From e840071b7653a205d4d00c769cc48f180a5c16b0 Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Sun, 6 Nov 2016 17:37:06 +0000
Subject: [PATCH] Never return private part of the key from
 openssl_csr_get_public_key

This fixes ecc.phpt test when OpenSSL 1.1 linked.
---
 ext/openssl/openssl.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 4bfc03fa96..528d8235a5 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -3564,7 +3564,22 @@ PHP_FUNCTION(openssl_csr_get_public_key)
 		RETURN_FALSE;
 	}
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+	/* Due to changes in OpenSSL 1.1 related to locking when decoding CSR,
+	 * the pub key is not changed after assigning. It means if we pass
+	 * a private key, it will be returned including the private part.
+	 * If we duplicate it, then we get just the public part which is
+	 * the same behavior as for OpenSSL 1.0 */
+	csr = X509_REQ_dup(csr);
+#endif
+	/* Retrieve the public key from the CSR */
 	tpubkey = X509_REQ_get_pubkey(csr);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+	/* We need to free the CSR as it was duplicated */
+	X509_REQ_free(csr);
+#endif
+
 	if (tpubkey == NULL) {
 		php_openssl_store_errors();
 		RETURN_FALSE;
-- 
2.40.0