MDL-73523 libraries: openssl_free_xxx() methods are deprecated in php80

So we are putting them under a standard PHP_MAJOR_VERSION < 8 condition. Also, added TODO comments to remember to delete that block of code when php80 becomes the minimum required versions in the future (Moodle 4.3?). When possible, an issue has been created upstream, else a comment in readme_moodle files has been added. Finally, when the keys being freed were class or object attributes, also nullify them (but when the calls were part of destructor methods).
2025-01-29 11:46:19 +01:00 · 2022-01-10 15:49:12 +01:00 · 2022-01-10 15:49:12 +01:00 · d2ad5e8461
commit d2ad5e8461
parent a01f1fa71c
9 changed files with 50 additions and 16 deletions
--- a/enrol/lti/ims-blti/OAuth.php
+++ b/enrol/lti/ims-blti/OAuth.php
@ -148,8 +148,11 @@ class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {
    // Sign using the key
    $ok = openssl_sign($base_string, $signature, $privatekeyid);

-    // Release the key resource
-    openssl_free_key($privatekeyid);
+    // TODO: Remove this block once PHP 8.0 becomes required.
+    if (PHP_MAJOR_VERSION < 8) {
+      // Release the key resource
+      openssl_free_key($privatekeyid);
+    }

    return base64_encode($signature);
  }
@ -168,8 +171,11 @@ class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {
    // Check the computed signature against the one passed in the query
    $ok = openssl_verify($base_string, $decoded_sig, $publickeyid);

-    // Release the key resource
-    openssl_free_key($publickeyid);
+    // TODO: Remove this block once PHP 8.0 becomes required.
+    if (PHP_MAJOR_VERSION < 8) {
+      // Release the key resource
+      openssl_free_key($publickeyid);
+    }

    return $ok == 1;
  }
--- a/enrol/lti/ims-blti/moodle_readme.txt
+++ b/enrol/lti/ims-blti/moodle_readme.txt
@ -3,4 +3,5 @@ current code was taken from https://github.com/jfederico/ims-dev/tree/master/bas
 several changes to the code (including bug fixes). As the library is no longer supported upgrades are not possible.
 In future releases we should look into using a supported library.

-2021-01-05 - Removed get_magic_quotes_gpc() use, was returning false since ages ago.
+2022-01-05 - MDL-73502 - Removed get_magic_quotes_gpc() use, was returning false since ages ago.
+2022-01-20 - MDL-73523 - Conditional openssl_free_key() use, deprecated by PHP 8.0
--- a/lib/google/readme_moodle.txt
+++ b/lib/google/readme_moodle.txt
@ -40,7 +40,9 @@ Local changes (to reapply until upstream upgrades contain them):
    * MDL-67034 php74 compliance fixes
    * MDL-67115 php74 implode() compliance fixes. This is fixed in upstream library v2.2.4
      (verify that https://github.com/googleapis/google-api-php-client/pull/1683 is applied)
-
+    * MDL-73523 php80 compliance. openssl_xxx_free() methods deprecated. I've been unable to
+      find any issue upstream and the current library versions are way different from the ones
+      we are using here.

 Information
 -----------
--- a/lib/google/src/Google/Signer/P12.php
+++ b/lib/google/src/Google/Signer/P12.php
@ -74,7 +74,10 @@ class Google_Signer_P12 extends Google_Signer_Abstract
  public function __destruct()
  {
    if ($this->privateKey) {
-      openssl_pkey_free($this->privateKey);
+      // TODO: Remove this block once PHP 8.0 becomes required.
+      if (PHP_MAJOR_VERSION < 8) {
+        openssl_pkey_free($this->privateKey);
+      }
    }
  }

--- a/lib/google/src/Google/Verifier/Pem.php
+++ b/lib/google/src/Google/Verifier/Pem.php
@ -50,7 +50,10 @@ class Google_Verifier_Pem extends Google_Verifier_Abstract
  public function __destruct()
  {
    if ($this->publicKey) {
-      openssl_x509_free($this->publicKey);
+      // TODO: Remove this block once PHP 8.0 becomes required.
+      if (PHP_MAJOR_VERSION < 8) {
+          openssl_x509_free($this->publicKey);
+      }
    }
  }

--- a/mnet/lib.php
+++ b/mnet/lib.php
@ -422,7 +422,10 @@ function mnet_generate_keypair($dn = null, $days=28) {

    // We export our self-signed certificate to a string.
    openssl_x509_export($selfSignedCert, $keypair['certificate']);
-    openssl_x509_free($selfSignedCert);
+    // TODO: Remove this block once PHP 8.0 becomes required.
+    if (PHP_MAJOR_VERSION < 8) {
+        openssl_x509_free($selfSignedCert);
+    }

    // Export your public/private key pair as a PEM encoded string. You
    // can protect it with an optional passphrase if you wish.
@ -431,7 +434,10 @@ function mnet_generate_keypair($dn = null, $days=28) {
    } else {
        $export = openssl_pkey_export($new_key, $keypair['keypair_PEM'] /* , $passphrase */);
    }
-    openssl_pkey_free($new_key);
+    // TODO: Remove this block once PHP 8.0 becomes required.
+    if (PHP_MAJOR_VERSION < 8) {
+        openssl_pkey_free($new_key);
+    }
    unset($new_key); // Free up the resource

    return $keypair;
--- a/mod/lti/OAuth.php
+++ b/mod/lti/OAuth.php
@ -262,8 +262,11 @@ class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {
        // Sign using the key
        $ok = openssl_sign($base_string, $signature, $privatekeyid);

-        // Release the key resource
-        openssl_free_key($privatekeyid);
+        // TODO: Remove this block once PHP 8.0 becomes required.
+        if (PHP_MAJOR_VERSION < 8) {
+            // Release the key resource
+            openssl_free_key($privatekeyid);
+        }

        return base64_encode($signature);
    }
@ -282,8 +285,11 @@ class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {
        // Check the computed signature against the one passed in the query
        $ok = openssl_verify($base_string, $decoded_sig, $publickeyid);

-        // Release the key resource
-        openssl_free_key($publickeyid);
+        // TODO: Remove this block once PHP 8.0 becomes required.
+        if (PHP_MAJOR_VERSION < 8) {
+            // Release the key resource
+            openssl_free_key($publickeyid);
+        }

        return $ok == 1;
    }
@ -897,4 +903,4 @@ class OAuthUtil {
        // Each name-value pair is separated by an '&' character (ASCII code 38)
        return implode('&', $pairs);
    }
-}
+}
--- a/repository/s3/README_MOODLE.txt
+++ b/repository/s3/README_MOODLE.txt
@ -12,3 +12,4 @@ Local changes applied:
 upstream. Remove the local changes if so)

 MDL-67031 php74 compliance. Change curly to square braces.
+MDL-73523 php80 compliance. Deprecated openssl_free_key() use (https://github.com/tpyo/amazon-s3-php-class/issues/178)
--- a/repository/s3/S3.php
+++ b/repository/s3/S3.php
@ -351,7 +351,13 @@ class S3
 	public static function freeSigningKey()
 	{
 		if (self::$__signingKeyResource !== false)
-			openssl_free_key(self::$__signingKeyResource);
+		{
+			// TODO: Remove this block once PHP 8.0 becomes required.
+			if (PHP_MAJOR_VERSION < 8) {
+				openssl_free_key(self::$__signingKeyResource);
+			}
+			self::$__signingKeyResource = null;
+		}
 	}