archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Switch dh_param handling to EVP_PKEY API

Browse source
This commit is contained in:
Nikita Popov 2021-08-10 12:17:17 +02:00
parent 2addab1561
commit ef787bae24
1 changed files with 19 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

26
ext/openssl/xp_ssl.c
View file

@ -1191,11 +1191,7 @@ static RSA *php_openssl_tmp_rsa_cb(SSL *s, int is_export, int keylength)
static int php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /* {{{ */
{
DH *dh;
BIO* bio;
zval *zdhpath;
zdhpath = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "dh_param");
zval *zdhpath = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "dh_param");
if (zdhpath == NULL) {
#if 0
/* Coming in OpenSSL 1.1 ... eventually we'll want to enable this
@ -1210,14 +1206,29 @@ static int php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /*
return FAILURE;
}
bio = BIO_new_file(Z_STRVAL_P(zdhpath), PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
BIO *bio = BIO_new_file(Z_STRVAL_P(zdhpath), PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
if (bio == NULL) {
php_error_docref(NULL, E_WARNING, "Invalid dh_param");
return FAILURE;
}
dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
#if PHP_OPENSSL_API_VERSION >= 0x30000
EVP_PKEY *pkey = PEM_read_bio_Parameters(bio, NULL);
BIO_free(bio);
if (pkey == NULL) {
php_error_docref(NULL, E_WARNING, "Failed reading DH params");
return FAILURE;
}
if (SSL_CTX_set0_tmp_dh_pkey(ctx, pkey) < 0) {
php_error_docref(NULL, E_WARNING, "Failed assigning DH params");
EVP_PKEY_free(pkey);
return FAILURE;
}
#else
DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
BIO_free(bio);
if (dh == NULL) {
@ -1232,6 +1243,7 @@ static int php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /*
}
DH_free(dh);
#endif
return SUCCESS;
}