Upgrade OpenSSL version to 3.0

hhvm.nix

@@ -49,7 +49,7 @@
 , numactl
 , oniguruma
 , openldap
-, openssl_1_1
+, openssl
 , pcre
 , perl
 , pkg-config
@@ -127,7 +127,7 @@ stdenv.mkDerivation rec {
       (if isDefaultStdlib then boost else boost.override { inherit stdenv; })
       brotli
       bzip2
-      (curl.override { openssl = openssl_1_1; })
+      curl
       (
         if isDefaultStdlib then
           double-conversion
@@ -186,7 +186,7 @@ stdenv.mkDerivation rec {
       lz4
       oniguruma
       openldap
-      openssl_1_1
+      openssl
       pcre
       perl
       re2

hphp/runtime/base/ssl-socket.cpp

@@ -499,7 +499,7 @@ bool SSLSocket::setupCrypto(SSLSocket *session /* = NULL */) {
     break;
   case CryptoMethod::ClientTLS:
     m_data->m_client = true;
-    smethod = TLSv1_client_method();
+    smethod = TLS_client_method();
     break;
   case CryptoMethod::ServerSSLv23:
     m_data->m_client = false;
@@ -542,7 +542,7 @@ bool SSLSocket::setupCrypto(SSLSocket *session /* = NULL */) {
 
   case CryptoMethod::ServerTLS:
     m_data->m_client = false;
-    smethod = TLSv1_server_method();
+    smethod = TLS_server_method();
     break;
   default:
     return false;

hphp/runtime/ext/openssl/ext_openssl.cpp

@@ -28,6 +28,9 @@
 #include <openssl/conf.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
+#include <openssl/provider.h>
+#endif
 #include <openssl/rand.h>
 #include <vector>
 
@@ -66,6 +69,12 @@ struct OpenSSLInitializer {
     ERR_load_crypto_strings();
     ERR_load_EVP_strings();
 
+// RC4 is only available in legacy providers
+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
+    OSSL_PROVIDER_load(nullptr, "default");
+    OSSL_PROVIDER_load(nullptr, "legacy");
+#endif
+
     /* Determine default SSL configuration file */
     char *config_filename = getenv("OPENSSL_CONF");
     if (config_filename == nullptr) {
@@ -998,25 +1007,27 @@ bool HHVM_FUNCTION(openssl_csr_export, const Variant& csr, Variant& out,
   return false;
 }
 
+static EVP_PKEY *duplicate_public_key(EVP_PKEY *priv_key) {
+	/* Extract public key portion by round-tripping through PEM. */
+	BIO *bio = BIO_new(BIO_s_mem());
+  SCOPE_EXIT { BIO_free(bio); };
+	if (!bio || !PEM_write_bio_PUBKEY(bio, priv_key)) {
+		return nullptr;
+	}
+
+	EVP_PKEY *pub_key = PEM_read_bio_PUBKEY(bio, nullptr, nullptr, nullptr);
+	return pub_key;
+}
+
 Variant HHVM_FUNCTION(openssl_csr_get_public_key, const Variant& csr) {
   auto pcsr = CSRequest::Get(csr);
   if (!pcsr) return false;
 
   auto input_csr = pcsr->csr();
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
-  /* Due to changes in OpenSSL 1.1 related to locking when decoding CSR,
-   * the pub key is not changed after assigning. It means if we pass
-   * a private key, it will be returned including the private part.
-   * If we duplicate it, then we get just the public part which is
-   * the same behavior as for OpenSSL 1.0 */
-  input_csr = X509_REQ_dup(input_csr);
-  /* We need to free the CSR as it was duplicated */
-  SCOPE_EXIT { X509_REQ_free(input_csr); };
-#endif
-  auto pubkey = X509_REQ_get_pubkey(input_csr);
+  auto pubkey = X509_REQ_get0_pubkey(input_csr);
   if (!pubkey) return false;
-  return Variant(req::make<Key>(pubkey));
+  return Variant(req::make<Key>(duplicate_public_key(pubkey)));
 }
 
 Variant HHVM_FUNCTION(openssl_csr_get_subject, const Variant& csr,
@@ -1907,7 +1918,7 @@ Array HHVM_FUNCTION(openssl_pkey_get_details, const Resource& key) {
   case EVP_PKEY_RSA2:
     {
       ktype = OPENSSL_KEYTYPE_RSA;
-      RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+      auto rsa = EVP_PKEY_get0_RSA(pkey);
       assertx(rsa);
       const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
       RSA_get0_key(rsa, &n, &e, &d);
@@ -1930,7 +1941,7 @@ Array HHVM_FUNCTION(openssl_pkey_get_details, const Resource& key) {
   case EVP_PKEY_DSA4:
     {
       ktype = OPENSSL_KEYTYPE_DSA;
-      DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+      auto dsa = EVP_PKEY_get0_DSA(pkey);
       assertx(dsa);
       const BIGNUM *p, *q, *g, *pub_key, *priv_key;
       DSA_get0_pqg(dsa, &p, &q, &g);
@@ -1946,7 +1957,7 @@ Array HHVM_FUNCTION(openssl_pkey_get_details, const Resource& key) {
   case EVP_PKEY_DH:
     {
       ktype = OPENSSL_KEYTYPE_DH;
-      DH *dh = EVP_PKEY_get0_DH(pkey);
+      auto dh = EVP_PKEY_get0_DH(pkey);
       assertx(dh);
       const BIGNUM *p, *q, *g, *pub_key, *priv_key;
       DH_get0_pqg(dh, &p, &q, &g);
@@ -2060,11 +2071,15 @@ bool HHVM_FUNCTION(openssl_private_decrypt, const String& data,
   switch (EVP_PKEY_id(pkey)) {
   case EVP_PKEY_RSA:
   case EVP_PKEY_RSA2:
-    cryptedlen = RSA_private_decrypt(data.size(),
-                                     (unsigned char *)data.data(),
-                                     cryptedbuf,
-                                     EVP_PKEY_get0_RSA(pkey),
-                                     padding);
+    {
+      auto rsa = EVP_PKEY_get1_RSA(pkey);
+      cryptedlen = RSA_private_decrypt(data.size(),
+                                      (unsigned char *)data.data(),
+                                      cryptedbuf,
+                                      rsa,
+                                      padding);
+      RSA_free(rsa);
+    }
     if (cryptedlen != -1) {
       successful = 1;
     }
@@ -2100,11 +2115,15 @@ bool HHVM_FUNCTION(openssl_private_encrypt, const String& data,
   switch (EVP_PKEY_id(pkey)) {
   case EVP_PKEY_RSA:
   case EVP_PKEY_RSA2:
-    successful = (RSA_private_encrypt(data.size(),
-                                      (unsigned char *)data.data(),
-                                      cryptedbuf,
-                                      EVP_PKEY_get0_RSA(pkey),
-                                      padding) == cryptedlen);
+    {
+      auto rsa = EVP_PKEY_get1_RSA(pkey);
+      successful = (RSA_private_encrypt(data.size(),
+                                        (unsigned char *)data.data(),
+                                        cryptedbuf,
+                                        rsa,
+                                        padding) == cryptedlen);
+      RSA_free(rsa);
+    }
     break;
   default:
     raise_warning("key type not supported");
@@ -2136,11 +2155,15 @@ bool HHVM_FUNCTION(openssl_public_decrypt, const String& data,
   switch (EVP_PKEY_id(pkey)) {
   case EVP_PKEY_RSA:
   case EVP_PKEY_RSA2:
-    cryptedlen = RSA_public_decrypt(data.size(),
-                                    (unsigned char *)data.data(),
-                                    cryptedbuf,
-                                    EVP_PKEY_get0_RSA(pkey),
-                                    padding);
+    {
+      auto rsa = EVP_PKEY_get1_RSA(pkey);
+      cryptedlen = RSA_public_decrypt(data.size(),
+                                      (unsigned char *)data.data(),
+                                      cryptedbuf,
+                                      rsa,
+                                      padding);
+      RSA_free(rsa);
+    }
     if (cryptedlen != -1) {
       successful = 1;
     }
@@ -2176,11 +2199,15 @@ bool HHVM_FUNCTION(openssl_public_encrypt, const String& data,
   switch (EVP_PKEY_id(pkey)) {
   case EVP_PKEY_RSA:
   case EVP_PKEY_RSA2:
-    successful = (RSA_public_encrypt(data.size(),
-                                     (unsigned char *)data.data(),
-                                     cryptedbuf,
-                                     EVP_PKEY_get0_RSA(pkey),
-                                     padding) == cryptedlen);
+    {
+      auto rsa = EVP_PKEY_get1_RSA(pkey);
+      successful = (RSA_public_encrypt(data.size(),
+                                      (unsigned char *)data.data(),
+                                      cryptedbuf,
+                                      rsa,
+                                      padding) == cryptedlen);
+      RSA_free(rsa);
+    }
     break;
   default:
     raise_warning("key type not supported");
@@ -2199,6 +2226,7 @@ Variant HHVM_FUNCTION(openssl_seal, const String& data, Variant& sealed_data,
                                     const Array& pub_key_ids,
                                     const String& method,
                                     Variant& iv) {
+
   int nkeys = pub_key_ids.size();
   if (nkeys == 0) {
     raise_warning("Fourth argument to openssl_seal() must be "
@@ -2264,7 +2292,8 @@ Variant HHVM_FUNCTION(openssl_seal, const String& data, Variant& sealed_data,
     ret = false;
     goto clean_exit;
   }
-  if (!EVP_EncryptInit_ex(ctx, cipher_type, nullptr, nullptr, nullptr)) {
+  if (!EVP_EncryptInit_ex2(ctx, cipher_type, nullptr, nullptr, nullptr)) {
+    raise_warning("Failed to initialize cipher \"%s\"", method.c_str());
     ret = false;
     goto clean_exit;
   }

hphp/test/slow/ext_openssl/openssl_x509_parse_basic.php.expectf

@@ -105,10 +105,9 @@ dict(13) {
     ["subjectKeyIdentifier"]=>
     string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D"
     ["authorityKeyIdentifier"]=>
-    string(202) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
+    string(%d) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
 DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/[email protected]
-serial:AE:C5:56:CC:72:37:50:A2
-"
+serial:AE:C5:56:CC:72:37:50:A2%w"
     ["basicConstraints"]=>
     string(7) "CA:TRUE"
   }
@@ -220,10 +219,9 @@ dict(13) {
     ["subjectKeyIdentifier"]=>
     string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D"
     ["authorityKeyIdentifier"]=>
-    string(202) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
+    string(%d) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
 DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/[email protected]
-serial:AE:C5:56:CC:72:37:50:A2
-"
+serial:AE:C5:56:CC:72:37:50:A2%w"
     ["basicConstraints"]=>
     string(7) "CA:TRUE"
   }

hphp/test/zend/good/ext/openssl/tests/bug28382.php.expectf

@@ -6,18 +6,16 @@ dict(11) {
   ["nsCertType"]=>
   string(30) "SSL Client, SSL Server, S/MIME"
   ["crlDistributionPoints"]=>
-  string(%d) "%AURI:http://mobile.blue-software.ro:90/ca/crl.shtml
-"
+  string(%d) "%AURI:http://mobile.blue-software.ro:90/ca/crl.shtml%w"
   ["nsCaPolicyUrl"]=>
   string(38) "http://mobile.blue-software.ro:90/pub/"
   ["subjectAltName"]=>
   string(28) "email:[email protected]"
   ["subjectKeyIdentifier"]=>
   string(59) "B0:A7:FF:F9:41:15:DE:23:39:BD:DD:31:0F:97:A0:B2:A2:74:E0:FC"
   ["authorityKeyIdentifier"]=>
-  string(115) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/[email protected]
-serial:00
-"
+  string(%d) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/[email protected]
+serial:00%w"
   ["keyUsage"]=>
   string(71) "Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment"
   ["nsBaseUrl"]=>

hphp/test/zend/good/ext/openssl/tests/cve2013_4073.php.expectf

@@ -2,6 +2,5 @@ dict [
   'basicConstraints' => 'CA:FALSE',
   'subjectKeyIdentifier' => '88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C',
   'keyUsage' => 'Digital Signature, Non Repudiation, Key Encipherment',
-  'subjectAltName' => 'DNS:altnull.python.org' . "\0" . 'example.com, email:[email protected]' . "\0" . '[email protected], URI:http://null.python.org' . "\0" . 'http://example.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1
-',
+  'subjectAltName' => 'DNS:altnull.python.org' . "\0" . 'example.com, email:[email protected]' . "\0" . '[email protected], URI:http://null.python.org' . "\0" . 'http://example.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1%w',
 ]