Openssl little optims (#21424)

- reuse BIO object in certificate chain loops.

Avoid repeated BIO_new/BIO_free per iteration in PKCS12, PKCS7, and CMS
read functions. Allocate once before the loop, BIO_reset between
iterations, free after.

- Avoid double zval_get_long() call in threads option parsing.

- Reuse already computed string length instead of calling strlen() again.

Author: devnexen

ext/openssl/openssl.c

@@ -1531,6 +1531,10 @@ PHP_FUNCTION(openssl_pkcs12_read)
 
 		if (pkey) {
 			bio_out = BIO_new(BIO_s_mem());
+			if (!bio_out) {
+				goto cleanup;
+			}
+
 			if (PEM_write_bio_PrivateKey(bio_out, pkey, NULL, NULL, 0, 0, NULL)) {
 				BUF_MEM *bio_buf;
 				BIO_get_mem_ptr(bio_out, &bio_buf);
@@ -1545,23 +1549,27 @@ PHP_FUNCTION(openssl_pkcs12_read)
 		cert_num = sk_X509_num(ca);
 		if (ca && cert_num) {
 			array_init(&zextracerts);
+			bio_out = BIO_new(BIO_s_mem());
+			if (!bio_out) {
+				goto cleanup;
+			}
 
 			for (i = 0; i < cert_num; i++) {
 				zval zextracert;
 				X509* aCA = sk_X509_pop(ca);
 				if (!aCA) break;
 
-				bio_out = BIO_new(BIO_s_mem());
 				if (PEM_write_bio_X509(bio_out, aCA)) {
 					BUF_MEM *bio_buf;
 					BIO_get_mem_ptr(bio_out, &bio_buf);
 					ZVAL_STRINGL(&zextracert, bio_buf->data, bio_buf->length);
 					add_index_zval(&zextracerts, i, &zextracert);
 				}
 
+				BIO_reset(bio_out);
 				X509_free(aCA);
-				BIO_free(bio_out);
 			}
+			BIO_free(bio_out);
 
 			sk_X509_free(ca);
 			add_assoc_zval(zout, "extracerts", &zextracerts);
@@ -2814,33 +2822,41 @@ PHP_FUNCTION(openssl_pkcs7_read)
 	}
 
 	if (certs != NULL) {
+		bio_out = BIO_new(BIO_s_mem());
+		if (!bio_out) {
+			goto clean_exit;
+		}
 		for (i = 0; i < sk_X509_num(certs); i++) {
 			X509* ca = sk_X509_value(certs, i);
 
-			bio_out = BIO_new(BIO_s_mem());
-			if (bio_out && PEM_write_bio_X509(bio_out, ca)) {
+			if (PEM_write_bio_X509(bio_out, ca)) {
 				BUF_MEM *bio_buf;
 				BIO_get_mem_ptr(bio_out, &bio_buf);
 				ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
 				add_index_zval(zout, i, &zcert);
 			}
-			BIO_free(bio_out);
+			BIO_reset(bio_out);
 		}
+		BIO_free(bio_out);
 	}
 
 	if (crls != NULL) {
+		bio_out = BIO_new(BIO_s_mem());
+		if (!bio_out) {
+			goto clean_exit;
+		}
 		for (i = 0; i < sk_X509_CRL_num(crls); i++) {
 			X509_CRL* crl = sk_X509_CRL_value(crls, i);
 
-			bio_out = BIO_new(BIO_s_mem());
-			if (bio_out && PEM_write_bio_X509_CRL(bio_out, crl)) {
+			if (PEM_write_bio_X509_CRL(bio_out, crl)) {
 				BUF_MEM *bio_buf;
 				BIO_get_mem_ptr(bio_out, &bio_buf);
 				ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
 				add_index_zval(zout, i, &zcert);
 			}
-			BIO_free(bio_out);
+			BIO_reset(bio_out);
 		}
+		BIO_free(bio_out);
 	}
 
 	RETVAL_TRUE;
@@ -3481,33 +3497,43 @@ PHP_FUNCTION(openssl_cms_read)
 	}
 
 	if (certs != NULL) {
+		bio_out = BIO_new(BIO_s_mem());
+		if (!bio_out) {
+			goto clean_exit;
+		}
+
 		for (i = 0; i < sk_X509_num(certs); i++) {
 			X509* ca = sk_X509_value(certs, i);
 
-			bio_out = BIO_new(BIO_s_mem());
-			if (bio_out && PEM_write_bio_X509(bio_out, ca)) {
+			if (PEM_write_bio_X509(bio_out, ca)) {
 				BUF_MEM *bio_buf;
 				BIO_get_mem_ptr(bio_out, &bio_buf);
 				ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
 				add_index_zval(zout, i, &zcert);
 			}
-			BIO_free(bio_out);
+			BIO_reset(bio_out);
 		}
+		BIO_free(bio_out);
 	}
 
 	if (crls != NULL) {
+		bio_out = BIO_new(BIO_s_mem());
+		if (!bio_out) {
+			goto clean_exit;
+		}
+
 		for (i = 0; i < sk_X509_CRL_num(crls); i++) {
 			X509_CRL* crl = sk_X509_CRL_value(crls, i);
 
-			bio_out = BIO_new(BIO_s_mem());
-			if (bio_out && PEM_write_bio_X509_CRL(bio_out, crl)) {
+			if (PEM_write_bio_X509_CRL(bio_out, crl)) {
 				BUF_MEM *bio_buf;
 				BIO_get_mem_ptr(bio_out, &bio_buf);
 				ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
 				add_index_zval(zout, i, &zcert);
 			}
-			BIO_free(bio_out);
+			BIO_reset(bio_out);
 		}
+		BIO_free(bio_out);
 	}
 
 	RETVAL_TRUE;

ext/openssl/openssl_pwhash.c

@@ -51,6 +51,7 @@ ZEND_EXTERN_MODULE_GLOBALS(openssl)
 static inline zend_result get_options(zend_array *options, uint32_t *memlimit, uint32_t *iterlimit, uint32_t *threads)
 {
 	zval *opt;
+	zend_long sthreads;
 
 	*iterlimit = PHP_OPENSSL_PWHASH_ITERLIMIT;
 	*memlimit  = PHP_OPENSSL_PWHASH_MEMLIMIT;
@@ -76,8 +77,7 @@ static inline zend_result get_options(zend_array *options, uint32_t *memlimit, u
 		}
 		*iterlimit = siterlimit;
 	}
-	if ((opt = zend_hash_str_find(options, "threads", strlen("threads"))) && (zval_get_long(opt) != 1)) {
-		zend_long sthreads = zval_get_long(opt);
+	if ((opt = zend_hash_str_find(options, "threads", strlen("threads"))) && ((sthreads = zval_get_long(opt)) != 1)) {
 		if ((sthreads < PHP_OPENSSL_THREADS_MIN) || (sthreads > PHP_OPENSSL_THREADS_MAX)) {
 			zend_value_error("Invalid number of threads");
 			return FAILURE;

ext/openssl/xp_ssl.c

@@ -1508,7 +1508,7 @@ static unsigned char *php_openssl_alpn_protos_parse(unsigned short *outlen, cons
 		return NULL;
 	}
 
-	out = emalloc(strlen(in) + 1);
+	out = emalloc(len + 1);
 
 	for (i = 0; i <= len; ++i) {
 		if (i == len || in[i] == ',') {