[pull] master from php:master

Zend/zend_hrtime.h

@@ -42,7 +42,7 @@
 #elif defined(_WIN32) || defined(_WIN64)
 # undef  ZEND_HRTIME_PLATFORM_WINDOWS
 # define ZEND_HRTIME_PLATFORM_WINDOWS 1
-#elif HAVE_CLOCK_GETTIME_NSEC_NP
+#elif defined(HAVE_CLOCK_GETTIME_NSEC_NP)
 # undef  ZEND_HRTIME_PLATFORM_APPLE_GETTIME_NSEC
 # define ZEND_HRTIME_PLATFORM_APPLE_GETTIME_NSEC 1
 #elif defined(__APPLE__)

ext/openssl/openssl.c

@@ -651,7 +651,8 @@ static void php_openssl_check_path_error(uint32_t arg_num, int type, const char
 /* openssl file path check extended */
 bool php_openssl_check_path_ex(
 		const char *file_path, size_t file_path_len, char *real_path, uint32_t arg_num,
-		bool contains_file_protocol, bool is_from_array, const char *option_name)
+		bool contains_file_protocol, bool is_from_array, const char *option_name,
+		php_stream *stream)
 {
 	const char *fs_file_path;
 	size_t fs_file_path_len;
@@ -686,8 +687,13 @@ bool php_openssl_check_path_ex(
 		if (arg_num == 0) {
 			const char *option_title = option_name ? option_name : "unknown";
 			const char *option_label = is_from_array ? "array item" : "option";
-			php_error_docref(NULL, E_WARNING, "Path for %s %s %s",
-					option_title, option_label, error_msg);
+			if (stream != NULL) {
+				php_stream_warn(stream, InvalidPath, "Path for %s %s %s",
+						option_title, option_label, error_msg);
+			} else {
+				php_error_docref(NULL, E_WARNING, "Path for %s %s %s",
+						option_title, option_label, error_msg);
+			}
 		} else if (is_from_array && option_name != NULL) {
 			php_openssl_check_path_error(
 					arg_num, error_type, "option %s array item %s", option_name, error_msg);
@@ -1294,7 +1300,7 @@ PHP_FUNCTION(openssl_x509_fingerprint)
 		RETURN_FALSE;
 	}
 
-	fingerprint = php_openssl_x509_fingerprint(cert, method, raw_output);
+	fingerprint = php_openssl_x509_fingerprint(cert, method, raw_output, NULL);
 	if (fingerprint) {
 		RETVAL_STR(fingerprint);
 	} else {

ext/openssl/openssl_backend_common.c

@@ -307,7 +307,7 @@ int php_openssl_parse_config(struct php_x509_request * req, zval * optional_args
 
 	/* read in the oids */
 	str = php_openssl_conf_get_string(req->req_config, NULL, "oid_file");
-	if (str != NULL && php_openssl_check_path_ex(str, strlen(str), path, 0, false, false, "oid_file")) {
+	if (str != NULL && php_openssl_check_path_ex(str, strlen(str), path, 0, false, false, "oid_file", NULL)) {
 		BIO *oid_bio = BIO_new_file(path, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
 		if (oid_bio) {
 			OBJ_create_objects(oid_bio);
@@ -513,7 +513,7 @@ X509 *php_openssl_x509_from_str(
 	BIO *in;
 
 	if (ZSTR_LEN(cert_str) > 7 && memcmp(ZSTR_VAL(cert_str), "file://", sizeof("file://") - 1) == 0) {
-		if (!php_openssl_check_path_str_ex(cert_str, cert_path, arg_num, true, is_from_array, option_name)) {
+		if (!php_openssl_check_path_str_ex(cert_str, cert_path, arg_num, true, is_from_array, option_name, NULL)) {
 			return NULL;
 		}
 
@@ -582,20 +582,28 @@ X509 *php_openssl_x509_from_zval(
 	return cert;
 }
 
-zend_string* php_openssl_x509_fingerprint(X509 *peer, const char *method, bool raw)
+zend_string* php_openssl_x509_fingerprint(X509 *peer, const char *method, bool raw, php_stream *stream)
 {
 	unsigned char md[EVP_MAX_MD_SIZE];
 	const EVP_MD *mdtype;
 	unsigned int n;
 	zend_string *ret;
 
 	if (!(mdtype = php_openssl_get_evp_md_by_name(method))) {
-		php_error_docref(NULL, E_WARNING, "Unknown digest algorithm");
+		if (stream != NULL) {
+			php_stream_warn(stream, Generic, "Unknown digest algorithm");
+		} else {
+			php_error_docref(NULL, E_WARNING, "Unknown digest algorithm");
+		}
 		return NULL;
 	} else if (!X509_digest(peer, mdtype, md, &n)) {
 		php_openssl_release_evp_md(mdtype);
 		php_openssl_store_errors();
-		php_error_docref(NULL, E_ERROR, "Could not generate signature");
+		if (stream != NULL) {
+			php_stream_warn(stream, EncodingFailed, "Could not generate signature");
+		} else {
+			php_error_docref(NULL, E_WARNING, "Could not generate signature");
+		}
 		return NULL;
 	}
 
@@ -792,7 +800,7 @@ X509_STORE *php_openssl_setup_verify(zval *calist, uint32_t arg_num)
 				return NULL;
 			}
 
-			if (!php_openssl_check_path_str_ex(str, file_path, arg_num, false, true, NULL)) {
+			if (!php_openssl_check_path_str_ex(str, file_path, arg_num, false, true, NULL, NULL)) {
 				zend_string_release(str);
 				continue;
 			}

ext/openssl/php_openssl.h

@@ -102,34 +102,39 @@ void php_openssl_store_errors(void);
 void php_openssl_errors_set_mark(void);
 void php_openssl_errors_restore_mark(void);
 
-/* openssl file path extra */
+/* openssl file path extra
+ * When a non-NULL stream is passed and the path check fails for a stream context option
+ * (arg_num == 0), the warning is reported via the stream error API so it participates in
+ * any active stream error operation; otherwise it is emitted immediately. */
 bool php_openssl_check_path_ex(
 		const char *file_path, size_t file_path_len, char *real_path, uint32_t arg_num,
-		bool contains_file_protocol, bool is_from_array, const char *option_name);
+		bool contains_file_protocol, bool is_from_array, const char *option_name,
+		struct _php_stream *stream);
 
 /* openssl file path check */
 static inline bool php_openssl_check_path(
 		const char *file_path, size_t file_path_len, char *real_path, uint32_t arg_num)
 {
 	return php_openssl_check_path_ex(
-			file_path, file_path_len, real_path, arg_num, false, false, NULL);
+			file_path, file_path_len, real_path, arg_num, false, false, NULL, NULL);
 }
 
 /* openssl file path extra check with zend string */
 static inline bool php_openssl_check_path_str_ex(
 		zend_string *file_path, char *real_path, uint32_t arg_num,
-		bool contains_file_protocol, bool is_from_array, const char *option_name)
+		bool contains_file_protocol, bool is_from_array, const char *option_name,
+		struct _php_stream *stream)
 {
 	return php_openssl_check_path_ex(
 			ZSTR_VAL(file_path), ZSTR_LEN(file_path), real_path, arg_num, contains_file_protocol,
-			is_from_array, option_name);
+			is_from_array, option_name, stream);
 }
 
 /* openssl file path check with zend string */
 static inline bool php_openssl_check_path_str(
 		zend_string *file_path, char *real_path, uint32_t arg_num)
 {
-	return php_openssl_check_path_str_ex(file_path, real_path, arg_num, true, false, NULL);
+	return php_openssl_check_path_str_ex(file_path, real_path, arg_num, true, false, NULL, NULL);
 }
 
 PHP_OPENSSL_API zend_long php_openssl_cipher_iv_length(const char *method);

ext/openssl/php_openssl_backend.h

@@ -262,7 +262,8 @@ X509 *php_openssl_x509_from_param(
 X509 *php_openssl_x509_from_zval(
 		zval *val, bool *free_cert, uint32_t arg_num, bool is_from_array, const char *option_name);
 
-zend_string* php_openssl_x509_fingerprint(X509 *peer, const char *method, bool raw);
+zend_string* php_openssl_x509_fingerprint(
+		X509 *peer, const char *method, bool raw, struct _php_stream *stream);
 
 int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension);
 

ext/openssl/tests/ServerClientTestCase.inc

@@ -129,6 +129,10 @@ class ServerClientTestCase
     private function cleanupWorkerProcess($worker)
     {
         fclose($this->workerStdIn[$worker]);
+        /* Drain stdout to EOF before closing it, so late worker writes (e.g.
+         * buffered error output) don't fail and abort the worker mid-output. */
+        stream_set_blocking($this->workerStdOut[$worker], true);
+        stream_get_contents($this->workerStdOut[$worker]);
         fclose($this->workerStdOut[$worker]);
         proc_close($this->workerHandle[$worker]);
     }

ext/openssl/tests/bug68920.phpt

@@ -76,17 +76,13 @@ bool(false)
 
 Warning: stream_socket_client(): Invalid peer_fingerprint array; [algo => fingerprint] form required in %s on line %d
 
-Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d
-
 Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
 
 Warning: stream_socket_client(): Unable to connect to %s (Unknown error) in %s on line %d
 bool(false)
 
 Warning: stream_socket_client(): Invalid peer_fingerprint array; [algo => fingerprint] form required in %s on line %d
 
-Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d
-
 Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
 
 Warning: stream_socket_client(): Unable to connect to %s (Unknown error) in %s on line %d