Enable native SSL support in ext/phar

UPGRADING.INTERNALS

@@ -132,6 +132,9 @@ PHP 8.4 INTERNALS UPGRADE NOTES
      --with-ftp-ssl and --with-mysqlnd-ssl.
    - New configure option --with-openssl-legacy-provider to enable OpenSSL
      legacy provider.
+   - New configure option --with-phar-ssl to explicitly enable SSL support in
+     phar extension when building without openssl extension. When building with
+     openssl extension (shared or static), SSL support is enabled implicitly.
    - COOKIE_IO_FUNCTIONS_T symbol has been removed (use cookie_io_functions_t).
    - HAVE_SOCKADDR_UN_SUN_LEN symbol renamed to HAVE_STRUCT_SOCKADDR_UN_SUN_LEN.
    - HAVE_UTSNAME_DOMAINNAME symbol renamed to HAVE_STRUCT_UTSNAME_DOMAINNAME.

ext/phar/config.m4

@@ -4,6 +4,19 @@ PHP_ARG_ENABLE([phar],
     [Disable phar support])],
   [yes])
 
+dnl Empty variable means 'no' (for phpize builds).
+AS_VAR_IF([PHP_OPENSSL],, [PHP_OPENSSL=no])
+
+PHP_ARG_WITH([phar-ssl],
+  [whether to enable native OpenSSL support for phar],
+  [AS_HELP_STRING([--with-phar-ssl],
+    [Explicitly enable SSL support in phar extension through the OpenSSL library
+    when building without openssl extension or when using phpize. If the openssl
+    extension is enabled at the configure step (--with-openssl), SSL is enabled
+    implicitly regardless of this option.])],
+  [$PHP_OPENSSL],
+  [no])
+
 if test "$PHP_PHAR" != "no"; then
   PHP_NEW_EXTENSION([phar], m4_normalize([
       dirstream.c
@@ -18,17 +31,14 @@ if test "$PHP_PHAR" != "no"; then
     ]),
     [$ext_shared],,
     [-DZEND_ENABLE_STATIC_TSRMLS_CACHE=1])
-  AC_MSG_CHECKING([for phar openssl support])
-  if test "$PHP_OPENSSL_SHARED" = "yes"; then
-    AC_MSG_RESULT([no (shared openssl)])
-  else
-    if test "$PHP_OPENSSL" = "yes"; then
-      AC_MSG_RESULT([yes])
-      AC_DEFINE(PHAR_HAVE_OPENSSL,1,[ ])
-    else
-      AC_MSG_RESULT([no])
-    fi
-  fi
+
+  AS_VAR_IF([PHP_PHAR_SSL], [no],, [
+    PHP_SETUP_OPENSSL([PHAR_SHARED_LIBADD],
+      [AC_DEFINE([PHAR_HAVE_OPENSSL], [1],
+        [Define to 1 if phar extension has native OpenSSL support.])])
+    PHP_SUBST([PHAR_SHARED_LIBADD])
+  ])
+
   PHP_ADD_EXTENSION_DEP(phar, hash)
   PHP_ADD_EXTENSION_DEP(phar, spl)
   PHP_ADD_MAKEFILE_FRAGMENT

ext/phar/config.w32

@@ -12,15 +12,10 @@ if (PHP_PHAR != "no") {
 	if (PHP_PHAR_SHARED || (PHP_PHAR_NATIVE_SSL_SHARED && PHP_SNAPSHOT_BUILD == "no")) {
 		ADD_FLAG("CFLAGS_PHAR", "/D COMPILE_DL_PHAR ");
 	}
-	if (PHP_PHAR_NATIVE_SSL != "no") {
-		if (CHECK_LIB("libeay32st.lib", "phar")) {
-			/* We don't really need GDI for this, but there's no
-			way to avoid linking it in the static openssl build */
-			ADD_FLAG("LIBS_PHAR", "libeay32st.lib gdi32.lib");
-			if (PHP_DEBUG == "no") {
-				/* Silence irrelevant-to-us warning in release builds */
-				ADD_FLAG("LDFLAGS_PHAR", "/IGNORE:4089 ");
-			}
+	if (PHP_PHAR_NATIVE_SSL != "no" && PHP_SNAPSHOT_BUILD == "no") {
+		var ret = SETUP_OPENSSL("phar", PHP_PHAR);
+
+		if (ret >= 2) {
 			AC_DEFINE('PHAR_HAVE_OPENSSL', 1);
 			STDOUT.WriteLine('        Native OpenSSL support in Phar enabled');
 		} else {

ext/phar/tests/phar_setsignaturealgo.phpt

@@ -0,0 +1,103 @@
+--TEST--
+Phar::setSignatureAlgorithm() with native OpenSSL and without ext/openssl
+--EXTENSIONS--
+phar
+--SKIPIF--
+<?php
+if (extension_loaded("openssl")) die("skip ext/openssl must be disabled for this test");
+$arr = Phar::getSupportedSignatures();
+if (!in_array("OpenSSL", $arr)) die("skip openssl support required");
+?>
+--INI--
+phar.require_hash=0
+phar.readonly=0
+--FILE--
+<?php
+$fname = __DIR__ . '/' . basename(__FILE__, '.php') . '.phar';
+$p = new Phar($fname);
+$p['file1.txt'] = 'hi';
+var_dump($p->getSignature());
+$p->setSignatureAlgorithm(Phar::MD5);
+var_dump($p->getSignature());
+$p->setSignatureAlgorithm(Phar::SHA1);
+var_dump($p->getSignature());
+
+try {
+    $p->setSignatureAlgorithm(Phar::SHA256);
+    var_dump($p->getSignature());
+} catch (Exception $e) {
+    echo $e->getMessage();
+}
+
+try {
+    $p->setSignatureAlgorithm(Phar::SHA512);
+    var_dump($p->getSignature());
+} catch (Exception $e) {
+    echo $e->getMessage();
+}
+
+$pkey = '-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMDcANSIpkgSF6Rh
+KHM8JncsVuCsO5XjiMf3g50lB+poJAG9leoygbVtY55h9tzeI7SAdZbdIoHbtJ/V
+kGdzlzX5jMGbH1sWKk5fZbai4pLZigd4ihH2V4M27jKrAGy6CAU8ZU/Ez2KQQj5g
+A4ZVMJ3iZXlqCmRWwcs0lZvP+c9XAgMBAAECgYAaJLioFu4TjwBNdC47kMfWF9if
+FDnvk6yTDuZ0gvSTvhJDeiO8X6Rdp7p9WeJRBnvomBFYphlraREPKbAtlenFVuIY
+v10O9BjxkQ0O1Y7L2ztMO3E2LFtmWgoGimAnsbUHTkuB61Hd2AWdA7C357eQ67vZ
+GlLu2HIFpSbzMcJFIQJBAPD6Hm7ETuL0ILwofImXAahHbwpmCtKmjvjJaFD5vWXP
+FD6uTbBOgUP+n5Y17+d/vxhSX9yrQueAIodju3bbxUsCQQDM4fMCO4OUYbMroql7
+ruIqBd34akrA+v2JoV+bMAE6RHBC6DgsI3uySbMJfmnPGoxlbXE0gKN4ONawwDd3
+gTKlAkEAnJc8DWidhpdzajG488Pf/NUmkBBNOiOnxn1Cv1P6Ql01X6HutAHfuCqO
+05KLKdj2ebyVtJTJrhuy1F33pL4dTwJBAKnIEB3ofahnshdV64cALJFQXVpvktUK
+6TG1Vcn/ZPUJI9J+J5aELQxYwJH8fOhQAspGgEpW06Bb0aWVFCHnIbUCQBFVhu+P
+RcHLpdSl7lZmws1bCnDUmt5GzKBw9diHxuyfGEJ0c0clDTWVEMyO80u0jxrliMkT
+8h5bvpPaY8KIlkg=
+-----END PRIVATE KEY-----';
+
+try {
+    $p->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
+    var_dump($p->getSignature());
+} catch (Exception $e) {
+    echo $e->getMessage();
+}
+?>
+--CLEAN--
+<?php
+unlink(__DIR__ . '/' . basename(__FILE__, '.clean.php') . '.phar');
+?>
+--EXPECTF--
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "SHA-256"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(3) "MD5"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(5) "SHA-1"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "SHA-256"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "SHA-512"
+}
+array(2) {
+  ["hash"]=>
+  string(%d) "%s"
+  ["hash_type"]=>
+  string(7) "OpenSSL"
+}

ext/phar/tests/phar_setsignaturealgo2.phpt

@@ -1,6 +1,7 @@
 --TEST--
-Phar::setSupportedSignatures() with hash
+Phar::setSignatureAlgorithm() with hash
 --EXTENSIONS--
+openssl
 phar
 --SKIPIF--
 <?php

ext/phar/tests/tar/phar_setsignaturealgo2.phpt

@@ -1,6 +1,7 @@
 --TEST--
-Phar::setSupportedSignatures() with hash, tar-based
+Phar::setSignatureAlgorithm() with hash, tar-based
 --EXTENSIONS--
+openssl
 phar
 --SKIPIF--
 <?php

ext/phar/tests/zip/phar_setsignaturealgo2.phpt

@@ -1,6 +1,7 @@
 --TEST--
-Phar::setSupportedSignatures() with hash, zip-based
+Phar::setSignatureAlgorithm() with hash, zip-based
 --EXTENSIONS--
+openssl
 phar
 --SKIPIF--
 <?php