diff options
author | Jakub Zelenka <bukka@php.net> | 2018-05-21 17:55:11 +0100 |
---|---|---|
committer | Jakub Zelenka <bukka@php.net> | 2018-05-22 13:30:58 +0100 |
commit | 68c3d09c2c1b88eafcf8b82af24f77756fd1d77f (patch) | |
tree | 0875e7133b84f27594afdf75ca9bfd3dce46571a | |
parent | bc6ddb7f458d0933ee318e732acca464cd924713 (diff) | |
download | php-git-68c3d09c2c1b88eafcf8b82af24f77756fd1d77f.tar.gz |
Fix bug #76174 (openssl extension fails to build with LibreSSL 2.7)
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | ext/openssl/openssl.c | 16 | ||||
-rw-r--r-- | ext/openssl/php_openssl.h | 19 | ||||
-rw-r--r-- | ext/openssl/xp_ssl.c | 10 |
4 files changed, 34 insertions, 13 deletions
@@ -9,6 +9,8 @@ PHP NEWS - OpenSSL: . Fixed bug #76296 (openssl_pkey_get_public does not respect open_basedir). (Erik Lax, Jakub Zelenka) + . Fixed bug #76174 (openssl extension fails to build with LibreSSL 2.7). + (Jakub Zelenka) - Standard: . Fixed bug #76335 ("link(): Bad file descriptor" with non-ASCII path). diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index e6eeedbf55..44fe00b7fe 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -73,7 +73,7 @@ #ifdef HAVE_OPENSSL_MD2_H #define OPENSSL_ALGO_MD2 4 #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10100 #define OPENSSL_ALGO_DSS1 5 #endif #define OPENSSL_ALGO_SHA224 6 @@ -560,7 +560,7 @@ ZEND_GET_MODULE(openssl) #endif /* {{{ OpenSSL compatibility functions and macros */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10100 #define EVP_PKEY_get0_RSA(_pkey) _pkey->pkey.rsa #define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh #define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa @@ -677,7 +677,7 @@ static const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *asn1) return M_ASN1_STRING_data(asn1); } -#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10002 static int X509_get_signature_nid(const X509 *x) { @@ -1237,7 +1237,7 @@ static void php_openssl_dispose_config(struct php_x509_request * req) /* {{{ */ } /* }}} */ -#if defined(PHP_WIN32) || (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) +#if defined(PHP_WIN32) || PHP_OPENSSL_API_VERSION >= 0x10100 #define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0) #else #define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval() @@ -1324,7 +1324,7 @@ static EVP_MD * php_openssl_get_evp_md_from_algo(zend_long algo) { /* {{{ */ mdtype = (EVP_MD *) EVP_md2(); break; #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10100 case OPENSSL_ALGO_DSS1: mdtype = (EVP_MD *) EVP_dss1(); break; @@ -1450,7 +1450,7 @@ PHP_MINIT_FUNCTION(openssl) #ifdef HAVE_OPENSSL_MD2_H REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD2", OPENSSL_ALGO_MD2, CONST_CS|CONST_PERSISTENT); #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10100 REGISTER_LONG_CONSTANT("OPENSSL_ALGO_DSS1", OPENSSL_ALGO_DSS1, CONST_CS|CONST_PERSISTENT); #endif REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA224", OPENSSL_ALGO_SHA224, CONST_CS|CONST_PERSISTENT); @@ -3620,7 +3620,7 @@ PHP_FUNCTION(openssl_csr_get_public_key) RETURN_FALSE; } -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION >= 0x10100 /* Due to changes in OpenSSL 1.1 related to locking when decoding CSR, * the pub key is not changed after assigning. It means if we pass * a private key, it will be returned including the private part. @@ -3631,7 +3631,7 @@ PHP_FUNCTION(openssl_csr_get_public_key) /* Retrieve the public key from the CSR */ tpubkey = X509_REQ_get_pubkey(csr); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION >= 0x10100 /* We need to free the CSR as it was duplicated */ X509_REQ_free(csr); #endif diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h index f13225d049..a03581c983 100644 --- a/ext/openssl/php_openssl.h +++ b/ext/openssl/php_openssl.h @@ -29,6 +29,25 @@ extern zend_module_entry openssl_module_entry; #include "php_version.h" #define PHP_OPENSSL_VERSION PHP_VERSION +#include <openssl/opensslv.h> +#if defined(LIBRESSL_VERSION_NUMBER) +/* LibreSSL version check */ +#if LIBRESSL_VERSION_NUMBER < 0x20700000L +#define PHP_OPENSSL_API_VERSION 0x10001 +#else +#define PHP_OPENSSL_API_VERSION 0x10100 +#endif +#else +/* OpenSSL version check */ +#if OPENSSL_VERSION_NUMBER < 0x10002000L +#define PHP_OPENSSL_API_VERSION 0x10001 +#elif OPENSSL_VERSION_NUMBER < 0x10100000L +#define PHP_OPENSSL_API_VERSION 0x10002 +#else +#define PHP_OPENSSL_API_VERSION 0x10100 +#endif +#endif + #define OPENSSL_RAW_DATA 1 #define OPENSSL_ZERO_PADDING 2 #define OPENSSL_DONT_ZERO_PAD_KEY 4 diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index b70becec7b..5207657ef2 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -91,7 +91,7 @@ /* Used for peer verification in windows */ #define PHP_X509_NAME_ENTRY_TO_UTF8(ne, i, out) ASN1_STRING_to_UTF8(&out, X509_NAME_ENTRY_get_data(X509_NAME_get_entry(ne, i))) -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10100 static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength); #endif @@ -1128,7 +1128,7 @@ static void init_server_reneg_limit(php_stream *stream, php_openssl_netstream_da } /* }}} */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10100 static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength) { BIGNUM *bn = NULL; @@ -1197,7 +1197,7 @@ static int set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /* {{{ */ } /* }}} */ -#if defined(HAVE_ECDH) && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)) +#if defined(HAVE_ECDH) && PHP_OPENSSL_API_VERSION < 0x10100 static int set_server_ecdh_curve(php_stream *stream, SSL_CTX *ctx) /* {{{ */ { zval *zvcurve; @@ -1240,13 +1240,13 @@ static int set_server_specific_opts(php_stream *stream, SSL_CTX *ctx) /* {{{ */ zval *zv; long ssl_ctx_options = SSL_CTX_get_options(ctx); -#if defined(HAVE_ECDH) && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)) +#if defined(HAVE_ECDH) && PHP_OPENSSL_API_VERSION < 0x10100 if (set_server_ecdh_curve(stream, ctx) == FAILURE) { return FAILURE; } #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10100 SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); #endif /* We now use tmp_rsa_cb to generate a key of appropriate size whenever necessary */ |