From: =?utf-8?b?T25kxZllaiBTdXLDvQ==?= Date: Fri, 31 Dec 2021 07:40:21 +0100 Subject: Lower the OpenSSL requirement to 1.0.1 --- build/php.m4 | 2 +- ext/openssl/config0.m4 | 2 +- ext/openssl/openssl.c | 9 ++++++++- ext/openssl/php_openssl.h | 4 +++- ext/openssl/xp_ssl.c | 9 +++++++++ 5 files changed, 22 insertions(+), 4 deletions(-) diff --git a/build/php.m4 b/build/php.m4 index e13fc33..0648237 100644 --- a/build/php.m4 +++ b/build/php.m4 @@ -1929,7 +1929,7 @@ dnl AC_DEFUN([PHP_SETUP_OPENSSL],[ found_openssl=no - PKG_CHECK_MODULES([OPENSSL], [openssl >= 1.0.2], [found_openssl=yes]) + PKG_CHECK_MODULES([OPENSSL], [openssl >= 1.0.1], [found_openssl=yes]) if test "$found_openssl" = "yes"; then PHP_EVAL_LIBLINE($OPENSSL_LIBS, $1) diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4 index ffd4e07..3bc1a08 100644 --- a/ext/openssl/config0.m4 +++ b/ext/openssl/config0.m4 @@ -1,7 +1,7 @@ PHP_ARG_WITH([openssl], [for OpenSSL support], [AS_HELP_STRING([--with-openssl], - [Include OpenSSL support (requires OpenSSL >= 1.0.2)])]) + [Include OpenSSL support (requires OpenSSL >= 1.0.1)])]) PHP_ARG_WITH([kerberos], [for Kerberos support], diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 9e703f7..48cdb4e 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -95,7 +95,7 @@ #endif #define DEBUG_SMIME 0 -#if !defined(OPENSSL_NO_EC) && defined(EVP_PKEY_EC) +#if !defined(OPENSSL_NO_EC) && defined(EVP_PKEY_EC) && OPENSSL_VERSION_NUMBER >= 0x10002000L #define HAVE_EVP_PKEY_EC 1 #endif @@ -1236,6 +1236,13 @@ PHP_MINIT_FUNCTION(openssl) OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); + +#if !defined(OPENSSL_NO_AES) && defined(EVP_CIPH_CCM_MODE) && OPENSSL_VERSION_NUMBER < 0x100020000 + EVP_add_cipher(EVP_aes_128_ccm()); + EVP_add_cipher(EVP_aes_192_ccm()); + EVP_add_cipher(EVP_aes_256_ccm()); +#endif + SSL_load_error_strings(); #else OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL); diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h index 5cfadbe..cd2dc1b 100644 --- a/ext/openssl/php_openssl.h +++ b/ext/openssl/php_openssl.h @@ -35,7 +35,9 @@ extern zend_module_entry openssl_module_entry; #endif #else /* OpenSSL version check */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10002000L +#define PHP_OPENSSL_API_VERSION 0x10001 +#elif OPENSSL_VERSION_NUMBER < 0x10100000L #define PHP_OPENSSL_API_VERSION 0x10002 #elif OPENSSL_VERSION_NUMBER < 0x30000000L #define PHP_OPENSSL_API_VERSION 0x10100 diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index a0db38c..6adc6cc 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -33,8 +33,11 @@ #include #include #include + +#if OPENSSL_VERSION_NUMBER >= 0x10002000L #include #include +#endif #ifdef PHP_WIN32 #include "win32/winutil.h" @@ -86,8 +89,10 @@ #ifndef OPENSSL_NO_TLSEXT #define HAVE_TLS_SNI 1 +#if OPENSSL_VERSION_NUMBER >= 0x10002000L #define HAVE_TLS_ALPN 1 #endif +#endif #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) #define HAVE_SEC_LEVEL 1 @@ -1316,8 +1321,12 @@ static int php_openssl_set_server_ecdh_curve(php_stream *stream, SSL_CTX *ctx) / zvcurve = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "ecdh_curve"); if (zvcurve == NULL) { +#if OPENSSL_VERSION_NUMBER >= 0x10002000L SSL_CTX_set_ecdh_auto(ctx, 1); return SUCCESS; +#else + curve_nid = NID_X9_62_prime256v1; +#endif } else { if (!try_convert_to_string(zvcurve)) { return FAILURE;