Merge branch 'PHP-8.3' into PHP-8.4

iluuu1994 · iluuu1994 · commit 5bd7e3be0b26 · 2026-05-02T01:56:54.000+02:00
* PHP-8.3:
  Backport compatibility changes for OpenSSL 4.0
diff --git a/NEWS b/NEWS
@@ -6,6 +6,9 @@ PHP                                                                        NEWS
   . Fixed tracing JIT crash when a VM interrupt is handled during an observed
     user function call. (Levi Morrison)
 
+- OpenSSL:
+  . Fix compatibility issues with OpenSSL 4.0. (jordikroon, Remi)
+
 - Standard:
   . Fixed bug GH-21689 (version_compare() incorrectly handles versions ending
     with a dot). (timwolla)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -492,9 +492,9 @@ void php_openssl_store_errors(void)
 	errors = OPENSSL_G(errors);
 
 	do {
-		errors->top = (errors->top + 1) % ERR_NUM_ERRORS;
+		errors->top = (errors->top + 1) % PHP_OPENSSL_ERR_BUFFER_SIZE;
 		if (errors->top == errors->bottom) {
-			errors->bottom = (errors->bottom + 1) % ERR_NUM_ERRORS;
+			errors->bottom = (errors->bottom + 1) % PHP_OPENSSL_ERR_BUFFER_SIZE;
 		}
 		errors->buffer[errors->top] = error_code;
 	} while ((error_code = ERR_get_error()));
@@ -739,7 +739,7 @@ static void php_openssl_add_assoc_name_entry(zval * val, char * key, X509_NAME *
 
 static void php_openssl_add_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str) /* {{{ */
 {
-	add_assoc_stringl(val, key, (char *)str->data, str->length);
+	add_assoc_stringl(val, key, (const char *)ASN1_STRING_get0_data(str), ASN1_STRING_length(str));
 }
 /* }}} */
 
@@ -772,12 +772,12 @@ static time_t php_openssl_asn1_time_to_time_t(ASN1_UTCTIME * timestr) /* {{{ */
 	}
 
 	if (timestr_len < 13) {
-		php_error_docref(NULL, E_WARNING, "Unable to parse time string %s correctly", timestr->data);
+		php_error_docref(NULL, E_WARNING, "Unable to parse time string %s correctly", ASN1_STRING_get0_data(timestr));
 		return (time_t)-1;
 	}
 
 	if (ASN1_STRING_type(timestr) == V_ASN1_GENERALIZEDTIME && timestr_len < 15) {
-		php_error_docref(NULL, E_WARNING, "Unable to parse time string %s correctly", timestr->data);
+		php_error_docref(NULL, E_WARNING, "Unable to parse time string %s correctly", ASN1_STRING_get0_data(timestr));
 		return (time_t)-1;
 	}
 
@@ -2040,8 +2040,8 @@ static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
 	}
 
 	extension_data = X509_EXTENSION_get_data(extension);
-	p = extension_data->data;
-	length = extension_data->length;
+	p = ASN1_STRING_get0_data(extension_data);
+	length = ASN1_STRING_length(extension_data);
 	if (method->it) {
 		names = (GENERAL_NAMES*) (ASN1_item_d2i(NULL, &p, length,
 			ASN1_ITEM_ptr(method->it)));
@@ -7226,7 +7226,7 @@ PHP_FUNCTION(openssl_error_string)
 		RETURN_FALSE;
 	}
 
-	OPENSSL_G(errors)->bottom = (OPENSSL_G(errors)->bottom + 1) % ERR_NUM_ERRORS;
+	OPENSSL_G(errors)->bottom = (OPENSSL_G(errors)->bottom + 1) % PHP_OPENSSL_ERR_BUFFER_SIZE;
 	val = OPENSSL_G(errors)->buffer[OPENSSL_G(errors)->bottom];
 
 	if (val) {
diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h
@@ -44,6 +44,8 @@ extern zend_module_entry openssl_module_entry;
 #endif
 #endif
 
+#define PHP_OPENSSL_ERR_BUFFER_SIZE 16
+
 #define OPENSSL_RAW_DATA 1
 #define OPENSSL_ZERO_PADDING 2
 #define OPENSSL_DONT_ZERO_PAD_KEY 4
@@ -73,7 +75,7 @@ extern zend_module_entry openssl_module_entry;
 #endif
 
 struct php_openssl_errors {
-	int buffer[ERR_NUM_ERRORS];
+	int buffer[PHP_OPENSSL_ERR_BUFFER_SIZE];
 	int top;
 	int bottom;
 };
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
@@ -496,12 +496,12 @@ static bool php_openssl_matches_san_list(X509 *peer, const char *subject_name) /
 			}
 			OPENSSL_free(cert_name);
 		} else if (san->type == GEN_IPADD) {
-			if (san->d.iPAddress->length == 4) {
+			if (ASN1_STRING_length(san->d.iPAddress) == 4) {
 				snprintf(ipbuffer, sizeof(ipbuffer), "%d.%d.%d.%d",
-					san->d.iPAddress->data[0],
-					san->d.iPAddress->data[1],
-					san->d.iPAddress->data[2],
-					san->d.iPAddress->data[3]
+					ASN1_STRING_get0_data(san->d.iPAddress)[0],
+					ASN1_STRING_get0_data(san->d.iPAddress)[1],
+					ASN1_STRING_get0_data(san->d.iPAddress)[2],
+					ASN1_STRING_get0_data(san->d.iPAddress)[3]
 				);
 				if (strcasecmp(subject_name, (const char*)ipbuffer) == 0) {
 					sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
@@ -510,9 +510,9 @@ static bool php_openssl_matches_san_list(X509 *peer, const char *subject_name) /
 				}
 			}
 #ifdef HAVE_IPV6_SAN
-			else if (san->d.ip->length == 16 && subject_name_is_ipv6) {
+			else if (ASN1_STRING_length(san->d.ip) == 16 && subject_name_is_ipv6) {
 				ipbuffer[0] = 0;
-				EXPAND_IPV6_ADDRESS(ipbuffer, san->d.iPAddress->data);
+				EXPAND_IPV6_ADDRESS(ipbuffer, ASN1_STRING_get0_data(san->d.iPAddress));
 				if (strcasecmp((const char*)subject_name_ipv6_expanded, (const char*)ipbuffer) == 0) {
 					sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
 

Original file line number	Diff line number	Diff line change
`@@ -492,9 +492,9 @@ void php_openssl_store_errors(void)`
`492`	`492`	`errors = OPENSSL_G(errors);`
`493`	`493`
`494`	`494`	`do {`
`495`		`- errors->top = (errors->top + 1) % ERR_NUM_ERRORS;`
	`495`	`+ errors->top = (errors->top + 1) % PHP_OPENSSL_ERR_BUFFER_SIZE;`
`496`	`496`	`if (errors->top == errors->bottom) {`
`497`		`- errors->bottom = (errors->bottom + 1) % ERR_NUM_ERRORS;`
	`497`	`+ errors->bottom = (errors->bottom + 1) % PHP_OPENSSL_ERR_BUFFER_SIZE;`
`498`	`498`	`}`
`499`	`499`	`errors->buffer[errors->top] = error_code;`
`500`	`500`	`} while ((error_code = ERR_get_error()));`
`@@ -739,7 +739,7 @@ static void php_openssl_add_assoc_name_entry(zval * val, char * key, X509_NAME *`
`739`	`739`
`740`	`740`	`static void php_openssl_add_assoc_asn1_string(zval * val, char * key, ASN1_STRING * str) /* {{{ */`
`741`	`741`	`{`
`742`		`- add_assoc_stringl(val, key, (char *)str->data, str->length);`
	`742`	`+ add_assoc_stringl(val, key, (const char *)ASN1_STRING_get0_data(str), ASN1_STRING_length(str));`
`743`	`743`	`}`
`744`	`744`	`/* }}} */`
`745`	`745`
`@@ -772,12 +772,12 @@ static time_t php_openssl_asn1_time_to_time_t(ASN1_UTCTIME * timestr) /* {{{ */`
`772`	`772`	`}`
`773`	`773`
`774`	`774`	`if (timestr_len < 13) {`
`775`		`- php_error_docref(NULL, E_WARNING, "Unable to parse time string %s correctly", timestr->data);`
	`775`	`+ php_error_docref(NULL, E_WARNING, "Unable to parse time string %s correctly", ASN1_STRING_get0_data(timestr));`
`776`	`776`	`return (time_t)-1;`
`777`	`777`	`}`
`778`	`778`
`779`	`779`	`if (ASN1_STRING_type(timestr) == V_ASN1_GENERALIZEDTIME && timestr_len < 15) {`
`780`		`- php_error_docref(NULL, E_WARNING, "Unable to parse time string %s correctly", timestr->data);`
	`780`	`+ php_error_docref(NULL, E_WARNING, "Unable to parse time string %s correctly", ASN1_STRING_get0_data(timestr));`
`781`	`781`	`return (time_t)-1;`
`782`	`782`	`}`
`783`	`783`
`@@ -2040,8 +2040,8 @@ static int openssl_x509v3_subjectAltName(BIO bio, X509_EXTENSION extension)`
`2040`	`2040`	`}`
`2041`	`2041`
`2042`	`2042`	`extension_data = X509_EXTENSION_get_data(extension);`
`2043`		`- p = extension_data->data;`
`2044`		`- length = extension_data->length;`
	`2043`	`+ p = ASN1_STRING_get0_data(extension_data);`
	`2044`	`+ length = ASN1_STRING_length(extension_data);`
`2045`	`2045`	`if (method->it) {`
`2046`	`2046`	`names = (GENERAL_NAMES*) (ASN1_item_d2i(NULL, &p, length,`
`2047`	`2047`	`ASN1_ITEM_ptr(method->it)));`
`@@ -7226,7 +7226,7 @@ PHP_FUNCTION(openssl_error_string)`
`7226`	`7226`	`RETURN_FALSE;`
`7227`	`7227`	`}`
`7228`	`7228`
`7229`		`- OPENSSL_G(errors)->bottom = (OPENSSL_G(errors)->bottom + 1) % ERR_NUM_ERRORS;`
	`7229`	`+ OPENSSL_G(errors)->bottom = (OPENSSL_G(errors)->bottom + 1) % PHP_OPENSSL_ERR_BUFFER_SIZE;`
`7230`	`7230`	`val = OPENSSL_G(errors)->buffer[OPENSSL_G(errors)->bottom];`
`7231`	`7231`
`7232`	`7232`	`if (val) {`