1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
From: =?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej@sury.org>
Date: Fri, 31 Dec 2021 07:40:21 +0100
Subject: Lower the OpenSSL requirement to 1.0.1
---
build/php.m4 | 2 +-
ext/openssl/config0.m4 | 2 +-
ext/openssl/openssl.c | 9 ++++++++-
ext/openssl/php_openssl.h | 4 +++-
ext/openssl/xp_ssl.c | 9 +++++++++
5 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/build/php.m4 b/build/php.m4
index e13fc33..0648237 100644
--- a/build/php.m4
+++ b/build/php.m4
@@ -1929,7 +1929,7 @@ dnl
AC_DEFUN([PHP_SETUP_OPENSSL],[
found_openssl=no
- PKG_CHECK_MODULES([OPENSSL], [openssl >= 1.0.2], [found_openssl=yes])
+ PKG_CHECK_MODULES([OPENSSL], [openssl >= 1.0.1], [found_openssl=yes])
if test "$found_openssl" = "yes"; then
PHP_EVAL_LIBLINE($OPENSSL_LIBS, $1)
diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4
index ffd4e07..3bc1a08 100644
--- a/ext/openssl/config0.m4
+++ b/ext/openssl/config0.m4
@@ -1,7 +1,7 @@
PHP_ARG_WITH([openssl],
[for OpenSSL support],
[AS_HELP_STRING([--with-openssl],
- [Include OpenSSL support (requires OpenSSL >= 1.0.2)])])
+ [Include OpenSSL support (requires OpenSSL >= 1.0.1)])])
PHP_ARG_WITH([kerberos],
[for Kerberos support],
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 9e703f7..48cdb4e 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -95,7 +95,7 @@
#endif
#define DEBUG_SMIME 0
-#if !defined(OPENSSL_NO_EC) && defined(EVP_PKEY_EC)
+#if !defined(OPENSSL_NO_EC) && defined(EVP_PKEY_EC) && OPENSSL_VERSION_NUMBER >= 0x10002000L
#define HAVE_EVP_PKEY_EC 1
#endif
@@ -1236,6 +1236,13 @@ PHP_MINIT_FUNCTION(openssl)
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
OpenSSL_add_all_algorithms();
+
+#if !defined(OPENSSL_NO_AES) && defined(EVP_CIPH_CCM_MODE) && OPENSSL_VERSION_NUMBER < 0x100020000
+ EVP_add_cipher(EVP_aes_128_ccm());
+ EVP_add_cipher(EVP_aes_192_ccm());
+ EVP_add_cipher(EVP_aes_256_ccm());
+#endif
+
SSL_load_error_strings();
#else
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h
index 5cfadbe..cd2dc1b 100644
--- a/ext/openssl/php_openssl.h
+++ b/ext/openssl/php_openssl.h
@@ -35,7 +35,9 @@ extern zend_module_entry openssl_module_entry;
#endif
#else
/* OpenSSL version check */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
+#define PHP_OPENSSL_API_VERSION 0x10001
+#elif OPENSSL_VERSION_NUMBER < 0x10100000L
#define PHP_OPENSSL_API_VERSION 0x10002
#elif OPENSSL_VERSION_NUMBER < 0x30000000L
#define PHP_OPENSSL_API_VERSION 0x10100
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index a0db38c..6adc6cc 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -33,8 +33,11 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
+
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
#include <openssl/bn.h>
#include <openssl/dh.h>
+#endif
#ifdef PHP_WIN32
#include "win32/winutil.h"
@@ -86,8 +89,10 @@
#ifndef OPENSSL_NO_TLSEXT
#define HAVE_TLS_SNI 1
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
#define HAVE_TLS_ALPN 1
#endif
+#endif
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
#define HAVE_SEC_LEVEL 1
@@ -1316,8 +1321,12 @@ static int php_openssl_set_server_ecdh_curve(php_stream *stream, SSL_CTX *ctx) /
zvcurve = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "ecdh_curve");
if (zvcurve == NULL) {
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_ecdh_auto(ctx, 1);
return SUCCESS;
+#else
+ curve_nid = NID_X9_62_prime256v1;
+#endif
} else {
if (!try_convert_to_string(zvcurve)) {
return FAILURE;
|
