summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--10-opcache.ini4
-rw-r--r--Makefile2
-rw-r--r--clog3
-rw-r--r--failed.txt13
-rw-r--r--php-8.0.0-phpinfo.patch118
-rw-r--r--php-8.0.10-openssl3.patch4761
-rw-r--r--php-8.0.10-phar-sha.patch515
-rw-r--r--php-8.0.10-snmp-sha.patch143
-rw-r--r--php-8.0.13-crypt.patch45
-rw-r--r--php-8.0.6-deprecated.patch400
-rw-r--r--php-8.1.0-libdb.patch (renamed from php-7.4.0-libdb.patch)4
-rw-r--r--php-8.1.0-phpinfo.patch44
-rw-r--r--php-8.1.0-systzdata-v22.patch (renamed from php-8.0.10-systzdata-v21.patch)34
-rw-r--r--php-8.2.0-parser.patch (renamed from php-8.0.19-parser.patch)4
-rw-r--r--php.ini358
-rw-r--r--php.spec254
16 files changed, 392 insertions, 6310 deletions
diff --git a/10-opcache.ini b/10-opcache.ini
index a5be172..d188ef0 100644
--- a/10-opcache.ini
+++ b/10-opcache.ini
@@ -136,12 +136,12 @@ opcache.huge_code_pages=0
; Specifies a PHP script that is going to be compiled and executed at server
; start-up.
-; http://php.net/opcache.preload
+; https://php.net/opcache.preload
;opcache.preload=
; Preloading code as root is not allowed for security reasons. This directive
; facilitates to let the preloading to be run as another user.
-; http://php.net/opcache.preload_user
+; https://php.net/opcache.preload_user
;opcache.preload_user=
; Prevents caching files that are less than this number of seconds old. It
diff --git a/Makefile b/Makefile
index a5696eb..dcfdce0 100644
--- a/Makefile
+++ b/Makefile
@@ -3,4 +3,4 @@ NAME := $(shell basename $(SRCDIR))
include ../../common/Makefile
srpm:
- rpmbuild $(RPMDEFINES) $(SRCDEFINES) --define 'scl php80' -bs $(NAME).spec
+ rpmbuild $(RPMDEFINES) $(SRCDEFINES) --define 'scl php82' -bs $(NAME).spec
diff --git a/clog b/clog
deleted file mode 100644
index 9f3046c..0000000
--- a/clog
+++ /dev/null
@@ -1,3 +0,0 @@
-Update to 8.0.19 - http://www.php.net/releases/8_0_19.php
-
-use oracle client library version 21.6
diff --git a/failed.txt b/failed.txt
index 1495908..72a790e 100644
--- a/failed.txt
+++ b/failed.txt
@@ -1,13 +1,12 @@
-===== 8.0.19 (2022-05-12)
+===== 8.2.0-dev (2022-05-11)
$ grep -ar 'Tests failed' /var/lib/mock/*/build.log
-/var/lib/mock/scl80el7x/build.log:Tests failed : 0
-/var/lib/mock/scl80el8x/build.log:Tests failed : 0
-/var/lib/mock/scl80el9x/build.log:Tests failed : 0
-/var/lib/mock/scl80fc34x/build.log:Tests failed : 0
-/var/lib/mock/scl80fc35x/build.log:Tests failed : 0
-/var/lib/mock/scl80fc36x/build.log:Tests failed : 0
+/var/lib/mock/scl81el7x/build.log:Tests failed : 0
+/var/lib/mock/scl81el8x/build.log:Tests failed : 0
+/var/lib/mock/scl81el9x/build.log:Tests failed : 0
+/var/lib/mock/scl81fc35x/build.log:Tests failed : 0
+/var/lib/mock/scl81fc36x/build.log:Tests failed : 0
diff --git a/php-8.0.0-phpinfo.patch b/php-8.0.0-phpinfo.patch
deleted file mode 100644
index 391d996..0000000
--- a/php-8.0.0-phpinfo.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-
-Drop "Configure Command" from phpinfo as it doesn't
-provide any useful information.
-The available extensions are not related to this command.
-
-Replace full GCC name by gcc in php -v output
-
-
-Also apply
-
-From 9bf43c45908433d382f0499d529849172d0d8206 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Mon, 28 Dec 2020 08:33:09 +0100
-Subject: [PATCH] rename COMPILER and ARCHITECTURE macro (too generic)
-
----
- configure.ac | 4 ++--
- ext/standard/info.c | 8 ++++----
- sapi/cli/php_cli.c | 8 ++++----
- win32/build/confutils.js | 10 +++++-----
- 4 files changed, 15 insertions(+), 15 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 9d9c8b155b07..143dc061346b 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1289,10 +1289,10 @@ if test -n "${PHP_BUILD_PROVIDER}"; then
- AC_DEFINE_UNQUOTED(PHP_BUILD_PROVIDER,"$PHP_BUILD_PROVIDER",[build provider])
- fi
- if test -n "${PHP_BUILD_COMPILER}"; then
-- AC_DEFINE_UNQUOTED(COMPILER,"$PHP_BUILD_COMPILER",[used compiler for build])
-+ AC_DEFINE_UNQUOTED(PHP_BUILD_COMPILER,"$PHP_BUILD_COMPILER",[used compiler for build])
- fi
- if test -n "${PHP_BUILD_ARCH}"; then
-- AC_DEFINE_UNQUOTED(ARCHITECTURE,"$PHP_BUILD_ARCH",[build architecture])
-+ AC_DEFINE_UNQUOTED(PHP_BUILD_ARCH,"$PHP_BUILD_ARCH",[build architecture])
- fi
-
- PHP_SUBST_OLD(PHP_INSTALLED_SAPIS)
-diff --git a/ext/standard/info.c b/ext/standard/info.c
-index 153cb6cde014..8ceef31d9fe4 100644
---- a/ext/standard/info.c
-+++ b/ext/standard/info.c
-@@ -798,11 +798,11 @@ PHPAPI ZEND_COLD void php_print_info(int flag)
- #ifdef PHP_BUILD_PROVIDER
- php_info_print_table_row(2, "Build Provider", PHP_BUILD_PROVIDER);
- #endif
--#ifdef COMPILER
-- php_info_print_table_row(2, "Compiler", COMPILER);
-+#ifdef PHP_BUILD_COMPILER
-+ php_info_print_table_row(2, "Compiler", PHP_BUILD_COMPILER);
- #endif
--#ifdef ARCHITECTURE
-- php_info_print_table_row(2, "Architecture", ARCHITECTURE);
-+#ifdef PHP_BUILD_ARCH
-+ php_info_print_table_row(2, "Architecture", PHP_BUILD_ARCH);
- #endif
- #ifdef CONFIGURE_COMMAND
- php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
-diff --git a/sapi/cli/php_cli.c b/sapi/cli/php_cli.c
-index 5092fb0ffd68..9d296acec631 100644
---- a/sapi/cli/php_cli.c
-+++ b/sapi/cli/php_cli.c
-@@ -640,12 +640,12 @@ static int do_cli(int argc, char **argv) /* {{{ */
- #else
- "NTS "
- #endif
--#ifdef COMPILER
-- COMPILER
-+#ifdef PHP_BUILD_COMPILER
-+ PHP_BUILD_COMPILER
- " "
- #endif
--#ifdef ARCHITECTURE
-- ARCHITECTURE
-+#ifdef PHP_BUILD_ARCH
-+ PHP_BUILD_ARCH
- " "
- #endif
- #if ZEND_DEBUG
-
-diff -up ./ext/standard/info.c.phpinfo ./ext/standard/info.c
---- ./ext/standard/info.c.phpinfo 2020-07-21 10:49:31.000000000 +0200
-+++ ./ext/standard/info.c 2020-07-21 11:41:56.295633523 +0200
-@@ -804,9 +804,6 @@ PHPAPI ZEND_COLD void php_print_info(int
- #ifdef PHP_BUILD_ARCH
- php_info_print_table_row(2, "Architecture", PHP_BUILD_ARCH);
- #endif
--#ifdef CONFIGURE_COMMAND
-- php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
--#endif
-
- if (sapi_module.pretty_name) {
- php_info_print_table_row(2, "Server API", sapi_module.pretty_name );
-diff -up ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo ./ext/standard/tests/general_functions/phpinfo.phpt
---- ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo 2020-07-21 10:49:31.000000000 +0200
-+++ ./ext/standard/tests/general_functions/phpinfo.phpt 2020-07-21 11:41:56.296633522 +0200
-@@ -17,7 +17,6 @@ PHP Version => %s
-
- System => %s
- Build Date => %s%a
--Configure Command => %s
- Server API => Command Line Interface
- Virtual Directory Support => %s
- Configuration File (php.ini) Path => %s
-diff -up ./sapi/cli/php_cli.c.phpinfo ./sapi/cli/php_cli.c
---- ./sapi/cli/php_cli.c.phpinfo 2020-07-21 11:43:38.812475300 +0200
-+++ ./sapi/cli/php_cli.c 2020-07-21 11:43:45.783464540 +0200
-@@ -641,8 +641,7 @@ static int do_cli(int argc, char **argv)
- "NTS "
- #endif
- #ifdef PHP_BUILD_COMPILER
-- PHP_BUILD_COMPILER
-- " "
-+ "gcc "
- #endif
- #ifdef PHP_BUILD_ARCH
- PHP_BUILD_ARCH
diff --git a/php-8.0.10-openssl3.patch b/php-8.0.10-openssl3.patch
deleted file mode 100644
index 6070150..0000000
--- a/php-8.0.10-openssl3.patch
+++ /dev/null
@@ -1,4761 +0,0 @@
-From 3d13d14f318267b27f99025b37a2061c835e0727 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@php.net>
-Date: Sun, 8 Aug 2021 17:38:30 +0200
-Subject: [PATCH 01/39] minimal fix for openssl 3.0 (#7002)
-
-(cherry picked from commit a0972deb0f441fc7991001cb51efc994b70a3b51)
----
- ext/openssl/openssl.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 19e7a0d79e..015cd89aa6 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -1221,7 +1221,9 @@ PHP_MINIT_FUNCTION(openssl)
- REGISTER_LONG_CONSTANT("OPENSSL_CMS_NOSIGS", CMS_NOSIGS, CONST_CS|CONST_PERSISTENT);
-
- REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
-+#ifdef RSA_SSLV23_PADDING
- REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT);
-+#endif
- REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
- REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
-
---
-2.31.1
-
-From fc0dbc36e4563a5146aa5345e8520f6601ec7030 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Wed, 4 Aug 2021 09:41:39 +0200
-Subject: [PATCH 02/39] Optimize openssl memory leak test
-
-Just do one call and check whether memory usage changes. Looping
-this 100000 times is extremely slow with debug builds of openssl.
-
-(cherry picked from commit 6249172ae37f958f0a3ef92cb55d5bf7affa8214)
----
- ext/openssl/tests/bug79145.phpt | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/ext/openssl/tests/bug79145.phpt b/ext/openssl/tests/bug79145.phpt
-index 4f3dc9e766..c9c7df2953 100644
---- a/ext/openssl/tests/bug79145.phpt
-+++ b/ext/openssl/tests/bug79145.phpt
-@@ -3,7 +3,6 @@ Bug #79145 (openssl memory leak)
- --SKIPIF--
- <?php
- if (!extension_loaded('openssl')) die('skip openssl extension not available');
--if (getenv('SKIP_SLOW_TESTS')) die('skip slow test');
- ?>
- --FILE--
- <?php
-@@ -14,13 +13,14 @@ j85Q5OliVxOdB1LoTOsOmfFf/fdvpU3DsOWsDKlVrL41MHxXorwrwOiys/r/gv2d
- C9C4JmhTOjBVAK8SewIDAQAC
- -----END PUBLIC KEY-----';
-
-+$a = openssl_get_publickey($b);
-+@openssl_free_key($a);
-+
- $start = memory_get_usage(true);
--for ($i = 0; $i < 100000; $i++) {
-- $a = openssl_get_publickey($b);
-- @openssl_free_key($a);
--}
-+$a = openssl_get_publickey($b);
-+@openssl_free_key($a);
- $end = memory_get_usage(true);
--var_dump($end <= 1.1 * $start);
-+var_dump($end == $start);
- ?>
- --EXPECT--
- bool(true)
---
-2.31.1
-
-From da4fbfb99a6dfc9dbaaa04a4bc8068a7e9bfa46c Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Wed, 4 Aug 2021 09:46:07 +0200
-Subject: [PATCH 03/39] Reduce security level in some OpenSSL tests
-
-This allows tests using older protocols and algorithms to work
-under OpenSSL 3.
-
-Also account for minor changes in error reporting.
-
-(cherry picked from commit 3ea57cf83834e07aae6953201015e39b4a2ac6dd)
----
- ext/openssl/tests/session_meta_capture.phpt | 4 ++--
- ext/openssl/tests/stream_crypto_flags_001.phpt | 4 ++--
- ext/openssl/tests/stream_crypto_flags_002.phpt | 4 ++--
- ext/openssl/tests/stream_crypto_flags_003.phpt | 4 ++--
- ext/openssl/tests/stream_crypto_flags_004.phpt | 4 ++--
- ext/openssl/tests/stream_security_level.phpt | 4 ++--
- ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt | 4 ++--
- ext/openssl/tests/tls_wrapper.phpt | 4 ++--
- ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt | 4 ++--
- ext/openssl/tests/tlsv1.0_wrapper.phpt | 4 ++--
- ext/openssl/tests/tlsv1.1_wrapper.phpt | 4 ++--
- 11 files changed, 22 insertions(+), 22 deletions(-)
-
-diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt
-index 58b48e9c59..8a0f403a15 100644
---- a/ext/openssl/tests/session_meta_capture.phpt
-+++ b/ext/openssl/tests/session_meta_capture.phpt
-@@ -15,7 +15,7 @@ $serverCode = <<<'CODE'
- $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
- $serverCtx = stream_context_create(['ssl' => [
- 'local_cert' => '%s',
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
-@@ -36,7 +36,7 @@ $clientCode = <<<'CODE'
- 'verify_peer' => true,
- 'cafile' => '%s',
- 'peer_name' => '%s',
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- phpt_wait();
-diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt
-index acd97110ff..a86e0f8a6c 100644
---- a/ext/openssl/tests/stream_crypto_flags_001.phpt
-+++ b/ext/openssl/tests/stream_crypto_flags_001.phpt
-@@ -15,7 +15,7 @@ $serverCode = <<<'CODE'
- $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
- $serverCtx = stream_context_create(['ssl' => [
- 'local_cert' => '%s',
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
-@@ -35,7 +35,7 @@ $clientCode = <<<'CODE'
- 'verify_peer' => true,
- 'cafile' => '%s',
- 'peer_name' => '%s',
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- phpt_wait();
-diff --git a/ext/openssl/tests/stream_crypto_flags_002.phpt b/ext/openssl/tests/stream_crypto_flags_002.phpt
-index 15b1ec2cfc..2870bdc814 100644
---- a/ext/openssl/tests/stream_crypto_flags_002.phpt
-+++ b/ext/openssl/tests/stream_crypto_flags_002.phpt
-@@ -15,7 +15,7 @@ $serverCode = <<<'CODE'
- $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
- $serverCtx = stream_context_create(['ssl' => [
- 'local_cert' => '%s',
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
-@@ -36,7 +36,7 @@ $clientCode = <<<'CODE'
- 'verify_peer' => true,
- 'cafile' => '%s',
- 'peer_name' => '%s',
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- phpt_wait();
-diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt
-index 35f83f22dd..da1f1ae228 100644
---- a/ext/openssl/tests/stream_crypto_flags_003.phpt
-+++ b/ext/openssl/tests/stream_crypto_flags_003.phpt
-@@ -19,7 +19,7 @@ $serverCode = <<<'CODE'
-
- // Only accept TLSv1.0 and TLSv1.2 connections
- 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
-@@ -40,7 +40,7 @@ $clientCode = <<<'CODE'
- 'verify_peer' => true,
- 'cafile' => '%s',
- 'peer_name' => '%s',
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- phpt_wait();
-diff --git a/ext/openssl/tests/stream_crypto_flags_004.phpt b/ext/openssl/tests/stream_crypto_flags_004.phpt
-index d9bfcfea3f..b7626b8ea7 100644
---- a/ext/openssl/tests/stream_crypto_flags_004.phpt
-+++ b/ext/openssl/tests/stream_crypto_flags_004.phpt
-@@ -16,7 +16,7 @@ $serverCode = <<<'CODE'
- $serverCtx = stream_context_create(['ssl' => [
- 'local_cert' => '%s',
- 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER,
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
-@@ -37,7 +37,7 @@ $clientCode = <<<'CODE'
- 'verify_peer' => true,
- 'cafile' => '%s',
- 'peer_name' => '%s',
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- phpt_wait();
-diff --git a/ext/openssl/tests/stream_security_level.phpt b/ext/openssl/tests/stream_security_level.phpt
-index 44ba4c6d57..b8a8796de3 100644
---- a/ext/openssl/tests/stream_security_level.phpt
-+++ b/ext/openssl/tests/stream_security_level.phpt
-@@ -24,7 +24,7 @@ $serverCode = <<<'CODE'
- 'local_cert' => '%s',
- // Make sure the server side starts up successfully if the default security level is
- // higher. We want to test the error at the client side.
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
-@@ -66,7 +66,7 @@ ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
- ?>
- --EXPECTF--
- Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
--error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in %s : eval()'d code on line %d
-+error:%s:SSL routines:%S:certificate verify failed in %s : eval()'d code on line %d
-
- Warning: stream_socket_client(): Failed to enable crypto in %s : eval()'d code on line %d
-
-diff --git a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt
-index ac31192da4..73dd812291 100644
---- a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt
-+++ b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt
-@@ -15,7 +15,7 @@ $serverCode = <<<'CODE'
- 'local_cert' => '%s',
- 'min_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_0,
- 'max_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_1,
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
-@@ -32,7 +32,7 @@ $clientCode = <<<'CODE'
- $ctx = stream_context_create(['ssl' => [
- 'verify_peer' => false,
- 'verify_peer_name' => false,
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- phpt_wait();
-diff --git a/ext/openssl/tests/tls_wrapper.phpt b/ext/openssl/tests/tls_wrapper.phpt
-index d79e978c10..3488f6f7f0 100644
---- a/ext/openssl/tests/tls_wrapper.phpt
-+++ b/ext/openssl/tests/tls_wrapper.phpt
-@@ -14,7 +14,7 @@ $serverCode = <<<'CODE'
- $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
- $ctx = stream_context_create(['ssl' => [
- 'local_cert' => '%s',
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
-@@ -31,7 +31,7 @@ $clientCode = <<<'CODE'
- $ctx = stream_context_create(['ssl' => [
- 'verify_peer' => false,
- 'verify_peer_name' => false,
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- phpt_wait();
-diff --git a/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt b/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt
-index b419179b3f..c8a0245601 100644
---- a/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt
-+++ b/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt
-@@ -14,7 +14,7 @@ $serverCode = <<<'CODE'
- $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
- $ctx = stream_context_create(['ssl' => [
- 'local_cert' => '%s',
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
-@@ -31,7 +31,7 @@ $clientCode = <<<'CODE'
- $ctx = stream_context_create(['ssl' => [
- 'verify_peer' => false,
- 'verify_peer_name' => false,
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- phpt_wait();
-diff --git a/ext/openssl/tests/tlsv1.0_wrapper.phpt b/ext/openssl/tests/tlsv1.0_wrapper.phpt
-index adbe7b6308..fc802662ac 100644
---- a/ext/openssl/tests/tlsv1.0_wrapper.phpt
-+++ b/ext/openssl/tests/tlsv1.0_wrapper.phpt
-@@ -13,7 +13,7 @@ $serverCode = <<<'CODE'
- $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
- $ctx = stream_context_create(['ssl' => [
- 'local_cert' => '%s',
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- $server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
-@@ -30,7 +30,7 @@ $clientCode = <<<'CODE'
- $ctx = stream_context_create(['ssl' => [
- 'verify_peer' => false,
- 'verify_peer_name' => false,
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- phpt_wait();
-diff --git a/ext/openssl/tests/tlsv1.1_wrapper.phpt b/ext/openssl/tests/tlsv1.1_wrapper.phpt
-index c1aaa04919..84a137b5f4 100644
---- a/ext/openssl/tests/tlsv1.1_wrapper.phpt
-+++ b/ext/openssl/tests/tlsv1.1_wrapper.phpt
-@@ -13,7 +13,7 @@ $serverCode = <<<'CODE'
- $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
- $ctx = stream_context_create(['ssl' => [
- 'local_cert' => '%s',
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- $server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
-@@ -30,7 +30,7 @@ $clientCode = <<<'CODE'
- $ctx = stream_context_create(['ssl' => [
- 'verify_peer' => false,
- 'verify_peer_name' => false,
-- 'security_level' => 1,
-+ 'security_level' => 0,
- ]]);
-
- phpt_wait();
---
-2.31.1
-
-From fe770720985c5f31a79528528be0aa8e0e56a389 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Wed, 4 Aug 2021 09:57:40 +0200
-Subject: [PATCH 04/39] Adjust some tests for whitespace differences in OpenSSL
- 3
-
-A trailing newline is no longer present in OpenSSL 3.
-
-(cherry picked from commit 0a530d7650c6f9cb7c1b55755c8bf5961052039c)
----
- ext/openssl/tests/bug28382.phpt | 17 +++++++----------
- ext/openssl/tests/cve2013_4073.phpt | 5 ++---
- ext/openssl/tests/openssl_x509_parse_basic.phpt | 10 ++++------
- 3 files changed, 13 insertions(+), 19 deletions(-)
-
-diff --git a/ext/openssl/tests/bug28382.phpt b/ext/openssl/tests/bug28382.phpt
-index 3d8cb528ba..00765ba838 100644
---- a/ext/openssl/tests/bug28382.phpt
-+++ b/ext/openssl/tests/bug28382.phpt
-@@ -9,11 +9,10 @@ if (!extension_loaded("openssl")) die("skip");
- $cert = file_get_contents(__DIR__ . "/bug28382cert.txt");
- $ext = openssl_x509_parse($cert);
- var_dump($ext['extensions']);
--/* openssl 1.0 prepends the string "Full Name:" to the crlDistributionPoints array key.
-- For now, as this is the one difference only between 0.9.x and 1.x, it's handled with
-- placeholders to not to duplicate the test. When more diffs come, a duplication would
-- be probably a better solution.
--*/
-+/*
-+ * The reason for %A at the end of crlDistributionPoints and authorityKeyIdentifier is that
-+ * OpenSSL 3.0 removes new lines which were present in previous versions.
-+ */
- ?>
- --EXPECTF--
- array(11) {
-@@ -24,8 +23,7 @@ array(11) {
- ["nsCertType"]=>
- string(30) "SSL Client, SSL Server, S/MIME"
- ["crlDistributionPoints"]=>
-- string(%d) "%AURI:http://mobile.blue-software.ro:90/ca/crl.shtml
--"
-+ string(%d) "%AURI:http://mobile.blue-software.ro:90/ca/crl.shtml%A"
- ["nsCaPolicyUrl"]=>
- string(38) "http://mobile.blue-software.ro:90/pub/"
- ["subjectAltName"]=>
-@@ -33,9 +31,8 @@ array(11) {
- ["subjectKeyIdentifier"]=>
- string(59) "B0:A7:FF:F9:41:15:DE:23:39:BD:DD:31:0F:97:A0:B2:A2:74:E0:FC"
- ["authorityKeyIdentifier"]=>
-- string(115) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/emailAddress=n_sergiu@hotmail.com
--serial:00
--"
-+ string(%d) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/emailAddress=n_sergiu@hotmail.com
-+serial:00%A"
- ["keyUsage"]=>
- string(71) "Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment"
- ["nsBaseUrl"]=>
-diff --git a/ext/openssl/tests/cve2013_4073.phpt b/ext/openssl/tests/cve2013_4073.phpt
-index c88021b0ae..5cd05ab040 100644
---- a/ext/openssl/tests/cve2013_4073.phpt
-+++ b/ext/openssl/tests/cve2013_4073.phpt
-@@ -9,11 +9,10 @@ $info = openssl_x509_parse($cert);
- var_export($info['extensions']);
-
- ?>
----EXPECT--
-+--EXPECTF--
- array (
- 'basicConstraints' => 'CA:FALSE',
- 'subjectKeyIdentifier' => '88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C',
- 'keyUsage' => 'Digital Signature, Non Repudiation, Key Encipherment',
-- 'subjectAltName' => 'DNS:altnull.python.org' . "\0" . 'example.com, email:null@python.org' . "\0" . 'user@example.org, URI:http://null.python.org' . "\0" . 'http://example.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1
--',
-+ 'subjectAltName' => 'DNS:altnull.python.org' . "\0" . 'example.com, email:null@python.org' . "\0" . 'user@example.org, URI:http://null.python.org' . "\0" . 'http://example.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1%A',
- )
-diff --git a/ext/openssl/tests/openssl_x509_parse_basic.phpt b/ext/openssl/tests/openssl_x509_parse_basic.phpt
-index b80c1f71f1..38915157f3 100644
---- a/ext/openssl/tests/openssl_x509_parse_basic.phpt
-+++ b/ext/openssl/tests/openssl_x509_parse_basic.phpt
-@@ -153,10 +153,9 @@ array(16) {
- ["subjectKeyIdentifier"]=>
- string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D"
- ["authorityKeyIdentifier"]=>
-- string(202) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
-+ string(%d) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
- DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net
--serial:AE:C5:56:CC:72:37:50:A2
--"
-+serial:AE:C5:56:CC:72:37:50:A2%A"
- ["basicConstraints"]=>
- string(7) "CA:TRUE"
- }
-@@ -301,10 +300,9 @@ array(16) {
- ["subjectKeyIdentifier"]=>
- string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D"
- ["authorityKeyIdentifier"]=>
-- string(202) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
-+ string(%d) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
- DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net
--serial:AE:C5:56:CC:72:37:50:A2
--"
-+serial:AE:C5:56:CC:72:37:50:A2%A"
- ["basicConstraints"]=>
- string(7) "CA:TRUE"
- }
---
-2.31.1
-
-From 676a47080bed2730b892e4ea43b93deb4acea335 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Wed, 4 Aug 2021 11:55:47 +0200
-Subject: [PATCH 05/39] Use different cipher in openssl_seal() test
-
-RC4 is insecure and not supported in newer versions.
-
-(cherry picked from commit 046b36bcf8c062375c9f5e2a763d6144c2a484b4)
----
- ext/openssl/tests/openssl_seal_basic.phpt | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/ext/openssl/tests/openssl_seal_basic.phpt b/ext/openssl/tests/openssl_seal_basic.phpt
-index 16efb05a66..e23045c992 100644
---- a/ext/openssl/tests/openssl_seal_basic.phpt
-+++ b/ext/openssl/tests/openssl_seal_basic.phpt
-@@ -9,7 +9,7 @@ $a = 1;
- $b = array(1);
- $c = array(1);
- $d = array(1);
--$method = "RC4";
-+$method = "AES-128-ECB";
-
- var_dump(openssl_seal($a, $b, $c, $d, $method));
-
-@@ -41,8 +41,8 @@ var_dump(openssl_seal($data, $sealed, $ekeys, array($wrong), $method));
- Warning: openssl_seal(): Not a public key (1th member of pubkeys) in %s on line %d
- bool(false)
- openssl_seal(): Argument #4 ($public_key) cannot be empty
--int(19)
--int(19)
-+int(32)
-+int(32)
-
- Warning: openssl_seal(): Not a public key (2th member of pubkeys) in %s on line %d
- bool(false)
---
-2.31.1
-
-From 389b4605281975d4ecac92cb3751d18d2e3fd60a Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Wed, 4 Aug 2021 11:58:46 +0200
-Subject: [PATCH 06/39] Don't test legacy algorithms in SPKI tests
-
-MD4 and RMD160 may not be available on newer OpenSSL versions.
-
-(cherry picked from commit 9695936341c49ea0efec5bdf24acbcdf59e2a7f8)
----
- ext/openssl/tests/openssl_spki_export_basic.phpt | 4 ----
- .../tests/openssl_spki_export_challenge_basic.phpt | 14 --------------
- ext/openssl/tests/openssl_spki_new_basic.phpt | 8 --------
- ext/openssl/tests/openssl_spki_verify_basic.phpt | 7 -------
- 4 files changed, 33 deletions(-)
-
-diff --git a/ext/openssl/tests/openssl_spki_export_basic.phpt b/ext/openssl/tests/openssl_spki_export_basic.phpt
-index 4085d2d5d8..c03954390b 100644
---- a/ext/openssl/tests/openssl_spki_export_basic.phpt
-+++ b/ext/openssl/tests/openssl_spki_export_basic.phpt
-@@ -19,14 +19,12 @@ foreach ($key_sizes as $key_size) {
-
- /* array of available hashings to test */
- $algo = array(
-- OPENSSL_ALGO_MD4,
- OPENSSL_ALGO_MD5,
- OPENSSL_ALGO_SHA1,
- OPENSSL_ALGO_SHA224,
- OPENSSL_ALGO_SHA256,
- OPENSSL_ALGO_SHA384,
- OPENSSL_ALGO_SHA512,
-- OPENSSL_ALGO_RMD160
- );
-
- /* loop over key sizes for test */
-@@ -56,5 +54,3 @@ function _uuid() {
- \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-.*\-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
- \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-.*\-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
- \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-.*\-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
--\-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-.*\-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
--\-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-.*\-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
-diff --git a/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt b/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
-index f44e60ec62..06308bf10c 100644
---- a/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
-+++ b/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
-@@ -21,14 +21,12 @@ foreach ($key_sizes as $key_size) {
-
- /* array of available hashings to test */
- $algo = array(
-- OPENSSL_ALGO_MD4,
- OPENSSL_ALGO_MD5,
- OPENSSL_ALGO_SHA1,
- OPENSSL_ALGO_SHA224,
- OPENSSL_ALGO_SHA256,
- OPENSSL_ALGO_SHA384,
- OPENSSL_ALGO_SHA512,
-- OPENSSL_ALGO_RMD160
- );
-
- /* loop over key sizes for test */
-@@ -89,15 +87,3 @@ string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
- bool\(false\)
- string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
- bool\(false\)
--string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
--bool\(false\)
--string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
--bool\(false\)
--string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
--bool\(false\)
--string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
--bool\(false\)
--string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
--bool\(false\)
--string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
--bool\(false\)
-diff --git a/ext/openssl/tests/openssl_spki_new_basic.phpt b/ext/openssl/tests/openssl_spki_new_basic.phpt
-index cb54747fe0..8378bd1ac6 100644
---- a/ext/openssl/tests/openssl_spki_new_basic.phpt
-+++ b/ext/openssl/tests/openssl_spki_new_basic.phpt
-@@ -18,14 +18,12 @@ foreach ($key_sizes as $key_size) {
-
- /* array of available hashings to test */
- $algo = array(
-- OPENSSL_ALGO_MD4,
- OPENSSL_ALGO_MD5,
- OPENSSL_ALGO_SHA1,
- OPENSSL_ALGO_SHA224,
- OPENSSL_ALGO_SHA256,
- OPENSSL_ALGO_SHA384,
- OPENSSL_ALGO_SHA512,
-- OPENSSL_ALGO_RMD160
- );
-
- /* loop over key sizes for test */
-@@ -53,21 +51,15 @@ string(478) "%s"
- string(478) "%s"
- string(478) "%s"
- string(478) "%s"
--string(478) "%s"
--string(474) "%s"
--string(830) "%s"
- string(830) "%s"
- string(830) "%s"
- string(830) "%s"
- string(830) "%s"
- string(830) "%s"
- string(830) "%s"
--string(826) "%s"
--string(1510) "%s"
- string(1510) "%s"
- string(1510) "%s"
- string(1510) "%s"
- string(1510) "%s"
- string(1510) "%s"
- string(1510) "%s"
--string(1506) "%s"
-diff --git a/ext/openssl/tests/openssl_spki_verify_basic.phpt b/ext/openssl/tests/openssl_spki_verify_basic.phpt
-index c760d0cb83..35badcda37 100644
---- a/ext/openssl/tests/openssl_spki_verify_basic.phpt
-+++ b/ext/openssl/tests/openssl_spki_verify_basic.phpt
-@@ -25,7 +25,6 @@ $algo = array(
- OPENSSL_ALGO_SHA256,
- OPENSSL_ALGO_SHA384,
- OPENSSL_ALGO_SHA512,
-- OPENSSL_ALGO_RMD160
- );
-
- /* loop over key sizes for test */
-@@ -80,9 +79,3 @@ bool(true)
- bool(false)
- bool(true)
- bool(false)
--bool(true)
--bool(false)
--bool(true)
--bool(false)
--bool(true)
--bool(false)
---
-2.31.1
-
-From 054aeebb623e6d4a055a4bab60a864f8c7f65675 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Wed, 4 Aug 2021 12:48:02 +0200
-Subject: [PATCH 07/39] Only report provided ciphers in
- openssl_get_cipher_methods()
-
-With OpenSSL 3 ciphers may be registered, but not provided. Make
-sure that openssl_get_cipher_methods() only returns provided
-ciphers, so that "in_array openssl_get_cipher_methods" style
-checks continue working as expected.
-
-(cherry picked from commit a80ae97d3176aded77ee422772608a026380fc1a)
----
- ext/openssl/openssl.c | 34 +++++++++++++++++++++++++++++++++-
- ext/openssl/php_openssl.h | 4 +++-
- 2 files changed, 36 insertions(+), 2 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 015cd89aa6..4ffa2185fb 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -6798,6 +6798,31 @@ PHP_FUNCTION(openssl_get_md_methods)
- }
- /* }}} */
-
-+#if PHP_OPENSSL_API_VERSION >= 0x30000
-+static void php_openssl_add_cipher_name(const char *name, void *arg)
-+{
-+ size_t len = strlen(name);
-+ zend_string *str = zend_string_alloc(len, 0);
-+ zend_str_tolower_copy(ZSTR_VAL(str), name, len);
-+ add_next_index_str((zval*)arg, str);
-+}
-+
-+static void php_openssl_add_cipher_or_alias(EVP_CIPHER *cipher, void *arg)
-+{
-+ EVP_CIPHER_names_do_all(cipher, php_openssl_add_cipher_name, arg);
-+}
-+
-+static void php_openssl_add_cipher(EVP_CIPHER *cipher, void *arg)
-+{
-+ php_openssl_add_cipher_name(EVP_CIPHER_get0_name(cipher), arg);
-+}
-+
-+static int php_openssl_compare_func(Bucket *a, Bucket *b)
-+{
-+ return string_compare_function(&a->val, &b->val);
-+}
-+#endif
-+
- /* {{{ Return array of available cipher algorithms */
- PHP_FUNCTION(openssl_get_cipher_methods)
- {
-@@ -6807,9 +6832,16 @@ PHP_FUNCTION(openssl_get_cipher_methods)
- RETURN_THROWS();
- }
- array_init(return_value);
-+#if PHP_OPENSSL_API_VERSION >= 0x30000
-+ EVP_CIPHER_do_all_provided(NULL,
-+ aliases ? php_openssl_add_cipher_or_alias : php_openssl_add_cipher,
-+ return_value);
-+ zend_hash_sort(Z_ARRVAL_P(return_value), php_openssl_compare_func, 1);
-+#else
- OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
-- aliases ? php_openssl_add_method_or_alias: php_openssl_add_method,
-+ aliases ? php_openssl_add_method_or_alias : php_openssl_add_method,
- return_value);
-+#endif
- }
- /* }}} */
-
-diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h
-index c674ead34b..16bad9e6b0 100644
---- a/ext/openssl/php_openssl.h
-+++ b/ext/openssl/php_openssl.h
-@@ -39,8 +39,10 @@ extern zend_module_entry openssl_module_entry;
- #define PHP_OPENSSL_API_VERSION 0x10001
- #elif OPENSSL_VERSION_NUMBER < 0x10100000L
- #define PHP_OPENSSL_API_VERSION 0x10002
--#else
-+#elif OPENSSL_VERSION_NUMBER < 0x30000000L
- #define PHP_OPENSSL_API_VERSION 0x10100
-+#else
-+#define PHP_OPENSSL_API_VERSION 0x30000
- #endif
- #endif
-
---
-2.31.1
-
-From 62fbe1839d980583156b0d22c49753c4666e73e8 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Wed, 4 Aug 2021 12:05:02 +0200
-Subject: [PATCH 08/39] Avoid RC4 use in another test
-
-(cherry picked from commit 503146aa87e48f075f47a093ed7868e323814a66)
----
- ext/openssl/tests/openssl_open_basic.phpt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ext/openssl/tests/openssl_open_basic.phpt b/ext/openssl/tests/openssl_open_basic.phpt
-index 5e551c507f..271a878cdf 100644
---- a/ext/openssl/tests/openssl_open_basic.phpt
-+++ b/ext/openssl/tests/openssl_open_basic.phpt
-@@ -8,7 +8,7 @@ $data = "openssl_open() test";
- $pub_key = "file://" . __DIR__ . "/public.key";
- $priv_key = "file://" . __DIR__ . "/private_rsa_1024.key";
- $wrong = "wrong";
--$method = "RC4";
-+$method = "AES-128-ECB";
-
- openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key, $pub_key), $method);
- openssl_open($sealed, $output, $ekeys[0], $priv_key, $method);
---
-2.31.1
-
-From 95e6b2c67de6a63d059b678d14f291487f563163 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Wed, 4 Aug 2021 15:47:14 +0200
-Subject: [PATCH 09/39] Use EVP_PKEY API for
- openssl_public_encrypt/private_decrypt
-
-Use the high level API instead of the deprecated low level API.
-
-(cherry picked from commit 0233afae2762a7e7be49935ebbb981783c471d13)
----
- ext/openssl/openssl.c | 117 +++++++-----------
- .../tests/openssl_error_string_basic.phpt | 2 +-
- 2 files changed, 45 insertions(+), 74 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 4ffa2185fb..64840da451 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -6230,11 +6230,6 @@ PHP_FUNCTION(openssl_private_encrypt)
- PHP_FUNCTION(openssl_private_decrypt)
- {
- zval *key, *crypted;
-- EVP_PKEY *pkey;
-- int cryptedlen;
-- zend_string *cryptedbuf = NULL;
-- unsigned char *crypttemp;
-- int successful = 0;
- zend_long padding = RSA_PKCS1_PADDING;
- char * data;
- size_t data_len;
-@@ -6243,11 +6238,7 @@ PHP_FUNCTION(openssl_private_decrypt)
- RETURN_THROWS();
- }
-
-- PHP_OPENSSL_CHECK_SIZE_T_TO_INT(data_len, data, 1);
--
-- RETVAL_FALSE;
--
-- pkey = php_openssl_pkey_from_zval(key, 0, "", 0);
-+ EVP_PKEY *pkey = php_openssl_pkey_from_zval(key, 0, "", 0);
- if (pkey == NULL) {
- if (!EG(exception)) {
- php_error_docref(NULL, E_WARNING, "key parameter is not a valid private key");
-@@ -6255,42 +6246,33 @@ PHP_FUNCTION(openssl_private_decrypt)
- RETURN_FALSE;
- }
-
-- cryptedlen = EVP_PKEY_size(pkey);
-- crypttemp = emalloc(cryptedlen + 1);
--
-- switch (EVP_PKEY_id(pkey)) {
-- case EVP_PKEY_RSA:
-- case EVP_PKEY_RSA2:
-- cryptedlen = RSA_private_decrypt((int)data_len,
-- (unsigned char *)data,
-- crypttemp,
-- EVP_PKEY_get0_RSA(pkey),
-- (int)padding);
-- if (cryptedlen != -1) {
-- cryptedbuf = zend_string_alloc(cryptedlen, 0);
-- memcpy(ZSTR_VAL(cryptedbuf), crypttemp, cryptedlen);
-- successful = 1;
-- }
-- break;
-- default:
-- php_error_docref(NULL, E_WARNING, "key type not supported in this PHP build!");
-+ size_t out_len = 0;
-+ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(pkey, NULL);
-+ if (!ctx || EVP_PKEY_decrypt_init(ctx) <= 0 ||
-+ EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
-+ EVP_PKEY_decrypt(ctx, NULL, &out_len, (unsigned char *) data, data_len) <= 0) {
-+ php_openssl_store_errors();
-+ RETVAL_FALSE;
-+ goto cleanup;
- }
-
-- efree(crypttemp);
--
-- if (successful) {
-- ZSTR_VAL(cryptedbuf)[cryptedlen] = '\0';
-- ZEND_TRY_ASSIGN_REF_NEW_STR(crypted, cryptedbuf);
-- cryptedbuf = NULL;
-- RETVAL_TRUE;
-- } else {
-+ zend_string *out = zend_string_alloc(out_len, 0);
-+ if (EVP_PKEY_decrypt(ctx, (unsigned char *) ZSTR_VAL(out), &out_len,
-+ (unsigned char *) data, data_len) <= 0) {
-+ zend_string_release(out);
- php_openssl_store_errors();
-+ RETVAL_FALSE;
-+ goto cleanup;
- }
-
-+ out = zend_string_truncate(out, out_len, 0);
-+ ZSTR_VAL(out)[out_len] = '\0';
-+ ZEND_TRY_ASSIGN_REF_NEW_STR(crypted, out);
-+ RETVAL_TRUE;
-+
-+cleanup:
-+ EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(pkey);
-- if (cryptedbuf) {
-- zend_string_release_ex(cryptedbuf, 0);
-- }
- }
- /* }}} */
-
-@@ -6298,10 +6280,6 @@ PHP_FUNCTION(openssl_private_decrypt)
- PHP_FUNCTION(openssl_public_encrypt)
- {
- zval *key, *crypted;
-- EVP_PKEY *pkey;
-- int cryptedlen;
-- zend_string *cryptedbuf;
-- int successful = 0;
- zend_long padding = RSA_PKCS1_PADDING;
- char * data;
- size_t data_len;
-@@ -6310,11 +6288,7 @@ PHP_FUNCTION(openssl_public_encrypt)
- RETURN_THROWS();
- }
-
-- PHP_OPENSSL_CHECK_SIZE_T_TO_INT(data_len, data, 1);
--
-- RETVAL_FALSE;
--
-- pkey = php_openssl_pkey_from_zval(key, 1, NULL, 0);
-+ EVP_PKEY *pkey = php_openssl_pkey_from_zval(key, 1, NULL, 0);
- if (pkey == NULL) {
- if (!EG(exception)) {
- php_error_docref(NULL, E_WARNING, "key parameter is not a valid public key");
-@@ -6322,35 +6296,32 @@ PHP_FUNCTION(openssl_public_encrypt)
- RETURN_FALSE;
- }
-
-- cryptedlen = EVP_PKEY_size(pkey);
-- cryptedbuf = zend_string_alloc(cryptedlen, 0);
--
-- switch (EVP_PKEY_id(pkey)) {
-- case EVP_PKEY_RSA:
-- case EVP_PKEY_RSA2:
-- successful = (RSA_public_encrypt((int)data_len,
-- (unsigned char *)data,
-- (unsigned char *)ZSTR_VAL(cryptedbuf),
-- EVP_PKEY_get0_RSA(pkey),
-- (int)padding) == cryptedlen);
-- break;
-- default:
-- php_error_docref(NULL, E_WARNING, "key type not supported in this PHP build!");
--
-+ size_t out_len = 0;
-+ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(pkey, NULL);
-+ if (!ctx || EVP_PKEY_encrypt_init(ctx) <= 0 ||
-+ EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
-+ EVP_PKEY_encrypt(ctx, NULL, &out_len, (unsigned char *) data, data_len) <= 0) {
-+ php_openssl_store_errors();
-+ RETVAL_FALSE;
-+ goto cleanup;
- }
-
-- if (successful) {
-- ZSTR_VAL(cryptedbuf)[cryptedlen] = '\0';
-- ZEND_TRY_ASSIGN_REF_NEW_STR(crypted, cryptedbuf);
-- cryptedbuf = NULL;
-- RETVAL_TRUE;
-- } else {
-+ zend_string *out = zend_string_alloc(out_len, 0);
-+ if (EVP_PKEY_encrypt(ctx, (unsigned char *) ZSTR_VAL(out), &out_len,
-+ (unsigned char *) data, data_len) <= 0) {
-+ zend_string_release(out);
- php_openssl_store_errors();
-+ RETVAL_FALSE;
-+ goto cleanup;
- }
-+
-+ ZSTR_VAL(out)[out_len] = '\0';
-+ ZEND_TRY_ASSIGN_REF_NEW_STR(crypted, out);
-+ RETVAL_TRUE;
-+
-+cleanup:
-+ EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(pkey);
-- if (cryptedbuf) {
-- zend_string_release_ex(cryptedbuf, 0);
-- }
- }
- /* }}} */
-
-diff --git a/ext/openssl/tests/openssl_error_string_basic.phpt b/ext/openssl/tests/openssl_error_string_basic.phpt
-index b55b7ced44..eb76dfbf77 100644
---- a/ext/openssl/tests/openssl_error_string_basic.phpt
-+++ b/ext/openssl/tests/openssl_error_string_basic.phpt
-@@ -119,7 +119,7 @@ expect_openssl_errors('openssl_private_decrypt', ['04065072']);
- // public encrypt and decrypt with failed padding check and padding
- @openssl_public_encrypt("data", $crypted, $public_key_file, 1000);
- @openssl_public_decrypt("data", $crypted, $public_key_file);
--expect_openssl_errors('openssl_private_(en|de)crypt padding', [$err_pem_no_start_line, '04068076', '04067072']);
-+expect_openssl_errors('openssl_private_(en|de)crypt padding', [$err_pem_no_start_line, '0408F090', '04067072']);
-
- // X509
- echo "X509 errors\n";
---
-2.31.1
-
-From b29b719e4741cde6d1e441e0340f038976cb461b Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Wed, 4 Aug 2021 16:56:32 +0200
-Subject: [PATCH 10/39] Use EVP_PKEY APIs for
- openssl_private_encrypt/public_decrypt
-
-Use high level APIs instead of deprecated low level APIs.
-
-(cherry picked from commit 384ad6e22412756d7a2fa7a4c35579f041784e59)
----
- ext/openssl/openssl.c | 119 +++++++-----------
- .../tests/openssl_error_string_basic.phpt | 2 +-
- 2 files changed, 45 insertions(+), 76 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 64840da451..4e9b949b5f 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -6170,10 +6170,6 @@ clean_exit:
- PHP_FUNCTION(openssl_private_encrypt)
- {
- zval *key, *crypted;
-- EVP_PKEY *pkey;
-- int cryptedlen;
-- zend_string *cryptedbuf = NULL;
-- int successful = 0;
- char * data;
- size_t data_len;
- zend_long padding = RSA_PKCS1_PADDING;
-@@ -6182,12 +6178,7 @@ PHP_FUNCTION(openssl_private_encrypt)
- RETURN_THROWS();
- }
-
-- PHP_OPENSSL_CHECK_SIZE_T_TO_INT(data_len, data, 1);
--
-- RETVAL_FALSE;
--
-- pkey = php_openssl_pkey_from_zval(key, 0, "", 0);
--
-+ EVP_PKEY *pkey = php_openssl_pkey_from_zval(key, 0, "", 0);
- if (pkey == NULL) {
- if (!EG(exception)) {
- php_error_docref(NULL, E_WARNING, "key param is not a valid private key");
-@@ -6195,33 +6186,31 @@ PHP_FUNCTION(openssl_private_encrypt)
- RETURN_FALSE;
- }
-
-- cryptedlen = EVP_PKEY_size(pkey);
-- cryptedbuf = zend_string_alloc(cryptedlen, 0);
--
-- switch (EVP_PKEY_id(pkey)) {
-- case EVP_PKEY_RSA:
-- case EVP_PKEY_RSA2:
-- successful = (RSA_private_encrypt((int)data_len,
-- (unsigned char *)data,
-- (unsigned char *)ZSTR_VAL(cryptedbuf),
-- EVP_PKEY_get0_RSA(pkey),
-- (int)padding) == cryptedlen);
-- break;
-- default:
-- php_error_docref(NULL, E_WARNING, "key type not supported in this PHP build!");
-+ size_t out_len = 0;
-+ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(pkey, NULL);
-+ if (!ctx || EVP_PKEY_sign_init(ctx) <= 0 ||
-+ EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
-+ EVP_PKEY_sign(ctx, NULL, &out_len, (unsigned char *) data, data_len) <= 0) {
-+ php_openssl_store_errors();
-+ RETVAL_FALSE;
-+ goto cleanup;
- }
-
-- if (successful) {
-- ZSTR_VAL(cryptedbuf)[cryptedlen] = '\0';
-- ZEND_TRY_ASSIGN_REF_NEW_STR(crypted, cryptedbuf);
-- cryptedbuf = NULL;
-- RETVAL_TRUE;
-- } else {
-+ zend_string *out = zend_string_alloc(out_len, 0);
-+ if (EVP_PKEY_sign(ctx, (unsigned char *) ZSTR_VAL(out), &out_len,
-+ (unsigned char *) data, data_len) <= 0) {
-+ zend_string_release(out);
- php_openssl_store_errors();
-+ RETVAL_FALSE;
-+ goto cleanup;
- }
-- if (cryptedbuf) {
-- zend_string_release_ex(cryptedbuf, 0);
-- }
-+
-+ ZSTR_VAL(out)[out_len] = '\0';
-+ ZEND_TRY_ASSIGN_REF_NEW_STR(crypted, out);
-+ RETVAL_TRUE;
-+
-+cleanup:
-+ EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(pkey);
- }
- /* }}} */
-@@ -6329,11 +6318,6 @@ cleanup:
- PHP_FUNCTION(openssl_public_decrypt)
- {
- zval *key, *crypted;
-- EVP_PKEY *pkey;
-- int cryptedlen;
-- zend_string *cryptedbuf = NULL;
-- unsigned char *crypttemp;
-- int successful = 0;
- zend_long padding = RSA_PKCS1_PADDING;
- char * data;
- size_t data_len;
-@@ -6342,11 +6326,7 @@ PHP_FUNCTION(openssl_public_decrypt)
- RETURN_THROWS();
- }
-
-- PHP_OPENSSL_CHECK_SIZE_T_TO_INT(data_len, data, 1);
--
-- RETVAL_FALSE;
--
-- pkey = php_openssl_pkey_from_zval(key, 1, NULL, 0);
-+ EVP_PKEY *pkey = php_openssl_pkey_from_zval(key, 1, NULL, 0);
- if (pkey == NULL) {
- if (!EG(exception)) {
- php_error_docref(NULL, E_WARNING, "key parameter is not a valid public key");
-@@ -6354,43 +6334,32 @@ PHP_FUNCTION(openssl_public_decrypt)
- RETURN_FALSE;
- }
-
-- cryptedlen = EVP_PKEY_size(pkey);
-- crypttemp = emalloc(cryptedlen + 1);
--
-- switch (EVP_PKEY_id(pkey)) {
-- case EVP_PKEY_RSA:
-- case EVP_PKEY_RSA2:
-- cryptedlen = RSA_public_decrypt((int)data_len,
-- (unsigned char *)data,
-- crypttemp,
-- EVP_PKEY_get0_RSA(pkey),
-- (int)padding);
-- if (cryptedlen != -1) {
-- cryptedbuf = zend_string_alloc(cryptedlen, 0);
-- memcpy(ZSTR_VAL(cryptedbuf), crypttemp, cryptedlen);
-- successful = 1;
-- }
-- break;
--
-- default:
-- php_error_docref(NULL, E_WARNING, "key type not supported in this PHP build!");
--
-+ size_t out_len = 0;
-+ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(pkey, NULL);
-+ if (!ctx || EVP_PKEY_verify_recover_init(ctx) <= 0 ||
-+ EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
-+ EVP_PKEY_verify_recover(ctx, NULL, &out_len, (unsigned char *) data, data_len) <= 0) {
-+ php_openssl_store_errors();
-+ RETVAL_FALSE;
-+ goto cleanup;
- }
-
-- efree(crypttemp);
--
-- if (successful) {
-- ZSTR_VAL(cryptedbuf)[cryptedlen] = '\0';
-- ZEND_TRY_ASSIGN_REF_NEW_STR(crypted, cryptedbuf);
-- cryptedbuf = NULL;
-- RETVAL_TRUE;
-- } else {
-+ zend_string *out = zend_string_alloc(out_len, 0);
-+ if (EVP_PKEY_verify_recover(ctx, (unsigned char *) ZSTR_VAL(out), &out_len,
-+ (unsigned char *) data, data_len) <= 0) {
-+ zend_string_release(out);
- php_openssl_store_errors();
-+ RETVAL_FALSE;
-+ goto cleanup;
- }
-
-- if (cryptedbuf) {
-- zend_string_release_ex(cryptedbuf, 0);
-- }
-+ out = zend_string_truncate(out, out_len, 0);
-+ ZSTR_VAL(out)[out_len] = '\0';
-+ ZEND_TRY_ASSIGN_REF_NEW_STR(crypted, out);
-+ RETVAL_TRUE;
-+
-+cleanup:
-+ EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(pkey);
- }
- /* }}} */
-diff --git a/ext/openssl/tests/openssl_error_string_basic.phpt b/ext/openssl/tests/openssl_error_string_basic.phpt
-index eb76dfbf77..f3eb82067b 100644
---- a/ext/openssl/tests/openssl_error_string_basic.phpt
-+++ b/ext/openssl/tests/openssl_error_string_basic.phpt
-@@ -112,7 +112,7 @@ expect_openssl_errors('openssl_pkey_export', ['06065064', '0906A065']);
- expect_openssl_errors('openssl_pkey_get_public', [$err_pem_no_start_line]);
- // private encrypt with unknown padding
- @openssl_private_encrypt("data", $crypted, $private_key_file, 1000);
--expect_openssl_errors('openssl_private_encrypt', ['04066076']);
-+expect_openssl_errors('openssl_private_encrypt', ['0408F090']);
- // private decrypt with failed padding check
- @openssl_private_decrypt("data", $crypted, $private_key_file);
- expect_openssl_errors('openssl_private_decrypt', ['04065072']);
---
-2.31.1
-
-From bfdbdfb6bf128c157adfba402b89b0f82be993ab Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Thu, 5 Aug 2021 10:29:50 +0200
-Subject: [PATCH 11/39] Use EVP_PKEY APIs for key generation
-
-Use high level API instead of deprecated low level API.
-
-(cherry picked from commit 13313d9b1b9fa014fe6f92c496477e28f4f11772)
----
- ext/openssl/openssl.c | 210 +++++++++++++++-----------------
- ext/openssl/tests/bug80747.phpt | 4 +-
- 2 files changed, 101 insertions(+), 113 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 4e9b949b5f..d260670ff9 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -3656,140 +3656,130 @@ static EVP_PKEY *php_openssl_pkey_from_zval(zval *val, int public_key, char *pas
- return key;
- }
-
-+static int php_openssl_get_evp_pkey_type(int key_type) {
-+ switch (key_type) {
-+ case OPENSSL_KEYTYPE_RSA:
-+ return EVP_PKEY_RSA;
-+#if !defined(NO_DSA)
-+ case OPENSSL_KEYTYPE_DSA:
-+ return EVP_PKEY_DSA;
-+#endif
-+#if !defined(NO_DH)
-+ case OPENSSL_KEYTYPE_DH:
-+ return EVP_PKEY_DH;
-+#endif
-+#ifdef HAVE_EVP_PKEY_EC
-+ case OPENSSL_KEYTYPE_EC:
-+ return EVP_PKEY_EC;
-+#endif
-+ default:
-+ return -1;
-+ }
-+}
-+
- /* {{{ php_openssl_generate_private_key */
- static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req)
- {
-- char * randfile = NULL;
-- int egdsocket, seeded;
-- EVP_PKEY * return_val = NULL;
--
- if (req->priv_key_bits < MIN_KEY_LENGTH) {
- php_error_docref(NULL, E_WARNING, "Private key length must be at least %d bits, configured to %d",
- MIN_KEY_LENGTH, req->priv_key_bits);
- return NULL;
- }
-
-- randfile = php_openssl_conf_get_string(req->req_config, req->section_name, "RANDFILE");
-+ int type = php_openssl_get_evp_pkey_type(req->priv_key_type);
-+ if (type < 0) {
-+ php_error_docref(NULL, E_WARNING, "Unsupported private key type");
-+ return NULL;
-+ }
-+
-+ int egdsocket, seeded;
-+ char *randfile = php_openssl_conf_get_string(req->req_config, req->section_name, "RANDFILE");
- php_openssl_load_rand_file(randfile, &egdsocket, &seeded);
-+ PHP_OPENSSL_RAND_ADD_TIME();
-
-- if ((req->priv_key = EVP_PKEY_new()) != NULL) {
-- switch(req->priv_key_type) {
-- case OPENSSL_KEYTYPE_RSA:
-- {
-- RSA* rsaparam;
--#if OPENSSL_VERSION_NUMBER < 0x10002000L
-- /* OpenSSL 1.0.2 deprecates RSA_generate_key */
-- PHP_OPENSSL_RAND_ADD_TIME();
-- rsaparam = (RSA*)RSA_generate_key(req->priv_key_bits, RSA_F4, NULL, NULL);
--#else
-- {
-- BIGNUM *bne = (BIGNUM *)BN_new();
-- if (BN_set_word(bne, RSA_F4) != 1) {
-- BN_free(bne);
-- php_error_docref(NULL, E_WARNING, "Failed setting exponent");
-- return NULL;
-- }
-- rsaparam = RSA_new();
-- PHP_OPENSSL_RAND_ADD_TIME();
-- if (rsaparam == NULL || !RSA_generate_key_ex(rsaparam, req->priv_key_bits, bne, NULL)) {
-- php_openssl_store_errors();
-- RSA_free(rsaparam);
-- rsaparam = NULL;
-- }
-- BN_free(bne);
-- }
--#endif
-- if (rsaparam && EVP_PKEY_assign_RSA(req->priv_key, rsaparam)) {
-- return_val = req->priv_key;
-- } else {
-- php_openssl_store_errors();
-- }
-- }
-- break;
-+ EVP_PKEY *key = NULL;
-+ EVP_PKEY *params = NULL;
-+ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(type, NULL);
-+ if (!ctx) {
-+ php_openssl_store_errors();
-+ goto cleanup;
-+ }
-+
-+ if (type != EVP_PKEY_RSA) {
-+ if (EVP_PKEY_paramgen_init(ctx) <= 0) {
-+ php_openssl_store_errors();
-+ goto cleanup;
-+ }
-+
-+ switch (type) {
- #if !defined(NO_DSA)
-- case OPENSSL_KEYTYPE_DSA:
-- PHP_OPENSSL_RAND_ADD_TIME();
-- {
-- DSA *dsaparam = DSA_new();
-- if (dsaparam && DSA_generate_parameters_ex(dsaparam, req->priv_key_bits, NULL, 0, NULL, NULL, NULL)) {
-- DSA_set_method(dsaparam, DSA_get_default_method());
-- if (DSA_generate_key(dsaparam)) {
-- if (EVP_PKEY_assign_DSA(req->priv_key, dsaparam)) {
-- return_val = req->priv_key;
-- } else {
-- php_openssl_store_errors();
-- }
-- } else {
-- php_openssl_store_errors();
-- DSA_free(dsaparam);
-- }
-- } else {
-- php_openssl_store_errors();
-- }
-- }
-- break;
-+ case EVP_PKEY_DSA:
-+ if (EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, req->priv_key_bits) <= 0) {
-+ php_openssl_store_errors();
-+ goto cleanup;
-+ }
-+ break;
- #endif
- #if !defined(NO_DH)
-- case OPENSSL_KEYTYPE_DH:
-- PHP_OPENSSL_RAND_ADD_TIME();
-- {
-- int codes = 0;
-- DH *dhparam = DH_new();
-- if (dhparam && DH_generate_parameters_ex(dhparam, req->priv_key_bits, 2, NULL)) {
-- DH_set_method(dhparam, DH_get_default_method());
-- if (DH_check(dhparam, &codes) && codes == 0 && DH_generate_key(dhparam)) {
-- if (EVP_PKEY_assign_DH(req->priv_key, dhparam)) {
-- return_val = req->priv_key;
-- } else {
-- php_openssl_store_errors();
-- }
-- } else {
-- php_openssl_store_errors();
-- DH_free(dhparam);
-- }
-- } else {
-- php_openssl_store_errors();
-- }
-- }
-- break;
-+ case EVP_PKEY_DH:
-+ if (EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, req->priv_key_bits) <= 0) {
-+ php_openssl_store_errors();
-+ goto cleanup;
-+ }
-+ break;
- #endif
- #ifdef HAVE_EVP_PKEY_EC
-- case OPENSSL_KEYTYPE_EC:
-- {
-- EC_KEY *eckey;
-- if (req->curve_name == NID_undef) {
-- php_error_docref(NULL, E_WARNING, "Missing configuration value: \"curve_name\" not set");
-- return NULL;
-- }
-- eckey = EC_KEY_new_by_curve_name(req->curve_name);
-- if (eckey) {
-- EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
-- if (EC_KEY_generate_key(eckey) &&
-- EVP_PKEY_assign_EC_KEY(req->priv_key, eckey)) {
-- return_val = req->priv_key;
-- } else {
-- EC_KEY_free(eckey);
-- }
-- }
-- }
-- break;
-+ case EVP_PKEY_EC:
-+ if (req->curve_name == NID_undef) {
-+ php_error_docref(NULL, E_WARNING, "Missing configuration value: \"curve_name\" not set");
-+ goto cleanup;
-+ }
-+
-+ if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, req->curve_name) <= 0 ||
-+ EVP_PKEY_CTX_set_ec_param_enc(ctx, OPENSSL_EC_NAMED_CURVE) <= 0) {
-+ php_openssl_store_errors();
-+ goto cleanup;
-+ }
-+ break;
- #endif
-- default:
-- php_error_docref(NULL, E_WARNING, "Unsupported private key type");
-+ EMPTY_SWITCH_DEFAULT_CASE()
- }
-- } else {
-+
-+ if (EVP_PKEY_paramgen(ctx, &params) <= 0) {
-+ php_openssl_store_errors();
-+ goto cleanup;
-+ }
-+
-+ EVP_PKEY_CTX_free(ctx);
-+ ctx = EVP_PKEY_CTX_new(params, NULL);
-+ if (!ctx) {
-+ php_openssl_store_errors();
-+ goto cleanup;
-+ }
-+ }
-+
-+ if (EVP_PKEY_keygen_init(ctx) <= 0) {
- php_openssl_store_errors();
-+ goto cleanup;
- }
-
-- php_openssl_write_rand_file(randfile, egdsocket, seeded);
-+ if (type == EVP_PKEY_RSA && EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, req->priv_key_bits) <= 0) {
-+ php_openssl_store_errors();
-+ goto cleanup;
-+ }
-
-- if (return_val == NULL) {
-- EVP_PKEY_free(req->priv_key);
-- req->priv_key = NULL;
-- return NULL;
-+ if (EVP_PKEY_keygen(ctx, &key) <= 0) {
-+ php_openssl_store_errors();
-+ goto cleanup;
- }
-
-- return return_val;
-+ req->priv_key = key;
-+
-+cleanup:
-+ php_openssl_write_rand_file(randfile, egdsocket, seeded);
-+ EVP_PKEY_free(params);
-+ EVP_PKEY_CTX_free(ctx);
-+ return key;
- }
- /* }}} */
-
-diff --git a/ext/openssl/tests/bug80747.phpt b/ext/openssl/tests/bug80747.phpt
-index 327c916688..12ae0ff0e1 100644
---- a/ext/openssl/tests/bug80747.phpt
-+++ b/ext/openssl/tests/bug80747.phpt
-@@ -14,9 +14,7 @@ $conf = array(
- 'private_key_bits' => 511,
- );
- var_dump(openssl_pkey_new($conf));
--while ($e = openssl_error_string()) {
-- echo $e, "\n";
--}
-+echo openssl_error_string(), "\n";
-
- ?>
- --EXPECTF--
---
-2.31.1
-
-From 8dfe551ef85a874df63d0bb50b2d065c3370fd7e Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Thu, 5 Aug 2021 11:50:11 +0200
-Subject: [PATCH 12/39] Relax error check
-
-The precise error is version-dependent, just check that there
-is some kind of error reported.
-
-(cherry picked from commit cd8bf0b6bd23e03bdc8d069df53a2d976809a916)
----
- ext/openssl/tests/bug80747.phpt | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/ext/openssl/tests/bug80747.phpt b/ext/openssl/tests/bug80747.phpt
-index 12ae0ff0e1..3f319b4b24 100644
---- a/ext/openssl/tests/bug80747.phpt
-+++ b/ext/openssl/tests/bug80747.phpt
-@@ -14,9 +14,9 @@ $conf = array(
- 'private_key_bits' => 511,
- );
- var_dump(openssl_pkey_new($conf));
--echo openssl_error_string(), "\n";
-+var_dump(openssl_error_string() !== false);
-
- ?>
----EXPECTF--
-+--EXPECT--
- bool(false)
--error:%s:key size too small
-+bool(true)
---
-2.31.1
-
-From 44859f59f3ff3d7cf24ae146e9b0da348e6befcd Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Thu, 5 Aug 2021 12:59:13 +0200
-Subject: [PATCH 13/39] Store whether pkey object contains private key
-
-Rather than querying whether the EVP_PKEY contains private key
-information, determine this at time of construction and store it
-in the PHP object.
-
-OpenSSL doesn't provide an API for this purpose, and seems
-somewhat reluctant to add one, see
-https://github.com/openssl/openssl/issues/9467.
-
-To avoid using deprecated low-level APIs to determine whether
-something is a private key ourselves, remember it at the point
-of construction.
-
-(cherry picked from commit f878bbd96b34ac11fed66c895891570ef10b0dcb)
----
- ext/openssl/openssl.c | 155 +++++++++---------------------------------
- 1 file changed, 31 insertions(+), 124 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index d260670ff9..1fca64df15 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -201,6 +201,7 @@ static void php_openssl_request_free_obj(zend_object *object)
-
- typedef struct _php_openssl_pkey_object {
- EVP_PKEY *pkey;
-+ bool is_private;
- zend_object std;
- } php_openssl_pkey_object;
-
-@@ -224,6 +225,13 @@ static zend_object *php_openssl_pkey_create_object(zend_class_entry *class_type)
- return &intern->std;
- }
-
-+static void php_openssl_pkey_object_init(zval *zv, EVP_PKEY *pkey, bool is_private) {
-+ object_init_ex(zv, php_openssl_pkey_ce);
-+ php_openssl_pkey_object *obj = Z_OPENSSL_PKEY_P(zv);
-+ obj->pkey = pkey;
-+ obj->is_private = is_private;
-+}
-+
- static zend_function *php_openssl_pkey_get_constructor(zend_object *object) {
- zend_throw_error(NULL, "Cannot directly construct OpenSSLAsymmetricKey, use openssl_pkey_new() instead");
- return NULL;
-@@ -517,7 +525,6 @@ static X509 *php_openssl_x509_from_zval(zval *val, bool *free_cert);
- static X509_REQ *php_openssl_csr_from_param(zend_object *csr_obj, zend_string *csr_str);
- static EVP_PKEY *php_openssl_pkey_from_zval(zval *val, int public_key, char *passphrase, size_t passphrase_len);
-
--static int php_openssl_is_private_key(EVP_PKEY* pkey);
- static X509_STORE * php_openssl_setup_verify(zval * calist);
- static STACK_OF(X509) * php_openssl_load_all_certs_from_file(char *certfile);
- static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req);
-@@ -3362,11 +3369,8 @@ PHP_FUNCTION(openssl_csr_new)
- if (we_made_the_key) {
- /* and an object for the private key */
- zval zkey_object;
-- php_openssl_pkey_object *key_object;
-- object_init_ex(&zkey_object, php_openssl_pkey_ce);
-- key_object = Z_OPENSSL_PKEY_P(&zkey_object);
-- key_object->pkey = req.priv_key;
--
-+ php_openssl_pkey_object_init(
-+ &zkey_object, req.priv_key, /* is_private */ true);
- ZEND_TRY_ASSIGN_REF_TMP(out_pkey, &zkey_object);
- req.priv_key = NULL; /* make sure the cleanup code doesn't zap it! */
- }
-@@ -3424,7 +3428,6 @@ PHP_FUNCTION(openssl_csr_get_public_key)
- zend_string *csr_str;
- zend_bool use_shortnames = 1;
-
-- php_openssl_pkey_object *key_object;
- EVP_PKEY *tpubkey;
-
- ZEND_PARSE_PARAMETERS_START(1, 2)
-@@ -3467,9 +3470,7 @@ PHP_FUNCTION(openssl_csr_get_public_key)
- RETURN_FALSE;
- }
-
-- object_init_ex(return_value, php_openssl_pkey_ce);
-- key_object = Z_OPENSSL_PKEY_P(return_value);
-- key_object->pkey = tpubkey;
-+ php_openssl_pkey_object_init(return_value, tpubkey, /* is_private */ false);
- }
- /* }}} */
-
-@@ -3545,10 +3546,9 @@ static EVP_PKEY *php_openssl_pkey_from_zval(zval *val, int public_key, char *pas
- }
-
- if (Z_TYPE_P(val) == IS_OBJECT && Z_OBJCE_P(val) == php_openssl_pkey_ce) {
-- int is_priv;
--
-- key = php_openssl_pkey_from_obj(Z_OBJ_P(val))->pkey;
-- is_priv = php_openssl_is_private_key(key);
-+ php_openssl_pkey_object *obj = php_openssl_pkey_from_obj(Z_OBJ_P(val));
-+ key = obj->pkey;
-+ bool is_priv = obj->is_private;
-
- /* check whether it is actually a private key if requested */
- if (!public_key && !is_priv) {
-@@ -3783,85 +3783,6 @@ cleanup:
- }
- /* }}} */
-
--/* {{{ php_openssl_is_private_key
-- Check whether the supplied key is a private key by checking if the secret prime factors are set */
--static int php_openssl_is_private_key(EVP_PKEY* pkey)
--{
-- assert(pkey != NULL);
--
-- switch (EVP_PKEY_id(pkey)) {
-- case EVP_PKEY_RSA:
-- case EVP_PKEY_RSA2:
-- {
-- RSA *rsa = EVP_PKEY_get0_RSA(pkey);
-- if (rsa != NULL) {
-- const BIGNUM *p, *q;
--
-- RSA_get0_factors(rsa, &p, &q);
-- if (p == NULL || q == NULL) {
-- return 0;
-- }
-- }
-- }
-- break;
-- case EVP_PKEY_DSA:
-- case EVP_PKEY_DSA1:
-- case EVP_PKEY_DSA2:
-- case EVP_PKEY_DSA3:
-- case EVP_PKEY_DSA4:
-- {
-- DSA *dsa = EVP_PKEY_get0_DSA(pkey);
-- if (dsa != NULL) {
-- const BIGNUM *p, *q, *g, *pub_key, *priv_key;
--
-- DSA_get0_pqg(dsa, &p, &q, &g);
-- if (p == NULL || q == NULL) {
-- return 0;
-- }
--
-- DSA_get0_key(dsa, &pub_key, &priv_key);
-- if (priv_key == NULL) {
-- return 0;
-- }
-- }
-- }
-- break;
-- case EVP_PKEY_DH:
-- {
-- DH *dh = EVP_PKEY_get0_DH(pkey);
-- if (dh != NULL) {
-- const BIGNUM *p, *q, *g, *pub_key, *priv_key;
--
-- DH_get0_pqg(dh, &p, &q, &g);
-- if (p == NULL) {
-- return 0;
-- }
--
-- DH_get0_key(dh, &pub_key, &priv_key);
-- if (priv_key == NULL) {
-- return 0;
-- }
-- }
-- }
-- break;
--#ifdef HAVE_EVP_PKEY_EC
-- case EVP_PKEY_EC:
-- {
-- EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
-- if (ec != NULL && NULL == EC_KEY_get0_private_key(ec)) {
-- return 0;
-- }
-- }
-- break;
--#endif
-- default:
-- php_error_docref(NULL, E_WARNING, "Key type not supported in this PHP build!");
-- break;
-- }
-- return 1;
--}
--/* }}} */
--
- #define OPENSSL_GET_BN(_array, _bn, _name) do { \
- if (_bn != NULL) { \
- int len = BN_num_bytes(_bn); \
-@@ -3920,7 +3841,7 @@ static zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa,
- }
-
- /* {{{ php_openssl_pkey_init_dsa */
--static zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval *data)
-+static zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval *data, bool *is_private)
- {
- BIGNUM *p, *q, *g, *priv_key, *pub_key;
- const BIGNUM *priv_key_const, *pub_key_const;
-@@ -3934,6 +3855,7 @@ static zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval *data)
-
- OPENSSL_PKEY_SET_BN(data, pub_key);
- OPENSSL_PKEY_SET_BN(data, priv_key);
-+ *is_private = priv_key != NULL;
- if (pub_key) {
- return DSA_set0_key(dsa, pub_key, priv_key);
- }
-@@ -3998,7 +3920,7 @@ static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM
- /* }}} */
-
- /* {{{ php_openssl_pkey_init_dh */
--static zend_bool php_openssl_pkey_init_dh(DH *dh, zval *data)
-+static zend_bool php_openssl_pkey_init_dh(DH *dh, zval *data, bool *is_private)
- {
- BIGNUM *p, *q, *g, *priv_key, *pub_key;
-
-@@ -4011,6 +3933,7 @@ static zend_bool php_openssl_pkey_init_dh(DH *dh, zval *data)
-
- OPENSSL_PKEY_SET_BN(data, priv_key);
- OPENSSL_PKEY_SET_BN(data, pub_key);
-+ *is_private = priv_key != NULL;
- if (pub_key) {
- return DH_set0_key(dh, pub_key, priv_key);
- }
-@@ -4039,7 +3962,6 @@ PHP_FUNCTION(openssl_pkey_new)
- struct php_x509_request req;
- zval * args = NULL;
- zval *data;
-- php_openssl_pkey_object *key_object;
-
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "|a!", &args) == FAILURE) {
- RETURN_THROWS();
-@@ -4056,9 +3978,7 @@ PHP_FUNCTION(openssl_pkey_new)
- RSA *rsa = RSA_new();
- if (rsa) {
- if (php_openssl_pkey_init_and_assign_rsa(pkey, rsa, data)) {
-- object_init_ex(return_value, php_openssl_pkey_ce);
-- key_object = Z_OPENSSL_PKEY_P(return_value);
-- key_object->pkey = pkey;
-+ php_openssl_pkey_object_init(return_value, pkey, /* is_private */ true);
- return;
- }
- RSA_free(rsa);
-@@ -4076,11 +3996,10 @@ PHP_FUNCTION(openssl_pkey_new)
- if (pkey) {
- DSA *dsa = DSA_new();
- if (dsa) {
-- if (php_openssl_pkey_init_dsa(dsa, data)) {
-+ bool is_private;
-+ if (php_openssl_pkey_init_dsa(dsa, data, &is_private)) {
- if (EVP_PKEY_assign_DSA(pkey, dsa)) {
-- object_init_ex(return_value, php_openssl_pkey_ce);
-- key_object = Z_OPENSSL_PKEY_P(return_value);
-- key_object->pkey = pkey;
-+ php_openssl_pkey_object_init(return_value, pkey, is_private);
- return;
- } else {
- php_openssl_store_errors();
-@@ -4101,13 +4020,10 @@ PHP_FUNCTION(openssl_pkey_new)
- if (pkey) {
- DH *dh = DH_new();
- if (dh) {
-- if (php_openssl_pkey_init_dh(dh, data)) {
-+ bool is_private;
-+ if (php_openssl_pkey_init_dh(dh, data, &is_private)) {
- if (EVP_PKEY_assign_DH(pkey, dh)) {
-- php_openssl_pkey_object *key_object;
--
-- object_init_ex(return_value, php_openssl_pkey_ce);
-- key_object = Z_OPENSSL_PKEY_P(return_value);
-- key_object->pkey = pkey;
-+ php_openssl_pkey_object_init(return_value, pkey, is_private);
- return;
- } else {
- php_openssl_store_errors();
-@@ -4133,6 +4049,7 @@ PHP_FUNCTION(openssl_pkey_new)
- if (pkey) {
- eckey = EC_KEY_new();
- if (eckey) {
-+ bool is_private = false;
- EC_GROUP *group = NULL;
- zval *bn;
- zval *x;
-@@ -4164,6 +4081,7 @@ PHP_FUNCTION(openssl_pkey_new)
- // The public key 'pnt' can be calculated from 'd' or is defined by 'x' and 'y'
- if ((bn = zend_hash_str_find(Z_ARRVAL_P(data), "d", sizeof("d") - 1)) != NULL &&
- Z_TYPE_P(bn) == IS_STRING) {
-+ is_private = true;
- d = BN_bin2bn((unsigned char*) Z_STRVAL_P(bn), Z_STRLEN_P(bn), NULL);
- if (!EC_KEY_set_private_key(eckey, d)) {
- php_openssl_store_errors();
-@@ -4211,10 +4129,7 @@ PHP_FUNCTION(openssl_pkey_new)
- }
- if (EC_KEY_check_key(eckey) && EVP_PKEY_assign_EC_KEY(pkey, eckey)) {
- EC_GROUP_free(group);
--
-- object_init_ex(return_value, php_openssl_pkey_ce);
-- key_object = Z_OPENSSL_PKEY_P(return_value);
-- key_object->pkey = pkey;
-+ php_openssl_pkey_object_init(return_value, pkey, is_private);
- return;
- } else {
- php_openssl_store_errors();
-@@ -4249,9 +4164,7 @@ clean_exit:
- if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) {
- if (php_openssl_generate_private_key(&req)) {
- /* pass back a key resource */
-- object_init_ex(return_value, php_openssl_pkey_ce);
-- key_object = Z_OPENSSL_PKEY_P(return_value);
-- key_object->pkey = req.priv_key;
-+ php_openssl_pkey_object_init(return_value, req.priv_key, /* is_private */ true);
- /* make sure the cleanup code doesn't zap it! */
- req.priv_key = NULL;
- }
-@@ -4424,7 +4337,6 @@ PHP_FUNCTION(openssl_pkey_get_public)
- {
- zval *cert;
- EVP_PKEY *pkey;
-- php_openssl_pkey_object *key_object;
-
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "z", &cert) == FAILURE) {
- RETURN_THROWS();
-@@ -4434,9 +4346,7 @@ PHP_FUNCTION(openssl_pkey_get_public)
- RETURN_FALSE;
- }
-
-- object_init_ex(return_value, php_openssl_pkey_ce);
-- key_object = Z_OPENSSL_PKEY_P(return_value);
-- key_object->pkey = pkey;
-+ php_openssl_pkey_object_init(return_value, pkey, /* is_private */ false);
- }
- /* }}} */
-
-@@ -4458,7 +4368,6 @@ PHP_FUNCTION(openssl_pkey_get_private)
- EVP_PKEY *pkey;
- char * passphrase = "";
- size_t passphrase_len = sizeof("")-1;
-- php_openssl_pkey_object *key_object;
-
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "z|s!", &cert, &passphrase, &passphrase_len) == FAILURE) {
- RETURN_THROWS();
-@@ -4473,9 +4382,7 @@ PHP_FUNCTION(openssl_pkey_get_private)
- RETURN_FALSE;
- }
-
-- object_init_ex(return_value, php_openssl_pkey_ce);
-- key_object = Z_OPENSSL_PKEY_P(return_value);
-- key_object->pkey = pkey;
-+ php_openssl_pkey_object_init(return_value, pkey, /* is_private */ true);
- }
-
- /* }}} */
---
-2.31.1
-
-From c58ef46342a52c8b81ee6f727257a2b471b6d9c3 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Thu, 5 Aug 2021 14:59:16 +0200
-Subject: [PATCH 14/39] Add test for openssl_dh_compute_key()
-
-This function was not tested at all :(
-
-(cherry picked from commit 7168f71e00676172e7fcf710adfc07eccd6714e6)
----
- ext/openssl/tests/openssl_dh_compute_key.phpt | 29 +++++++++++++++++++
- 1 file changed, 29 insertions(+)
- create mode 100644 ext/openssl/tests/openssl_dh_compute_key.phpt
-
-diff --git a/ext/openssl/tests/openssl_dh_compute_key.phpt b/ext/openssl/tests/openssl_dh_compute_key.phpt
-new file mode 100644
-index 0000000000..8730f4b57d
---- /dev/null
-+++ b/ext/openssl/tests/openssl_dh_compute_key.phpt
-@@ -0,0 +1,29 @@
-+--TEST--
-+openssl_dh_compute_key()
-+--FILE--
-+<?php
-+
-+$privateKey = <<<'KEY'
-+-----BEGIN PRIVATE KEY-----
-+MIICJgIBADCCARcGCSqGSIb3DQEDATCCAQgCggEBANn6weB11zG7izhfzM4qsITZ
-+3q/ORkF6+h3RTn7sh8Ji1MpHt3zHcPfdYFvs7V5SJfNN5Xv9L62RN8GwgxwRWIJr
-+8VBHfL3LyZNMMgnGBGJR0qmoM48iNd8i2ggZYj+H8WVh2y6tGw1YsDI3AFHpZFkN
-+TvCT1JHl2JfNEgOgSryBO84KDEWLxWaN/4Nqa9x5R0fxKMLjpWNRzEBBKcVeEHIZ
-+gzl7VKVJEpYC336sjYJE19ZD0O/gWl+q4WeRpDazDi6LDLZgnoDrUgbNAXtDETKL
-+gKOnYq+iwRWCQicQmaQvGXntmgdriExVacrRnH8o09ioxcVdtPG8WuLeqJczCvsC
-+AQIEggEEAoIBAH1yv00aZkw/7IIAJL1fZUrpVeO3xKIQDl982HOKS32+o2mUJWbc
-+DuDMIOvqiUEltEnFQOqDaJue0ucseJdH5Q9JHlSIhuUQiPB/JfEcPlb2QYzXHuAE
-+fWS94X0wiSxYgKXIL0XceA3yg5bYhDSR3DntdJrbboyYHt/QGQ8WCWiYEa402ovI
-+x+r7k3BlGxah33HeuqhMCFAfFvWUhLaj85QEmjHTjVMKeeTlNfBS+nscbCcZvLXd
-+qanvRxYYGdOhgLTcJe/iUsxmAWVTiqrid8MEvtFrenanawTgnPXAp5WtYTCGcsiQ
-+TBG24ND/tnZpPoPz/Rwlpo1IL4IbvKGRsfU=
-+-----END PRIVATE KEY-----
-+KEY;
-+
-+$publicKey = hex2bin("29ECC536A85A4AFAD7D63E50545C68CE44A834396886E9A7BAC27E3A08A14C05259BA6E9940FDC512457155A60CAFACD8E43897E1B537A282D39697B75357197B5E3AD7F1826C0216604496AFAEF8999FBCE336C148166AE23E77EC66C0611235110FA8D6180A26425154959FACEC18FEE3EDA68E9355627820C14B44B486C9547ECE62BE72D56A7FAC4747AFCF201D8A4155F63A076234D6BC04DE27E7A7849BF8956E3DB6E51C043CB6FC66889ADE1F8DE756E9194838E8EF8A5CF9C0DD553282DE8A3130CA7752C22C191E5C352AC3BD77EF9270BF37BC807BBDB3F39AE7966B013723E71EAF41082A056D994F64B428183C5BAFEE9C7A41CABCEA868FC34");
-+
-+echo bin2hex(openssl_dh_compute_key($publicKey, openssl_get_privatekey($privateKey))), "\n";
-+
-+?>
-+--EXPECT--
-+b0049944fa5d36f364dd02e675dde50f8c2d67481c5cf0fe2f248d383eec1d38c23d5ed2644fbef2676bcd6ce148361ca82619c8f93e10506cb89d0a1bdaa0f0bc6f68cef0f7cb6d97d43e8dda3c7a5c5a98ebd2342a605ce530fd46a0602d28d4afc48e92088d0bc42194ca8682a85317f812d81b86cd284eed405df2f76aae84ccd560856e8a3d0ce4f591394bca02eb8a1984ebb41bb19714fb8b579bcafd36a9051d51d075f66229893289d8a0c918bfd222f17803cc532d2cf93bb2a567953323ca409beb3237faae9c6fdfc671594324953badd07dd4770ee09fd19f90045654c5709e92aa614b83594c2f62a8bc3c7e786e54bc1259a0a737c70dd4cc
---
-2.31.1
-
-From fbb478f86081d4d879d1ed644c37842e0d9b1192 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Thu, 5 Aug 2021 14:52:56 +0200
-Subject: [PATCH 15/39] Extract php_openssl_pkey_derive() function
-
-To allow sharing it with the openssl_dh_compute_key() implementation.
-
-(cherry picked from commit c6542b2a1e431e7fa980bd97c696c8c48fb58dc3)
----
- ext/openssl/openssl.c | 77 +++++++++++++++++++++++--------------------
- 1 file changed, 41 insertions(+), 36 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 1fca64df15..bf3f70d355 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -4560,6 +4560,34 @@ PHP_FUNCTION(openssl_pkey_get_details)
- }
- /* }}} */
-
-+static zend_string *php_openssl_pkey_derive(EVP_PKEY *key, EVP_PKEY *peer_key, size_t key_size) {
-+ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key, NULL);
-+ if (!ctx) {
-+ return NULL;
-+ }
-+
-+ if (EVP_PKEY_derive_init(ctx) <= 0 ||
-+ EVP_PKEY_derive_set_peer(ctx, peer_key) <= 0 ||
-+ (key_size == 0 && EVP_PKEY_derive(ctx, NULL, &key_size) <= 0)) {
-+ php_openssl_store_errors();
-+ EVP_PKEY_CTX_free(ctx);
-+ return NULL;
-+ }
-+
-+ zend_string *result = zend_string_alloc(key_size, 0);
-+ if (EVP_PKEY_derive(ctx, (unsigned char *)ZSTR_VAL(result), &key_size) <= 0) {
-+ php_openssl_store_errors();
-+ zend_string_release_ex(result, 0);
-+ EVP_PKEY_CTX_free(ctx);
-+ return NULL;
-+ }
-+
-+ ZSTR_LEN(result) = key_size;
-+ ZSTR_VAL(result)[key_size] = 0;
-+ EVP_PKEY_CTX_free(ctx);
-+ return result;
-+}
-+
- /* {{{ Computes shared secret for public value of remote DH key and local DH key */
- PHP_FUNCTION(openssl_dh_compute_key)
- {
-@@ -4567,7 +4595,6 @@ PHP_FUNCTION(openssl_dh_compute_key)
- char *pub_str;
- size_t pub_len;
- DH *dh;
-- EVP_PKEY *pkey;
- BIGNUM *pub;
- zend_string *data;
- int len;
-@@ -4578,11 +4605,12 @@ PHP_FUNCTION(openssl_dh_compute_key)
-
- PHP_OPENSSL_CHECK_SIZE_T_TO_INT(pub_len, pub_key, 1);
-
-- pkey = Z_OPENSSL_PKEY_P(key)->pkey;
-+ EVP_PKEY *pkey = Z_OPENSSL_PKEY_P(key)->pkey;
-
- if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) {
- RETURN_FALSE;
- }
-+
- dh = EVP_PKEY_get0_DH(pkey);
- if (dh == NULL) {
- RETURN_FALSE;
-@@ -4612,59 +4640,36 @@ PHP_FUNCTION(openssl_pkey_derive)
- {
- zval *priv_key;
- zval *peer_pub_key;
-- EVP_PKEY *pkey = NULL;
-- EVP_PKEY *peer_key = NULL;
-- EVP_PKEY_CTX *ctx = NULL;
-- size_t key_size;
- zend_long key_len = 0;
-- zend_string *result;
-
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "zz|l", &peer_pub_key, &priv_key, &key_len) == FAILURE) {
- RETURN_THROWS();
- }
-
-- RETVAL_FALSE;
- if (key_len < 0) {
- zend_argument_value_error(3, "must be greater than or equal to 0");
- RETURN_THROWS();
- }
-
-- key_size = key_len;
-- pkey = php_openssl_pkey_from_zval(priv_key, 0, "", 0);
-+ EVP_PKEY *pkey = php_openssl_pkey_from_zval(priv_key, 0, "", 0);
- if (!pkey) {
-- goto cleanup;
-+ RETURN_FALSE;
- }
-
-- peer_key = php_openssl_pkey_from_zval(peer_pub_key, 1, NULL, 0);
-+ EVP_PKEY *peer_key = php_openssl_pkey_from_zval(peer_pub_key, 1, NULL, 0);
- if (!peer_key) {
-- goto cleanup;
-- }
--
-- ctx = EVP_PKEY_CTX_new(pkey, NULL);
-- if (!ctx) {
-- goto cleanup;
-- }
--
-- if (EVP_PKEY_derive_init(ctx) > 0
-- && EVP_PKEY_derive_set_peer(ctx, peer_key) > 0
-- && (key_size > 0 || EVP_PKEY_derive(ctx, NULL, &key_size) > 0)
-- && (result = zend_string_alloc(key_size, 0)) != NULL) {
-- if (EVP_PKEY_derive(ctx, (unsigned char*)ZSTR_VAL(result), &key_size) > 0) {
-- ZSTR_LEN(result) = key_size;
-- ZSTR_VAL(result)[key_size] = 0;
-- RETVAL_NEW_STR(result);
-- } else {
-- php_openssl_store_errors();
-- zend_string_release_ex(result, 0);
-- RETVAL_FALSE;
-- }
-+ EVP_PKEY_free(pkey);
-+ RETURN_FALSE;
- }
-
--cleanup:
-+ zend_string *result = php_openssl_pkey_derive(pkey, peer_key, key_len);
- EVP_PKEY_free(pkey);
- EVP_PKEY_free(peer_key);
-- if (ctx) {
-- EVP_PKEY_CTX_free(ctx);
-+
-+ if (result) {
-+ RETURN_NEW_STR(result);
-+ } else {
-+ RETURN_FALSE;
- }
- }
- /* }}} */
---
-2.31.1
-
-From f8f202ae92bf2c92cec4ad8d6bf2f57236ccd976 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Thu, 5 Aug 2021 15:58:20 +0200
-Subject: [PATCH 16/39] Avoid DH_compute_key() with OpenSSL 3
-
-Instead construct a proper EVP_PKEY for the public key and
-perform a derive operation.
-
-Unfortunately we can't use a common code path here, because
-EVP_PKEY_set1_encoded_public_key() formerly known as
-EVP_PKEY_set1_tls_encodedpoint() does not appear to work with
-DH keys prior to OpenSSL 3.
-
-(cherry picked from commit cb48260fdd7e8a5a636e68917eca484530af5c94)
----
- ext/openssl/openssl.c | 64 +++++++++++++++++++++++++++----------------
- 1 file changed, 40 insertions(+), 24 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index bf3f70d355..91d2589aad 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -4588,16 +4588,48 @@ static zend_string *php_openssl_pkey_derive(EVP_PKEY *key, EVP_PKEY *peer_key, s
- return result;
- }
-
-+static zend_string *php_openssl_dh_compute_key(EVP_PKEY *pkey, char *pub_str, size_t pub_len) {
-+#if PHP_OPENSSL_API_VERSION >= 0x30000
-+ EVP_PKEY *peer_key = EVP_PKEY_new();
-+ if (!peer_key || EVP_PKEY_copy_parameters(peer_key, pkey) <= 0 ||
-+ EVP_PKEY_set1_encoded_public_key(peer_key, (unsigned char *) pub_str, pub_len) <= 0) {
-+ php_openssl_store_errors();
-+ EVP_PKEY_free(peer_key);
-+ return NULL;
-+ }
-+
-+ zend_string *result = php_openssl_pkey_derive(pkey, peer_key, 0);
-+ EVP_PKEY_free(peer_key);
-+ return result;
-+#else
-+ DH *dh = EVP_PKEY_get0_DH(pkey);
-+ if (dh == NULL) {
-+ return NULL;
-+ }
-+
-+ BIGNUM *pub = BN_bin2bn((unsigned char*)pub_str, (int)pub_len, NULL);
-+ zend_string *data = zend_string_alloc(DH_size(dh), 0);
-+ int len = DH_compute_key((unsigned char*)ZSTR_VAL(data), pub, dh);
-+ BN_free(pub);
-+
-+ if (len < 0) {
-+ php_openssl_store_errors();
-+ zend_string_release_ex(data, 0);
-+ return NULL;
-+ }
-+
-+ ZSTR_LEN(data) = len;
-+ ZSTR_VAL(data)[len] = 0;
-+ return data;
-+#endif
-+}
-+
- /* {{{ Computes shared secret for public value of remote DH key and local DH key */
- PHP_FUNCTION(openssl_dh_compute_key)
- {
- zval *key;
- char *pub_str;
- size_t pub_len;
-- DH *dh;
-- BIGNUM *pub;
-- zend_string *data;
-- int len;
-
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "sO", &pub_str, &pub_len, &key, php_openssl_pkey_ce) == FAILURE) {
- RETURN_THROWS();
-@@ -4606,32 +4638,16 @@ PHP_FUNCTION(openssl_dh_compute_key)
- PHP_OPENSSL_CHECK_SIZE_T_TO_INT(pub_len, pub_key, 1);
-
- EVP_PKEY *pkey = Z_OPENSSL_PKEY_P(key)->pkey;
--
- if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) {
- RETURN_FALSE;
- }
-
-- dh = EVP_PKEY_get0_DH(pkey);
-- if (dh == NULL) {
-- RETURN_FALSE;
-- }
--
-- pub = BN_bin2bn((unsigned char*)pub_str, (int)pub_len, NULL);
--
-- data = zend_string_alloc(DH_size(dh), 0);
-- len = DH_compute_key((unsigned char*)ZSTR_VAL(data), pub, dh);
--
-- if (len >= 0) {
-- ZSTR_LEN(data) = len;
-- ZSTR_VAL(data)[len] = 0;
-- RETVAL_NEW_STR(data);
-+ zend_string *result = php_openssl_dh_compute_key(pkey, pub_str, pub_len);
-+ if (result) {
-+ RETURN_NEW_STR(result);
- } else {
-- php_openssl_store_errors();
-- zend_string_release_ex(data, 0);
-- RETVAL_FALSE;
-+ RETURN_FALSE;
- }
--
-- BN_free(pub);
- }
- /* }}} */
-
---
-2.31.1
-
-From fbb13f6bf183f1d2d95fe2aa48edce300aad5fd7 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Wed, 4 Aug 2021 14:54:59 +0200
-Subject: [PATCH 17/39] Use different algorithm in pkcs7 tests
-
-The default of OPENSSL_CIPHER_RC2_40 is no longer (non-legacy)
-supported in OpenSSL 3, specify a newer cipher instead.
-
-We should probably either change the default (if acceptable) or
-make the parameter required.
-
-(cherry picked from commit 563b3e3472d7c5e3502fb49ef023b6e18ed0f22a)
----
- .../tests/openssl_pkcs7_decrypt_basic.phpt | 3 ++-
- .../tests/openssl_pkcs7_encrypt_basic.phpt | 23 ++++++++++---------
- 2 files changed, 14 insertions(+), 12 deletions(-)
-
-diff --git a/ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt b/ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt
-index eb0698da9f..0d4da7a251 100644
---- a/ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt
-+++ b/ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt
-@@ -19,8 +19,9 @@ $single_cert = "file://" . __DIR__ . "/cert.crt";
- $headers = array("test@test", "testing openssl_pkcs7_encrypt()");
- $wrong = "wrong";
- $empty = "";
-+$cipher = OPENSSL_CIPHER_AES_128_CBC;
-
--openssl_pkcs7_encrypt($infile, $encrypted, $single_cert, $headers);
-+openssl_pkcs7_encrypt($infile, $encrypted, $single_cert, $headers, 0, $cipher);
- var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $single_cert, $privkey));
- var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, openssl_x509_read($single_cert), $privkey));
- var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $single_cert, $wrong));
-diff --git a/ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt b/ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt
-index ef9b25e70b..7a600bc292 100644
---- a/ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt
-+++ b/ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt
-@@ -20,19 +20,20 @@ $headers = array("test@test", "testing openssl_pkcs7_encrypt()");
- $empty_headers = array();
- $wrong = "wrong";
- $empty = "";
-+$cipher = OPENSSL_CIPHER_AES_128_CBC;
-
--var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $headers));
--var_dump(openssl_pkcs7_encrypt($infile, $outfile, openssl_x509_read($single_cert), $headers));
-+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $headers, 0, $cipher));
-+var_dump(openssl_pkcs7_encrypt($infile, $outfile, openssl_x509_read($single_cert), $headers, 0, $cipher));
- var_dump(openssl_pkcs7_decrypt($outfile, $outfile2, $single_cert, $privkey));
--var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $assoc_headers));
--var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty_headers));
--var_dump(openssl_pkcs7_encrypt($wrong, $outfile, $single_cert, $headers));
--var_dump(openssl_pkcs7_encrypt($empty, $outfile, $single_cert, $headers));
--var_dump(openssl_pkcs7_encrypt($infile, $empty, $single_cert, $headers));
--var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong, $headers));
--var_dump(openssl_pkcs7_encrypt($infile, $outfile, $empty, $headers));
--var_dump(openssl_pkcs7_encrypt($infile, $outfile, $multi_certs, $headers));
--var_dump(openssl_pkcs7_encrypt($infile, $outfile, array_map('openssl_x509_read', $multi_certs) , $headers));
-+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $assoc_headers, 0, $cipher));
-+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty_headers, 0, $cipher));
-+var_dump(openssl_pkcs7_encrypt($wrong, $outfile, $single_cert, $headers, 0, $cipher));
-+var_dump(openssl_pkcs7_encrypt($empty, $outfile, $single_cert, $headers, 0, $cipher));
-+var_dump(openssl_pkcs7_encrypt($infile, $empty, $single_cert, $headers, 0, $cipher));
-+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong, $headers, 0, $cipher));
-+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $empty, $headers, 0, $cipher));
-+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $multi_certs, $headers, 0, $cipher));
-+var_dump(openssl_pkcs7_encrypt($infile, $outfile, array_map('openssl_x509_read', $multi_certs), $headers, 0, $cipher));
-
- if (file_exists($outfile)) {
- echo "true\n";
---
-2.31.1
-
-From e6d9c6b6cfcc255124bb42b409c29db854ff828d Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Thu, 5 Aug 2021 16:30:55 +0200
-Subject: [PATCH 18/39] Use different algorithm in cms tests
-
-Same as with pkcs7, switch these tests to use an algorithm that
-OpenSSL 3 supports out of the box.
-
-Once again, we should consider changing the default or making it
-required.
-
-(cherry picked from commit ec4d926a80fe93c80d2b52f0178bc627097d9288)
----
- ext/openssl/tests/openssl_cms_decrypt_basic.phpt | 3 ++-
- ext/openssl/tests/openssl_cms_encrypt_der.phpt | 3 ++-
- ext/openssl/tests/openssl_cms_encrypt_pem.phpt | 3 ++-
- 3 files changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/ext/openssl/tests/openssl_cms_decrypt_basic.phpt b/ext/openssl/tests/openssl_cms_decrypt_basic.phpt
-index 86c70f4fde..709194ec05 100644
---- a/ext/openssl/tests/openssl_cms_decrypt_basic.phpt
-+++ b/ext/openssl/tests/openssl_cms_decrypt_basic.phpt
-@@ -15,8 +15,9 @@ $single_cert = "file://" . __DIR__ . "/cert.crt";
- $headers = array("test@test", "testing openssl_cms_encrypt()");
- $wrong = "wrong";
- $empty = "";
-+$cipher = OPENSSL_CIPHER_AES_128_CBC;
-
--openssl_cms_encrypt($infile, $encrypted, $single_cert, $headers);
-+openssl_cms_encrypt($infile, $encrypted, $single_cert, $headers, cipher_algo: $cipher);
-
- var_dump(openssl_cms_decrypt($encrypted, $outfile, $single_cert, $privkey));
- print("\nDecrypted text:\n");
-diff --git a/ext/openssl/tests/openssl_cms_encrypt_der.phpt b/ext/openssl/tests/openssl_cms_encrypt_der.phpt
-index e7aa8f4dad..06bfcabeb4 100644
---- a/ext/openssl/tests/openssl_cms_encrypt_der.phpt
-+++ b/ext/openssl/tests/openssl_cms_encrypt_der.phpt
-@@ -14,8 +14,9 @@ $decryptfile = $tname . ".out";
- $single_cert = "file://" . __DIR__ . "/cert.crt";
- $privkey = "file://" . __DIR__ . "/private_rsa_1024.key";
- $headers = array("test@test", "testing openssl_cms_encrypt()");
-+$cipher = OPENSSL_CIPHER_AES_128_CBC;
-
--var_dump(openssl_cms_encrypt($infile, $cryptfile, $single_cert, $headers, OPENSSL_CMS_BINARY, OPENSSL_ENCODING_DER));
-+var_dump(openssl_cms_encrypt($infile, $cryptfile, $single_cert, $headers, OPENSSL_CMS_BINARY, OPENSSL_ENCODING_DER, $cipher));
- if (openssl_cms_decrypt($cryptfile, $decryptfile, $single_cert, $privkey, OPENSSL_ENCODING_DER) == false) {
- print "DER decrypt error\n";
- print "recipient:\n";
-diff --git a/ext/openssl/tests/openssl_cms_encrypt_pem.phpt b/ext/openssl/tests/openssl_cms_encrypt_pem.phpt
-index 929f3f2e02..4030862391 100644
---- a/ext/openssl/tests/openssl_cms_encrypt_pem.phpt
-+++ b/ext/openssl/tests/openssl_cms_encrypt_pem.phpt
-@@ -14,8 +14,9 @@ $decryptfile = $tname . ".pemout";
- $single_cert = "file://" . __DIR__ . "/cert.crt";
- $privkey = "file://" . __DIR__ . "/private_rsa_1024.key";
- $headers = array("test@test", "testing openssl_cms_encrypt()");
-+$cipher = OPENSSL_CIPHER_AES_128_CBC;
-
--var_dump(openssl_cms_encrypt($infile, $cryptfile, $single_cert, $headers, OPENSSL_CMS_BINARY, OPENSSL_ENCODING_PEM));
-+var_dump(openssl_cms_encrypt($infile, $cryptfile, $single_cert, $headers, OPENSSL_CMS_BINARY, OPENSSL_ENCODING_PEM, $cipher));
- if (openssl_cms_decrypt($cryptfile, $decryptfile, $single_cert, $privkey, OPENSSL_ENCODING_PEM) == false) {
- print "PEM decrypt error\n";
- print "recipient:\n";
---
-2.31.1
-
-From 31e60d155d01253ab42f490fecd0f2a5e537bc47 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Thu, 5 Aug 2021 17:07:44 +0200
-Subject: [PATCH 19/39] Use larger key size for DSA/DH tests
-
-OpenSSL 3 validates allowed sizes strictly, pick minimum sizes
-that are supported.
-
-(cherry picked from commit 1cf4fb739f7a4fa8404a4c0958f13d04eae519d4)
----
- ext/openssl/tests/bug73711.cnf | 3 ---
- ext/openssl/tests/bug73711.phpt | 11 ++++++++---
- 2 files changed, 8 insertions(+), 6 deletions(-)
- delete mode 100644 ext/openssl/tests/bug73711.cnf
-
-diff --git a/ext/openssl/tests/bug73711.cnf b/ext/openssl/tests/bug73711.cnf
-deleted file mode 100644
-index 0d27d910d4..0000000000
---- a/ext/openssl/tests/bug73711.cnf
-+++ /dev/null
-@@ -1,3 +0,0 @@
--[ req ]
--default_bits = 384
--
-diff --git a/ext/openssl/tests/bug73711.phpt b/ext/openssl/tests/bug73711.phpt
-index 0b3f91b8fe..4e4bba8aa8 100644
---- a/ext/openssl/tests/bug73711.phpt
-+++ b/ext/openssl/tests/bug73711.phpt
-@@ -6,9 +6,14 @@ if (!extension_loaded("openssl")) die("skip openssl not loaded");
- ?>
- --FILE--
- <?php
--$cnf = __DIR__ . DIRECTORY_SEPARATOR . 'bug73711.cnf';
--var_dump(openssl_pkey_new(["private_key_type" => OPENSSL_KEYTYPE_DSA, 'config' => $cnf]));
--var_dump(openssl_pkey_new(["private_key_type" => OPENSSL_KEYTYPE_DH, 'config' => $cnf]));
-+var_dump(openssl_pkey_new([
-+ "private_key_type" => OPENSSL_KEYTYPE_DSA,
-+ "private_key_bits" => 1024,
-+]));
-+var_dump(openssl_pkey_new([
-+ "private_key_type" => OPENSSL_KEYTYPE_DH,
-+ "private_key_bits" => 512,
-+]));
- echo "DONE";
- ?>
- --EXPECTF--
---
-2.31.1
-
-From b93f08093684d24a80857fec7ede1c41f440cff5 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Wed, 4 Aug 2021 13:54:26 +0200
-Subject: [PATCH 20/39] Skip some tests if cipher not available
-
-(cherry picked from commit d23a8b33abc3cd7e516563877a3f698b7a94ac10)
----
- ext/openssl/tests/bug71917.phpt | 1 +
- ext/openssl/tests/bug72362.phpt | 1 +
- ext/openssl/tests/openssl_decrypt_basic.phpt | 15 ++++++++++-----
- 3 files changed, 12 insertions(+), 5 deletions(-)
-
-diff --git a/ext/openssl/tests/bug71917.phpt b/ext/openssl/tests/bug71917.phpt
-index a68cf0162c..0cc518c4ef 100644
---- a/ext/openssl/tests/bug71917.phpt
-+++ b/ext/openssl/tests/bug71917.phpt
-@@ -3,6 +3,7 @@ Bug #71917: openssl_open() returns junk on envelope < 16 bytes
- --SKIPIF--
- <?php
- if (!extension_loaded("openssl")) die("skip openssl not loaded");
-+if (!in_array('rc4', openssl_get_cipher_methods())) die('skip rc4 not available');
- ?>
- --FILE--
- <?php
-diff --git a/ext/openssl/tests/bug72362.phpt b/ext/openssl/tests/bug72362.phpt
-index cd6ec1e838..b73cac7425 100644
---- a/ext/openssl/tests/bug72362.phpt
-+++ b/ext/openssl/tests/bug72362.phpt
-@@ -3,6 +3,7 @@ Bug #72362: OpenSSL Blowfish encryption is incorrect for short keys
- --SKIPIF--
- <?php
- if (!extension_loaded("openssl")) die("skip openssl not loaded");
-+if (!in_array('bf-ecb', openssl_get_cipher_methods())) die('skip bf-ecb not available');
- ?>
- --FILE--
- <?php
-diff --git a/ext/openssl/tests/openssl_decrypt_basic.phpt b/ext/openssl/tests/openssl_decrypt_basic.phpt
-index 4175e703d2..e846b42e78 100644
---- a/ext/openssl/tests/openssl_decrypt_basic.phpt
-+++ b/ext/openssl/tests/openssl_decrypt_basic.phpt
-@@ -24,10 +24,15 @@ $padded_data = $data . str_repeat(' ', 16 - (strlen($data) % 16));
- $encrypted = openssl_encrypt($padded_data, $method, $password, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
- $output = openssl_decrypt($encrypted, $method, $password, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
- var_dump(rtrim($output));
--// if we want to prefer variable length cipher setting
--$encrypted = openssl_encrypt($data, "bf-ecb", $password, OPENSSL_DONT_ZERO_PAD_KEY);
--$output = openssl_decrypt($encrypted, "bf-ecb", $password, OPENSSL_DONT_ZERO_PAD_KEY);
--var_dump($output);
-+
-+if (in_array("bf-ecb", openssl_get_cipher_methods())) {
-+ // if we want to prefer variable length cipher setting
-+ $encrypted = openssl_encrypt($data, "bf-ecb", $password, OPENSSL_DONT_ZERO_PAD_KEY);
-+ $output = openssl_decrypt($encrypted, "bf-ecb", $password, OPENSSL_DONT_ZERO_PAD_KEY);
-+ var_dump($output === $data);
-+} else {
-+ var_dump(true);
-+}
-
- // It's okay to pass $tag for a non-authenticated cipher.
- // It will be populated with null in that case.
-@@ -39,5 +44,5 @@ var_dump($tag);
- string(45) "openssl_encrypt() and openssl_decrypt() tests"
- string(45) "openssl_encrypt() and openssl_decrypt() tests"
- string(45) "openssl_encrypt() and openssl_decrypt() tests"
--string(45) "openssl_encrypt() and openssl_decrypt() tests"
-+bool(true)
- NULL
---
-2.31.1
-
-From bc8281431c8ce82c232fee5674b945af95bbd860 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Thu, 5 Aug 2021 16:29:43 +0200
-Subject: [PATCH 21/39] Use different cipher in one more CMS test
-
-Followup to ec4d926a80fe93c80d2b52f0178bc627097d9288 -- I failed
-to squash in this commit.
-
-(cherry picked from commit a2c201351b32b1a7c44f6c6692c2a9fca9179e17)
----
- .../tests/openssl_cms_encrypt_basic.phpt | 23 ++++++++++---------
- 1 file changed, 12 insertions(+), 11 deletions(-)
-
-diff --git a/ext/openssl/tests/openssl_cms_encrypt_basic.phpt b/ext/openssl/tests/openssl_cms_encrypt_basic.phpt
-index f1a0c6af8b..ee706ebfba 100644
---- a/ext/openssl/tests/openssl_cms_encrypt_basic.phpt
-+++ b/ext/openssl/tests/openssl_cms_encrypt_basic.phpt
-@@ -18,20 +18,21 @@ $headers = array("test@test", "testing openssl_cms_encrypt()");
- $empty_headers = array();
- $wrong = "wrong";
- $empty = "";
-+$cipher = OPENSSL_CIPHER_AES_128_CBC;
-
--var_dump(openssl_cms_encrypt($infile, $outfile, $single_cert, $headers));
--var_dump(openssl_cms_encrypt($infile, $outfile, openssl_x509_read($single_cert), $headers));
-+var_dump(openssl_cms_encrypt($infile, $outfile, $single_cert, $headers, cipher_algo: $cipher));
-+var_dump(openssl_cms_encrypt($infile, $outfile, openssl_x509_read($single_cert), $headers, cipher_algo: $cipher));
- var_dump(openssl_cms_decrypt($outfile, $outfile2, $single_cert, $privkey));
- readfile($outfile2);
--var_dump(openssl_cms_encrypt($infile, $outfile, $single_cert, $assoc_headers));
--var_dump(openssl_cms_encrypt($infile, $outfile, $single_cert, $empty_headers));
--var_dump(openssl_cms_encrypt($wrong, $outfile, $single_cert, $headers));
--var_dump(openssl_cms_encrypt($empty, $outfile, $single_cert, $headers));
--var_dump(openssl_cms_encrypt($infile, $empty, $single_cert, $headers));
--var_dump(openssl_cms_encrypt($infile, $outfile, $wrong, $headers));
--var_dump(openssl_cms_encrypt($infile, $outfile, $empty, $headers));
--var_dump(openssl_cms_encrypt($infile, $outfile, $multi_certs, $headers));
--var_dump(openssl_cms_encrypt($infile, $outfile, array_map('openssl_x509_read', $multi_certs) , $headers));
-+var_dump(openssl_cms_encrypt($infile, $outfile, $single_cert, $assoc_headers, cipher_algo: $cipher));
-+var_dump(openssl_cms_encrypt($infile, $outfile, $single_cert, $empty_headers, cipher_algo: $cipher));
-+var_dump(openssl_cms_encrypt($wrong, $outfile, $single_cert, $headers, cipher_algo: $cipher));
-+var_dump(openssl_cms_encrypt($empty, $outfile, $single_cert, $headers, cipher_algo: $cipher));
-+var_dump(openssl_cms_encrypt($infile, $empty, $single_cert, $headers, cipher_algo: $cipher));
-+var_dump(openssl_cms_encrypt($infile, $outfile, $wrong, $headers, cipher_algo: $cipher));
-+var_dump(openssl_cms_encrypt($infile, $outfile, $empty, $headers, cipher_algo: $cipher));
-+var_dump(openssl_cms_encrypt($infile, $outfile, $multi_certs, $headers, cipher_algo: $cipher));
-+var_dump(openssl_cms_encrypt($infile, $outfile, array_map('openssl_x509_read', $multi_certs), $headers, cipher_algo: $cipher));
-
- if (file_exists($outfile)) {
- echo "true\n";
---
-2.31.1
-
-From c42a69def274fb77cbcb3db4189841e3f582803a Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Fri, 6 Aug 2021 10:35:49 +0200
-Subject: [PATCH 22/39] Generate pkcs12_read test inputs on the fly
-
-The old p12_with_extra_certs.p12 file uses an unsupported something.
-
-(cherry picked from commit 5843ba518cfb9ac6ae6d6a69629239cbf77d4cfb)
----
- ext/openssl/tests/bug74022_2.phpt | 10 ++--
- .../tests/openssl_pkcs12_read_basic.phpt | 46 ++++++++++--------
- ext/openssl/tests/p12_with_extra_certs.p12 | Bin 3205 -> 0 bytes
- 3 files changed, 31 insertions(+), 25 deletions(-)
- delete mode 100644 ext/openssl/tests/p12_with_extra_certs.p12
-
-diff --git a/ext/openssl/tests/bug74022_2.phpt b/ext/openssl/tests/bug74022_2.phpt
-index 5df37fb3c9..9c38387157 100644
---- a/ext/openssl/tests/bug74022_2.phpt
-+++ b/ext/openssl/tests/bug74022_2.phpt
-@@ -12,11 +12,13 @@ function test($p12_contents, $password) {
- var_dump(count($cert_data['extracerts']));
- }
-
--$p12_base64 = 'MIIW+QIBAzCCFr8GCSqGSIb3DQEHAaCCFrAEghasMIIWqDCCEV8GCSqGSIb3DQEHBqCCEVAwghFMAgEAMIIRRQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIQOfCxIAgGIICAggAgIIRGFTkvHpJjCtFjukXYVlhyOIqKiS8Zvg84dX244hhI0S51Uyn/tlXM2GD/3hDNVxcVKwP/fKN21lEkoXoK4h2/5BY3qCdZa3Ef3vk44b/+FGCUAqvsOo1ZjD2P/sBGhLu3aFnQ6ktUXlKV4cnqhlF62AqY4e5efQzmJXn+gI8cSNI5c+qQ0RQgGoRY4nJfvMSZG0/DAkirjGikU/2TZd8LwLkxVUBYbF5/T0fNtA3o99+4tF+8ZRv6ArYjplRdwcBbMbzGhn3ytCq6cmVid9iLjwHJFmvAPXKbmu0Lh5eRRznX9gBWlzGd08Q/ch0MW2ehZTu1A2VrNWl+FKWSk8l0MlSoTPJFutFiejRvMr6VzbQItyJ/mtrNa9b1Hicgoj9HaBB6arx4wKORlbSOxFNOWdTCUhFdqthK5o7b9i/owyVgyY0s7BFEZChc0zGpRq7BLrynY79b+pHKzpil9isuisp1++piHZx9Y/bpC7OP5FlYF9+3TJL0EpEFQD8FqEoqcMFRxIDWGpCQiLGcmL14OH1JKSgOJEAgogsIF/KQhvWeKcUSJlai+0sskl8mOrCt2EJwuRvzmemuzebYN3JMOiBXKONYR0yU8AeAyNTgSBimWhACtikUyfpgZXlIeXyFMvj9fmd0I/zqjaW4upqrCudCOj/CWx7+e+8udfJxI7agWwrZMf1BEkOhRFOHOIuV+IEbaoMP6vVrGlhK71oN+gnoes5ivohpFDJWSZ3+1fMh56vfNynuM2wLJO7FTROPla+4ug33V/2ubGpoIyXn2lTSbuXaYDfsXMa1inakOMW9Q+PHGdIjZrwQU/u9Q2H0IlwFd4uQojZo15SRf4xh5FOuUrrfGRAnp1mWHALTBqd2VnkgqtBl8rXZXqA+CiEhEDhTAQmvf+wCKd3FklrhV+p65YcfRK9OJv5aFQM1/+WbJozF4/Wi5j4rtIDPrgMMEflOyoZIxGxDOaklyAvaasRU2TT8E2LIEvGKOzlrhIZqWyRESjgXdh6l0UBMaVAidIZ0JLf+8fqSZ0Zia5iAaJpm82MQr/PVXC4lqqxDlHhefwM3OKfZVkfAw0a2eePM5YkIxAgMpAstBt32UIixlj/5l4MwqzP8Reb4MsV6Fph2e14vsV1diLBaJI3hrU5UBVEDWV0GSbwdhZLtdubSaBHcv5v9aZ1cdFKL6d2rHksW9ooNnh/ljPxmVlfHbb8sPYDXmLmBNJdNV1gQouhKKrt0ov1J9+sqE53D9+9dfRwf/myYlnyNgqU4vNMrZI2flyugkYoUxIC8stVF46zfL5QkSg3GqdLQC4gpeJ0WdTSyOBaOgUvqGdSARb5bXm1VXF5IxVg1B4v+puNIHS9yuphXUJvw6xWWPjbQAllDrPjMqAbxmF465vFyQP0qEvMjRD+SaFIgW4KjMqfteKo4MgqKTRF4UP9r0HkwRErOznxWDfSxzXYztY6U72NdifN9IIFiBikKQqZvfvaN+1jukehSRpGQHQB5OxeeKThJZJGiUC5Fgvl7lPb6Djx8Rfba/FJvVsR2KFS64sArtUKmC6LcJxEY9WcsiJTHek817zvYej7FD1NxuttNp+ue9ArOoIhOEf08HIOu3d2yjeRlN5CJ/jIdKYlZW6m6Ap1M+OUHhJTF73K6lKKD9Diwa3s6FoqOwtZF4uYwHnCG218BMY8GgEVD73x5KjDOP02Y6EakZNp/9QIqQT4WkMWXMaqAPADtoh8X1FJLlnvs2Ko+hLlPxuPaIA4KvSuuocnWx/6HJbdqHUS/Se+JJo0Igt4Svax1R2kvoIPuQmPmHJ6l7CeZZiNbe+baFSx+V6g/6AgHUsUOSqGvUIEns1uIE9CQ8w0G3yLVonjERJLrdj+em3Pt7fxrxoOI4nwjplX0wJk0rkQREiS8ULQDHueptUcxJxMKpugAc4CL+BsHohkhm4kpOEmviKDwzxytQhDp2Fj2PRO9kqyNrNfzNGCN5709blEIVYTtonELI2vR5Ap+O2pH+AlqrnHWgeOYAKAyWT13xCNRsGNdv2sCDDiHqxq01IBzYhPvoWzECOmGbJRRSGOVzYCJJpVjl0NNKv9ucmftSQRjm6xgLIqv1xrehDYuJ/IMsYQ5QwXBGxy7nkeRg+onWzA0ZnEWgzLs3T/Pj7z/TPQWiN03MH24RvQXTWBqp9iBwXpsCZVgUIM/VLCQJn0/V5gfRy9Ne0rk2/tHMnzGHvll5Spoy6WkxSfQ8c8CjTilaoPWV6fOcNB2Z6ZuTqX0fbnxcEAu2fOK7e6ryGipEgaxrdiopDTlgPEFMdGUETbUh0ACrv/gNsS+m5MtNisWnhxFEiXrsWoWIgW/6TgRJGo+l52bh/xxC0bwHbYuHK62sxDVeXpBOnA4VE+WckWsC0CKYJvv4vfTbLI46fyd3lnlcSuHYM4SdbND7THNeK+KB5GyuUFLgAhhtZv8ceEo63IOlBUUy1NlWnr0cbidxvVnOugFLExCV5QGr+xbrssIibQxs8AfOBK8Cxh83IlzJVe7dX1mZVG1c6AM6SKSC6F0LBOeNEvcLlz4PBMIciubCE6ecdXCzJYFbj9ERDlnrZMKrnATRMsgCPaWdyYgQwkDuCj5uqf4aiKLzA61918hLY3MB7mSyJcCkXDYKr11Br0YSAdu8uG6IjpiUQS2PFz8E8XHBmO/uobhEuCPR2LnUv+xFN8zoPQlA5ueRz1yBF8L+CsvDGp/N3KF26ETWlvmnEdt7foE+o/J7aG6xO/CNB+/+yGbVPZRVAntZec9nbqlQ55qECnWtQNnShW7+3RSGamWeTtE2DyRSfd/62JkPNEY25jbBUIkMNtKolA5dbYa+u50S3lvakMmvQvzcSC3PONajKHgk4mBn3qf9X2uM5RDL83M7489r6JPcxTnNK27rQoxplkxLiN8HuB+AB5hp82WoyvLydR4hoBnJPIYKMcmEfIR+SgLoCyNIQLjzk5Iyk1ZwdwsjyNPXi1/HHZq8+NhoTCupjGfWgXghoz89MTYAjpMvOlES2rgFuCdphSc8Nd1uQtZx4CLMOU0gut0PI81ePBBI0iG74PWMEcp5HlHHY/hPTaRkBFLYkq9CWmJc1PfjiCWf3pwRmT7dUnmcptynexIMOZt2Nd76jc+g7k5MmEK+Qdz7/c1un4sVLquxdY6nUY/znLz+2zC/OTSsF39+rak3p8TXR0kBNsHl8UTioi4CGhCMsWsQy9me25TDHzbtIvBPVp9xXufsOe2wqPLjq3iNEGXTsagx3sLvl7BJ6WW/YMC7sUpjx1Ai3zkqViW0jQB+BzMZjfYM/8Yj31EEE+WssxY+NfitBgZzeMGGjNOAKp7XN0glwhuo1G2/APyU/Zopx3gMYj5OExgkZ7kvK++7+NlPmE+8AEuZ/uf30TtKwvRXOSvAMqqm26kb/WQPCj1xFQ0AEDl0Sbyfgk1E51Cd/ujL0t32FNkSoE8pe3IaTnwAnW7NHTZ/RByh2nsr0ThfFg4pFFuSD4dzU8r2J/4YJG3B06eyyTRLoyLBQwzwIgzGBAU8USdD8CXlA8SkfBbF39500ZRNcMIt6wdQa1CHAUHDLPw9JF9Q0FwCspgkjc9+lTRZMtumN5ChgypSkUB1dzLV2hqeQzDngVjcco/CoxM0Svm8gGrM9qobCTGzGF8/wZljv1yRiqu6HGFYWDAQ/p+wWx6ScstxEAB+5R5GrOedgd4zPXi2NMvyeN+ACFRBSPkhXIXpLZADvBi/WQMYbHia1wL8WUrSGQuB4P46cWGyseaxl//6GQ9IoGbK3XuLIPeE+BpPLB0H9LSLY+5f3qOEkKzCCW0z+68ZMlanlsThLKhqk8yrmJhV4788Tr7BC3eGbAie1urrrfUR613Jsp5peLSJuWQHdWCE/fdKgoSsRJ+DYkPoyS1YNz4BF4yz1Oem9Mti7gvgTQNX6g6PCu0rN8B6HIgY9TvWy5OCoZjJKasb+OgTMld7TJDnyK5/JcvDKHNVwcpK74lxcVX7IRorP/eh4IQ1+P/Gh06A62RHp2dEh/fNuKeCiRM2vGH0gdIN/Ca6MX8MqazgJq2EONyWiqRoGPqqZpAVTa8l5kgGvxQE/CQ4x0uAxwresRRTUZ+fJEanAhTWYgI5mRoEkG88UZjyCWmCnpNMQRYHoq7iY0So5qUdkHvpUA48cNMyztPEEHsUyWC36ZCyNsQN26FoJrG9TqXedBrhcki0sPOWugvKtGsdTT354wJTDe5OCo0AH3eFo/auuuAk/DF7yu614UCmKtXHYJ61GpIkjBu9WrPAIJhndMqfGMD/yU4UMEPHyojqHvU0BSgv1k76vI3K2lqERkaNYFfzRNj+e7k+NNos8w7XCzilWBL2ePB3pG5xfivcH4tYFm0FbnIkSz52VIy+PTiK7QQuBPDRTcn1k41+9vxQxRWpsqM/NP+4gqGozNyANXLQ64Y+QXSnWrD+xMjL/kVFwUBJ2HaAIJHjZ7ZqLRzXVOUbQ9pivJiBkXvLptSo72Iw4zsbRd1x8WNEaihx1MBAj+s+4MNdC5MBkQMlSB0PTJzs9xlz0gN+Oz0lohH6JO7ngPJUYbo2AIWEYZN+9kn/RyHblQTElrJeLf1jGNi4anBfzbsIXQuVm/nsrE5MH23X66+rJzUk8Fc5JAIDGBslkDPg3UNnElcE3cYbcB/ZzjFtgz8ducWKQmI+Yqv4p7BVXji/rHPim8vL6P5xZc95tbIonp5bQH+PPSmcfDk3rrf5mS58dJvWh/UpwcfdVvUAsWLJEV1lUBg1qecVbCsa6Oy7tJ2ZK7e3KdtZrmXiYpSAnSzRNJotr4g4H99brG6IwUx3qk5BE4x3C8MpSb+1NcKnM9nhqwAGRb9sfVXG38eNltm7hDnsolQcFQmHkDSM4arUVRqmsG8O16bThtlFWbYYN355aGQxrO2pICnt0ZOAI5CA3Rl8FprhFZgVy4pcpMVwy2zCNaYGJoGYsxDm/lEWJbTGcVm6YkyaZvdkXM1uAVegLZOCKnlW9H7b1uU3NvUw4Qx3DhI5xMD9jZhlXIsYfa9s5NQjTeIX8fFbx1fdENpHjVRxs82DO26uLEaJpoL/Ywn1xfs1uV0VQb2NGPvUJKysjMRoX0Zfa0hsSBhw/ZSlyX1xfQY8ShusVswf3zEnwI1LTgtr0CvBNwnuaSDv/IoypEfCOuMrJEGJuTPDbGGyS4VeRf0He5Dk9RskehgrJcwhlw+hXajR6SluODcsEGfL+eOUjAOO9agWaqM2CfV52/vJNhA5KMEJwHuQAU1SHr4+xaW4EKWPlxB6Sjjz/IuL+toLBetBA3ZhEfokac6rQplUIiOICd3Ghwi1rpUZPL5YuP0murhpBGTdzMzGSMhSZ74LeAcoRKEG4rKKIS3fRS65QMlaLC6uOT8givHdXsk+4zLBF0BnYAe4bq8RDcpt9TJRczL6+NaxYxa36R+DRin4U1SwaUdIvEKaEDBdVLnzKkpAim5cww1MYkGZmFcVg8u8fSnoz5TeorZy00dQCMCC+SyMb58TTA08UrCOSq07+ILregexlx+Cxpbgpabo858lkJLDpPJmq8YQmog2gaMstJbpyV3M4wf1GL4ylPurPWUuyX58H8oRyX/FH79cpsbyeNoghwfvRVw8/tOUyF1DbA8Lw0HauIHTQwMTOvREPCPmlMvldIUJxHqIpqcsXESIWT/+YaHBiKGueGqPOdkFPtXSyf4t1Ka56M/9ftvdR/oFtr/iApE0Hyosz84INF/Rq9HYd8jrVb3IcQw637U2s4sE+I95+c+VaYxcDq29Jd2jD3uZfn6vbxb7Zz//Z8G4PGBNDns+D/jDoAMIIFQQYJKoZIhvcNAQcBoIIFMgSCBS4wggUqMIIFJgYLKoZIhvcNAQwKAQKgggTuMIIE6jAcBgoqhkiG9w0BDAEDMA4ECDpR8wgSXD4AAgIIAASCBMijRdwb0L38qXtBGebx6l35L3eR8/NPfJTyDKqYQOiIhNfYp/f+Ml9g3NlCB+ba03BZBCFSo1a9csjMZ1fDgS5AoNE683hbPdNj6D5JYQtvOpX/D5rawmI0iuDTIc6GOpN5PS0ds9OLnlS6pagq3U7QycuiPR0jVq72qzQUDxnqXU0XO+IwQXFP5UhKrPJe/cbUotznQPGH5g88ydM9YelIvIVImXLlXeVLY8CtzRQPSduX1zckVUMktrpSvqJUhVuN4ikhh+4ga1LvtaziOibk6HNekSlN13sqSQ7GeWGToB1AOmN8i1LZmWRnrPG61dT3uPg0R/5rPq6hrNQvAnx7Mpq7Uz1OuzDzGoaBtX+/CVIpeYLAYm7hdKouT84hk7qsT9ls1Dwb5P1C8HjBWas0KufoyxoHL61A+xGIcHkbOeVNy20AFUf7Xhb+kPlSdOhP3Ik1F2iUXa0pFxqTNcsmTDRzAReciYxVJ0lOTbqX7O6/a+U/sT109GqVGZJcpyk1FCUSk3HWbjSKOhxjpvxqfSKexr9ZOTmih7rBNYSY6sRUYgtpQyWNo8iWilwSP3FCBCbRIJrzJ5O6wn0JDTHONqxS9zENz/MvX8oHEZk+mkpxZA4YCodP10zQjzKHsXI1lRWrUARzpDfqGck1BBXXLrLNDL3w+00ipkTdEgtdhNFtHZ7A0Fda62ys5JTKt/oWSi0FPhjXdGnxf+8rBkB/jlKx99Ue6R4S+ve7Eqyl98TelFvX5C6wa63+/kw4/8L5aSlhrAUyYrykmnZ9nb61YY4HTmwpSJP0tHmr3LHxPVx15vp3KIyrYQVvbap+FvfcLjMoU6ckLQDZpQSJdFo86MdNedrKbwmVN7pV/M2b3DjPp5ixLCSXJgK3RaATIxQL88IDv4+ySL0Z2t6jUopZ40liyDnHGDl9zajeQ1WaW4yHS65aVlzYHSFvCGr8F/4Lydk5ax5HHqna6LbFeuQ4kUcUaGfiIagtFW+ueyfOckqLnwYisjG5fQmheONPHb7jg/qHQoKasD4TvmwrvUcG20c5J57oZ80C94zySYpdHTaETXHEOwz7NBPP1hplC1IaAfbhwZ48Z0kWWqddfELUC5miapzthvzpycOzL6zWmTLjyTXPZrbkqYfVrD26bsD/YOo54BThGcBdEfu2chT2eNF0rRZwF5U9TACfzMFYxUIVRq4rWAaerppkK5JNBT/la2QxUElh9HPn+0GGL1BYYEPCihciwWy2BwJs1IgjhU4ARTlukuxK+WLPTflwvlOX5G1P5D57up8kxtDncR5IIuZJgWWSFLGOkGeHXmjynLMqS1OCzIId3dj0c3EYBnku82eItAQd5fk7/rs0Lg0S1XeVSrgPphTgviGXzTWSh28S3VZJ2G7k4dr1P/sJQounjbcDrFyYaFxYXEqyO9L6vFShO5z7/vD5h9uLPddE4vC6PKJxZoWopWncLcLljuYKG0k+y4MV9U0/cESYJWzBbcZZpULdesinhxMg1wNPu5FeeFCsZpdhN2FadIuu/Kcsk6xNeDDIwwYXb3hVY0ARRAo//LyLv3zDB0LWz1LH3qJQeZ53DbgZ4VXQ6uK0yTgSsH4Lwaj5oFBPp4NJ3hdGa7trpJbeUMIxJTAjBgkqhkiG9w0BCRUxFgQUh6FIxf4sbyJnvvC+6J1NHGaa9w0wMTAhMAkGBSsOAwIaBQAEFFkCkI701QHxh2zcZkzDy8bn7qKwBAjafnZaU5r0FgICCAA=';
-+$cert = file_get_contents(__DIR__ . "/public.crt");
-+$priv = file_get_contents(__DIR__ . "/private.crt");
-+$extracert = file_get_contents(__DIR__ . "/cert.crt");
-+$pass = "qwerty";
-+openssl_pkcs12_export($cert, $p12, $priv, $pass, array('extracerts' => [$extracert, $extracert]));
-
--$p12 = base64_decode($p12_base64);
--
--test($p12, 'qwerty');
-+test($p12, $pass);
- ?>
- --EXPECT--
- int(2)
-diff --git a/ext/openssl/tests/openssl_pkcs12_read_basic.phpt b/ext/openssl/tests/openssl_pkcs12_read_basic.phpt
-index b81b4d9dac..8cb2b41fd7 100644
---- a/ext/openssl/tests/openssl_pkcs12_read_basic.phpt
-+++ b/ext/openssl/tests/openssl_pkcs12_read_basic.phpt
-@@ -4,10 +4,12 @@ openssl_pkcs12_read() tests
- <?php if (!extension_loaded("openssl")) print "skip"; ?>
- --FILE--
- <?php
--$p12_file = __DIR__ . "/p12_with_extra_certs.p12";
--$p12 = file_get_contents($p12_file);
--$certs = array();
-+
-+$cert = file_get_contents(__DIR__ . "/public.crt");
-+$priv = file_get_contents(__DIR__ . "/private.crt");
-+$extracert = file_get_contents(__DIR__ . "/cert.crt");
- $pass = "qwerty";
-+openssl_pkcs12_export($cert, $p12, $priv, $pass, array('extracerts' => $extracert));
-
- var_dump(openssl_pkcs12_read("", $certs, ""));
- var_dump(openssl_pkcs12_read($p12, $certs, ""));
-@@ -73,24 +75,26 @@ MK80GEnRQIkB7uZVk+r0HusK
- ["extracerts"]=>
- array(1) {
- [0]=>
-- string(1111) "-----BEGIN CERTIFICATE-----
--MIIDBjCCAe4CCQDaL5/+UVeXuTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
--VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
--cyBQdHkgTHRkMB4XDTE1MDYxMDEyNDAwNVoXDTE2MDYwOTEyNDAwNVowRTELMAkG
--A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
--IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
--AL/IF7bW0vpEg5A054SDqTi5pkSeie6nyIT77qCAVI5PMlhNjxuqDIlLpCWonvKb
--LMRtp7t24BsQBRgQgps8mtfRr0gV1qq9HMfDj2bZdGcTShZN/M/BFATwxaNRTHl9
--ey8zxGcLd4aFFBlVhXHYdBXg/PG/oxJMAFuMwa+KxSP6Mqp1FlOZtvUUieQcToMf
--Mh8Lbr4g/yHFj5lgWIJ2fmJjHJZ4wf9QBeGUrVqqxzSDEL9f0PGy+grqSHoIzLr3
--+uhvhoI85nCyZs9+lrELuQKqbiZ8Q6Vmj6JGt3miNBFVTbBpP9GK8sVuVQwgqd8p
--C3e8hHqv7vwF+s0zjiZ+rCcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdpTtiyDJ
--0wLB18iunXCMUJpjc/HVYEp5P9vl2E/bcZfGns/8KxNHoe9mgJycr3mwjCjMjVx2
--L/9q/8XoT02aBncwAx4oZ2H0qfjZppaUSnSc1Uv+dsldDC2mZvJgwXN7jtQmU5P3
--cspFHuJoYK8AqYJqlO6E4L9uRF7dLEliUnrBpF4BxziwskTquRX+zgD+fmk0L5O8
--qqvm8btWCxfng+qD7UHFWbUQ2IegZ3VrBWJ2XsxOvokMM4HoHVb0BZgq8Dvu0XJ9
--EriEQkcydtrRKtlcWHLKcJuNUnkw2qfj+F8mmdaZib8Apa1UCkt0ZlpyYO3V2ejY
--WIjafwJYrv6f5g==
-+ string(1249) "-----BEGIN CERTIFICATE-----
-+MIIDbDCCAtWgAwIBAgIJAK7FVsxyN1CiMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD
-+VQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTATBgNVBAcTDFBv
-+cnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5nZWxvMR8wHQYJ
-+KoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0MB4XDTA4MDYzMDEwMjg0M1oXDTA4
-+MDczMDEwMjg0M1owgYExCzAJBgNVBAYTAkJSMRowGAYDVQQIExFSaW8gR3JhbmRl
-+IGRvIFN1bDEVMBMGA1UEBxMMUG9ydG8gQWxlZ3JlMR4wHAYDVQQDExVIZW5yaXF1
-+ZSBkbyBOLiBBbmdlbG8xHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQw
-+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMteno+QK1ulX4/WDAVBYfoTPRTz
-+e4SZLwgael4jwWTytj+8c5nNllrFELD6WjJzfjaoIMhCF4w4I2bkWR6/PTqrvnv+
-+iiiItHfKvJgYqIobUhkiKmWa2wL3mgqvNRIqTrTC4jWZuCkxQ/ksqL9O/F6zk+aR
-+S1d+KbPaqCR5Rw+lAgMBAAGjgekwgeYwHQYDVR0OBBYEFNt+QHK9XDWF7CkpgRLo
-+Ymhqtz99MIG2BgNVHSMEga4wgauAFNt+QHK9XDWF7CkpgRLoYmhqtz99oYGHpIGE
-+MIGBMQswCQYDVQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTAT
-+BgNVBAcTDFBvcnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5n
-+ZWxvMR8wHQYJKoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0ggkArsVWzHI3UKIw
-+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCP1GUnStC0TBqngr3Kx+zS
-+UW8KutKO0ORc5R8aV/x9LlaJrzPyQJgiPpu5hXogLSKRIHxQS3X2+Y0VvIpW72LW
-+PVKPhYlNtO3oKnfoJGKin0eEhXRZMjfEW/kznY+ZZmNifV2r8s+KhNAqI4PbClvn
-+4vh8xF/9+eVEj+hM+0OflA==
- -----END CERTIFICATE-----
- "
- }
-
---
-2.31.1
-
-From 8e99695bb1f630edee4ddb44ae78e99190b5efb3 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Fri, 6 Aug 2021 11:15:18 +0200
-Subject: [PATCH 23/39] Do not special case export of EC keys
-
-All other private keys are exported in PKCS#8 format, while EC
-keys use traditional format. Switch them to use PKCS#8 format as
-well.
-
-As the OpenSSL docs say:
-
-> PEM_write_bio_PrivateKey_traditional() writes out a private key
-> in the "traditional" format with a simple private key marker and
-> should only be used for compatibility with legacy programs.
-
-(cherry picked from commit f2d3e75933fa155a5281c824263780dbc660ecb1)
----
- ext/openssl/openssl.c | 36 ++++---------------
- .../tests/openssl_pkey_export_basic.phpt | 6 +++-
- 2 files changed, 11 insertions(+), 31 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 91d2589aad..b360b0506e 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -4225,21 +4225,9 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
- cipher = NULL;
- }
-
-- switch (EVP_PKEY_base_id(key)) {
--#ifdef HAVE_EVP_PKEY_EC
-- case EVP_PKEY_EC:
-- pem_write = PEM_write_bio_ECPrivateKey(
-- bio_out, EVP_PKEY_get0_EC_KEY(key), cipher,
-- (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
-- break;
--#endif
-- default:
-- pem_write = PEM_write_bio_PrivateKey(
-- bio_out, key, cipher,
-- (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
-- break;
-- }
--
-+ pem_write = PEM_write_bio_PrivateKey(
-+ bio_out, key, cipher,
-+ (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
- if (pem_write) {
- /* Success!
- * If returning the output as a string, do so now */
-@@ -4297,21 +4285,9 @@ PHP_FUNCTION(openssl_pkey_export)
- cipher = NULL;
- }
-
-- switch (EVP_PKEY_base_id(key)) {
--#ifdef HAVE_EVP_PKEY_EC
-- case EVP_PKEY_EC:
-- pem_write = PEM_write_bio_ECPrivateKey(
-- bio_out, EVP_PKEY_get0_EC_KEY(key), cipher,
-- (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
-- break;
--#endif
-- default:
-- pem_write = PEM_write_bio_PrivateKey(
-- bio_out, key, cipher,
-- (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
-- break;
-- }
--
-+ pem_write = PEM_write_bio_PrivateKey(
-+ bio_out, key, cipher,
-+ (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
- if (pem_write) {
- /* Success!
- * If returning the output as a string, do so now */
-diff --git a/ext/openssl/tests/openssl_pkey_export_basic.phpt b/ext/openssl/tests/openssl_pkey_export_basic.phpt
-index 678b7e7299..5cd68d18b8 100644
---- a/ext/openssl/tests/openssl_pkey_export_basic.phpt
-+++ b/ext/openssl/tests/openssl_pkey_export_basic.phpt
-@@ -47,7 +47,11 @@ var_dump($key instanceof OpenSSLAsymmetricKey);
- object(OpenSSLAsymmetricKey)#%d (0) {
- }
- bool(true)
-------BEGIN EC PRIVATE KEY-----%a-----END EC PRIVATE KEY-----
-+-----BEGIN PRIVATE KEY-----
-+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgs+Sqh7IzteDBiS5K
-+PfTvuWuyt9YkrkuoyiW/6bag6NmhRANCAAQ+riFshYe8HnWt1avx6OuNajipU1ZW
-+6BgW0+D/EtDDSYeQg9ngO8qyo5M6cyh7ORtKZVUy7DP1+W+eocaZC+a6
-+-----END PRIVATE KEY-----
- bool(true)
- bool(true)
- object(OpenSSLAsymmetricKey)#%d (0) {
---
-2.31.1
-
-From 87bec9d2942be4a87cccb0d28cb3e134d692c312 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Fri, 6 Aug 2021 16:51:05 +0200
-Subject: [PATCH 24/39] Switch manual DH key generation to param API
-
-Instead of using the deprecated low-level interface.
-
-This should also avoid issues with fetching parameters from
-legacy keys, cf. https://github.com/openssl/openssl/issues/16247.
-
-(cherry picked from commit a7740a0bf00704372353ea4360c3e6b58102a6f7)
----
- ext/openssl/openssl.c | 136 ++++++++++++++++++++++++++++++++++--------
- 1 file changed, 112 insertions(+), 24 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index b360b0506e..06e5adecda 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -56,6 +56,10 @@
- #include <openssl/ssl.h>
- #include <openssl/pkcs12.h>
- #include <openssl/cms.h>
-+#if PHP_OPENSSL_API_VERSION >= 0x30000
-+#include <openssl/core_names.h>
-+#include <openssl/param_build.h>
-+#endif
-
- /* Common */
- #include <time.h>
-@@ -3919,8 +3923,8 @@ static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM
- }
- /* }}} */
-
--/* {{{ php_openssl_pkey_init_dh */
--static zend_bool php_openssl_pkey_init_dh(DH *dh, zval *data, bool *is_private)
-+#if PHP_OPENSSL_API_VERSION < 0x30000
-+static zend_bool php_openssl_pkey_init_legacy_dh(DH *dh, zval *data, bool *is_private)
- {
- BIGNUM *p, *q, *g, *priv_key, *pub_key;
-
-@@ -3952,9 +3956,108 @@ static zend_bool php_openssl_pkey_init_dh(DH *dh, zval *data, bool *is_private)
- return 0;
- }
- /* all good */
-+ *is_private = true;
- return 1;
- }
--/* }}} */
-+#endif
-+
-+static EVP_PKEY *php_openssl_pkey_init_dh(zval *data, bool *is_private)
-+{
-+#if PHP_OPENSSL_API_VERSION >= 0x30000
-+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv_key = NULL, *pub_key = NULL;
-+ EVP_PKEY *param_key = NULL, *pkey = NULL;
-+ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
-+ OSSL_PARAM *params = NULL;
-+ OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
-+
-+ OPENSSL_PKEY_SET_BN(data, p);
-+ OPENSSL_PKEY_SET_BN(data, q);
-+ OPENSSL_PKEY_SET_BN(data, g);
-+ OPENSSL_PKEY_SET_BN(data, priv_key);
-+ OPENSSL_PKEY_SET_BN(data, pub_key);
-+
-+ if (!ctx || !bld || !p || !g) {
-+ goto cleanup;
-+ }
-+
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p);
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g);
-+ if (q) {
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q);
-+ }
-+ if (priv_key) {
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv_key);
-+ if (!pub_key) {
-+ pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p);
-+ if (!pub_key) {
-+ goto cleanup;
-+ }
-+ }
-+ }
-+ if (pub_key) {
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_key);
-+ }
-+
-+ params = OSSL_PARAM_BLD_to_param(bld);
-+ if (!params) {
-+ goto cleanup;
-+ }
-+
-+ if (EVP_PKEY_fromdata_init(ctx) <= 0 ||
-+ EVP_PKEY_fromdata(ctx, &param_key, EVP_PKEY_KEYPAIR, params) <= 0) {
-+ goto cleanup;
-+ }
-+
-+ if (pub_key || priv_key) {
-+ *is_private = priv_key != NULL;
-+ EVP_PKEY_up_ref(param_key);
-+ pkey = param_key;
-+ } else {
-+ *is_private = true;
-+ PHP_OPENSSL_RAND_ADD_TIME();
-+ EVP_PKEY_CTX_free(ctx);
-+ ctx = EVP_PKEY_CTX_new(param_key, NULL);
-+ if (EVP_PKEY_keygen_init(ctx) <= 0 || EVP_PKEY_keygen(ctx, &pkey) <= 0) {
-+ goto cleanup;
-+ }
-+ }
-+
-+cleanup:
-+ php_openssl_store_errors();
-+ EVP_PKEY_free(param_key);
-+ EVP_PKEY_CTX_free(ctx);
-+ OSSL_PARAM_free(params);
-+ OSSL_PARAM_BLD_free(bld);
-+ BN_free(p);
-+ BN_free(q);
-+ BN_free(g);
-+ BN_free(priv_key);
-+ BN_free(pub_key);
-+ return pkey;
-+#else
-+ EVP_PKEY *pkey = EVP_PKEY_new();
-+ if (!pkey) {
-+ php_openssl_store_errors();
-+ return NULL;
-+ }
-+
-+ DH *dh = DH_new();
-+ if (!dh) {
-+ EVP_PKEY_free(pkey);
-+ return NULL;
-+ }
-+
-+ if (!php_openssl_pkey_init_legacy_dh(dh, data, is_private)
-+ || !EVP_PKEY_assign_DH(pkey, dh)) {
-+ php_openssl_store_errors();
-+ EVP_PKEY_free(pkey);
-+ DH_free(dh);
-+ return NULL;
-+ }
-+
-+ return pkey;
-+#endif
-+}
-
- /* {{{ Generates a new private key */
- PHP_FUNCTION(openssl_pkey_new)
-@@ -4016,28 +4119,13 @@ PHP_FUNCTION(openssl_pkey_new)
- RETURN_FALSE;
- } else if ((data = zend_hash_str_find(Z_ARRVAL_P(args), "dh", sizeof("dh") - 1)) != NULL &&
- Z_TYPE_P(data) == IS_ARRAY) {
-- pkey = EVP_PKEY_new();
-- if (pkey) {
-- DH *dh = DH_new();
-- if (dh) {
-- bool is_private;
-- if (php_openssl_pkey_init_dh(dh, data, &is_private)) {
-- if (EVP_PKEY_assign_DH(pkey, dh)) {
-- php_openssl_pkey_object_init(return_value, pkey, is_private);
-- return;
-- } else {
-- php_openssl_store_errors();
-- }
-- }
-- DH_free(dh);
-- } else {
-- php_openssl_store_errors();
-- }
-- EVP_PKEY_free(pkey);
-- } else {
-- php_openssl_store_errors();
-+ bool is_private;
-+ pkey = php_openssl_pkey_init_dh(data, &is_private);
-+ if (!pkey) {
-+ RETURN_FALSE;
- }
-- RETURN_FALSE;
-+ php_openssl_pkey_object_init(return_value, pkey, is_private);
-+ return;
- #ifdef HAVE_EVP_PKEY_EC
- } else if ((data = zend_hash_str_find(Z_ARRVAL_P(args), "ec", sizeof("ec") - 1)) != NULL &&
- Z_TYPE_P(data) == IS_ARRAY) {
---
-2.31.1
-
-From 0b1f12e24360dad5c6feba319af7e12e2cf72fc1 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Fri, 6 Aug 2021 17:14:58 +0200
-Subject: [PATCH 25/39] Switch manual DSA key generation to param API
-
-This is very similar to the DH case, with the primary difference
-that priv_key is ignored if pub_key is not given, rather than
-generating pub_key from priv_key. Would be nice if these worked
-the same (in which case we should probably also unify the keygen
-for FFC algorithms, as it's very similar).
-
-(cherry picked from commit 2bf316fdfc0cfc4b6a5e27c9a13274d01b4b298f)
----
- ext/openssl/openssl.c | 126 ++++++++++++++++++++++++++++++++++--------
- 1 file changed, 102 insertions(+), 24 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 06e5adecda..84a4083807 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -3844,8 +3844,8 @@ static zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa,
- return 1;
- }
-
--/* {{{ php_openssl_pkey_init_dsa */
--static zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval *data, bool *is_private)
-+#if PHP_OPENSSL_API_VERSION < 0x30000
-+static zend_bool php_openssl_pkey_init_legacy_dsa(DSA *dsa, zval *data, bool *is_private)
- {
- BIGNUM *p, *q, *g, *priv_key, *pub_key;
- const BIGNUM *priv_key_const, *pub_key_const;
-@@ -3878,9 +3878,102 @@ static zend_bool php_openssl_pkey_init_dsa(DSA *dsa, zval *data, bool *is_privat
- return 0;
- }
- /* all good */
-+ *is_private = true;
- return 1;
- }
--/* }}} */
-+#endif
-+
-+static EVP_PKEY *php_openssl_pkey_init_dsa(zval *data, bool *is_private)
-+{
-+#if PHP_OPENSSL_API_VERSION >= 0x30000
-+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv_key = NULL, *pub_key = NULL;
-+ EVP_PKEY *param_key = NULL, *pkey = NULL;
-+ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL);
-+ OSSL_PARAM *params = NULL;
-+ OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
-+
-+ OPENSSL_PKEY_SET_BN(data, p);
-+ OPENSSL_PKEY_SET_BN(data, q);
-+ OPENSSL_PKEY_SET_BN(data, g);
-+ OPENSSL_PKEY_SET_BN(data, priv_key);
-+ OPENSSL_PKEY_SET_BN(data, pub_key);
-+
-+ if (!ctx || !bld || !p || !q || !g) {
-+ goto cleanup;
-+ }
-+
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p);
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q);
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g);
-+ // TODO: We silently ignore priv_key if pub_key is not given, unlike in the DH case.
-+ if (pub_key) {
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_key);
-+ if (priv_key) {
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv_key);
-+ }
-+ }
-+
-+ params = OSSL_PARAM_BLD_to_param(bld);
-+ if (!params) {
-+ goto cleanup;
-+ }
-+
-+ if (EVP_PKEY_fromdata_init(ctx) <= 0 ||
-+ EVP_PKEY_fromdata(ctx, &param_key, EVP_PKEY_KEYPAIR, params) <= 0) {
-+ goto cleanup;
-+ }
-+
-+ if (pub_key) {
-+ *is_private = priv_key != NULL;
-+ EVP_PKEY_up_ref(param_key);
-+ pkey = param_key;
-+ } else {
-+ *is_private = true;
-+ PHP_OPENSSL_RAND_ADD_TIME();
-+ EVP_PKEY_CTX_free(ctx);
-+ ctx = EVP_PKEY_CTX_new(param_key, NULL);
-+ if (EVP_PKEY_keygen_init(ctx) <= 0 || EVP_PKEY_keygen(ctx, &pkey) <= 0) {
-+ goto cleanup;
-+ }
-+ }
-+
-+cleanup:
-+ php_openssl_store_errors();
-+ EVP_PKEY_free(param_key);
-+ EVP_PKEY_CTX_free(ctx);
-+ OSSL_PARAM_free(params);
-+ OSSL_PARAM_BLD_free(bld);
-+ BN_free(p);
-+ BN_free(q);
-+ BN_free(g);
-+ BN_free(priv_key);
-+ BN_free(pub_key);
-+ return pkey;
-+#else
-+ EVP_PKEY *pkey = EVP_PKEY_new();
-+ if (!pkey) {
-+ php_openssl_store_errors();
-+ return NULL;
-+ }
-+
-+ DSA *dsa = DSA_new();
-+ if (!dsa) {
-+ php_openssl_store_errors();
-+ EVP_PKEY_free(pkey);
-+ return NULL;
-+ }
-+
-+ if (!php_openssl_pkey_init_legacy_dsa(dsa, data, is_private)
-+ || !EVP_PKEY_assign_DSA(pkey, dsa)) {
-+ php_openssl_store_errors();
-+ EVP_PKEY_free(pkey);
-+ DSA_free(dsa);
-+ return NULL;
-+ }
-+
-+ return pkey;
-+#endif
-+}
-
- /* {{{ php_openssl_dh_pub_from_priv */
- static BIGNUM *php_openssl_dh_pub_from_priv(BIGNUM *priv_key, BIGNUM *g, BIGNUM *p)
-@@ -4095,28 +4188,13 @@ PHP_FUNCTION(openssl_pkey_new)
- RETURN_FALSE;
- } else if ((data = zend_hash_str_find(Z_ARRVAL_P(args), "dsa", sizeof("dsa") - 1)) != NULL &&
- Z_TYPE_P(data) == IS_ARRAY) {
-- pkey = EVP_PKEY_new();
-- if (pkey) {
-- DSA *dsa = DSA_new();
-- if (dsa) {
-- bool is_private;
-- if (php_openssl_pkey_init_dsa(dsa, data, &is_private)) {
-- if (EVP_PKEY_assign_DSA(pkey, dsa)) {
-- php_openssl_pkey_object_init(return_value, pkey, is_private);
-- return;
-- } else {
-- php_openssl_store_errors();
-- }
-- }
-- DSA_free(dsa);
-- } else {
-- php_openssl_store_errors();
-- }
-- EVP_PKEY_free(pkey);
-- } else {
-- php_openssl_store_errors();
-+ bool is_private;
-+ pkey = php_openssl_pkey_init_dsa(data, &is_private);
-+ if (!pkey) {
-+ RETURN_FALSE;
- }
-- RETURN_FALSE;
-+ php_openssl_pkey_object_init(return_value, pkey, is_private);
-+ return;
- } else if ((data = zend_hash_str_find(Z_ARRVAL_P(args), "dh", sizeof("dh") - 1)) != NULL &&
- Z_TYPE_P(data) == IS_ARRAY) {
- bool is_private;
---
-2.31.1
-
-From d20cf6a278be5561debcd5ce0cc34a6046eac669 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Sun, 8 Aug 2021 17:39:06 +0200
-Subject: [PATCH 26/39] Use OpenSSL NCONF APIs (#7337)
-
-(cherry picked from commit 94bc5fce261a4a56a545bdfb25d5c2452a07de08)
----
- ext/openssl/openssl.c | 66 +++++++++++++++++++++++--------------------
- 1 file changed, 36 insertions(+), 30 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 84a4083807..1dda83f71e 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -500,8 +500,8 @@ int php_openssl_get_ssl_stream_data_index()
- static char default_ssl_conf_filename[MAXPATHLEN];
-
- struct php_x509_request { /* {{{ */
-- LHASH_OF(CONF_VALUE) * global_config; /* Global SSL config */
-- LHASH_OF(CONF_VALUE) * req_config; /* SSL config for this request */
-+ CONF *global_config; /* Global SSL config */
-+ CONF *req_config; /* SSL config for this request */
- const EVP_MD * md_alg;
- const EVP_MD * digest;
- char * section_name,
-@@ -712,13 +712,13 @@ static time_t php_openssl_asn1_time_to_time_t(ASN1_UTCTIME * timestr) /* {{{ */
- }
- /* }}} */
-
--static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH_OF(CONF_VALUE) * config) /* {{{ */
-+static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, CONF *config) /* {{{ */
- {
- X509V3_CTX ctx;
-
- X509V3_set_ctx_test(&ctx);
-- X509V3_set_conf_lhash(&ctx, config);
-- if (!X509V3_EXT_add_conf(config, &ctx, (char *)section, NULL)) {
-+ X509V3_set_nconf(&ctx, config);
-+ if (!X509V3_EXT_add_nconf(config, &ctx, (char *)section, NULL)) {
- php_openssl_store_errors();
- php_error_docref(NULL, E_WARNING, "Error loading %s section %s of %s",
- section_label,
-@@ -730,17 +730,24 @@ static inline int php_openssl_config_check_syntax(const char * section_label, co
- }
- /* }}} */
-
--static char *php_openssl_conf_get_string(
-- LHASH_OF(CONF_VALUE) *conf, const char *group, const char *name) {
-- char *str = CONF_get_string(conf, group, name);
-- if (str == NULL) {
-- /* OpenSSL reports an error if a configuration value is not found.
-- * However, we don't want to generate errors for optional configuration. */
-- ERR_clear_error();
-- }
-+static char *php_openssl_conf_get_string(CONF *conf, const char *group, const char *name) {
-+ /* OpenSSL reports an error if a configuration value is not found.
-+ * However, we don't want to generate errors for optional configuration. */
-+ ERR_set_mark();
-+ char *str = NCONF_get_string(conf, group, name);
-+ ERR_pop_to_mark();
- return str;
- }
-
-+static long php_openssl_conf_get_number(CONF *conf, const char *group, const char *name) {
-+ /* Same here, ignore errors. */
-+ long res = 0;
-+ ERR_set_mark();
-+ NCONF_get_number(conf, group, name, &res);
-+ ERR_pop_to_mark();
-+ return res;
-+}
-+
- static int php_openssl_add_oid_section(struct php_x509_request * req) /* {{{ */
- {
- char * str;
-@@ -752,7 +759,7 @@ static int php_openssl_add_oid_section(struct php_x509_request * req) /* {{{ */
- if (str == NULL) {
- return SUCCESS;
- }
-- sktmp = CONF_get_section(req->req_config, str);
-+ sktmp = NCONF_get_section(req->req_config, str);
- if (sktmp == NULL) {
- php_openssl_store_errors();
- php_error_docref(NULL, E_WARNING, "Problem loading oid section %s", str);
-@@ -823,13 +830,13 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
-
- SET_OPTIONAL_STRING_ARG("config", req->config_filename, default_ssl_conf_filename);
- SET_OPTIONAL_STRING_ARG("config_section_name", req->section_name, "req");
-- req->global_config = CONF_load(NULL, default_ssl_conf_filename, NULL);
-- if (req->global_config == NULL) {
-+ req->global_config = NCONF_new(NULL);
-+ if (!NCONF_load(req->global_config, default_ssl_conf_filename, NULL)) {
- php_openssl_store_errors();
- }
-- req->req_config = CONF_load(NULL, req->config_filename, NULL);
-- if (req->req_config == NULL) {
-- php_openssl_store_errors();
-+
-+ req->req_config = NCONF_new(NULL);
-+ if (!NCONF_load(req->req_config, req->config_filename, NULL)) {
- return FAILURE;
- }
-
-@@ -853,8 +860,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
- SET_OPTIONAL_STRING_ARG("req_extensions", req->request_extensions_section,
- php_openssl_conf_get_string(req->req_config, req->section_name, "req_extensions"));
- SET_OPTIONAL_LONG_ARG("private_key_bits", req->priv_key_bits,
-- CONF_get_number(req->req_config, req->section_name, "default_bits"));
--
-+ php_openssl_conf_get_number(req->req_config, req->section_name, "default_bits"));
- SET_OPTIONAL_LONG_ARG("private_key_type", req->priv_key_type, OPENSSL_KEYTYPE_DEFAULT);
-
- if (optional_args && (item = zend_hash_str_find(Z_ARRVAL_P(optional_args), "encrypt_key", sizeof("encrypt_key")-1)) != NULL) {
-@@ -934,11 +940,11 @@ static void php_openssl_dispose_config(struct php_x509_request * req) /* {{{ */
- req->priv_key = NULL;
- }
- if (req->global_config) {
-- CONF_free(req->global_config);
-+ NCONF_free(req->global_config);
- req->global_config = NULL;
- }
- if (req->req_config) {
-- CONF_free(req->req_config);
-+ NCONF_free(req->req_config);
- req->req_config = NULL;
- }
- }
-@@ -2844,12 +2850,12 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
- STACK_OF(CONF_VALUE) * dn_sk, *attr_sk = NULL;
- char * str, *dn_sect, *attr_sect;
-
-- dn_sect = CONF_get_string(req->req_config, req->section_name, "distinguished_name");
-+ dn_sect = NCONF_get_string(req->req_config, req->section_name, "distinguished_name");
- if (dn_sect == NULL) {
- php_openssl_store_errors();
- return FAILURE;
- }
-- dn_sk = CONF_get_section(req->req_config, dn_sect);
-+ dn_sk = NCONF_get_section(req->req_config, dn_sect);
- if (dn_sk == NULL) {
- php_openssl_store_errors();
- return FAILURE;
-@@ -2858,7 +2864,7 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
- if (attr_sect == NULL) {
- attr_sk = NULL;
- } else {
-- attr_sk = CONF_get_section(req->req_config, attr_sect);
-+ attr_sk = NCONF_get_section(req->req_config, attr_sect);
- if (attr_sk == NULL) {
- php_openssl_store_errors();
- return FAILURE;
-@@ -3275,8 +3281,8 @@ PHP_FUNCTION(openssl_csr_sign)
- X509V3_CTX ctx;
-
- X509V3_set_ctx(&ctx, cert, new_cert, csr, NULL, 0);
-- X509V3_set_conf_lhash(&ctx, req.req_config);
-- if (!X509V3_EXT_add_conf(req.req_config, &ctx, req.extensions_section, new_cert)) {
-+ X509V3_set_nconf(&ctx, req.req_config);
-+ if (!X509V3_EXT_add_nconf(req.req_config, &ctx, req.extensions_section, new_cert)) {
- php_openssl_store_errors();
- goto cleanup;
- }
-@@ -3349,10 +3355,10 @@ PHP_FUNCTION(openssl_csr_new)
- X509V3_CTX ext_ctx;
-
- X509V3_set_ctx(&ext_ctx, NULL, NULL, csr, NULL, 0);
-- X509V3_set_conf_lhash(&ext_ctx, req.req_config);
-+ X509V3_set_nconf(&ext_ctx, req.req_config);
-
- /* Add extensions */
-- if (req.request_extensions_section && !X509V3_EXT_REQ_add_conf(req.req_config,
-+ if (req.request_extensions_section && !X509V3_EXT_REQ_add_nconf(req.req_config,
- &ext_ctx, req.request_extensions_section, csr))
- {
- php_openssl_store_errors();
---
-2.31.1
-
-From 575c8ddf73c4a343139be225596c5101497e3186 Mon Sep 17 00:00:00 2001
-From: Jakub Zelenka <bukka@php.net>
-Date: Sun, 8 Aug 2021 20:54:46 +0100
-Subject: [PATCH 27/39] Make CertificateGenerator not dependent on external
- config in OpenSSL 3.0
-
-(cherry picked from commit c90c9c7545427d9d35cbac45c4ec896f54619744)
----
- ext/openssl/tests/CertificateGenerator.inc | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/ext/openssl/tests/CertificateGenerator.inc b/ext/openssl/tests/CertificateGenerator.inc
-index 1dc378e706..4783353a47 100644
---- a/ext/openssl/tests/CertificateGenerator.inc
-+++ b/ext/openssl/tests/CertificateGenerator.inc
-@@ -65,7 +65,10 @@ class CertificateGenerator
- ),
- null,
- $this->caKey,
-- 2
-+ 2,
-+ [
-+ 'config' => self::CONFIG,
-+ ]
- );
- }
-
-@@ -101,6 +104,7 @@ class CertificateGenerator
- [ req ]
- distinguished_name = req_distinguished_name
- default_md = sha256
-+default_bits = 1024
-
- [ req_distinguished_name ]
-
-@@ -124,8 +128,9 @@ CONFIG;
- ];
-
- $this->lastKey = self::generateKey($keyLength);
-+ $csr = openssl_csr_new($dn, $this->lastKey, $config);
- $this->lastCert = openssl_csr_sign(
-- openssl_csr_new($dn, $this->lastKey, $config),
-+ $csr,
- $this->ca,
- $this->caKey,
- /* days */ 2,
-@@ -139,7 +144,7 @@ CONFIG;
- openssl_x509_export($this->lastCert, $certText);
-
- $keyText = '';
-- openssl_pkey_export($this->lastKey, $keyText);
-+ openssl_pkey_export($this->lastKey, $keyText, null, $config);
-
- file_put_contents($file, $certText . PHP_EOL . $keyText);
- } finally {
---
-2.31.1
-
-From 4da1bade85b14bd1f0aa9cf9f463931de54de2ef Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Mon, 9 Aug 2021 10:26:12 +0200
-Subject: [PATCH 28/39] Extract EC key initialization
-
-(cherry picked from commit 14d7c7e9aee5ab55a92ddc626b7b81c130ea7618)
----
- ext/openssl/openssl.c | 239 ++++++++++++++++++++++--------------------
- 1 file changed, 126 insertions(+), 113 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 1dda83f71e..a595101cf6 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -4158,6 +4158,126 @@ cleanup:
- #endif
- }
-
-+#ifdef HAVE_EVP_PKEY_EC
-+static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_private) {
-+ EC_GROUP *group = NULL;
-+ EC_POINT *pnt = NULL;
-+ BIGNUM *d = NULL;
-+ zval *bn;
-+ zval *x;
-+ zval *y;
-+
-+ if ((bn = zend_hash_str_find(Z_ARRVAL_P(data), "curve_name", sizeof("curve_name") - 1)) != NULL &&
-+ Z_TYPE_P(bn) == IS_STRING) {
-+ int nid = OBJ_sn2nid(Z_STRVAL_P(bn));
-+ if (nid != NID_undef) {
-+ group = EC_GROUP_new_by_curve_name(nid);
-+ if (!group) {
-+ php_openssl_store_errors();
-+ goto clean_exit;
-+ }
-+ EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-+ EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
-+ if (!EC_KEY_set_group(eckey, group)) {
-+ php_openssl_store_errors();
-+ goto clean_exit;
-+ }
-+ }
-+ }
-+
-+ if (group == NULL) {
-+ php_error_docref(NULL, E_WARNING, "Unknown curve name");
-+ goto clean_exit;
-+ }
-+
-+ // The public key 'pnt' can be calculated from 'd' or is defined by 'x' and 'y'
-+ *is_private = false;
-+ if ((bn = zend_hash_str_find(Z_ARRVAL_P(data), "d", sizeof("d") - 1)) != NULL &&
-+ Z_TYPE_P(bn) == IS_STRING) {
-+ *is_private = true;
-+ d = BN_bin2bn((unsigned char*) Z_STRVAL_P(bn), Z_STRLEN_P(bn), NULL);
-+ if (!EC_KEY_set_private_key(eckey, d)) {
-+ php_openssl_store_errors();
-+ goto clean_exit;
-+ }
-+ // Calculate the public key by multiplying the Point Q with the public key
-+ // P = d * Q
-+ pnt = EC_POINT_new(group);
-+ if (!pnt || !EC_POINT_mul(group, pnt, d, NULL, NULL, NULL)) {
-+ php_openssl_store_errors();
-+ goto clean_exit;
-+ }
-+
-+ BN_free(d);
-+ } else if ((x = zend_hash_str_find(Z_ARRVAL_P(data), "x", sizeof("x") - 1)) != NULL &&
-+ Z_TYPE_P(x) == IS_STRING &&
-+ (y = zend_hash_str_find(Z_ARRVAL_P(data), "y", sizeof("y") - 1)) != NULL &&
-+ Z_TYPE_P(y) == IS_STRING) {
-+ pnt = EC_POINT_new(group);
-+ if (pnt == NULL) {
-+ php_openssl_store_errors();
-+ goto clean_exit;
-+ }
-+ if (!EC_POINT_set_affine_coordinates_GFp(
-+ group, pnt, BN_bin2bn((unsigned char*) Z_STRVAL_P(x), Z_STRLEN_P(x), NULL),
-+ BN_bin2bn((unsigned char*) Z_STRVAL_P(y), Z_STRLEN_P(y), NULL), NULL)) {
-+ php_openssl_store_errors();
-+ goto clean_exit;
-+ }
-+ }
-+
-+ if (pnt != NULL) {
-+ if (!EC_KEY_set_public_key(eckey, pnt)) {
-+ php_openssl_store_errors();
-+ goto clean_exit;
-+ }
-+ EC_POINT_free(pnt);
-+ pnt = NULL;
-+ }
-+
-+ if (!EC_KEY_check_key(eckey)) {
-+ PHP_OPENSSL_RAND_ADD_TIME();
-+ EC_KEY_generate_key(eckey);
-+ php_openssl_store_errors();
-+ }
-+ if (EC_KEY_check_key(eckey)) {
-+ return true;
-+ } else {
-+ php_openssl_store_errors();
-+ }
-+
-+clean_exit:
-+ BN_free(d);
-+ EC_POINT_free(pnt);
-+ EC_GROUP_free(group);
-+ return false;
-+}
-+
-+static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) {
-+ EVP_PKEY *pkey = EVP_PKEY_new();
-+ if (!pkey) {
-+ php_openssl_store_errors();
-+ return NULL;
-+ }
-+
-+ EC_KEY *ec = EC_KEY_new();
-+ if (!ec) {
-+ EVP_PKEY_free(pkey);
-+ return NULL;
-+ }
-+
-+ if (!php_openssl_pkey_init_legacy_ec(ec, data, is_private)
-+ || !EVP_PKEY_assign_EC_KEY(pkey, ec)) {
-+ php_openssl_store_errors();
-+ EVP_PKEY_free(pkey);
-+ EC_KEY_free(ec);
-+ return NULL;
-+ }
-+
-+ return pkey;
-+}
-+#endif
-+
- /* {{{ Generates a new private key */
- PHP_FUNCTION(openssl_pkey_new)
- {
-@@ -4213,120 +4333,13 @@ PHP_FUNCTION(openssl_pkey_new)
- #ifdef HAVE_EVP_PKEY_EC
- } else if ((data = zend_hash_str_find(Z_ARRVAL_P(args), "ec", sizeof("ec") - 1)) != NULL &&
- Z_TYPE_P(data) == IS_ARRAY) {
-- EC_KEY *eckey = NULL;
-- EC_GROUP *group = NULL;
-- EC_POINT *pnt = NULL;
-- BIGNUM *d = NULL;
-- pkey = EVP_PKEY_new();
-- if (pkey) {
-- eckey = EC_KEY_new();
-- if (eckey) {
-- bool is_private = false;
-- EC_GROUP *group = NULL;
-- zval *bn;
-- zval *x;
-- zval *y;
--
-- if ((bn = zend_hash_str_find(Z_ARRVAL_P(data), "curve_name", sizeof("curve_name") - 1)) != NULL &&
-- Z_TYPE_P(bn) == IS_STRING) {
-- int nid = OBJ_sn2nid(Z_STRVAL_P(bn));
-- if (nid != NID_undef) {
-- group = EC_GROUP_new_by_curve_name(nid);
-- if (!group) {
-- php_openssl_store_errors();
-- goto clean_exit;
-- }
-- EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-- EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
-- if (!EC_KEY_set_group(eckey, group)) {
-- php_openssl_store_errors();
-- goto clean_exit;
-- }
-- }
-- }
--
-- if (group == NULL) {
-- php_error_docref(NULL, E_WARNING, "Unknown curve name");
-- goto clean_exit;
-- }
--
-- // The public key 'pnt' can be calculated from 'd' or is defined by 'x' and 'y'
-- if ((bn = zend_hash_str_find(Z_ARRVAL_P(data), "d", sizeof("d") - 1)) != NULL &&
-- Z_TYPE_P(bn) == IS_STRING) {
-- is_private = true;
-- d = BN_bin2bn((unsigned char*) Z_STRVAL_P(bn), Z_STRLEN_P(bn), NULL);
-- if (!EC_KEY_set_private_key(eckey, d)) {
-- php_openssl_store_errors();
-- goto clean_exit;
-- }
-- // Calculate the public key by multiplying the Point Q with the public key
-- // P = d * Q
-- pnt = EC_POINT_new(group);
-- if (!pnt || !EC_POINT_mul(group, pnt, d, NULL, NULL, NULL)) {
-- php_openssl_store_errors();
-- goto clean_exit;
-- }
--
-- BN_free(d);
-- } else if ((x = zend_hash_str_find(Z_ARRVAL_P(data), "x", sizeof("x") - 1)) != NULL &&
-- Z_TYPE_P(x) == IS_STRING &&
-- (y = zend_hash_str_find(Z_ARRVAL_P(data), "y", sizeof("y") - 1)) != NULL &&
-- Z_TYPE_P(y) == IS_STRING) {
-- pnt = EC_POINT_new(group);
-- if (pnt == NULL) {
-- php_openssl_store_errors();
-- goto clean_exit;
-- }
-- if (!EC_POINT_set_affine_coordinates_GFp(
-- group, pnt, BN_bin2bn((unsigned char*) Z_STRVAL_P(x), Z_STRLEN_P(x), NULL),
-- BN_bin2bn((unsigned char*) Z_STRVAL_P(y), Z_STRLEN_P(y), NULL), NULL)) {
-- php_openssl_store_errors();
-- goto clean_exit;
-- }
-- }
--
-- if (pnt != NULL) {
-- if (!EC_KEY_set_public_key(eckey, pnt)) {
-- php_openssl_store_errors();
-- goto clean_exit;
-- }
-- EC_POINT_free(pnt);
-- pnt = NULL;
-- }
--
-- if (!EC_KEY_check_key(eckey)) {
-- PHP_OPENSSL_RAND_ADD_TIME();
-- EC_KEY_generate_key(eckey);
-- php_openssl_store_errors();
-- }
-- if (EC_KEY_check_key(eckey) && EVP_PKEY_assign_EC_KEY(pkey, eckey)) {
-- EC_GROUP_free(group);
-- php_openssl_pkey_object_init(return_value, pkey, is_private);
-- return;
-- } else {
-- php_openssl_store_errors();
-- }
-- } else {
-- php_openssl_store_errors();
-- }
-- } else {
-- php_openssl_store_errors();
-- }
--clean_exit:
-- if (d != NULL) {
-- BN_free(d);
-- }
-- if (pnt != NULL) {
-- EC_POINT_free(pnt);
-- }
-- if (group != NULL) {
-- EC_GROUP_free(group);
-- }
-- if (eckey != NULL) {
-- EC_KEY_free(eckey);
-+ bool is_private;
-+ pkey = php_openssl_pkey_init_ec(data, &is_private);
-+ if (!pkey) {
-+ RETURN_FALSE;
- }
-- EVP_PKEY_free(pkey);
-- RETURN_FALSE;
-+ php_openssl_pkey_object_init(return_value, pkey, is_private);
-+ return;
- #endif
- }
- }
---
-2.31.1
-
-From 0b12c49898ef390ce53e33490a842fd384de6902 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Mon, 9 Aug 2021 12:01:35 +0200
-Subject: [PATCH 29/39] Test calculation of EC public key from private key
-
-(cherry picked from commit 246698671f941b2034518ab04f35009b2da77bb1)
----
- ext/openssl/tests/ecc.phpt | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/ext/openssl/tests/ecc.phpt b/ext/openssl/tests/ecc.phpt
-index 0a71393ae3..0b05410c2c 100644
---- a/ext/openssl/tests/ecc.phpt
-+++ b/ext/openssl/tests/ecc.phpt
-@@ -33,6 +33,16 @@ $d2 = openssl_pkey_get_details($key2);
- // Compare array
- var_dump($d1 === $d2);
-
-+// Check that the public key info is computed from the private key if it is missing.
-+$d1_priv = $d1;
-+unset($d1_priv["ec"]["x"]);
-+unset($d1_priv["ec"]["y"]);
-+
-+$key3 = openssl_pkey_new($d1_priv);
-+var_dump($key3);
-+$d3 = openssl_pkey_get_details($key3);
-+var_dump($d1 === $d3);
-+
- $dn = array(
- "countryName" => "BR",
- "stateOrProvinceName" => "Rio Grande do Sul",
-@@ -93,6 +103,9 @@ bool(true)
- object(OpenSSLAsymmetricKey)#%d (0) {
- }
- bool(true)
-+object(OpenSSLAsymmetricKey)#%d (0) {
-+}
-+bool(true)
- Testing openssl_csr_new with key generation
- NULL
- object(OpenSSLAsymmetricKey)#%d (0) {
---
-2.31.1
-
-From 6b6b7c28dc81e106f6a1ef96d1f4bc43901764cf Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Mon, 9 Aug 2021 11:12:20 +0200
-Subject: [PATCH 30/39] Use param API for creating EC keys
-
-Rather than the deprecated low level APIs.
-
-(cherry picked from commit f9e701cde813fad4e1f647e63750c0b9bdeadb4e)
----
- ext/openssl/openssl.c | 96 +++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 96 insertions(+)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index a595101cf6..df057caa8b 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -4159,6 +4159,7 @@ cleanup:
- }
-
- #ifdef HAVE_EVP_PKEY_EC
-+#if PHP_OPENSSL_API_VERSION < 0x30000
- static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_private) {
- EC_GROUP *group = NULL;
- EC_POINT *pnt = NULL;
-@@ -4236,6 +4237,7 @@ static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_
- }
-
- if (!EC_KEY_check_key(eckey)) {
-+ *is_private = true;
- PHP_OPENSSL_RAND_ADD_TIME();
- EC_KEY_generate_key(eckey);
- php_openssl_store_errors();
-@@ -4252,8 +4254,101 @@ clean_exit:
- EC_GROUP_free(group);
- return false;
- }
-+#endif
-
- static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) {
-+#if PHP_OPENSSL_API_VERSION >= 0x30000
-+ BIGNUM *d = NULL, *x = NULL, *y = NULL;
-+ EC_GROUP *group = NULL;
-+ EC_POINT *pnt = NULL;
-+ char *pnt_oct = NULL;
-+ EVP_PKEY *param_key = NULL, *pkey = NULL;
-+ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
-+ OSSL_PARAM *params = NULL;
-+ OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
-+ zval *curve_name_zv = zend_hash_str_find(Z_ARRVAL_P(data), "curve_name", sizeof("curve_name") - 1);
-+
-+ OPENSSL_PKEY_SET_BN(data, d);
-+ OPENSSL_PKEY_SET_BN(data, x);
-+ OPENSSL_PKEY_SET_BN(data, y);
-+
-+ if (!ctx || !bld || !curve_name_zv || Z_TYPE_P(curve_name_zv) != IS_STRING) {
-+ goto cleanup;
-+ }
-+
-+ int nid = OBJ_sn2nid(Z_STRVAL_P(curve_name_zv));
-+ group = EC_GROUP_new_by_curve_name(nid);
-+ if (!group) {
-+ php_error_docref(NULL, E_WARNING, "Unknown curve name");
-+ goto cleanup;
-+ }
-+
-+ OSSL_PARAM_BLD_push_utf8_string(
-+ bld, OSSL_PKEY_PARAM_GROUP_NAME, Z_STRVAL_P(curve_name_zv), Z_STRLEN_P(curve_name_zv));
-+
-+ if (d) {
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, d);
-+
-+ pnt = EC_POINT_new(group);
-+ if (!pnt || !EC_POINT_mul(group, pnt, d, NULL, NULL, NULL)) {
-+ goto cleanup;
-+ }
-+ } else if (x && y) {
-+ /* OpenSSL does not allow setting EC_PUB_X/EC_PUB_Y, so convert to encoded format. */
-+ pnt = EC_POINT_new(group);
-+ if (!pnt || !EC_POINT_set_affine_coordinates(group, pnt, x, y, NULL)) {
-+ goto cleanup;
-+ }
-+ }
-+
-+ if (pnt) {
-+ size_t pnt_oct_len =
-+ EC_POINT_point2buf(group, pnt, POINT_CONVERSION_COMPRESSED, &pnt_oct, NULL);
-+ if (!pnt_oct_len) {
-+ goto cleanup;
-+ }
-+
-+ OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, pnt_oct, pnt_oct_len);
-+ }
-+
-+ params = OSSL_PARAM_BLD_to_param(bld);
-+ if (!params) {
-+ goto cleanup;
-+ }
-+
-+ if (EVP_PKEY_fromdata_init(ctx) <= 0 ||
-+ EVP_PKEY_fromdata(ctx, &param_key, EVP_PKEY_KEYPAIR, params) <= 0) {
-+ goto cleanup;
-+ }
-+
-+ EVP_PKEY_CTX_free(ctx);
-+ ctx = EVP_PKEY_CTX_new(param_key, NULL);
-+ if (EVP_PKEY_check(ctx)) {
-+ *is_private = d != NULL;
-+ EVP_PKEY_up_ref(param_key);
-+ pkey = param_key;
-+ } else {
-+ *is_private = true;
-+ PHP_OPENSSL_RAND_ADD_TIME();
-+ if (EVP_PKEY_keygen_init(ctx) <= 0 || EVP_PKEY_keygen(ctx, &pkey) <= 0) {
-+ goto cleanup;
-+ }
-+ }
-+
-+cleanup:
-+ php_openssl_store_errors();
-+ EVP_PKEY_free(param_key);
-+ EVP_PKEY_CTX_free(ctx);
-+ OSSL_PARAM_free(params);
-+ OSSL_PARAM_BLD_free(bld);
-+ EC_POINT_free(pnt);
-+ EC_GROUP_free(group);
-+ OPENSSL_free(pnt_oct);
-+ BN_free(d);
-+ BN_free(x);
-+ BN_free(y);
-+ return pkey;
-+#else
- EVP_PKEY *pkey = EVP_PKEY_new();
- if (!pkey) {
- php_openssl_store_errors();
-@@ -4275,6 +4370,7 @@ static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) {
- }
-
- return pkey;
-+#endif
- }
- #endif
-
---
-2.31.1
-
-From ab4d43be04953eb75b37d532ac5fe42f0464f1be Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Mon, 9 Aug 2021 14:19:33 +0200
-Subject: [PATCH 31/39] Extract public key portion via PEM roundtrip
-
-The workaround with cloning the X509_REQ no longer works in
-OpenSSL 3. Instead extract the public key portion by round
-tripping through PEM.
-
-(cherry picked from commit 26a51e8d7a6026f6bd69813d044785d154a296a3)
----
- ext/openssl/openssl.c | 43 +++++++++++++++++++------------------------
- 1 file changed, 19 insertions(+), 24 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index df057caa8b..e86e99c73f 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -3430,49 +3430,44 @@ PHP_FUNCTION(openssl_csr_get_subject)
- }
- /* }}} */
-
-+static EVP_PKEY *php_openssl_extract_public_key(EVP_PKEY *priv_key)
-+{
-+ /* Extract public key portion by round-tripping through PEM. */
-+ BIO *bio = BIO_new(BIO_s_mem());
-+ if (!bio || !PEM_write_bio_PUBKEY(bio, priv_key)) {
-+ BIO_free(bio);
-+ return NULL;
-+ }
-+
-+ EVP_PKEY *pub_key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
-+ BIO_free(bio);
-+ return pub_key;
-+}
-+
- /* {{{ Returns the subject of a CERT or FALSE on error */
- PHP_FUNCTION(openssl_csr_get_public_key)
- {
-- X509_REQ *orig_csr, *csr;
- zend_object *csr_obj;
- zend_string *csr_str;
- zend_bool use_shortnames = 1;
-
-- EVP_PKEY *tpubkey;
--
- ZEND_PARSE_PARAMETERS_START(1, 2)
- Z_PARAM_OBJ_OF_CLASS_OR_STR(csr_obj, php_openssl_request_ce, csr_str)
- Z_PARAM_OPTIONAL
- Z_PARAM_BOOL(use_shortnames)
- ZEND_PARSE_PARAMETERS_END();
-
-- orig_csr = php_openssl_csr_from_param(csr_obj, csr_str);
-- if (orig_csr == NULL) {
-+ X509_REQ *csr = php_openssl_csr_from_param(csr_obj, csr_str);
-+ if (csr == NULL) {
- RETURN_FALSE;
- }
-
--#if PHP_OPENSSL_API_VERSION >= 0x10100
-- /* Due to changes in OpenSSL 1.1 related to locking when decoding CSR,
-- * the pub key is not changed after assigning. It means if we pass
-- * a private key, it will be returned including the private part.
-- * If we duplicate it, then we get just the public part which is
-- * the same behavior as for OpenSSL 1.0 */
-- csr = X509_REQ_dup(orig_csr);
--#else
-- csr = orig_csr;
--#endif
--
- /* Retrieve the public key from the CSR */
-- tpubkey = X509_REQ_get_pubkey(csr);
--
-- if (csr != orig_csr) {
-- /* We need to free the duplicated CSR */
-- X509_REQ_free(csr);
-- }
-+ EVP_PKEY *tpubkey = php_openssl_extract_public_key(X509_REQ_get_pubkey(csr));
-
- if (csr_str) {
-- /* We also need to free the original CSR if it was freshly created */
-- X509_REQ_free(orig_csr);
-+ /* We need to free the original CSR if it was freshly created */
-+ X509_REQ_free(csr);
- }
-
- if (tpubkey == NULL) {
---
-2.31.1
-
-From 7939ffbdcc8d3358306653d7343f2b70204824f9 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Fri, 6 Aug 2021 12:08:07 +0200
-Subject: [PATCH 32/39] Use param API for openssl_pkey_get_details()
-
-Now that the DSA/DH/EC keys are not created using the legacy API,
-we can fetch the details using the param API as well, and not
-run into buggy priv_key handling.
-
-(cherry picked from commit 6db2c2dbe7a02055e2798e503ccde4b151b7cabf)
----
- ext/openssl/openssl.c | 123 ++++++++++++++++++++++++++++++++++++------
- 1 file changed, 106 insertions(+), 17 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index e86e99c73f..40f05da9f2 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -3788,17 +3788,17 @@ cleanup:
- }
- /* }}} */
-
--#define OPENSSL_GET_BN(_array, _bn, _name) do { \
-- if (_bn != NULL) { \
-- int len = BN_num_bytes(_bn); \
-- zend_string *str = zend_string_alloc(len, 0); \
-- BN_bn2bin(_bn, (unsigned char*)ZSTR_VAL(str)); \
-- ZSTR_VAL(str)[len] = 0; \
-- add_assoc_str(&_array, #_name, str); \
-- } \
-- } while (0);
-+static void php_openssl_add_bn_to_array(zval *ary, const BIGNUM *bn, const char *name) {
-+ if (bn != NULL) {
-+ int len = BN_num_bytes(bn);
-+ zend_string *str = zend_string_alloc(len, 0);
-+ BN_bn2bin(bn, (unsigned char *)ZSTR_VAL(str));
-+ ZSTR_VAL(str)[len] = 0;
-+ add_assoc_str(ary, name, str);
-+ }
-+}
-
--#define OPENSSL_PKEY_GET_BN(_type, _name) OPENSSL_GET_BN(_type, _name, _name)
-+#define OPENSSL_PKEY_GET_BN(_type, _name) php_openssl_add_bn_to_array(&_type, _name, #_name)
-
- #define OPENSSL_PKEY_SET_BN(_data, _name) do { \
- zval *bn; \
-@@ -4639,12 +4639,34 @@ PHP_FUNCTION(openssl_pkey_get_private)
-
- /* }}} */
-
-+#if PHP_OPENSSL_API_VERSION >= 0x30000
-+static void php_openssl_copy_bn_param(
-+ zval *ary, EVP_PKEY *pkey, const char *param, const char *name) {
-+ BIGNUM *bn = NULL;
-+ if (EVP_PKEY_get_bn_param(pkey, param, &bn) > 0) {
-+ php_openssl_add_bn_to_array(ary, bn, name);
-+ BN_free(bn);
-+ }
-+}
-+
-+static zend_string *php_openssl_get_utf8_param(
-+ EVP_PKEY *pkey, const char *param, const char *name) {
-+ char buf[64];
-+ size_t len;
-+ if (EVP_PKEY_get_utf8_string_param(pkey, param, buf, sizeof(buf), &len) > 0) {
-+ zend_string *str = zend_string_alloc(len, 0);
-+ memcpy(ZSTR_VAL(str), buf, len);
-+ ZSTR_VAL(str)[len] = '\0';
-+ return str;
-+ }
-+ return NULL;
-+}
-+#endif
-+
- /* {{{ returns an array with the key details (bits, pkey, type)*/
- PHP_FUNCTION(openssl_pkey_get_details)
- {
- zval *key;
-- EVP_PKEY *pkey;
-- BIO *out;
- unsigned int pbio_len;
- char *pbio;
- zend_long ktype;
-@@ -4653,9 +4675,9 @@ PHP_FUNCTION(openssl_pkey_get_details)
- RETURN_THROWS();
- }
-
-- pkey = Z_OPENSSL_PKEY_P(key)->pkey;
-+ EVP_PKEY *pkey = Z_OPENSSL_PKEY_P(key)->pkey;
-
-- out = BIO_new(BIO_s_mem());
-+ BIO *out = BIO_new(BIO_s_mem());
- if (!PEM_write_bio_PUBKEY(out, pkey)) {
- BIO_free(out);
- php_openssl_store_errors();
-@@ -4669,6 +4691,72 @@ PHP_FUNCTION(openssl_pkey_get_details)
- /*TODO: Use the real values once the openssl constants are used
- * See the enum at the top of this file
- */
-+#if PHP_OPENSSL_API_VERSION >= 0x30000
-+ zval ary;
-+ switch (EVP_PKEY_base_id(pkey)) {
-+ case EVP_PKEY_RSA:
-+ ktype = OPENSSL_KEYTYPE_RSA;
-+ array_init(&ary);
-+ add_assoc_zval(return_value, "rsa", &ary);
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_RSA_N, "n");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_RSA_E, "e");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_RSA_D, "d");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, "p");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, "q");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, "dmp1");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, "dmq1");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, "iqmp");
-+ break;
-+ case EVP_PKEY_DSA:
-+ ktype = OPENSSL_KEYTYPE_DSA;
-+ array_init(&ary);
-+ add_assoc_zval(return_value, "dsa", &ary);
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_FFC_P, "p");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_FFC_Q, "q");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_FFC_G, "g");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_PRIV_KEY, "priv_key");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_PUB_KEY, "pub_key");
-+ break;
-+ case EVP_PKEY_DH:
-+ ktype = OPENSSL_KEYTYPE_DH;
-+ array_init(&ary);
-+ add_assoc_zval(return_value, "dh", &ary);
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_FFC_P, "p");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_FFC_G, "g");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_PRIV_KEY, "priv_key");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_PUB_KEY, "pub_key");
-+ break;
-+ case EVP_PKEY_EC: {
-+ ktype = OPENSSL_KEYTYPE_EC;
-+ array_init(&ary);
-+ add_assoc_zval(return_value, "ec", &ary);
-+
-+ zend_string *curve_name = php_openssl_get_utf8_param(
-+ pkey, OSSL_PKEY_PARAM_GROUP_NAME, "curve_name");
-+ if (curve_name) {
-+ add_assoc_str(&ary, "curve_name", curve_name);
-+
-+ int nid = OBJ_sn2nid(ZSTR_VAL(curve_name));
-+ if (nid != NID_undef) {
-+ ASN1_OBJECT *obj = OBJ_nid2obj(nid);
-+ if (obj) {
-+ // OpenSSL recommends a buffer length of 80.
-+ char oir_buf[80];
-+ int oir_len = OBJ_obj2txt(oir_buf, sizeof(oir_buf), obj, 1);
-+ add_assoc_stringl(&ary, "curve_oid", oir_buf, oir_len);
-+ ASN1_OBJECT_free(obj);
-+ }
-+ }
-+ }
-+
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_EC_PUB_X, "x");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_EC_PUB_Y, "y");
-+ php_openssl_copy_bn_param(&ary, pkey, OSSL_PKEY_PARAM_PRIV_KEY, "d");
-+ break;
-+ }
-+ EMPTY_SWITCH_DEFAULT_CASE();
-+ }
-+#else
- switch (EVP_PKEY_base_id(pkey)) {
- case EVP_PKEY_RSA:
- case EVP_PKEY_RSA2:
-@@ -4785,14 +4873,14 @@ PHP_FUNCTION(openssl_pkey_get_details)
- pub = EC_KEY_get0_public_key(ec_key);
-
- if (EC_POINT_get_affine_coordinates_GFp(ec_group, pub, x, y, NULL)) {
-- OPENSSL_GET_BN(ec, x, x);
-- OPENSSL_GET_BN(ec, y, y);
-+ php_openssl_add_bn_to_array(&ec, x, "x");
-+ php_openssl_add_bn_to_array(&ec, y, "y");
- } else {
- php_openssl_store_errors();
- }
-
- if ((d = EC_KEY_get0_private_key(EVP_PKEY_get0_EC_KEY(pkey))) != NULL) {
-- OPENSSL_GET_BN(ec, d, d);
-+ php_openssl_add_bn_to_array(&ec, d, "d");
- }
-
- add_assoc_zval(return_value, "ec", &ec);
-@@ -4806,6 +4894,7 @@ PHP_FUNCTION(openssl_pkey_get_details)
- ktype = -1;
- break;
- }
-+#endif
- add_assoc_long(return_value, "type", ktype);
-
- BIO_free(out);
---
-2.31.1
-
-From 35012d2b29254b806e5f376817d22f6c3bab136d Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Mon, 9 Aug 2021 14:34:12 +0200
-Subject: [PATCH 33/39] Add missing unsigned qualifier
-
-This previously got lost in the deprecation warning noise.
-
-(cherry picked from commit ff2a39e6fcbd9a3bd7f411168b19711a4be9a2a4)
----
- ext/openssl/openssl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 40f05da9f2..856d7fc4af 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -4256,7 +4256,7 @@ static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) {
- BIGNUM *d = NULL, *x = NULL, *y = NULL;
- EC_GROUP *group = NULL;
- EC_POINT *pnt = NULL;
-- char *pnt_oct = NULL;
-+ unsigned char *pnt_oct = NULL;
- EVP_PKEY *param_key = NULL, *pkey = NULL;
- EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
- OSSL_PARAM *params = NULL;
---
-2.31.1
-
-From c34296faadc0a9e15e4ca960d573cdf3aabd8742 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Mon, 9 Aug 2021 14:47:43 +0200
-Subject: [PATCH 34/39] Use param API to create RSA key
-
-Instead of deprecated low-level API.
-
-A caveat here is that when using the high-level API, OpenSSL 3
-requires that if the prime factors are set, the CRT parameters
-are also set. See https://github.com/openssl/openssl/issues/16271.
-
-As such, add CRT parameters to the manual construction test.
-
-This fixes the last deprecation warnings in openssl.c, but there
-are more elsewhere.
-
-(cherry picked from commit 3724b49aa953fadc365c27e64fba2266d7f6d16b)
----
- ext/openssl/openssl.c | 121 +++++++++++++++---
- ext/openssl/tests/openssl_pkey_new_basic.phpt | 16 +++
- 2 files changed, 116 insertions(+), 21 deletions(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 856d7fc4af..9e31f76998 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -3812,8 +3812,8 @@ static void php_openssl_add_bn_to_array(zval *ary, const BIGNUM *bn, const char
- } \
- } while (0);
-
--/* {{{ php_openssl_pkey_init_rsa */
--static zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa, zval *data)
-+#if PHP_OPENSSL_API_VERSION < 0x30000
-+static zend_bool php_openssl_pkey_init_legacy_rsa(RSA *rsa, zval *data)
- {
- BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
-
-@@ -3837,12 +3837,102 @@ static zend_bool php_openssl_pkey_init_and_assign_rsa(EVP_PKEY *pkey, RSA *rsa,
- return 0;
- }
-
-- if (!EVP_PKEY_assign_RSA(pkey, rsa)) {
-+ return 1;
-+}
-+#endif
-+
-+static EVP_PKEY *php_openssl_pkey_init_rsa(zval *data)
-+{
-+#if PHP_OPENSSL_API_VERSION >= 0x30000
-+ BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL;
-+ BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
-+ EVP_PKEY *pkey = NULL;
-+ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
-+ OSSL_PARAM *params = NULL;
-+ OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
-+
-+ OPENSSL_PKEY_SET_BN(data, n);
-+ OPENSSL_PKEY_SET_BN(data, e);
-+ OPENSSL_PKEY_SET_BN(data, d);
-+ OPENSSL_PKEY_SET_BN(data, p);
-+ OPENSSL_PKEY_SET_BN(data, q);
-+ OPENSSL_PKEY_SET_BN(data, dmp1);
-+ OPENSSL_PKEY_SET_BN(data, dmq1);
-+ OPENSSL_PKEY_SET_BN(data, iqmp);
-+
-+ if (!ctx || !bld || !n || !d) {
-+ goto cleanup;
-+ }
-+
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n);
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d);
-+ if (e) {
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e);
-+ }
-+ if (p) {
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1, p);
-+ }
-+ if (q) {
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2, q);
-+ }
-+ if (dmp1) {
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_EXPONENT1, dmp1);
-+ }
-+ if (dmq1) {
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_EXPONENT2, dmq1);
-+ }
-+ if (iqmp) {
-+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, iqmp);
-+ }
-+
-+ params = OSSL_PARAM_BLD_to_param(bld);
-+ if (!params) {
-+ goto cleanup;
-+ }
-+
-+ if (EVP_PKEY_fromdata_init(ctx) <= 0 ||
-+ EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) {
-+ goto cleanup;
-+ }
-+
-+cleanup:
-+ php_openssl_store_errors();
-+ EVP_PKEY_CTX_free(ctx);
-+ OSSL_PARAM_free(params);
-+ OSSL_PARAM_BLD_free(bld);
-+ BN_free(n);
-+ BN_free(e);
-+ BN_free(d);
-+ BN_free(p);
-+ BN_free(q);
-+ BN_free(dmp1);
-+ BN_free(dmq1);
-+ BN_free(iqmp);
-+ return pkey;
-+#else
-+ EVP_PKEY *pkey = EVP_PKEY_new();
-+ if (!pkey) {
- php_openssl_store_errors();
-- return 0;
-+ return NULL;
- }
-
-- return 1;
-+ RSA *rsa = RSA_new();
-+ if (!rsa) {
-+ php_openssl_store_errors();
-+ EVP_PKEY_free(pkey);
-+ return NULL;
-+ }
-+
-+ if (!php_openssl_pkey_init_legacy_rsa(rsa, data)
-+ || !EVP_PKEY_assign_RSA(pkey, rsa)) {
-+ php_openssl_store_errors();
-+ EVP_PKEY_free(pkey);
-+ RSA_free(rsa);
-+ return NULL;
-+ }
-+
-+ return pkey;
-+#endif
- }
-
- #if PHP_OPENSSL_API_VERSION < 0x30000
-@@ -4386,23 +4476,12 @@ PHP_FUNCTION(openssl_pkey_new)
-
- if ((data = zend_hash_str_find(Z_ARRVAL_P(args), "rsa", sizeof("rsa")-1)) != NULL &&
- Z_TYPE_P(data) == IS_ARRAY) {
-- pkey = EVP_PKEY_new();
-- if (pkey) {
-- RSA *rsa = RSA_new();
-- if (rsa) {
-- if (php_openssl_pkey_init_and_assign_rsa(pkey, rsa, data)) {
-- php_openssl_pkey_object_init(return_value, pkey, /* is_private */ true);
-- return;
-- }
-- RSA_free(rsa);
-- } else {
-- php_openssl_store_errors();
-- }
-- EVP_PKEY_free(pkey);
-- } else {
-- php_openssl_store_errors();
-+ pkey = php_openssl_pkey_init_rsa(data);
-+ if (!pkey) {
-+ RETURN_FALSE;
- }
-- RETURN_FALSE;
-+ php_openssl_pkey_object_init(return_value, pkey, /* is_private */ true);
-+ return;
- } else if ((data = zend_hash_str_find(Z_ARRVAL_P(args), "dsa", sizeof("dsa") - 1)) != NULL &&
- Z_TYPE_P(data) == IS_ARRAY) {
- bool is_private;
-diff --git a/ext/openssl/tests/openssl_pkey_new_basic.phpt b/ext/openssl/tests/openssl_pkey_new_basic.phpt
-index b2c37f6a87..08c9660f22 100644
---- a/ext/openssl/tests/openssl_pkey_new_basic.phpt
-+++ b/ext/openssl/tests/openssl_pkey_new_basic.phpt
-@@ -26,6 +26,11 @@ $phex = "EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632" .
- $qhex = "C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D86" .
- "9840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503";
-
-+$dphex = "11";
-+$dqhex = "11";
-+$qinvhex = "b06c4fdabb6301198d265bdbae9423b380f271f73453885093077fcd39e2119f" .
-+ "c98632154f5883b167a967bf402b4e9e2e0f9656e698ea3666edfb25798039f7";
-+
- $rsa= openssl_pkey_new(array(
- 'rsa' => array(
- 'n' => hex2bin($nhex),
-@@ -33,6 +38,9 @@ $rsa= openssl_pkey_new(array(
- 'd' => hex2bin($dhex),
- 'p' => hex2bin($phex),
- 'q' => hex2bin($qhex),
-+ 'dmp1' => hex2bin($dphex),
-+ 'dmq1' => hex2bin($dqhex),
-+ 'iqmp' => hex2bin($qinvhex),
- )
- ));
- $details = openssl_pkey_get_details($rsa);
-@@ -42,6 +50,10 @@ openssl_pkey_test_cmp($ehex, $rsa_details['e']);
- openssl_pkey_test_cmp($dhex, $rsa_details['d']);
- openssl_pkey_test_cmp($phex, $rsa_details['p']);
- openssl_pkey_test_cmp($qhex, $rsa_details['q']);
-+openssl_pkey_test_cmp($dphex, $rsa_details['dmp1']);
-+openssl_pkey_test_cmp($dqhex, $rsa_details['dmq1']);
-+openssl_pkey_test_cmp($qinvhex, $rsa_details['iqmp']);
-+echo "\n";
-
- // DSA
- $phex = '00f8000ae45b2dacb47dd977d58b719d097bdf07cb2c17660ad898518c08' .
-@@ -95,6 +107,10 @@ int(0)
- int(0)
- int(0)
- int(0)
-+int(0)
-+int(0)
-+int(0)
-+
- int(0)
- int(0)
- int(0)
---
-2.31.1
-
-From b32adee0fe39c9d0fb981fc7cfe1892c225ba1c3 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Tue, 10 Aug 2021 11:50:18 +0200
-Subject: [PATCH 35/39] Fork openssl_error_string() test for OpenSSL
-
-The used error code differ signficantly, so use a separate test
-file.
-
-openssl_encrypt() no longer throws an error for invalid key length,
-which looks like an upstream bug.
-
-(cherry picked from commit e5f53e1ca13bfe8abd0f6037c98b59d2dac5744f)
----
- .../tests/openssl_error_string_basic.phpt | 7 +-
- .../openssl_error_string_basic_openssl3.phpt | 183 ++++++++++++++++++
- 2 files changed, 188 insertions(+), 2 deletions(-)
- create mode 100644 ext/openssl/tests/openssl_error_string_basic_openssl3.phpt
-
-diff --git a/ext/openssl/tests/openssl_error_string_basic.phpt b/ext/openssl/tests/openssl_error_string_basic.phpt
-index f3eb82067b..aee84b3fab 100644
---- a/ext/openssl/tests/openssl_error_string_basic.phpt
-+++ b/ext/openssl/tests/openssl_error_string_basic.phpt
-@@ -1,7 +1,10 @@
- --TEST--
--openssl_error_string() tests
-+openssl_error_string() tests (OpenSSL < 3.0)
- --SKIPIF--
--<?php if (!extension_loaded("openssl")) print "skip"; ?>
-+<?php
-+if (!extension_loaded("openssl")) print "skip";
-+if (OPENSSL_VERSION_NUMBER >= 0x30000000) die('skip For OpenSSL < 3.0');
-+?>
- --FILE--
- <?php
- // helper function to check openssl errors
-diff --git a/ext/openssl/tests/openssl_error_string_basic_openssl3.phpt b/ext/openssl/tests/openssl_error_string_basic_openssl3.phpt
-new file mode 100644
-index 0000000000..b119346fe1
---- /dev/null
-+++ b/ext/openssl/tests/openssl_error_string_basic_openssl3.phpt
-@@ -0,0 +1,183 @@
-+--TEST--
-+openssl_error_string() tests (OpenSSL >= 3.0)
-+--EXTENSIONS--
-+openssl
-+--SKIPIF--
-+<?php
-+if (OPENSSL_VERSION_NUMBER < 0x30000000) die('skip For OpenSSL >= 3.0');
-+?>
-+--FILE--
-+<?php
-+// helper function to check openssl errors
-+function expect_openssl_errors($name, $expected_error_codes) {
-+ $expected_errors = array_fill_keys($expected_error_codes, false);
-+ $all_errors = array();
-+ while (($error_string = openssl_error_string()) !== false) {
-+ if (preg_match(",.+:([0-9A-F]+):.+,", $error_string, $m) > 0) {
-+ $error_code = $m[1];
-+ if (isset($expected_errors[$error_code])) {
-+ $expected_errors[$error_code] = true;
-+ }
-+ $all_errors[$error_code] = $error_string;
-+ } else {
-+ $all_errors[] = $error_string;
-+ }
-+ }
-+
-+ $fail = false;
-+ foreach ($expected_errors as $error_code => $error_code_found) {
-+ if (!$error_code_found) {
-+ $fail = true;
-+ echo "$name: no error code $error_code\n";
-+ }
-+ }
-+
-+ if (!$fail) {
-+ echo "$name: ok\n";
-+ } else {
-+ echo "$name: uncaught errors\n";
-+ foreach ($all_errors as $code => $str) {
-+ if (!isset($expected_errors[$code]) || !$expected_errors[$code]) {
-+ echo "\t", $code, ": ", $str, "\n";
-+ }
-+ }
-+ }
-+}
-+
-+// helper for debugging errors
-+function dump_openssl_errors($name) {
-+ echo "\n$name\n";
-+ while (($error_string = openssl_error_string()) !== false) {
-+ var_dump($error_string);
-+ }
-+}
-+
-+// common output file
-+$output_file = __DIR__ . "/openssl_error_string_basic_output.tmp";
-+// invalid file for read is something that does not exist in current directory
-+$invalid_file_for_read = __DIR__ . "/invalid_file_for_read_operation.txt";
-+// invalid file for is the test dir as writing file to existing dir should always fail
-+$invalid_file_for_write = __DIR__;
-+// crt file
-+$crt_file = "file://" . __DIR__ . "/cert.crt";
-+// csr file
-+$csr_file = "file://" . __DIR__ . "/cert.csr";
-+// public key file
-+$public_key_file = "file://" .__DIR__ . "/public.key";
-+// private key file
-+$private_key_file = "file://" .__DIR__ . "/private_rsa_1024.key";
-+// private key file with password (password is 'php')
-+$private_key_file_with_pass = "file://" .__DIR__ . "/private_rsa_2048_pass_php.key";
-+
-+// ENCRYPTION
-+$data = "test";
-+$method = "AES-128-ECB";
-+$enc_key = str_repeat('x', 40);
-+// error because password is longer then key length and
-+// EVP_CIPHER_CTX_set_key_length fails for AES
-+if (0) {
-+// TODO: This no longer errors!
-+openssl_encrypt($data, $method, $enc_key);
-+$enc_error = openssl_error_string();
-+var_dump($enc_error);
-+// make sure that error is cleared now
-+var_dump(openssl_error_string());
-+// internally OpenSSL ERR won't save more than 15 (16 - 1) errors so lets test it
-+for ($i = 0; $i < 20; $i++) {
-+ openssl_encrypt($data, $method, $enc_key);
-+}
-+$error_queue_size = 0;
-+while (($enc_error_new = openssl_error_string()) !== false) {
-+ if ($enc_error_new !== $enc_error) {
-+ echo "The new encoding error doesn't match the expected one\n";
-+ }
-+ ++$error_queue_size;
-+}
-+var_dump($error_queue_size);
-+echo "\n";
-+}
-+
-+$err_pem_no_start_line = '0480006C';
-+
-+// PKEY
-+echo "PKEY errors\n";
-+// file for pkey (file:///) fails when opennig (BIO_new_file)
-+@openssl_pkey_export_to_file("file://" . $invalid_file_for_read, $output_file);
-+expect_openssl_errors('openssl_pkey_export_to_file opening', ['10000080']);
-+// file or private pkey is not correct PEM - failing PEM_read_bio_PrivateKey
-+@openssl_pkey_export_to_file($csr_file, $output_file);
-+expect_openssl_errors('openssl_pkey_export_to_file pem', ['1E08010C']);
-+// file to export cannot be written
-+@openssl_pkey_export_to_file($private_key_file, $invalid_file_for_write);
-+expect_openssl_errors('openssl_pkey_export_to_file write', ['10080002']);
-+// successful export
-+@openssl_pkey_export($private_key_file_with_pass, $out, 'wrong pwd');
-+expect_openssl_errors('openssl_pkey_export', ['1C800064', '04800065']);
-+// invalid x509 for getting public key
-+@openssl_pkey_get_public($private_key_file);
-+expect_openssl_errors('openssl_pkey_get_public', [$err_pem_no_start_line]);
-+// private encrypt with unknown padding
-+@openssl_private_encrypt("data", $crypted, $private_key_file, 1000);
-+expect_openssl_errors('openssl_private_encrypt', ['1C8000A5']);
-+// private decrypt with failed padding check
-+@openssl_private_decrypt("data", $crypted, $private_key_file);
-+expect_openssl_errors('openssl_private_decrypt', ['0200009F', '02000072']);
-+// public encrypt and decrypt with failed padding check and padding
-+@openssl_public_encrypt("data", $crypted, $public_key_file, 1000);
-+@openssl_public_decrypt("data", $crypted, $public_key_file);
-+expect_openssl_errors('openssl_private_(en|de)crypt padding', [$err_pem_no_start_line, '02000076', '0200008A', '02000072', '1C880004']);
-+
-+// X509
-+echo "X509 errors\n";
-+// file for x509 (file:///) fails when opennig (BIO_new_file)
-+@openssl_x509_export_to_file("file://" . $invalid_file_for_read, $output_file);
-+expect_openssl_errors('openssl_x509_export_to_file open', ['10000080']);
-+// file or str cert is not correct PEM - failing PEM_read_bio_X509 or PEM_ASN1_read_bio
-+@openssl_x509_export_to_file($csr_file, $output_file);
-+expect_openssl_errors('openssl_x509_export_to_file pem', [$err_pem_no_start_line]);
-+// file to export cannot be written
-+@openssl_x509_export_to_file($crt_file, $invalid_file_for_write);
-+expect_openssl_errors('openssl_x509_export_to_file write', ['10080002']);
-+// checking purpose fails because there is no such purpose 1000
-+@openssl_x509_checkpurpose($crt_file, 1000);
-+expect_openssl_errors('openssl_x509_checkpurpose purpose', ['05800079']);
-+
-+// CSR
-+echo "CSR errors\n";
-+// file for csr (file:///) fails when opennig (BIO_new_file)
-+@openssl_csr_get_subject("file://" . $invalid_file_for_read);
-+expect_openssl_errors('openssl_csr_get_subject open', ['10000080']);
-+// file or str csr is not correct PEM - failing PEM_read_bio_X509_REQ
-+@openssl_csr_get_subject($crt_file);
-+expect_openssl_errors('openssl_csr_get_subjec pem', [$err_pem_no_start_line]);
-+
-+// other possible causes that are difficult to catch:
-+// - ASN1_STRING_to_UTF8 fails in add_assoc_name_entry
-+// - invalid php_x509_request field (NULL) would cause error with CONF_get_string
-+
-+?>
-+--CLEAN--
-+<?php
-+$output_file = __DIR__ . "/openssl_error_string_basic_output.tmp";
-+if (is_file($output_file)) {
-+ unlink($output_file);
-+}
-+?>
-+--EXPECT--
-+PKEY errors
-+openssl_pkey_export_to_file opening: ok
-+openssl_pkey_export_to_file pem: ok
-+openssl_pkey_export_to_file write: ok
-+openssl_pkey_export: ok
-+openssl_pkey_get_public: ok
-+openssl_private_encrypt: ok
-+openssl_private_decrypt: ok
-+openssl_private_(en|de)crypt padding: ok
-+X509 errors
-+openssl_x509_export_to_file open: ok
-+openssl_x509_export_to_file pem: ok
-+openssl_x509_export_to_file write: ok
-+openssl_x509_checkpurpose purpose: ok
-+CSR errors
-+openssl_csr_get_subject open: ok
-+openssl_csr_get_subjec pem: ok
---
-2.31.1
-
-From f99d70f7d8d660c2ded4f8f1700771c227987021 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Tue, 10 Aug 2021 12:17:17 +0200
-Subject: [PATCH 36/39] Switch dh_param handling to EVP_PKEY API
-
-(cherry picked from commit ef787bae242fdd2e72625bbce6ab4ca466b1ef59)
----
- ext/openssl/xp_ssl.c | 26 +++++++++++++++++++-------
- 1 file changed, 19 insertions(+), 7 deletions(-)
-
-diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
-index 206543ca82..b61234943e 100644
---- a/ext/openssl/xp_ssl.c
-+++ b/ext/openssl/xp_ssl.c
-@@ -1197,11 +1197,7 @@ static RSA *php_openssl_tmp_rsa_cb(SSL *s, int is_export, int keylength)
-
- static int php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /* {{{ */
- {
-- DH *dh;
-- BIO* bio;
-- zval *zdhpath;
--
-- zdhpath = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "dh_param");
-+ zval *zdhpath = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "dh_param");
- if (zdhpath == NULL) {
- #if 0
- /* Coming in OpenSSL 1.1 ... eventually we'll want to enable this
-@@ -1216,14 +1212,29 @@ static int php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /*
- return FAILURE;
- }
-
-- bio = BIO_new_file(Z_STRVAL_P(zdhpath), PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
-+ BIO *bio = BIO_new_file(Z_STRVAL_P(zdhpath), PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
-
- if (bio == NULL) {
- php_error_docref(NULL, E_WARNING, "Invalid dh_param");
- return FAILURE;
- }
-
-- dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
-+#if PHP_OPENSSL_API_VERSION >= 0x30000
-+ EVP_PKEY *pkey = PEM_read_bio_Parameters(bio, NULL);
-+ BIO_free(bio);
-+
-+ if (pkey == NULL) {
-+ php_error_docref(NULL, E_WARNING, "Failed reading DH params");
-+ return FAILURE;
-+ }
-+
-+ if (SSL_CTX_set0_tmp_dh_pkey(ctx, pkey) < 0) {
-+ php_error_docref(NULL, E_WARNING, "Failed assigning DH params");
-+ EVP_PKEY_free(pkey);
-+ return FAILURE;
-+ }
-+#else
-+ DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
- BIO_free(bio);
-
- if (dh == NULL) {
-@@ -1238,6 +1249,7 @@ static int php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /*
- }
-
- DH_free(dh);
-+#endif
-
- return SUCCESS;
- }
---
-2.31.1
-
-From b3deb9b38d4a52b4582f40d4d32240353db26653 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <nikita.ppv@gmail.com>
-Date: Wed, 11 Aug 2021 10:11:12 +0200
-Subject: [PATCH 37/39] Fix openssl memory leaks
-
-Some leaks that snuck in during refactorings.
-
-(cherry picked from commit 7d2a2c7dc0447c81316d14f3a43a4b6a8ce0b982)
----
- ext/openssl/openssl.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index 9e31f76998..d8102bd4bc 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -3463,7 +3463,9 @@ PHP_FUNCTION(openssl_csr_get_public_key)
- }
-
- /* Retrieve the public key from the CSR */
-- EVP_PKEY *tpubkey = php_openssl_extract_public_key(X509_REQ_get_pubkey(csr));
-+ EVP_PKEY *orig_key = X509_REQ_get_pubkey(csr);
-+ EVP_PKEY *tpubkey = php_openssl_extract_public_key(orig_key);
-+ EVP_PKEY_free(orig_key);
-
- if (csr_str) {
- /* We need to free the original CSR if it was freshly created */
-@@ -4328,6 +4330,7 @@ static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_
- php_openssl_store_errors();
- }
- if (EC_KEY_check_key(eckey)) {
-+ EC_GROUP_free(group);
- return true;
- } else {
- php_openssl_store_errors();
---
-2.31.1
-
-From 02f08ac888b0c5f43468eaf76b59b29a7c2d7c74 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Fri, 10 Sep 2021 11:28:20 +0200
-Subject: [PATCH 38/39] fix [-Wmaybe-uninitialized] build warnings
-
-(cherry picked from commit 6ee96f095ad947ffc820437b2e9e6449000e18a2)
----
- ext/openssl/openssl.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index d8102bd4bc..40e6e7ba97 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -3991,6 +3991,8 @@ static EVP_PKEY *php_openssl_pkey_init_dsa(zval *data, bool *is_private)
- OPENSSL_PKEY_SET_BN(data, priv_key);
- OPENSSL_PKEY_SET_BN(data, pub_key);
-
-+ *is_private = false;
-+
- if (!ctx || !bld || !p || !q || !g) {
- goto cleanup;
- }
-@@ -4162,6 +4164,8 @@ static EVP_PKEY *php_openssl_pkey_init_dh(zval *data, bool *is_private)
- OPENSSL_PKEY_SET_BN(data, priv_key);
- OPENSSL_PKEY_SET_BN(data, pub_key);
-
-+ *is_private = false;
-+
- if (!ctx || !bld || !p || !g) {
- goto cleanup;
- }
-@@ -4255,6 +4259,8 @@ static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_
- zval *x;
- zval *y;
-
-+ *is_private = false;
-+
- if ((bn = zend_hash_str_find(Z_ARRVAL_P(data), "curve_name", sizeof("curve_name") - 1)) != NULL &&
- Z_TYPE_P(bn) == IS_STRING) {
- int nid = OBJ_sn2nid(Z_STRVAL_P(bn));
-@@ -4279,7 +4285,6 @@ static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_
- }
-
- // The public key 'pnt' can be calculated from 'd' or is defined by 'x' and 'y'
-- *is_private = false;
- if ((bn = zend_hash_str_find(Z_ARRVAL_P(data), "d", sizeof("d") - 1)) != NULL &&
- Z_TYPE_P(bn) == IS_STRING) {
- *is_private = true;
-@@ -4360,6 +4365,8 @@ static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) {
- OPENSSL_PKEY_SET_BN(data, x);
- OPENSSL_PKEY_SET_BN(data, y);
-
-+ *is_private = false;
-+
- if (!ctx || !bld || !curve_name_zv || Z_TYPE_P(curve_name_zv) != IS_STRING) {
- goto cleanup;
- }
---
-2.31.1
-
-From b881c41d32928781cb48013692da04fc84ca9107 Mon Sep 17 00:00:00 2001
-From: Jakub Zelenka <bukka@php.net>
-Date: Sun, 12 Sep 2021 20:30:02 +0100
-Subject: [PATCH 39/39] Make OpenSSL tests less dependent on system config
-
-It fixes dependencies on system config if running tests with OpenSSL 3.0
-
-(cherry picked from commit 43f0141d74c1db6e792f3b625ea7f4ae57ff338f)
----
- ext/openssl/tests/bug52093.phpt | 6 +++---
- ext/openssl/tests/bug72165.phpt | 5 +++--
- ext/openssl/tests/bug73711.phpt | 3 +++
- ext/openssl/tests/ecc.phpt | 3 +++
- .../tests/openssl_error_string_basic_openssl3.phpt | 9 +++++----
- 5 files changed, 17 insertions(+), 9 deletions(-)
-
-diff --git a/ext/openssl/tests/bug52093.phpt b/ext/openssl/tests/bug52093.phpt
-index 63eaceb5ac..162945f914 100644
---- a/ext/openssl/tests/bug52093.phpt
-+++ b/ext/openssl/tests/bug52093.phpt
-@@ -14,10 +14,10 @@ $dn = array(
- "commonName" => "Henrique do N. Angelo",
- "emailAddress" => "hnangelo@php.net"
- );
--
-+$options = ['config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf'];
- $privkey = openssl_pkey_new();
--$csr = openssl_csr_new($dn, $privkey);
--$cert = openssl_csr_sign($csr, null, $privkey, 365, [], PHP_INT_MAX);
-+$csr = openssl_csr_new($dn, $privkey, $options);
-+$cert = openssl_csr_sign($csr, null, $privkey, 365, $options, PHP_INT_MAX);
- var_dump(openssl_x509_parse($cert)['serialNumber']);
- ?>
- --EXPECT--
-diff --git a/ext/openssl/tests/bug72165.phpt b/ext/openssl/tests/bug72165.phpt
-index 50e8b54100..fb78881fc3 100644
---- a/ext/openssl/tests/bug72165.phpt
-+++ b/ext/openssl/tests/bug72165.phpt
-@@ -6,8 +6,9 @@ if (!extension_loaded("openssl")) die("skip");
- ?>
- --FILE--
- <?php
--$var0 = array(0 => "hello", 1 => "world");
--$var2 = openssl_csr_new(array(0),$var0,null,array(0));
-+$var0 = [0 => "hello", 1 => "world"];
-+$options = ['config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf'];
-+$var2 = openssl_csr_new([0], $var0, $options, [0]);
- ?>
- --EXPECTF--
- Warning: openssl_csr_new(): dn: numeric fild names are not supported in %sbug72165.php on line %d
-diff --git a/ext/openssl/tests/bug73711.phpt b/ext/openssl/tests/bug73711.phpt
-index 4e4bba8aa8..8ca0101d1a 100644
---- a/ext/openssl/tests/bug73711.phpt
-+++ b/ext/openssl/tests/bug73711.phpt
-@@ -6,13 +6,16 @@ if (!extension_loaded("openssl")) die("skip openssl not loaded");
- ?>
- --FILE--
- <?php
-+$config = __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf';
- var_dump(openssl_pkey_new([
- "private_key_type" => OPENSSL_KEYTYPE_DSA,
- "private_key_bits" => 1024,
-+ 'config' => $config,
- ]));
- var_dump(openssl_pkey_new([
- "private_key_type" => OPENSSL_KEYTYPE_DH,
- "private_key_bits" => 512,
-+ 'config' => $config,
- ]));
- echo "DONE";
- ?>
-diff --git a/ext/openssl/tests/ecc.phpt b/ext/openssl/tests/ecc.phpt
-index 0b05410c2c..1d97b1450a 100644
---- a/ext/openssl/tests/ecc.phpt
-+++ b/ext/openssl/tests/ecc.phpt
-@@ -4,9 +4,11 @@ openssl_*() with OPENSSL_KEYTYPE_EC
- <?php if (!extension_loaded("openssl") || !defined("OPENSSL_KEYTYPE_EC")) print "skip"; ?>
- --FILE--
- <?php
-+$config = __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf';
- $args = array(
- "curve_name" => "secp384r1",
- "private_key_type" => OPENSSL_KEYTYPE_EC,
-+ "config" => $config,
- );
- echo "Testing openssl_pkey_new\n";
- $key1 = openssl_pkey_new($args);
-@@ -15,6 +17,7 @@ var_dump($key1);
- $argsFailed = array(
- "curve_name" => "invalid_cuve_name",
- "private_key_type" => OPENSSL_KEYTYPE_EC,
-+ "config" => $config,
- );
-
- $keyFailed = openssl_pkey_new($argsFailed);
-diff --git a/ext/openssl/tests/openssl_error_string_basic_openssl3.phpt b/ext/openssl/tests/openssl_error_string_basic_openssl3.phpt
-index b119346fe1..d435a53e30 100644
---- a/ext/openssl/tests/openssl_error_string_basic_openssl3.phpt
-+++ b/ext/openssl/tests/openssl_error_string_basic_openssl3.phpt
-@@ -100,18 +100,19 @@ echo "\n";
- $err_pem_no_start_line = '0480006C';
-
- // PKEY
-+$options = ['config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf'];
- echo "PKEY errors\n";
- // file for pkey (file:///) fails when opennig (BIO_new_file)
--@openssl_pkey_export_to_file("file://" . $invalid_file_for_read, $output_file);
-+@openssl_pkey_export_to_file("file://" . $invalid_file_for_read, $output_file, null, $options);
- expect_openssl_errors('openssl_pkey_export_to_file opening', ['10000080']);
- // file or private pkey is not correct PEM - failing PEM_read_bio_PrivateKey
--@openssl_pkey_export_to_file($csr_file, $output_file);
-+@openssl_pkey_export_to_file($csr_file, $output_file, null, $options);
- expect_openssl_errors('openssl_pkey_export_to_file pem', ['1E08010C']);
- // file to export cannot be written
--@openssl_pkey_export_to_file($private_key_file, $invalid_file_for_write);
-+@openssl_pkey_export_to_file($private_key_file, $invalid_file_for_write, null, $options);
- expect_openssl_errors('openssl_pkey_export_to_file write', ['10080002']);
- // successful export
--@openssl_pkey_export($private_key_file_with_pass, $out, 'wrong pwd');
-+@openssl_pkey_export($private_key_file_with_pass, $out, 'wrong pwd', $options);
- expect_openssl_errors('openssl_pkey_export', ['1C800064', '04800065']);
- // invalid x509 for getting public key
- @openssl_pkey_get_public($private_key_file);
---
-2.31.1
-
diff --git a/php-8.0.10-phar-sha.patch b/php-8.0.10-phar-sha.patch
deleted file mode 100644
index 7d6fa2c..0000000
--- a/php-8.0.10-phar-sha.patch
+++ /dev/null
@@ -1,515 +0,0 @@
-Backported for 8.0 from
-
-
-From 8bb0c74e24359a11216824117ac3adf3d5ef7b71 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Thu, 5 Aug 2021 11:10:15 +0200
-Subject: [PATCH] switch phar to use sha256 signature by default
-
----
- ext/phar/phar/pharcommand.inc | 2 +-
- ext/phar/tests/create_new_and_modify.phpt | 4 ++--
- ext/phar/tests/create_new_phar_c.phpt | 4 ++--
- ext/phar/tests/phar_setsignaturealgo2.phpt | 2 +-
- ext/phar/tests/tar/phar_setsignaturealgo2.phpt | 2 +-
- ext/phar/tests/zip/phar_setsignaturealgo2.phpt | 2 +-
- ext/phar/util.c | 6 +++---
- ext/phar/zip.c | 2 +-
- 8 files changed, 12 insertions(+), 12 deletions(-)
-
-diff --git a/ext/phar/phar/pharcommand.inc b/ext/phar/phar/pharcommand.inc
-index a31290eee75fe..5f698b4bec26b 100644
---- a/ext/phar/phar/pharcommand.inc
-+++ b/ext/phar/phar/pharcommand.inc
-@@ -92,7 +92,7 @@ class PharCommand extends CLICommand
- 'typ' => 'select',
- 'val' => NULL,
- 'inf' => '<method> Selects the hash algorithm.',
-- 'select' => array('md5' => 'MD5','sha1' => 'SHA1')
-+ 'select' => array('md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL')
- ),
- 'i' => array(
- 'typ' => 'regex',
-diff --git a/ext/phar/tests/create_new_and_modify.phpt b/ext/phar/tests/create_new_and_modify.phpt
-index 02e36c6cea2fe..32defcae8a639 100644
---- a/ext/phar/tests/create_new_and_modify.phpt
-+++ b/ext/phar/tests/create_new_and_modify.phpt
-@@ -49,8 +49,8 @@ include $pname . '/b.php';
- <?php unlink(__DIR__ . '/' . basename(__FILE__, '.clean.php') . '.phar.php'); ?>
- --EXPECTF--
- brand new!
--string(40) "%s"
--string(40) "%s"
-+string(%d) "%s"
-+string(%d) "%s"
- bool(true)
- modified!
- another!
-diff --git a/ext/phar/tests/create_new_phar_c.phpt b/ext/phar/tests/create_new_phar_c.phpt
-index 566d3c4d5f8ad..bf6d740fd1d10 100644
---- a/ext/phar/tests/create_new_phar_c.phpt
-+++ b/ext/phar/tests/create_new_phar_c.phpt
-@@ -20,7 +20,7 @@ var_dump($phar->getSignature());
- --EXPECTF--
- array(2) {
- ["hash"]=>
-- string(40) "%s"
-+ string(64) "%s"
- ["hash_type"]=>
-- string(5) "SHA-1"
-+ string(7) "SHA-256"
- }
-diff --git a/ext/phar/tests/phar_setsignaturealgo2.phpt b/ext/phar/tests/phar_setsignaturealgo2.phpt
-index 293d3196713d8..4f31836fbbbcc 100644
---- a/ext/phar/tests/phar_setsignaturealgo2.phpt
-+++ b/ext/phar/tests/phar_setsignaturealgo2.phpt
-@@ -52,7 +52,7 @@ array(2) {
- ["hash"]=>
- string(%d) "%s"
- ["hash_type"]=>
-- string(5) "SHA-1"
-+ string(7) "SHA-256"
- }
- array(2) {
- ["hash"]=>
-diff --git a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
-index 9923ac5c88476..cc10a241d739b 100644
---- a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
-+++ b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
-@@ -51,7 +51,7 @@ array(2) {
- ["hash"]=>
- string(%d) "%s"
- ["hash_type"]=>
-- string(5) "SHA-1"
-+ string(7) "SHA-256"
- }
- array(2) {
- ["hash"]=>
-diff --git a/ext/phar/tests/zip/phar_setsignaturealgo2.phpt b/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
-index 8de77479d7825..60fec578ee894 100644
---- a/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
-+++ b/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
-@@ -78,7 +78,7 @@ array(2) {
- ["hash"]=>
- string(%d) "%s"
- ["hash_type"]=>
-- string(5) "SHA-1"
-+ string(7) "SHA-256"
- }
- array(2) {
- ["hash"]=>
-diff --git a/ext/phar/util.c b/ext/phar/util.c
-index 314acfe81a788..8d2db03b69601 100644
---- a/ext/phar/util.c
-+++ b/ext/phar/util.c
-@@ -1798,6 +1798,8 @@ int phar_create_signature(phar_archive_d
- *signature_length = 64;
- break;
- }
-+ default:
-+ phar->sig_flags = PHAR_SIG_SHA256;
- case PHAR_SIG_SHA256: {
- unsigned char digest[32];
- PHP_SHA256_CTX context;
-@@ -1894,8 +1896,6 @@ int phar_create_signature(phar_archive_d
- *signature_length = siglen;
- }
- break;
-- default:
-- phar->sig_flags = PHAR_SIG_SHA1;
- case PHAR_SIG_SHA1: {
- unsigned char digest[20];
- PHP_SHA1_CTX context;
-diff --git a/ext/phar/zip.c b/ext/phar/zip.c
-index 31d4bd2998215..c5e38cabf7b87 100644
---- a/ext/phar/zip.c
-+++ b/ext/phar/zip.c
-@@ -1423,7 +1423,7 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, zend_long len, int
-
- memcpy(eocd.signature, "PK\5\6", 4);
- if (!phar->is_data && !phar->sig_flags) {
-- phar->sig_flags = PHAR_SIG_SHA1;
-+ phar->sig_flags = PHAR_SIG_SHA256;
- }
- if (phar->sig_flags) {
- PHAR_SET_16(eocd.counthere, zend_hash_num_elements(&phar->manifest) + 1);
-
-From c51af22fef988c1b2f92b7b9e3a9d745f7084815 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Thu, 5 Aug 2021 16:49:48 +0200
-Subject: [PATCH] implement openssl_256 and openssl_512 for phar singatures
-
----
- ext/openssl/openssl.c | 1 +
- ext/phar/phar.1.in | 10 +++-
- ext/phar/phar.c | 8 +++-
- ext/phar/phar/pharcommand.inc | 14 +++++-
- ext/phar/phar_internal.h | 2 +
- ext/phar/phar_object.c | 24 ++++++++--
- ext/phar/tests/files/openssl256.phar | Bin 0 -> 7129 bytes
- ext/phar/tests/files/openssl256.phar.pubkey | 6 +++
- ext/phar/tests/files/openssl512.phar | Bin 0 -> 7129 bytes
- ext/phar/tests/files/openssl512.phar.pubkey | 6 +++
- .../phar_get_supported_signatures_002a.phpt | 6 ++-
- .../tests/tar/phar_setsignaturealgo2.phpt | 16 +++++++
- ext/phar/tests/test_signaturealgos.phpt | 8 ++++
- ext/phar/util.c | 45 ++++++++++++++----
- 14 files changed, 128 insertions(+), 18 deletions(-)
- create mode 100644 ext/phar/tests/files/openssl256.phar
- create mode 100644 ext/phar/tests/files/openssl256.phar.pubkey
- create mode 100644 ext/phar/tests/files/openssl512.phar
- create mode 100644 ext/phar/tests/files/openssl512.phar.pubkey
-
-diff --git a/ext/phar/phar.1.in b/ext/phar/phar.1.in
-index 77912b241dfd5..323e77b0e2a3b 100644
---- a/ext/phar/phar.1.in
-+++ b/ext/phar/phar.1.in
-@@ -475,7 +475,15 @@ SHA512
- .TP
- .PD
- .B openssl
--OpenSSL
-+OpenSSL using SHA-1
-+.TP
-+.PD
-+.B openssl_sha256
-+OpenSSL using SHA-256
-+.TP
-+.PD
-+.B openssl_sha512
-+OpenSSL using SHA-512
-
- .SH SEE ALSO
- For a more or less complete description of PHAR look here:
-diff --git a/ext/phar/phar.c b/ext/phar/phar.c
-index 77f21cef9da53..bc08e4edde05d 100644
---- a/ext/phar/phar.c
-+++ b/ext/phar/phar.c
-@@ -869,6 +869,8 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, size_t fname_len, ch
- PHAR_GET_32(sig_ptr, sig_flags);
-
- switch(sig_flags) {
-+ case PHAR_SIG_OPENSSL_SHA512:
-+ case PHAR_SIG_OPENSSL_SHA256:
- case PHAR_SIG_OPENSSL: {
- uint32_t signature_len;
- char *sig;
-@@ -903,7 +905,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, size_t fname_len, ch
- return FAILURE;
- }
-
-- if (FAILURE == phar_verify_signature(fp, end_of_phar, PHAR_SIG_OPENSSL, sig, signature_len, fname, &signature, &sig_len, error)) {
-+ if (FAILURE == phar_verify_signature(fp, end_of_phar, sig_flags, sig, signature_len, fname, &signature, &sig_len, error)) {
- efree(savebuf);
- efree(sig);
- php_stream_close(fp);
-@@ -3162,7 +3164,9 @@ int phar_flush(phar_archive_data *phar, char *user_stub, zend_long len, int conv
-
- php_stream_write(newfile, digest, digest_len);
- efree(digest);
-- if (phar->sig_flags == PHAR_SIG_OPENSSL) {
-+ if (phar->sig_flags == PHAR_SIG_OPENSSL ||
-+ phar->sig_flags == PHAR_SIG_OPENSSL_SHA256 ||
-+ phar->sig_flags == PHAR_SIG_OPENSSL_SHA512) {
- phar_set_32(sig_buf, digest_len);
- php_stream_write(newfile, sig_buf, 4);
- }
-diff --git a/ext/phar/phar/pharcommand.inc b/ext/phar/phar/pharcommand.inc
-index 5f698b4bec26b..1b1eeca59c560 100644
---- a/ext/phar/phar/pharcommand.inc
-+++ b/ext/phar/phar/pharcommand.inc
-@@ -92,7 +92,7 @@ class PharCommand extends CLICommand
- 'typ' => 'select',
- 'val' => NULL,
- 'inf' => '<method> Selects the hash algorithm.',
-- 'select' => array('md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL')
-+ 'select' => ['md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL', 'openssl_sha256' => 'OPENSSL_SHA256', 'openssl_sha512' => 'OPENSSL_SHA512']
- ),
- 'i' => array(
- 'typ' => 'regex',
-@@ -156,6 +156,8 @@ class PharCommand extends CLICommand
- $hash_avail = Phar::getSupportedSignatures();
- $hash_optional = array('SHA-256' => 'SHA256',
- 'SHA-512' => 'SHA512',
-+ 'OpenSSL_sha256' => 'OpenSSL_SHA256',
-+ 'OpenSSL_sha512' => 'OpenSSL_SHA512',
- 'OpenSSL' => 'OpenSSL');
- if (!in_array('OpenSSL', $hash_avail)) {
- unset($phar_args['y']);
-@@ -429,6 +431,16 @@ class PharCommand extends CLICommand
- self::error("Cannot use OpenSSL signing without key.\n");
- }
- return Phar::OPENSSL;
-+ case 'openssl_sha256':
-+ if (!$privkey) {
-+ self::error("Cannot use OpenSSL signing without key.\n");
-+ }
-+ return Phar::OPENSSL_SHA256;
-+ case 'openssl_sha512':
-+ if (!$privkey) {
-+ self::error("Cannot use OpenSSL signing without key.\n");
-+ }
-+ return Phar::OPENSSL_SHA512;
- }
- }
- // }}}
-diff --git a/ext/phar/phar_internal.h b/ext/phar/phar_internal.h
-index a9f81e2ab994a..30b408a8c4462 100644
---- a/ext/phar/phar_internal.h
-+++ b/ext/phar/phar_internal.h
-@@ -88,6 +88,8 @@
- #define PHAR_SIG_SHA256 0x0003
- #define PHAR_SIG_SHA512 0x0004
- #define PHAR_SIG_OPENSSL 0x0010
-+#define PHAR_SIG_OPENSSL_SHA256 0x0011
-+#define PHAR_SIG_OPENSSL_SHA512 0x0012
-
- /* flags byte for each file adheres to these bitmasks.
- All unused values are reserved */
-diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
-index 9c1e5f2fa1eef..c05970e657f18 100644
---- a/ext/phar/phar_object.c
-+++ b/ext/phar/phar_object.c
-@@ -1246,9 +1246,13 @@ PHP_METHOD(Phar, getSupportedSignatures)
- add_next_index_stringl(return_value, "SHA-512", 7);
- #ifdef PHAR_HAVE_OPENSSL
- add_next_index_stringl(return_value, "OpenSSL", 7);
-+ add_next_index_stringl(return_value, "OpenSSL_SHA256", 14);
-+ add_next_index_stringl(return_value, "OpenSSL_SHA512", 14);
- #else
- if (zend_hash_str_exists(&module_registry, "openssl", sizeof("openssl")-1)) {
- add_next_index_stringl(return_value, "OpenSSL", 7);
-+ add_next_index_stringl(return_value, "OpenSSL_SHA256", 14);
-+ add_next_index_stringl(return_value, "OpenSSL_SHA512", 14);
- }
- #endif
- }
-@@ -3028,6 +3032,8 @@ PHP_METHOD(Phar, setSignatureAlgorithm)
- case PHAR_SIG_MD5:
- case PHAR_SIG_SHA1:
- case PHAR_SIG_OPENSSL:
-+ case PHAR_SIG_OPENSSL_SHA256:
-+ case PHAR_SIG_OPENSSL_SHA512:
- if (phar_obj->archive->is_persistent && FAILURE == phar_copy_on_write(&(phar_obj->archive))) {
- zend_throw_exception_ex(phar_ce_PharException, 0, "phar \"%s\" is persistent, unable to copy on write", phar_obj->archive->fname);
- RETURN_THROWS();
-@@ -3066,19 +3072,25 @@ PHP_METHOD(Phar, getSignature)
- add_assoc_stringl(return_value, "hash", phar_obj->archive->signature, phar_obj->archive->sig_len);
- switch(phar_obj->archive->sig_flags) {
- case PHAR_SIG_MD5:
-- add_assoc_stringl(return_value, "hash_type", "MD5", 3);
-+ add_assoc_string(return_value, "hash_type", "MD5");
- break;
- case PHAR_SIG_SHA1:
-- add_assoc_stringl(return_value, "hash_type", "SHA-1", 5);
-+ add_assoc_string(return_value, "hash_type", "SHA-1");
- break;
- case PHAR_SIG_SHA256:
-- add_assoc_stringl(return_value, "hash_type", "SHA-256", 7);
-+ add_assoc_string(return_value, "hash_type", "SHA-256");
- break;
- case PHAR_SIG_SHA512:
-- add_assoc_stringl(return_value, "hash_type", "SHA-512", 7);
-+ add_assoc_string(return_value, "hash_type", "SHA-512");
- break;
- case PHAR_SIG_OPENSSL:
-- add_assoc_stringl(return_value, "hash_type", "OpenSSL", 7);
-+ add_assoc_string(return_value, "hash_type", "OpenSSL");
-+ break;
-+ case PHAR_SIG_OPENSSL_SHA256:
-+ add_assoc_string(return_value, "hash_type", "OpenSSL_SHA256");
-+ break;
-+ case PHAR_SIG_OPENSSL_SHA512:
-+ add_assoc_string(return_value, "hash_type", "OpenSSL_SHA512");
- break;
- default:
- unknown = strpprintf(0, "Unknown (%u)", phar_obj->archive->sig_flags);
-@@ -5103,6 +5115,8 @@ void phar_object_init(void) /* {{{ */
- REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "PHPS", PHAR_MIME_PHPS)
- REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "MD5", PHAR_SIG_MD5)
- REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL", PHAR_SIG_OPENSSL)
-+ REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL_SHA256", PHAR_SIG_OPENSSL_SHA256)
-+ REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL_SHA512", PHAR_SIG_OPENSSL_SHA512)
- REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA1", PHAR_SIG_SHA1)
- REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA256", PHAR_SIG_SHA256)
- REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA512", PHAR_SIG_SHA512)
-diff --git a/ext/phar/tests/phar_get_supported_signatures_002a.phpt b/ext/phar/tests/phar_get_supported_signatures_002a.phpt
-index 06d811f2c35c2..639143b3d2c90 100644
---- a/ext/phar/tests/phar_get_supported_signatures_002a.phpt
-+++ b/ext/phar/tests/phar_get_supported_signatures_002a.phpt
-@@ -14,7 +14,7 @@ phar.readonly=0
- var_dump(Phar::getSupportedSignatures());
- ?>
- --EXPECT--
--array(5) {
-+array(7) {
- [0]=>
- string(3) "MD5"
- [1]=>
-@@ -25,4 +25,8 @@ array(5) {
- string(7) "SHA-512"
- [4]=>
- string(7) "OpenSSL"
-+ [5]=>
-+ string(14) "OpenSSL_SHA256"
-+ [6]=>
-+ string(14) "OpenSSL_SHA512"
- }
-diff --git a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
-index cc10a241d739b..c2eb5d77a5bf0 100644
---- a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
-+++ b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
-@@ -38,6 +38,10 @@ $pkey = '';
- openssl_pkey_export($private, $pkey, NULL, $config_arg);
- $p->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
- var_dump($p->getSignature());
-+$p->setSignatureAlgorithm(Phar::OPENSSL_SHA512, $pkey);
-+var_dump($p->getSignature());
-+$p->setSignatureAlgorithm(Phar::OPENSSL_SHA256, $pkey);
-+var_dump($p->getSignature());
- } catch (Exception $e) {
- echo $e->getMessage();
- }
-@@ -83,3 +87,15 @@ array(2) {
- ["hash_type"]=>
- string(7) "OpenSSL"
- }
-+array(2) {
-+ ["hash"]=>
-+ string(%d) "%s"
-+ ["hash_type"]=>
-+ string(14) "OpenSSL_SHA512"
-+}
-+array(2) {
-+ ["hash"]=>
-+ string(%d) "%s"
-+ ["hash_type"]=>
-+ string(14) "OpenSSL_SHA256"
-+}
-diff --git a/ext/phar/util.c b/ext/phar/util.c
-index 8d2db03b69601..515830bf2c70a 100644
---- a/ext/phar/util.c
-+++ b/ext/phar/util.c
-@@ -34,7 +34,7 @@
- #include <openssl/ssl.h>
- #include <openssl/pkcs12.h>
- #else
--static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len);
-+static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len, php_uint32 sig_type);
- #endif
-
- /* for links to relative location, prepend cwd of the entry */
-@@ -1381,11 +1381,11 @@ static int phar_hex_str(const char *digest, size_t digest_len, char **signature)
- /* }}} */
-
- #ifndef PHAR_HAVE_OPENSSL
--static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len) /* {{{ */
-+static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len, php_uint32 sig_type) /* {{{ */
- {
- zend_fcall_info fci;
- zend_fcall_info_cache fcc;
-- zval retval, zp[3], openssl;
-+ zval retval, zp[4], openssl;
- zend_string *str;
-
- ZVAL_STRINGL(&openssl, is_sign ? "openssl_sign" : "openssl_verify", is_sign ? sizeof("openssl_sign")-1 : sizeof("openssl_verify")-1);
-@@ -1402,6 +1402,14 @@ static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t
- } else {
- ZVAL_EMPTY_STRING(&zp[0]);
- }
-+ if (sig_type == PHAR_SIG_OPENSSL_SHA512) {
-+ ZVAL_LONG(&zp[3], 9); /* value from openssl.c #define OPENSSL_ALGO_SHA512 9 */
-+ } else if (sig_type == PHAR_SIG_OPENSSL_SHA256) {
-+ ZVAL_LONG(&zp[3], 7); /* value from openssl.c #define OPENSSL_ALGO_SHA256 7 */
-+ } else {
-+ /* don't rely on default value which may change in the future */
-+ ZVAL_LONG(&zp[3], 1); /* value from openssl.c #define OPENSSL_ALGO_SHA1 1 */
-+ }
-
- if ((size_t)end != Z_STRLEN(zp[0])) {
- zval_ptr_dtor_str(&zp[0]);
-@@ -1419,7 +1427,7 @@ static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t
- return FAILURE;
- }
-
-- fci.param_count = 3;
-+ fci.param_count = 4;
- fci.params = zp;
- Z_ADDREF(zp[0]);
- if (is_sign) {
-@@ -1482,12 +1490,22 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
- php_stream_rewind(fp);
-
- switch (sig_type) {
-+ case PHAR_SIG_OPENSSL_SHA512:
-+ case PHAR_SIG_OPENSSL_SHA256:
- case PHAR_SIG_OPENSSL: {
- #ifdef PHAR_HAVE_OPENSSL
- BIO *in;
- EVP_PKEY *key;
-- EVP_MD *mdtype = (EVP_MD *) EVP_sha1();
-+ const EVP_MD *mdtype;
- EVP_MD_CTX *md_ctx;
-+
-+ if (sig_type == PHAR_SIG_OPENSSL_SHA512) {
-+ mdtype = EVP_sha512();
-+ } else if (sig_type == PHAR_SIG_OPENSSL_SHA256) {
-+ mdtype = EVP_sha256();
-+ } else {
-+ mdtype = EVP_sha1();
-+ }
- #else
- size_t tempsig;
- #endif
-@@ -1521,7 +1539,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
- #ifndef PHAR_HAVE_OPENSSL
- tempsig = sig_len;
-
-- if (FAILURE == phar_call_openssl_signverify(0, fp, end_of_phar, pubkey ? ZSTR_VAL(pubkey) : NULL, pubkey ? ZSTR_LEN(pubkey) : 0, &sig, &tempsig)) {
-+ if (FAILURE == phar_call_openssl_signverify(0, fp, end_of_phar, pubkey ? ZSTR_VAL(pubkey) : NULL, pubkey ? ZSTR_LEN(pubkey) : 0, &sig, &tempsig, sig_type)) {
- if (pubkey) {
- zend_string_release_ex(pubkey, 0);
- }
-@@ -1815,6 +1833,8 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
- *signature_length = 32;
- break;
- }
-+ case PHAR_SIG_OPENSSL_SHA512:
-+ case PHAR_SIG_OPENSSL_SHA256:
- case PHAR_SIG_OPENSSL: {
- unsigned char *sigbuf;
- #ifdef PHAR_HAVE_OPENSSL
-@@ -1822,6 +1842,15 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
- BIO *in;
- EVP_PKEY *key;
- EVP_MD_CTX *md_ctx;
-+ const EVP_MD *mdtype;
-+
-+ if (phar->sig_flags == PHAR_SIG_OPENSSL_SHA512) {
-+ mdtype = EVP_sha512();
-+ } else if (phar->sig_flags == PHAR_SIG_OPENSSL_SHA256) {
-+ mdtype = EVP_sha256();
-+ } else {
-+ mdtype = EVP_sha1();
-+ }
-
- in = BIO_new_mem_buf(PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len));
-
-@@ -1847,7 +1876,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
- siglen = EVP_PKEY_size(key);
- sigbuf = emalloc(siglen + 1);
-
-- if (!EVP_SignInit(md_ctx, EVP_sha1())) {
-+ if (!EVP_SignInit(md_ctx, mdtype)) {
- EVP_PKEY_free(key);
- efree(sigbuf);
- if (error) {
-@@ -1885,7 +1914,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
- siglen = 0;
- php_stream_seek(fp, 0, SEEK_END);
-
-- if (FAILURE == phar_call_openssl_signverify(1, fp, php_stream_tell(fp), PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len), (char **)&sigbuf, &siglen)) {
-+ if (FAILURE == phar_call_openssl_signverify(1, fp, php_stream_tell(fp), PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len), (char **)&sigbuf, &siglen, phar->sig_flags)) {
- if (error) {
- spprintf(error, 0, "unable to write phar \"%s\" with requested openssl signature", phar->fname);
- }
diff --git a/php-8.0.10-snmp-sha.patch b/php-8.0.10-snmp-sha.patch
deleted file mode 100644
index 3ef67ea..0000000
--- a/php-8.0.10-snmp-sha.patch
+++ /dev/null
@@ -1,143 +0,0 @@
-Backported for 8.0 from
-
-
-From 718e91343fddb8817a004f96f111c424843bf746 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@php.net>
-Date: Wed, 11 Aug 2021 13:02:18 +0200
-Subject: [PATCH] add SHA256 and SHA512 for security protocol
-
----
- ext/snmp/config.m4 | 18 +++++++++-
- ext/snmp/snmp.c | 33 ++++++++++++++++++-
- .../tests/snmp-object-setSecurity_error.phpt | 2 +-
- ext/snmp/tests/snmp3-error.phpt | 2 +-
- 4 files changed, 51 insertions(+), 4 deletions(-)
-
-diff --git a/ext/snmp/config.m4 b/ext/snmp/config.m4
-index 1475ddfe2b7f0..f285a572de9cb 100644
---- a/ext/snmp/config.m4
-+++ b/ext/snmp/config.m4
-@@ -30,7 +30,7 @@ if test "$PHP_SNMP" != "no"; then
- AC_MSG_ERROR([Could not find the required paths. Please check your net-snmp installation.])
- fi
- else
-- AC_MSG_ERROR([Net-SNMP version 5.3 or greater reqired (detected $snmp_full_version).])
-+ AC_MSG_ERROR([Net-SNMP version 5.3 or greater required (detected $snmp_full_version).])
- fi
- else
- AC_MSG_ERROR([Could not find net-snmp-config binary. Please check your net-snmp installation.])
-@@ -54,6 +54,22 @@ if test "$PHP_SNMP" != "no"; then
- $SNMP_SHARED_LIBADD
- ])
-
-+ dnl Check whether usmHMAC192SHA256AuthProtocol exists.
-+ PHP_CHECK_LIBRARY($SNMP_LIBNAME, usmHMAC192SHA256AuthProtocol,
-+ [
-+ AC_DEFINE(HAVE_SNMP_SHA256, 1, [ ])
-+ ], [], [
-+ $SNMP_SHARED_LIBADD
-+ ])
-+
-+ dnl Check whether usmHMAC384SHA512AuthProtocol exists.
-+ PHP_CHECK_LIBRARY($SNMP_LIBNAME, usmHMAC384SHA512AuthProtocol,
-+ [
-+ AC_DEFINE(HAVE_SNMP_SHA512, 1, [ ])
-+ ], [], [
-+ $SNMP_SHARED_LIBADD
-+ ])
-+
- PHP_NEW_EXTENSION(snmp, snmp.c, $ext_shared)
- PHP_SUBST(SNMP_SHARED_LIBADD)
- fi
-diff --git a/ext/snmp/snmp.c b/ext/snmp/snmp.c
-index 69d6549405b17..f0917501751f5 100644
---- a/ext/snmp/snmp.c
-+++ b/ext/snmp/snmp.c
-@@ -29,6 +29,7 @@
- #include "php_snmp.h"
-
- #include "zend_exceptions.h"
-+#include "zend_smart_string.h"
- #include "ext/spl/spl_exceptions.h"
- #include "snmp_arginfo.h"
-
-@@ -938,16 +939,48 @@ static int netsnmp_session_set_auth_prot
- if (!strcasecmp(prot, "MD5")) {
- s->securityAuthProto = usmHMACMD5AuthProtocol;
- s->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN;
-- } else
-+ return true;
-+ }
- #endif
-+
- if (!strcasecmp(prot, "SHA")) {
- s->securityAuthProto = usmHMACSHA1AuthProtocol;
- s->securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN;
-- } else {
-- zend_value_error("Authentication protocol must be either \"MD5\" or \"SHA\"");
-- return (-1);
-+ return true;
- }
-- return (0);
-+
-+#ifdef HAVE_SNMP_SHA256
-+ if (!strcasecmp(prot, "SHA256")) {
-+ s->securityAuthProto = usmHMAC192SHA256AuthProtocol;
-+ s->securityAuthProtoLen = sizeof(usmHMAC192SHA256AuthProtocol) / sizeof(oid);
-+ return true;
-+ }
-+#endif
-+
-+#ifdef HAVE_SNMP_SHA512
-+ if (!strcasecmp(prot, "SHA512")) {
-+ s->securityAuthProto = usmHMAC384SHA512AuthProtocol;
-+ s->securityAuthProtoLen = sizeof(usmHMAC384SHA512AuthProtocol) / sizeof(oid);
-+ return true;
-+ }
-+#endif
-+
-+ smart_string err = {0};
-+
-+ smart_string_appends(&err, "Authentication protocol must be \"SHA\"");
-+#ifdef HAVE_SNMP_SHA256
-+ smart_string_appends(&err, " or \"SHA256\"");
-+#endif
-+#ifdef HAVE_SNMP_SHA512
-+ smart_string_appends(&err, " or \"SHA512\"");
-+#endif
-+#ifndef DISABLE_MD5
-+ smart_string_appends(&err, " or \"MD5\"");
-+#endif
-+ smart_string_0(&err);
-+ zend_value_error("%s", err.c);
-+ smart_string_free(&err);
-+ return false;
- }
- /* }}} */
-
-diff --git a/ext/snmp/tests/snmp-object-setSecurity_error.phpt b/ext/snmp/tests/snmp-object-setSecurity_error.phpt
-index f8de846492a75..cf4f928837773 100644
---- a/ext/snmp/tests/snmp-object-setSecurity_error.phpt
-+++ b/ext/snmp/tests/snmp-object-setSecurity_error.phpt
-@@ -59,7 +59,7 @@ var_dump($session->close());
- --EXPECTF--
- Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
- Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
--Authentication protocol must be either "MD5" or "SHA"
-+Authentication protocol must be %s
-
- Warning: SNMP::setSecurity(): Error generating a key for authentication pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d
- bool(false)
-diff --git a/ext/snmp/tests/snmp3-error.phpt b/ext/snmp/tests/snmp3-error.phpt
-index 849e363b45058..389800dad6b28 100644
---- a/ext/snmp/tests/snmp3-error.phpt
-+++ b/ext/snmp/tests/snmp3-error.phpt
-@@ -58,7 +58,7 @@ try {
- Checking error handling
- Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
- Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
--Authentication protocol must be either "MD5" or "SHA"
-+Authentication protocol must be %s
-
- Warning: snmp3_get(): Error generating a key for authentication pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d
- bool(false)
diff --git a/php-8.0.13-crypt.patch b/php-8.0.13-crypt.patch
deleted file mode 100644
index 31a8c8a..0000000
--- a/php-8.0.13-crypt.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From fc4e31467c352032ee709ac55d3c67bc22abcd8d Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Fri, 15 Oct 2021 17:11:12 +0200
-Subject: [PATCH] add --with-external-libcrypt build option display an error
- message if some algo not available in external libcrypt
-
----
- ext/standard/config.m4 | 21 ++++++++++++++++-----
- 1 file changed, 16 insertions(+), 5 deletions(-)
-
-diff --git a/ext/standard/config.m4 b/ext/standard/config.m4
-index 58b9c5e658a4..3ec18be4d7df 100644
---- a/ext/standard/config.m4
-+++ b/ext/standard/config.m4
-@@ -267,14 +267,25 @@ int main() {
- ])])
-
-
-+PHP_ARG_WITH([external-libcrypt],
-+ [for external libcrypt or libxcrypt],
-+ [AS_HELP_STRING([--with-external-libcrypt],
-+ [Use external libcrypt or libxcrypt])],
-+ [no],
-+ [no])
-+
- dnl
- dnl If one of them is missing, use our own implementation, portable code is then possible
- dnl
--dnl TODO This is currently always enabled
--if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_sha512" = "no" || test "$ac_cv_crypt_sha256" = "no" || test "$ac_cv_func_crypt_r" != "yes" || true; then
-- AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5])
--
-- PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c)
-+dnl This is currently enabled by default
-+if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_sha512" = "no" || test "$ac_cv_crypt_sha256" = "no" || test "$ac_cv_func_crypt_r" != "yes" || test "$PHP_EXTERNAL_LIBCRYPT" = "no"; then
-+ if test "$PHP_EXTERNAL_LIBCRYPT" = "no"; then
-+ AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5])
-+
-+ PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c)
-+ else
-+ AC_MSG_ERROR([Cannot use external libcrypt as some algo are missing])
-+ fi
- else
- AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 0, [Whether PHP has to use its own crypt_r for blowfish, des and ext des])
- fi
diff --git a/php-8.0.6-deprecated.patch b/php-8.0.6-deprecated.patch
deleted file mode 100644
index 1e6b93b..0000000
--- a/php-8.0.6-deprecated.patch
+++ /dev/null
@@ -1,400 +0,0 @@
-From 4dc8b3c0efaae25b08c8f59b068f17c97c59d0ae Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Wed, 5 May 2021 15:41:00 +0200
-Subject: [PATCH] get rid of inet_aton and inet_ntoa use inet_ntop iand
- inet_pton where available standardize buffer size
-
----
- ext/sockets/sockaddr_conv.c | 4 ++++
- ext/sockets/sockets.c | 48 +++++++++++++++++++++++++------------
- ext/standard/dns.c | 16 ++++++++++++-
- main/network.c | 20 ++++++++++++++--
- 4 files changed, 70 insertions(+), 18 deletions(-)
-
-diff --git a/ext/sockets/sockaddr_conv.c b/ext/sockets/sockaddr_conv.c
-index 57996612d2d7e..65c8418fb3a6f 100644
---- a/ext/sockets/sockaddr_conv.c
-+++ b/ext/sockets/sockaddr_conv.c
-@@ -87,7 +87,11 @@ int php_set_inet_addr(struct sockaddr_in *sin, char *string, php_socket *php_soc
- struct in_addr tmp;
- struct hostent *host_entry;
-
-+#ifdef HAVE_INET_PTON
-+ if (inet_pton(AF_INET, string, &tmp)) {
-+#else
- if (inet_aton(string, &tmp)) {
-+#endif
- sin->sin_addr.s_addr = tmp.s_addr;
- } else {
- if (strlen(string) > MAXFQDNLEN || ! (host_entry = php_network_gethostbyname(string))) {
-diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c
-index 16ad3e8013a4c..85c938d1b97b1 100644
---- a/ext/sockets/sockets.c
-+++ b/ext/sockets/sockets.c
-@@ -220,8 +220,10 @@ zend_module_entry sockets_module_entry = {
- ZEND_GET_MODULE(sockets)
- #endif
-
-+#ifndef HAVE_INET_NTOP
- /* inet_ntop should be used instead of inet_ntoa */
- int inet_ntoa_lock = 0;
-+#endif
-
- static int php_open_listen_sock(php_socket *sock, int port, int backlog) /* {{{ */
- {
-@@ -1082,10 +1084,12 @@ PHP_FUNCTION(socket_getsockname)
- struct sockaddr_in *sin;
- #if HAVE_IPV6
- struct sockaddr_in6 *sin6;
-- char addr6[INET6_ADDRSTRLEN+1];
-+#endif
-+#ifdef HAVE_INET_NTOP
-+ char addrbuf[INET6_ADDRSTRLEN];
- #endif
- struct sockaddr_un *s_un;
-- char *addr_string;
-+ const char *addr_string;
- socklen_t salen = sizeof(php_sockaddr_storage);
-
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "Oz|z", &arg1, socket_ce, &addr, &port) == FAILURE) {
-@@ -1106,8 +1110,8 @@ PHP_FUNCTION(socket_getsockname)
- #if HAVE_IPV6
- case AF_INET6:
- sin6 = (struct sockaddr_in6 *) sa;
-- inet_ntop(AF_INET6, &sin6->sin6_addr, addr6, INET6_ADDRSTRLEN);
-- ZEND_TRY_ASSIGN_REF_STRING(addr, addr6);
-+ inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf));
-+ ZEND_TRY_ASSIGN_REF_STRING(addr, addrbuf);
-
- if (port != NULL) {
- ZEND_TRY_ASSIGN_REF_LONG(port, htons(sin6->sin6_port));
-@@ -1117,11 +1121,14 @@ PHP_FUNCTION(socket_getsockname)
- #endif
- case AF_INET:
- sin = (struct sockaddr_in *) sa;
-+#ifdef HAVE_INET_NTOP
-+ addr_string = inet_ntop(AF_INET, &sin->sin_addr, addrbuf, sizeof(addrbuf));
-+#else
- while (inet_ntoa_lock == 1);
- inet_ntoa_lock = 1;
- addr_string = inet_ntoa(sin->sin_addr);
- inet_ntoa_lock = 0;
--
-+#endif
- ZEND_TRY_ASSIGN_REF_STRING(addr, addr_string);
-
- if (port != NULL) {
-@@ -1154,10 +1161,12 @@ PHP_FUNCTION(socket_getpeername)
- struct sockaddr_in *sin;
- #if HAVE_IPV6
- struct sockaddr_in6 *sin6;
-- char addr6[INET6_ADDRSTRLEN+1];
-+#endif
-+#ifdef HAVE_INET_NTOP
-+ char addrbuf[INET6_ADDRSTRLEN];
- #endif
- struct sockaddr_un *s_un;
-- char *addr_string;
-+ const char *addr_string;
- socklen_t salen = sizeof(php_sockaddr_storage);
-
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "Oz|z", &arg1, socket_ce, &arg2, &arg3) == FAILURE) {
-@@ -1178,9 +1187,9 @@ PHP_FUNCTION(socket_getpeername)
- #if HAVE_IPV6
- case AF_INET6:
- sin6 = (struct sockaddr_in6 *) sa;
-- inet_ntop(AF_INET6, &sin6->sin6_addr, addr6, INET6_ADDRSTRLEN);
-+ inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf));
-
-- ZEND_TRY_ASSIGN_REF_STRING(arg2, addr6);
-+ ZEND_TRY_ASSIGN_REF_STRING(arg2, addrbuf);
-
- if (arg3 != NULL) {
- ZEND_TRY_ASSIGN_REF_LONG(arg3, htons(sin6->sin6_port));
-@@ -1191,11 +1200,14 @@ PHP_FUNCTION(socket_getpeername)
- #endif
- case AF_INET:
- sin = (struct sockaddr_in *) sa;
-+#ifdef HAVE_INET_NTOP
-+ addr_string = inet_ntop(AF_INET, &sin->sin_addr, addrbuf, sizeof(addrbuf));
-+#else
- while (inet_ntoa_lock == 1);
- inet_ntoa_lock = 1;
- addr_string = inet_ntoa(sin->sin_addr);
- inet_ntoa_lock = 0;
--
-+#endif
- ZEND_TRY_ASSIGN_REF_STRING(arg2, addr_string);
-
- if (arg3 != NULL) {
-@@ -1527,12 +1539,14 @@ PHP_FUNCTION(socket_recvfrom)
- struct sockaddr_in sin;
- #if HAVE_IPV6
- struct sockaddr_in6 sin6;
-- char addr6[INET6_ADDRSTRLEN];
-+#endif
-+#ifdef HAVE_INET_NTOP
-+ char addrbuf[INET6_ADDRSTRLEN];
- #endif
- socklen_t slen;
- int retval;
- zend_long arg3, arg4;
-- char *address;
-+ const char *address;
- zend_string *recv_buf;
-
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "Ozllz|z", &arg1, socket_ce, &arg2, &arg3, &arg4, &arg5, &arg6) == FAILURE) {
-@@ -1590,7 +1604,11 @@ PHP_FUNCTION(socket_recvfrom)
- ZSTR_LEN(recv_buf) = retval;
- ZSTR_VAL(recv_buf)[ZSTR_LEN(recv_buf)] = '\0';
-
-+#ifdef HAVE_INET_NTOP
-+ address = inet_ntop(AF_INET, &sin.sin_addr, addrbuf, sizeof(addrbuf));
-+#else
- address = inet_ntoa(sin.sin_addr);
-+#endif
-
- ZEND_TRY_ASSIGN_REF_NEW_STR(arg2, recv_buf);
- ZEND_TRY_ASSIGN_REF_STRING(arg5, address ? address : "0.0.0.0");
-@@ -1617,11 +1635,11 @@ PHP_FUNCTION(socket_recvfrom)
- ZSTR_LEN(recv_buf) = retval;
- ZSTR_VAL(recv_buf)[ZSTR_LEN(recv_buf)] = '\0';
-
-- memset(addr6, 0, INET6_ADDRSTRLEN);
-- inet_ntop(AF_INET6, &sin6.sin6_addr, addr6, INET6_ADDRSTRLEN);
-+ memset(addrbuf, 0, INET6_ADDRSTRLEN);
-+ inet_ntop(AF_INET6, &sin6.sin6_addr, addrbuf, sizeof(addrbuf));
-
- ZEND_TRY_ASSIGN_REF_NEW_STR(arg2, recv_buf);
-- ZEND_TRY_ASSIGN_REF_STRING(arg5, addr6[0] ? addr6 : "::");
-+ ZEND_TRY_ASSIGN_REF_STRING(arg5, addrbuf[0] ? addrbuf : "::");
- ZEND_TRY_ASSIGN_REF_LONG(arg6, ntohs(sin6.sin6_port));
- break;
- #endif
-diff --git a/ext/standard/dns.c b/ext/standard/dns.c
-index 41b98424edb60..6efdbbe894b46 100644
---- a/ext/standard/dns.c
-+++ b/ext/standard/dns.c
-@@ -228,6 +228,9 @@ PHP_FUNCTION(gethostbynamel)
- struct hostent *hp;
- struct in_addr in;
- int i;
-+#ifdef HAVE_INET_NTOP
-+ char addr4[INET_ADDRSTRLEN];
-+#endif
-
- ZEND_PARSE_PARAMETERS_START(1, 1)
- Z_PARAM_PATH(hostname, hostname_len)
-@@ -255,7 +258,11 @@ PHP_FUNCTION(gethostbynamel)
- }
-
- in = *h_addr_entry;
-+#ifdef HAVE_INET_NTOP
-+ add_next_index_string(return_value, inet_ntop(AF_INET, &in, addr4, INET_ADDRSTRLEN));
-+#else
- add_next_index_string(return_value, inet_ntoa(in));
-+#endif
- }
- }
- /* }}} */
-@@ -266,7 +273,10 @@ static zend_string *php_gethostbyname(char *name)
- struct hostent *hp;
- struct in_addr *h_addr_0; /* Don't call this h_addr, it's a macro! */
- struct in_addr in;
-- char *address;
-+#ifdef HAVE_INET_NTOP
-+ char addr4[INET_ADDRSTRLEN];
-+#endif
-+ const char *address;
-
- hp = php_network_gethostbyname(name);
- if (!hp) {
-@@ -281,7 +291,11 @@ static zend_string *php_gethostbyname(char *name)
-
- memcpy(&in.s_addr, h_addr_0, sizeof(in.s_addr));
-
-+#ifdef HAVE_INET_NTOP
-+ address = inet_ntop(AF_INET, &in, addr4, INET_ADDRSTRLEN);
-+#else
- address = inet_ntoa(in);
-+#endif
- return zend_string_init(address, strlen(address), 0);
- }
- /* }}} */
-diff --git a/main/network.c b/main/network.c
-index 2c504952b2dd1..7f2f714ec42df 100644
---- a/main/network.c
-+++ b/main/network.c
-@@ -236,8 +236,12 @@ PHPAPI int php_network_getaddresses(const char *host, int socktype, struct socka
- } while ((sai = sai->ai_next) != NULL);
-
- freeaddrinfo(res);
-+#else
-+#ifdef HAVE_INET_PTON
-+ if (!inet_pton(AF_INET, host, &in)) {
- #else
- if (!inet_aton(host, &in)) {
-+#endif
- if(strlen(host) > MAXFQDNLEN) {
- host_info = NULL;
- errno = E2BIG;
-@@ -555,7 +559,11 @@ PHPAPI int php_network_parse_network_address_with_port(const char *addr, zend_lo
- goto out;
- }
- #endif
-+#ifdef HAVE_INET_PTON
-+ if (inet_pton(AF_INET, tmp, &in4->sin_addr) > 0) {
-+#else
- if (inet_aton(tmp, &in4->sin_addr) > 0) {
-+#endif
- in4->sin_port = htons(port);
- in4->sin_family = AF_INET;
- *sl = sizeof(struct sockaddr_in);
-@@ -617,15 +625,19 @@ PHPAPI void php_network_populate_name_from_sockaddr(
- }
-
- if (textaddr) {
--#if HAVE_IPV6 && HAVE_INET_NTOP
-+#ifdef HAVE_INET_NTOP
- char abuf[256];
- #endif
-- char *buf = NULL;
-+ const char *buf = NULL;
-
- switch (sa->sa_family) {
- case AF_INET:
- /* generally not thread safe, but it *is* thread safe under win32 */
-+#ifdef HAVE_INET_NTOP
-+ buf = inet_ntop(AF_INET, &((struct sockaddr_in*)sa)->sin_addr, (char *)&abuf, sizeof(abuf));
-+#else
- buf = inet_ntoa(((struct sockaddr_in*)sa)->sin_addr);
-+#endif
- if (buf) {
- *textaddr = strpprintf(0, "%s:%d",
- buf, ntohs(((struct sockaddr_in*)sa)->sin_port));
-@@ -862,7 +874,11 @@ php_socket_t php_network_connect_socket_to_host(const char *host, unsigned short
-
- in4->sin_family = sa->sa_family;
- in4->sin_port = htons(bindport);
-+#ifdef HAVE_INET_PTON
-+ if (!inet_pton(AF_INET, bindto, &in4->sin_addr)) {
-+#else
- if (!inet_aton(bindto, &in4->sin_addr)) {
-+#endif
- php_error_docref(NULL, E_WARNING, "Invalid IP Address: %s", bindto);
- goto skip_bind;
- }
-From e5b6f43ec7813392d83ea586b7902e0396a1f792 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Thu, 6 May 2021 14:21:29 +0200
-Subject: [PATCH] get rid of inet_addr usage
-
----
- main/fastcgi.c | 4 ++++
- sapi/litespeed/lsapilib.c | 4 ++++
- 2 files changed, 8 insertions(+)
-
-diff --git a/main/fastcgi.c b/main/fastcgi.c
-index 071f69d3a7f0..c936d42405de 100644
---- a/main/fastcgi.c
-+++ b/main/fastcgi.c
-@@ -688,8 +688,12 @@ int fcgi_listen(const char *path, int backlog)
- if (!*host || !strncmp(host, "*", sizeof("*")-1)) {
- sa.sa_inet.sin_addr.s_addr = htonl(INADDR_ANY);
- } else {
-+#ifdef HAVE_INET_PTON
-+ if (!inet_pton(AF_INET, host, &sa.sa_inet.sin_addr)) {
-+#else
- sa.sa_inet.sin_addr.s_addr = inet_addr(host);
- if (sa.sa_inet.sin_addr.s_addr == INADDR_NONE) {
-+#endif
- struct hostent *hep;
-
- if(strlen(host) > MAXFQDNLEN) {
-diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c
-index a72b5dc1b988..305f3326a682 100644
---- a/sapi/litespeed/lsapilib.c
-+++ b/sapi/litespeed/lsapilib.c
-@@ -2672,8 +2672,12 @@ int LSAPI_ParseSockAddr( const char * pBind, struct sockaddr * pAddr )
- ((struct sockaddr_in *)pAddr)->sin_addr.s_addr = htonl( INADDR_LOOPBACK );
- else
- {
-+#ifdef HAVE_INET_PTON
-+ if (!inet_pton(AF_INET, p, &((struct sockaddr_in *)pAddr)->sin_addr))
-+#else
- ((struct sockaddr_in *)pAddr)->sin_addr.s_addr = inet_addr( p );
- if ( ((struct sockaddr_in *)pAddr)->sin_addr.s_addr == INADDR_BROADCAST)
-+#endif
- {
- doAddrInfo = 1;
- }
-From 99d67d121acd4c324738509679d23acaf759d065 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Thu, 6 May 2021 16:35:48 +0200
-Subject: [PATCH] use getnameinfo instead of gethostbyaddr
-
----
- ext/standard/dns.c | 34 ++++++++++++++++++++++------------
- 1 file changed, 22 insertions(+), 12 deletions(-)
-
-diff --git a/ext/standard/dns.c b/ext/standard/dns.c
-index edd9a4549f5c..540c777faaba 100644
---- a/ext/standard/dns.c
-+++ b/ext/standard/dns.c
-@@ -169,20 +169,30 @@ PHP_FUNCTION(gethostbyaddr)
- static zend_string *php_gethostbyaddr(char *ip)
- {
- #if HAVE_IPV6 && HAVE_INET_PTON
-- struct in6_addr addr6;
--#endif
-- struct in_addr addr;
-- struct hostent *hp;
-+ struct sockaddr_in sa4;
-+ struct sockaddr_in6 sa6;
-+ char out[NI_MAXHOST];
-
--#if HAVE_IPV6 && HAVE_INET_PTON
-- if (inet_pton(AF_INET6, ip, &addr6)) {
-- hp = gethostbyaddr((char *) &addr6, sizeof(addr6), AF_INET6);
-- } else if (inet_pton(AF_INET, ip, &addr)) {
-- hp = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET);
-- } else {
-- return NULL;
-+ if (inet_pton(AF_INET6, ip, &sa6.sin6_addr)) {
-+ sa6.sin6_family = AF_INET6;
-+
-+ if (getnameinfo((struct sockaddr *)&sa6, sizeof(sa6), out, sizeof(out), NULL, 0, NI_NAMEREQD) < 0) {
-+ return zend_string_init(ip, strlen(ip), 0);
-+ }
-+ return zend_string_init(out, strlen(out), 0);
-+ } else if (inet_pton(AF_INET, ip, &sa4.sin_addr)) {
-+ sa4.sin_family = AF_INET;
-+
-+ if (getnameinfo((struct sockaddr *)&sa4, sizeof(sa4), out, sizeof(out), NULL, 0, NI_NAMEREQD) < 0) {
-+ return zend_string_init(ip, strlen(ip), 0);
-+ }
-+ return zend_string_init(out, strlen(out), 0);
- }
-+ return NULL; /* not a valid IP */
- #else
-+ struct in_addr addr;
-+ struct hostent *hp;
-+
- addr.s_addr = inet_addr(ip);
-
- if (addr.s_addr == -1) {
-@@ -190,13 +200,13 @@ static zend_string *php_gethostbyaddr(char *ip)
- }
-
- hp = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET);
--#endif
-
- if (!hp || hp->h_name == NULL || hp->h_name[0] == '\0') {
- return zend_string_init(ip, strlen(ip), 0);
- }
-
- return zend_string_init(hp->h_name, strlen(hp->h_name), 0);
-+#endif
- }
- /* }}} */
-
diff --git a/php-7.4.0-libdb.patch b/php-8.1.0-libdb.patch
index d7c6289..7a2a097 100644
--- a/php-7.4.0-libdb.patch
+++ b/php-8.1.0-libdb.patch
@@ -79,10 +79,10 @@ diff -up ./ext/dba/dba.c.libdb ./ext/dba/dba.c
PHP_MINIT_FUNCTION(dba);
PHP_MSHUTDOWN_FUNCTION(dba);
PHP_MINFO_FUNCTION(dba);
-@@ -459,6 +463,10 @@ PHP_MINFO_FUNCTION(dba)
+@@ -452,6 +456,10 @@ PHP_MINFO_FUNCTION(dba)
php_info_print_table_start();
- php_info_print_table_row(2, "DBA support", "enabled");
+ php_info_print_table_row(2, "DBA support", "enabled");
+#ifdef DB_VERSION_STRING
+ php_info_print_table_row(2, "libdb header version", DB_VERSION_STRING);
+ php_info_print_table_row(2, "libdb library version", db_version(NULL, NULL, NULL));
diff --git a/php-8.1.0-phpinfo.patch b/php-8.1.0-phpinfo.patch
new file mode 100644
index 0000000..d19b2f4
--- /dev/null
+++ b/php-8.1.0-phpinfo.patch
@@ -0,0 +1,44 @@
+
+Drop "Configure Command" from phpinfo as it doesn't
+provide any useful information.
+The available extensions are not related to this command.
+
+Replace full GCC name by gcc in php -v output
+
+
+diff -up ./ext/standard/info.c.phpinfo ./ext/standard/info.c
+--- ./ext/standard/info.c.phpinfo 2020-07-21 10:49:31.000000000 +0200
++++ ./ext/standard/info.c 2020-07-21 11:41:56.295633523 +0200
+@@ -805,9 +805,6 @@ PHPAPI ZEND_COLD void php_print_info(int
+ #ifdef PHP_BUILD_ARCH
+ php_info_print_table_row(2, "Architecture", PHP_BUILD_ARCH);
+ #endif
+-#ifdef CONFIGURE_COMMAND
+- php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
+-#endif
+
+ if (sapi_module.pretty_name) {
+ php_info_print_table_row(2, "Server API", sapi_module.pretty_name );
+diff -up ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo ./ext/standard/tests/general_functions/phpinfo.phpt
+--- ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo 2020-07-21 10:49:31.000000000 +0200
++++ ./ext/standard/tests/general_functions/phpinfo.phpt 2020-07-21 11:41:56.296633522 +0200
+@@ -17,7 +17,6 @@ PHP Version => %s
+
+ System => %s
+ Build Date => %s%a
+-Configure Command => %s
+ Server API => Command Line Interface
+ Virtual Directory Support => %s
+ Configuration File (php.ini) Path => %s
+diff -up ./sapi/cli/php_cli.c.phpinfo ./sapi/cli/php_cli.c
+--- ./sapi/cli/php_cli.c.phpinfo 2020-07-21 11:43:38.812475300 +0200
++++ ./sapi/cli/php_cli.c 2020-07-21 11:43:45.783464540 +0200
+@@ -645,7 +645,7 @@ static int do_cli(int argc, char **argv)
+ "NTS"
+ #endif
+ #ifdef PHP_BUILD_COMPILER
+- " " PHP_BUILD_COMPILER
++ " gcc"
+ #endif
+ #ifdef PHP_BUILD_ARCH
+ " " PHP_BUILD_ARCH
diff --git a/php-8.0.10-systzdata-v21.patch b/php-8.1.0-systzdata-v22.patch
index 779f538..d1c8d90 100644
--- a/php-8.0.10-systzdata-v21.patch
+++ b/php-8.1.0-systzdata-v22.patch
@@ -5,7 +5,8 @@ Add support for use of the system timezone database, rather
than embedding a copy. Discussed upstream but was not desired.
History:
-r21: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi
+r22: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi
+r21: adapt for timelib 2021.03 (in 8.1.0)
r20: adapt for timelib 2020.03 (in 8.0.10RC1)
r19: adapt for timelib 2020.02 (in 8.0.0beta2)
r18: adapt for autotool change in 7.3.3RC1
@@ -33,7 +34,7 @@ r2: add filesystem trawl to set up name alias index
r1: initial revision
diff --git a/ext/date/config0.m4 b/ext/date/config0.m4
-index 20e4164aaa..a61243646d 100644
+index 18b8106bd2..3d1f63c758 100644
--- a/ext/date/config0.m4
+++ b/ext/date/config0.m4
@@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h])
@@ -53,14 +54,14 @@ index 20e4164aaa..a61243646d 100644
+ fi
+fi
+
- PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
- timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c
+ PHP_DATE_CFLAGS="-Wno-implicit-fallthrough -I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
+ timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c lib/parse_posix.c
lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
diff --git a/ext/date/lib/parse_tz.c b/ext/date/lib/parse_tz.c
-index e9bd0f136d..c04ff01adc 100644
+index e41315efdb..4b6547c0a3 100644
--- a/ext/date/lib/parse_tz.c
+++ b/ext/date/lib/parse_tz.c
-@@ -26,8 +26,21 @@
+@@ -26,9 +26,22 @@
#include "timelib.h"
#include "timelib_private.h"
@@ -75,6 +76,7 @@ index e9bd0f136d..c04ff01adc 100644
+
+#else
#define TIMELIB_SUPPORTS_V2DATA
+ #define TIMELIB_SUPPORT_SLIM_FILE
#include "timezonedb.h"
+#endif
+
@@ -82,7 +84,7 @@ index e9bd0f136d..c04ff01adc 100644
#if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__))
# if defined(__LITTLE_ENDIAN__)
-@@ -94,6 +107,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
+@@ -95,6 +108,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
{
uint32_t version;
@@ -94,7 +96,7 @@ index e9bd0f136d..c04ff01adc 100644
/* read ID */
version = (*tzf)[3] - '0';
*tzf += 4;
-@@ -435,7 +453,467 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz)
+@@ -577,7 +595,467 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz)
}
}
@@ -324,7 +326,6 @@ index e9bd0f136d..c04ff01adc 100644
+ return timelib_strcasecmp(alpha->id, beta->id);
+}
+
-+
+/* Retrieve tzdata version. */
+static void retrieve_zone_version(timelib_tzdb *db)
+{
@@ -363,6 +364,7 @@ index e9bd0f136d..c04ff01adc 100644
+ }
+}
+
++
+/* Create the zone identifier index by trawling the filesystem. */
+static void create_zone_index(timelib_tzdb *db)
+{
@@ -563,7 +565,7 @@ index e9bd0f136d..c04ff01adc 100644
{
int left = 0, right = tzdb->index_size - 1;
-@@ -461,9 +939,49 @@ static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
+@@ -603,9 +1081,49 @@ static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
return 0;
}
@@ -613,7 +615,7 @@ index e9bd0f136d..c04ff01adc 100644
}
const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count)
-@@ -475,7 +993,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_
+@@ -617,7 +1135,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_
int timelib_timezone_id_is_valid(const char *timezone, const timelib_tzdb *tzdb)
{
const unsigned char *tzf;
@@ -645,7 +647,7 @@ index e9bd0f136d..c04ff01adc 100644
}
static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
-@@ -517,6 +1058,8 @@ static timelib_tzinfo* timelib_tzinfo_ctor(const char *name)
+@@ -662,6 +1203,8 @@ static timelib_tzinfo* timelib_tzinfo_ctor(const char *name)
timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *tzdb, int *error_code)
{
const unsigned char *tzf;
@@ -654,7 +656,7 @@ index e9bd0f136d..c04ff01adc 100644
timelib_tzinfo *tmp;
int version;
int transitions_result, types_result;
-@@ -524,7 +1067,7 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
+@@ -669,7 +1212,7 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
*error_code = TIMELIB_ERROR_NO_ERROR;
@@ -663,9 +665,9 @@ index e9bd0f136d..c04ff01adc 100644
tmp = timelib_tzinfo_ctor(timezone);
version = read_preamble(&tzf, tmp, &type);
-@@ -563,11 +1106,36 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
+@@ -712,11 +1255,36 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
+ return NULL;
}
- skip_posix_string(&tzf, tmp);
+#ifdef HAVE_SYSTEM_TZDATA
+ if (memmap) {
@@ -701,7 +703,7 @@ index e9bd0f136d..c04ff01adc 100644
*error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE;
tmp = NULL;
diff --git a/ext/date/php_date.c b/ext/date/php_date.c
-index 2d5cffb963..389f09f313 100644
+index cf4a11b8a2..cd49abc78d 100644
--- a/ext/date/php_date.c
+++ b/ext/date/php_date.c
@@ -457,7 +457,11 @@ PHP_MINFO_FUNCTION(date)
diff --git a/php-8.0.19-parser.patch b/php-8.2.0-parser.patch
index 8a28e4d..b648290 100644
--- a/php-8.0.19-parser.patch
+++ b/php-8.2.0-parser.patch
@@ -1,7 +1,7 @@
diff -up ./build/gen_stub.php.syslib ./build/gen_stub.php
--- ./build/gen_stub.php.syslib 2020-06-25 08:11:51.782046813 +0200
+++ ./build/gen_stub.php 2020-06-25 08:13:11.188860368 +0200
-@@ -1075,6 +1075,12 @@ function initPhpParser() {
+@@ -3265,6 +3265,12 @@ function initPhpParser() {
}
$isInitialized = true;
@@ -11,6 +11,6 @@ diff -up ./build/gen_stub.php.syslib ./build/gen_stub.php
+ return;
+ }
+
- $version = "4.13.0";
+ $version = "4.13.2";
$phpParserDir = __DIR__ . "/PHP-Parser-$version";
if (!is_dir($phpParserDir)) {
diff --git a/php.ini b/php.ini
index dae0741..07b7a0f 100644
--- a/php.ini
+++ b/php.ini
@@ -17,7 +17,7 @@
; 6. The directory from the --with-config-file-path compile time option, or the
; Windows directory (usually C:\windows)
; See the PHP docs for more specific information.
-; http://php.net/configuration.file
+; https://php.net/configuration.file
; The syntax of the file is extremely simple. Whitespace and lines
; beginning with a semicolon are silently ignored (as you probably guessed).
@@ -31,7 +31,7 @@
; special sections cannot be overridden by user-defined INI files or
; at runtime. Currently, [PATH=] and [HOST=] sections only work under
; CGI/FastCGI.
-; http://php.net/ini.sections
+; https://php.net/ini.sections
; Directives are specified using the following syntax:
; directive = value
@@ -181,7 +181,7 @@
;;;;;;;;;;;;;;;;;;;;
; Enable the PHP scripting language engine under Apache.
-; http://php.net/engine
+; https://php.net/engine
engine = On
; This directive determines whether or not PHP will recognize code between
@@ -194,11 +194,11 @@ engine = On
; Default Value: On
; Development Value: Off
; Production Value: Off
-; http://php.net/short-open-tag
+; https://php.net/short-open-tag
short_open_tag = Off
; The number of significant digits displayed in floating point numbers.
-; http://php.net/precision
+; https://php.net/precision
precision = 14
; Output buffering is a mechanism for controlling how much output data
@@ -222,7 +222,7 @@ precision = 14
; Default Value: Off
; Development Value: 4096
; Production Value: 4096
-; http://php.net/output-buffering
+; https://php.net/output-buffering
output_buffering = 4096
; You can redirect all of the output of your scripts to a function. For
@@ -237,7 +237,7 @@ output_buffering = 4096
; and you cannot use both "ob_gzhandler" and "zlib.output_compression".
; Note: output_handler must be empty if this is set 'On' !!!!
; Instead you must use zlib.output_handler.
-; http://php.net/output-handler
+; https://php.net/output-handler
;output_handler =
; URL rewriter function rewrites URL on the fly by using
@@ -266,16 +266,16 @@ output_buffering = 4096
; performance, enable output_buffering in addition.
; Note: You need to use zlib.output_handler instead of the standard
; output_handler, or otherwise the output will be corrupted.
-; http://php.net/zlib.output-compression
+; https://php.net/zlib.output-compression
zlib.output_compression = Off
-; http://php.net/zlib.output-compression-level
+; https://php.net/zlib.output-compression-level
;zlib.output_compression_level = -1
; You cannot specify additional output handlers if zlib.output_compression
; is activated here. This setting does the same as output_handler but in
; a different order.
-; http://php.net/zlib.output-handler
+; https://php.net/zlib.output-handler
;zlib.output_handler =
; Implicit flush tells PHP to tell the output layer to flush itself
@@ -283,7 +283,7 @@ zlib.output_compression = Off
; PHP function flush() after each and every call to print() or echo() and each
; and every HTML block. Turning this option on has serious performance
; implications and is generally recommended for debugging purposes only.
-; http://php.net/implicit-flush
+; https://php.net/implicit-flush
; Note: This directive is hardcoded to On for the CLI SAPI
implicit_flush = Off
@@ -314,22 +314,22 @@ serialize_precision = -1
; and below. This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file.
; Note: disables the realpath cache
-; http://php.net/open-basedir
+; https://php.net/open-basedir
;open_basedir =
; This directive allows you to disable certain functions.
; It receives a comma-delimited list of function names.
-; http://php.net/disable-functions
+; https://php.net/disable-functions
disable_functions =
; This directive allows you to disable certain classes.
; It receives a comma-delimited list of class names.
-; http://php.net/disable-classes
+; https://php.net/disable-classes
disable_classes =
; Colors for Syntax Highlighting mode. Anything that's acceptable in
; <span style="color: ???????"> would work.
-; http://php.net/syntax-highlighting
+; https://php.net/syntax-highlighting
;highlight.string = #DD0000
;highlight.comment = #FF9900
;highlight.keyword = #007700
@@ -340,24 +340,24 @@ disable_classes =
; the request. Consider enabling it if executing long requests, which may end up
; being interrupted by the user or a browser timing out. PHP's default behavior
; is to disable this feature.
-; http://php.net/ignore-user-abort
+; https://php.net/ignore-user-abort
;ignore_user_abort = On
; Determines the size of the realpath cache to be used by PHP. This value should
; be increased on systems where PHP opens many files to reflect the quantity of
; the file operations performed.
; Note: if open_basedir is set, the cache is disabled
-; http://php.net/realpath-cache-size
+; https://php.net/realpath-cache-size
;realpath_cache_size = 4096k
; Duration of time, in seconds for which to cache realpath information for a given
; file or directory. For systems with rarely changing files, consider increasing this
; value.
-; http://php.net/realpath-cache-ttl
+; https://php.net/realpath-cache-ttl
;realpath_cache_ttl = 120
; Enables or disables the circular reference collector.
-; http://php.net/zend.enable-gc
+; https://php.net/zend.enable-gc
zend.enable_gc = On
; If enabled, scripts may be written in encodings that are incompatible with
@@ -396,7 +396,7 @@ zend.exception_string_param_max_len = 0
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
-; http://php.net/expose-php
+; https://php.net/expose-php
expose_php = On
;;;;;;;;;;;;;;;;;;;
@@ -404,7 +404,7 @@ expose_php = On
;;;;;;;;;;;;;;;;;;;
; Maximum execution time of each script, in seconds
-; http://php.net/max-execution-time
+; https://php.net/max-execution-time
; Note: This directive is hardcoded to 0 for the CLI SAPI
max_execution_time = 30
@@ -415,18 +415,18 @@ max_execution_time = 30
; Default Value: -1 (Unlimited)
; Development Value: 60 (60 seconds)
; Production Value: 60 (60 seconds)
-; http://php.net/max-input-time
+; https://php.net/max-input-time
max_input_time = 60
; Maximum input variable nesting level
-; http://php.net/max-input-nesting-level
+; https://php.net/max-input-nesting-level
;max_input_nesting_level = 64
; How many GET/POST/COOKIE input variables may be accepted
;max_input_vars = 1000
; Maximum amount of memory a script may consume
-; http://php.net/memory-limit
+; https://php.net/memory-limit
memory_limit = 128M
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -482,7 +482,7 @@ memory_limit = 128M
; Default Value: E_ALL
; Development Value: E_ALL
; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
-; http://php.net/error-reporting
+; https://php.net/error-reporting
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
; This directive controls whether or not and where PHP will output errors,
@@ -499,7 +499,7 @@ error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
; Default Value: On
; Development Value: On
; Production Value: Off
-; http://php.net/display-errors
+; https://php.net/display-errors
display_errors = Off
; The display of errors which occur during PHP's startup sequence are handled
@@ -508,7 +508,7 @@ display_errors = Off
; Default Value: On
; Development Value: On
; Production Value: Off
-; http://php.net/display-startup-errors
+; https://php.net/display-startup-errors
display_startup_errors = Off
; Besides displaying errors, PHP can also log errors to locations such as a
@@ -518,36 +518,31 @@ display_startup_errors = Off
; Default Value: Off
; Development Value: On
; Production Value: On
-; http://php.net/log-errors
+; https://php.net/log-errors
log_errors = On
-; Set maximum length of log_errors. In error_log information about the source is
-; added. The default is 1024 and 0 allows to not apply any maximum length at all.
-; http://php.net/log-errors-max-len
-log_errors_max_len = 1024
-
; Do not log repeated messages. Repeated errors must occur in same file on same
; line unless ignore_repeated_source is set true.
-; http://php.net/ignore-repeated-errors
+; https://php.net/ignore-repeated-errors
ignore_repeated_errors = Off
; Ignore source of message when ignoring repeated messages. When this setting
; is On you will not log errors with repeated messages from different files or
; source lines.
-; http://php.net/ignore-repeated-source
+; https://php.net/ignore-repeated-source
ignore_repeated_source = Off
; If this parameter is set to Off, then memory leaks will not be shown (on
; stdout or in the log). This is only effective in a debug compile, and if
; error reporting includes E_WARNING in the allowed list
-; http://php.net/report-memleaks
+; https://php.net/report-memleaks
report_memleaks = On
; This setting is off by default.
;report_zend_debug = 0
; Turn off normal error reporting and emit XML-RPC error XML
-; http://php.net/xmlrpc-errors
+; https://php.net/xmlrpc-errors
;xmlrpc_errors = 0
; An XML-RPC faultCode
@@ -557,40 +552,40 @@ report_memleaks = On
; error message as HTML for easier reading. This directive controls whether
; the error message is formatted as HTML or not.
; Note: This directive is hardcoded to Off for the CLI SAPI
-; http://php.net/html-errors
+; https://php.net/html-errors
;html_errors = On
; If html_errors is set to On *and* docref_root is not empty, then PHP
; produces clickable error messages that direct to a page describing the error
; or function causing the error in detail.
-; You can download a copy of the PHP manual from http://php.net/docs
+; You can download a copy of the PHP manual from https://php.net/docs
; and change docref_root to the base URL of your local copy including the
; leading '/'. You must also specify the file extension being used including
; the dot. PHP's default behavior is to leave these settings empty, in which
; case no links to documentation are generated.
; Note: Never use this feature for production boxes.
-; http://php.net/docref-root
+; https://php.net/docref-root
; Examples
;docref_root = "/phpmanual/"
-; http://php.net/docref-ext
+; https://php.net/docref-ext
;docref_ext = .html
; String to output before an error message. PHP's default behavior is to leave
; this setting blank.
-; http://php.net/error-prepend-string
+; https://php.net/error-prepend-string
; Example:
;error_prepend_string = "<span style='color: #ff0000'>"
; String to output after an error message. PHP's default behavior is to leave
; this setting blank.
-; http://php.net/error-append-string
+; https://php.net/error-append-string
; Example:
;error_append_string = "</span>"
; Log errors to specified file. PHP's default behavior is to leave this value
; empty.
-; http://php.net/error-log
+; https://php.net/error-log
; Example:
;error_log = php_errors.log
; Log errors to syslog (Event Log on Windows).
@@ -613,7 +608,7 @@ report_memleaks = On
; no-ctrl (all characters except control characters)
; all (all characters)
; raw (like "all", but messages are not split at newlines)
-; http://php.net/syslog.filter
+; https://php.net/syslog.filter
;syslog.filter = ascii
;windows.show_crt_warning
@@ -627,14 +622,14 @@ report_memleaks = On
; The separator used in PHP generated URLs to separate arguments.
; PHP's default setting is "&".
-; http://php.net/arg-separator.output
+; https://php.net/arg-separator.output
; Example:
;arg_separator.output = "&amp;"
; List of separator(s) used by PHP to parse input URLs into variables.
; PHP's default setting is "&".
; NOTE: Every character in this directive is considered as separator!
-; http://php.net/arg-separator.input
+; https://php.net/arg-separator.input
; Example:
;arg_separator.input = ";&"
@@ -648,7 +643,7 @@ report_memleaks = On
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS";
-; http://php.net/variables-order
+; https://php.net/variables-order
variables_order = "GPCS"
; This directive determines which super global data (G,P & C) should be
@@ -661,7 +656,7 @@ variables_order = "GPCS"
; Default Value: None
; Development Value: "GP"
; Production Value: "GP"
-; http://php.net/request-order
+; https://php.net/request-order
request_order = "GP"
; This directive determines whether PHP registers $argv & $argc each time it
@@ -676,7 +671,7 @@ request_order = "GP"
; Default Value: On
; Development Value: Off
; Production Value: Off
-; http://php.net/register-argc-argv
+; https://php.net/register-argc-argv
register_argc_argv = Off
; When enabled, the ENV, REQUEST and SERVER variables are created when they're
@@ -684,7 +679,7 @@ register_argc_argv = Off
; variables are not used within a script, having this directive on will result
; in a performance gain. The PHP directive register_argc_argv must be disabled
; for this directive to have any effect.
-; http://php.net/auto-globals-jit
+; https://php.net/auto-globals-jit
auto_globals_jit = On
; Whether PHP will read the POST data.
@@ -693,48 +688,48 @@ auto_globals_jit = On
; and $_FILES to always be empty; the only way you will be able to read the
; POST data will be through the php://input stream wrapper. This can be useful
; to proxy requests or to process the POST data in a memory efficient fashion.
-; http://php.net/enable-post-data-reading
+; https://php.net/enable-post-data-reading
;enable_post_data_reading = Off
; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
-; http://php.net/post-max-size
+; https://php.net/post-max-size
post_max_size = 8M
; Automatically add files before PHP document.
-; http://php.net/auto-prepend-file
+; https://php.net/auto-prepend-file
auto_prepend_file =
; Automatically add files after PHP document.
-; http://php.net/auto-append-file
+; https://php.net/auto-append-file
auto_append_file =
; By default, PHP will output a media type using the Content-Type header. To
; disable this, simply set it to be empty.
;
; PHP's built-in default media type is set to text/html.
-; http://php.net/default-mimetype
+; https://php.net/default-mimetype
default_mimetype = "text/html"
; PHP's default character set is set to UTF-8.
-; http://php.net/default-charset
+; https://php.net/default-charset
default_charset = "UTF-8"
; PHP internal character encoding is set to empty.
; If empty, default_charset is used.
-; http://php.net/internal-encoding
+; https://php.net/internal-encoding
;internal_encoding =
; PHP input character encoding is set to empty.
; If empty, default_charset is used.
-; http://php.net/input-encoding
+; https://php.net/input-encoding
;input_encoding =
; PHP output character encoding is set to empty.
; If empty, default_charset is used.
; See also output_buffer.
-; http://php.net/output-encoding
+; https://php.net/output-encoding
;output_encoding =
;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -748,23 +743,23 @@ default_charset = "UTF-8"
;include_path = ".;c:\php\includes"
;
; PHP's default setting for include_path is ".;/path/to/php/pear"
-; http://php.net/include-path
+; https://php.net/include-path
; The root of the PHP pages, used only if nonempty.
; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
; if you are running php as a CGI under any web server (other than IIS)
; see documentation for security issues. The alternate is to use the
; cgi.force_redirect configuration below
-; http://php.net/doc-root
+; https://php.net/doc-root
doc_root =
; The directory under which PHP opens the script using /~username used only
; if nonempty.
-; http://php.net/user-dir
+; https://php.net/user-dir
user_dir =
; Directory in which the loadable extensions (modules) reside.
-; http://php.net/extension-dir
+; https://php.net/extension-dir
;extension_dir = "./"
; On windows:
;extension_dir = "ext"
@@ -776,14 +771,14 @@ user_dir =
; Whether or not to enable the dl() function. The dl() function does NOT work
; properly in multithreaded servers, such as IIS or Zeus, and is automatically
; disabled on them.
-; http://php.net/enable-dl
+; https://php.net/enable-dl
enable_dl = Off
; cgi.force_redirect is necessary to provide security running PHP as a CGI under
; most web servers. Left undefined, PHP turns this on by default. You can
; turn it off here AT YOUR OWN RISK
; **You CAN safely turn this off for IIS, in fact, you MUST.**
-; http://php.net/cgi.force-redirect
+; https://php.net/cgi.force-redirect
;cgi.force_redirect = 1
; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
@@ -794,7 +789,7 @@ enable_dl = Off
; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
; will look for to know it is OK to continue execution. Setting this variable MAY
; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
-; http://php.net/cgi.redirect-status-env
+; https://php.net/cgi.redirect-status-env
;cgi.redirect_status_env =
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
@@ -803,7 +798,7 @@ enable_dl = Off
; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
-; http://php.net/cgi.fix-pathinfo
+; https://php.net/cgi.fix-pathinfo
;cgi.fix_pathinfo=1
; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside
@@ -815,7 +810,7 @@ enable_dl = Off
; security context that the request runs under. mod_fastcgi under Apache
; does not currently support this feature (03/17/2002)
; Set to 1 if running under IIS. Default is zero.
-; http://php.net/fastcgi.impersonate
+; https://php.net/fastcgi.impersonate
;fastcgi.impersonate = 1
; Disable logging through FastCGI connection. PHP's default behavior is to enable
@@ -827,14 +822,14 @@ enable_dl = Off
; is supported by Apache. When this option is set to 1, PHP will send
; RFC2616 compliant header.
; Default is zero.
-; http://php.net/cgi.rfc2616-headers
+; https://php.net/cgi.rfc2616-headers
;cgi.rfc2616_headers = 0
; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #!
; (shebang) at the top of the running script. This line might be needed if the
; script support running both as stand-alone script and via PHP CGI<. PHP in CGI
; mode skips this line and ignores its content if this directive is turned on.
-; http://php.net/cgi.check-shebang-line
+; https://php.net/cgi.check-shebang-line
;cgi.check_shebang_line=1
;;;;;;;;;;;;;;;;
@@ -842,16 +837,16 @@ enable_dl = Off
;;;;;;;;;;;;;;;;
; Whether to allow HTTP file uploads.
-; http://php.net/file-uploads
+; https://php.net/file-uploads
file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
-; http://php.net/upload-tmp-dir
+; https://php.net/upload-tmp-dir
;upload_tmp_dir =
; Maximum allowed size for uploaded files.
-; http://php.net/upload-max-filesize
+; https://php.net/upload-max-filesize
upload_max_filesize = 2M
; Maximum number of files that can be uploaded via a single request
@@ -862,24 +857,24 @@ max_file_uploads = 20
;;;;;;;;;;;;;;;;;;
; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
-; http://php.net/allow-url-fopen
+; https://php.net/allow-url-fopen
allow_url_fopen = On
-; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
-; http://php.net/allow-url-include
+; Whether to allow include/require to open URLs (like https:// or ftp://) as files.
+; https://php.net/allow-url-include
allow_url_include = Off
; Define the anonymous ftp password (your email address). PHP's default setting
; for this is empty.
-; http://php.net/from
+; https://php.net/from
;from="john@doe.com"
; Define the User-Agent string. PHP's default setting for this is empty.
-; http://php.net/user-agent
+; https://php.net/user-agent
;user_agent="PHP"
; Default timeout for socket based streams (seconds)
-; http://php.net/default-socket-timeout
+; https://php.net/default-socket-timeout
default_socket_timeout = 60
; If your scripts have to deal with files from Macintosh systems,
@@ -887,7 +882,7 @@ default_socket_timeout = 60
; unix or win32 systems, setting this flag will cause PHP to
; automatically detect the EOL character in those files so that
; fgets() and file() will work regardless of the source of the file.
-; http://php.net/auto-detect-line-endings
+; https://php.net/auto-detect-line-endings
;auto_detect_line_endings = Off
;;;;;;;;;;;;;;;;;;;;;;
@@ -928,26 +923,26 @@ cli_server.color = On
[Date]
; Defines the default timezone used by the date functions
-; http://php.net/date.timezone
+; https://php.net/date.timezone
;date.timezone =
-; http://php.net/date.default-latitude
+; https://php.net/date.default-latitude
;date.default_latitude = 31.7667
-; http://php.net/date.default-longitude
+; https://php.net/date.default-longitude
;date.default_longitude = 35.2333
-; http://php.net/date.sunrise-zenith
+; https://php.net/date.sunrise-zenith
;date.sunrise_zenith = 90.833333
-; http://php.net/date.sunset-zenith
+; https://php.net/date.sunset-zenith
;date.sunset_zenith = 90.833333
[filter]
-; http://php.net/filter.default
+; https://php.net/filter.default
;filter.default = unsafe_raw
-; http://php.net/filter.default-flags
+; https://php.net/filter.default-flags
;filter.default_flags =
[iconv]
@@ -985,7 +980,7 @@ cli_server.color = On
[sqlite3]
; Directory pointing to SQLite3 extensions
-; http://php.net/sqlite3.extension-dir
+; https://php.net/sqlite3.extension-dir
;sqlite3.extension_dir =
; SQLite defensive mode flag (only available from SQLite 3.26+)
@@ -999,14 +994,14 @@ cli_server.color = On
[Pcre]
; PCRE library backtracking limit.
-; http://php.net/pcre.backtrack-limit
+; https://php.net/pcre.backtrack-limit
;pcre.backtrack_limit=100000
; PCRE library recursion limit.
; Please note that if you set this value to a high number you may consume all
; the available process stack and eventually crash PHP (due to reaching the
; stack size limit imposed by the Operating System).
-; http://php.net/pcre.recursion-limit
+; https://php.net/pcre.recursion-limit
;pcre.recursion_limit=100000
; Enables or disables JIT compilation of patterns. This requires the PCRE
@@ -1015,7 +1010,7 @@ pcre.jit=0
[Pdo]
; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
-; http://php.net/pdo-odbc.connection-pooling
+; https://php.net/pdo-odbc.connection-pooling
;pdo_odbc.connection_pooling=strict
[Pdo_mysql]
@@ -1024,17 +1019,17 @@ pcre.jit=0
pdo_mysql.default_socket=
[Phar]
-; http://php.net/phar.readonly
+; https://php.net/phar.readonly
;phar.readonly = On
-; http://php.net/phar.require-hash
+; https://php.net/phar.require-hash
;phar.require_hash = On
;phar.cache_list =
[mail function]
; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
-; http://php.net/sendmail-path
+; https://php.net/sendmail-path
sendmail_path = /usr/sbin/sendmail -t -i
; Force the addition of the specified parameters to be passed as extra parameters
@@ -1052,13 +1047,13 @@ mail.add_x_header = Off
;mail.log = syslog
[ODBC]
-; http://php.net/odbc.default-db
+; https://php.net/odbc.default-db
;odbc.default_db = Not yet implemented
-; http://php.net/odbc.default-user
+; https://php.net/odbc.default-user
;odbc.default_user = Not yet implemented
-; http://php.net/odbc.default-pw
+; https://php.net/odbc.default-pw
;odbc.default_pw = Not yet implemented
; Controls the ODBC cursor model.
@@ -1066,68 +1061,72 @@ mail.add_x_header = Off
;odbc.default_cursortype
; Allow or prevent persistent links.
-; http://php.net/odbc.allow-persistent
+; https://php.net/odbc.allow-persistent
odbc.allow_persistent = On
; Check that a connection is still valid before reuse.
-; http://php.net/odbc.check-persistent
+; https://php.net/odbc.check-persistent
odbc.check_persistent = On
; Maximum number of persistent links. -1 means no limit.
-; http://php.net/odbc.max-persistent
+; https://php.net/odbc.max-persistent
odbc.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
-; http://php.net/odbc.max-links
+; https://php.net/odbc.max-links
odbc.max_links = -1
; Handling of LONG fields. Returns number of bytes to variables. 0 means
; passthru.
-; http://php.net/odbc.defaultlrl
+; https://php.net/odbc.defaultlrl
odbc.defaultlrl = 4096
; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.
; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
; of odbc.defaultlrl and odbc.defaultbinmode
-; http://php.net/odbc.defaultbinmode
+; https://php.net/odbc.defaultbinmode
odbc.defaultbinmode = 1
[MySQLi]
; Maximum number of persistent links. -1 means no limit.
-; http://php.net/mysqli.max-persistent
+; https://php.net/mysqli.max-persistent
mysqli.max_persistent = -1
; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
-; http://php.net/mysqli.allow_local_infile
+; https://php.net/mysqli.allow_local_infile
;mysqli.allow_local_infile = On
+; It allows the user to specify a folder where files that can be sent via LOAD DATA
+; LOCAL can exist. It is ignored if mysqli.allow_local_infile is enabled.
+;mysqli.local_infile_directory =
+
; Allow or prevent persistent links.
-; http://php.net/mysqli.allow-persistent
+; https://php.net/mysqli.allow-persistent
mysqli.allow_persistent = On
; Maximum number of links. -1 means no limit.
-; http://php.net/mysqli.max-links
+; https://php.net/mysqli.max-links
mysqli.max_links = -1
; Default port number for mysqli_connect(). If unset, mysqli_connect() will use
; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
; at MYSQL_PORT.
-; http://php.net/mysqli.default-port
+; https://php.net/mysqli.default-port
mysqli.default_port = 3306
; Default socket name for local MySQL connects. If empty, uses the built-in
; MySQL defaults.
-; http://php.net/mysqli.default-socket
+; https://php.net/mysqli.default-socket
mysqli.default_socket =
; Default host for mysqli_connect() (doesn't apply in safe mode).
-; http://php.net/mysqli.default-host
+; https://php.net/mysqli.default-host
mysqli.default_host =
; Default user for mysqli_connect() (doesn't apply in safe mode).
-; http://php.net/mysqli.default-user
+; https://php.net/mysqli.default-user
mysqli.default_user =
; Default password for mysqli_connect() (doesn't apply in safe mode).
@@ -1135,12 +1134,17 @@ mysqli.default_user =
; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
; and reveal this password! And of course, any users with read access to this
; file will be able to reveal the password as well.
-; http://php.net/mysqli.default-pw
+; https://php.net/mysqli.default-pw
mysqli.default_pw =
; Allow or prevent reconnect
mysqli.reconnect = Off
+; If this option is enabled, closing a persistent connection will rollback
+; any pending transactions of this connection, before it is put back
+; into the persistent connection pool.
+;mysqli.rollback_on_cached_plink = Off
+
[mysqlnd]
; Enable / Disable collection of general statistics by mysqlnd which can be
; used to tune and monitor MySQL operations.
@@ -1152,7 +1156,7 @@ mysqlnd.collect_memory_statistics = Off
; Records communication from all extensions using mysqlnd to the specified log
; file.
-; http://php.net/mysqlnd.debug
+; https://php.net/mysqlnd.debug
;mysqlnd.debug =
; Defines which queries will be logged.
@@ -1180,44 +1184,44 @@ mysqlnd.collect_memory_statistics = Off
[PostgreSQL]
; Allow or prevent persistent links.
-; http://php.net/pgsql.allow-persistent
+; https://php.net/pgsql.allow-persistent
pgsql.allow_persistent = On
; Detect broken persistent links always with pg_pconnect().
; Auto reset feature requires a little overheads.
-; http://php.net/pgsql.auto-reset-persistent
+; https://php.net/pgsql.auto-reset-persistent
pgsql.auto_reset_persistent = Off
; Maximum number of persistent links. -1 means no limit.
-; http://php.net/pgsql.max-persistent
+; https://php.net/pgsql.max-persistent
pgsql.max_persistent = -1
; Maximum number of links (persistent+non persistent). -1 means no limit.
-; http://php.net/pgsql.max-links
+; https://php.net/pgsql.max-links
pgsql.max_links = -1
; Ignore PostgreSQL backends Notice message or not.
; Notice message logging require a little overheads.
-; http://php.net/pgsql.ignore-notice
+; https://php.net/pgsql.ignore-notice
pgsql.ignore_notice = 0
; Log PostgreSQL backends Notice message or not.
; Unless pgsql.ignore_notice=0, module cannot log notice message.
-; http://php.net/pgsql.log-notice
+; https://php.net/pgsql.log-notice
pgsql.log_notice = 0
[bcmath]
; Number of decimal digits for all bcmath functions.
-; http://php.net/bcmath.scale
+; https://php.net/bcmath.scale
bcmath.scale = 0
[browscap]
-; http://php.net/browscap
+; https://php.net/browscap
;browscap = extra/browscap.ini
[Session]
; Handler used to store/retrieve data.
-; http://php.net/session.save-handler
+; https://php.net/session.save-handler
session.save_handler = files
; Argument passed to save_handler. In the case of files, this is the path
@@ -1246,7 +1250,7 @@ session.save_handler = files
;
; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
-; http://php.net/session.save-path
+; https://php.net/session.save-path
; RPM note : session directory must be owned by process owner
; for mod_php, see /etc/httpd/conf.d/php.conf
@@ -1263,42 +1267,42 @@ session.save_handler = files
session.use_strict_mode = 0
; Whether to use cookies.
-; http://php.net/session.use-cookies
+; https://php.net/session.use-cookies
session.use_cookies = 1
-; http://php.net/session.cookie-secure
+; https://php.net/session.cookie-secure
;session.cookie_secure =
; This option forces PHP to fetch and use a cookie for storing and maintaining
; the session id. We encourage this operation as it's very helpful in combating
; session hijacking when not specifying and managing your own session id. It is
; not the be-all and end-all of session hijacking defense, but it's a good start.
-; http://php.net/session.use-only-cookies
+; https://php.net/session.use-only-cookies
session.use_only_cookies = 1
; Name of the session (used as cookie name).
-; http://php.net/session.name
+; https://php.net/session.name
session.name = PHPSESSID
; Initialize session on request startup.
-; http://php.net/session.auto-start
+; https://php.net/session.auto-start
session.auto_start = 0
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
-; http://php.net/session.cookie-lifetime
+; https://php.net/session.cookie-lifetime
session.cookie_lifetime = 0
; The path for which the cookie is valid.
-; http://php.net/session.cookie-path
+; https://php.net/session.cookie-path
session.cookie_path = /
; The domain for which the cookie is valid.
-; http://php.net/session.cookie-domain
+; https://php.net/session.cookie-domain
session.cookie_domain =
; Whether or not to add the httpOnly flag to the cookie, which makes it
; inaccessible to browser scripting languages such as JavaScript.
-; http://php.net/session.cookie-httponly
+; https://php.net/session.cookie-httponly
session.cookie_httponly =
; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
@@ -1308,7 +1312,7 @@ session.cookie_httponly =
session.cookie_samesite =
; Handler used to serialize data. php is the standard serializer of PHP.
-; http://php.net/session.serialize-handler
+; https://php.net/session.serialize-handler
session.serialize_handler = php
; Defines the probability that the 'garbage collection' process is started on every
@@ -1317,7 +1321,7 @@ session.serialize_handler = php
; Default Value: 1
; Development Value: 1
; Production Value: 1
-; http://php.net/session.gc-probability
+; https://php.net/session.gc-probability
session.gc_probability = 1
; Defines the probability that the 'garbage collection' process is started on every
@@ -1327,12 +1331,12 @@ session.gc_probability = 1
; Default Value: 100
; Development Value: 1000
; Production Value: 1000
-; http://php.net/session.gc-divisor
+; https://php.net/session.gc-divisor
session.gc_divisor = 1000
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
-; http://php.net/session.gc-maxlifetime
+; https://php.net/session.gc-maxlifetime
session.gc_maxlifetime = 1440
; NOTE: If you are using the subdirectory option for storing session files
@@ -1346,16 +1350,16 @@ session.gc_maxlifetime = 1440
; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
-; http://php.net/session.referer-check
+; https://php.net/session.referer-check
session.referer_check =
; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
-; http://php.net/session.cache-limiter
+; https://php.net/session.cache-limiter
session.cache_limiter = nocache
; Document expires after n minutes.
-; http://php.net/session.cache-expire
+; https://php.net/session.cache-expire
session.cache_expire = 180
; trans sid support is disabled by default.
@@ -1367,13 +1371,13 @@ session.cache_expire = 180
; in publicly accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
-; http://php.net/session.use-trans-sid
+; https://php.net/session.use-trans-sid
session.use_trans_sid = 0
; Set session ID character length. This value could be between 22 to 256.
; Shorter length than default is supported only for compatibility reason.
; Users should use 32 or more chars.
-; http://php.net/session.sid-length
+; https://php.net/session.sid-length
; Default Value: 32
; Development Value: 26
; Production Value: 26
@@ -1388,7 +1392,7 @@ session.sid_length = 26
; Default Value: "a=href,area=href,frame=src,form="
; Development Value: "a=href,area=href,frame=src,form="
; Production Value: "a=href,area=href,frame=src,form="
-; http://php.net/url-rewriter.tags
+; https://php.net/url-rewriter.tags
session.trans_sid_tags = "a=href,area=href,frame=src,form="
; URL rewriter does not rewrite absolute URLs by default.
@@ -1413,14 +1417,14 @@ session.trans_sid_tags = "a=href,area=href,frame=src,form="
; Default Value: 4
; Development Value: 5
; Production Value: 5
-; http://php.net/session.hash-bits-per-character
+; https://php.net/session.hash-bits-per-character
session.sid_bits_per_character = 5
; Enable upload progress tracking in $_SESSION
; Default Value: On
; Development Value: On
; Production Value: On
-; http://php.net/session.upload-progress.enabled
+; https://php.net/session.upload-progress.enabled
;session.upload_progress.enabled = On
; Cleanup the progress information as soon as all POST data has been read
@@ -1428,14 +1432,14 @@ session.sid_bits_per_character = 5
; Default Value: On
; Development Value: On
; Production Value: On
-; http://php.net/session.upload-progress.cleanup
+; https://php.net/session.upload-progress.cleanup
;session.upload_progress.cleanup = On
; A prefix used for the upload progress key in $_SESSION
; Default Value: "upload_progress_"
; Development Value: "upload_progress_"
; Production Value: "upload_progress_"
-; http://php.net/session.upload-progress.prefix
+; https://php.net/session.upload-progress.prefix
;session.upload_progress.prefix = "upload_progress_"
; The index name (concatenated with the prefix) in $_SESSION
@@ -1443,7 +1447,7 @@ session.sid_bits_per_character = 5
; Default Value: "PHP_SESSION_UPLOAD_PROGRESS"
; Development Value: "PHP_SESSION_UPLOAD_PROGRESS"
; Production Value: "PHP_SESSION_UPLOAD_PROGRESS"
-; http://php.net/session.upload-progress.name
+; https://php.net/session.upload-progress.name
;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
; How frequently the upload progress should be updated.
@@ -1451,18 +1455,18 @@ session.sid_bits_per_character = 5
; Default Value: "1%"
; Development Value: "1%"
; Production Value: "1%"
-; http://php.net/session.upload-progress.freq
+; https://php.net/session.upload-progress.freq
;session.upload_progress.freq = "1%"
; The minimum delay between updates, in seconds
; Default Value: 1
; Development Value: 1
; Production Value: 1
-; http://php.net/session.upload-progress.min-freq
+; https://php.net/session.upload-progress.min-freq
;session.upload_progress.min_freq = "1"
; Only write session data when session data is changed. Enabled by default.
-; http://php.net/session.lazy-write
+; https://php.net/session.lazy-write
;session.lazy_write = On
[Assertion]
@@ -1474,33 +1478,33 @@ session.sid_bits_per_character = 5
; Default Value: 1
; Development Value: 1
; Production Value: -1
-; http://php.net/zend.assertions
+; https://php.net/zend.assertions
zend.assertions = -1
; Assert(expr); active by default.
-; http://php.net/assert.active
+; https://php.net/assert.active
;assert.active = On
; Throw an AssertionError on failed assertions
-; http://php.net/assert.exception
+; https://php.net/assert.exception
;assert.exception = On
; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active)
-; http://php.net/assert.warning
+; https://php.net/assert.warning
;assert.warning = On
; Don't bail out by default.
-; http://php.net/assert.bail
+; https://php.net/assert.bail
;assert.bail = Off
; User-function to be called if an assertion fails.
-; http://php.net/assert.callback
+; https://php.net/assert.callback
;assert.callback = 0
[mbstring]
; language for internal character representation.
; This affects mb_send_mail() and mbstring.detect_order.
-; http://php.net/mbstring.language
+; https://php.net/mbstring.language
;mbstring.language = Japanese
; Use of this INI entry is deprecated, use global internal_encoding instead.
@@ -1515,7 +1519,7 @@ zend.assertions = -1
; mbstring.encoding_translation = On is needed to use this setting.
; If empty, default_charset or input_encoding or mbstring.input is used.
; The precedence is: default_charset < input_encoding < mbstring.http_input
-; http://php.net/mbstring.http-input
+; https://php.net/mbstring.http-input
;mbstring.http_input =
; Use of this INI entry is deprecated, use global output_encoding instead.
@@ -1525,7 +1529,7 @@ zend.assertions = -1
; The precedence is: default_charset < output_encoding < mbstring.http_output
; To use an output encoding conversion, mbstring's output handler must be set
; otherwise output encoding conversion cannot be performed.
-; http://php.net/mbstring.http-output
+; https://php.net/mbstring.http-output
;mbstring.http_output =
; enable automatic encoding translation according to
@@ -1533,17 +1537,17 @@ zend.assertions = -1
; converted to internal encoding by setting this to On.
; Note: Do _not_ use automatic encoding translation for
; portable libs/applications.
-; http://php.net/mbstring.encoding-translation
+; https://php.net/mbstring.encoding-translation
;mbstring.encoding_translation = Off
; automatic encoding detection order.
; "auto" detect order is changed according to mbstring.language
-; http://php.net/mbstring.detect-order
+; https://php.net/mbstring.detect-order
;mbstring.detect_order = auto
; substitute_character used when character cannot be converted
; one from another
-; http://php.net/mbstring.substitute-character
+; https://php.net/mbstring.substitute-character
;mbstring.substitute_character = none
; Enable strict encoding detection.
@@ -1551,8 +1555,8 @@ zend.assertions = -1
; This directive specifies the regex pattern of content types for which mb_output_handler()
; is activated.
-; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
-;mbstring.http_output_conv_mimetype=
+; Default: mbstring.http_output_conv_mimetypes=^(text/|application/xhtml\+xml)
+;mbstring.http_output_conv_mimetypes=
; This directive specifies maximum stack depth for mbstring regular expressions. It is similar
; to the pcre.recursion_limit for PCRE.
@@ -1566,7 +1570,7 @@ zend.assertions = -1
; Tell the jpeg decode to ignore warnings and try to create
; a gd image. The warning will then be displayed as notices
; disabled by default
-; http://php.net/gd.jpeg-ignore-warning
+; https://php.net/gd.jpeg-ignore-warning
;gd.jpeg_ignore_warning = 1
[exif]
@@ -1575,42 +1579,42 @@ zend.assertions = -1
; given by corresponding encode setting. When empty mbstring.internal_encoding
; is used. For the decode settings you can distinguish between motorola and
; intel byte order. A decode setting cannot be empty.
-; http://php.net/exif.encode-unicode
+; https://php.net/exif.encode-unicode
;exif.encode_unicode = ISO-8859-15
-; http://php.net/exif.decode-unicode-motorola
+; https://php.net/exif.decode-unicode-motorola
;exif.decode_unicode_motorola = UCS-2BE
-; http://php.net/exif.decode-unicode-intel
+; https://php.net/exif.decode-unicode-intel
;exif.decode_unicode_intel = UCS-2LE
-; http://php.net/exif.encode-jis
+; https://php.net/exif.encode-jis
;exif.encode_jis =
-; http://php.net/exif.decode-jis-motorola
+; https://php.net/exif.decode-jis-motorola
;exif.decode_jis_motorola = JIS
-; http://php.net/exif.decode-jis-intel
+; https://php.net/exif.decode-jis-intel
;exif.decode_jis_intel = JIS
[Tidy]
; The path to a default tidy configuration file to use when using tidy
-; http://php.net/tidy.default-config
+; https://php.net/tidy.default-config
;tidy.default_config = /usr/local/lib/php/default.tcfg
; Should tidy clean and repair output automatically?
; WARNING: Do not use this option if you are generating non-html content
; such as dynamic images
-; http://php.net/tidy.clean-output
+; https://php.net/tidy.clean-output
tidy.clean_output = Off
[soap]
; Enables or disables WSDL caching feature.
-; http://php.net/soap.wsdl-cache-enabled
+; https://php.net/soap.wsdl-cache-enabled
soap.wsdl_cache_enabled=1
; Sets the directory name where SOAP extension will put cache files.
-; http://php.net/soap.wsdl-cache-dir
+; https://php.net/soap.wsdl-cache-dir
; RPM note : cache directory must be owned by process owner
; for mod_php, see /etc/httpd/conf.d/php.conf
@@ -1619,7 +1623,7 @@ soap.wsdl_cache_dir="/tmp"
; (time to live) Sets the number of second while cached file will be used
; instead of original one.
-; http://php.net/soap.wsdl-cache-ttl
+; https://php.net/soap.wsdl-cache-ttl
soap.wsdl_cache_ttl=86400
; Sets the size of the cache limit. (Max. number of WSDL files to cache)
diff --git a/php.spec b/php.spec
index ea067a9..c52f459 100644
--- a/php.spec
+++ b/php.spec
@@ -1,4 +1,4 @@
-# remirepo spec file for php80-php
+# remirepo spec file for php82-php
# with SCL and backport stuff, adapted from
#
# Fedora spec file for php
@@ -23,17 +23,17 @@
%endif
# API/ABI check
-%global apiver 20200930
-%global zendver 20200930
+%global apiver 20210903
+%global zendver 20210903
%global pdover 20170320
# Extension version
-%global oci8ver 3.0.1
+%global oci8ver 3.2.1
# Adds -z now to the linker flags
%global _hardened_build 1
# version used for php embedded library soname
-%global embed_version 8.0
+%global embed_version 8.2
# Ugly hack. Harcoded values to avoid relocation.
%global _httpd_mmn %(cat %{_root_includedir}/httpd/.mmn 2>/dev/null || echo 0)
@@ -102,6 +102,14 @@
# build with system libgd (gd-last in remi repo)
%bcond_without libgd
+# build with system tzdata (2021 required)
+%if 0%{?fedora} >= 33 || 0%{?rhel} >= 7
+%bcond_without tzdata
+%else
+%bcond_with tzdata
+%endif
+
+
# httpd 2.4.10 with httpd-filesystem and sethandler support
%if 0%{?fedora} >= 21 || 0%{?rhel} >= 8
%global with_httpd2410 1
@@ -109,17 +117,18 @@
%global with_httpd2410 0
%endif
-%global gh_commit 18f2ef094af2b1ad961408fbaf222b9448df2750
+%global gh_commit f080a90a884197c30688c7c61920dd881b531f66
%global gh_short %(c=%{gh_commit}; echo ${c:0:7})
-#global gh_date 20200615
+%global gh_date 20220511
%global gh_owner php
%global gh_project php-src
-%global upver 8.0.19
-#global rcver RC1
+%global upver 8.2.0
+%global rcver -dev
+%global lower DEV
Summary: PHP scripting language for creating dynamic web sites
Name: %{?scl_prefix}php
-Version: %{upver}%{?rcver:~%{rcver}}%{?gh_date:.%{gh_date}}
+Version: %{upver}%{?lower:~%{lower}}%{?gh_date:.%{gh_date}}
Release: 1%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
@@ -127,7 +136,8 @@ Release: 1%{?dist}
# main/snprintf.c, main/spprintf.c and main/rfc1867.c are ASL 1.0
# ext/date/lib is MIT
# Zend/zend_sort is NCSA
-License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA
+# Zend/asm is Boost
+License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA and Boost
URL: http://www.php.net/
%if 0%{?gh_date}
@@ -159,35 +169,24 @@ Source53: 20-ffi.ini
Patch1: php-7.4.0-httpd.patch
Patch5: php-7.2.0-includedir.patch
Patch6: php-8.0.0-embed.patch
-Patch8: php-7.4.0-libdb.patch
-# get rid of deprecated functions from 8.1
-Patch9: php-8.0.6-deprecated.patch
+Patch8: php-8.1.0-libdb.patch
# RHEL backports
Patch10: php-7.0.7-curl.patch
# Functional changes
# Use system nikic/php-parser
-Patch41: php-8.0.19-parser.patch
+Patch41: php-8.2.0-parser.patch
# use system tzdata
-Patch42: php-8.0.10-systzdata-v21.patch
+Patch43: php-8.1.0-systzdata-v22.patch
# See http://bugs.php.net/53436
-Patch43: php-7.4.0-phpize.patch
+Patch44: php-7.4.0-phpize.patch
# Use -lldap_r for OpenLDAP
Patch45: php-7.4.0-ldap_r.patch
# Ignore unsupported "threads" option on password_hash
Patch46: php-8.0.7-argon2.patch
# drop "Configure command" from phpinfo output
# and only use gcc (instead of full version)
-Patch47: php-8.0.0-phpinfo.patch
-# add sha256 / sha512 security protocol, from 8.1
-Patch48: php-8.0.10-snmp-sha.patch
-# switch phar to use sha256 signature by default, from 8.1
-# implement openssl_256 and openssl_512 for phar signatures, from 8.1
-Patch49: php-8.0.10-phar-sha.patch
-# compatibility with OpenSSL 3.0, from 8.1
-Patch50: php-8.0.10-openssl3.patch
-# use system libxcrypt, from 8.1
-Patch51: php-8.0.13-crypt.patch
+Patch47: php-8.1.0-phpinfo.patch
# RC Patch
Patch91: php-7.2.0-oci8conf.patch
@@ -214,7 +213,7 @@ BuildRequires: httpd-filesystem
%endif
BuildRequires: %{?dtsprefix}libstdc++-devel
# no pkgconfig to avoid compat-openssl10
-BuildRequires: openssl-devel >= 1.0.1
+BuildRequires: openssl-devel >= 1.0.2
BuildRequires: pkgconfig(sqlite3) >= 3.7.4
BuildRequires: pkgconfig(zlib) >= 1.2.0.4
BuildRequires: smtpdaemon
@@ -245,6 +244,9 @@ BuildRequires: re2c
%endif
# used for tests
BuildRequires: /bin/ps
+%if %{with tzdata}
+BuildRequires: tzdata
+%endif
Requires: httpd-mmn = %{_httpd_mmn}
Provides: %{?scl_prefix}mod_php = %{version}-%{release}
@@ -296,7 +298,7 @@ which adds support for the PHP language to system Apache HTTP Server.
%package cli
Summary: Command-line interface for PHP
# sapi/cli/ps_title.c is PostgreSQL
-License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA and PostgreSQL
+License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA and Boost and PostgreSQL
Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release}
Provides: %{?scl_prefix}php-cgi = %{version}-%{release}, %{?scl_prefix}php-cgi%{?_isa} = %{version}-%{release}
Provides: %{?scl_prefix}php-pcntl, %{?scl_prefix}php-pcntl%{?_isa}
@@ -319,6 +321,7 @@ The %{?scl_prefix}php-dbg package contains the interactive PHP debugger.
Summary: PHP FastCGI Process Manager
BuildRequires: libacl-devel
BuildRequires: pkgconfig(libsystemd) >= 209
+BuildRequires: pkgconfig(libselinux)
Requires(pre): %{_root_sbindir}/useradd
Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release}
%{?systemd_requires}
@@ -422,13 +425,13 @@ Requires: libtool
# see "php-config --libs"
Requires: krb5-devel%{?_isa}
Requires: libxml2-devel%{?_isa}
-Requires: openssl-devel%{?_isa} >= 1.0.1
+Requires: openssl-devel%{?_isa} >= 1.0.2
%if %{with libpcre}
Requires: pcre2-devel%{?_isa} >= 10.30
%endif
Requires: zlib-devel%{?_isa}
%if 0%{?fedora} || 0%{?rhel} >= 8
-Recommends: php-nikic-php-parser4 >= 4.13.0
+Recommends: php-nikic-php-parser4 >= 4.13.1
%endif
%description devel
@@ -460,7 +463,7 @@ License: PHP
Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release}
BuildRequires: pkgconfig(krb5)
BuildRequires: pkgconfig(krb5-gssapi)
-BuildRequires: openssl-devel >= 1.0.1
+BuildRequires: openssl-devel >= 1.0.2
BuildRequires: libc-client-devel
%description imap
@@ -476,7 +479,7 @@ License: PHP
Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release}
BuildRequires: pkgconfig(libsasl2)
BuildRequires: openldap-devel
-BuildRequires: openssl-devel >= 1.0.1
+BuildRequires: openssl-devel >= 1.0.2
%description ldap
The %{?scl_prefix}php-ldap package adds Lightweight Directory Access Protocol (LDAP)
@@ -530,7 +533,7 @@ Requires: %{?scl_prefix}php-pdo%{?_isa} = %{version}-%{release}
Provides: %{?scl_prefix}php_database
Provides: %{?scl_prefix}php-pdo_pgsql, %{?scl_prefix}php-pdo_pgsql%{?_isa}
BuildRequires: krb5-devel
-BuildRequires: openssl-devel >= 1.0.1
+BuildRequires: openssl-devel >= 1.0.2
BuildRequires: postgresql-devel
%description pgsql
@@ -721,6 +724,7 @@ BuildRequires: pkgconfig(libpng)
BuildRequires: pkgconfig(freetype2)
BuildRequires: pkgconfig(xpm)
BuildRequires: pkgconfig(libwebp)
+BuildRequires: pkgconfig(libavif)
Provides: bundled(gd) = 2.0.35
%endif
@@ -761,6 +765,7 @@ BuildRequires: lmdb-devel
%if %{with qdbm}
BuildRequires: qdbm-devel
%endif
+
Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release}
%description dba
@@ -942,29 +947,21 @@ in pure PHP.
%patch5 -p1 -b .includedir
%patch6 -p1 -b .embed
%patch8 -p1 -b .libdb
-%patch9 -p1 -b .deprecated
%if 0%{?rhel}
%patch10 -p1 -b .curltls
%endif
%patch41 -p1 -b .syslib
-%if 0%{?fedora} >= 30 || 0%{?rhel} >= 6
-%patch42 -p1 -b .systzdata
+%if %{with tzdata}
+%patch43 -p1 -b .systzdata
%endif
-%patch43 -p1 -b .headers
+%patch44 -p1 -b .headers
sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
%patch45 -p1 -b .ldap_r
%endif
%patch46 -p1 -b .argon2
%patch47 -p1 -b .phpinfo
-%patch48 -p1 -b .sha
-%patch49 -p1 -b .pharsha
-%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9
-%patch50 -p1 -b .openssl3
-rm ext/openssl/tests/p12_with_extra_certs.p12
-%endif
-%patch51 -p1 -b .libxcrypt
%patch91 -p1 -b .remi-oci8
@@ -979,6 +976,7 @@ rm ext/openssl/tests/p12_with_extra_certs.p12
# Prevent %%doc confusion over LICENSE files
cp Zend/LICENSE ZEND_LICENSE
+cp Zend/asm/LICENSE BOOST_LICENSE
cp TSRM/LICENSE TSRM_LICENSE
cp sapi/fpm/LICENSE fpm_LICENSE
cp ext/mbstring/libmbfl/LICENSE libmbfl_LICENSE
@@ -995,12 +993,9 @@ mkdir \
# ----- Manage known as failed test -------
# affected by systzdata patch
+%if %{with tzdata}
rm ext/date/tests/timezone_location_get.phpt
-%if 0%{?fedora} < 28
-# need tzdata 2018i
-rm ext/date/tests/bug33414-1.phpt
-rm ext/date/tests/bug33415-2.phpt
-rm ext/date/tests/date_modify-1.phpt
+rm ext/date/tests/bug80963.phpt
%endif
# too fast builder
rm ext/date/tests/bug73837.phpt
@@ -1181,7 +1176,7 @@ ln -sf ../configure
--with-layout=GNU \
--with-kerberos \
--with-libxml \
-%if 0%{?fedora} >= 28 || 0%{?rhel} >= 6
+%if %{with tzdata}
--with-system-tzdata \
%endif
--with-mhash \
@@ -1325,6 +1320,7 @@ popd
pushd build-fpm
build --enable-fpm \
--with-fpm-systemd \
+ --with-fpm-selinux \
--with-fpm-acl \
--libdir=%{_libdir}/php \
--without-mysqli \
@@ -1706,7 +1702,7 @@ fi
%files common -f files.common
%doc EXTENSIONS NEWS UPGRADING* README.REDIST.BINS *md docs
-%license LICENSE TSRM_LICENSE ZEND_LICENSE
+%license LICENSE TSRM_LICENSE ZEND_LICENSE BOOST_LICENSE
%license libmagic_LICENSE
%license timelib_LICENSE
%doc php.ini-*
@@ -1846,107 +1842,129 @@ fi
%changelog
-* Tue May 10 2022 Remi Collet <remi@remirepo.net> - 8.0.19-1
-- Update to 8.0.19 - http://www.php.net/releases/8_0_19.php
+* Wed May 11 2022 Remi Collet <remi@remirepo.net> - 8.2.0~DEV.20220511-1
+- update to 8.2.0-dev
+- add dependency on libselinux
+
+* Wed May 11 2022 Remi Collet <remi@remirepo.net> - 8.1.6-1
+- Update to 8.1.6 - http://www.php.net/releases/8_1_6.php
- use oracle client library version 21.6
-* Tue Apr 26 2022 Remi Collet <remi@remirepo.net> - 8.0.19~RC1-1
-- update to 8.0.19RC1
+* Wed Apr 27 2022 Remi Collet <remi@remirepo.net> - 8.1.6~RC1-1
+- update to 8.1.6RC1
-* Wed Apr 13 2022 Remi Collet <remi@remirepo.net> - 8.0.18-1
-- Update to 8.0.18 - http://www.php.net/releases/8_0_18.php
+* Wed Apr 13 2022 Remi Collet <remi@remirepo.net> - 8.1.5-1
+- Update to 8.1.5 - http://www.php.net/releases/8_1_5.php
-* Thu Mar 31 2022 Remi Collet <remi@remirepo.net> - 8.0.18~RC1-1
-- update to 8.0.18RC1
+* Fri Apr 1 2022 Remi Collet <remi@remirepo.net> - 8.1.5~RC1-1
+- update to 8.1.5RC1
-* Tue Mar 15 2022 Remi Collet <remi@remirepo.net> - 8.0.17-1
-- Update to 8.0.17 - http://www.php.net/releases/8_0_17.php
+* Wed Mar 16 2022 Remi Collet <remi@remirepo.net> - 8.1.4-1
+- Update to 8.1.4 - http://www.php.net/releases/8_1_4.php
-* Wed Mar 2 2022 Remi Collet <remi@remirepo.net> - 8.0.17~RC1-1
-- update to 8.0.17RC1
+* Thu Mar 3 2022 Remi Collet <remi@remirepo.net> - 8.1.4~RC1-1
+- update to 8.1.4RC1
-* Tue Feb 22 2022 Remi Collet <remi@remirepo.net> - 8.0.16-2
+* Tue Feb 22 2022 Remi Collet <remi@remirepo.net> - 8.1.3-2
- retrieve tzdata version
- use oracle client library version 21.5
-* Wed Feb 16 2022 Remi Collet <remi@remirepo.net> - 8.0.16-1
-- Update to 8.0.16 - http://www.php.net/releases/8_0_16.php
+* Wed Feb 16 2022 Remi Collet <remi@remirepo.net> - 8.1.3-1
+- Update to 8.1.3 - http://www.php.net/releases/8_1_3.php
-* Thu Feb 3 2022 Remi Collet <remi@remirepo.net> - 8.0.16~RC1-1
-- update to 8.0.16RC1
+* Tue Feb 8 2022 Remi Collet <remi@remirepo.net> - 8.1.3~RC1-2
+- fix GH-8059 arginfo not regenerated for extension
-* Tue Jan 18 2022 Remi Collet <remi@remirepo.net> - 8.0.15-1
-- Update to 8.0.15 - http://www.php.net/releases/8_0_15.php
+* Thu Feb 3 2022 Remi Collet <remi@remirepo.net> - 8.1.3~RC1-1
+- update to 8.1.3RC1
-* Wed Jan 5 2022 Remi Collet <remi@remirepo.net> - 8.0.15~RC1-1
-- update to 8.0.15RC1
+* Wed Jan 19 2022 Remi Collet <remi@remirepo.net> - 8.1.2-1
+- Update to 8.1.2 - http://www.php.net/releases/8_1_2.php
+- Fix GH-7899 Regression in unpack for negative int value
+- Fix GH-7883 Segfault when INI file is not readable
-* Thu Dec 16 2021 Remi Collet <remi@remirepo.net> - 8.0.14-1
-- Update to 8.0.14 - http://www.php.net/releases/8_0_14.php
+* Wed Jan 5 2022 Remi Collet <remi@remirepo.net> - 8.1.2~RC1-1
+- update to 8.1.2RC1
-* Thu Dec 2 2021 Remi Collet <remi@remirepo.net> - 8.0.14~RC1-2
-- ensure we use libgd >= 2.3
+* Wed Dec 15 2021 Remi Collet <remi@remirepo.net> - 8.1.1-1
+- Update to 8.1.1 - http://www.php.net/releases/8_1_1.php
-* Thu Dec 2 2021 Remi Collet <remi@remirepo.net> - 8.0.14~RC1-1
-- update to 8.0.14RC1
+* Thu Dec 2 2021 Remi Collet <remi@remirepo.net> - 8.1.1~RC1-1
+- update to 8.1.1RC1
- use oracle client library version 21.4
+- ensure libgd 2.3 is used
-* Wed Nov 17 2021 Remi Collet <remi@remirepo.net> - 8.0.13-1
-- Update to 8.0.13 - http://www.php.net/releases/8_0_13.php
+* Wed Nov 24 2021 Remi Collet <remi@remirepo.net> - 8.1.0-1
+- update to 8.1.0 GA
-* Wed Nov 3 2021 Remi Collet <remi@remirepo.net> - 8.0.13~RC1-1
-- update to 8.0.13RC1
+* Wed Nov 10 2021 Remi Collet <remi@remirepo.net> - 8.1.0~rc6-1
+- update to 8.1.0RC6
-* Tue Oct 26 2021 Remi Collet <remi@remirepo.net> - 8.0.12-3
+* Tue Oct 26 2021 Remi Collet <remi@remirepo.net> - 8.1.0~rc5-1
+- update to 8.1.0RC5
+- build using system libxcrypt (Fedora only)
+
+* Tue Oct 26 2021 Remi Collet <remi@remirepo.net> - 8.1.0~rc4-2
- dba: enable qdbm backend
-* Tue Oct 26 2021 Remi Collet <remi@remirepo.net> - 8.0.12-2
-- add patch for OpenSSL 3.0 on F36 and EL9
+* Wed Oct 13 2021 Remi Collet <remi@remirepo.net> - 8.1.0~rc4-1
+- update to 8.1.0RC4
+
+* Fri Oct 1 2021 Remi Collet <remi@remirepo.net> - 8.1.0~rc3-3
+- rebuild using ICU 69
-* Tue Oct 19 2021 Remi Collet <remi@remirepo.net> - 8.0.12-1
-- Update to 8.0.12 - http://www.php.net/releases/8_0_12.php
+* Wed Sep 29 2021 Remi Collet <remi@remirepo.net> - 8.1.0~rc3-1
+- update to 8.1.0RC3
-* Mon Oct 18 2021 Remi Collet <remi@remirepo.net> - 8.0.12~RC1-2
-- build using system libxcrypt (Fedora)
+* Sat Sep 18 2021 Remi Collet <remi@remirepo.net> - 8.1.0~rc2-1
+- update to 8.1.0RC2
+- use oracle client library version 21.3
-* Wed Oct 6 2021 Remi Collet <remi@remirepo.net> - 8.0.12~RC1-1
-- update to 8.0.12RC1
-- use libicu version 69
+* Wed Sep 1 2021 Remi Collet <remi@remirepo.net> - 8.1.0~rc1-2
+- rebuild with new sources
-* Wed Sep 22 2021 Remi Collet <remi@remirepo.net> - 8.0.11-1
-- Update to 8.0.11 - http://www.php.net/releases/8_0_11.php
+* Wed Sep 1 2021 Remi Collet <remi@remirepo.net> - 8.1.0~rc1-1
+- update to 8.1.0RC1
+- bump API version
-* Tue Sep 7 2021 Remi Collet <remi@remirepo.net> - 8.0.11~RC1-1
-- update to 8.0.11RC1
-- use oracle client library version 21.3
+* Mon Aug 23 2021 Remi Collet <remi@remirepo.net> - 8.1.0~beta3-1
+- update to 8.1.0beta3
+
+* Mon Aug 9 2021 Remi Collet <remi@remirepo.net> - 8.1.0~DEV.20210809-1
+- test build
+
+* Tue Aug 3 2021 Remi Collet <remi@remirepo.net> - 8.1.0~beta2-1
+- update to 8.1.0beta2
+- oci8 version is now 3.1.0
-* Tue Aug 24 2021 Remi Collet <remi@remirepo.net> - 8.0.10-1
-- Update to 8.0.10 - http://www.php.net/releases/8_0_10.php
+* Wed Jul 21 2021 Remi Collet <remi@remirepo.net> - 8.1.0~beta1-1
+- update to 8.1.0beta1
-* Wed Aug 11 2021 Remi Collet <remi@remirepo.net> - 8.0.10~RC1-2
-- phar: switch to sha256 signature by default, backported from 8.1
-- phar: implement openssl_256 and openssl_512 for signatures, backported from 8.1
-- snmp: add sha256 / sha512 security protocol, backported from 8.1
+* Tue Jul 6 2021 Remi Collet <remi@remirepo.net> - 8.1.0~alpha3-1
+- update to 8.1.0alpha3
-* Tue Aug 10 2021 Remi Collet <remi@remirepo.net> - 8.0.10~RC1-1
-- update to 8.0.10RC1
-- adapt systzdata patch for timelib 2020.03 (v20)
+* Tue Jun 22 2021 Remi Collet <remi@remirepo.net> - 8.1.0~alpha2-1
+- update to 8.1.0alpha2
-* Tue Aug 3 2021 Remi Collet <remi@remirepo.net> - 8.0.9-2
-- add upstream patch for https://bugs.php.net/81325 segfault in simplexml
+* Tue Jun 22 2021 Remi Collet <remi@remirepo.net> - 8.1.0~alpha2-0
+- test build for upcoming 8.1.0alpha2
+- fix build for missing public API using patch from
+ https://github.com/php/php-src/pull/7185
-* Thu Jul 29 2021 Remi Collet <remi@remirepo.net> - 8.0.9-1
-- Update to 8.0.9 - http://www.php.net/releases/8_0_9.php
+* Wed Jun 9 2021 Remi Collet <remi@remirepo.net> - 8.1.0~alpha1-1
+- update to 8.1.0alpha1
-* Tue Jul 13 2021 Remi Collet <remi@remirepo.net> - 8.0.9~RC1-1
-- update to 8.0.9RC1
+* Tue Jun 8 2021 Remi Collet <remi@remirepo.net> - 8.1.0~DEV.20210608-2
+- apply timelib fix for empty POSIX string in older TZif2 files
+- switch back to system tzdata on EL-7
-* Tue Jun 29 2021 Remi Collet <remi@remirepo.net> - 8.0.8-1
-- Update to 8.0.8 - http://www.php.net/releases/8_0_8.php
+* Tue Jun 8 2021 Remi Collet <remi@remirepo.net> - 8.1.0~DEV.20210608-1
+- new build
+- ignore unsupported "threads" options in password_hash
+- temporarily use bundled tzdata on EL-7
-* Tue Jun 15 2021 Remi Collet <remi@remirepo.net> - 8.0.8~RC1-1
-- update to 8.0.8RC1
-- ignore unsupported "threads" option on password_hash
+* Fri Jun 4 2021 Remi Collet <remi@remirepo.net> - 8.1.0~DEV.20210604-1
+- update to 8.1.0-dev
* Wed Jun 2 2021 Remi Collet <remi@remirepo.net> - 8.0.7-1
- Update to 8.0.7 - http://www.php.net/releases/8_0_7.php