Make further OpenSSL 1.0.2 clean up

Closes GH-18133

Author: bukka

ext/openssl/openssl.c

@@ -3975,20 +3975,11 @@ PHP_FUNCTION(openssl_sign)
 
 	md_ctx = EVP_MD_CTX_create();
 	size_t siglen;
-#if PHP_OPENSSL_API_VERSION >= 0x10100
 	if (md_ctx != NULL &&
 			EVP_DigestSignInit(md_ctx, NULL, mdtype, NULL, pkey) &&
 			EVP_DigestSign(md_ctx, NULL, &siglen, (unsigned char*)data, data_len) &&
 			(sigbuf = zend_string_alloc(siglen, 0)) != NULL &&
 			EVP_DigestSign(md_ctx, (unsigned char*)ZSTR_VAL(sigbuf), &siglen, (unsigned char*)data, data_len)) {
-#else
-	if (md_ctx != NULL &&
-			EVP_SignInit(md_ctx, mdtype) &&
-			EVP_SignUpdate(md_ctx, data, data_len) &&
-			(siglen = EVP_PKEY_size(pkey)) &&
-			(sigbuf = zend_string_alloc(siglen, 0)) != NULL &&
-			EVP_SignFinal(md_ctx, (unsigned char*)ZSTR_VAL(sigbuf), (unsigned int*)&siglen, pkey)) {
-#endif
 		ZSTR_VAL(sigbuf)[siglen] = '\0';
 		ZSTR_LEN(sigbuf) = siglen;
 		ZEND_TRY_ASSIGN_REF_NEW_STR(signature, sigbuf);
@@ -4049,14 +4040,8 @@ PHP_FUNCTION(openssl_verify)
 
 	md_ctx = EVP_MD_CTX_create();
 	if (md_ctx == NULL ||
-#if PHP_OPENSSL_API_VERSION >= 0x10100
 			!EVP_DigestVerifyInit(md_ctx, NULL, mdtype, NULL, pkey) ||
 			(err = EVP_DigestVerify(md_ctx, (unsigned char *)signature, signature_len, (unsigned char*)data, data_len)) < 0) {
-#else
-			!EVP_VerifyInit (md_ctx, mdtype) ||
-			!EVP_VerifyUpdate (md_ctx, data, data_len) ||
-			(err = EVP_VerifyFinal(md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey)) < 0) {
-#endif
 		php_openssl_store_errors();
 	}
 	EVP_MD_CTX_destroy(md_ctx);

ext/openssl/openssl.stub.php

@@ -86,14 +86,6 @@
  */
 const OPENSSL_ALGO_MD2 = UNKNOWN;
 #endif
-#if PHP_OPENSSL_API_VERSION < 0x10100
-/**
- * @var int
- * @cvalue OPENSSL_ALGO_DSS1
- */
-const OPENSSL_ALGO_DSS1 = UNKNOWN;
-#endif
-
 /**
  * @var int
  * @cvalue OPENSSL_ALGO_SHA224

ext/openssl/openssl_arginfo.h

@@ -461,7 +461,6 @@ zend_result php_openssl_write_rand_file(const char * file, int egdsocket, int se
 	if (file == NULL) {
 		file = RAND_file_name(buffer, sizeof(buffer));
 	}
-	PHP_OPENSSL_RAND_ADD_TIME();
 	if (file == NULL || !RAND_write_file(file)) {
 		php_openssl_store_errors();
 		php_error_docref(NULL, E_WARNING, "Unable to write random state");
@@ -489,11 +488,6 @@ EVP_MD * php_openssl_get_evp_md_from_algo(zend_long algo) {
 		case OPENSSL_ALGO_MD2:
 			mdtype = (EVP_MD *) EVP_md2();
 			break;
-#endif
-#if PHP_OPENSSL_API_VERSION < 0x10100
-		case OPENSSL_ALGO_DSS1:
-			mdtype = (EVP_MD *) EVP_dss1();
-			break;
 #endif
 		case OPENSSL_ALGO_SHA224:
 			mdtype = (EVP_MD *) EVP_sha224();
@@ -1510,7 +1504,6 @@ EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req)
 	int egdsocket, seeded;
 	char *randfile = php_openssl_conf_get_string(req->req_config, req->section_name, "RANDFILE");
 	php_openssl_load_rand_file(randfile, &egdsocket, &seeded);
-	PHP_OPENSSL_RAND_ADD_TIME();
 
 	EVP_PKEY *key = NULL;
 	EVP_PKEY *params = NULL;
@@ -1700,48 +1693,25 @@ void php_openssl_load_cipher_mode(struct php_openssl_cipher_mode *mode, const EV
 	int cipher_mode = EVP_CIPHER_mode(cipher_type);
 	memset(mode, 0, sizeof(struct php_openssl_cipher_mode));
 	switch (cipher_mode) {
-#if PHP_OPENSSL_API_VERSION >= 0x10100
-		/* Since OpenSSL 1.1, all AEAD ciphers use a common framework. We check for
-		 * EVP_CIPH_OCB_MODE, because LibreSSL does not support it. */
 		case EVP_CIPH_GCM_MODE:
 		case EVP_CIPH_CCM_MODE:
-# ifdef EVP_CIPH_OCB_MODE
+		/* We check for EVP_CIPH_OCB_MODE, because LibreSSL does not support it. */
+#ifdef EVP_CIPH_OCB_MODE
 		case EVP_CIPH_OCB_MODE:
 			/* For OCB mode, explicitly set the tag length even when decrypting,
 			 * see https://github.com/openssl/openssl/issues/8331. */
 			mode->set_tag_length_always = cipher_mode == EVP_CIPH_OCB_MODE;
-# endif
+#endif
 			php_openssl_set_aead_flags(mode);
 			mode->set_tag_length_when_encrypting = cipher_mode == EVP_CIPH_CCM_MODE;
 			mode->is_single_run_aead = cipher_mode == EVP_CIPH_CCM_MODE;
 			break;
-# ifdef NID_chacha20_poly1305
+#ifdef NID_chacha20_poly1305
 		default:
 			if (EVP_CIPHER_nid(cipher_type) == NID_chacha20_poly1305) {
 				php_openssl_set_aead_flags(mode);
 			}
 			break;
-
-# endif
-#else
-# ifdef EVP_CIPH_GCM_MODE
-		case EVP_CIPH_GCM_MODE:
-			mode->is_aead = 1;
-			mode->aead_get_tag_flag = EVP_CTRL_GCM_GET_TAG;
-			mode->aead_set_tag_flag = EVP_CTRL_GCM_SET_TAG;
-			mode->aead_ivlen_flag = EVP_CTRL_GCM_SET_IVLEN;
-			break;
-# endif
-# ifdef EVP_CIPH_CCM_MODE
-		case EVP_CIPH_CCM_MODE:
-			mode->is_aead = 1;
-			mode->is_single_run_aead = 1;
-			mode->set_tag_length_when_encrypting = 1;
-			mode->aead_get_tag_flag = EVP_CTRL_CCM_GET_TAG;
-			mode->aead_set_tag_flag = EVP_CTRL_CCM_SET_TAG;
-			mode->aead_ivlen_flag = EVP_CTRL_CCM_SET_IVLEN;
-			break;
-# endif
 #endif
 	}
 }
@@ -2121,7 +2091,6 @@ PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long buffer_le
 	buffer = zend_string_alloc(buffer_length, 0);
 
 	PHP_OPENSSL_CHECK_LONG_TO_INT_NULL_RETURN(buffer_length, length);
-	PHP_OPENSSL_RAND_ADD_TIME();
 	if (RAND_bytes((unsigned char*)ZSTR_VAL(buffer), (int)buffer_length) <= 0) {
 		php_openssl_store_errors();
 		zend_string_release_ex(buffer, 0);

ext/openssl/openssl_backend_common.c

@@ -116,7 +116,6 @@ static bool php_openssl_pkey_init_dsa_data(DSA *dsa, zval *data, bool *is_privat
 	}
 
 	/* generate key */
-	PHP_OPENSSL_RAND_ADD_TIME();
 	if (!DSA_generate_key(dsa)) {
 		php_openssl_store_errors();
 		return 0;
@@ -185,7 +184,6 @@ static bool php_openssl_pkey_init_dh_data(DH *dh, zval *data, bool *is_private)
 	}
 
 	/* generate key */
-	PHP_OPENSSL_RAND_ADD_TIME();
 	if (!DH_generate_key(dh)) {
 		php_openssl_store_errors();
 		return 0;
@@ -341,7 +339,6 @@ static bool php_openssl_pkey_init_ec_data(EC_KEY *eckey, zval *data, bool *is_pr
 
 	if (!EC_KEY_check_key(eckey)) {
 		*is_private = true;
-		PHP_OPENSSL_RAND_ADD_TIME();
 		EC_KEY_generate_key(eckey);
 	}
 

ext/openssl/openssl_backend_v1.c

@@ -143,7 +143,6 @@ EVP_PKEY *php_openssl_pkey_init_dsa(zval *data, bool *is_private)
 		pkey = param_key;
 	} else {
 		*is_private = true;
-		PHP_OPENSSL_RAND_ADD_TIME();
 		EVP_PKEY_CTX_free(ctx);
 		ctx = EVP_PKEY_CTX_new(param_key, NULL);
 		if (EVP_PKEY_keygen_init(ctx) <= 0 || EVP_PKEY_keygen(ctx, &pkey) <= 0) {
@@ -219,7 +218,6 @@ EVP_PKEY *php_openssl_pkey_init_dh(zval *data, bool *is_private)
 		pkey = param_key;
 	} else {
 		*is_private = true;
-		PHP_OPENSSL_RAND_ADD_TIME();
 		EVP_PKEY_CTX_free(ctx);
 		ctx = EVP_PKEY_CTX_new(param_key, NULL);
 		if (EVP_PKEY_keygen_init(ctx) <= 0 || EVP_PKEY_keygen(ctx, &pkey) <= 0) {
@@ -407,7 +405,6 @@ EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) {
 		pkey = param_key;
 	} else {
 		*is_private = true;
-		PHP_OPENSSL_RAND_ADD_TIME();
 		if (EVP_PKEY_keygen_init(ctx) != 1 ||
 				EVP_PKEY_CTX_set_params(ctx, params) != 1 ||
 				EVP_PKEY_generate(ctx, &pkey) != 1) {
@@ -482,7 +479,6 @@ void php_openssl_pkey_object_curve_25519_448(zval *return_value, int key_type, z
 		is_private = priv_key != NULL;
 	} else {
 		is_private = true;
-		PHP_OPENSSL_RAND_ADD_TIME();
 		if (EVP_PKEY_keygen_init(ctx) <= 0 || EVP_PKEY_keygen(ctx, &pkey) <= 0) {
 			goto cleanup;
 		}

ext/openssl/openssl_backend_v3.c

@@ -118,9 +118,7 @@ enum php_openssl_encoding {
 #ifndef OPENSSL_NO_MD2
 #define OPENSSL_ALGO_MD2	4
 #endif
-#if PHP_OPENSSL_API_VERSION < 0x10100
-#define OPENSSL_ALGO_DSS1	5
-#endif
+/* Number 5 was used for OPENSSL_ALGO_DSS1 which is no longer available */
 #define OPENSSL_ALGO_SHA224 6
 #define OPENSSL_ALGO_SHA256 7
 #define OPENSSL_ALGO_SHA384 8
@@ -220,23 +218,6 @@ const EVP_CIPHER * php_openssl_get_evp_cipher_from_algo(zend_long algo);
 int php_openssl_parse_config(struct php_x509_request * req, zval * optional_args);
 void php_openssl_dispose_config(struct php_x509_request * req);
 
-
-#if defined(PHP_WIN32) || PHP_OPENSSL_API_VERSION >= 0x10100
-#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0)
-#else
-#define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval()
-
-static inline void php_openssl_rand_add_timeval(void)  /* {{{ */
-{
-	struct timeval tv;
-
-	gettimeofday(&tv, NULL);
-	RAND_add(&tv, sizeof(tv), 0.0);
-}
-/* }}} */
-
-#endif
-
 zend_result php_openssl_load_rand_file(const char * file, int *egdsocket, int *seeded);
 zend_result php_openssl_write_rand_file(const char * file, int egdsocket, int seeded);
 
@@ -279,7 +260,7 @@ X509_REQ *php_openssl_csr_from_str(zend_string *csr_str, uint32_t arg_num);
 X509_REQ *php_openssl_csr_from_param(
 		zend_object *csr_obj, zend_string *csr_str, uint32_t arg_num);
 
-#if PHP_OPENSSL_API_VERSION >= 0x10100 && !defined (LIBRESSL_VERSION_NUMBER)
+#if !defined (LIBRESSL_VERSION_NUMBER)
 #define PHP_OPENSSL_ASN1_INTEGER_set ASN1_INTEGER_set_int64
 #else
 #define PHP_OPENSSL_ASN1_INTEGER_set ASN1_INTEGER_set
@@ -349,14 +330,12 @@ struct php_openssl_cipher_mode {
 	int aead_ivlen_flag;
 };
 
-#if PHP_OPENSSL_API_VERSION >= 0x10100
 static inline void php_openssl_set_aead_flags(struct php_openssl_cipher_mode *mode) {
 	mode->is_aead = true;
 	mode->aead_get_tag_flag = EVP_CTRL_AEAD_GET_TAG;
 	mode->aead_set_tag_flag = EVP_CTRL_AEAD_SET_TAG;
 	mode->aead_ivlen_flag = EVP_CTRL_AEAD_SET_IVLEN;
 }
-#endif
 
 void php_openssl_load_cipher_mode(struct php_openssl_cipher_mode *mode, const EVP_CIPHER *cipher_type);
 zend_result php_openssl_validate_iv(const char **piv, size_t *piv_len, size_t iv_required_len,
@@ -375,6 +354,4 @@ zend_result php_openssl_cipher_update(const EVP_CIPHER *cipher_type,
 
 const EVP_CIPHER *php_openssl_get_evp_cipher_by_name(const char *method);
 
-
 #endif
-