ext/openssl: Bump minimum openssl version to 1.1.1#8
Closed
Conversation
github-actions
Bot
added
Category: Build System
Extension: ftp
Extension: openssl
labels
Ayesh
force-pushed
the
openssl-bump
branch
6 times, most recently
from
35f9110 to
b63a489
Compare
github-actions
Bot
added
Category: Engine
Extension: date
Extension: dom
Extension: gd
Extension: gmp
Extension: hash
Extension: json
Extension: libxml
Extension: mysqli
Extension: pdo (core)
Extension: phar
Extension: session
Extension: simplexml
Extension: sockets
Extension: sodium
Extension: ldap
Extension: standard
Extension: opcache
Extension: bz2
Extension: com_dotnet
Extension: enchant
labels
Bumps the minimum required OpenSSL version from 1.0.2 to 1.1.1. OpenSSL 1.1.1 is an LTS release, but has reached[^1] EOL from upstream. However, Linux distro/OS vendors continue to ship OpenSSL 1.1.1, so 1.1.1 was picked as the minimum. The current minimum 1.0.2 reached EOL in 2018. Bumping the minimum required OpenSSL version makes it possible for ext-openssl to remove a bunch of conditional code, and assume that TLS 1.3 (shipped with OpenSSL 1.1.1) will be supported everywhere. - Debian buster: 1.1.1[^2] - Ubuntu 20.04: 1.1.1[^3] - CentOS/RHEL 7: 1.0.2 - RHEL 8/Rocky 8/EL 8: 1.1.1 - Fedora 38: 3.0.9 (`openssl11` provides OpenSSL 1.1 as well) RHEL/CentOS 7 reaches EOL mid 2024, so for PHP 8.4 scheduled towards the end of this year, we can safely bump the minimum OpenSSL version. [^1]: https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/index.html [^2]: https://packages.debian.org/buster/libssl-dev [^3]: https://packages.ubuntu.com/focal/libssl-dev
Ayesh
pushed a commit
that referenced
this pull request
Oct 16, 2024
even without sanitizers, it is reproducible but with the following
```
<?php
$g = gmp_init(256);
var_dump(gmp_pow($g, PHP_INT_MAX));
```
we get this
```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==286922==ERROR: AddressSanitizer: FPE on unknown address 0x03e8000460ca (pc 0x7faf6c69de5c bp 0x400000000000004 sp 0x7ffe9843c740 T0)
#0 0x7faf6c69de5c in __pthread_kill_implementation nptl/pthread_kill.c:44
#1 0x7faf6c649c81 in __GI_raise ../sysdeps/posix/raise.c:26
#2 0x7faf6db9386c in __gmp_exception (/lib/x86_64-linux-gnu/libgmp.so.10+0xd86c) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38)
#3 0x7faf6db938d3 in __gmp_overflow_in_mpz (/lib/x86_64-linux-gnu/libgmp.so.10+0xd8d3) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38)
#4 0x7faf6dbac95c in __gmpz_realloc (/lib/x86_64-linux-gnu/libgmp.so.10+0x2695c) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38)
#5 0x7faf6dba9038 in __gmpz_n_pow_ui (/lib/x86_64-linux-gnu/libgmp.so.10+0x23038) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38)
#6 0x5565ae1ccd9f in zif_gmp_pow /home/dcarlier/Contribs/php-src/ext/gmp/gmp.c:1286
#7 0x5565aee96ea9 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:1312
#8 0x5565af144320 in execute_ex /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:56075
#9 0x5565af160f07 in zend_execute /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:60439
#10 0x5565aed6fafe in zend_execute_scripts /home/dcarlier/Contribs/php-src/Zend/zend.c:1842
#11 0x5565aeae70a8 in php_execute_script /home/dcarlier/Contribs/php-src/main/main.c:2578
#12 0x5565af532f4e in do_cli /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:964
#13 0x5565af535877 in main /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:1334
#14 0x7faf6c633d67 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#15 0x7faf6c633e24 in __libc_start_main_impl ../csu/libc-start.c:360
#16 0x5565adc04040 in _start (/home/dcarlier/Contribs/php-src/sapi/cli/php+0x2604040) (BuildId: 949049955bdf8b7197390b1978a1dfc3ef6fdf38)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE nptl/pthread_kill.c:44 in __pthread_kill_implementation
==286922==ABORTING
```
Ayesh
pushed a commit
that referenced
this pull request
Oct 29, 2024
even without sanitizers, it is reproducible but with the following
```
<?php
$g = gmp_init(256);
var_dump(gmp_pow($g, PHP_INT_MAX));
```
we get this
```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==286922==ERROR: AddressSanitizer: FPE on unknown address 0x03e8000460ca (pc 0x7faf6c69de5c bp 0x400000000000004 sp 0x7ffe9843c740 T0)
#0 0x7faf6c69de5c in __pthread_kill_implementation nptl/pthread_kill.c:44
#1 0x7faf6c649c81 in __GI_raise ../sysdeps/posix/raise.c:26
#2 0x7faf6db9386c in __gmp_exception (/lib/x86_64-linux-gnu/libgmp.so.10+0xd86c) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38)
#3 0x7faf6db938d3 in __gmp_overflow_in_mpz (/lib/x86_64-linux-gnu/libgmp.so.10+0xd8d3) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38)
#4 0x7faf6dbac95c in __gmpz_realloc (/lib/x86_64-linux-gnu/libgmp.so.10+0x2695c) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38)
#5 0x7faf6dba9038 in __gmpz_n_pow_ui (/lib/x86_64-linux-gnu/libgmp.so.10+0x23038) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38)
#6 0x5565ae1ccd9f in zif_gmp_pow /home/dcarlier/Contribs/php-src/ext/gmp/gmp.c:1286
#7 0x5565aee96ea9 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:1312
#8 0x5565af144320 in execute_ex /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:56075
#9 0x5565af160f07 in zend_execute /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:60439
#10 0x5565aed6fafe in zend_execute_scripts /home/dcarlier/Contribs/php-src/Zend/zend.c:1842
#11 0x5565aeae70a8 in php_execute_script /home/dcarlier/Contribs/php-src/main/main.c:2578
#12 0x5565af532f4e in do_cli /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:964
#13 0x5565af535877 in main /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:1334
#14 0x7faf6c633d67 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#15 0x7faf6c633e24 in __libc_start_main_impl ../csu/libc-start.c:360
#16 0x5565adc04040 in _start (/home/dcarlier/Contribs/php-src/sapi/cli/php+0x2604040) (BuildId: 949049955bdf8b7197390b1978a1dfc3ef6fdf38)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE nptl/pthread_kill.c:44 in __pthread_kill_implementation
==286922==ABORTING
```
close phpGH-16384
Ayesh
pushed a commit
that referenced
this pull request
Apr 4, 2025
```
ext/gd/libgd/gd.c:2275:14: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
#0 0x5d6a2103e1db in php_gd_gdImageCopy /home/dcarlier/Contribs/php-src/ext/gd/libgd/gd.c:2275
#1 0x5d6a210a2b63 in gdImageCrop /home/dcarlier/Contribs/php-src/ext/gd/libgd/gd_crop.c:57
#2 0x5d6a21018ca4 in zif_imagecrop /home/dcarlier/Contribs/php-src/ext/gd/gd.c:3575
#3 0x5d6a21e46e7a in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:1337
#4 0x5d6a221188da in execute_ex /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:57246
#5 0x5d6a221366bd in zend_execute /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:61634
#6 0x5d6a21d107a6 in zend_execute_scripts /home/dcarlier/Contribs/php-src/Zend/zend.c:1895
#7 0x5d6a21a63409 in php_execute_script /home/dcarlier/Contribs/php-src/main/main.c:2529
#8 0x5d6a22516d5e in do_cli /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:966
#9 0x5d6a2251981d in main /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:1341
#10 0x7f10d002a3b7 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#11 0x7f10d002a47a in __libc_start_main_impl ../csu/libc-start.c:360
#12 0x5d6a20a06da4 in _start (/home/dcarlier/Contribs/php-src/sapi/cli/php+0x2806da4) (BuildId: d9a79c7e0e4872311439d7313cb3a81fe04190a2)
```
close phpGH-18006
Ayesh
pushed a commit
that referenced
this pull request
Apr 6, 2026
…reset
The code tries to read the context on NULL when
`php_stream_xport_crypto_setup` fails because by then `stream` is reset
to NULL.
This is also UB, so can cause miscompiles.
```
==1217==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000090 (pc 0x55d829ed3acf bp 0x7fff045f5770 sp 0x7fff045f4df0 T0)
==1217==The signal is caused by a READ memory access.
==1217==Hint: address points to the zero page.
#0 0x55d829ed3acf in php_stream_url_wrap_http_ex /work/php-src/ext/standard/http_fopen_wrapper.c:580
#1 0x55d829ed857e in php_stream_url_wrap_http /work/php-src/ext/standard/http_fopen_wrapper.c:1204
#2 0x55d82a15073d in _php_stream_open_wrapper_ex /work/php-src/main/streams/streams.c:2270
#3 0x55d829e78fa6 in zif_file_get_contents /work/php-src/ext/standard/file.c:409
#4 0x55d829bbfe39 in zif_phar_file_get_contents /work/php-src/ext/phar/func_interceptors.c:226
#5 0x55d82a0b7ed2 in zend_test_execute_internal /work/php-src/ext/zend_test/observer.c:306
#6 0x55d82a3e024a in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER /work/php-src/Zend/zend_vm_execute.h:2154
#7 0x55d82a540995 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116519
#8 0x55d82a5558b0 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962
#9 0x55d82a6ba0ab in zend_execute_script /work/php-src/Zend/zend.c:1980
#10 0x55d82a0ec8bb in php_execute_script_ex /work/php-src/main/main.c:2645
#11 0x55d82a0ecccb in php_execute_script /work/php-src/main/main.c:2685
#12 0x55d82a6bfc16 in do_cli /work/php-src/sapi/cli/php_cli.c:951
#13 0x55d82a6c21e3 in main /work/php-src/sapi/cli/php_cli.c:1362
#14 0x7f9e770491c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#15 0x7f9e7704928a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#16 0x55d829209b34 in _start (/work/php-src/build-dbg-asan/sapi/cli/php+0x609b34) (BuildId: aa149f943514fff0c491e1f199e30fed0e977f7c)
```
Closes phpGH-21468.
Closes phpGH-21031.
Ayesh
pushed a commit
that referenced
this pull request
Apr 6, 2026
Only one of the two arrays (subitem) is destroyed, and critext is not.
This leads to a memory leak if the loop bails out:
```
Direct leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7f309fe699c7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x563b9709ca05 in tracked_malloc /work/php-src/Zend/zend_alloc.c:3018
#2 0x563b9709b969 in _emalloc /work/php-src/Zend/zend_alloc.c:2780
#3 0x563b9737dc7b in _zend_new_array /work/php-src/Zend/zend_hash.c:290
#4 0x563b960f40fc in zif_openssl_x509_parse /work/php-src/ext/openssl/openssl.c:1120
#5 0x563b96eb7ed2 in zend_test_execute_internal /work/php-src/ext/zend_test/observer.c:306
#6 0x563b971e024a in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER /work/php-src/Zend/zend_vm_execute.h:2154
#7 0x563b97340995 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116519
#8 0x563b973558b0 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962
#9 0x563b974ba0ab in zend_execute_script /work/php-src/Zend/zend.c:1980
#10 0x563b96eec8bb in php_execute_script_ex /work/php-src/main/main.c:2645
#11 0x563b96eecccb in php_execute_script /work/php-src/main/main.c:2685
#12 0x563b974bfc16 in do_cli /work/php-src/sapi/cli/php_cli.c:951
#13 0x563b974c21e3 in main /work/php-src/sapi/cli/php_cli.c:1362
#14 0x7f309f1641c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#15 0x7f309f16428a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#16 0x563b96009b34 in _start (/work/php-src/build-dbg-asan/sapi/cli/php+0x609b34) (BuildId: aa149f943514fff0c491e1f199e30fed0e977f7c)
```
Ayesh
pushed a commit
that referenced
this pull request
Apr 6, 2026
Most functions in OpenSSL can handle NULL arguments, but apparently
i2d_PKCS12_bio not. Prevent crashes by adding a NULL check.
ASAN trace:
```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==132158==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000058 (pc 0x7fc646e33b69 bp 0x7fff7fe53d30 sp 0x7fff7fe53d18 T0)
==132158==The signal is caused by a WRITE memory access.
==132158==Hint: address points to the zero page.
#0 0x7fc646e33b69 in BIO_up_ref (/lib/x86_64-linux-gnu/libcrypto.so.3+0xedb69) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#1 0x7fc646e3eac2 (/lib/x86_64-linux-gnu/libcrypto.so.3+0xf8ac2) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#2 0x7fc646f126f0 (/lib/x86_64-linux-gnu/libcrypto.so.3+0x1cc6f0) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#3 0x7fc646f12aa6 in OSSL_ENCODER_to_bio (/lib/x86_64-linux-gnu/libcrypto.so.3+0x1ccaa6) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#4 0x7fc647038adf in PEM_write_bio_PrivateKey_ex (/lib/x86_64-linux-gnu/libcrypto.so.3+0x2f2adf) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#5 0x7fc647038bc7 in PEM_write_bio_PrivateKey (/lib/x86_64-linux-gnu/libcrypto.so.3+0x2f2bc7) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#6 0x55ed204f881e in zif_openssl_pkcs12_read /work/php-src/ext/openssl/openssl.c:1520
#7 0x55ed215aa81b in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /work/php-src/Zend/zend_vm_execute.h:1355
#8 0x55ed217101a9 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116469
#9 0x55ed217253d0 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962
#10 0x55ed21889bcb in zend_execute_script /work/php-src/Zend/zend.c:1980
#11 0x55ed212bc3db in php_execute_script_ex /work/php-src/main/main.c:2645
#12 0x55ed212bc7eb in php_execute_script /work/php-src/main/main.c:2685
#13 0x55ed2188f736 in do_cli /work/php-src/sapi/cli/php_cli.c:951
#14 0x55ed21891d03 in main /work/php-src/sapi/cli/php_cli.c:1362
#15 0x7fc6469c61c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#16 0x7fc6469c628a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#17 0x55ed20409b54 in _start (/work/php-src/sapi/cli/php+0x609b54) (BuildId: 7ce2ce63d1ea0b60b6ee6599e1c6b5160f97af1e)
```
Closes phpGH-20995.
Ayesh
pushed a commit
that referenced
this pull request
Apr 6, 2026
ASAN report:
```
Direct leak of 272 byte(s) in 1 object(s) allocated from:
#0 0x7f4ce970d9c7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f4ce8fa97c4 in CRYPTO_zalloc (/lib/x86_64-linux-gnu/libcrypto.so.3+0x2237c4) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#2 0x7f4ce910adbd in X509_STORE_CTX_new_ex (/lib/x86_64-linux-gnu/libcrypto.so.3+0x384dbd) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#3 0x563e4a51c26c in php_openssl_check_cert /work/php-src/ext/openssl/openssl_backend_common.c:748
#4 0x563e4a4f529c in zif_openssl_x509_checkpurpose /work/php-src/ext/openssl/openssl.c:1221
#5 0x563e4b2b7ed2 in zend_test_execute_internal /work/php-src/ext/zend_test/observer.c:306
#6 0x563e4b5e024a in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER /work/php-src/Zend/zend_vm_execute.h:2154
#7 0x563e4b740995 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116519
#8 0x563e4b7558b0 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962
#9 0x563e4b8ba0ab in zend_execute_script /work/php-src/Zend/zend.c:1980
#10 0x563e4b2ec8bb in php_execute_script_ex /work/php-src/main/main.c:2645
#11 0x563e4b2ecccb in php_execute_script /work/php-src/main/main.c:2685
#12 0x563e4b8bfc16 in do_cli /work/php-src/sapi/cli/php_cli.c:951
#13 0x563e4b8c21e3 in main /work/php-src/sapi/cli/php_cli.c:1362
#14 0x7f4ce8a081c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#15 0x7f4ce8a0828a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#16 0x563e4a409b34 in _start (/work/php-src/build-dbg-asan/sapi/cli/php+0x609b34) (BuildId: aa149f943514fff0c491e1f199e30fed0e977f7c)
```
Closes phpGH-21009.
Ayesh
pushed a commit
that referenced
this pull request
Apr 6, 2026
Other locations of EVP_PKEY_CTX_new() pass the pointer into a function
that can handle NULL pointer inputs; OR they check for a NULL pointer.
EVP_PKEY_check() apparently cannot handle a NULL pointer argument:
```
==3749==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000088 (pc 0x7f6f4550c0fb bp 0x7ffcbff3a9c0 sp 0x7ffcbff3a9b0 T0)
==3749==The signal is caused by a READ memory access.
==3749==Hint: address points to the zero page.
#0 0x7f6f4550c0fb in EVP_PKEY_pairwise_check (/lib/x86_64-linux-gnu/libcrypto.so.3+0x20f0fb) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#1 0x561499d27117 in php_openssl_pkey_init_ec /work/php-src/ext/openssl/openssl_backend_v3.c:459
#2 0x561499cfe328 in zif_openssl_pkey_new /work/php-src/ext/openssl/openssl.c:2061
#3 0x56149aab7ed2 in zend_test_execute_internal /work/php-src/ext/zend_test/observer.c:306
#4 0x56149ade024a in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER /work/php-src/Zend/zend_vm_execute.h:2154
#5 0x56149af40995 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116519
#6 0x56149af558b0 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962
#7 0x56149b0ba0ab in zend_execute_script /work/php-src/Zend/zend.c:1980
#8 0x56149aaec8bb in php_execute_script_ex /work/php-src/main/main.c:2645
#9 0x56149aaecccb in php_execute_script /work/php-src/main/main.c:2685
#10 0x56149b0bfc16 in do_cli /work/php-src/sapi/cli/php_cli.c:951
#11 0x56149b0c21e3 in main /work/php-src/sapi/cli/php_cli.c:1362
#12 0x7f6f44f7f1c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#13 0x7f6f44f7f28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#14 0x561499c09b34 in _start (/work/php-src/build-dbg-asan/sapi/cli/php+0x609b34) (BuildId: eb0a8e6b6d683fbdf45156dfed4d76f9110252b9)
```
Closes phpGH-21013.
Ayesh
pushed a commit
that referenced
this pull request
Apr 6, 2026
EVP_DigestInit() cannot handle a NULL argument:
```
==8028==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000028 (pc 0x7fade0826b2d bp 0x7ffcae8236f0 sp 0x7ffcae8236c0 T0)
==8028==The signal is caused by a READ memory access.
==8028==Hint: address points to the zero page.
#0 0x7fade0826b2d (/lib/x86_64-linux-gnu/libcrypto.so.3+0x1e3b2d) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#1 0x5584fb314601 in zif_openssl_digest /work/php-src/ext/openssl/openssl.c:4459
#2 0x5584fc0b7ed2 in zend_test_execute_internal /work/php-src/ext/zend_test/observer.c:306
#3 0x5584fc3e024a in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER /work/php-src/Zend/zend_vm_execute.h:2154
#4 0x5584fc540995 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116519
#5 0x5584fc5558b0 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962
#6 0x5584fc6ba0ab in zend_execute_script /work/php-src/Zend/zend.c:1980
#7 0x5584fc0ec8bb in php_execute_script_ex /work/php-src/main/main.c:2645
#8 0x5584fc0ecccb in php_execute_script /work/php-src/main/main.c:2685
#9 0x5584fc6bfc16 in do_cli /work/php-src/sapi/cli/php_cli.c:951
#10 0x5584fc6c21e3 in main /work/php-src/sapi/cli/php_cli.c:1362
#11 0x7fade02c51c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#12 0x7fade02c528a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#13 0x5584fb209b34 in _start (/work/php-src/build-dbg-asan/sapi/cli/php+0x609b34) (BuildId: aa149f943514fff0c491e1f199e30fed0e977f7c)
```
Closes phpGH-21019.
Ayesh
pushed a commit
that referenced
this pull request
Apr 6, 2026
```
==59541==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000058 (pc 0x7f9fafba9b69 bp 0x7ffe3fd87700 sp 0x7ffe3fd876e8 T0)
==59541==The signal is caused by a WRITE memory access.
==59541==Hint: address points to the zero page.
#0 0x7f9fafba9b69 in BIO_up_ref (/lib/x86_64-linux-gnu/libcrypto.so.3+0xedb69) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#1 0x7f9fafbb4ac2 (/lib/x86_64-linux-gnu/libcrypto.so.3+0xf8ac2) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#2 0x7f9fafc886f0 (/lib/x86_64-linux-gnu/libcrypto.so.3+0x1cc6f0) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#3 0x7f9fafc88aa6 in OSSL_ENCODER_to_bio (/lib/x86_64-linux-gnu/libcrypto.so.3+0x1ccaa6) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#4 0x7f9fafdaeadf in PEM_write_bio_PrivateKey_ex (/lib/x86_64-linux-gnu/libcrypto.so.3+0x2f2adf) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#5 0x7f9fafdaebc7 in PEM_write_bio_PrivateKey (/lib/x86_64-linux-gnu/libcrypto.so.3+0x2f2bc7) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#6 0x555dbe4ff75f in zif_openssl_pkey_export /work/php-src/ext/openssl/openssl.c:2216
#7 0x555dbf2b7ed2 in zend_test_execute_internal /work/php-src/ext/zend_test/observer.c:306
#8 0x555dbf5e024a in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER /work/php-src/Zend/zend_vm_execute.h:2154
#9 0x555dbf740995 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116519
#10 0x555dbf7558b0 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962
#11 0x555dbf8ba0ab in zend_execute_script /work/php-src/Zend/zend.c:1980
#12 0x555dbf2ec8bb in php_execute_script_ex /work/php-src/main/main.c:2645
#13 0x555dbf2ecccb in php_execute_script /work/php-src/main/main.c:2685
#14 0x555dbf8bfc16 in do_cli /work/php-src/sapi/cli/php_cli.c:951
#15 0x555dbf8c21e3 in main /work/php-src/sapi/cli/php_cli.c:1362
#16 0x7f9faf73e1c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#17 0x7f9faf73e28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#18 0x555dbe409b34 in _start (/work/php-src/build-dbg-asan/sapi/cli/php+0x609b34) (BuildId: aa149f943514fff0c491e1f199e30fed0e977f7c)
```
Closes phpGH-21021.
Ayesh
pushed a commit
that referenced
this pull request
Apr 6, 2026
Example ASAN report:
```
==55442==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000058 (pc 0x7f73a6413b69 bp 0x7ffe666f6010 sp 0x7ffe666f5ff8 T0)
==55442==The signal is caused by a WRITE memory access.
==55442==Hint: address points to the zero page.
#0 0x7f73a6413b69 in BIO_up_ref (/lib/x86_64-linux-gnu/libcrypto.so.3+0xedb69) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#1 0x7f73a641eac2 (/lib/x86_64-linux-gnu/libcrypto.so.3+0xf8ac2) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#2 0x7f73a64f26f0 (/lib/x86_64-linux-gnu/libcrypto.so.3+0x1cc6f0) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#3 0x7f73a64f2aa6 in OSSL_ENCODER_to_bio (/lib/x86_64-linux-gnu/libcrypto.so.3+0x1ccaa6) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#4 0x7f73a6618adf in PEM_write_bio_PrivateKey_ex (/lib/x86_64-linux-gnu/libcrypto.so.3+0x2f2adf) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#5 0x7f73a6618bc7 in PEM_write_bio_PrivateKey (/lib/x86_64-linux-gnu/libcrypto.so.3+0x2f2bc7) (BuildId: 0698e1ff610cb3c6993dccbd82c1281b1b4c5ade)
#6 0x559b16af882b in zif_openssl_pkcs12_read /work/php-src/ext/openssl/openssl.c:1520
#7 0x559b178b7ed2 in zend_test_execute_internal /work/php-src/ext/zend_test/observer.c:306
#8 0x559b17be024a in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER /work/php-src/Zend/zend_vm_execute.h:2154
#9 0x559b17d40995 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116519
#10 0x559b17d558b0 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962
#11 0x559b17eba0ab in zend_execute_script /work/php-src/Zend/zend.c:1980
#12 0x559b178ec8bb in php_execute_script_ex /work/php-src/main/main.c:2645
#13 0x559b178ecccb in php_execute_script /work/php-src/main/main.c:2685
#14 0x559b17ebfc16 in do_cli /work/php-src/sapi/cli/php_cli.c:951
#15 0x559b17ec21e3 in main /work/php-src/sapi/cli/php_cli.c:1362
#16 0x7f73a5fa81c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#17 0x7f73a5fa828a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#18 0x559b16a09b34 in _start (/work/php-src/build-dbg-asan/sapi/cli/php+0x609b34) (BuildId: aa149f943514fff0c491e1f199e30fed0e977f7c)
```
Closes phpGH-21022.
Ayesh
pushed a commit
that referenced
this pull request
Apr 6, 2026
…ails
```
==41743==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000090 (pc 0x557f134d3acf bp 0x7ffd4d5bc1f0 sp 0x7ffd4d5bb870 T0)
==41743==The signal is caused by a READ memory access.
==41743==Hint: address points to the zero page.
#0 0x557f134d3acf in php_stream_url_wrap_http_ex /work/php-src/ext/standard/http_fopen_wrapper.c:580
#1 0x557f134d857e in php_stream_url_wrap_http /work/php-src/ext/standard/http_fopen_wrapper.c:1204
#2 0x557f1375073d in _php_stream_open_wrapper_ex /work/php-src/main/streams/streams.c:2270
#3 0x557f13478fa6 in zif_file_get_contents /work/php-src/ext/standard/file.c:409
#4 0x557f131bfe39 in zif_phar_file_get_contents /work/php-src/ext/phar/func_interceptors.c:226
#5 0x557f136b7ed2 in zend_test_execute_internal /work/php-src/ext/zend_test/observer.c:306
#6 0x557f139e024a in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER /work/php-src/Zend/zend_vm_execute.h:2154
#7 0x557f13b40995 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116519
#8 0x557f13b558b0 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962
#9 0x557f13cba0ab in zend_execute_script /work/php-src/Zend/zend.c:1980
#10 0x557f136ec8bb in php_execute_script_ex /work/php-src/main/main.c:2645
#11 0x557f136ecccb in php_execute_script /work/php-src/main/main.c:2685
#12 0x557f13cbfc16 in do_cli /work/php-src/sapi/cli/php_cli.c:951
#13 0x557f13cc21e3 in main /work/php-src/sapi/cli/php_cli.c:1362
#14 0x7f14599cd1c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#15 0x7f14599cd28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#16 0x557f12809b34 in _start (/work/php-src/build-dbg-asan/sapi/cli/php+0x609b34) (BuildId: aa149f943514fff0c491e1f199e30fed0e977f7c)
```
Closes phpGH-21026.
Ayesh
pushed a commit
that referenced
this pull request
Apr 6, 2026
`pkey` must be released after it was allocated on the error paths.
Otherwise we get leaks like this:
```
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7ff8d76a1340 in calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:77
#1 0x7ff8d7189136 in EVP_PKEY_new evp/p_lib.c:385
#2 0x7ff8d71178e4 in d2i_PrivateKey asn1/a_pkey.c:80
#3 0x7ff8d719ed07 in PEM_read_bio_PrivateKey pem/pem_pkey.c:135
#4 0x555c54726e80 in php_openssl_pem_read_bio_private_key /work/php-src/ext/openssl/openssl_backend_v1.c:738
#5 0x555c5471ee77 in php_openssl_pkey_from_zval /work/php-src/ext/openssl/openssl_backend_common.c:1297
#6 0x555c54712e3f in zif_openssl_open /work/php-src/ext/openssl/openssl.c:4331
#7 0x555c554b44e5 in zend_test_execute_internal /work/php-src/ext/zend_test/observer.c:306
#8 0x555c557dba0b in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER /work/php-src/Zend/zend_vm_execute.h:2024
#9 0x555c5593cf57 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116514
#10 0x555c55951ec0 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962
#11 0x555c55ab60cc in zend_execute_script /work/php-src/Zend/zend.c:1980
#12 0x555c554e8ecb in php_execute_script_ex /work/php-src/main/main.c:2645
#13 0x555c554e92db in php_execute_script /work/php-src/main/main.c:2685
#14 0x555c55abbc37 in do_cli /work/php-src/sapi/cli/php_cli.c:951
#15 0x555c55abe204 in main /work/php-src/sapi/cli/php_cli.c:1362
#16 0x7ff8d6d061c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#17 0x7ff8d6d0628a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
#18 0x555c54609db4 in _start (/work/php-src/build-dbg-asan/sapi/cli/php+0x609db4) (BuildId: 5cc444a6a9fc1a486ea698e72366c16bd5472605)
```
Closes phpGH-21054.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.