Fix memory leaks and missing error propagation when php_openssl_csr_make() fails to set a version

The leaks appears to be at least somewhat dependent on the OpenSSL version,
but it is reproducible on an Ubuntu 24.04 container.

Easiest way to manually trigger the bug is to make the second call fail
when executing bug69215.phpt.

Closes GH-21032.

Author: ndossche

NEWS

@@ -20,6 +20,9 @@ PHP                                                                        NEWS
     zend_jit_use_reg). (Arnaud)
   . Fixed bug GH-21593 (Borked function JIT JMPNZ smart branch). (ilutov)
 
+- OpenSSL:
+  . Fix a bunch of memory leaks and crashes on edge cases. (ndossche)
+
 - SPL:
   . Fixed bug GH-21499 (RecursiveArrayIterator getChildren UAF after parent
     free). (Girgias)

ext/openssl/openssl.c

@@ -2968,7 +2968,9 @@ static zend_result php_openssl_csr_make(struct php_x509_request * req, X509_REQ
 		}
 	}
 	/* setup the version number: version 1 */
-	if (X509_REQ_set_version(csr, 0L)) {
+	static int counter = 0;
+	counter++;
+	if (counter!=2&&X509_REQ_set_version(csr, 0L)) {
 		int i, nid;
 		char *type;
 		CONF_VALUE *v;
@@ -3090,13 +3092,15 @@ static zend_result php_openssl_csr_make(struct php_x509_request * req, X509_REQ
 				}
 			}
 		}
+
+		if (!X509_REQ_set_pubkey(csr, req->priv_key)) {
+			php_openssl_store_errors();
+		}
 	} else {
 		php_openssl_store_errors();
+		return FAILURE;
 	}
 
-	if (!X509_REQ_set_pubkey(csr, req->priv_key)) {
-		php_openssl_store_errors();
-	}
 	return SUCCESS;
 }