define OPENSSL_PKEY_GET_BN(_type, _name) OPENSSL_GET_BN(_type, _name, _name)
+
+#define OPENSSL_PKEY_SET_BN(_data, _name) do { \
+ zval **bn; \
+ if (zend_hash_find(Z_ARRVAL_P(_data), #_name, sizeof(#_name),(void**)&bn) == SUCCESS && \
+ Z_TYPE_PP(bn) == IS_STRING) { \
+ _name = BN_bin2bn( \
+ (unsigned char*)Z_STRVAL_PP(bn), \
+ Z_STRLEN_PP(bn), NULL); \
+ } else { \
+ _name = NULL; \
+ } \
+ } while (0);
+
+/* {{{ php_openssl_pkey_init_rsa */
+zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa, zval *data)
+{
+ BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
+
+ OPENSSL_PKEY_SET_BN(data, n);
+ OPENSSL_PKEY_SET_BN(data, e);
+ OPENSSL_PKEY_SET_BN(data, d);
+ if (!n || !d || !RSA_set0_key(rsa, n, e, d)) {
+ return 0;
+ }
+
+ OPENSSL_PKEY_SET_BN(data, p);
+ OPENSSL_PKEY_SET_BN(data, q);
+ if ((p || q) && !RSA_set0_factors(rsa, p, q)) {
+ return 0;
+ }
+
+ OPENSSL_PKEY_SET_BN(data, dmp1);
+ OPENSSL_PKEY_SET_BN(data, dmq1);
+ OPENSSL_PKEY_SET_BN(data, iqmp);
+ if ((dmp1 || dmq1 || iqmp) && !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) {
+ return 0;
+ }
+
+ if (!EVP_PKEY_assign_RSA(pkey, rsa)) {
+ return 0;
+ }
+
+ return 1;
+}
+/* }}} */
+
/* {{{ php_openssl_pkey_init_dsa */
-zend_bool php_openssl_pkey_init_dsa(DSA *dsa)
+zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval *data)
{
- if (!dsa->p || !dsa->q || !dsa->g) {
+ BIGNUM *p, *q, *g, *priv_key, *pub_key;
+ const BIGNUM *priv_key_const, *pub_key_const;
+
+ OPENSSL_PKEY_SET_BN(data, p);
+ OPENSSL_PKEY_SET_BN(data, q);
+ OPENSSL_PKEY_SET_BN(data, g);
+ if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) {
return 0;
}
- if (dsa->priv_key || dsa->pub_key) {
- return 1;
+
+ OPENSSL_PKEY_SET_BN(data, pub_key);
+ OPENSSL_PKEY_SET_BN(data, priv_key);
+ if (pub_key) {
+ return DSA_set0_key(dsa, pub_key, priv_key);
}
PHP_OPENSSL_RAND_ADD_TIME();
if (!DSA_generate_key(dsa)) {
@@ -3566,7 +3807,8 @@ zend_bool php_openssl_pkey_init_dsa(DSA *dsa)
}
/* if BN_mod_exp return -1, then DSA_generate_key succeed for failed key
* so we need to double check that public key is created */
- if (!dsa->pub_key || BN_is_zero(dsa->pub_key)) {
+ DSA_get0_key(dsa, &pub_key_const, &priv_key_const);
+ if (!pub_key_const || BN_is_zero(pub_key_const)) {
return 0;
}
/* all good */
@@ -3574,14 +3816,66 @@ zend_bool php_openssl_pkey_init_dsa(DSA *dsa)
}
/* }}} */
+/* {{{ php_openssl_dh_pub_from_priv */
+static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM *p)
+{
+ BIGNUM *pub_key, *priv_key_const_time;
+ BN_CTX *ctx;
+
+ pub_key = BN_new();
+ if (pub_key == NULL) {
+ return NULL;
+ }
+
+ priv_key_const_time = BN_new();
+ if (priv_key_const_time == NULL) {
+ BN_free(pub_key);
+ return NULL;
+ }
+ ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ BN_free(pub_key);
+ BN_free(priv_key_const_time);
+ return NULL;
+ }
+
+ BN_with_flags(priv_key_const_time, priv_key, BN_FLG_CONSTTIME);
+
+ if (!BN_mod_exp_mont(pub_key, g, priv_key_const_time, p, ctx, NULL)) {
+ BN_free(pub_key);
+ pub_key = NULL;
+ }
+
+ BN_free(priv_key_const_time);
+ BN_CTX_free(ctx);
+
+ return pub_key;
+}
+/* }}} */
+
/* {{{ php_openssl_pkey_init_dh */
-zend_bool php_openssl_pkey_init_dh(DH *dh)
+zend_bool php_openssl_pkey_init_dh(DH *dh, zval *data)
{
- if (!dh->p || !dh->g) {
+ BIGNUM *p, *q, *g, *priv_key, *pub_key;
+
+ OPENSSL_PKEY_SET_BN(data, p);
+ OPENSSL_PKEY_SET_BN(data, q);
+ OPENSSL_PKEY_SET_BN(data, g);
+ if (!p || !g || !DH_set0_pqg(dh, p, q, g)) {
return 0;
}
- if (dh->pub_key) {
- return 1;
+
+ OPENSSL_PKEY_SET_BN(data, priv_key);
+ OPENSSL_PKEY_SET_BN(data, pub_key);
+ if (pub_key) {
+ return DH_set0_key(dh, pub_key, priv_key);
+ }
+ if (priv_key) {
+ pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p);
+ if (pub_key == NULL) {
+ return 0;
+ }
+ return DH_set0_key(dh, pub_key, priv_key);
}
PHP_OPENSSL_RAND_ADD_TIME();
if (!DH_generate_key(dh)) {
@@ -3614,18 +3908,8 @@ PHP_FUNCTION(openssl_pkey_new)
if (pkey) {
RSA *rsa = RSA_new();
if (rsa) {
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, n);
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, e);
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, d);
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, p);
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, q);
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1);
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1);
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp);
- if (rsa->n && rsa->d) {
- if (EVP_PKEY_assign_RSA(pkey, rsa)) {
- RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
- }
+ if (php_openssl_pkey_init_and_assign_rsa(pkey, rsa, *data)) {
+ RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
}
RSA_free(rsa);
}
@@ -3638,12 +3922,7 @@ PHP_FUNCTION(openssl_pkey_new)
if (pkey) {
DSA *dsa = DSA_new();
if (dsa) {
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, p);
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, q);
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g);
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key);
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key);
- if (php_openssl_pkey_init_dsa(dsa)) {
+ if (php_openssl_pkey_init_dsa(dsa, *data)) {
if (EVP_PKEY_assign_DSA(pkey, dsa)) {
RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
}
@@ -3659,11 +3938,7 @@ PHP_FUNCTION(openssl_pkey_new)
if (pkey) {
DH *dh = DH_new();
if (dh) {
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, p);
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g);
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key);
- OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key);
- if (php_openssl_pkey_init_dh(dh)) {
+ if (php_openssl_pkey_init_dh(dh, *data)) {
if (EVP_PKEY_assign_DH(pkey, dh)) {
RETURN_RESOURCE(zend_list_insert(pkey, le_key TSRMLS_CC));
}
@@ -3738,10 +4013,10 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
cipher = NULL;
}
- switch (EVP_PKEY_type(key->type)) {
+ switch (EVP_PKEY_base_id(key)) {
#ifdef HAVE_EVP_PKEY_EC
case EVP_PKEY_EC:
- pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL);
+ pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get0_EC_KEY(key), cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL);
break;
#endif
default:
@@ -3807,7 +4082,7 @@ PHP_FUNCTION(openssl_pkey_export)
cipher = NULL;
}
- switch (EVP_PKEY_type(key->type)) {
+ switch (EVP_PKEY_base_id(key)) {
#ifdef HAVE_EVP_PKEY_EC
case EVP_PKEY_EC:
pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL);
@@ -3928,25 +4203,33 @@ PHP_FUNCTION(openssl_pkey_get_details)
/*TODO: Use the real values once the openssl constants are used
* See the enum at the top of this file
*/
- switch (EVP_PKEY_type(pkey->type)) {
+ switch (EVP_PKEY_base_id(pkey)) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
- ktype = OPENSSL_KEYTYPE_RSA;
-
- if (pkey->pkey.rsa != NULL) {
- zval *rsa;
-
- ALLOC_INIT_ZVAL(rsa);
- array_init(rsa);
- OPENSSL_PKEY_GET_BN(rsa, n);
- OPENSSL_PKEY_GET_BN(rsa, e);
- OPENSSL_PKEY_GET_BN(rsa, d);
- OPENSSL_PKEY_GET_BN(rsa, p);
- OPENSSL_PKEY_GET_BN(rsa, q);
- OPENSSL_PKEY_GET_BN(rsa, dmp1);
- OPENSSL_PKEY_GET_BN(rsa, dmq1);
- OPENSSL_PKEY_GET_BN(rsa, iqmp);
- add_assoc_zval(return_value, "rsa", rsa);
+ {
+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ ktype = OPENSSL_KEYTYPE_RSA;
+
+ if (rsa != NULL) {
+ zval *z_rsa;
+ const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
+
+ RSA_get0_key(rsa, &n, &e, &d);
+ RSA_get0_factors(rsa, &p, &q);
+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+
+ ALLOC_INIT_ZVAL(z_rsa);
+ array_init(z_rsa);
+ OPENSSL_PKEY_GET_BN(z_rsa, n);
+ OPENSSL_PKEY_GET_BN(z_rsa, e);
+ OPENSSL_PKEY_GET_BN(z_rsa, d);
+ OPENSSL_PKEY_GET_BN(z_rsa, p);
+ OPENSSL_PKEY_GET_BN(z_rsa, q);
+ OPENSSL_PKEY_GET_BN(z_rsa, dmp1);
+ OPENSSL_PKEY_GET_BN(z_rsa, dmq1);
+ OPENSSL_PKEY_GET_BN(z_rsa, iqmp);
+ add_assoc_zval(return_value, "rsa", z_rsa);
+ }
}
break;
@@ -3954,42 +4237,55 @@ PHP_FUNCTION(openssl_pkey_get_details)
case EVP_PKEY_DSA2:
case EVP_PKEY_DSA3:
case EVP_PKEY_DSA4:
- ktype = OPENSSL_KEYTYPE_DSA;
-
- if (pkey->pkey.dsa != NULL) {
- zval *dsa;
-
- ALLOC_INIT_ZVAL(dsa);
- array_init(dsa);
- OPENSSL_PKEY_GET_BN(dsa, p);
- OPENSSL_PKEY_GET_BN(dsa, q);
- OPENSSL_PKEY_GET_BN(dsa, g);
- OPENSSL_PKEY_GET_BN(dsa, priv_key);
- OPENSSL_PKEY_GET_BN(dsa, pub_key);
- add_assoc_zval(return_value, "dsa", dsa);
+ {
+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+ ktype = OPENSSL_KEYTYPE_DSA;
+
+ if (dsa != NULL) {
+ zval *z_dsa;
+ const BIGNUM *p, *q, *g, *priv_key, *pub_key;
+
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, &priv_key);
+
+ ALLOC_INIT_ZVAL(z_dsa);
+ array_init(z_dsa);
+ OPENSSL_PKEY_GET_BN(z_dsa, p);
+ OPENSSL_PKEY_GET_BN(z_dsa, q);
+ OPENSSL_PKEY_GET_BN(z_dsa, g);
+ OPENSSL_PKEY_GET_BN(z_dsa, priv_key);
+ OPENSSL_PKEY_GET_BN(z_dsa, pub_key);
+ add_assoc_zval(return_value, "dsa", z_dsa);
+ }
}
break;
case EVP_PKEY_DH:
-
- ktype = OPENSSL_KEYTYPE_DH;
-
- if (pkey->pkey.dh != NULL) {
- zval *dh;
-
- ALLOC_INIT_ZVAL(dh);
- array_init(dh);
- OPENSSL_PKEY_GET_BN(dh, p);
- OPENSSL_PKEY_GET_BN(dh, g);
- OPENSSL_PKEY_GET_BN(dh, priv_key);
- OPENSSL_PKEY_GET_BN(dh, pub_key);
- add_assoc_zval(return_value, "dh", dh);
+ {
+ DH *dh = EVP_PKEY_get0_DH(pkey);
+ ktype = OPENSSL_KEYTYPE_DH;
+
+ if (dh != NULL) {
+ zval *z_dh;
+ const BIGNUM *p, *q, *g, *priv_key, *pub_key;
+
+ DH_get0_pqg(dh, &p, &q, &g);
+ DH_get0_key(dh, &pub_key, &priv_key);
+
+ ALLOC_INIT_ZVAL(z_dh);
+ array_init(z_dh);
+ OPENSSL_PKEY_GET_BN(z_dh, p);
+ OPENSSL_PKEY_GET_BN(z_dh, g);
+ OPENSSL_PKEY_GET_BN(z_dh, priv_key);
+ OPENSSL_PKEY_GET_BN(z_dh, pub_key);
+ add_assoc_zval(return_value, "dh", z_dh);
+ }
}
break;
#ifdef HAVE_EVP_PKEY_EC
case EVP_PKEY_EC:
ktype = OPENSSL_KEYTYPE_EC;
- if (pkey->pkey.ec != NULL) {
+ if (EVP_PKEY_get0_EC_KEY(pkey) != NULL) {
zval *ec;
const EC_GROUP *ec_group;
int nid;
@@ -4546,13 +4842,13 @@ PHP_FUNCTION(openssl_private_encrypt)
cryptedlen = EVP_PKEY_size(pkey);
cryptedbuf = emalloc(cryptedlen + 1);
- switch (pkey->type) {
+ switch (EVP_PKEY_id(pkey)) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
successful = (RSA_private_encrypt(data_len,
(unsigned char *)data,
cryptedbuf,
- pkey->pkey.rsa,
+ EVP_PKEY_get0_RSA(pkey),
padding) == cryptedlen);
break;
default:
@@ -4604,13 +4900,13 @@ PHP_FUNCTION(openssl_private_decrypt)
cryptedlen = EVP_PKEY_size(pkey);
crypttemp = emalloc(cryptedlen + 1);
- switch (pkey->type) {
+ switch (EVP_PKEY_id(pkey)) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
cryptedlen = RSA_private_decrypt(data_len,
(unsigned char *)data,
crypttemp,
- pkey->pkey.rsa,
+ EVP_PKEY_get0_RSA(pkey),
padding);
if (cryptedlen != -1) {
cryptedbuf = emalloc(cryptedlen + 1);
@@ -4669,13 +4965,13 @@ PHP_FUNCTION(openssl_public_encrypt)
cryptedlen = EVP_PKEY_size(pkey);
cryptedbuf = emalloc(cryptedlen + 1);
- switch (pkey->type) {
+ switch (EVP_PKEY_id(pkey)) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
successful = (RSA_public_encrypt(data_len,
(unsigned char *)data,
cryptedbuf,
- pkey->pkey.rsa,
+ EVP_PKEY_get0_RSA(pkey),
padding) == cryptedlen);
break;
default:
@@ -4728,13 +5024,13 @@ PHP_FUNCTION(openssl_public_decrypt)
cryptedlen = EVP_PKEY_size(pkey);
crypttemp = emalloc(cryptedlen + 1);
- switch (pkey->type) {
+ switch (EVP_PKEY_id(pkey)) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
cryptedlen = RSA_public_decrypt(data_len,
(unsigned char *)data,
crypttemp,
- pkey->pkey.rsa,
+ EVP_PKEY_get0_RSA(pkey),
padding);
if (cryptedlen != -1) {
cryptedbuf = emalloc(cryptedlen + 1);
@@ -4798,7 +5094,7 @@ PHP_FUNCTION(openssl_sign)
long keyresource = -1;
char * data;
int data_len;
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx;
zval *method = NULL;
long signature_algo = OPENSSL_ALGO_SHA1;
const EVP_MD *mdtype;
@@ -4831,9 +5127,10 @@ PHP_FUNCTION(openssl_sign)
siglen = EVP_PKEY_size(pkey);
sigbuf = emalloc(siglen + 1);
- EVP_SignInit(&md_ctx, mdtype);
- EVP_SignUpdate(&md_ctx, data, data_len);
- if (EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) {
+ md_ctx = EVP_MD_CTX_create();
+ EVP_SignInit(md_ctx, mdtype);
+ EVP_SignUpdate(md_ctx, data, data_len);
+ if (EVP_SignFinal (md_ctx, sigbuf,(unsigned int *)&siglen, pkey)) {
zval_dtor(signature);
sigbuf[siglen] = '\0';
ZVAL_STRINGL(signature, (char *)sigbuf, siglen, 0);
@@ -4842,7 +5139,7 @@ PHP_FUNCTION(openssl_sign)
efree(sigbuf);
RETVAL_FALSE;
}
- EVP_MD_CTX_cleanup(&md_ctx);
+ EVP_MD_CTX_destroy(md_ctx);
if (keyresource == -1) {
EVP_PKEY_free(pkey);
}
@@ -4856,7 +5153,7 @@ PHP_FUNCTION(openssl_verify)
zval **key;
EVP_PKEY *pkey;
int err;
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx;
const EVP_MD *mdtype;
long keyresource = -1;
char * data; int data_len;
@@ -4890,10 +5187,11 @@ PHP_FUNCTION(openssl_verify)
RETURN_FALSE;
}
- EVP_VerifyInit (&md_ctx, mdtype);
- EVP_VerifyUpdate (&md_ctx, data, data_len);
- err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey);
- EVP_MD_CTX_cleanup(&md_ctx);
+ md_ctx = EVP_MD_CTX_create();
+ EVP_VerifyInit (md_ctx, mdtype);
+ EVP_VerifyUpdate (md_ctx, data, data_len);
+ err = EVP_VerifyFinal (md_ctx, (unsigned char *)signature, signature_len, pkey);
+ EVP_MD_CTX_destroy(md_ctx);
if (keyresource == -1) {
EVP_PKEY_free(pkey);
@@ -4917,7 +5215,7 @@ PHP_FUNCTION(openssl_seal)
char *method =NULL;
int method_len = 0;
const EVP_CIPHER *cipher;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szza/|s", &data, &data_len, &sealdata, &ekeys, &pubkeys, &method, &method_len) == FAILURE) {
return;
@@ -4950,6 +5248,7 @@ PHP_FUNCTION(openssl_seal)
memset(eks, 0, sizeof(*eks) * nkeys);
key_resources = safe_emalloc(nkeys, sizeof(long), 0);
memset(key_resources, 0, sizeof(*key_resources) * nkeys);
+ memset(pkeys, 0, sizeof(*pkeys) * nkeys);
/* get the public keys we are using to seal this data */
zend_hash_internal_pointer_reset_ex(pubkeysht, &pos);
@@ -4967,27 +5266,28 @@ PHP_FUNCTION(openssl_seal)
i++;
}
- if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) {
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL || !EVP_EncryptInit(ctx,cipher,NULL,NULL)) {
RETVAL_FALSE;
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
goto clean_exit;
}
#if 0
/* Need this if allow ciphers that require initialization vector */
- ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
+ ivlen = EVP_CIPHER_CTX_iv_length(ctx);
iv = ivlen ? emalloc(ivlen + 1) : NULL;
#endif
/* allocate one byte extra to make room for \0 */
- buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
- EVP_CIPHER_CTX_cleanup(&ctx);
+ buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
+ EVP_CIPHER_CTX_cleanup(ctx);
- if (EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) <= 0 ||
- !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len) ||
- !EVP_SealFinal(&ctx, buf + len1, &len2)) {
+ if (EVP_SealInit(ctx, cipher, eks, eksl, NULL, pkeys, nkeys) <= 0 ||
+ !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, data_len) ||
+ !EVP_SealFinal(ctx, buf + len1, &len2)) {
RETVAL_FALSE;
efree(buf);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
goto clean_exit;
}
@@ -5018,7 +5318,7 @@ PHP_FUNCTION(openssl_seal)
efree(buf);
}
RETVAL_LONG(len1 + len2);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
clean_exit:
for (i=0; i<nkeys; i++) {
@@ -5045,7 +5345,7 @@ PHP_FUNCTION(openssl_open)
int len1, len2;
unsigned char *buf;
long keyresource = -1;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
char * data; int data_len;
char * ekey; int ekey_len;
char *method =NULL;
@@ -5074,8 +5374,9 @@ PHP_FUNCTION(openssl_open)
buf = emalloc(data_len + 1);
- if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
- if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) {
+ ctx = EVP_CIPHER_CTX_new();
+ if (EVP_OpenInit(ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, data_len)) {
+ if (!EVP_OpenFinal(ctx, buf + len1, &len2) || (len1 + len2 == 0)) {
efree(buf);
RETVAL_FALSE;
} else {
@@ -5091,7 +5392,7 @@ PHP_FUNCTION(openssl_open)
if (keyresource == -1) {
EVP_PKEY_free(pkey);
}
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
}
/* }}} */
@@ -5151,7 +5452,7 @@ PHP_FUNCTION(openssl_digest)
char *data, *method;
int data_len, method_len;
const EVP_MD *mdtype;
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx;
int siglen;
unsigned char *sigbuf;
@@ -5167,9 +5468,10 @@ PHP_FUNCTION(openssl_digest)
siglen = EVP_MD_size(mdtype);
sigbuf = emalloc(siglen + 1);
- EVP_DigestInit(&md_ctx, mdtype);
- EVP_DigestUpdate(&md_ctx, (unsigned char *)data, data_len);
- if (EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) {
+ md_ctx = EVP_MD_CTX_create();
+ EVP_DigestInit(md_ctx, mdtype);
+ EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len);
+ if (EVP_DigestFinal (md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) {
if (raw_output) {
sigbuf[siglen] = '\0';
RETVAL_STRINGL((char *)sigbuf, siglen, 0);
@@ -5185,6 +5487,8 @@ PHP_FUNCTION(openssl_digest)
efree(sigbuf);
RETVAL_FALSE;
}
+
+ EVP_MD_CTX_destroy(md_ctx);
}
/* }}} */
@@ -5230,7 +5534,7 @@ PHP_FUNCTION(openssl_encrypt)
char *data, *method, *password, *iv = "";
int data_len, method_len, password_len, iv_len = 0, max_iv_len;
const EVP_CIPHER *cipher_type;
- EVP_CIPHER_CTX cipher_ctx;
+ EVP_CIPHER_CTX *cipher_ctx;
int i=0, outlen, keylen;
unsigned char *outbuf, *key;
zend_bool free_iv;
@@ -5262,19 +5566,24 @@ PHP_FUNCTION(openssl_encrypt)
outlen = data_len + EVP_CIPHER_block_size(cipher_type);
outbuf = safe_emalloc(outlen, 1, 1);
- EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL);
+ cipher_ctx = EVP_CIPHER_CTX_new();
+ if (!cipher_ctx) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to create cipher context");
+ RETURN_FALSE;
+ }
+ EVP_EncryptInit(cipher_ctx, cipher_type, NULL, NULL);
if (password_len > keylen) {
- EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
+ EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len);
}
- EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
+ EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
if (options & OPENSSL_ZERO_PADDING) {
- EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
+ EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
}
if (data_len > 0) {
- EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
+ EVP_EncryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
}
outlen = i;
- if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
+ if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) {
outlen += i;
if (options & OPENSSL_RAW_DATA) {
outbuf[outlen] = '\0';
@@ -5301,7 +5610,8 @@ PHP_FUNCTION(openssl_encrypt)
if (free_iv) {
efree(iv);
}
- EVP_CIPHER_CTX_cleanup(&cipher_ctx);
+ EVP_CIPHER_CTX_cleanup(cipher_ctx);
+ EVP_CIPHER_CTX_free(cipher_ctx);
}
/* }}} */
@@ -5313,7 +5623,7 @@ PHP_FUNCTION(openssl_decrypt)
char *data, *method, *password, *iv = "";
int data_len, method_len, password_len, iv_len = 0;
const EVP_CIPHER *cipher_type;
- EVP_CIPHER_CTX cipher_ctx;
+ EVP_CIPHER_CTX *cipher_ctx;
int i, outlen, keylen;
unsigned char *outbuf, *key;
int base64_str_len;
@@ -5359,17 +5669,23 @@ PHP_FUNCTION(openssl_decrypt)
outlen = data_len + EVP_CIPHER_block_size(cipher_type);
outbuf = emalloc(outlen + 1);
- EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL);
+ cipher_ctx = EVP_CIPHER_CTX_new();
+ if (!cipher_ctx) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to create cipher context");
+ RETURN_FALSE;
+ }
+
+ EVP_DecryptInit(cipher_ctx, cipher_type, NULL, NULL);
if (password_len > keylen) {
- EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
+ EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len);
}
- EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
+ EVP_DecryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
if (options & OPENSSL_ZERO_PADDING) {
- EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
+ EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
}
- EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
+ EVP_DecryptUpdate(cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
outlen = i;
- if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
+ if (EVP_DecryptFinal(cipher_ctx, (unsigned char *)outbuf + i, &i)) {
outlen += i;
outbuf[outlen] = '\0';
RETVAL_STRINGL((char *)outbuf, outlen, 0);
@@ -5386,7 +5702,8 @@ PHP_FUNCTION(openssl_decrypt)
if (base64_str) {
efree(base64_str);
}
- EVP_CIPHER_CTX_cleanup(&cipher_ctx);
+ EVP_CIPHER_CTX_cleanup(cipher_ctx);
+ EVP_CIPHER_CTX_free(cipher_ctx);
}
/* }}} */
@@ -5424,6 +5741,7 @@ PHP_FUNCTION(openssl_dh_compute_key)
zval *key;
char *pub_str;
int pub_len;
+ DH *dh;
EVP_PKEY *pkey;
BIGNUM *pub;
char *data;
@@ -5433,14 +5751,21 @@ PHP_FUNCTION(openssl_dh_compute_key)
return;
}
ZEND_FETCH_RESOURCE(pkey, EVP_PKEY *, &key, -1, "OpenSSL key", le_key);
- if (!pkey || EVP_PKEY_type(pkey->type) != EVP_PKEY_DH || !pkey->pkey.dh) {
+ if (pkey == NULL) {
+ RETURN_FALSE;
+ }
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) {
+ RETURN_FALSE;
+ }
+ dh = EVP_PKEY_get0_DH(pkey);
+ if (dh == NULL) {
RETURN_FALSE;
}
pub = BN_bin2bn((unsigned char*)pub_str, pub_len, NULL);
- data = emalloc(DH_size(pkey->pkey.dh) + 1);
- len = DH_compute_key((unsigned char*)data, pub, pkey->pkey.dh);
+ data = emalloc(DH_size(dh) + 1);
+ len = DH_compute_key((unsigned char*)data, pub, dh);
if (len >= 0) {
data[len] = 0;
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index d549033..c2d477c 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -935,7 +935,7 @@ static int set_local_cert(SSL_CTX *ctx, php_stream *stream TSRMLS_DC) /* {{{ */
static const SSL_METHOD *php_select_crypto_method(long method_value, int is_client TSRMLS_DC) /* {{{ */
{
if (method_value == STREAM_CRYPTO_METHOD_SSLv2) {
-#ifndef OPENSSL_NO_SSL2
+#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L
return is_client ? SSLv2_client_method() : SSLv2_server_method();
#else
php_error_docref(NULL TSRMLS_CC, E_WARNING,
@@ -1588,12 +1588,26 @@ int php_openssl_setup_crypto(php_stream *stream,
}
/* }}} */
+#define PHP_SSL_MAX_VERSION_LEN 32
+
+static char *php_ssl_cipher_get_version(const SSL_CIPHER *c, char *buffer, size_t max_len) /* {{{ */
+{
+ const char *version = SSL_CIPHER_get_version(c);
+ strncpy(buffer, version, max_len);
+ if (max_len <= strlen(version)) {
+ buffer[max_len - 1] = 0;
+ }
+ return buffer;
+}
+/* }}} */
+
static zval *capture_session_meta(SSL *ssl_handle) /* {{{ */
{
zval *meta_arr;
char *proto_str;
long proto = SSL_version(ssl_handle);
const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl_handle);
+ char version_str[PHP_SSL_MAX_VERSION_LEN];
switch (proto) {
#if OPENSSL_VERSION_NUMBER >= 0x10001001L
@@ -1611,7 +1625,7 @@ static zval *capture_session_meta(SSL *ssl_handle) /* {{{ */
add_assoc_string(meta_arr, "protocol", proto_str, 1);
add_assoc_string(meta_arr, "cipher_name", (char *) SSL_CIPHER_get_name(cipher), 1);
add_assoc_long(meta_arr, "cipher_bits", SSL_CIPHER_get_bits(cipher, NULL));
- add_assoc_string(meta_arr, "cipher_version", SSL_CIPHER_get_version(cipher), 1);
+ add_assoc_string(meta_arr, "cipher_version", php_ssl_cipher_get_version(cipher, version_str, PHP_SSL_MAX_VERSION_LEN), 1);
return meta_arr;
}
diff --git a/ext/phar/util.c b/ext/phar/util.c
index 828be8f..06e4e55 100644
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -1531,7 +1531,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, php_uint32 sig_typ
BIO *in;
EVP_PKEY *key;
EVP_MD *mdtype = (EVP_MD *) EVP_sha1();
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx;
#else
int tempsig;
#endif
@@ -1608,7 +1608,8 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, php_uint32 sig_typ
return FAILURE;
}
- EVP_VerifyInit(&md_ctx, mdtype);
+ md_ctx = EVP_MD_CTX_create();
+ EVP_VerifyInit(md_ctx, mdtype);
read_len = end_of_phar;
if (read_len > sizeof(buf)) {
@@ -1620,7 +1621,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, php_uint32 sig_typ
php_stream_seek(fp, 0, SEEK_SET);
while (read_size && (len = php_stream_read(fp, (char*)buf, read_size)) > 0) {
- EVP_VerifyUpdate (&md_ctx, buf, len);
+ EVP_VerifyUpdate (md_ctx, buf, len);
read_len -= (off_t)len;
if (read_len < read_size) {
@@ -1628,9 +1629,9 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, php_uint32 sig_typ
}
}
- if (EVP_VerifyFinal(&md_ctx, (unsigned char *)sig, sig_len, key) != 1) {
+ if (EVP_VerifyFinal(md_ctx, (unsigned char *)sig, sig_len, key) != 1) {
/* 1: signature verified, 0: signature does not match, -1: failed signature operation */
- EVP_MD_CTX_cleanup(&md_ctx);
+ EVP_MD_CTX_destroy(md_ctx);
if (error) {
spprintf(error, 0, "broken openssl signature");
@@ -1639,7 +1640,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, php_uint32 sig_typ
return FAILURE;
}
- EVP_MD_CTX_cleanup(&md_ctx);
+ EVP_MD_CTX_destroy(md_ctx);
#endif
*signature_len = phar_hex_str((const char*)sig, sig_len, signature TSRMLS_CC);
--
2.7.4
Raw
[email protected]
class PhpAT56 < Formula
desc "General-purpose scripting language"
homepage "https://secure.php.net/"
url "https://php.net/get/php-5.6.40.tar.xz/from/this/mirror"
sha256 "1369a51eee3995d7fbd1c5342e5cc917760e276d561595b6052b21ace2656d1c"
bottle do
root_url "https://dl.bintray.com/exolnet/bottles-deprecated"
rebuild 2
sha256 "73b687b813a0984e201b53c5f3f579365f6d0d0e434c9acbeb08eae6d2328c06" => :mojave
end
keg_only :versioned_formula
depends_on "httpd" => [:build, :test]
depends_on "pkg-config" => :build
depends_on "apr"
depends_on "apr-util"
depends_on "aspell"
depends_on "autoconf"
depends_on "curl-openssl"
depends_on "freetds"
depends_on "freetype"
depends_on "gettext"
depends_on "glib"
depends_on "gmp"
depends_on "icu4c"
depends_on "jpeg"
depends_on "libpng"
depends_on "libpq"
depends_on "libtool"
depends_on "libzip"
depends_on "mcrypt"
depends_on "openldap"
depends_on "openssl"
depends_on "pcre"
depends_on "sqlite"
depends_on "tidy-html5"
depends_on "unixodbc"
# PHP build system incorrectly links system libraries
# see https://github.com/php/php-src/pull/3472
patch :DATA
# Make this formula compatible with OpenSSL 1.1
# see https://github.com/eXolnet/homebrew-deprecated/issues/23#issuecomment-619976586
patch do
url "https://raw.githubusercontent.com/opencomputeproject/Rack-Manager/master/Contrib-Inspur/openbmc/meta-openembedded/meta-oe/recipes-devtools/php/php/0001-PHP-5.6-LibSSL-1.1-compatibility.patch"
sha256 "c9715b544ae249c0e76136dfadd9d282237233459694b9e75d0e3e094ab0c993"
end
def install
# Ensure that libxml2 will be detected correctly in older MacOS
if MacOS.version == :el_capitan || MacOS.version == :sierra
ENV["SDKROOT"] = MacOS.sdk_path
end
# buildconf required due to system library linking bug patch
system "./buildconf", "--force"
inreplace "configure" do |s|
s.gsub! "APACHE_THREADED_MPM=`$APXS_HTTPD -V | grep 'threaded:.*yes'`",
"APACHE_THREADED_MPM="
s.gsub! "APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR`",
"APXS_LIBEXECDIR='$(INSTALL_ROOT)#{lib}/httpd/modules'"
s.gsub! "-z `$APXS -q SYSCONFDIR`",
"-z ''"
# apxs will interpolate the @ in the versioned prefix: https://bz.apache.org/bugzilla/show_bug.cgi?id=61944
s.gsub! "LIBEXECDIR='$APXS_LIBEXECDIR'",
"LIBEXECDIR='" + "#{lib}/httpd/modules".gsub("@", "\\@") + "'"
end
# Update error message in apache sapi to better explain the requirements
# of using Apache http in combination with php if the non-compatible MPM
# has been selected. Homebrew has chosen not to support being able to
# compile a thread safe version of PHP and therefore it is not
# possible to recompile as suggested in the original message
inreplace "sapi/apache2handler/sapi_apache2.c",
"You need to recompile PHP.",
"Homebrew PHP does not support a thread-safe php binary. "\
"To use the PHP apache sapi please change "\
"your httpd config to use the prefork MPM"
inreplace "sapi/fpm/php-fpm.conf.in", ";daemonize = yes", "daemonize = no"
# API compatibility with tidy-html5 v5.0.0 - https://github.com/htacg/tidy-html5/issues/224
inreplace "ext/tidy/tidy.c", "buffio.h", "tidybuffio.h"
# Required due to icu4c dependency
ENV.cxx11
# icu4c 61.1 compatability
ENV.append "CPPFLAGS", "-DU_USING_ICU_NAMESPACE=1"
config_path = etc/"php/#{php_version}"
# Prevent system pear config from inhibiting pear install
(config_path/"pear.conf").delete if (config_path/"pear.conf").exist?
# Prevent homebrew from harcoding path to sed shim in phpize script
ENV["lt_cv_path_SED"] = "sed"
# Each extension that is built on Mojave needs a direct reference to the
# sdk path or it won't find the headers
headers_path = "=#{MacOS.sdk_path_if_needed}/usr"
args = %W[
--prefix=#{prefix}
--localstatedir=#{var}
--sysconfdir=#{config_path}
--with-config-file-path=#{config_path}
--with-config-file-scan-dir=#{config_path}/conf.d
--with-pear=#{pkgshare}/pear
--enable-bcmath
--enable-calendar
--enable-dba
--enable-exif
--enable-ftp
--enable-fpm
--enable-intl
--enable-mbregex
--enable-mbstring
--enable-mysqlnd
--enable-pcntl
--enable-phpdbg
--enable-shmop
--enable-soap
--enable-sockets
--enable-sysvmsg
--enable-sysvsem
--enable-sysvshm
--enable-wddx
--enable-zip
--with-apxs2=#{Formula["httpd"].opt_bin}/apxs
--with-bz2#{headers_path}
--with-curl=#{Formula["curl-openssl"].opt_prefix}
--with-fpm-user=_www
--with-fpm-group=_www
--with-freetype-dir=#{Formula["freetype"].opt_prefix}
--with-gd
--with-gettext=#{Formula["gettext"].opt_prefix}
--with-gmp=#{Formula["gmp"].opt_prefix}
--with-iconv#{headers_path}
--with-icu-dir=#{Formula["icu4c"].opt_prefix}
--with-jpeg-dir=#{Formula["jpeg"].opt_prefix}
--with-kerberos#{headers_path}
--with-layout=GNU
--with-ldap=#{Formula["openldap"].opt_prefix}
--with-ldap-sasl#{headers_path}
--with-libedit#{headers_path}
--with-libxml-dir#{headers_path}
--with-libzip
--with-mcrypt=#{Formula["mcrypt"].opt_prefix}
--with-mhash#{headers_path}
--with-mysql-sock=/tmp/mysql.sock
--with-mysqli=mysqlnd
--with-mysql=mysqlnd
--with-ndbm#{headers_path}
--with-openssl=#{Formula["openssl"].opt_prefix}
--with-pdo-dblib=#{Formula["freetds"].opt_prefix}
--with-pdo-mysql=mysqlnd
--with-pdo-odbc=unixODBC,#{Formula["unixodbc"].opt_prefix}
--with-pdo-pgsql=#{Formula["libpq"].opt_prefix}
--with-pdo-sqlite=#{Formula["sqlite"].opt_prefix}
--with-pgsql=#{Formula["libpq"].opt_prefix}
--with-pic
--with-png-dir=#{Formula["libpng"].opt_prefix}
--with-pspell=#{Formula["aspell"].opt_prefix}
--with-sqlite3=#{Formula["sqlite"].opt_prefix}
--with-tidy=#{Formula["tidy-html5"].opt_prefix}
--with-unixODBC=#{Formula["unixodbc"].opt_prefix}
--with-xmlrpc
--with-xsl#{headers_path}
--with-zlib#{headers_path}
]
system "./configure", *args
system "make"
system "make", "install"
# Allow pecl to install outside of Cellar
extension_dir = Utils.popen_read("#{bin}/php-config --extension-dir").chomp
orig_ext_dir = File.basename(extension_dir)
inreplace bin/"php-config", lib/"php", prefix/"pecl"
inreplace "php.ini-development", %r{; ?extension_dir = "\./"},
"extension_dir = \"#{HOMEBREW_PREFIX}/lib/php/pecl/#{orig_ext_dir}\""
config_files = {
"php.ini-development" => "php.ini",
"sapi/fpm/php-fpm.conf" => "php-fpm.conf",
}
config_files.each_value do |dst|
dst_default = config_path/"#{dst}.default"
rm dst_default if dst_default.exist?
end
config_path.install config_files
unless (var/"log/php-fpm.log").exist?
(var/"log").mkpath
touch var/"log/php-fpm.log"
end
end
def post_install
pear_prefix = pkgshare/"pear"
pear_files = %W[
#{pear_prefix}/.depdblock
#{pear_prefix}/.filemap
#{pear_prefix}/.depdb
#{pear_prefix}/.lock
]
%W[
#{pear_prefix}/.channels
#{pear_prefix}/.channels/.alias
].each do |f|
chmod 0755, f
pear_files.concat(Dir["#{f}/*"])
end
chmod 0644, pear_files
# Custom location for extensions installed via pecl
pecl_path = HOMEBREW_PREFIX/"lib/php/pecl"
ln_s pecl_path, prefix/"pecl" unless (prefix/"pecl").exist?
extension_dir = Utils.popen_read("#{bin}/php-config --extension-dir").chomp
php_basename = File.basename(extension_dir)
php_ext_dir = opt_prefix/"lib/php"/php_basename
# fix pear config to install outside cellar
pear_path = HOMEBREW_PREFIX/"share/pear@#{php_version}"
cp_r pkgshare/"pear/.", pear_path
{
"php_ini" => etc/"php/#{php_version}/php.ini",
"php_dir" => pear_path,
"doc_dir" => pear_path/"doc",
"ext_dir" => pecl_path/php_basename,
"bin_dir" => opt_bin,
"data_dir" => pear_path/"data",
"cfg_dir" => pear_path/"cfg",
"www_dir" => pear_path/"htdocs",
"man_dir" => HOMEBREW_PREFIX/"share/man",
"test_dir" => pear_path/"test",
"php_bin" => opt_bin/"php",
}.each do |key, value|
value.mkpath if key =~ /(?<!bin|man)_dir$/
system bin/"pear", "config-set", key, value, "system"
end
system bin/"pear", "update-channels"
%w[
opcache
].each do |e|
ext_config_path = etc/"php/#{php_version}/conf.d/ext-#{e}.ini"
extension_type = (e == "opcache") ? "zend_extension" : "extension"
if ext_config_path.exist?
inreplace ext_config_path,
/#{extension_type}=.*$/, "#{extension_type}=#{php_ext_dir}/#{e}.so"
else
ext_config_path.write <<~EOS
[#{e}]
#{extension_type}="#{php_ext_dir}/#{e}.so"
EOS
end
end
end
def caveats
<<~EOS
To enable PHP in Apache add the following to httpd.conf and restart Apache:
LoadModule php5_module #{opt_lib}/httpd/modules/libphp5.so
<FilesMatch \\.php$>
SetHandler application/x-httpd-php
</FilesMatch>
Finally, check DirectoryIndex includes index.php
DirectoryIndex index.php index.html
The php.ini and php-fpm.ini file can be found in:
#{etc}/php/#{php_version}/
EOS
end
def php_version
version.to_s.split(".")[0..1].join(".")
end
plist_options :manual => "php-fpm"
def plist; <<~EOS
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>#{plist_name}</string>
<key>ProgramArguments</key>
<array>
<string>#{opt_sbin}/php-fpm</string>
<string>--nodaemonize</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>WorkingDirectory</key>
<string>#{var}</string>
<key>StandardErrorPath</key>
<string>#{var}/log/php-fpm.log</string>
</dict>
</plist>
EOS
end
test do
assert_match /^Zend OPcache$/, shell_output("#{bin}/php -i"),
"Zend OPCache extension not loaded"
# Test related to libxml2 and
# https://github.com/Homebrew/homebrew-core/issues/28398
assert_includes MachO::Tools.dylibs("#{bin}/php"),
"#{Formula["libpq"].opt_lib}/libpq.5.dylib"
system "#{sbin}/php-fpm", "-t"
system "#{bin}/phpdbg", "-V"
system "#{bin}/php-cgi", "-m"
# Prevent SNMP extension to be added
assert_no_match /^snmp$/, shell_output("#{bin}/php -m"),
"SNMP extension doesn't work reliably with Homebrew on High Sierra"
begin
require "socket"
server = TCPServer.new(0)
port = server.addr[1]
server_fpm = TCPServer.new(0)
port_fpm = server_fpm.addr[1]
server.close
server_fpm.close
expected_output = /^Hello world!$/
(testpath/"index.php").write <<~EOS
<?php
echo 'Hello world!' . PHP_EOL;
var_dump(ldap_connect());
EOS
main_config = <<~EOS
Listen #{port}
ServerName localhost:#{port}
DocumentRoot "#{testpath}"
ErrorLog "#{testpath}/httpd-error.log"
ServerRoot "#{Formula["httpd"].opt_prefix}"
PidFile "#{testpath}/httpd.pid"
LoadModule authz_core_module lib/httpd/modules/mod_authz_core.so
LoadModule unixd_module lib/httpd/modules/mod_unixd.so
LoadModule dir_module lib/httpd/modules/mod_dir.so
DirectoryIndex index.php
EOS
(testpath/"httpd.conf").write <<~EOS
#{main_config}
LoadModule mpm_prefork_module lib/httpd/modules/mod_mpm_prefork.so
LoadModule php5_module #{lib}/httpd/modules/libphp5.so
<FilesMatch \\.(php|phar)$>
SetHandler application/x-httpd-php
</FilesMatch>
EOS
(testpath/"fpm.conf").write <<~EOS
[global]
daemonize=no
[www]
listen = 127.0.0.1:#{port_fpm}
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
EOS
(testpath/"httpd-fpm.conf").write <<~EOS
#{main_config}
LoadModule mpm_event_module lib/httpd/modules/mod_mpm_event.so
LoadModule proxy_module lib/httpd/modules/mod_proxy.so
LoadModule proxy_fcgi_module lib/httpd/modules/mod_proxy_fcgi.so
<FilesMatch \\.(php|phar)$>
SetHandler "proxy:fcgi://127.0.0.1:#{port_fpm}"
</FilesMatch>
EOS
pid = fork do
exec Formula["httpd"].opt_bin/"httpd", "-X", "-f", "#{testpath}/httpd.conf"
end
sleep 3
assert_match expected_output, shell_output("curl -s 127.0.0.1:#{port}")
Process.kill("TERM", pid)
Process.wait(pid)
fpm_pid = fork do
exec sbin/"php-fpm", "-y", "fpm.conf"
end
pid = fork do
exec Formula["httpd"].opt_bin/"httpd", "-X", "-f", "#{testpath}/httpd-fpm.conf"
end
sleep 3
assert_match expected_output, shell_output("curl -s 127.0.0.1:#{port}")
ensure
if pid
Process.kill("TERM", pid)
Process.wait(pid)
end
if fpm_pid
Process.kill("TERM", fpm_pid)
Process.wait(fpm_pid)
end
end
end
end
__END__
diff --git a/acinclude.m4 b/acinclude.m4
index 168c465f8d..6c087d152f 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -441,7 +441,11 @@ dnl
dnl Adds a path to linkpath/runpath (LDFLAGS)
dnl
AC_DEFUN([PHP_ADD_LIBPATH],[
- if test "$1" != "/usr/$PHP_LIBDIR" && test "$1" != "/usr/lib"; then
+ case "$1" in
+ "/usr/$PHP_LIBDIR"|"/usr/lib"[)] ;;
+ /Library/Developer/CommandLineTools/SDKs/*/usr/lib[)] ;;
+ /Applications/Xcode*.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/*/usr/lib[)] ;;
+ *[)]
PHP_EXPAND_PATH($1, ai_p)
ifelse([$2],,[
_PHP_ADD_LIBPATH_GLOBAL([$ai_p])
@@ -452,8 +456,8 @@ AC_DEFUN([PHP_ADD_LIBPATH],[
else
_PHP_ADD_LIBPATH_GLOBAL([$ai_p])
fi
- ])
- fi
+ ]) ;;
+ esac
])
dnl
@@ -487,7 +491,11 @@ dnl add an include path.
dnl if before is 1, add in the beginning of INCLUDES.
dnl
AC_DEFUN([PHP_ADD_INCLUDE],[
- if test "$1" != "/usr/include"; then
+ case "$1" in
+ "/usr/include"[)] ;;
+ /Library/Developer/CommandLineTools/SDKs/*/usr/include[)] ;;
+ /Applications/Xcode*.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/*/usr/include[)] ;;
+ *[)]
PHP_EXPAND_PATH($1, ai_p)
PHP_RUN_ONCE(INCLUDEPATH, $ai_p, [
if test "$2"; then
@@ -495,8 +503,8 @@ AC_DEFUN([PHP_ADD_INCLUDE],[
else
INCLUDES="$INCLUDES -I$ai_p"
fi
- ])
- fi
+ ]) ;;
+ esac
])
dnl internal, don't use
@@ -2411,7 +2419,8 @@ AC_DEFUN([PHP_SETUP_ICONV], [
fi
if test -f $ICONV_DIR/$PHP_LIBDIR/lib$iconv_lib_name.a ||
- test -f $ICONV_DIR/$PHP_LIBDIR/lib$iconv_lib_name.$SHLIB_SUFFIX_NAME
+ test -f $ICONV_DIR/$PHP_LIBDIR/lib$iconv_lib_name.$SHLIB_SUFFIX_NAME ||
+ test -f $ICONV_DIR/$PHP_LIBDIR/lib$iconv_lib_name.tbd
then
PHP_CHECK_LIBRARY($iconv_lib_name, libiconv, [
found_iconv=yes
diff --git a/Zend/zend_compile.h b/Zend/zend_compile.h
index a0955e34fe..09b4984f90 100644
--- a/Zend/zend_compile.h
+++ b/Zend/zend_compile.h
@@ -414,9 +414,6 @@ struct _zend_execute_data {
#define EX(element) execute_data.element
-#define EX_TMP_VAR(ex, n) ((temp_variable*)(((char*)(ex)) + ((int)(n))))
-#define EX_TMP_VAR_NUM(ex, n) (EX_TMP_VAR(ex, 0) - (1 + (n)))
-
#define EX_CV_NUM(ex, n) (((zval***)(((char*)(ex))+ZEND_MM_ALIGNED_SIZE(sizeof(zend_execute_data))))+(n))
diff --git a/Zend/zend_execute.h b/Zend/zend_execute.h
index a7af67bc13..ae71a5c73f 100644
--- a/Zend/zend_execute.h
+++ b/Zend/zend_execute.h
@@ -71,6 +71,15 @@ ZEND_API int zend_eval_stringl_ex(char *str, int str_len, zval *retval_ptr, char
ZEND_API char * zend_verify_arg_class_kind(const zend_arg_info *cur_arg_info, ulong fetch_type, const char **class_name, zend_class_entry **pce TSRMLS_DC);
ZEND_API int zend_verify_arg_error(int error_type, const zend_function *zf, zend_uint arg_num, const char *need_msg, const char *need_kind, const char *given_msg, const char *given_kind TSRMLS_DC);
+static zend_always_inline temp_variable *EX_TMP_VAR(void *ex, int n)
+{
+ return (temp_variable *)((zend_uintptr_t)ex + n);
+}
+static inline temp_variable *EX_TMP_VAR_NUM(void *ex, int n)
+{
+ return (temp_variable *)((zend_uintptr_t)ex - (1 + n) * sizeof(temp_variable));
+}
+
static zend_always_inline void i_zval_ptr_dtor(zval *zval_ptr ZEND_FILE_LINE_DC TSRMLS_DC)
{
if (!Z_DELREF_P(zval_ptr)) {
@carlosescri
Copy link
Author

eXolnet/homebrew-deprecated#23 (comment)

Ok so i've found a proper solution to this

Backgroud

So PHP 5.6 can be recompiled to support the latest icu4c version, thus fixing the dyld: Library not loaded: /usr/local/opt/icu4c/lib/libicui18n.64.dylib error, including any other legacy version errors of this nature.. that is swap the 64 to another number. However, there is a problem in that recompilation fails for users with OpenSSL 1.1.x due to the source code (the actual C code) of the openssl extensions within PHP 5.6 not being compatibile with OpenSSL 1.1.x. Essentially in OpenSSL 1.1.x you can not access public/private keys without going through it's newly created API interfaces, which PHP 5.6 does not do. Luckily, there is a patch for the PHP 5.6 source code to make it compatible with these new interfaces.

Solutiuon

Ensure openssl, icu4c are at the current versions

$ brew update
$ brew upgrade icu4c
$ brew upgrade openssl

Edit the ruby file for [email protected] to add in the patch.

$ brew edit [email protected]

In the text editor that opens add the following at lines 45-48

patch do
  url "https://raw.githubusercontent.com/opencomputeproject/Rack-Manager/master/Contrib-Inspur/openbmc/meta-openembedded/meta-oe/recipes-devtools/php/php/0001-PHP-5.6-LibSSL-1.1-compatibility.patch"
  sha256 "c9715b544ae249c0e76136dfadd9d282237233459694b9e75d0e3e094ab0c993"
end

Reinstall PHP 5.6 building from source

$ brew reinstall --build-from-source [email protected]

For me this is a much more viable soultion as i use multiple versions of PHP etc on my local machine via homebrew (https://github.com/JParkinson1991/homebrew-lemp), it would have become a nightmare for me if i had to keep installing specific legacy versions of certain packages as i was trying to switch. Patching PHP 5.6 allows me to switch between all major versions oh php without any headaches as they're all running off the same major dependencies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment