summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2022-06-21 16:04:37 +0200
committerRemi Collet <remi@php.net>2022-06-21 16:04:37 +0200
commitbe67aca55a031d3d135186af9e108bb34e3b8d4e (patch)
tree0da685dc73f36803bbe140566235275ce7f5582f
parentcd2f9e1e147bd83f87c775723cfe85bdbb9b28b7 (diff)
update to 8.0.21RC1HEADmaster
-rw-r--r--failed.txt6
-rw-r--r--php-8.0.21-openssl3.patch (renamed from php-8.0.10-openssl3.patch)408
-rw-r--r--php-mbstring.patch33
-rw-r--r--php.spec16
4 files changed, 215 insertions, 248 deletions
diff --git a/failed.txt b/failed.txt
index 01d6d81..c25ce01 100644
--- a/failed.txt
+++ b/failed.txt
@@ -1,10 +1,10 @@
-===== 8.0.20 (2022-06-09)
+===== 8.0.21RC1 (2022-06-23)
$ grep -ar 'Tests failed' /var/lib/mock/*/build.log
/var/lib/mock/scl80el7x/build.log:Tests failed : 0
/var/lib/mock/scl80el8x/build.log:Tests failed : 1
-/var/lib/mock/scl80el9x/build.log:Tests failed : 1
+/var/lib/mock/scl80el9x/build.log:Tests failed : 0
/var/lib/mock/scl80fc34x/build.log:Tests failed : 0
/var/lib/mock/scl80fc35x/build.log:Tests failed : 0
/var/lib/mock/scl80fc36x/build.log:Tests failed : 0
@@ -12,8 +12,6 @@ $ grep -ar 'Tests failed' /var/lib/mock/*/build.log
el8x:
5 ext/standard/tests/strings/setlocale_variation2.phpt
-el9x:
- 2 ext/standard/tests/strings/setlocale_variation2.phpt
(1) proc_open give erratic test results :(
diff --git a/php-8.0.10-openssl3.patch b/php-8.0.21-openssl3.patch
index 6070150..b6b14b3 100644
--- a/php-8.0.10-openssl3.patch
+++ b/php-8.0.21-openssl3.patch
@@ -1,4 +1,4 @@
-From 3d13d14f318267b27f99025b37a2061c835e0727 Mon Sep 17 00:00:00 2001
+From 016e857bed6cbd4a96f520d05499b7e30bbf877c Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@php.net>
Date: Sun, 8 Aug 2021 17:38:30 +0200
Subject: [PATCH 01/39] minimal fix for openssl 3.0 (#7002)
@@ -9,10 +9,10 @@ Subject: [PATCH 01/39] minimal fix for openssl 3.0 (#7002)
1 file changed, 2 insertions(+)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 19e7a0d79e..015cd89aa6 100644
+index f791cfa856..b327b121d8 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -1221,7 +1221,9 @@ PHP_MINIT_FUNCTION(openssl)
+@@ -1313,7 +1313,9 @@ PHP_MINIT_FUNCTION(openssl)
REGISTER_LONG_CONSTANT("OPENSSL_CMS_NOSIGS", CMS_NOSIGS, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
@@ -23,9 +23,9 @@ index 19e7a0d79e..015cd89aa6 100644
REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
--
-2.31.1
+2.35.3
-From fc0dbc36e4563a5146aa5345e8520f6601ec7030 Mon Sep 17 00:00:00 2001
+From 4f53ad619bb69c26e0ad0e59caf98642d8a6f038 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 09:41:39 +0200
Subject: [PATCH 02/39] Optimize openssl memory leak test
@@ -71,9 +71,9 @@ index 4f3dc9e766..c9c7df2953 100644
--EXPECT--
bool(true)
--
-2.31.1
+2.35.3
-From da4fbfb99a6dfc9dbaaa04a4bc8068a7e9bfa46c Mon Sep 17 00:00:00 2001
+From 8ae6f0974ea3f3c39e24b2e1825ba419f5b2ee94 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 09:46:07 +0200
Subject: [PATCH 03/39] Reduce security level in some OpenSSL tests
@@ -341,9 +341,9 @@ index c1aaa04919..84a137b5f4 100644
phpt_wait();
--
-2.31.1
+2.35.3
-From fe770720985c5f31a79528528be0aa8e0e56a389 Mon Sep 17 00:00:00 2001
+From e11ba509a72315046a015e8e106b4c1a0fdf4be9 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 09:57:40 +0200
Subject: [PATCH 04/39] Adjust some tests for whitespace differences in OpenSSL
@@ -449,9 +449,9 @@ index b80c1f71f1..38915157f3 100644
string(7) "CA:TRUE"
}
--
-2.31.1
+2.35.3
-From 676a47080bed2730b892e4ea43b93deb4acea335 Mon Sep 17 00:00:00 2001
+From 6d8810376b61aa4d37fbe773caa036ae7fec01a4 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 11:55:47 +0200
Subject: [PATCH 05/39] Use different cipher in openssl_seal() test
@@ -488,9 +488,9 @@ index 16efb05a66..e23045c992 100644
Warning: openssl_seal(): Not a public key (2th member of pubkeys) in %s on line %d
bool(false)
--
-2.31.1
+2.35.3
-From 389b4605281975d4ecac92cb3751d18d2e3fd60a Mon Sep 17 00:00:00 2001
+From 0d452b65cc8adf1867a26a470295a03324ea150b Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 11:58:46 +0200
Subject: [PATCH 06/39] Don't test legacy algorithms in SPKI tests
@@ -629,9 +629,9 @@ index c760d0cb83..35badcda37 100644
-bool(true)
-bool(false)
--
-2.31.1
+2.35.3
-From 054aeebb623e6d4a055a4bab60a864f8c7f65675 Mon Sep 17 00:00:00 2001
+From 6489539ac9867eb365cd90bbb4ffc755f35bd9c3 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 12:48:02 +0200
Subject: [PATCH 07/39] Only report provided ciphers in
@@ -649,10 +649,10 @@ checks continue working as expected.
2 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 015cd89aa6..4ffa2185fb 100644
+index b327b121d8..f99961c589 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -6798,6 +6798,31 @@ PHP_FUNCTION(openssl_get_md_methods)
+@@ -6863,6 +6863,31 @@ PHP_FUNCTION(openssl_get_md_methods)
}
/* }}} */
@@ -684,7 +684,7 @@ index 015cd89aa6..4ffa2185fb 100644
/* {{{ Return array of available cipher algorithms */
PHP_FUNCTION(openssl_get_cipher_methods)
{
-@@ -6807,9 +6832,16 @@ PHP_FUNCTION(openssl_get_cipher_methods)
+@@ -6872,9 +6897,16 @@ PHP_FUNCTION(openssl_get_cipher_methods)
RETURN_THROWS();
}
array_init(return_value);
@@ -719,9 +719,9 @@ index c674ead34b..16bad9e6b0 100644
#endif
--
-2.31.1
+2.35.3
-From 62fbe1839d980583156b0d22c49753c4666e73e8 Mon Sep 17 00:00:00 2001
+From 407368e3fad0e4a46152bdf0061f590387365409 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 12:05:02 +0200
Subject: [PATCH 08/39] Avoid RC4 use in another test
@@ -745,9 +745,9 @@ index 5e551c507f..271a878cdf 100644
openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key, $pub_key), $method);
openssl_open($sealed, $output, $ekeys[0], $priv_key, $method);
--
-2.31.1
+2.35.3
-From 95e6b2c67de6a63d059b678d14f291487f563163 Mon Sep 17 00:00:00 2001
+From 33f11d251877bd3fa4a533eec1a9d1df4a2ab13b Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 15:47:14 +0200
Subject: [PATCH 09/39] Use EVP_PKEY API for
@@ -762,10 +762,10 @@ Use the high level API instead of the deprecated low level API.
2 files changed, 45 insertions(+), 74 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 4ffa2185fb..64840da451 100644
+index f99961c589..d5ccfb09cb 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -6230,11 +6230,6 @@ PHP_FUNCTION(openssl_private_encrypt)
+@@ -6295,11 +6295,6 @@ PHP_FUNCTION(openssl_private_encrypt)
PHP_FUNCTION(openssl_private_decrypt)
{
zval *key, *crypted;
@@ -777,7 +777,7 @@ index 4ffa2185fb..64840da451 100644
zend_long padding = RSA_PKCS1_PADDING;
char * data;
size_t data_len;
-@@ -6243,11 +6238,7 @@ PHP_FUNCTION(openssl_private_decrypt)
+@@ -6308,11 +6303,7 @@ PHP_FUNCTION(openssl_private_decrypt)
RETURN_THROWS();
}
@@ -785,12 +785,12 @@ index 4ffa2185fb..64840da451 100644
-
- RETVAL_FALSE;
-
-- pkey = php_openssl_pkey_from_zval(key, 0, "", 0);
-+ EVP_PKEY *pkey = php_openssl_pkey_from_zval(key, 0, "", 0);
+- pkey = php_openssl_pkey_from_zval(key, 0, "", 0, 3);
++ EVP_PKEY *pkey = php_openssl_pkey_from_zval(key, 0, "", 0, 3);
if (pkey == NULL) {
if (!EG(exception)) {
php_error_docref(NULL, E_WARNING, "key parameter is not a valid private key");
-@@ -6255,42 +6246,33 @@ PHP_FUNCTION(openssl_private_decrypt)
+@@ -6320,42 +6311,33 @@ PHP_FUNCTION(openssl_private_decrypt)
RETURN_FALSE;
}
@@ -854,7 +854,7 @@ index 4ffa2185fb..64840da451 100644
}
/* }}} */
-@@ -6298,10 +6280,6 @@ PHP_FUNCTION(openssl_private_decrypt)
+@@ -6363,10 +6345,6 @@ PHP_FUNCTION(openssl_private_decrypt)
PHP_FUNCTION(openssl_public_encrypt)
{
zval *key, *crypted;
@@ -865,7 +865,7 @@ index 4ffa2185fb..64840da451 100644
zend_long padding = RSA_PKCS1_PADDING;
char * data;
size_t data_len;
-@@ -6310,11 +6288,7 @@ PHP_FUNCTION(openssl_public_encrypt)
+@@ -6375,11 +6353,7 @@ PHP_FUNCTION(openssl_public_encrypt)
RETURN_THROWS();
}
@@ -873,12 +873,12 @@ index 4ffa2185fb..64840da451 100644
-
- RETVAL_FALSE;
-
-- pkey = php_openssl_pkey_from_zval(key, 1, NULL, 0);
-+ EVP_PKEY *pkey = php_openssl_pkey_from_zval(key, 1, NULL, 0);
+- pkey = php_openssl_pkey_from_zval(key, 1, NULL, 0, 3);
++ EVP_PKEY *pkey = php_openssl_pkey_from_zval(key, 1, NULL, 0, 3);
if (pkey == NULL) {
if (!EG(exception)) {
php_error_docref(NULL, E_WARNING, "key parameter is not a valid public key");
-@@ -6322,35 +6296,32 @@ PHP_FUNCTION(openssl_public_encrypt)
+@@ -6387,35 +6361,32 @@ PHP_FUNCTION(openssl_public_encrypt)
RETURN_FALSE;
}
@@ -949,9 +949,9 @@ index b55b7ced44..eb76dfbf77 100644
// X509
echo "X509 errors\n";
--
-2.31.1
+2.35.3
-From b29b719e4741cde6d1e441e0340f038976cb461b Mon Sep 17 00:00:00 2001
+From 08fc5c58b197732e8e4bdc8cf2d9fd9eecec3fb9 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 16:56:32 +0200
Subject: [PATCH 10/39] Use EVP_PKEY APIs for
@@ -966,10 +966,10 @@ Use high level APIs instead of deprecated low level APIs.
2 files changed, 45 insertions(+), 76 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 64840da451..4e9b949b5f 100644
+index d5ccfb09cb..77b24b7a1b 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -6170,10 +6170,6 @@ clean_exit:
+@@ -6235,10 +6235,6 @@ clean_exit:
PHP_FUNCTION(openssl_private_encrypt)
{
zval *key, *crypted;
@@ -980,7 +980,7 @@ index 64840da451..4e9b949b5f 100644
char * data;
size_t data_len;
zend_long padding = RSA_PKCS1_PADDING;
-@@ -6182,12 +6178,7 @@ PHP_FUNCTION(openssl_private_encrypt)
+@@ -6247,12 +6243,7 @@ PHP_FUNCTION(openssl_private_encrypt)
RETURN_THROWS();
}
@@ -988,13 +988,13 @@ index 64840da451..4e9b949b5f 100644
-
- RETVAL_FALSE;
-
-- pkey = php_openssl_pkey_from_zval(key, 0, "", 0);
+- pkey = php_openssl_pkey_from_zval(key, 0, "", 0, 3);
-
-+ EVP_PKEY *pkey = php_openssl_pkey_from_zval(key, 0, "", 0);
++ EVP_PKEY *pkey = php_openssl_pkey_from_zval(key, 0, "", 0, 3);
if (pkey == NULL) {
if (!EG(exception)) {
php_error_docref(NULL, E_WARNING, "key param is not a valid private key");
-@@ -6195,33 +6186,31 @@ PHP_FUNCTION(openssl_private_encrypt)
+@@ -6260,33 +6251,31 @@ PHP_FUNCTION(openssl_private_encrypt)
RETURN_FALSE;
}
@@ -1049,7 +1049,7 @@ index 64840da451..4e9b949b5f 100644
EVP_PKEY_free(pkey);
}
/* }}} */
-@@ -6329,11 +6318,6 @@ cleanup:
+@@ -6394,11 +6383,6 @@ cleanup:
PHP_FUNCTION(openssl_public_decrypt)
{
zval *key, *crypted;
@@ -1061,7 +1061,7 @@ index 64840da451..4e9b949b5f 100644
zend_long padding = RSA_PKCS1_PADDING;
char * data;
size_t data_len;
-@@ -6342,11 +6326,7 @@ PHP_FUNCTION(openssl_public_decrypt)
+@@ -6407,11 +6391,7 @@ PHP_FUNCTION(openssl_public_decrypt)
RETURN_THROWS();
}
@@ -1069,12 +1069,12 @@ index 64840da451..4e9b949b5f 100644
-
- RETVAL_FALSE;
-
-- pkey = php_openssl_pkey_from_zval(key, 1, NULL, 0);
-+ EVP_PKEY *pkey = php_openssl_pkey_from_zval(key, 1, NULL, 0);
+- pkey = php_openssl_pkey_from_zval(key, 1, NULL, 0, 3);
++ EVP_PKEY *pkey = php_openssl_pkey_from_zval(key, 1, NULL, 0, 3);
if (pkey == NULL) {
if (!EG(exception)) {
php_error_docref(NULL, E_WARNING, "key parameter is not a valid public key");
-@@ -6354,43 +6334,32 @@ PHP_FUNCTION(openssl_public_decrypt)
+@@ -6419,43 +6399,32 @@ PHP_FUNCTION(openssl_public_decrypt)
RETURN_FALSE;
}
@@ -1153,9 +1153,9 @@ index eb76dfbf77..f3eb82067b 100644
@openssl_private_decrypt("data", $crypted, $private_key_file);
expect_openssl_errors('openssl_private_decrypt', ['04065072']);
--
-2.31.1
+2.35.3
-From bfdbdfb6bf128c157adfba402b89b0f82be993ab Mon Sep 17 00:00:00 2001
+From 162e1ff4452f6c48c9efd51393c06d24ae02f1d2 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 5 Aug 2021 10:29:50 +0200
Subject: [PATCH 11/39] Use EVP_PKEY APIs for key generation
@@ -1169,10 +1169,10 @@ Use high level API instead of deprecated low level API.
2 files changed, 101 insertions(+), 113 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 4e9b949b5f..d260670ff9 100644
+index 77b24b7a1b..f158815c6b 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -3656,140 +3656,130 @@ static EVP_PKEY *php_openssl_pkey_from_zval(zval *val, int public_key, char *pas
+@@ -3758,140 +3758,130 @@ static EVP_PKEY *php_openssl_pkey_from_zval(
return key;
}
@@ -1429,9 +1429,9 @@ index 327c916688..12ae0ff0e1 100644
?>
--EXPECTF--
--
-2.31.1
+2.35.3
-From 8dfe551ef85a874df63d0bb50b2d065c3370fd7e Mon Sep 17 00:00:00 2001
+From f3ac6b3dff7a9062186e595deebe268174d5abb8 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 5 Aug 2021 11:50:11 +0200
Subject: [PATCH 12/39] Relax error check
@@ -1462,9 +1462,9 @@ index 12ae0ff0e1..3f319b4b24 100644
-error:%s:key size too small
+bool(true)
--
-2.31.1
+2.35.3
-From 44859f59f3ff3d7cf24ae146e9b0da348e6befcd Mon Sep 17 00:00:00 2001
+From de7bd3a3d035d0b018058ee623412d08c5e50b6e Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 5 Aug 2021 12:59:13 +0200
Subject: [PATCH 13/39] Store whether pkey object contains private key
@@ -1487,7 +1487,7 @@ of construction.
1 file changed, 31 insertions(+), 124 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index d260670ff9..1fca64df15 100644
+index f158815c6b..afd6072d12 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -201,6 +201,7 @@ static void php_openssl_request_free_obj(zend_object *object)
@@ -1512,15 +1512,15 @@ index d260670ff9..1fca64df15 100644
static zend_function *php_openssl_pkey_get_constructor(zend_object *object) {
zend_throw_error(NULL, "Cannot directly construct OpenSSLAsymmetricKey, use openssl_pkey_new() instead");
return NULL;
-@@ -517,7 +525,6 @@ static X509 *php_openssl_x509_from_zval(zval *val, bool *free_cert);
- static X509_REQ *php_openssl_csr_from_param(zend_object *csr_obj, zend_string *csr_str);
- static EVP_PKEY *php_openssl_pkey_from_zval(zval *val, int public_key, char *passphrase, size_t passphrase_len);
+@@ -608,7 +616,6 @@ static X509_REQ *php_openssl_csr_from_param(
+ static EVP_PKEY *php_openssl_pkey_from_zval(
+ zval *val, int public_key, char *passphrase, size_t passphrase_len, uint32_t arg_num);
-static int php_openssl_is_private_key(EVP_PKEY* pkey);
- static X509_STORE * php_openssl_setup_verify(zval * calist);
- static STACK_OF(X509) * php_openssl_load_all_certs_from_file(char *certfile);
- static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req);
-@@ -3362,11 +3369,8 @@ PHP_FUNCTION(openssl_csr_new)
+ static X509_STORE * php_openssl_setup_verify(zval * calist, uint32_t arg_num);
+ static STACK_OF(X509) * php_openssl_load_all_certs_from_file(
+ char *cert_file, size_t cert_file_len, uint32_t arg_num);
+@@ -3463,11 +3470,8 @@ PHP_FUNCTION(openssl_csr_new)
if (we_made_the_key) {
/* and an object for the private key */
zval zkey_object;
@@ -1534,7 +1534,7 @@ index d260670ff9..1fca64df15 100644
ZEND_TRY_ASSIGN_REF_TMP(out_pkey, &zkey_object);
req.priv_key = NULL; /* make sure the cleanup code doesn't zap it! */
}
-@@ -3424,7 +3428,6 @@ PHP_FUNCTION(openssl_csr_get_public_key)
+@@ -3525,7 +3529,6 @@ PHP_FUNCTION(openssl_csr_get_public_key)
zend_string *csr_str;
zend_bool use_shortnames = 1;
@@ -1542,7 +1542,7 @@ index d260670ff9..1fca64df15 100644
EVP_PKEY *tpubkey;
ZEND_PARSE_PARAMETERS_START(1, 2)
-@@ -3467,9 +3470,7 @@ PHP_FUNCTION(openssl_csr_get_public_key)
+@@ -3568,9 +3571,7 @@ PHP_FUNCTION(openssl_csr_get_public_key)
RETURN_FALSE;
}
@@ -1553,7 +1553,7 @@ index d260670ff9..1fca64df15 100644
}
/* }}} */
-@@ -3545,10 +3546,9 @@ static EVP_PKEY *php_openssl_pkey_from_zval(zval *val, int public_key, char *pas
+@@ -3647,10 +3648,9 @@ static EVP_PKEY *php_openssl_pkey_from_zval(
}
if (Z_TYPE_P(val) == IS_OBJECT && Z_OBJCE_P(val) == php_openssl_pkey_ce) {
@@ -1567,7 +1567,7 @@ index d260670ff9..1fca64df15 100644
/* check whether it is actually a private key if requested */
if (!public_key && !is_priv) {
-@@ -3783,85 +3783,6 @@ cleanup:
+@@ -3885,85 +3885,6 @@ cleanup:
}
/* }}} */
@@ -1653,7 +1653,7 @@ index d260670ff9..1fca64df15 100644
#define OPENSSL_GET_BN(_array, _bn, _name) do { \
if (_bn != NULL) { \
int len = BN_num_bytes(_bn); \
-@@ -3920,7 +3841,7 @@ static zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa,
+@@ -4022,7 +3943,7 @@ static zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa,
}
/* {{{ php_openssl_pkey_init_dsa */
@@ -1662,7 +1662,7 @@ index d260670ff9..1fca64df15 100644
{
BIGNUM *p, *q, *g, *priv_key, *pub_key;
const BIGNUM *priv_key_const, *pub_key_const;
-@@ -3934,6 +3855,7 @@ static zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval *data)
+@@ -4036,6 +3957,7 @@ static zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval *data)
OPENSSL_PKEY_SET_BN(data, pub_key);
OPENSSL_PKEY_SET_BN(data, priv_key);
@@ -1670,7 +1670,7 @@ index d260670ff9..1fca64df15 100644
if (pub_key) {
return DSA_set0_key(dsa, pub_key, priv_key);
}
-@@ -3998,7 +3920,7 @@ static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM
+@@ -4100,7 +4022,7 @@ static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM
/* }}} */
/* {{{ php_openssl_pkey_init_dh */
@@ -1679,7 +1679,7 @@ index d260670ff9..1fca64df15 100644
{
BIGNUM *p, *q, *g, *priv_key, *pub_key;
-@@ -4011,6 +3933,7 @@ static zend_bool php_openssl_pkey_init_dh(DH *dh, zval *data)
+@@ -4113,6 +4035,7 @@ static zend_bool php_openssl_pkey_init_dh(DH *dh, zval *data)
OPENSSL_PKEY_SET_BN(data, priv_key);
OPENSSL_PKEY_SET_BN(data, pub_key);
@@ -1687,7 +1687,7 @@ index d260670ff9..1fca64df15 100644
if (pub_key) {
return DH_set0_key(dh, pub_key, priv_key);
}
-@@ -4039,7 +3962,6 @@ PHP_FUNCTION(openssl_pkey_new)
+@@ -4141,7 +4064,6 @@ PHP_FUNCTION(openssl_pkey_new)
struct php_x509_request req;
zval * args = NULL;
zval *data;
@@ -1695,7 +1695,7 @@ index d260670ff9..1fca64df15 100644
if (zend_parse_parameters(ZEND_NUM_ARGS(), "|a!", &args) == FAILURE) {
RETURN_THROWS();
-@@ -4056,9 +3978,7 @@ PHP_FUNCTION(openssl_pkey_new)
+@@ -4158,9 +4080,7 @@ PHP_FUNCTION(openssl_pkey_new)
RSA *rsa = RSA_new();
if (rsa) {
if (php_openssl_pkey_init_and_assign_rsa(pkey, rsa, data)) {
@@ -1706,7 +1706,7 @@ index d260670ff9..1fca64df15 100644
return;
}
RSA_free(rsa);
-@@ -4076,11 +3996,10 @@ PHP_FUNCTION(openssl_pkey_new)
+@@ -4178,11 +4098,10 @@ PHP_FUNCTION(openssl_pkey_new)
if (pkey) {
DSA *dsa = DSA_new();
if (dsa) {
@@ -1721,7 +1721,7 @@ index d260670ff9..1fca64df15 100644
return;
} else {
php_openssl_store_errors();
-@@ -4101,13 +4020,10 @@ PHP_FUNCTION(openssl_pkey_new)
+@@ -4203,13 +4122,10 @@ PHP_FUNCTION(openssl_pkey_new)
if (pkey) {
DH *dh = DH_new();
if (dh) {
@@ -1738,7 +1738,7 @@ index d260670ff9..1fca64df15 100644
return;
} else {
php_openssl_store_errors();
-@@ -4133,6 +4049,7 @@ PHP_FUNCTION(openssl_pkey_new)
+@@ -4235,6 +4151,7 @@ PHP_FUNCTION(openssl_pkey_new)
if (pkey) {
eckey = EC_KEY_new();
if (eckey) {
@@ -1746,7 +1746,7 @@ index d260670ff9..1fca64df15 100644
EC_GROUP *group = NULL;
zval *bn;
zval *x;
-@@ -4164,6 +4081,7 @@ PHP_FUNCTION(openssl_pkey_new)
+@@ -4266,6 +4183,7 @@ PHP_FUNCTION(openssl_pkey_new)
// The public key 'pnt' can be calculated from 'd' or is defined by 'x' and 'y'
if ((bn = zend_hash_str_find(Z_ARRVAL_P(data), "d", sizeof("d") - 1)) != NULL &&
Z_TYPE_P(bn) == IS_STRING) {
@@ -1754,7 +1754,7 @@ index d260670ff9..1fca64df15 100644
d = BN_bin2bn((unsigned char*) Z_STRVAL_P(bn), Z_STRLEN_P(bn), NULL);
if (!EC_KEY_set_private_key(eckey, d)) {
php_openssl_store_errors();
-@@ -4211,10 +4129,7 @@ PHP_FUNCTION(openssl_pkey_new)
+@@ -4313,10 +4231,7 @@ PHP_FUNCTION(openssl_pkey_new)
}
if (EC_KEY_check_key(eckey) && EVP_PKEY_assign_EC_KEY(pkey, eckey)) {
EC_GROUP_free(group);
@@ -1766,7 +1766,7 @@ index d260670ff9..1fca64df15 100644
return;
} else {
php_openssl_store_errors();
-@@ -4249,9 +4164,7 @@ clean_exit:
+@@ -4351,9 +4266,7 @@ clean_exit:
if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) {
if (php_openssl_generate_private_key(&req)) {
/* pass back a key resource */
@@ -1777,7 +1777,7 @@ index d260670ff9..1fca64df15 100644
/* make sure the cleanup code doesn't zap it! */
req.priv_key = NULL;
}
-@@ -4424,7 +4337,6 @@ PHP_FUNCTION(openssl_pkey_get_public)
+@@ -4526,7 +4439,6 @@ PHP_FUNCTION(openssl_pkey_get_public)
{
zval *cert;
EVP_PKEY *pkey;
@@ -1785,7 +1785,7 @@ index d260670ff9..1fca64df15 100644
if (zend_parse_parameters(ZEND_NUM_ARGS(), "z", &cert) == FAILURE) {
RETURN_THROWS();
-@@ -4434,9 +4346,7 @@ PHP_FUNCTION(openssl_pkey_get_public)
+@@ -4536,9 +4448,7 @@ PHP_FUNCTION(openssl_pkey_get_public)
RETURN_FALSE;
}
@@ -1796,7 +1796,7 @@ index d260670ff9..1fca64df15 100644
}
/* }}} */
-@@ -4458,7 +4368,6 @@ PHP_FUNCTION(openssl_pkey_get_private)
+@@ -4560,7 +4470,6 @@ PHP_FUNCTION(openssl_pkey_get_private)
EVP_PKEY *pkey;
char * passphrase = "";
size_t passphrase_len = sizeof("")-1;
@@ -1804,7 +1804,7 @@ index d260670ff9..1fca64df15 100644
if (zend_parse_parameters(ZEND_NUM_ARGS(), "z|s!", &cert, &passphrase, &passphrase_len) == FAILURE) {
RETURN_THROWS();
-@@ -4473,9 +4382,7 @@ PHP_FUNCTION(openssl_pkey_get_private)
+@@ -4575,9 +4484,7 @@ PHP_FUNCTION(openssl_pkey_get_private)
RETURN_FALSE;
}
@@ -1816,9 +1816,9 @@ index d260670ff9..1fca64df15 100644
/* }}} */
--
-2.31.1
+2.35.3
-From c58ef46342a52c8b81ee6f727257a2b471b6d9c3 Mon Sep 17 00:00:00 2001
+From 10413110152d816c16aee3ef854cce4784966239 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 5 Aug 2021 14:59:16 +0200
Subject: [PATCH 14/39] Add test for openssl_dh_compute_key()
@@ -1867,9 +1867,9 @@ index 0000000000..8730f4b57d
+--EXPECT--
+b0049944fa5d36f364dd02e675dde50f8c2d67481c5cf0fe2f248d383eec1d38c23d5ed2644fbef2676bcd6ce148361ca82619c8f93e10506cb89d0a1bdaa0f0bc6f68cef0f7cb6d97d43e8dda3c7a5c5a98ebd2342a605ce530fd46a0602d28d4afc48e92088d0bc42194ca8682a85317f812d81b86cd284eed405df2f76aae84ccd560856e8a3d0ce4f591394bca02eb8a1984ebb41bb19714fb8b579bcafd36a9051d51d075f66229893289d8a0c918bfd222f17803cc532d2cf93bb2a567953323ca409beb3237faae9c6fdfc671594324953badd07dd4770ee09fd19f90045654c5709e92aa614b83594c2f62a8bc3c7e786e54bc1259a0a737c70dd4cc
--
-2.31.1
+2.35.3
-From fbb478f86081d4d879d1ed644c37842e0d9b1192 Mon Sep 17 00:00:00 2001
+From 81985366729b7e81d924007cae618f1f75f9a7e1 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 5 Aug 2021 14:52:56 +0200
Subject: [PATCH 15/39] Extract php_openssl_pkey_derive() function
@@ -1882,10 +1882,10 @@ To allow sharing it with the openssl_dh_compute_key() implementation.
1 file changed, 41 insertions(+), 36 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 1fca64df15..bf3f70d355 100644
+index afd6072d12..ceece680b8 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -4560,6 +4560,34 @@ PHP_FUNCTION(openssl_pkey_get_details)
+@@ -4662,6 +4662,34 @@ PHP_FUNCTION(openssl_pkey_get_details)
}
/* }}} */
@@ -1920,7 +1920,7 @@ index 1fca64df15..bf3f70d355 100644
/* {{{ Computes shared secret for public value of remote DH key and local DH key */
PHP_FUNCTION(openssl_dh_compute_key)
{
-@@ -4567,7 +4595,6 @@ PHP_FUNCTION(openssl_dh_compute_key)
+@@ -4669,7 +4697,6 @@ PHP_FUNCTION(openssl_dh_compute_key)
char *pub_str;
size_t pub_len;
DH *dh;
@@ -1928,7 +1928,7 @@ index 1fca64df15..bf3f70d355 100644
BIGNUM *pub;
zend_string *data;
int len;
-@@ -4578,11 +4605,12 @@ PHP_FUNCTION(openssl_dh_compute_key)
+@@ -4680,11 +4707,12 @@ PHP_FUNCTION(openssl_dh_compute_key)
PHP_OPENSSL_CHECK_SIZE_T_TO_INT(pub_len, pub_key, 1);
@@ -1942,7 +1942,7 @@ index 1fca64df15..bf3f70d355 100644
dh = EVP_PKEY_get0_DH(pkey);
if (dh == NULL) {
RETURN_FALSE;
-@@ -4612,59 +4640,36 @@ PHP_FUNCTION(openssl_pkey_derive)
+@@ -4714,59 +4742,36 @@ PHP_FUNCTION(openssl_pkey_derive)
{
zval *priv_key;
zval *peer_pub_key;
@@ -1964,15 +1964,15 @@ index 1fca64df15..bf3f70d355 100644
}
- key_size = key_len;
-- pkey = php_openssl_pkey_from_zval(priv_key, 0, "", 0);
-+ EVP_PKEY *pkey = php_openssl_pkey_from_zval(priv_key, 0, "", 0);
+- pkey = php_openssl_pkey_from_zval(priv_key, 0, "", 0, 2);
++ EVP_PKEY *pkey = php_openssl_pkey_from_zval(priv_key, 0, "", 0, 2);
if (!pkey) {
- goto cleanup;
+ RETURN_FALSE;
}
-- peer_key = php_openssl_pkey_from_zval(peer_pub_key, 1, NULL, 0);
-+ EVP_PKEY *peer_key = php_openssl_pkey_from_zval(peer_pub_key, 1, NULL, 0);
+- peer_key = php_openssl_pkey_from_zval(peer_pub_key, 1, NULL, 0, 1);
++ EVP_PKEY *peer_key = php_openssl_pkey_from_zval(peer_pub_key, 1, NULL, 0, 1);
if (!peer_key) {
- goto cleanup;
- }
@@ -2014,9 +2014,9 @@ index 1fca64df15..bf3f70d355 100644
}
/* }}} */
--
-2.31.1
+2.35.3
-From f8f202ae92bf2c92cec4ad8d6bf2f57236ccd976 Mon Sep 17 00:00:00 2001
+From dda6e3b15760809b86a5ddf45cc19cc606b408f2 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 5 Aug 2021 15:58:20 +0200
Subject: [PATCH 16/39] Avoid DH_compute_key() with OpenSSL 3
@@ -2035,10 +2035,10 @@ DH keys prior to OpenSSL 3.
1 file changed, 40 insertions(+), 24 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index bf3f70d355..91d2589aad 100644
+index ceece680b8..1b27f609fe 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -4588,16 +4588,48 @@ static zend_string *php_openssl_pkey_derive(EVP_PKEY *key, EVP_PKEY *peer_key, s
+@@ -4690,16 +4690,48 @@ static zend_string *php_openssl_pkey_derive(EVP_PKEY *key, EVP_PKEY *peer_key, s
return result;
}
@@ -2091,7 +2091,7 @@ index bf3f70d355..91d2589aad 100644
if (zend_parse_parameters(ZEND_NUM_ARGS(), "sO", &pub_str, &pub_len, &key, php_openssl_pkey_ce) == FAILURE) {
RETURN_THROWS();
-@@ -4606,32 +4638,16 @@ PHP_FUNCTION(openssl_dh_compute_key)
+@@ -4708,32 +4740,16 @@ PHP_FUNCTION(openssl_dh_compute_key)
PHP_OPENSSL_CHECK_SIZE_T_TO_INT(pub_len, pub_key, 1);
EVP_PKEY *pkey = Z_OPENSSL_PKEY_P(key)->pkey;
@@ -2129,9 +2129,9 @@ index bf3f70d355..91d2589aad 100644
/* }}} */
--
-2.31.1
+2.35.3
-From fbb13f6bf183f1d2d95fe2aa48edce300aad5fd7 Mon Sep 17 00:00:00 2001
+From 6da4cc5e00da17af52467285a1101c39e95d0b66 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 14:54:59 +0200
Subject: [PATCH 17/39] Use different algorithm in pkcs7 tests
@@ -2200,9 +2200,9 @@ index ef9b25e70b..7a600bc292 100644
if (file_exists($outfile)) {
echo "true\n";
--
-2.31.1
+2.35.3
-From e6d9c6b6cfcc255124bb42b409c29db854ff828d Mon Sep 17 00:00:00 2001
+From e4ab465140753e247a0cd9d9047364e582e59cbe Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 5 Aug 2021 16:30:55 +0200
Subject: [PATCH 18/39] Use different algorithm in cms tests
@@ -2266,9 +2266,9 @@ index 929f3f2e02..4030862391 100644
print "PEM decrypt error\n";
print "recipient:\n";
--
-2.31.1
+2.35.3
-From 31e60d155d01253ab42f490fecd0f2a5e537bc47 Mon Sep 17 00:00:00 2001
+From 3721dfdca9e62d5ecfba130c66b1e910bd2d1689 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 5 Aug 2021 17:07:44 +0200
Subject: [PATCH 19/39] Use larger key size for DSA/DH tests
@@ -2315,9 +2315,9 @@ index 0b3f91b8fe..4e4bba8aa8 100644
?>
--EXPECTF--
--
-2.31.1
+2.35.3
-From b93f08093684d24a80857fec7ede1c41f440cff5 Mon Sep 17 00:00:00 2001
+From c1b1cba2c21378bc51881c4f5d335405a7384b56 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 13:54:26 +0200
Subject: [PATCH 20/39] Skip some tests if cipher not available
@@ -2385,9 +2385,9 @@ index 4175e703d2..e846b42e78 100644
+bool(true)
NULL
--
-2.31.1
+2.35.3
-From bc8281431c8ce82c232fee5674b945af95bbd860 Mon Sep 17 00:00:00 2001
+From d52d5912d444437f5e021ea7a2fa287fd9276b40 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 5 Aug 2021 16:29:43 +0200
Subject: [PATCH 21/39] Use different cipher in one more CMS test
@@ -2438,9 +2438,9 @@ index f1a0c6af8b..ee706ebfba 100644
if (file_exists($outfile)) {
echo "true\n";
--
-2.31.1
+2.35.3
-From c42a69def274fb77cbcb3db4189841e3f582803a Mon Sep 17 00:00:00 2001
+From a78ef37e631f2b6e7804a557d016737010fb15db Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Fri, 6 Aug 2021 10:35:49 +0200
Subject: [PATCH 22/39] Generate pkcs12_read test inputs on the fly
@@ -2544,9 +2544,9 @@ index b81b4d9dac..8cb2b41fd7 100644
}
--
-2.31.1
+2.35.3
-From 8e99695bb1f630edee4ddb44ae78e99190b5efb3 Mon Sep 17 00:00:00 2001
+From b9b0a9a1a42cbbea0d2fab27360fc5c62c98a6e4 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Fri, 6 Aug 2021 11:15:18 +0200
Subject: [PATCH 23/39] Do not special case export of EC keys
@@ -2568,10 +2568,10 @@ As the OpenSSL docs say:
2 files changed, 11 insertions(+), 31 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 91d2589aad..b360b0506e 100644
+index 1b27f609fe..4a151cf2d7 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -4225,21 +4225,9 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
+@@ -4327,21 +4327,9 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
cipher = NULL;
}
@@ -2596,7 +2596,7 @@ index 91d2589aad..b360b0506e 100644
if (pem_write) {
/* Success!
* If returning the output as a string, do so now */
-@@ -4297,21 +4285,9 @@ PHP_FUNCTION(openssl_pkey_export)
+@@ -4399,21 +4387,9 @@ PHP_FUNCTION(openssl_pkey_export)
cipher = NULL;
}
@@ -2639,9 +2639,9 @@ index 678b7e7299..5cd68d18b8 100644
bool(true)
object(OpenSSLAsymmetricKey)#%d (0) {
--
-2.31.1
+2.35.3
-From 87bec9d2942be4a87cccb0d28cb3e134d692c312 Mon Sep 17 00:00:00 2001
+From af97ffecf1c98606c65cabe5b150b5447a0d2c53 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Fri, 6 Aug 2021 16:51:05 +0200
Subject: [PATCH 24/39] Switch manual DH key generation to param API
@@ -2657,7 +2657,7 @@ legacy keys, cf. https://github.com/openssl/openssl/issues/16247.
1 file changed, 112 insertions(+), 24 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index b360b0506e..06e5adecda 100644
+index 4a151cf2d7..2493fd777c 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -56,6 +56,10 @@
@@ -2671,7 +2671,7 @@ index b360b0506e..06e5adecda 100644
/* Common */
#include <time.h>
-@@ -3919,8 +3923,8 @@ static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM
+@@ -4021,8 +4025,8 @@ static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM
}
/* }}} */
@@ -2682,7 +2682,7 @@ index b360b0506e..06e5adecda 100644
{
BIGNUM *p, *q, *g, *priv_key, *pub_key;
-@@ -3952,9 +3956,108 @@ static zend_bool php_openssl_pkey_init_dh(DH *dh, zval *data, bool *is_private)
+@@ -4054,9 +4058,108 @@ static zend_bool php_openssl_pkey_init_dh(DH *dh, zval *data, bool *is_private)
return 0;
}
/* all good */
@@ -2792,7 +2792,7 @@ index b360b0506e..06e5adecda 100644
/* {{{ Generates a new private key */
PHP_FUNCTION(openssl_pkey_new)
-@@ -4016,28 +4119,13 @@ PHP_FUNCTION(openssl_pkey_new)
+@@ -4118,28 +4221,13 @@ PHP_FUNCTION(openssl_pkey_new)
RETURN_FALSE;
} else if ((data = zend_hash_str_find(Z_ARRVAL_P(args), "dh", sizeof("dh") - 1)) != NULL &&
Z_TYPE_P(data) == IS_ARRAY) {
@@ -2828,9 +2828,9 @@ index b360b0506e..06e5adecda 100644
} else if ((data = zend_hash_str_find(Z_ARRVAL_P(args), "ec", sizeof("ec") - 1)) != NULL &&
Z_TYPE_P(data) == IS_ARRAY) {
--
-2.31.1
+2.35.3
-From 0b1f12e24360dad5c6feba319af7e12e2cf72fc1 Mon Sep 17 00:00:00 2001
+From 3a377b2e852b5164439d2e376ff5e9012a5dd27b Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Fri, 6 Aug 2021 17:14:58 +0200
Subject: [PATCH 25/39] Switch manual DSA key generation to param API
@@ -2847,10 +2847,10 @@ for FFC algorithms, as it's very similar).
1 file changed, 102 insertions(+), 24 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 06e5adecda..84a4083807 100644
+index 2493fd777c..732007be73 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -3844,8 +3844,8 @@ static zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa,
+@@ -3946,8 +3946,8 @@ static zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa,
return 1;
}
@@ -2861,7 +2861,7 @@ index 06e5adecda..84a4083807 100644
{
BIGNUM *p, *q, *g, *priv_key, *pub_key;
const BIGNUM *priv_key_const, *pub_key_const;
-@@ -3878,9 +3878,102 @@ static zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval *data, bool *is_privat
+@@ -3980,9 +3980,102 @@ static zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval *data, bool *is_privat
return 0;
}
/* all good */
@@ -2965,7 +2965,7 @@ index 06e5adecda..84a4083807 100644
/* {{{ php_openssl_dh_pub_from_priv */
static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM *p)
-@@ -4095,28 +4188,13 @@ PHP_FUNCTION(openssl_pkey_new)
+@@ -4197,28 +4290,13 @@ PHP_FUNCTION(openssl_pkey_new)
RETURN_FALSE;
} else if ((data = zend_hash_str_find(Z_ARRVAL_P(args), "dsa", sizeof("dsa") - 1)) != NULL &&
Z_TYPE_P(data) == IS_ARRAY) {
@@ -3001,9 +3001,9 @@ index 06e5adecda..84a4083807 100644
Z_TYPE_P(data) == IS_ARRAY) {
bool is_private;
--
-2.31.1
+2.35.3
-From d20cf6a278be5561debcd5ce0cc34a6046eac669 Mon Sep 17 00:00:00 2001
+From 3018e5994bf3c2fb2bfab8c21bd5052b3a0064d9 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Sun, 8 Aug 2021 17:39:06 +0200
Subject: [PATCH 26/39] Use OpenSSL NCONF APIs (#7337)
@@ -3014,10 +3014,10 @@ Subject: [PATCH 26/39] Use OpenSSL NCONF APIs (#7337)
1 file changed, 36 insertions(+), 30 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 84a4083807..1dda83f71e 100644
+index 732007be73..098b1163c6 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -500,8 +500,8 @@ int php_openssl_get_ssl_stream_data_index()
+@@ -587,8 +587,8 @@ int php_openssl_get_ssl_stream_data_index()
static char default_ssl_conf_filename[MAXPATHLEN];
struct php_x509_request { /* {{{ */
@@ -3028,7 +3028,7 @@ index 84a4083807..1dda83f71e 100644
const EVP_MD * md_alg;
const EVP_MD * digest;
char * section_name,
-@@ -712,13 +712,13 @@ static time_t php_openssl_asn1_time_to_time_t(ASN1_UTCTIME * timestr) /* {{{ */
+@@ -804,13 +804,13 @@ static time_t php_openssl_asn1_time_to_time_t(ASN1_UTCTIME * timestr) /* {{{ */
}
/* }}} */
@@ -3045,7 +3045,7 @@ index 84a4083807..1dda83f71e 100644
php_openssl_store_errors();
php_error_docref(NULL, E_WARNING, "Error loading %s section %s of %s",
section_label,
-@@ -730,17 +730,24 @@ static inline int php_openssl_config_check_syntax(const char * section_label, co
+@@ -822,17 +822,24 @@ static inline int php_openssl_config_check_syntax(const char * section_label, co
}
/* }}} */
@@ -3078,7 +3078,7 @@ index 84a4083807..1dda83f71e 100644
static int php_openssl_add_oid_section(struct php_x509_request * req) /* {{{ */
{
char * str;
-@@ -752,7 +759,7 @@ static int php_openssl_add_oid_section(struct php_x509_request * req) /* {{{ */
+@@ -844,7 +851,7 @@ static int php_openssl_add_oid_section(struct php_x509_request * req) /* {{{ */
if (str == NULL) {
return SUCCESS;
}
@@ -3087,7 +3087,7 @@ index 84a4083807..1dda83f71e 100644
if (sktmp == NULL) {
php_openssl_store_errors();
php_error_docref(NULL, E_WARNING, "Problem loading oid section %s", str);
-@@ -823,13 +830,13 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
+@@ -915,13 +922,13 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
SET_OPTIONAL_STRING_ARG("config", req->config_filename, default_ssl_conf_filename);
SET_OPTIONAL_STRING_ARG("config_section_name", req->section_name, "req");
@@ -3106,7 +3106,7 @@ index 84a4083807..1dda83f71e 100644
return FAILURE;
}
-@@ -853,8 +860,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
+@@ -945,8 +952,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
SET_OPTIONAL_STRING_ARG("req_extensions", req->request_extensions_section,
php_openssl_conf_get_string(req->req_config, req->section_name, "req_extensions"));
SET_OPTIONAL_LONG_ARG("private_key_bits", req->priv_key_bits,
@@ -3116,7 +3116,7 @@ index 84a4083807..1dda83f71e 100644
SET_OPTIONAL_LONG_ARG("private_key_type", req->priv_key_type, OPENSSL_KEYTYPE_DEFAULT);
if (optional_args && (item = zend_hash_str_find(Z_ARRVAL_P(optional_args), "encrypt_key", sizeof("encrypt_key")-1)) != NULL) {
-@@ -934,11 +940,11 @@ static void php_openssl_dispose_config(struct php_x509_request * req) /* {{{ */
+@@ -1026,11 +1032,11 @@ static void php_openssl_dispose_config(struct php_x509_request * req) /* {{{ */
req->priv_key = NULL;
}
if (req->global_config) {
@@ -3130,7 +3130,7 @@ index 84a4083807..1dda83f71e 100644
req->req_config = NULL;
}
}
-@@ -2844,12 +2850,12 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
+@@ -2947,12 +2953,12 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
STACK_OF(CONF_VALUE) * dn_sk, *attr_sk = NULL;
char * str, *dn_sect, *attr_sect;
@@ -3145,7 +3145,7 @@ index 84a4083807..1dda83f71e 100644
if (dn_sk == NULL) {
php_openssl_store_errors();
return FAILURE;
-@@ -2858,7 +2864,7 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
+@@ -2961,7 +2967,7 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
if (attr_sect == NULL) {
attr_sk = NULL;
} else {
@@ -3154,7 +3154,7 @@ index 84a4083807..1dda83f71e 100644
if (attr_sk == NULL) {
php_openssl_store_errors();
return FAILURE;
-@@ -3275,8 +3281,8 @@ PHP_FUNCTION(openssl_csr_sign)
+@@ -3376,8 +3382,8 @@ PHP_FUNCTION(openssl_csr_sign)
X509V3_CTX ctx;
X509V3_set_ctx(&ctx, cert, new_cert, csr, NULL, 0);
@@ -3165,7 +3165,7 @@ index 84a4083807..1dda83f71e 100644
php_openssl_store_errors();
goto cleanup;
}
-@@ -3349,10 +3355,10 @@ PHP_FUNCTION(openssl_csr_new)
+@@ -3450,10 +3456,10 @@ PHP_FUNCTION(openssl_csr_new)
X509V3_CTX ext_ctx;
X509V3_set_ctx(&ext_ctx, NULL, NULL, csr, NULL, 0);
@@ -3179,9 +3179,9 @@ index 84a4083807..1dda83f71e 100644
{
php_openssl_store_errors();
--
-2.31.1
+2.35.3
-From 575c8ddf73c4a343139be225596c5101497e3186 Mon Sep 17 00:00:00 2001
+From d6b6224ea0fcfd7ae358afa3a768878fb8fb9ccd Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Sun, 8 Aug 2021 20:54:46 +0100
Subject: [PATCH 27/39] Make CertificateGenerator not dependent on external
@@ -3237,9 +3237,9 @@ index 1dc378e706..4783353a47 100644
file_put_contents($file, $certText . PHP_EOL . $keyText);
} finally {
--
-2.31.1
+2.35.3
-From 4da1bade85b14bd1f0aa9cf9f463931de54de2ef Mon Sep 17 00:00:00 2001
+From dd5c2fac14bd179d3014fdf21accd7b81a67024b Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 9 Aug 2021 10:26:12 +0200
Subject: [PATCH 28/39] Extract EC key initialization
@@ -3250,10 +3250,10 @@ Subject: [PATCH 28/39] Extract EC key initialization
1 file changed, 126 insertions(+), 113 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 1dda83f71e..a595101cf6 100644
+index 098b1163c6..bfa3191410 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -4158,6 +4158,126 @@ cleanup:
+@@ -4260,6 +4260,126 @@ cleanup:
#endif
}
@@ -3380,7 +3380,7 @@ index 1dda83f71e..a595101cf6 100644
/* {{{ Generates a new private key */
PHP_FUNCTION(openssl_pkey_new)
{
-@@ -4213,120 +4333,13 @@ PHP_FUNCTION(openssl_pkey_new)
+@@ -4315,120 +4435,13 @@ PHP_FUNCTION(openssl_pkey_new)
#ifdef HAVE_EVP_PKEY_EC
} else if ((data = zend_hash_str_find(Z_ARRVAL_P(args), "ec", sizeof("ec") - 1)) != NULL &&
Z_TYPE_P(data) == IS_ARRAY) {
@@ -3508,9 +3508,9 @@ index 1dda83f71e..a595101cf6 100644
}
}
--
-2.31.1
+2.35.3
-From 0b12c49898ef390ce53e33490a842fd384de6902 Mon Sep 17 00:00:00 2001
+From 14ec063fb3aefafe98cd0853b07a5ccf8d247fc7 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 9 Aug 2021 12:01:35 +0200
Subject: [PATCH 29/39] Test calculation of EC public key from private key
@@ -3552,9 +3552,9 @@ index 0a71393ae3..0b05410c2c 100644
NULL
object(OpenSSLAsymmetricKey)#%d (0) {
--
-2.31.1
+2.35.3
-From 6b6b7c28dc81e106f6a1ef96d1f4bc43901764cf Mon Sep 17 00:00:00 2001
+From ffe0c9df1f478d34ec98e5bb02c2b0efb2443edb Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 9 Aug 2021 11:12:20 +0200
Subject: [PATCH 30/39] Use param API for creating EC keys
@@ -3567,10 +3567,10 @@ Rather than the deprecated low level APIs.
1 file changed, 96 insertions(+)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index a595101cf6..df057caa8b 100644
+index bfa3191410..45f2a30392 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -4159,6 +4159,7 @@ cleanup:
+@@ -4261,6 +4261,7 @@ cleanup:
}
#ifdef HAVE_EVP_PKEY_EC
@@ -3578,7 +3578,7 @@ index a595101cf6..df057caa8b 100644
static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_private) {
EC_GROUP *group = NULL;
EC_POINT *pnt = NULL;
-@@ -4236,6 +4237,7 @@ static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_
+@@ -4338,6 +4339,7 @@ static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_
}
if (!EC_KEY_check_key(eckey)) {
@@ -3586,7 +3586,7 @@ index a595101cf6..df057caa8b 100644
PHP_OPENSSL_RAND_ADD_TIME();
EC_KEY_generate_key(eckey);
php_openssl_store_errors();
-@@ -4252,8 +4254,101 @@ clean_exit:
+@@ -4354,8 +4356,101 @@ clean_exit:
EC_GROUP_free(group);
return false;
}
@@ -3688,7 +3688,7 @@ index a595101cf6..df057caa8b 100644
EVP_PKEY *pkey = EVP_PKEY_new();
if (!pkey) {
php_openssl_store_errors();
-@@ -4275,6 +4370,7 @@ static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) {
+@@ -4377,6 +4472,7 @@ static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) {
}
return pkey;
@@ -3697,9 +3697,9 @@ index a595101cf6..df057caa8b 100644
#endif
--
-2.31.1
+2.35.3
-From ab4d43be04953eb75b37d532ac5fe42f0464f1be Mon Sep 17 00:00:00 2001
+From 862016897008903be67970101a25c244bc9b3b2f Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 9 Aug 2021 14:19:33 +0200
Subject: [PATCH 31/39] Extract public key portion via PEM roundtrip
@@ -3714,10 +3714,10 @@ tripping through PEM.
1 file changed, 19 insertions(+), 24 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index df057caa8b..e86e99c73f 100644
+index 45f2a30392..ebc862eda2 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -3430,49 +3430,44 @@ PHP_FUNCTION(openssl_csr_get_subject)
+@@ -3531,49 +3531,44 @@ PHP_FUNCTION(openssl_csr_get_subject)
}
/* }}} */
@@ -3751,9 +3751,9 @@ index df057caa8b..e86e99c73f 100644
Z_PARAM_BOOL(use_shortnames)
ZEND_PARSE_PARAMETERS_END();
-- orig_csr = php_openssl_csr_from_param(csr_obj, csr_str);
+- orig_csr = php_openssl_csr_from_param(csr_obj, csr_str, 1);
- if (orig_csr == NULL) {
-+ X509_REQ *csr = php_openssl_csr_from_param(csr_obj, csr_str);
++ X509_REQ *csr = php_openssl_csr_from_param(csr_obj, csr_str, 1);
+ if (csr == NULL) {
RETURN_FALSE;
}
@@ -3787,9 +3787,9 @@ index df057caa8b..e86e99c73f 100644
if (tpubkey == NULL) {
--
-2.31.1
+2.35.3
-From 7939ffbdcc8d3358306653d7343f2b70204824f9 Mon Sep 17 00:00:00 2001
+From f80074791359e1f6d06803ae7abf0bfaba2208af Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Fri, 6 Aug 2021 12:08:07 +0200
Subject: [PATCH 32/39] Use param API for openssl_pkey_get_details()
@@ -3804,10 +3804,10 @@ run into buggy priv_key handling.
1 file changed, 106 insertions(+), 17 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index e86e99c73f..40f05da9f2 100644
+index ebc862eda2..c92524b08e 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -3788,17 +3788,17 @@ cleanup:
+@@ -3890,17 +3890,17 @@ cleanup:
}
/* }}} */
@@ -3835,7 +3835,7 @@ index e86e99c73f..40f05da9f2 100644
#define OPENSSL_PKEY_SET_BN(_data, _name) do { \
zval *bn; \
-@@ -4639,12 +4639,34 @@ PHP_FUNCTION(openssl_pkey_get_private)
+@@ -4741,12 +4741,34 @@ PHP_FUNCTION(openssl_pkey_get_private)
/* }}} */
@@ -3872,7 +3872,7 @@ index e86e99c73f..40f05da9f2 100644
unsigned int pbio_len;
char *pbio;
zend_long ktype;
-@@ -4653,9 +4675,9 @@ PHP_FUNCTION(openssl_pkey_get_details)
+@@ -4755,9 +4777,9 @@ PHP_FUNCTION(openssl_pkey_get_details)
RETURN_THROWS();
}
@@ -3884,7 +3884,7 @@ index e86e99c73f..40f05da9f2 100644
if (!PEM_write_bio_PUBKEY(out, pkey)) {
BIO_free(out);
php_openssl_store_errors();
-@@ -4669,6 +4691,72 @@ PHP_FUNCTION(openssl_pkey_get_details)
+@@ -4771,6 +4793,72 @@ PHP_FUNCTION(openssl_pkey_get_details)
/*TODO: Use the real values once the openssl constants are used
* See the enum at the top of this file
*/
@@ -3957,7 +3957,7 @@ index e86e99c73f..40f05da9f2 100644
switch (EVP_PKEY_base_id(pkey)) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
-@@ -4785,14 +4873,14 @@ PHP_FUNCTION(openssl_pkey_get_details)
+@@ -4887,14 +4975,14 @@ PHP_FUNCTION(openssl_pkey_get_details)
pub = EC_KEY_get0_public_key(ec_key);
if (EC_POINT_get_affine_coordinates_GFp(ec_group, pub, x, y, NULL)) {
@@ -3975,7 +3975,7 @@ index e86e99c73f..40f05da9f2 100644
}
add_assoc_zval(return_value, "ec", &ec);
-@@ -4806,6 +4894,7 @@ PHP_FUNCTION(openssl_pkey_get_details)
+@@ -4908,6 +4996,7 @@ PHP_FUNCTION(openssl_pkey_get_details)
ktype = -1;
break;
}
@@ -3984,9 +3984,9 @@ index e86e99c73f..40f05da9f2 100644
BIO_free(out);
--
-2.31.1
+2.35.3
-From 35012d2b29254b806e5f376817d22f6c3bab136d Mon Sep 17 00:00:00 2001
+From 657a28022fbcd7c22137f00c3688b4e5a19a1457 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 9 Aug 2021 14:34:12 +0200
Subject: [PATCH 33/39] Add missing unsigned qualifier
@@ -3999,10 +3999,10 @@ This previously got lost in the deprecation warning noise.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 40f05da9f2..856d7fc4af 100644
+index c92524b08e..36f69bf248 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -4256,7 +4256,7 @@ static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) {
+@@ -4358,7 +4358,7 @@ static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) {
BIGNUM *d = NULL, *x = NULL, *y = NULL;
EC_GROUP *group = NULL;
EC_POINT *pnt = NULL;
@@ -4012,9 +4012,9 @@ index 40f05da9f2..856d7fc4af 100644
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
OSSL_PARAM *params = NULL;
--
-2.31.1
+2.35.3
-From c34296faadc0a9e15e4ca960d573cdf3aabd8742 Mon Sep 17 00:00:00 2001
+From b4573ad1283bb4405b4826d248d272eaca2d9ee8 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 9 Aug 2021 14:47:43 +0200
Subject: [PATCH 34/39] Use param API to create RSA key
@@ -4037,10 +4037,10 @@ are more elsewhere.
2 files changed, 116 insertions(+), 21 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 856d7fc4af..9e31f76998 100644
+index 36f69bf248..e545c00731 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -3812,8 +3812,8 @@ static void php_openssl_add_bn_to_array(zval *ary, const BIGNUM *bn, const char
+@@ -3914,8 +3914,8 @@ static void php_openssl_add_bn_to_array(zval *ary, const BIGNUM *bn, const char
} \
} while (0);
@@ -4051,7 +4051,7 @@ index 856d7fc4af..9e31f76998 100644
{
BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
-@@ -3837,12 +3837,102 @@ static zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa,
+@@ -3939,12 +3939,102 @@ static zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa,
return 0;
}
@@ -4157,7 +4157,7 @@ index 856d7fc4af..9e31f76998 100644
}
#if PHP_OPENSSL_API_VERSION < 0x30000
-@@ -4386,23 +4476,12 @@ PHP_FUNCTION(openssl_pkey_new)
+@@ -4488,23 +4578,12 @@ PHP_FUNCTION(openssl_pkey_new)
if ((data = zend_hash_str_find(Z_ARRVAL_P(args), "rsa", sizeof("rsa")-1)) != NULL &&
Z_TYPE_P(data) == IS_ARRAY) {
@@ -4235,9 +4235,9 @@ index b2c37f6a87..08c9660f22 100644
int(0)
int(0)
--
-2.31.1
+2.35.3
-From b32adee0fe39c9d0fb981fc7cfe1892c225ba1c3 Mon Sep 17 00:00:00 2001
+From df158325e29bda202b654d1257a8f86782d7a2d2 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 10 Aug 2021 11:50:18 +0200
Subject: [PATCH 35/39] Fork openssl_error_string() test for OpenSSL
@@ -4462,9 +4462,9 @@ index 0000000000..b119346fe1
+openssl_csr_get_subject open: ok
+openssl_csr_get_subjec pem: ok
--
-2.31.1
+2.35.3
-From f99d70f7d8d660c2ded4f8f1700771c227987021 Mon Sep 17 00:00:00 2001
+From 48fb287c50a87929a30da3e751e4c0f7a3f2d86f Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 10 Aug 2021 12:17:17 +0200
Subject: [PATCH 36/39] Switch dh_param handling to EVP_PKEY API
@@ -4532,9 +4532,9 @@ index 206543ca82..b61234943e 100644
return SUCCESS;
}
--
-2.31.1
+2.35.3
-From b3deb9b38d4a52b4582f40d4d32240353db26653 Mon Sep 17 00:00:00 2001
+From 516b75ea853a88a8d690628e5283f551bce6664e Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 11 Aug 2021 10:11:12 +0200
Subject: [PATCH 37/39] Fix openssl memory leaks
@@ -4547,10 +4547,10 @@ Some leaks that snuck in during refactorings.
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 9e31f76998..d8102bd4bc 100644
+index e545c00731..c6445a1993 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -3463,7 +3463,9 @@ PHP_FUNCTION(openssl_csr_get_public_key)
+@@ -3564,7 +3564,9 @@ PHP_FUNCTION(openssl_csr_get_public_key)
}
/* Retrieve the public key from the CSR */
@@ -4561,7 +4561,7 @@ index 9e31f76998..d8102bd4bc 100644
if (csr_str) {
/* We need to free the original CSR if it was freshly created */
-@@ -4328,6 +4330,7 @@ static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_
+@@ -4430,6 +4432,7 @@ static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_
php_openssl_store_errors();
}
if (EC_KEY_check_key(eckey)) {
@@ -4570,9 +4570,9 @@ index 9e31f76998..d8102bd4bc 100644
} else {
php_openssl_store_errors();
--
-2.31.1
+2.35.3
-From 02f08ac888b0c5f43468eaf76b59b29a7c2d7c74 Mon Sep 17 00:00:00 2001
+From 63cd9d7c16f7b7fa847c2e5239285a7d07edd237 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Fri, 10 Sep 2021 11:28:20 +0200
Subject: [PATCH 38/39] fix [-Wmaybe-uninitialized] build warnings
@@ -4583,10 +4583,10 @@ Subject: [PATCH 38/39] fix [-Wmaybe-uninitialized] build warnings
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index d8102bd4bc..40e6e7ba97 100644
+index c6445a1993..8e28575659 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
-@@ -3991,6 +3991,8 @@ static EVP_PKEY *php_openssl_pkey_init_dsa(zval *data, bool *is_private)
+@@ -4093,6 +4093,8 @@ static EVP_PKEY *php_openssl_pkey_init_dsa(zval *data, bool *is_private)
OPENSSL_PKEY_SET_BN(data, priv_key);
OPENSSL_PKEY_SET_BN(data, pub_key);
@@ -4595,7 +4595,7 @@ index d8102bd4bc..40e6e7ba97 100644
if (!ctx || !bld || !p || !q || !g) {
goto cleanup;
}
-@@ -4162,6 +4164,8 @@ static EVP_PKEY *php_openssl_pkey_init_dh(zval *data, bool *is_private)
+@@ -4264,6 +4266,8 @@ static EVP_PKEY *php_openssl_pkey_init_dh(zval *data, bool *is_private)
OPENSSL_PKEY_SET_BN(data, priv_key);
OPENSSL_PKEY_SET_BN(data, pub_key);
@@ -4604,7 +4604,7 @@ index d8102bd4bc..40e6e7ba97 100644
if (!ctx || !bld || !p || !g) {
goto cleanup;
}
-@@ -4255,6 +4259,8 @@ static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_
+@@ -4357,6 +4361,8 @@ static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_
zval *x;
zval *y;
@@ -4613,7 +4613,7 @@ index d8102bd4bc..40e6e7ba97 100644
if ((bn = zend_hash_str_find(Z_ARRVAL_P(data), "curve_name", sizeof("curve_name") - 1)) != NULL &&
Z_TYPE_P(bn) == IS_STRING) {
int nid = OBJ_sn2nid(Z_STRVAL_P(bn));
-@@ -4279,7 +4285,6 @@ static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_
+@@ -4381,7 +4387,6 @@ static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_
}
// The public key 'pnt' can be calculated from 'd' or is defined by 'x' and 'y'
@@ -4621,7 +4621,7 @@ index d8102bd4bc..40e6e7ba97 100644
if ((bn = zend_hash_str_find(Z_ARRVAL_P(data), "d", sizeof("d") - 1)) != NULL &&
Z_TYPE_P(bn) == IS_STRING) {
*is_private = true;
-@@ -4360,6 +4365,8 @@ static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) {
+@@ -4462,6 +4467,8 @@ static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) {
OPENSSL_PKEY_SET_BN(data, x);
OPENSSL_PKEY_SET_BN(data, y);
@@ -4631,9 +4631,9 @@ index d8102bd4bc..40e6e7ba97 100644
goto cleanup;
}
--
-2.31.1
+2.35.3
-From b881c41d32928781cb48013692da04fc84ca9107 Mon Sep 17 00:00:00 2001
+From ae633599a3a1475e6b3508cd538c3d283fc2cabc Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Sun, 12 Sep 2021 20:30:02 +0100
Subject: [PATCH 39/39] Make OpenSSL tests less dependent on system config
@@ -4757,5 +4757,5 @@ index b119346fe1..d435a53e30 100644
// invalid x509 for getting public key
@openssl_pkey_get_public($private_key_file);
--
-2.31.1
+2.35.3
diff --git a/php-mbstring.patch b/php-mbstring.patch
deleted file mode 100644
index 7da512b..0000000
--- a/php-mbstring.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 2eb2f9d74f22bf35a4915ec95afc53a47ebf1af9 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Thu, 2 Jun 2022 08:05:22 +0200
-Subject: [PATCH] Fix GH-8685 mbstring requires pcre
-
----
- ext/mbstring/mbstring.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
-index 48f22a682a19..4a4088aed3fb 100644
---- a/ext/mbstring/mbstring.c
-+++ b/ext/mbstring/mbstring.c
-@@ -161,9 +161,18 @@ static const php_mb_nls_ident_list php_mb_default_identify_list[] = {
-
- /* }}} */
-
-+/* {{{ mbstring_deps[] */
-+static const zend_module_dep mbstring_deps[] = {
-+ ZEND_MOD_REQUIRED("pcre")
-+ ZEND_MOD_END
-+};
-+/* }}} */
-+
- /* {{{ zend_module_entry mbstring_module_entry */
- zend_module_entry mbstring_module_entry = {
-- STANDARD_MODULE_HEADER,
-+ STANDARD_MODULE_HEADER_EX,
-+ NULL,
-+ mbstring_deps,
- "mbstring",
- ext_functions,
- PHP_MINIT(mbstring),
diff --git a/php.spec b/php.spec
index 43bcc78..9543a61 100644
--- a/php.spec
+++ b/php.spec
@@ -114,8 +114,8 @@
#global gh_date 20200615
%global gh_owner php
%global gh_project php-src
-%global upver 8.0.20
-#global rcver RC1
+%global upver 8.0.21
+%global rcver RC1
Summary: PHP scripting language for creating dynamic web sites
Name: %{?scl_prefix}php
@@ -185,7 +185,7 @@ Patch48: php-8.0.10-snmp-sha.patch
# implement openssl_256 and openssl_512 for phar signatures, from 8.1
Patch49: php-8.0.10-phar-sha.patch
# compatibility with OpenSSL 3.0, from 8.1
-Patch50: php-8.0.10-openssl3.patch
+Patch50: php-8.0.21-openssl3.patch
# use system libxcrypt, from 8.1
Patch51: php-8.0.13-crypt.patch
@@ -193,7 +193,6 @@ Patch51: php-8.0.13-crypt.patch
Patch91: php-7.2.0-oci8conf.patch
# Upstream fixes (100+)
-Patch100: php-mbstring.patch
# Security fixes (200+)
@@ -320,7 +319,6 @@ The %{?scl_prefix}php-dbg package contains the interactive PHP debugger.
Summary: PHP FastCGI Process Manager
BuildRequires: libacl-devel
BuildRequires: pkgconfig(libsystemd) >= 209
-Requires(pre): %{_root_sbindir}/useradd
Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release}
%{?systemd_requires}
# This is actually needed for the %%triggerun script but Requires(triggerun)
@@ -333,6 +331,8 @@ Requires(pre): httpd-filesystem
# For php.conf in /etc/httpd/conf.d
# and version 2.4.10 for proxy support in SetHandler
Requires: httpd-filesystem >= 2.4.10
+%else
+Requires(pre): %{_root_sbindir}/useradd
%endif
%description fpm
@@ -961,7 +961,7 @@ sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in
%patch47 -p1 -b .phpinfo
%patch48 -p1 -b .sha
%patch49 -p1 -b .pharsha
-%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9
+%if 0%{?fedora} >= 36|| 0%{?rhel} >= 9
%patch50 -p1 -b .openssl3
rm ext/openssl/tests/p12_with_extra_certs.p12
%endif
@@ -970,7 +970,6 @@ rm ext/openssl/tests/p12_with_extra_certs.p12
%patch91 -p1 -b .remi-oci8
# upstream patches
-%patch100 -p1 -b .up
# security patches
@@ -1848,6 +1847,9 @@ fi
%changelog
+* Tue Jun 21 2022 Remi Collet <remi@remirepo.net> - 8.0.21~RC1-1
+- update to 8.0.21RC1
+
* Wed Jun 8 2022 Remi Collet <remi@remirepo.net> - 8.0.20-1
- Update to 8.0.20 - http://www.php.net/releases/8_0_20.php