Enable native SSL support in ext/phar

SSL support in ext/phar is enabled either as native (using the system's
OpenSSL and its Crypto library linked directly) or as a wrapper provided
by ext/openssl.

Native OpenSSL support previously couldn't be enabled when building with
shared openssl extension:

    ./configure --with-openssl=shared --enable-phar=shared

or:

    ./configure --with-openssl=shared --enable-phar

Some PHP packages build both of these extensions as shared and it makes
sense to provide native OpenSSL support in phar extension also when the
openssl extension is built as shared.

Shared phar extension with native OpenSSL enabled now gets libcrypto
linked directly:

    ldd modules/phar.so
        linux-vdso.so.1
        libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
        /lib64/ld-linux-x86-64.so.2

The new --with-phar-ssl Autotools configure option enables the SSL
support in phar when building without openssl extension or in edge cases
when building with phpize:

    ./configure --with-phar --with-phar-ssl --without-openssl

Windows already includes similar option (--enable-phar-native-ssl). This
links phar extension with the OpenSSL library on Windows instead of the
static libeay32, which is not present in Windows OpenSSL builds anymore.

Changed tests:

- ext/phar/tests/**/phar_setsignaturealgo2.phpt - needs ext/openssl
  enabled due to openssl_get_privatekey().
- ext/phar/tests/phar_setsignaturealgo.phpt - test for ext/phar with
  native OpenSSL support and ext/openssl disabled.

Author: petk

UPGRADING.INTERNALS

@@ -132,6 +132,9 @@ PHP 8.4 INTERNALS UPGRADE NOTES
      --with-ftp-ssl and --with-mysqlnd-ssl.
    - New configure option --with-openssl-legacy-provider to enable OpenSSL
      legacy provider.
+   - New configure option --with-phar-ssl to explicitly enable SSL support in
+     phar extension when building without openssl extension. When building with
+     openssl extension (shared or static), SSL support is enabled implicitly.
    - COOKIE_IO_FUNCTIONS_T symbol has been removed (use cookie_io_functions_t).
    - HAVE_SOCKADDR_UN_SUN_LEN symbol renamed to HAVE_STRUCT_SOCKADDR_UN_SUN_LEN.
    - HAVE_UTSNAME_DOMAINNAME symbol renamed to HAVE_STRUCT_UTSNAME_DOMAINNAME.

ext/phar/config.m4

@@ -4,6 +4,19 @@ PHP_ARG_ENABLE([phar],
     [Disable phar support])],
   [yes])
 
+dnl Empty variable means 'no' (for phpize builds).
+AS_VAR_IF([PHP_OPENSSL],, [PHP_OPENSSL=no])
+
+PHP_ARG_WITH([phar-ssl],
+  [whether to enable native OpenSSL support for phar],
+  [AS_HELP_STRING([--with-phar-ssl],
+    [Explicitly enable SSL support in phar extension through the OpenSSL library
+    when building without openssl extension or when using phpize. If the openssl
+    extension is enabled at the configure step (--with-openssl), SSL is enabled
+    implicitly regardless of this option.])],
+  [$PHP_OPENSSL],
+  [no])
+
 if test "$PHP_PHAR" != "no"; then
   PHP_NEW_EXTENSION([phar], m4_normalize([
       dirstream.c
@@ -18,17 +31,14 @@ if test "$PHP_PHAR" != "no"; then
     ]),
     [$ext_shared],,
     [-DZEND_ENABLE_STATIC_TSRMLS_CACHE=1])
-  AC_MSG_CHECKING([for phar openssl support])
-  if test "$PHP_OPENSSL_SHARED" = "yes"; then
-    AC_MSG_RESULT([no (shared openssl)])
-  else
-    if test "$PHP_OPENSSL" = "yes"; then
-      AC_MSG_RESULT([yes])
-      AC_DEFINE(PHAR_HAVE_OPENSSL,1,[ ])
-    else
-      AC_MSG_RESULT([no])
-    fi
-  fi
+
+  AS_VAR_IF([PHP_PHAR_SSL], [no],, [
+    PHP_SETUP_OPENSSL([PHAR_SHARED_LIBADD],
+      [AC_DEFINE([PHAR_HAVE_OPENSSL], [1],
+        [Define to 1 if phar extension has native OpenSSL support.])])
+    PHP_SUBST([PHAR_SHARED_LIBADD])
+  ])
+
   PHP_ADD_EXTENSION_DEP(phar, hash)
   PHP_ADD_EXTENSION_DEP(phar, spl)
   PHP_ADD_MAKEFILE_FRAGMENT

ext/phar/config.w32

@@ -13,14 +13,9 @@ if (PHP_PHAR != "no") {
 		ADD_FLAG("CFLAGS_PHAR", "/D COMPILE_DL_PHAR ");
 	}
 	if (PHP_PHAR_NATIVE_SSL != "no") {
-		if (CHECK_LIB("libeay32st.lib", "phar")) {
-			/* We don't really need GDI for this, but there's no
-			way to avoid linking it in the static openssl build */
-			ADD_FLAG("LIBS_PHAR", "libeay32st.lib gdi32.lib");
-			if (PHP_DEBUG == "no") {
-				/* Silence irrelevant-to-us warning in release builds */
-				ADD_FLAG("LDFLAGS_PHAR", "/IGNORE:4089 ");
-			}
+		var ret = SETUP_OPENSSL("phar", PHP_PHAR);
+
+		if (ret >= 2) {
 			AC_DEFINE('PHAR_HAVE_OPENSSL', 1);
 			STDOUT.WriteLine('        Native OpenSSL support in Phar enabled');
 		} else {

ext/phar/tests/phar_setsignaturealgo.phpt

@@ -0,0 +1,99 @@
+--TEST--
+Phar::setSignatureAlgorithm() with native OpenSSL and without ext/openssl
+--EXTENSIONS--
+phar
+--SKIPIF--
+<?php
+if (extension_loaded("openssl")) die("skip ext/openssl must be disabled for this test");
+$arr = Phar::getSupportedSignatures();
+if (!in_array("OpenSSL", $arr)) die("skip openssl support required");
+?>
+--INI--
+phar.require_hash=0
+phar.readonly=0
+--FILE--
+<?php
+$fname = __DIR__ . '/' . basename(__FILE__, '.php') . '.phar';
+$p = new Phar($fname);
+$p['file1.txt'] = 'hi';
+var_dump($p->getSignature());
+$p->setSignatureAlgorithm(Phar::MD5);
+var_dump($p->getSignature());
+$p->setSignatureAlgorithm(Phar::SHA1);
+var_dump($p->getSignature());
+try {
+$p->setSignatureAlgorithm(Phar::SHA256);
+var_dump($p->getSignature());
+} catch (Exception $e) {
+echo $e->getMessage();
+}
+try {
+$p->setSignatureAlgorithm(Phar::SHA512);
+var_dump($p->getSignature());
+} catch (Exception $e) {
+echo $e->getMessage();
+}
+try {
+$pkey = '-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMDcANSIpkgSF6Rh
+KHM8JncsVuCsO5XjiMf3g50lB+poJAG9leoygbVtY55h9tzeI7SAdZbdIoHbtJ/V
+kGdzlzX5jMGbH1sWKk5fZbai4pLZigd4ihH2V4M27jKrAGy6CAU8ZU/Ez2KQQj5g
+A4ZVMJ3iZXlqCmRWwcs0lZvP+c9XAgMBAAECgYAaJLioFu4TjwBNdC47kMfWF9if
+FDnvk6yTDuZ0gvSTvhJDeiO8X6Rdp7p9WeJRBnvomBFYphlraREPKbAtlenFVuIY
+v10O9BjxkQ0O1Y7L2ztMO3E2LFtmWgoGimAnsbUHTkuB61Hd2AWdA7C357eQ67vZ
+GlLu2HIFpSbzMcJFIQJBAPD6Hm7ETuL0ILwofImXAahHbwpmCtKmjvjJaFD5vWXP
+FD6uTbBOgUP+n5Y17+d/vxhSX9yrQueAIodju3bbxUsCQQDM4fMCO4OUYbMroql7
+ruIqBd34akrA+v2JoV+bMAE6RHBC6DgsI3uySbMJfmnPGoxlbXE0gKN4ONawwDd3
+gTKlAkEAnJc8DWidhpdzajG488Pf/NUmkBBNOiOnxn1Cv1P6Ql01X6HutAHfuCqO
+05KLKdj2ebyVtJTJrhuy1F33pL4dTwJBAKnIEB3ofahnshdV64cALJFQXVpvktUK
+6TG1Vcn/ZPUJI9J+J5aELQxYwJH8fOhQAspGgEpW06Bb0aWVFCHnIbUCQBFVhu+P
+RcHLpdSl7lZmws1bCnDUmt5GzKBw9diHxuyfGEJ0c0clDTWVEMyO80u0jxrliMkT
+8h5bvpPaY8KIlkg=
+-----END PRIVATE KEY-----';
+$p->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
+var_dump($p->getSignature());
+} catch (Exception $e) {
+echo $e->getMessage();
+}
+?>
+--CLEAN--
+<?php
+unlink(__DIR__ . '/' . basename(__FILE__, '.clean.php') . '.phar');
+?>
+--EXPECTF--
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "SHA-256"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(3) "MD5"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(5) "SHA-1"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "SHA-256"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "SHA-512"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "OpenSSL"
+}

ext/phar/tests/phar_setsignaturealgo2.phpt

@@ -1,6 +1,7 @@
 --TEST--
-Phar::setSupportedSignatures() with hash
+Phar::setSignatureAlgorithm() with hash
 --EXTENSIONS--
+openssl
 phar
 --SKIPIF--
 <?php

ext/phar/tests/tar/phar_setsignaturealgo2.phpt

@@ -1,6 +1,7 @@
 --TEST--
-Phar::setSupportedSignatures() with hash, tar-based
+Phar::setSignatureAlgorithm() with hash, tar-based
 --EXTENSIONS--
+openssl
 phar
 --SKIPIF--
 <?php

ext/phar/tests/zip/phar_setsignaturealgo2.phpt

@@ -1,6 +1,7 @@
 --TEST--
-Phar::setSupportedSignatures() with hash, zip-based
+Phar::setSignatureAlgorithm() with hash, zip-based
 --EXTENSIONS--
+openssl
 phar
 --SKIPIF--
 <?php