Fix incorrect error checking in php_openssl_set_server_dh_param()

SSL_CTX_set_tmp_dh() and SSL_CTX_set0_tmp_dh_pkey() return 1 on success and 0 on error. But only < 0 was checked which means that errors were never caught. Closes GH-10705.
php · Feb 26, 2023 · b09be29 · b09be29
1 parent eb7bb34
commit b09be29
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/NEWS b/NEWS
@@ -54,6 +54,9 @@ PHP                                                                        NEWS
 - Opcache:
   . Fix incorrect page_size check. (nielsdos)
 
+- OpenSSL:
+  . Fixed php_openssl_set_server_dh_param() DH params errors handling. (nielsdos)
+
 - PDO OCI:
   . Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars).
     (Michael Voříšek)

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
@@ -1222,7 +1222,7 @@ static int php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /*
 		return FAILURE;
 	}
 
-	if (SSL_CTX_set0_tmp_dh_pkey(ctx, pkey) < 0) {
+	if (SSL_CTX_set0_tmp_dh_pkey(ctx, pkey) == 0) {
 		php_error_docref(NULL, E_WARNING, "Failed assigning DH params");
 		EVP_PKEY_free(pkey);
 		return FAILURE;
@@ -1236,7 +1236,7 @@ static int php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /*
 		return FAILURE;
 	}
 
-	if (SSL_CTX_set_tmp_dh(ctx, dh) < 0) {
+	if (SSL_CTX_set_tmp_dh(ctx, dh) == 0) {
 		php_error_docref(NULL, E_WARNING, "Failed assigning DH params");
 		DH_free(dh);
 		return FAILURE;
@@ -1305,7 +1305,10 @@ static int php_openssl_set_server_specific_opts(php_stream *stream, SSL_CTX *ctx
 		php_error_docref(NULL, E_WARNING, "rsa_key_size context option has been removed");
 	}
 
-	php_openssl_set_server_dh_param(stream, ctx);
+	if (php_openssl_set_server_dh_param(stream, ctx) == FAILURE) {
+		return FAILURE;
+	}
+
 	zv = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "single_dh_use");
 	if (zv == NULL || zend_is_true(zv)) {
 		ssl_ctx_options |= SSL_OP_SINGLE_DH_USE;