Fix compilation without deprecated OpenSSL 1.1 APIs

diff --git a/ext/ftp/php_ftp.c b/ext/ftp/php_ftp.c
index 5bd1fa70cce4482ae04d49e15a1b814e1ce02ae5..e3b425ef0fdbc3fbdf71ec8f9b5aafb715ab061c 100644 (file)
--- a/ext/ftp/php_ftp.c
+++ b/ext/ftp/php_ftp.c
@@ -318,12 +318,14 @@ static void ftp_destructor_ftpbuf(zend_resource *rsrc)
 PHP_MINIT_FUNCTION(ftp)
 {
 #ifdef HAVE_FTP_SSL
+#if OPENSSL_VERSION_NUMBER < 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
        SSL_library_init();
        OpenSSL_add_all_ciphers();
        OpenSSL_add_all_digests();
        OpenSSL_add_all_algorithms();
 
        SSL_load_error_strings();
+#endif
 #endif
 
        le_ftpbuf = zend_register_list_destructors_ex(ftp_destructor_ftpbuf, NULL, le_ftpbuf_name, module_number);

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 7d40c858821135446c29e485869588f8d315e3e4..3bf569cce1540e985620972ad2b3f5f52d8ffbe1 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -705,6 +705,12 @@ static int X509_get_signature_nid(const X509 *x)
 
 #endif
 
+#define OpenSSL_version                SSLeay_version
+#define OPENSSL_VERSION                SSLEAY_VERSION
+#define X509_getm_notBefore    X509_get_notBefore
+#define X509_getm_notAfter     X509_get_notAfter
+#define EVP_CIPHER_CTX_reset   EVP_CIPHER_CTX_cleanup
+
 #endif
 /* }}} */
 
@@ -1617,7 +1623,7 @@ PHP_MINFO_FUNCTION(openssl)
 {
        php_info_print_table_start();
        php_info_print_table_row(2, "OpenSSL support", "enabled");
-       php_info_print_table_row(2, "OpenSSL Library Version", SSLeay_version(SSLEAY_VERSION));
+       php_info_print_table_row(2, "OpenSSL Library Version", OpenSSL_version(OPENSSL_VERSION));
        php_info_print_table_row(2, "OpenSSL Header Version", OPENSSL_VERSION_TEXT);
        php_info_print_table_row(2, "Openssl default config", default_ssl_conf_filename);
        php_info_print_table_end();
@@ -2420,11 +2426,11 @@ PHP_FUNCTION(openssl_x509_parse)
        add_assoc_string(return_value, "serialNumberHex", hex_serial);
        OPENSSL_free(hex_serial);
 
-       php_openssl_add_assoc_asn1_string(return_value, "validFrom",    X509_get_notBefore(cert));
-       php_openssl_add_assoc_asn1_string(return_value, "validTo",              X509_get_notAfter(cert));
+       php_openssl_add_assoc_asn1_string(return_value, "validFrom",    X509_getm_notBefore(cert));
+       php_openssl_add_assoc_asn1_string(return_value, "validTo",              X509_getm_notAfter(cert));
 
-       add_assoc_long(return_value, "validFrom_time_t", php_openssl_asn1_time_to_time_t(X509_get_notBefore(cert)));
-       add_assoc_long(return_value, "validTo_time_t",  php_openssl_asn1_time_to_time_t(X509_get_notAfter(cert)));
+       add_assoc_long(return_value, "validFrom_time_t", php_openssl_asn1_time_to_time_t(X509_getm_notBefore(cert)));
+       add_assoc_long(return_value, "validTo_time_t",  php_openssl_asn1_time_to_time_t(X509_getm_notAfter(cert)));
 
        tmpstr = (char *)X509_alias_get0(cert, NULL);
        if (tmpstr) {
@@ -3525,8 +3531,8 @@ PHP_FUNCTION(openssl_csr_sign)
                php_openssl_store_errors();
                goto cleanup;
        }
-       X509_gmtime_adj(X509_get_notBefore(new_cert), 0);
-       X509_gmtime_adj(X509_get_notAfter(new_cert), 60*60*24*(long)num_days);
+       X509_gmtime_adj(X509_getm_notBefore(new_cert), 0);
+       X509_gmtime_adj(X509_getm_notAfter(new_cert), 60*60*24*(long)num_days);
        i = X509_set_pubkey(new_cert, key);
        if (!i) {
                php_openssl_store_errors();
@@ -6197,7 +6203,7 @@ PHP_FUNCTION(openssl_seal)
 
        /* allocate one byte extra to make room for \0 */
        buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
-       EVP_CIPHER_CTX_cleanup(ctx);
+       EVP_CIPHER_CTX_reset(ctx);
 
        if (EVP_SealInit(ctx, cipher, eks, eksl, &iv_buf[0], pkeys, nkeys) <= 0 ||
                        !EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) ||
@@ -6739,7 +6745,7 @@ PHP_OPENSSL_API zend_string* php_openssl_encrypt(char *data, size_t data_len, ch
        if (free_iv) {
                efree(iv);
        }
-       EVP_CIPHER_CTX_cleanup(cipher_ctx);
+       EVP_CIPHER_CTX_reset(cipher_ctx);
        EVP_CIPHER_CTX_free(cipher_ctx);
        return outbuf;
 }
@@ -6834,7 +6840,7 @@ PHP_OPENSSL_API zend_string* php_openssl_decrypt(char *data, size_t data_len, ch
        if (base64_str) {
                zend_string_release_ex(base64_str, 0);
        }
-       EVP_CIPHER_CTX_cleanup(cipher_ctx);
+       EVP_CIPHER_CTX_reset(cipher_ctx);
        EVP_CIPHER_CTX_free(cipher_ctx);
        return outbuf;
 }

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 09d1bcbf3e5b0dc4e2e8b6dff44da05fba01b934..caf812d83dfac8ecf8c80711cb897b9086deb96c 100644 (file)
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -60,9 +60,19 @@
 #define STREAM_CRYPTO_METHOD_TLSv1_2       (1<<5)
 #define STREAM_CRYPTO_METHOD_TLSv1_3       (1<<6)
 
+#ifndef OPENSSL_NO_TLS1_METHOD
+#define HAVE_TLS1 1
+#endif
+
+#ifndef OPENSSL_NO_TLS1_1_METHOD
 #define HAVE_TLS11 1
+#endif
+
+#ifndef OPENSSL_NO_TLS1_2_METHOD
 #define HAVE_TLS12 1
-#if OPENSSL_VERSION_NUMBER >= 0x10101000
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(OPENSSL_NO_TLS1_3)
 #define HAVE_TLS13 1
 #endif
 
@@ -995,9 +1005,11 @@ static int php_openssl_get_crypto_method_ctx_flags(int method_flags) /* {{{ */
                ssl_ctx_options |= SSL_OP_NO_SSLv3;
        }
 #endif
+#ifdef HAVE_TLS1
        if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_0)) {
                ssl_ctx_options |= SSL_OP_NO_TLSv1;
        }
+#endif
 #ifdef HAVE_TLS11
        if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_1)) {
                ssl_ctx_options |= SSL_OP_NO_TLSv1_1;