From 16bfe8481842870229de0c47d55091cef3d2e6ad Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 24 Jul 2023 11:10:59 +0200 Subject: openssl: always warn about missing curve_name --- php-8.3.0-openssl-ec-param.patch | 47 ++++++++++++++++++++++++++++++++++++++++ php.spec | 12 +++++++++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 php-8.3.0-openssl-ec-param.patch diff --git a/php-8.3.0-openssl-ec-param.patch b/php-8.3.0-openssl-ec-param.patch new file mode 100644 index 0000000..cd3658a --- /dev/null +++ b/php-8.3.0-openssl-ec-param.patch @@ -0,0 +1,47 @@ +From 21f9d16e130b412b6839494dcf30a2f1d7dcee0f Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Mon, 24 Jul 2023 10:54:49 +0200 +Subject: [PATCH] Always warn about missing curve_name + +Both Fedora and RHEL do not support arbitrary EC parameters +See https://bugzilla.redhat.com/2223953 +--- + ext/openssl/openssl.c | 13 ++----------- + 1 file changed, 2 insertions(+), 11 deletions(-) + +diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c +index 33f51bfa4d..340b0467d3 100644 +--- a/ext/openssl/openssl.c ++++ b/ext/openssl/openssl.c +@@ -4299,13 +4299,8 @@ static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_ + OPENSSL_PKEY_SET_BN(data, b); + OPENSSL_PKEY_SET_BN(data, order); + ++ php_error_docref(NULL, E_WARNING, "Missing params: curve_name"); + if (!(p && a && b && order)) { +- if (!p && !a && !b && !order) { +- php_error_docref(NULL, E_WARNING, "Missing params: curve_name"); +- } else { +- php_error_docref( +- NULL, E_WARNING, "Missing params: curve_name or p, a, b, order"); +- } + goto clean_exit; + } + +@@ -4455,12 +4450,8 @@ static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) { + OPENSSL_PKEY_SET_BN(data, b); + OPENSSL_PKEY_SET_BN(data, order); + ++ php_error_docref(NULL, E_WARNING, "Missing params: curve_name"); + if (!(p && a && b && order)) { +- if (!p && !a && !b && !order) { +- php_error_docref(NULL, E_WARNING, "Missing params: curve_name"); +- } else { +- php_error_docref(NULL, E_WARNING, "Missing params: curve_name or p, a, b, order"); +- } + goto cleanup; + } + +-- +2.41.0 + diff --git a/php.spec b/php.spec index d294502..93602e1 100644 --- a/php.spec +++ b/php.spec @@ -130,7 +130,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?lower:~%{lower}}%{?gh_date:.%{gh_date}} -Release: 1%{?dist} +Release: 2%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -188,6 +188,9 @@ Patch46: php-8.0.7-argon2.patch # drop "Configure command" from phpinfo output # and only use gcc (instead of full version) Patch47: php-8.1.0-phpinfo.patch +# Always warn about missing curve_name +# Both Fedora and RHEL do not support arbitrary EC parameters +Patch48: php-8.3.0-openssl-ec-param.patch # RC Patch Patch91: php-7.2.0-oci8conf.patch @@ -970,6 +973,7 @@ sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in %patch -P45 -p1 -b .ldap_r %patch -P46 -p1 -b .argon2 %patch -P47 -p1 -b .phpinfo +%patch -P48 -p1 -b .ec-param %patch -P91 -p1 -b .remi-oci8 @@ -1022,6 +1026,9 @@ rm Zend/tests/bug68412.phpt rm sapi/cli/tests/upload_2G.phpt # tar issue rm ext/zlib/tests/004-mb.phpt +# Both Fedora and RHEL do not support arbitrary EC parameters +# https://bugzilla.redhat.com/2223953 +rm ext/openssl/tests/ecc_custom_params.phpt # Safety check for API version change. pver=$(sed -n '/#define PHP_VERSION /{s/.* "//;s/".*$//;p}' main/php_version.h) @@ -1855,6 +1862,9 @@ fi %changelog +* Mon Jul 24 2023 Remi Collet - 8.3.0~beta1-2 +- openssl: always warn about missing curve_name + * Wed Jul 19 2023 Remi Collet - 8.3.0~beta1-1 - update to 8.3.0beta1 -- cgit