diff options
author | Jakub Zelenka <bukka@php.net> | 2018-05-22 13:41:22 +0100 |
---|---|---|
committer | Jakub Zelenka <bukka@php.net> | 2018-05-22 13:41:22 +0100 |
commit | 3986b6ab6e754a1054a95d9b6df689cfa7000d62 (patch) | |
tree | 9663a129df09d43b9d5c6e027efb2e7166b9f044 /ext | |
parent | 6c3a38353c186f4d77624a82e579a98576c484de (diff) | |
parent | a231860b026baf8a2dfd34852c0cc196e7c7ebfb (diff) | |
download | php-git-3986b6ab6e754a1054a95d9b6df689cfa7000d62.tar.gz |
Merge branch 'PHP-7.2'
Diffstat (limited to 'ext')
-rw-r--r-- | ext/openssl/openssl.c | 16 | ||||
-rw-r--r-- | ext/openssl/php_openssl.h | 19 | ||||
-rw-r--r-- | ext/openssl/xp_ssl.c | 10 |
3 files changed, 32 insertions, 13 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index c3e229bfb6..c2cd1d32fb 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -72,7 +72,7 @@ #ifdef HAVE_OPENSSL_MD2_H #define OPENSSL_ALGO_MD2 4 #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10100 #define OPENSSL_ALGO_DSS1 5 #endif #define OPENSSL_ALGO_SHA224 6 @@ -574,7 +574,7 @@ ZEND_GET_MODULE(openssl) #endif /* {{{ OpenSSL compatibility functions and macros */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10100 #define EVP_PKEY_get0_RSA(_pkey) _pkey->pkey.rsa #define EVP_PKEY_get0_DH(_pkey) _pkey->pkey.dh #define EVP_PKEY_get0_DSA(_pkey) _pkey->pkey.dsa @@ -691,7 +691,7 @@ static const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *asn1) return M_ASN1_STRING_data(asn1); } -#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10002 static int X509_get_signature_nid(const X509 *x) { @@ -1251,7 +1251,7 @@ static void php_openssl_dispose_config(struct php_x509_request * req) /* {{{ */ } /* }}} */ -#if defined(PHP_WIN32) || (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) +#if defined(PHP_WIN32) || PHP_OPENSSL_API_VERSION >= 0x10100 #define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0) #else #define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval() @@ -1338,7 +1338,7 @@ static EVP_MD * php_openssl_get_evp_md_from_algo(zend_long algo) { /* {{{ */ mdtype = (EVP_MD *) EVP_md2(); break; #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10100 case OPENSSL_ALGO_DSS1: mdtype = (EVP_MD *) EVP_dss1(); break; @@ -1469,7 +1469,7 @@ PHP_MINIT_FUNCTION(openssl) #ifdef HAVE_OPENSSL_MD2_H REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD2", OPENSSL_ALGO_MD2, CONST_CS|CONST_PERSISTENT); #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10100 REGISTER_LONG_CONSTANT("OPENSSL_ALGO_DSS1", OPENSSL_ALGO_DSS1, CONST_CS|CONST_PERSISTENT); #endif REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA224", OPENSSL_ALGO_SHA224, CONST_CS|CONST_PERSISTENT); @@ -3652,7 +3652,7 @@ PHP_FUNCTION(openssl_csr_get_public_key) RETURN_FALSE; } -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION >= 0x10100 /* Due to changes in OpenSSL 1.1 related to locking when decoding CSR, * the pub key is not changed after assigning. It means if we pass * a private key, it will be returned including the private part. @@ -3663,7 +3663,7 @@ PHP_FUNCTION(openssl_csr_get_public_key) /* Retrieve the public key from the CSR */ tpubkey = X509_REQ_get_pubkey(csr); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION >= 0x10100 /* We need to free the CSR as it was duplicated */ X509_REQ_free(csr); #endif diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h index b69c9d195a..e357550c1a 100644 --- a/ext/openssl/php_openssl.h +++ b/ext/openssl/php_openssl.h @@ -29,6 +29,25 @@ extern zend_module_entry openssl_module_entry; #include "php_version.h" #define PHP_OPENSSL_VERSION PHP_VERSION +#include <openssl/opensslv.h> +#if defined(LIBRESSL_VERSION_NUMBER) +/* LibreSSL version check */ +#if LIBRESSL_VERSION_NUMBER < 0x20700000L +#define PHP_OPENSSL_API_VERSION 0x10001 +#else +#define PHP_OPENSSL_API_VERSION 0x10100 +#endif +#else +/* OpenSSL version check */ +#if OPENSSL_VERSION_NUMBER < 0x10002000L +#define PHP_OPENSSL_API_VERSION 0x10001 +#elif OPENSSL_VERSION_NUMBER < 0x10100000L +#define PHP_OPENSSL_API_VERSION 0x10002 +#else +#define PHP_OPENSSL_API_VERSION 0x10100 +#endif +#endif + #define OPENSSL_RAW_DATA 1 #define OPENSSL_ZERO_PADDING 2 #define OPENSSL_DONT_ZERO_PAD_KEY 4 diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index c0282be504..9225f67668 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -94,7 +94,7 @@ #define PHP_X509_NAME_ENTRY_TO_UTF8(ne, i, out) \ ASN1_STRING_to_UTF8(&out, X509_NAME_ENTRY_get_data(X509_NAME_get_entry(ne, i))) -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10100 static RSA *php_openssl_tmp_rsa_cb(SSL *s, int is_export, int keylength); #endif @@ -1137,7 +1137,7 @@ static void php_openssl_init_server_reneg_limit(php_stream *stream, php_openssl_ } /* }}} */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10100 static RSA *php_openssl_tmp_rsa_cb(SSL *s, int is_export, int keylength) { BIGNUM *bn = NULL; @@ -1206,7 +1206,7 @@ static int php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /* } /* }}} */ -#if defined(HAVE_ECDH) && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)) +#if defined(HAVE_ECDH) && PHP_OPENSSL_API_VERSION < 0x10100 static int php_openssl_set_server_ecdh_curve(php_stream *stream, SSL_CTX *ctx) /* {{{ */ { zval *zvcurve; @@ -1249,13 +1249,13 @@ static int php_openssl_set_server_specific_opts(php_stream *stream, SSL_CTX *ctx zval *zv; long ssl_ctx_options = SSL_CTX_get_options(ctx); -#if defined(HAVE_ECDH) && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)) +#if defined(HAVE_ECDH) && PHP_OPENSSL_API_VERSION < 0x10100 if (php_openssl_set_server_ecdh_curve(stream, ctx) == FAILURE) { return FAILURE; } #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#if PHP_OPENSSL_API_VERSION < 0x10100 SSL_CTX_set_tmp_rsa_callback(ctx, php_openssl_tmp_rsa_cb); #endif /* We now use php_openssl_tmp_rsa_cb to generate a key of appropriate size whenever necessary */ |