Enable native SSL support in ext/phar

SSL support in ext/phar is enabled either as native (using the system's
OpenSSL and its Crypto library linked directly) or as a wrapper provided
by ext/openssl.

Native OpenSSL support previously couldn't be enabled when building with
shared openssl extension:

    ./configure --with-openssl=shared --enable-phar=shared

or:

    ./configure --with-openssl=shared --enable-phar

Some PHP packages build both of these extensions as shared and it makes
sense to provide native OpenSSL support in ext/phar also when
ext/openssl is build as shared.

Shared phar extension with native OpenSSL enabled now gets libcrypto
linked directly:

    ldd modules/phar.so
        linux-vdso.so.1
        libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
        /lib64/ld-linux-x86-64.so.2

The new --with-phar-ssl Autotools configure option enables the SSL
support in phar when building without openssl extension or in edge cases
when building with phpize. Windows already includes similar option
(--enable-phar-native-ssl):

    ./configure --with-phar --with-phar-ssl --without-openssl

Changed tests:

- ext/phar/tests/**/phar_setsignaturealgo2.phpt - needs ext/openssl
  enabled due to openssl_get_privatekey().
- ext/phar/tests/phar_setsignaturealgo.phpt - test for ext/phar with
  native OpenSSL support and ext/openssl disabled.

Author: petk

UPGRADING.INTERNALS

@@ -142,6 +142,9 @@ PHP 8.4 INTERNALS UPGRADE NOTES
    - PDO extensions in php-src don't have the include flag -I$pdo_cv_inc_path
      directory anymore.
    - M4 macro PHP_SETUP_OPENSSL doesn't accept the 3rd argument anymore.
+   - Added configure option --with-phar-ssl to explicitly enable SSL support
+     in phar when not building with openssl extension. When building with
+     openssl extension (shared or static), SSL support is enabled implicitly.
 
  c. Windows build system changes
    - The configure options --with-oci8-11g, --with-oci8-12c, --with-oci8-19 have

ext/phar/config.m4

@@ -4,19 +4,29 @@ PHP_ARG_ENABLE([phar],
     [Disable phar support])],
   [yes])
 
+PHP_ARG_WITH([phar-ssl],
+  [whether to explicitly enable SSL support for phar],
+  [AS_HELP_STRING([--with-phar-ssl],
+    [Explicitly enable SSL support in phar extension when building without
+    openssl extension. If openssl extension is enabled at the configure step,
+    SSL is enabled implicitly.])],
+  [no],
+  [no])
+
 if test "$PHP_PHAR" != "no"; then
   PHP_NEW_EXTENSION(phar, util.c tar.c zip.c stream.c func_interceptors.c dirstream.c phar.c phar_object.c phar_path_check.c, $ext_shared,, -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1)
-  AC_MSG_CHECKING([for phar openssl support])
-  if test "$PHP_OPENSSL_SHARED" = "yes"; then
-    AC_MSG_RESULT([no (shared openssl)])
-  else
-    if test "$PHP_OPENSSL" = "yes"; then
-      AC_MSG_RESULT([yes])
-      AC_DEFINE(PHAR_HAVE_OPENSSL,1,[ ])
-    else
-      AC_MSG_RESULT([no])
-    fi
-  fi
+
+  dnl Empty variable means 'no' (for phpize builds).
+  AS_VAR_IF([PHP_OPENSSL],, [PHP_OPENSSL=no])
+
+  AS_IF([test "$PHP_OPENSSL" != no || test "$PHP_PHAR_SSL" != no], [dnl
+    PHP_SETUP_OPENSSL([PHAR_SHARED_LIBADD],
+      [AC_DEFINE([PHAR_HAVE_OPENSSL], [1],
+        [Define to 1 if phar extension has native OpenSSL support.])])
+    PHP_SUBST([PHAR_SHARED_LIBADD])
+    AC_MSG_NOTICE([phar SSL support enabled])
+  ])
+
   PHP_ADD_EXTENSION_DEP(phar, hash, true)
   PHP_ADD_EXTENSION_DEP(phar, spl, true)
   PHP_ADD_MAKEFILE_FRAGMENT

ext/phar/tests/phar_setsignaturealgo.phpt

@@ -0,0 +1,99 @@
+--TEST--
+Phar::setSignatureAlgorithm() with native OpenSSL and without ext/openssl
+--EXTENSIONS--
+phar
+--SKIPIF--
+<?php
+if (extension_loaded("openssl")) die("skip ext/openssl must be disabled for this test");
+$arr = Phar::getSupportedSignatures();
+if (!in_array("OpenSSL", $arr)) die("skip openssl support required");
+?>
+--INI--
+phar.require_hash=0
+phar.readonly=0
+--FILE--
+<?php
+$fname = __DIR__ . '/' . basename(__FILE__, '.php') . '.phar';
+$p = new Phar($fname);
+$p['file1.txt'] = 'hi';
+var_dump($p->getSignature());
+$p->setSignatureAlgorithm(Phar::MD5);
+var_dump($p->getSignature());
+$p->setSignatureAlgorithm(Phar::SHA1);
+var_dump($p->getSignature());
+try {
+$p->setSignatureAlgorithm(Phar::SHA256);
+var_dump($p->getSignature());
+} catch (Exception $e) {
+echo $e->getMessage();
+}
+try {
+$p->setSignatureAlgorithm(Phar::SHA512);
+var_dump($p->getSignature());
+} catch (Exception $e) {
+echo $e->getMessage();
+}
+try {
+$pkey = '-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMDcANSIpkgSF6Rh
+KHM8JncsVuCsO5XjiMf3g50lB+poJAG9leoygbVtY55h9tzeI7SAdZbdIoHbtJ/V
+kGdzlzX5jMGbH1sWKk5fZbai4pLZigd4ihH2V4M27jKrAGy6CAU8ZU/Ez2KQQj5g
+A4ZVMJ3iZXlqCmRWwcs0lZvP+c9XAgMBAAECgYAaJLioFu4TjwBNdC47kMfWF9if
+FDnvk6yTDuZ0gvSTvhJDeiO8X6Rdp7p9WeJRBnvomBFYphlraREPKbAtlenFVuIY
+v10O9BjxkQ0O1Y7L2ztMO3E2LFtmWgoGimAnsbUHTkuB61Hd2AWdA7C357eQ67vZ
+GlLu2HIFpSbzMcJFIQJBAPD6Hm7ETuL0ILwofImXAahHbwpmCtKmjvjJaFD5vWXP
+FD6uTbBOgUP+n5Y17+d/vxhSX9yrQueAIodju3bbxUsCQQDM4fMCO4OUYbMroql7
+ruIqBd34akrA+v2JoV+bMAE6RHBC6DgsI3uySbMJfmnPGoxlbXE0gKN4ONawwDd3
+gTKlAkEAnJc8DWidhpdzajG488Pf/NUmkBBNOiOnxn1Cv1P6Ql01X6HutAHfuCqO
+05KLKdj2ebyVtJTJrhuy1F33pL4dTwJBAKnIEB3ofahnshdV64cALJFQXVpvktUK
+6TG1Vcn/ZPUJI9J+J5aELQxYwJH8fOhQAspGgEpW06Bb0aWVFCHnIbUCQBFVhu+P
+RcHLpdSl7lZmws1bCnDUmt5GzKBw9diHxuyfGEJ0c0clDTWVEMyO80u0jxrliMkT
+8h5bvpPaY8KIlkg=
+-----END PRIVATE KEY-----';
+$p->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
+var_dump($p->getSignature());
+} catch (Exception $e) {
+echo $e->getMessage();
+}
+?>
+--CLEAN--
+<?php
+unlink(__DIR__ . '/' . basename(__FILE__, '.clean.php') . '.phar');
+?>
+--EXPECTF--
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "SHA-256"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(3) "MD5"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(5) "SHA-1"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "SHA-256"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "SHA-512"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "OpenSSL"
+}

ext/phar/tests/phar_setsignaturealgo2.phpt

@@ -1,6 +1,7 @@
 --TEST--
-Phar::setSupportedSignatures() with hash
+Phar::setSignatureAlgorithm() with hash
 --EXTENSIONS--
+openssl
 phar
 --SKIPIF--
 <?php

ext/phar/tests/tar/phar_setsignaturealgo2.phpt

@@ -1,6 +1,7 @@
 --TEST--
-Phar::setSupportedSignatures() with hash, tar-based
+Phar::setSignatureAlgorithm() with hash, tar-based
 --EXTENSIONS--
+openssl
 phar
 --SKIPIF--
 <?php

ext/phar/tests/zip/phar_setsignaturealgo2.phpt

@@ -1,6 +1,7 @@
 --TEST--
-Phar::setSupportedSignatures() with hash, zip-based
+Phar::setSignatureAlgorithm() with hash, zip-based
 --EXTENSIONS--
+openssl
 phar
 --SKIPIF--
 <?php