Skip to content

Remove curl OpenSSL locking and check for min OpenSSL version #18784

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+12 −86
Open

Remove curl OpenSSL locking and check for min OpenSSL version #18784

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 12 additions & 18 deletions ext/curl/config.m4
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ if test "$PHP_CURL" != "no"; then
AC_MSG_RESULT([$CURL_SSL])

AS_IF([test "x$PHP_THREAD_SAFETY" = xyes && test "x$CURL_SSL" = xyes],
[AC_CACHE_CHECK([whether libcurl is linked against old OpenSSL < 1.1],
[php_cv_lib_curl_ssl], [
[AC_CACHE_CHECK([whether libcurl is linked against a supported OpenSSL version],
[php_cv_lib_curl_ssl_supported], [
save_LIBS=$LIBS
save_CFLAGS=$CFLAGS
LIBS="$LIBS $CURL_SHARED_LIBADD"
Expand All @@ -34,17 +34,14 @@ if test "$PHP_CURL" != "no"; then

while(*ptr == ' ') ++ptr;
int major, minor;
if (sscanf(ptr, "OpenSSL/%d", &major) == 1) {
if (major >= 3) {
/* OpenSSL version 3 or later */
return 4;
}
}
if (sscanf(ptr, "OpenSSL/%d.%d", &major, &minor) == 2) {
if (major > 1 || (major == 1 && minor >= 1)) {
/* OpenSSL version 1.1 or later */
/* Check for 1.1.1+ (including 1.1.1a, 1.1.1b, etc.) */
if ((major > 1) || (major == 1 && minor == 1 && strncmp(ptr + 12, "1", 1) == 0)) {
/* OpenSSL 1.1.1+ - supported */
return 3;
}
/* OpenSSL 1.1.0 and earlier - unsupported */
return 0;
}
if (strncasecmp(ptr, "OpenSSL", sizeof("OpenSSL")-1) == 0) {
/* Old OpenSSL version */
Expand All @@ -56,18 +53,15 @@ if test "$PHP_CURL" != "no"; then
/* No SSL support */
return 1;
])],
[php_cv_lib_curl_ssl=yes],
[php_cv_lib_curl_ssl=no],
[php_cv_lib_curl_ssl=no])
[php_cv_lib_curl_ssl_supported=no],
[php_cv_lib_curl_ssl_supported=yes],
[php_cv_lib_curl_ssl_supported=yes])
LIBS=$save_LIBS
CFLAGS=$save_CFLAGS
])

AS_VAR_IF([php_cv_lib_curl_ssl], [yes], [
AC_DEFINE([HAVE_CURL_OLD_OPENSSL], [1],
[Define to 1 if libcurl is linked against old OpenSSL < 1.1.])
PHP_SETUP_OPENSSL([CURL_SHARED_LIBADD],
[AC_CHECK_HEADERS([openssl/crypto.h])])
AS_VAR_IF([php_cv_lib_curl_ssl_supported], [no], [
AC_MSG_ERROR([libcurl is linked against an unsupported OpenSSL version. OpenSSL 1.1.1 or later is required.])
])
])

Expand Down
68 changes: 0 additions & 68 deletions ext/curl/interface.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,20 +39,6 @@
#define HttpPost curl_httppost
#endif

/* {{{ cruft for thread safe SSL crypto locks */
#if defined(ZTS) && defined(HAVE_CURL_OLD_OPENSSL)
# if defined(HAVE_OPENSSL_CRYPTO_H)
# define PHP_CURL_NEED_OPENSSL_TSL
# include <openssl/crypto.h>
# else
# warning \
"libcurl was compiled with OpenSSL support, but configure could not find " \
"openssl/crypto.h; thus no SSL crypto locking callbacks will be set, which may " \
"cause random crashes on SSL requests"
# endif
#endif /* ZTS && HAVE_CURL_OLD_OPENSSL */
/* }}} */

#include "zend_smart_str.h"
#include "ext/standard/info.h"
#include "ext/standard/file.h"
Expand All @@ -69,27 +55,6 @@

ZEND_DECLARE_MODULE_GLOBALS(curl)

#ifdef PHP_CURL_NEED_OPENSSL_TSL /* {{{ */
static MUTEX_T *php_curl_openssl_tsl = NULL;

/* Locking callbacks are no longer used since OpenSSL 1.1. Mark the functions as unused to
* avoid warnings due to this. */
static ZEND_ATTRIBUTE_UNUSED void php_curl_ssl_lock(int mode, int n, const char * file, int line)
{
if (mode & CRYPTO_LOCK) {
tsrm_mutex_lock(php_curl_openssl_tsl[n]);
} else {
tsrm_mutex_unlock(php_curl_openssl_tsl[n]);
}
}

static ZEND_ATTRIBUTE_UNUSED unsigned long php_curl_ssl_id(void)
{
return (unsigned long) tsrm_thread_id();
}
#endif
/* }}} */

#define CAAL(s, v) add_assoc_long_ex(return_value, s, sizeof(s) - 1, (zend_long) v);
#define CAAD(s, v) add_assoc_double_ex(return_value, s, sizeof(s) - 1, (double) v);
#define CAAS(s, v) add_assoc_string_ex(return_value, s, sizeof(s) - 1, (char *) (v ? v : ""));
Expand Down Expand Up @@ -388,24 +353,6 @@ PHP_MINIT_FUNCTION(curl)

register_curl_symbols(module_number);

#ifdef PHP_CURL_NEED_OPENSSL_TSL
if (!CRYPTO_get_id_callback()) {
int i, c = CRYPTO_num_locks();

php_curl_openssl_tsl = malloc(c * sizeof(MUTEX_T));
if (!php_curl_openssl_tsl) {
return FAILURE;
}

for (i = 0; i < c; ++i) {
php_curl_openssl_tsl[i] = tsrm_mutex_alloc();
}

CRYPTO_set_id_callback(php_curl_ssl_id);
CRYPTO_set_locking_callback(php_curl_ssl_lock);
}
#endif

if (curl_global_init(CURL_GLOBAL_DEFAULT) != CURLE_OK) {
return FAILURE;
}
Expand Down Expand Up @@ -567,21 +514,6 @@ zend_result curl_cast_object(zend_object *obj, zval *result, int type)
PHP_MSHUTDOWN_FUNCTION(curl)
{
curl_global_cleanup();
#ifdef PHP_CURL_NEED_OPENSSL_TSL
if (php_curl_openssl_tsl) {
int i, c = CRYPTO_num_locks();

CRYPTO_set_id_callback(NULL);
CRYPTO_set_locking_callback(NULL);

for (i = 0; i < c; ++i) {
tsrm_mutex_free(php_curl_openssl_tsl[i]);
}

free(php_curl_openssl_tsl);
php_curl_openssl_tsl = NULL;
}
#endif
UNREGISTER_INI_ENTRIES();
return SUCCESS;
}
Expand Down