archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Remove curl OpenSSL locking for unsupported versions (#18784)

Browse source
This commit is contained in:
Jakub Zelenka 2025-07-16 10:06:21 +01:00 committed by GitHub
parent 484d4351c2
commit 2ecafd41ba
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 12 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

30
ext/curl/config.m4
View file

@ -15,8 +15,8 @@ if test "$PHP_CURL" != "no"; then
AC_MSG_RESULT([$CURL_SSL]) AC_MSG_RESULT([$CURL_SSL])
AS_IF([test "x$PHP_THREAD_SAFETY" = xyes && test "x$CURL_SSL" = xyes], AS_IF([test "x$PHP_THREAD_SAFETY" = xyes && test "x$CURL_SSL" = xyes],
[AC_CACHE_CHECK([whether libcurl is linked against old OpenSSL < 1.1], [AC_CACHE_CHECK([whether libcurl is linked against a supported OpenSSL version],
[php_cv_lib_curl_ssl], [ [php_cv_lib_curl_ssl_supported], [
save_LIBS=$LIBS save_LIBS=$LIBS
save_CFLAGS=$CFLAGS save_CFLAGS=$CFLAGS
LIBS="$LIBS $CURL_SHARED_LIBADD" LIBS="$LIBS $CURL_SHARED_LIBADD"
@ -34,17 +34,14 @@ if test "$PHP_CURL" != "no"; then
while(*ptr == ' ') ++ptr; while(*ptr == ' ') ++ptr;
int major, minor; int major, minor;
if (sscanf(ptr, "OpenSSL/%d", &major) == 1) {
if (major >= 3) {
/* OpenSSL version 3 or later */
return 4;
}
}
if (sscanf(ptr, "OpenSSL/%d.%d", &major, &minor) == 2) { if (sscanf(ptr, "OpenSSL/%d.%d", &major, &minor) == 2) {
if (major > 1 || (major == 1 && minor >= 1)) { /* Check for 1.1.1+ (including 1.1.1a, 1.1.1b, etc.) */
/* OpenSSL version 1.1 or later */ if ((major > 1) || (major == 1 && minor == 1 && strncmp(ptr + 12, "1", 1) == 0)) {
/* OpenSSL 1.1.1+ - supported */
return 3; return 3;
} }
/* OpenSSL 1.1.0 and earlier - unsupported */
return 0;
} }
if (strncasecmp(ptr, "OpenSSL", sizeof("OpenSSL")-1) == 0) { if (strncasecmp(ptr, "OpenSSL", sizeof("OpenSSL")-1) == 0) {
/* Old OpenSSL version */ /* Old OpenSSL version */
@ -56,18 +53,15 @@ if test "$PHP_CURL" != "no"; then
/* No SSL support */ /* No SSL support */
return 1; return 1;
])], ])],
[php_cv_lib_curl_ssl=yes], [php_cv_lib_curl_ssl_supported=no],
[php_cv_lib_curl_ssl=no], [php_cv_lib_curl_ssl_supported=yes],
[php_cv_lib_curl_ssl=no]) [php_cv_lib_curl_ssl_supported=yes])
LIBS=$save_LIBS LIBS=$save_LIBS
CFLAGS=$save_CFLAGS CFLAGS=$save_CFLAGS
]) ])
AS_VAR_IF([php_cv_lib_curl_ssl], [yes], [ AS_VAR_IF([php_cv_lib_curl_ssl_supported], [no], [
AC_DEFINE([HAVE_CURL_OLD_OPENSSL], [1], AC_MSG_ERROR([libcurl is linked against an unsupported OpenSSL version. OpenSSL 1.1.1 or later is required.])
[Define to 1 if libcurl is linked against old OpenSSL < 1.1.])
PHP_SETUP_OPENSSL([CURL_SHARED_LIBADD],
[AC_CHECK_HEADERS([openssl/crypto.h])])
]) ])
]) ])

68
ext/curl/interface.c
View file

@ -39,20 +39,6 @@
#define HttpPost curl_httppost #define HttpPost curl_httppost
#endif #endif
/* {{{ cruft for thread safe SSL crypto locks */
#if defined(ZTS) && defined(HAVE_CURL_OLD_OPENSSL)
# if defined(HAVE_OPENSSL_CRYPTO_H)
# define PHP_CURL_NEED_OPENSSL_TSL
# include <openssl/crypto.h>
# else
# warning \
"libcurl was compiled with OpenSSL support, but configure could not find " \
"openssl/crypto.h; thus no SSL crypto locking callbacks will be set, which may " \
"cause random crashes on SSL requests"
# endif
#endif /* ZTS && HAVE_CURL_OLD_OPENSSL */
/* }}} */
#include "zend_smart_str.h" #include "zend_smart_str.h"
#include "ext/standard/info.h" #include "ext/standard/info.h"
#include "ext/standard/file.h" #include "ext/standard/file.h"
@ -70,27 +56,6 @@
ZEND_DECLARE_MODULE_GLOBALS(curl) ZEND_DECLARE_MODULE_GLOBALS(curl)
#ifdef PHP_CURL_NEED_OPENSSL_TSL /* {{{ */
static MUTEX_T *php_curl_openssl_tsl = NULL;
/* Locking callbacks are no longer used since OpenSSL 1.1. Mark the functions as unused to
* avoid warnings due to this. */
static ZEND_ATTRIBUTE_UNUSED void php_curl_ssl_lock(int mode, int n, const char * file, int line)
{
if (mode & CRYPTO_LOCK) {
tsrm_mutex_lock(php_curl_openssl_tsl[n]);
} else {
tsrm_mutex_unlock(php_curl_openssl_tsl[n]);
}
}
static ZEND_ATTRIBUTE_UNUSED unsigned long php_curl_ssl_id(void)
{
return (unsigned long) tsrm_thread_id();
}
#endif
/* }}} */
#define CAAL(s, v) add_assoc_long_ex(return_value, s, sizeof(s) - 1, (zend_long) v); #define CAAL(s, v) add_assoc_long_ex(return_value, s, sizeof(s) - 1, (zend_long) v);
#define CAAD(s, v) add_assoc_double_ex(return_value, s, sizeof(s) - 1, (double) v); #define CAAD(s, v) add_assoc_double_ex(return_value, s, sizeof(s) - 1, (double) v);
#define CAAS(s, v) add_assoc_string_ex(return_value, s, sizeof(s) - 1, (char *) (v ? v : "")); #define CAAS(s, v) add_assoc_string_ex(return_value, s, sizeof(s) - 1, (char *) (v ? v : ""));
@ -389,24 +354,6 @@ PHP_MINIT_FUNCTION(curl)
register_curl_symbols(module_number); register_curl_symbols(module_number);
#ifdef PHP_CURL_NEED_OPENSSL_TSL
if (!CRYPTO_get_id_callback()) {
int i, c = CRYPTO_num_locks();
php_curl_openssl_tsl = malloc(c * sizeof(MUTEX_T));
if (!php_curl_openssl_tsl) {
return FAILURE;
}
for (i = 0; i < c; ++i) {
php_curl_openssl_tsl[i] = tsrm_mutex_alloc();
}
CRYPTO_set_id_callback(php_curl_ssl_id);
CRYPTO_set_locking_callback(php_curl_ssl_lock);
}
#endif
if (curl_global_init(CURL_GLOBAL_DEFAULT) != CURLE_OK) { if (curl_global_init(CURL_GLOBAL_DEFAULT) != CURLE_OK) {
return FAILURE; return FAILURE;
} }
@ -568,21 +515,6 @@ zend_result curl_cast_object(zend_object *obj, zval *result, int type)
PHP_MSHUTDOWN_FUNCTION(curl) PHP_MSHUTDOWN_FUNCTION(curl)
{ {
curl_global_cleanup(); curl_global_cleanup();
#ifdef PHP_CURL_NEED_OPENSSL_TSL
if (php_curl_openssl_tsl) {
int i, c = CRYPTO_num_locks();
CRYPTO_set_id_callback(NULL);
CRYPTO_set_locking_callback(NULL);
for (i = 0; i < c; ++i) {
tsrm_mutex_free(php_curl_openssl_tsl[i]);
}
free(php_curl_openssl_tsl);
php_curl_openssl_tsl = NULL;
}
#endif
UNREGISTER_INI_ENTRIES(); UNREGISTER_INI_ENTRIES();
return SUCCESS; return SUCCESS;
} }