From 9e7962b67eff113583ece3b3cd341c0a785b95d1 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sat, 25 Feb 2023 23:39:00 +0100 Subject: [PATCH 1/2] Add missing check for php_openssl_set_server_dh_param() --- ext/openssl/xp_ssl.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 58ba4b0499c84..2489cedce15f6 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -1305,7 +1305,10 @@ static int php_openssl_set_server_specific_opts(php_stream *stream, SSL_CTX *ctx php_error_docref(NULL, E_WARNING, "rsa_key_size context option has been removed"); } - php_openssl_set_server_dh_param(stream, ctx); + if (php_openssl_set_server_dh_param(stream, ctx) == FAILURE) { + return FAILURE; + } + zv = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "single_dh_use"); if (zv == NULL || zend_is_true(zv)) { ssl_ctx_options |= SSL_OP_SINGLE_DH_USE; From 15f3e5667e713ab79d95697a3fb8ec5746b10ec6 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sun, 26 Feb 2023 00:07:58 +0100 Subject: [PATCH 2/2] Fix incorrect error checking in php_openssl_set_server_dh_param() SSL_CTX_set_tmp_dh() and SSL_CTX_set0_tmp_dh_pkey() return 1 on success and 0 on error. But only < 0 was checked which means that errors were never caught. --- ext/openssl/xp_ssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 2489cedce15f6..9aac4a0b70a28 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -1222,7 +1222,7 @@ static int php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /* return FAILURE; } - if (SSL_CTX_set0_tmp_dh_pkey(ctx, pkey) < 0) { + if (SSL_CTX_set0_tmp_dh_pkey(ctx, pkey) == 0) { php_error_docref(NULL, E_WARNING, "Failed assigning DH params"); EVP_PKEY_free(pkey); return FAILURE; @@ -1236,7 +1236,7 @@ static int php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /* return FAILURE; } - if (SSL_CTX_set_tmp_dh(ctx, dh) < 0) { + if (SSL_CTX_set_tmp_dh(ctx, dh) == 0) { php_error_docref(NULL, E_WARNING, "Failed assigning DH params"); DH_free(dh); return FAILURE;