From 0ec147d301b33b2cb0f347c6e81eb7e75e75b521 Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Mon, 24 Jul 2017 15:43:48 +0200
Subject: [PATCH] Ensure binary mode for OpenSSL I/O

Essential for OpenSSL 1.1.0 on Windows, some issues was revealed earlier
and now by openssl_pkcs12_export_to_file_basic.phpt.
---
 ext/openssl/openssl.c | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 4975a522ad..148540c80c 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -1134,7 +1134,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
 	if (str == NULL) {
 		php_openssl_store_errors();
 	} else if (!php_openssl_open_base_dir_chk(str)) {
-		BIO *oid_bio = BIO_new_file(str, "r");
+		BIO *oid_bio = BIO_new_file(str, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
 		if (oid_bio) {
 			OBJ_create_objects(oid_bio);
 			BIO_free(oid_bio);
@@ -1696,7 +1696,7 @@ static X509 * php_openssl_x509_from_zval(zval * val, int makeresource, zend_reso
 			return NULL;
 		}
 
-		in = BIO_new_file(Z_STRVAL_P(val) + (sizeof("file://") - 1), "r");
+		in = BIO_new_file(Z_STRVAL_P(val) + (sizeof("file://") - 1), PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
 		if (in == NULL) {
 			php_openssl_store_errors();
 			return NULL;
@@ -1761,7 +1761,7 @@ PHP_FUNCTION(openssl_x509_export_to_file)
 		return;
 	}
 
-	bio_out = BIO_new_file(filename, "w");
+	bio_out = BIO_new_file(filename, PHP_OPENSSL_BIO_MODE_W(PKCS7_BINARY));
 	if (bio_out) {
 		if (!notext && !X509_print(bio_out, cert)) {
 			php_openssl_store_errors();
@@ -2472,7 +2472,7 @@ static STACK_OF(X509) *php_openssl_load_all_certs_from_file(char *certfile)
 		goto end;
 	}
 
-	if (!(in=BIO_new_file(certfile, "r"))) {
+	if (!(in=BIO_new_file(certfile, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY)))) {
 		php_openssl_store_errors();
 		php_error_docref(NULL, E_WARNING, "error opening the file, %s", certfile);
 		sk_X509_free(stack);
@@ -2828,7 +2828,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
 
 	p12 = PKCS12_create(pass, friendly_name, priv_key, cert, ca, 0, 0, 0, 0, 0);
 	if (p12 != NULL) {
-		bio_out = BIO_new_file(filename, "w");
+		bio_out = BIO_new_file(filename, PHP_OPENSSL_BIO_MODE_W(PKCS7_BINARY));
 		if (bio_out != NULL) {
 
 			i2d_PKCS12_bio(bio_out, p12);
@@ -3246,7 +3246,7 @@ static X509_REQ * php_openssl_csr_from_zval(zval * val, int makeresource, zend_r
 		if (php_openssl_open_base_dir_chk(filename)) {
 			return NULL;
 		}
-		in = BIO_new_file(filename, "r");
+		in = BIO_new_file(filename, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
 	} else {
 		in = BIO_new_mem_buf(Z_STRVAL_P(val), (int)Z_STRLEN_P(val));
 	}
@@ -3294,7 +3294,7 @@ PHP_FUNCTION(openssl_csr_export_to_file)
 		return;
 	}
 
-	bio_out = BIO_new_file(filename, "w");
+	bio_out = BIO_new_file(filename, PHP_OPENSSL_BIO_MODE_W(PKCS7_BINARY));
 	if (bio_out != NULL) {
 		if (!notext && !X509_REQ_print(bio_out, csr)) {
 			php_openssl_store_errors();
@@ -3819,7 +3819,7 @@ static EVP_PKEY * php_openssl_evp_from_zval(
 				/* not a X509 certificate, try to retrieve public key */
 				BIO* in;
 				if (filename) {
-					in = BIO_new_file(filename, "r");
+					in = BIO_new_file(filename, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
 				} else {
 					in = BIO_new_mem_buf(Z_STRVAL_P(val), (int)Z_STRLEN_P(val));
 				}
@@ -3838,7 +3838,7 @@ static EVP_PKEY * php_openssl_evp_from_zval(
 				if (php_openssl_open_base_dir_chk(filename)) {
 					TMP_CLEAN;
 				}
-				in = BIO_new_file(filename, "r");
+				in = BIO_new_file(filename, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
 			} else {
 				in = BIO_new_mem_buf(Z_STRVAL_P(val), (int)Z_STRLEN_P(val));
 			}
@@ -4515,7 +4515,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
 	PHP_SSL_REQ_INIT(&req);
 
 	if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) {
-		bio_out = BIO_new_file(filename, "w");
+		bio_out = BIO_new_file(filename, PHP_OPENSSL_BIO_MODE_W(PKCS7_BINARY));
 		if (bio_out == NULL) {
 			php_openssl_store_errors();
 			goto clean_exit;
@@ -5061,7 +5061,7 @@ PHP_FUNCTION(openssl_pkcs7_verify)
 			goto clean_exit;
 		}
 
-		dataout = BIO_new_file(datafilename, "w");
+		dataout = BIO_new_file(datafilename, PHP_OPENSSL_BIO_MODE_W(PKCS7_BINARY));
 		if (dataout == NULL) {
 			php_openssl_store_errors();
 			goto clean_exit;
@@ -5074,7 +5074,7 @@ PHP_FUNCTION(openssl_pkcs7_verify)
 			goto clean_exit;
 		}
 
-		p7bout = BIO_new_file(p7bfilename, "w");
+		p7bout = BIO_new_file(p7bfilename, PHP_OPENSSL_BIO_MODE_W(PKCS7_BINARY));
 		if (p7bout == NULL) {
 			php_openssl_store_errors();
 			goto clean_exit;
@@ -5095,7 +5095,7 @@ PHP_FUNCTION(openssl_pkcs7_verify)
 				goto clean_exit;
 			}
 
-			certout = BIO_new_file(signersfilename, "w");
+			certout = BIO_new_file(signersfilename, PHP_OPENSSL_BIO_MODE_W(PKCS7_BINARY));
 			if (certout) {
 				int i;
 				signers = PKCS7_get0_signers(p7, NULL, (int)flags);
@@ -5179,7 +5179,7 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
 		goto clean_exit;
 	}
 
-	outfile = BIO_new_file(outfilename, "w");
+	outfile = BIO_new_file(outfilename, PHP_OPENSSL_BIO_MODE_W(flags));
 	if (outfile == NULL) {
 		php_openssl_store_errors();
 		goto clean_exit;
@@ -5439,7 +5439,7 @@ PHP_FUNCTION(openssl_pkcs7_sign)
 		goto clean_exit;
 	}
 
-	outfile = BIO_new_file(outfilename, "w");
+	outfile = BIO_new_file(outfilename, PHP_OPENSSL_BIO_MODE_W(PKCS7_BINARY));
 	if (outfile == NULL) {
 		php_openssl_store_errors();
 		php_error_docref(NULL, E_WARNING, "error opening output file %s!", outfilename);
-- 
2.50.0