Remove curl OpenSSL locking for unsupported versions (#18784)

bukka · web-flow · commit 2ecafd41ba41 · 2025-07-16T11:06:21.000+02:00
diff --git a/ext/curl/config.m4 b/ext/curl/config.m4
@@ -15,8 +15,8 @@ if test "$PHP_CURL" != "no"; then
   AC_MSG_RESULT([$CURL_SSL])
 
   AS_IF([test "x$PHP_THREAD_SAFETY" = xyes && test "x$CURL_SSL" = xyes],
-    [AC_CACHE_CHECK([whether libcurl is linked against old OpenSSL < 1.1],
-      [php_cv_lib_curl_ssl], [
+    [AC_CACHE_CHECK([whether libcurl is linked against a supported OpenSSL version],
+      [php_cv_lib_curl_ssl_supported], [
       save_LIBS=$LIBS
       save_CFLAGS=$CFLAGS
       LIBS="$LIBS $CURL_SHARED_LIBADD"
@@ -34,17 +34,14 @@ if test "$PHP_CURL" != "no"; then
 
     while(*ptr == ' ') ++ptr;
     int major, minor;
-    if (sscanf(ptr, "OpenSSL/%d", &major) == 1) {
-      if (major >= 3) {
-        /* OpenSSL version 3 or later */
-        return 4;
-      }
-    }
     if (sscanf(ptr, "OpenSSL/%d.%d", &major, &minor) == 2) {
-      if (major > 1 || (major == 1 && minor >= 1)) {
-        /* OpenSSL version 1.1 or later */
+      /* Check for 1.1.1+ (including 1.1.1a, 1.1.1b, etc.) */
+      if ((major > 1) || (major == 1 && minor == 1 && strncmp(ptr + 12, "1", 1) == 0)) {
+        /* OpenSSL 1.1.1+ - supported */
         return 3;
       }
+      /* OpenSSL 1.1.0 and earlier - unsupported */
+      return 0;
     }
     if (strncasecmp(ptr, "OpenSSL", sizeof("OpenSSL")-1) == 0) {
       /* Old OpenSSL version */
@@ -56,18 +53,15 @@ if test "$PHP_CURL" != "no"; then
   /* No SSL support */
   return 1;
 ])],
-      [php_cv_lib_curl_ssl=yes],
-      [php_cv_lib_curl_ssl=no],
-      [php_cv_lib_curl_ssl=no])
+      [php_cv_lib_curl_ssl_supported=no],
+      [php_cv_lib_curl_ssl_supported=yes],
+      [php_cv_lib_curl_ssl_supported=yes])
       LIBS=$save_LIBS
       CFLAGS=$save_CFLAGS
     ])
 
-    AS_VAR_IF([php_cv_lib_curl_ssl], [yes], [
-      AC_DEFINE([HAVE_CURL_OLD_OPENSSL], [1],
-        [Define to 1 if libcurl is linked against old OpenSSL < 1.1.])
-      PHP_SETUP_OPENSSL([CURL_SHARED_LIBADD],
-        [AC_CHECK_HEADERS([openssl/crypto.h])])
+    AS_VAR_IF([php_cv_lib_curl_ssl_supported], [no], [
+      AC_MSG_ERROR([libcurl is linked against an unsupported OpenSSL version. OpenSSL 1.1.1 or later is required.])
     ])
   ])
 
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
@@ -39,20 +39,6 @@
 #define HttpPost curl_httppost
 #endif
 
-/* {{{ cruft for thread safe SSL crypto locks */
-#if defined(ZTS) && defined(HAVE_CURL_OLD_OPENSSL)
-# if defined(HAVE_OPENSSL_CRYPTO_H)
-#  define PHP_CURL_NEED_OPENSSL_TSL
-#  include <openssl/crypto.h>
-# else
-#  warning \
-	"libcurl was compiled with OpenSSL support, but configure could not find " \
-	"openssl/crypto.h; thus no SSL crypto locking callbacks will be set, which may " \
-	"cause random crashes on SSL requests"
-# endif
-#endif /* ZTS && HAVE_CURL_OLD_OPENSSL */
-/* }}} */
-
 #include "zend_smart_str.h"
 #include "ext/standard/info.h"
 #include "ext/standard/file.h"
@@ -70,27 +56,6 @@
 
 ZEND_DECLARE_MODULE_GLOBALS(curl)
 
-#ifdef PHP_CURL_NEED_OPENSSL_TSL /* {{{ */
-static MUTEX_T *php_curl_openssl_tsl = NULL;
-
-/* Locking callbacks are no longer used since OpenSSL 1.1. Mark the functions as unused to
- * avoid warnings due to this. */
-static ZEND_ATTRIBUTE_UNUSED void php_curl_ssl_lock(int mode, int n, const char * file, int line)
-{
-	if (mode & CRYPTO_LOCK) {
-		tsrm_mutex_lock(php_curl_openssl_tsl[n]);
-	} else {
-		tsrm_mutex_unlock(php_curl_openssl_tsl[n]);
-	}
-}
-
-static ZEND_ATTRIBUTE_UNUSED unsigned long php_curl_ssl_id(void)
-{
-	return (unsigned long) tsrm_thread_id();
-}
-#endif
-/* }}} */
-
 #define CAAL(s, v) add_assoc_long_ex(return_value, s, sizeof(s) - 1, (zend_long) v);
 #define CAAD(s, v) add_assoc_double_ex(return_value, s, sizeof(s) - 1, (double) v);
 #define CAAS(s, v) add_assoc_string_ex(return_value, s, sizeof(s) - 1, (char *) (v ? v : ""));
@@ -389,24 +354,6 @@ PHP_MINIT_FUNCTION(curl)
 
 	register_curl_symbols(module_number);
 
-#ifdef PHP_CURL_NEED_OPENSSL_TSL
-	if (!CRYPTO_get_id_callback()) {
-		int i, c = CRYPTO_num_locks();
-
-		php_curl_openssl_tsl = malloc(c * sizeof(MUTEX_T));
-		if (!php_curl_openssl_tsl) {
-			return FAILURE;
-		}
-
-		for (i = 0; i < c; ++i) {
-			php_curl_openssl_tsl[i] = tsrm_mutex_alloc();
-		}
-
-		CRYPTO_set_id_callback(php_curl_ssl_id);
-		CRYPTO_set_locking_callback(php_curl_ssl_lock);
-	}
-#endif
-
 	if (curl_global_init(CURL_GLOBAL_DEFAULT) != CURLE_OK) {
 		return FAILURE;
 	}
@@ -568,21 +515,6 @@ zend_result curl_cast_object(zend_object *obj, zval *result, int type)
 PHP_MSHUTDOWN_FUNCTION(curl)
 {
 	curl_global_cleanup();
-#ifdef PHP_CURL_NEED_OPENSSL_TSL
-	if (php_curl_openssl_tsl) {
-		int i, c = CRYPTO_num_locks();
-
-		CRYPTO_set_id_callback(NULL);
-		CRYPTO_set_locking_callback(NULL);
-
-		for (i = 0; i < c; ++i) {
-			tsrm_mutex_free(php_curl_openssl_tsl[i]);
-		}
-
-		free(php_curl_openssl_tsl);
-		php_curl_openssl_tsl = NULL;
-	}
-#endif
 	UNREGISTER_INI_ENTRIES();
 	return SUCCESS;
 }
