Merge branch 'PHP-8.4' into PHP-8.5

* PHP-8.4:
  Fix crash in php_openssl_pkey_init_ec() when EVP_PKEY_CTX_new() fails
  Fix memory leak in check_cert() when X509_STORE_CTX_init() fails
  Fix NPD when i2d_PKCS12_bio is called on NULL bio

Author: ndossche

ext/openssl/openssl.c

@@ -1443,7 +1443,7 @@ PHP_FUNCTION(openssl_pkcs12_export)
 
 	if (p12 != NULL) {
 		bio_out = BIO_new(BIO_s_mem());
-		if (i2d_PKCS12_bio(bio_out, p12)) {
+		if (bio_out && i2d_PKCS12_bio(bio_out, p12)) {
 			BUF_MEM *bio_buf;
 
 			BIO_get_mem_ptr(bio_out, &bio_buf);

ext/openssl/openssl_backend_common.c

@@ -748,6 +748,7 @@ int php_openssl_check_cert(X509_STORE *ctx, X509 *x, STACK_OF(X509) *untrustedch
 		return 0;
 	}
 	if (!X509_STORE_CTX_init(csc, ctx, x, untrustedchain)) {
+		X509_STORE_CTX_free(csc);
 		php_openssl_store_errors();
 		php_error_docref(NULL, E_WARNING, "Certificate store initialization failed");
 		return 0;

ext/openssl/openssl_backend_v3.c

@@ -454,6 +454,9 @@ EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) {
 		}
 		EVP_PKEY_CTX_free(ctx);
 		ctx = EVP_PKEY_CTX_new(param_key, NULL);
+		if (!ctx) {
+			goto cleanup;
+		}
 	}
 
 	if (EVP_PKEY_check(ctx) || EVP_PKEY_public_check_quick(ctx)) {