From 08eebdfcd8988d7bd0af46f7ac73bac4ca4417b3 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Thu, 12 Mar 2026 21:14:57 +0000 Subject: [PATCH 1/3] ext/openssl: reuse BIO object in certificate chain loops. Avoid repeated BIO_new/BIO_free per iteration in PKCS12, PKCS7, and CMS read functions. Allocate once before the loop, BIO_reset between iterations, free after. --- ext/openssl/openssl.c | 54 ++++++++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 14 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 1ec9ec85729a5..09cc87c06fe6a 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1530,6 +1530,10 @@ PHP_FUNCTION(openssl_pkcs12_read) if (pkey) { bio_out = BIO_new(BIO_s_mem()); + if (!bio_out) { + goto cleanup; + } + if (PEM_write_bio_PrivateKey(bio_out, pkey, NULL, NULL, 0, 0, NULL)) { BUF_MEM *bio_buf; BIO_get_mem_ptr(bio_out, &bio_buf); @@ -1544,13 +1548,16 @@ PHP_FUNCTION(openssl_pkcs12_read) cert_num = sk_X509_num(ca); if (ca && cert_num) { array_init(&zextracerts); + bio_out = BIO_new(BIO_s_mem()); + if (!bio_out) { + goto cleanup; + } for (i = 0; i < cert_num; i++) { zval zextracert; X509* aCA = sk_X509_pop(ca); if (!aCA) break; - bio_out = BIO_new(BIO_s_mem()); if (PEM_write_bio_X509(bio_out, aCA)) { BUF_MEM *bio_buf; BIO_get_mem_ptr(bio_out, &bio_buf); @@ -1558,9 +1565,10 @@ PHP_FUNCTION(openssl_pkcs12_read) add_index_zval(&zextracerts, i, &zextracert); } + BIO_reset(bio_out); X509_free(aCA); - BIO_free(bio_out); } + BIO_free(bio_out); sk_X509_free(ca); add_assoc_zval(zout, "extracerts", &zextracerts); @@ -2806,33 +2814,41 @@ PHP_FUNCTION(openssl_pkcs7_read) } if (certs != NULL) { + bio_out = BIO_new(BIO_s_mem()); + if (!bio_out) { + goto clean_exit; + } for (i = 0; i < sk_X509_num(certs); i++) { X509* ca = sk_X509_value(certs, i); - bio_out = BIO_new(BIO_s_mem()); - if (bio_out && PEM_write_bio_X509(bio_out, ca)) { + if (PEM_write_bio_X509(bio_out, ca)) { BUF_MEM *bio_buf; BIO_get_mem_ptr(bio_out, &bio_buf); ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length); add_index_zval(zout, i, &zcert); } - BIO_free(bio_out); + BIO_reset(bio_out); } + BIO_free(bio_out); } if (crls != NULL) { + bio_out = BIO_new(BIO_s_mem()); + if (!bio_out) { + goto clean_exit; + } for (i = 0; i < sk_X509_CRL_num(crls); i++) { X509_CRL* crl = sk_X509_CRL_value(crls, i); - bio_out = BIO_new(BIO_s_mem()); - if (bio_out && PEM_write_bio_X509_CRL(bio_out, crl)) { + if (PEM_write_bio_X509_CRL(bio_out, crl)) { BUF_MEM *bio_buf; BIO_get_mem_ptr(bio_out, &bio_buf); ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length); add_index_zval(zout, i, &zcert); } - BIO_free(bio_out); + BIO_reset(bio_out); } + BIO_free(bio_out); } RETVAL_TRUE; @@ -3467,33 +3483,43 @@ PHP_FUNCTION(openssl_cms_read) } if (certs != NULL) { + bio_out = BIO_new(BIO_s_mem()); + if (!bio_out) { + goto clean_exit; + } + for (i = 0; i < sk_X509_num(certs); i++) { X509* ca = sk_X509_value(certs, i); - bio_out = BIO_new(BIO_s_mem()); - if (bio_out && PEM_write_bio_X509(bio_out, ca)) { + if (PEM_write_bio_X509(bio_out, ca)) { BUF_MEM *bio_buf; BIO_get_mem_ptr(bio_out, &bio_buf); ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length); add_index_zval(zout, i, &zcert); } - BIO_free(bio_out); + BIO_reset(bio_out); } + BIO_free(bio_out); } if (crls != NULL) { + bio_out = BIO_new(BIO_s_mem()); + if (!bio_out) { + goto clean_exit; + } + for (i = 0; i < sk_X509_CRL_num(crls); i++) { X509_CRL* crl = sk_X509_CRL_value(crls, i); - bio_out = BIO_new(BIO_s_mem()); - if (bio_out && PEM_write_bio_X509_CRL(bio_out, crl)) { + if (PEM_write_bio_X509_CRL(bio_out, crl)) { BUF_MEM *bio_buf; BIO_get_mem_ptr(bio_out, &bio_buf); ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length); add_index_zval(zout, i, &zcert); } - BIO_free(bio_out); + BIO_reset(bio_out); } + BIO_free(bio_out); } RETVAL_TRUE; From f874ad7971ee8676507616427b137215eeab6018 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Thu, 12 Mar 2026 21:15:12 +0000 Subject: [PATCH 2/3] Avoid double zval_get_long() call in threads option parsing. --- ext/openssl/openssl_pwhash.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/openssl/openssl_pwhash.c b/ext/openssl/openssl_pwhash.c index dc125e3b516db..69e9dae3fa990 100644 --- a/ext/openssl/openssl_pwhash.c +++ b/ext/openssl/openssl_pwhash.c @@ -51,6 +51,7 @@ ZEND_EXTERN_MODULE_GLOBALS(openssl) static inline zend_result get_options(zend_array *options, uint32_t *memlimit, uint32_t *iterlimit, uint32_t *threads) { zval *opt; + zend_long sthreads; *iterlimit = PHP_OPENSSL_PWHASH_ITERLIMIT; *memlimit = PHP_OPENSSL_PWHASH_MEMLIMIT; @@ -76,8 +77,7 @@ static inline zend_result get_options(zend_array *options, uint32_t *memlimit, u } *iterlimit = siterlimit; } - if ((opt = zend_hash_str_find(options, "threads", strlen("threads"))) && (zval_get_long(opt) != 1)) { - zend_long sthreads = zval_get_long(opt); + if ((opt = zend_hash_str_find(options, "threads", strlen("threads"))) && ((sthreads = zval_get_long(opt)) != 1)) { if ((sthreads < PHP_OPENSSL_THREADS_MIN) || (sthreads > PHP_OPENSSL_THREADS_MAX)) { zend_value_error("Invalid number of threads"); return FAILURE; From df5cfd8ddbb1276203c140ecbacf18f9150fb9b1 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Thu, 12 Mar 2026 21:15:17 +0000 Subject: [PATCH 3/3] Reuse already computed string length instead of calling strlen() again. --- ext/openssl/xp_ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index bd174f30095c6..5180ec81d14f8 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -1508,7 +1508,7 @@ static unsigned char *php_openssl_alpn_protos_parse(unsigned short *outlen, cons return NULL; } - out = emalloc(strlen(in) + 1); + out = emalloc(len + 1); for (i = 0; i <= len; ++i) { if (i == len || in[i] == ',') {