add --with-openssl-argon2 build option

Author: remicollet

ext/openssl/config0.m4

@@ -17,6 +17,13 @@ PHP_ARG_WITH([openssl-legacy-provider],
   [no],
   [no])
 
+PHP_ARG_WITH([openssl-argon2],
+  [whether to enable argon2 password hashing (requires OpenSSL >= 3.2)],
+  [AS_HELP_STRING([--with-openssl-argon2],
+    [OPENSSL: Enable argon2 password hashing])],
+  [no],
+  [no])
+
 if test "$PHP_OPENSSL" != "no"; then
   PHP_NEW_EXTENSION(openssl, openssl.c openssl_pwhash.c xp_ssl.c, $ext_shared)
   PHP_SUBST([OPENSSL_SHARED_LIBADD])
@@ -36,4 +43,14 @@ if test "$PHP_OPENSSL" != "no"; then
   if test "$PHP_OPENSSL_LEGACY_PROVIDER" != "no"; then
     AC_DEFINE(LOAD_OPENSSL_LEGACY_PROVIDER,1,[ Load legacy algorithm provider in addition to default provider ])
   fi
+
+  if test "$PHP_OPENSSL_ARGON2" != "no"; then
+    if test "$PHP_THREAD_SAFETY" != "no"; then
+      AC_MSG_ERROR([Not supported in ZTS mode for now])
+    fi
+    PHP_CHECK_LIBRARY([crypto], [OSSL_set_max_threads],
+      [AC_DEFINE(HAVE_OPENSSL_ARGON2,1,[ Enable argon2 password hashing ])],
+      [AC_MSG_ERROR([argon2 hashing requires OpenSSL 3.2])],
+      [$OPENSSL_LIBS])
+  fi
 fi

ext/openssl/openssl.c

@@ -270,15 +270,15 @@ static void php_openssl_pkey_free_obj(zend_object *object)
 	zend_object_std_dtor(&key_object->std);
 }
 
-#if PHP_OPENSSL_API_VERSION >= 0x30200
+#if defined(HAVE_OPENSSL_ARGON2)
 static const zend_module_dep openssl_deps[] = {
 	ZEND_MOD_REQUIRED("standard")
 	ZEND_MOD_END
 };
 #endif
 /* {{{ openssl_module_entry */
 zend_module_entry openssl_module_entry = {
-#if PHP_OPENSSL_API_VERSION >= 0x30200
+#if defined(HAVE_OPENSSL_ARGON2)
 	STANDARD_MODULE_HEADER_EX, NULL,
 	openssl_deps,
 #else
@@ -1341,7 +1341,7 @@ PHP_MINIT_FUNCTION(openssl)
 
 	REGISTER_INI_ENTRIES();
 
-#if PHP_OPENSSL_API_VERSION >= 0x30200
+#if defined(HAVE_OPENSSL_ARGON2)
 	if (FAILURE == PHP_MINIT(openssl_pwhash)(INIT_FUNC_ARGS_PASSTHRU)) {
 		return FAILURE;
 	}

ext/openssl/openssl.stub.php

@@ -679,7 +679,7 @@ function openssl_spki_export_challenge(string $spki): string|false {}
  */
 function openssl_get_cert_locations(): array {}
 
-#if PHP_OPENSSL_API_VERSION >= 0x30200
+#if defined(HAVE_OPENSSL_ARGON2)
 function openssl_password_hash(string $algo, #[\SensitiveParameter] string $password, array $options = []): string {}
 function openssl_password_verify(string $algo, #[\SensitiveParameter] string $password, string $hash): bool {}
 #endif

ext/openssl/openssl_arginfo.h

@@ -22,7 +22,7 @@
 #include "ext/standard/php_password.h"
 #include "php_openssl.h"
 
-#if PHP_OPENSSL_API_VERSION >= 0x30200
+#if defined(HAVE_OPENSSL_ARGON2)
 #include "Zend/zend_attributes.h"
 #include "openssl_pwhash_arginfo.h"
 #include <ext/standard/base64.h>
@@ -398,4 +398,4 @@ PHP_MINIT_FUNCTION(openssl_pwhash)
 
 	return SUCCESS;
 }
-#endif /* PHP_OPENSSL_API_VERSION >= 0x30200 */
+#endif /* HAVE_OPENSSL_ARGON2 */

ext/openssl/openssl_pwhash.c

@@ -2,7 +2,7 @@
 
 /** @generate-class-entries */
 
-#if PHP_OPENSSL_API_VERSION >= 0x30200
+#if defined(HAVE_OPENSSL_ARGON2)
 /**
  * @var string
  */

ext/openssl/openssl_pwhash.stub.php

@@ -158,7 +158,7 @@ static inline php_openssl_certificate_object *php_openssl_certificate_from_obj(z
 
 #define Z_OPENSSL_CERTIFICATE_P(zv) php_openssl_certificate_from_obj(Z_OBJ_P(zv))
 
-#if PHP_OPENSSL_API_VERSION >= 0x30200
+#if defined(HAVE_OPENSSL_ARGON2)
 
 /**
  * MEMLIMIT is normalized to KB even though sodium uses Bytes in order to
@@ -189,7 +189,7 @@ PHP_MSHUTDOWN_FUNCTION(openssl);
 PHP_MINFO_FUNCTION(openssl);
 PHP_GINIT_FUNCTION(openssl);
 PHP_GSHUTDOWN_FUNCTION(openssl);
-#if PHP_OPENSSL_API_VERSION >= 0x30200
+#if defined(HAVE_OPENSSL_ARGON2)
 PHP_MINIT_FUNCTION(openssl_pwhash);
 #endif