Enable native SSL support in ext/phar

SSL support in ext/phar is enabled either as native (using the system's
OpenSSL and its Crypto library linked directly) or as a wrapper provided
by ext/openssl.

Native OpenSSL support previously couldn't be enabled when building with
shared openssl extension:

    ./configure --with-openssl=shared --enable-phar=shared

or:

    ./configure --with-openssl=shared --enable-phar

Some PHP packages build both of these extensions as shared and it makes
sense to provide native OpenSSL support in ext/phar also when
ext/openssl is build as shared.

Shared phar extension with native OpenSSL enabled now gets libcrypto
linked directly:

    ldd modules/phar.so
        linux-vdso.so.1
        libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
        /lib64/ld-linux-x86-64.so.2

The new --with-phar-ssl Autotools configure option enables the SSL
support in phar when building without openssl extension or in edge cases
when building with phpize:

    ./configure --with-phar --with-phar-ssl --without-openssl

Windows already includes similar option (--enable-phar-native-ssl). This
links phar extension with OpenSSL library on Windows instead of the
static libeay32, which is not present in Windows OpenSSL builds anymore.

Changed tests:

- ext/phar/tests/**/phar_setsignaturealgo2.phpt - needs ext/openssl
  enabled due to openssl_get_privatekey().
- ext/phar/tests/phar_setsignaturealgo.phpt - test for ext/phar with
  native OpenSSL support and ext/openssl disabled.

Author: petk

UPGRADING.INTERNALS

@@ -126,6 +126,9 @@ PHP 8.4 INTERNALS UPGRADE NOTES
      --with-ftp-ssl and --with-mysqlnd-ssl.
    - New configure option --with-openssl-legacy-provider to enable OpenSSL
      legacy provider.
+   - New configure option --with-phar-ssl to explicitly enable SSL support in
+     phar extension when building without openssl extension. When building with
+     openssl extension (shared or static), SSL support is enabled implicitly.
    - COOKIE_IO_FUNCTIONS_T symbol has been removed (use cookie_io_functions_t).
    - HAVE_SOCKADDR_UN_SUN_LEN symbol renamed to HAVE_STRUCT_SOCKADDR_UN_SUN_LEN.
    - HAVE_UTSNAME_DOMAINNAME symbol renamed to HAVE_STRUCT_UTSNAME_DOMAINNAME.

ext/phar/config.m4

@@ -4,6 +4,15 @@ PHP_ARG_ENABLE([phar],
     [Disable phar support])],
   [yes])
 
+PHP_ARG_WITH([phar-ssl],
+  [whether to explicitly enable SSL support for phar],
+  [AS_HELP_STRING([--with-phar-ssl],
+    [Explicitly enable SSL support in phar extension when building without
+    openssl extension. If openssl extension is enabled at the configure step,
+    SSL is enabled implicitly.])],
+  [no],
+  [no])
+
 if test "$PHP_PHAR" != "no"; then
   PHP_NEW_EXTENSION([phar], m4_normalize([
       dirstream.c
@@ -18,17 +27,18 @@ if test "$PHP_PHAR" != "no"; then
     ]),
     [$ext_shared],,
     [-DZEND_ENABLE_STATIC_TSRMLS_CACHE=1])
-  AC_MSG_CHECKING([for phar openssl support])
-  if test "$PHP_OPENSSL_SHARED" = "yes"; then
-    AC_MSG_RESULT([no (shared openssl)])
-  else
-    if test "$PHP_OPENSSL" = "yes"; then
-      AC_MSG_RESULT([yes])
-      AC_DEFINE(PHAR_HAVE_OPENSSL,1,[ ])
-    else
-      AC_MSG_RESULT([no])
-    fi
-  fi
+
+  dnl Empty variable means 'no' (for phpize builds).
+  AS_VAR_IF([PHP_OPENSSL],, [PHP_OPENSSL=no])
+
+  AS_IF([test "x$PHP_OPENSSL" != xno || test "x$PHP_PHAR_SSL" != xno], [dnl
+    PHP_SETUP_OPENSSL([PHAR_SHARED_LIBADD],
+      [AC_DEFINE([PHAR_HAVE_OPENSSL], [1],
+        [Define to 1 if phar extension has native OpenSSL support.])])
+    PHP_SUBST([PHAR_SHARED_LIBADD])
+    AC_MSG_NOTICE([phar SSL support enabled])
+  ])
+
   PHP_ADD_EXTENSION_DEP(phar, hash)
   PHP_ADD_EXTENSION_DEP(phar, spl)
   PHP_ADD_MAKEFILE_FRAGMENT

ext/phar/config.w32

@@ -13,14 +13,9 @@ if (PHP_PHAR != "no") {
 		ADD_FLAG("CFLAGS_PHAR", "/D COMPILE_DL_PHAR ");
 	}
 	if (PHP_PHAR_NATIVE_SSL != "no") {
-		if (CHECK_LIB("libeay32st.lib", "phar")) {
-			/* We don't really need GDI for this, but there's no
-			way to avoid linking it in the static openssl build */
-			ADD_FLAG("LIBS_PHAR", "libeay32st.lib gdi32.lib");
-			if (PHP_DEBUG == "no") {
-				/* Silence irrelevant-to-us warning in release builds */
-				ADD_FLAG("LDFLAGS_PHAR", "/IGNORE:4089 ");
-			}
+		var ret = SETUP_OPENSSL("phar", PHP_PHAR);
+
+		if (ret >= 2) {
 			AC_DEFINE('PHAR_HAVE_OPENSSL', 1);
 			STDOUT.WriteLine('        Native OpenSSL support in Phar enabled');
 		} else {

ext/phar/tests/phar_setsignaturealgo.phpt

@@ -0,0 +1,99 @@
+--TEST--
+Phar::setSignatureAlgorithm() with native OpenSSL and without ext/openssl
+--EXTENSIONS--
+phar
+--SKIPIF--
+<?php
+if (extension_loaded("openssl")) die("skip ext/openssl must be disabled for this test");
+$arr = Phar::getSupportedSignatures();
+if (!in_array("OpenSSL", $arr)) die("skip openssl support required");
+?>
+--INI--
+phar.require_hash=0
+phar.readonly=0
+--FILE--
+<?php
+$fname = __DIR__ . '/' . basename(__FILE__, '.php') . '.phar';
+$p = new Phar($fname);
+$p['file1.txt'] = 'hi';
+var_dump($p->getSignature());
+$p->setSignatureAlgorithm(Phar::MD5);
+var_dump($p->getSignature());
+$p->setSignatureAlgorithm(Phar::SHA1);
+var_dump($p->getSignature());
+try {
+$p->setSignatureAlgorithm(Phar::SHA256);
+var_dump($p->getSignature());
+} catch (Exception $e) {
+echo $e->getMessage();
+}
+try {
+$p->setSignatureAlgorithm(Phar::SHA512);
+var_dump($p->getSignature());
+} catch (Exception $e) {
+echo $e->getMessage();
+}
+try {
+$pkey = '-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMDcANSIpkgSF6Rh
+KHM8JncsVuCsO5XjiMf3g50lB+poJAG9leoygbVtY55h9tzeI7SAdZbdIoHbtJ/V
+kGdzlzX5jMGbH1sWKk5fZbai4pLZigd4ihH2V4M27jKrAGy6CAU8ZU/Ez2KQQj5g
+A4ZVMJ3iZXlqCmRWwcs0lZvP+c9XAgMBAAECgYAaJLioFu4TjwBNdC47kMfWF9if
+FDnvk6yTDuZ0gvSTvhJDeiO8X6Rdp7p9WeJRBnvomBFYphlraREPKbAtlenFVuIY
+v10O9BjxkQ0O1Y7L2ztMO3E2LFtmWgoGimAnsbUHTkuB61Hd2AWdA7C357eQ67vZ
+GlLu2HIFpSbzMcJFIQJBAPD6Hm7ETuL0ILwofImXAahHbwpmCtKmjvjJaFD5vWXP
+FD6uTbBOgUP+n5Y17+d/vxhSX9yrQueAIodju3bbxUsCQQDM4fMCO4OUYbMroql7
+ruIqBd34akrA+v2JoV+bMAE6RHBC6DgsI3uySbMJfmnPGoxlbXE0gKN4ONawwDd3
+gTKlAkEAnJc8DWidhpdzajG488Pf/NUmkBBNOiOnxn1Cv1P6Ql01X6HutAHfuCqO
+05KLKdj2ebyVtJTJrhuy1F33pL4dTwJBAKnIEB3ofahnshdV64cALJFQXVpvktUK
+6TG1Vcn/ZPUJI9J+J5aELQxYwJH8fOhQAspGgEpW06Bb0aWVFCHnIbUCQBFVhu+P
+RcHLpdSl7lZmws1bCnDUmt5GzKBw9diHxuyfGEJ0c0clDTWVEMyO80u0jxrliMkT
+8h5bvpPaY8KIlkg=
+-----END PRIVATE KEY-----';
+$p->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
+var_dump($p->getSignature());
+} catch (Exception $e) {
+echo $e->getMessage();
+}
+?>
+--CLEAN--
+<?php
+unlink(__DIR__ . '/' . basename(__FILE__, '.clean.php') . '.phar');
+?>
+--EXPECTF--
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "SHA-256"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(3) "MD5"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(5) "SHA-1"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "SHA-256"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "SHA-512"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "OpenSSL"
+}

ext/phar/tests/phar_setsignaturealgo2.phpt

@@ -1,6 +1,7 @@
 --TEST--
-Phar::setSupportedSignatures() with hash
+Phar::setSignatureAlgorithm() with hash
 --EXTENSIONS--
+openssl
 phar
 --SKIPIF--
 <?php

ext/phar/tests/tar/phar_setsignaturealgo2.phpt

@@ -1,6 +1,7 @@
 --TEST--
-Phar::setSupportedSignatures() with hash, tar-based
+Phar::setSignatureAlgorithm() with hash, tar-based
 --EXTENSIONS--
+openssl
 phar
 --SKIPIF--
 <?php

ext/phar/tests/zip/phar_setsignaturealgo2.phpt

@@ -1,6 +1,7 @@
 --TEST--
-Phar::setSupportedSignatures() with hash, zip-based
+Phar::setSignatureAlgorithm() with hash, zip-based
 --EXTENSIONS--
+openssl
 phar
 --SKIPIF--
 <?php