Use custom OpenSSL libctx in md and cipher handling code (#18516)

2025-08-16 05:58:45 +02:00 · 2025-06-04 17:46:00 +01:00 · 2025-06-04 17:46:00 +01:00 · 2f5ef4d2b7
commit 2f5ef4d2b7
parent f46f42b2b2
5 changed files with 252 additions and 114 deletions
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@ -583,7 +583,7 @@ PHP_FUNCTION(openssl_spki_new)
 	zval *zpkey = NULL;
 	EVP_PKEY *pkey = NULL;
 	NETSCAPE_SPKI *spki=NULL;
-	const EVP_MD *mdtype;
+	const EVP_MD *mdtype = NULL;
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "Os|l", &zpkey, php_openssl_pkey_ce, &challenge, &challenge_len, &algo) == FAILURE) {
 		RETURN_THROWS();
@ -647,6 +647,7 @@ PHP_FUNCTION(openssl_spki_new)
 	goto cleanup;
 cleanup:
 	php_openssl_release_evp_md(mdtype);
 	EVP_PKEY_free(pkey);
 	if (spki != NULL) {
 		NETSCAPE_SPKI_free(spki);
@ -1821,7 +1822,6 @@ cleanup:
 		X509_free(new_cert);
 	}
 	PHP_SSL_REQ_DISPOSE(&req);
 	EVP_PKEY_free(priv_key);
 	EVP_PKEY_free(key);
 	if (csr_str) {
@ -1830,6 +1830,7 @@ cleanup:
 	if (cert_str && cert && cert != new_cert) {
 		X509_free(cert);
 	}
 	PHP_SSL_REQ_DISPOSE(&req);
 }
 /* }}} */
@ -2104,7 +2105,8 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
 	}
 	if (!php_openssl_check_path(filename, filename_len, file_path, 2)) {
-		goto clean_exit_key;
+		EVP_PKEY_free(key);
 		return;
 	}
 	PHP_SSL_REQ_INIT(&req);
@ -2139,10 +2141,9 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
 	}
 clean_exit:
 	PHP_SSL_REQ_DISPOSE(&req);
 	BIO_free(bio_out);
 clean_exit_key:
 	EVP_PKEY_free(key);
 	PHP_SSL_REQ_DISPOSE(&req);
 }
 /* }}} */
@ -2204,9 +2205,9 @@ PHP_FUNCTION(openssl_pkey_export)
 			php_openssl_store_errors();
 		}
 	}
 	PHP_SSL_REQ_DISPOSE(&req);
 	EVP_PKEY_free(key);
 	BIO_free(bio_out);
 	PHP_SSL_REQ_DISPOSE(&req);
 }
 /* }}} */
@ -2686,6 +2687,7 @@ clean_exit:
 	if (recipcerts) {
 		sk_X509_pop_free(recipcerts, X509_free);
 	}
 	php_openssl_release_evp_cipher(cipher);
 }
 /* }}} */
@ -3334,6 +3336,7 @@ clean_exit:
 	if (recipcerts) {
 		sk_X509_pop_free(recipcerts, X509_free);
 	}
 	php_openssl_release_evp_cipher(cipher);
 }
 /* }}} */
@ -3969,7 +3972,7 @@ PHP_FUNCTION(openssl_sign)
 	}
 	if (method_str) {
-		mdtype = EVP_get_digestbyname(ZSTR_VAL(method_str));
+		mdtype = php_openssl_get_evp_md_by_name(ZSTR_VAL(method_str));
 	} else {
 		mdtype = php_openssl_get_evp_md_from_algo(method_long);
 	}
@ -3996,6 +3999,7 @@ PHP_FUNCTION(openssl_sign)
 		RETVAL_FALSE;
 	}
 	EVP_MD_CTX_destroy(md_ctx);
 	php_openssl_release_evp_md(mdtype);
 	EVP_PKEY_free(pkey);
 }
 /* }}} */
@ -4027,7 +4031,7 @@ PHP_FUNCTION(openssl_verify)
 	PHP_OPENSSL_CHECK_SIZE_T_TO_UINT(signature_len, signature, 2);
 	if (method_str) {
-		mdtype = EVP_get_digestbyname(ZSTR_VAL(method_str));
+		mdtype = php_openssl_get_evp_md_by_name(ZSTR_VAL(method_str));
 	} else {
 		mdtype = php_openssl_get_evp_md_from_algo(method_long);
 	}
@ -4041,6 +4045,7 @@ PHP_FUNCTION(openssl_verify)
 		if (!EG(exception)) {
 			php_error_docref(NULL, E_WARNING, "Supplied key param cannot be coerced into a public key");
 		}
 		php_openssl_release_evp_md(mdtype);
 		RETURN_FALSE;
 	}
@ -4051,6 +4056,7 @@ PHP_FUNCTION(openssl_verify)
 		php_openssl_store_errors();
 	}
 	EVP_MD_CTX_destroy(md_ctx);
 	php_openssl_release_evp_md(mdtype);
 	EVP_PKEY_free(pkey);
 	RETURN_LONG(err);
 }
@ -4323,7 +4329,7 @@ PHP_FUNCTION(openssl_digest)
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss|b", &data, &data_len, &method, &method_len, &raw_output) == FAILURE) {
 		RETURN_THROWS();
 	}
-	mdtype = EVP_get_digestbyname(method);
+	mdtype = php_openssl_get_evp_md_by_name(method);
 	if (!mdtype) {
 		php_error_docref(NULL, E_WARNING, "Unknown digest algorithm");
 		RETURN_FALSE;
@ -4356,6 +4362,7 @@ PHP_FUNCTION(openssl_digest)
 	}
 	EVP_MD_CTX_destroy(md_ctx);
 	php_openssl_release_evp_md(mdtype);
 }
 /* }}} */
--- a/ext/openssl/openssl_backend_common.c
+++ b/ext/openssl/openssl_backend_common.c
@ -369,11 +369,11 @@ int php_openssl_parse_config(struct php_x509_request * req, zval * optional_args
 		if (strcmp(req->digest_name, "null") == 0) {
 			req->digest = req->md_alg = EVP_md_null();
 		} else {
-			req->digest = req->md_alg = EVP_get_digestbyname(req->digest_name);
+			req->digest = req->md_alg = php_openssl_get_evp_md_by_name(req->digest_name);
 		}
 	}
 	if (req->md_alg == NULL) {
-		req->md_alg = req->digest = EVP_sha1();
+		req->md_alg = req->digest = php_openssl_get_evp_md_by_name("sha1");
 		php_openssl_store_errors();
 	}
@ -417,6 +417,10 @@ void php_openssl_dispose_config(struct php_x509_request * req)
 		NCONF_free(req->req_config);
 		req->req_config = NULL;
 	}
 	if (req->md_alg != NULL && req->md_alg != EVP_md_null()) {
 		php_openssl_release_evp_md(req->md_alg);
 	}
 	php_openssl_release_evp_cipher(req->priv_key_encrypt_cipher);
 }
 zend_result php_openssl_load_rand_file(const char * file, int *egdsocket, int *seeded)
@ -469,92 +473,6 @@ zend_result php_openssl_write_rand_file(const char * file, int egdsocket, int se
 	return SUCCESS;
 }
 EVP_MD * php_openssl_get_evp_md_from_algo(zend_long algo) {
 	EVP_MD *mdtype;
 	switch (algo) {
 		case OPENSSL_ALGO_SHA1:
 			mdtype = (EVP_MD *) EVP_sha1();
 			break;
 		case OPENSSL_ALGO_MD5:
 			mdtype = (EVP_MD *) EVP_md5();
 			break;
 #ifndef OPENSSL_NO_MD4
 		case OPENSSL_ALGO_MD4:
 			mdtype = (EVP_MD *) EVP_md4();
 			break;
 #endif
 #ifndef OPENSSL_NO_MD2
 		case OPENSSL_ALGO_MD2:
 			mdtype = (EVP_MD *) EVP_md2();
 			break;
 #endif
 		case OPENSSL_ALGO_SHA224:
 			mdtype = (EVP_MD *) EVP_sha224();
 			break;
 		case OPENSSL_ALGO_SHA256:
 			mdtype = (EVP_MD *) EVP_sha256();
 			break;
 		case OPENSSL_ALGO_SHA384:
 			mdtype = (EVP_MD *) EVP_sha384();
 			break;
 		case OPENSSL_ALGO_SHA512:
 			mdtype = (EVP_MD *) EVP_sha512();
 			break;
 #ifndef OPENSSL_NO_RMD160
 		case OPENSSL_ALGO_RMD160:
 			mdtype = (EVP_MD *) EVP_ripemd160();
 			break;
 #endif
 		default:
 			return NULL;
 			break;
 	}
 	return mdtype;
 }
 const EVP_CIPHER * php_openssl_get_evp_cipher_from_algo(zend_long algo) {
 	switch (algo) {
 #ifndef OPENSSL_NO_RC2
 		case PHP_OPENSSL_CIPHER_RC2_40:
 			return EVP_rc2_40_cbc();
 			break;
 		case PHP_OPENSSL_CIPHER_RC2_64:
 			return EVP_rc2_64_cbc();
 			break;
 		case PHP_OPENSSL_CIPHER_RC2_128:
 			return EVP_rc2_cbc();
 			break;
 #endif
 #ifndef OPENSSL_NO_DES
 		case PHP_OPENSSL_CIPHER_DES:
 			return EVP_des_cbc();
 			break;
 		case PHP_OPENSSL_CIPHER_3DES:
 			return EVP_des_ede3_cbc();
 			break;
 #endif
 #ifndef OPENSSL_NO_AES
 		case PHP_OPENSSL_CIPHER_AES_128_CBC:
 			return EVP_aes_128_cbc();
 			break;
 		case PHP_OPENSSL_CIPHER_AES_192_CBC:
 			return EVP_aes_192_cbc();
 			break;
 		case PHP_OPENSSL_CIPHER_AES_256_CBC:
 			return EVP_aes_256_cbc();
 			break;
 #endif
 		default:
 			return NULL;
 			break;
 	}
 }
 void php_openssl_backend_init(void)
 {
 #ifdef LIBRESSL_VERSION_NUMBER
@ -1932,7 +1850,7 @@ PHP_OPENSSL_API zend_string* php_openssl_encrypt(
 	PHP_OPENSSL_CHECK_LONG_TO_INT_NULL_RETURN(tag_len, tag_len);
-	cipher_type = EVP_get_cipherbyname(method);
+	cipher_type = php_openssl_get_evp_cipher_by_name(method);
 	if (!cipher_type) {
 		php_error_docref(NULL, E_WARNING, "Unknown cipher algorithm");
 		return NULL;
@ -1940,6 +1858,7 @@ PHP_OPENSSL_API zend_string* php_openssl_encrypt(
 	cipher_ctx = EVP_CIPHER_CTX_new();
 	if (!cipher_ctx) {
 		php_openssl_release_evp_cipher(cipher_type);
 		php_error_docref(NULL, E_WARNING, "Failed to create cipher context");
 		return NULL;
 	}
@ -1998,6 +1917,7 @@ PHP_OPENSSL_API zend_string* php_openssl_encrypt(
 	}
 	EVP_CIPHER_CTX_reset(cipher_ctx);
 	EVP_CIPHER_CTX_free(cipher_ctx);
 	php_openssl_release_evp_cipher(cipher_type);
 	return outbuf;
 }
@ -2024,7 +1944,7 @@ PHP_OPENSSL_API zend_string* php_openssl_decrypt(
 	PHP_OPENSSL_CHECK_SIZE_T_TO_INT_NULL_RETURN(tag_len, tag);
-	cipher_type = EVP_get_cipherbyname(method);
+	cipher_type = php_openssl_get_evp_cipher_by_name(method);
 	if (!cipher_type) {
 		php_error_docref(NULL, E_WARNING, "Unknown cipher algorithm");
 		return NULL;
@ -2032,6 +1952,7 @@ PHP_OPENSSL_API zend_string* php_openssl_decrypt(
 	cipher_ctx = EVP_CIPHER_CTX_new();
 	if (!cipher_ctx) {
 		php_openssl_release_evp_cipher(cipher_type);
 		php_error_docref(NULL, E_WARNING, "Failed to create cipher context");
 		return NULL;
 	}
@ -2077,14 +1998,15 @@ PHP_OPENSSL_API zend_string* php_openssl_decrypt(
 	}
 	EVP_CIPHER_CTX_reset(cipher_ctx);
 	EVP_CIPHER_CTX_free(cipher_ctx);
 	php_openssl_release_evp_cipher(cipher_type);
 	return outbuf;
 }
-const EVP_CIPHER *php_openssl_get_evp_cipher_by_name(const char *method)
+const EVP_CIPHER *php_openssl_get_evp_cipher_by_name_with_warning(const char *method)
 {
 	const EVP_CIPHER *cipher_type;
-	cipher_type = EVP_get_cipherbyname(method);
+	cipher_type = php_openssl_get_evp_cipher_by_name(method);
 	if (!cipher_type) {
 		php_error_docref(NULL, E_WARNING, "Unknown cipher algorithm");
 		return NULL;
@ -2096,16 +2018,26 @@ const EVP_CIPHER *php_openssl_get_evp_cipher_by_name(const char *method)
 PHP_OPENSSL_API zend_long php_openssl_cipher_iv_length(const char *method)
 {
-	const EVP_CIPHER *cipher_type = php_openssl_get_evp_cipher_by_name(method);
+	const EVP_CIPHER *cipher_type = php_openssl_get_evp_cipher_by_name_with_warning(method);
 	if (cipher_type == NULL) {
 		return -1;
 	}
 	int iv_length = EVP_CIPHER_iv_length(cipher_type);
 	php_openssl_release_evp_cipher(cipher_type);
-	return cipher_type == NULL ? -1 : EVP_CIPHER_iv_length(cipher_type);
+	return iv_length;
 }
 PHP_OPENSSL_API zend_long php_openssl_cipher_key_length(const char *method)
 {
-	const EVP_CIPHER *cipher_type = php_openssl_get_evp_cipher_by_name(method);
+	const EVP_CIPHER *cipher_type = php_openssl_get_evp_cipher_by_name_with_warning(method);
 	if (cipher_type == NULL) {
 		return -1;
 	}
 	int key_length = EVP_CIPHER_key_length(cipher_type);
 	php_openssl_release_evp_cipher(cipher_type);
-	return cipher_type == NULL ? -1 : EVP_CIPHER_key_length(cipher_type);
+	return key_length;
 }
 PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long buffer_length)
--- a/ext/openssl/openssl_backend_v1.c
+++ b/ext/openssl/openssl_backend_v1.c
@ -561,6 +561,114 @@ zend_string *php_openssl_dh_compute_key(EVP_PKEY *pkey, char *pub_str, size_t pu
 	return data;
 }
 const EVP_MD *php_openssl_get_evp_md_by_name(const char *name)
 {
 	return EVP_get_digestbyname(name);
 }
 const EVP_MD *php_openssl_get_evp_md_from_algo(zend_long algo)
 {
 	EVP_MD *mdtype;
 	switch (algo) {
 		case OPENSSL_ALGO_SHA1:
 			mdtype = (EVP_MD *) EVP_sha1();
 			break;
 		case OPENSSL_ALGO_MD5:
 			mdtype = (EVP_MD *) EVP_md5();
 			break;
 #ifndef OPENSSL_NO_MD4
 		case OPENSSL_ALGO_MD4:
 			mdtype = (EVP_MD *) EVP_md4();
 			break;
 #endif
 #ifndef OPENSSL_NO_MD2
 		case OPENSSL_ALGO_MD2:
 			mdtype = (EVP_MD *) EVP_md2();
 			break;
 #endif
 		case OPENSSL_ALGO_SHA224:
 			mdtype = (EVP_MD *) EVP_sha224();
 			break;
 		case OPENSSL_ALGO_SHA256:
 			mdtype = (EVP_MD *) EVP_sha256();
 			break;
 		case OPENSSL_ALGO_SHA384:
 			mdtype = (EVP_MD *) EVP_sha384();
 			break;
 		case OPENSSL_ALGO_SHA512:
 			mdtype = (EVP_MD *) EVP_sha512();
 			break;
 #ifndef OPENSSL_NO_RMD160
 		case OPENSSL_ALGO_RMD160:
 			mdtype = (EVP_MD *) EVP_ripemd160();
 			break;
 #endif
 		default:
 			return NULL;
 			break;
 	}
 	return mdtype;
 }
 void php_openssl_release_evp_md(const EVP_MD *md)
 {
 	// Do nothing as MD is static
 }
 const EVP_CIPHER *php_openssl_get_evp_cipher_by_name(const char *name)
 {
 	return EVP_get_cipherbyname(name);
 }
 const EVP_CIPHER *php_openssl_get_evp_cipher_from_algo(zend_long algo)
 {
 	switch (algo) {
 #ifndef OPENSSL_NO_RC2
 		case PHP_OPENSSL_CIPHER_RC2_40:
 			return EVP_rc2_40_cbc();
 			break;
 		case PHP_OPENSSL_CIPHER_RC2_64:
 			return EVP_rc2_64_cbc();
 			break;
 		case PHP_OPENSSL_CIPHER_RC2_128:
 			return EVP_rc2_cbc();
 			break;
 #endif
 #ifndef OPENSSL_NO_DES
 		case PHP_OPENSSL_CIPHER_DES:
 			return EVP_des_cbc();
 			break;
 		case PHP_OPENSSL_CIPHER_3DES:
 			return EVP_des_ede3_cbc();
 			break;
 #endif
 #ifndef OPENSSL_NO_AES
 		case PHP_OPENSSL_CIPHER_AES_128_CBC:
 			return EVP_aes_128_cbc();
 			break;
 		case PHP_OPENSSL_CIPHER_AES_192_CBC:
 			return EVP_aes_192_cbc();
 			break;
 		case PHP_OPENSSL_CIPHER_AES_256_CBC:
 			return EVP_aes_256_cbc();
 			break;
 #endif
 		default:
 			return NULL;
 			break;
 	}
 }
 void php_openssl_release_evp_cipher(const EVP_CIPHER *cipher)
 {
 	// Do nothing as the cipher is static
 }
 void php_openssl_get_cipher_methods(zval *return_value, bool aliases)
 {
 	array_init(return_value);
--- a/ext/openssl/openssl_backend_v3.c
+++ b/ext/openssl/openssl_backend_v3.c
@ -696,6 +696,89 @@ zend_string *php_openssl_dh_compute_key(EVP_PKEY *pkey, char *pub_str, size_t pu
 	return result;
 }
 const EVP_MD *php_openssl_get_evp_md_by_name(const char *name)
 {
 	return EVP_MD_fetch(OPENSSL_G(libctx), name, OPENSSL_G(propq));
 }
 static const char *php_openssl_digest_names[] = {
 	[OPENSSL_ALGO_SHA1]   = "SHA1",
 	[OPENSSL_ALGO_MD5]    = "MD5",
 #ifndef OPENSSL_NO_MD4
 	[OPENSSL_ALGO_MD4]    = "MD4",
 #endif
 #ifndef OPENSSL_NO_MD2
 	[OPENSSL_ALGO_MD2]    = "MD2",
 #endif
 	[OPENSSL_ALGO_SHA224] = "SHA224",
 	[OPENSSL_ALGO_SHA256] = "SHA256",
 	[OPENSSL_ALGO_SHA384] = "SHA384",
 	[OPENSSL_ALGO_SHA512] = "SHA512",
 #ifndef OPENSSL_NO_RMD160
 	[OPENSSL_ALGO_RMD160] = "RIPEMD160",
 #endif
 };
 const EVP_MD *php_openssl_get_evp_md_from_algo(zend_long algo)
 {
 	if (algo < 0 || algo >= (zend_long)(sizeof(php_openssl_digest_names) / sizeof(*php_openssl_digest_names))) {
 		return NULL;
 	}
 	const char *name = php_openssl_digest_names[algo];
 	if (!name) {
 		return NULL;
 	}
 	return php_openssl_get_evp_md_by_name(name);
 }
 void php_openssl_release_evp_md(const EVP_MD *md)
 {
 	if (md != NULL) {
 		// It is fine to remove const as the md is from EVP_MD_fetch
 		EVP_MD_free((EVP_MD *) md);
 	}
 }
 static const char *php_openssl_cipher_names[] = {
 	[PHP_OPENSSL_CIPHER_RC2_40]     = "RC2-40-CBC",
 	[PHP_OPENSSL_CIPHER_RC2_128]    = "RC2-CBC",
 	[PHP_OPENSSL_CIPHER_RC2_64]     = "RC2-64-CBC",
 	[PHP_OPENSSL_CIPHER_DES]        = "DES-CBC",
 	[PHP_OPENSSL_CIPHER_3DES]       = "DES-EDE3-CBC",
 	[PHP_OPENSSL_CIPHER_AES_128_CBC]= "AES-128-CBC",
 	[PHP_OPENSSL_CIPHER_AES_192_CBC]= "AES-192-CBC",
 	[PHP_OPENSSL_CIPHER_AES_256_CBC]= "AES-256-CBC",
 };
 const EVP_CIPHER *php_openssl_get_evp_cipher_by_name(const char *name)
 {
 	return EVP_CIPHER_fetch(OPENSSL_G(libctx), name, OPENSSL_G(propq));
 }
 const EVP_CIPHER *php_openssl_get_evp_cipher_from_algo(zend_long algo)
 {
 	if (algo < 0 || algo >= (zend_long)(sizeof(php_openssl_cipher_names) / sizeof(*php_openssl_cipher_names))) {
 		return NULL;
 	}
 	const char *name = php_openssl_cipher_names[algo];
 	if (!name) {
 		return NULL;
 	}
 	return php_openssl_get_evp_cipher_by_name(name);
 }
 void php_openssl_release_evp_cipher(const EVP_CIPHER *cipher)
 {
 	if (cipher != NULL) {
 		// It is fine to remove const as the cipher is from EVP_CIPHER_fetch
 		EVP_CIPHER_free((EVP_CIPHER *) cipher);
 	}
 }
 static void php_openssl_add_cipher_name(const char *name, void *arg)
 {
 	size_t len = strlen(name);
@ -722,7 +805,7 @@ static int php_openssl_compare_func(Bucket *a, Bucket *b)
 void php_openssl_get_cipher_methods(zval *return_value, bool aliases)
 {
 	array_init(return_value);
-	EVP_CIPHER_do_all_provided(NULL,
+	EVP_CIPHER_do_all_provided(OPENSSL_G(libctx),
 		aliases ? php_openssl_add_cipher_or_alias : php_openssl_add_cipher,
 		return_value);
 	zend_hash_sort(Z_ARRVAL_P(return_value), php_openssl_compare_func, 1);
--- a/ext/openssl/php_openssl_backend.h
+++ b/ext/openssl/php_openssl_backend.h
@ -75,14 +75,17 @@ enum php_openssl_key_type {
 	OPENSSL_KEYTYPE_RSA,
 	OPENSSL_KEYTYPE_DSA,
 	OPENSSL_KEYTYPE_DH,
 	OPENSSL_KEYTYPE_EC,
 	OPENSSL_KEYTYPE_X25519,
 	OPENSSL_KEYTYPE_ED25519,
 	OPENSSL_KEYTYPE_X448,
 	OPENSSL_KEYTYPE_ED448,
 	OPENSSL_KEYTYPE_DEFAULT = OPENSSL_KEYTYPE_RSA,
 	OPENSSL_KEYTYPE_EC = OPENSSL_KEYTYPE_DH +1,
 	OPENSSL_KEYTYPE_X25519 = OPENSSL_KEYTYPE_DH +2,
 	OPENSSL_KEYTYPE_ED25519 = OPENSSL_KEYTYPE_DH +3,
 	OPENSSL_KEYTYPE_X448 = OPENSSL_KEYTYPE_DH +4,
 	OPENSSL_KEYTYPE_ED448 = OPENSSL_KEYTYPE_DH +5,
 };
 /* Cipher constants, do not forget to update php_openssl_cipher_names in
 * openssl_backend_v3.c  if new constant added. */
 enum php_openssl_cipher_type {
 	PHP_OPENSSL_CIPHER_RC2_40,
 	PHP_OPENSSL_CIPHER_RC2_128,
@ -106,10 +109,10 @@ enum php_openssl_encoding {
 	ENCODING_PEM,
 };
 #define MIN_KEY_LENGTH		384
-/* constants used in ext/phar/util.c, keep in sync */
+/* Constants used in ext/phar/util.c, keep in sync and do not forget to update
 * php_openssl_digest_names in openssl_backend_v3.c if new constant added. */
 #define OPENSSL_ALGO_SHA1 	1
 #define OPENSSL_ALGO_MD5	2
 #ifndef OPENSSL_NO_MD4
@ -126,6 +129,7 @@ enum php_openssl_encoding {
 #ifndef OPENSSL_NO_RMD160
 #define OPENSSL_ALGO_RMD160 10
 #endif
 #define DEBUG_SMIME	0
 #if !defined(OPENSSL_NO_EC) && defined(EVP_PKEY_EC)
@ -221,8 +225,12 @@ void php_openssl_dispose_config(struct php_x509_request * req);
 zend_result php_openssl_load_rand_file(const char * file, int *egdsocket, int *seeded);
 zend_result php_openssl_write_rand_file(const char * file, int egdsocket, int seeded);
-EVP_MD * php_openssl_get_evp_md_from_algo(zend_long algo);
+const EVP_MD *php_openssl_get_evp_md_by_name(const char *name);
 const EVP_MD *php_openssl_get_evp_md_from_algo(zend_long algo);
 void php_openssl_release_evp_md(const EVP_MD *md);
 const EVP_CIPHER * php_openssl_get_evp_cipher_by_name(const char *name);
 const EVP_CIPHER * php_openssl_get_evp_cipher_from_algo(zend_long algo);
 void php_openssl_release_evp_cipher(const EVP_CIPHER *cipher);
 void php_openssl_backend_init(void);
 void php_openssl_backend_init_common(void);