php 7.4 no build openssl 3.0.2 error and your patch not work

php 7.4 no build openssl error

with this repo

mkdir -p build
cd build
wget --no-check-certificate https://github.com/remicollet/php-src-security/archive/refs/heads/PHP-7.4-security-backports.tar.gz
tar -xvf PHP-7.4-security-backports.tar.gz
cd php-src-security-PHP-7.4-security-backports
./buildconf --force
./configure  --prefix=/home/user/php \
--with-zlib-dir --with-freetype --enable-mbstring --enable-calendar --with-curl \
--disable-rpath --enable-inline-optimization --with-bz2 --with-zlib \
--enable-sockets --enable-sysvsem --enable-sysvshm --enable-pcntl \
--enable-mbregex --enable-exif --enable-bcmath --with-mhash \
--with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-openssl --with-fpm-user=user \
--with-fpm-group=user --with-libdir=/lib/x86_64-linux-gnu \
--with-gettext --with-xmlrpc --with-xsl --enable-opcache \
--enable-fpm --enable-static --disable-shared --enable-gd-jis-conv
make -j$(nproc --all)

error to build

In file included from /root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:46:
/usr/include/openssl/rsa.h:288:5: note: declared here
  288 | int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
      |     ^~~~~~~~~~~~~~~~~~
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:5960:41: warning: ‘EVP_PKEY_get0_RSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 5960 |                                         EVP_PKEY_get0_RSA(pkey),
      |                                         ^~~~~~~~~~~~~~~~~
In file included from /root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:44:
/usr/include/openssl/evp.h:1346:22: note: declared here
 1346 | const struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
      |                      ^~~~~~~~~~~~~~~~~
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:5960:41: warning: passing argument 4 of ‘RSA_public_decrypt’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
 5960 |                                         EVP_PKEY_get0_RSA(pkey),
      |                                         ^~~~~~~~~~~~~~~~~~~~~~~
In file included from /root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:46:
/usr/include/openssl/rsa.h:289:29: note: expected ‘RSA *’ {aka ‘struct rsa_st *’} but argument is of type ‘const struct rsa_st *’
  289 |                        RSA *rsa, int padding);
      |                        ~~~~~^~~
make: *** [Makefile:707: ext/openssl/openssl.lo] Error 1
make: *** Waiting for unfinished jobs....

with this repo and your patch

cd ..
rm -rf *
wget --no-check-certificate https://github.com/remicollet/php-src-security/archive/refs/heads/PHP-7.4-security-backports.tar.gz
wget https://git.remirepo.net/cgit/rpms/scl-php74/php.git/tree/php-7.4.26-openssl3.patch
tar -xvf PHP-7.4-security-backports.tar.gz
cd php-src-security-PHP-7.4-security-backports
patch -p1 < ../php-7.4.26-openssl3.patch

error on apply patch

patching file ext/openssl/openssl.c
patching file ext/openssl/openssl.c
patching file ext/openssl/tests/bug79145.phpt
Hunk #1 FAILED at 14.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug79145.phpt.rej
patching file ext/openssl/tests/session_meta_capture.phpt
Hunk #1 FAILED at 15.
Hunk #2 FAILED at 37.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/session_meta_capture.phpt.rej
patching file ext/openssl/tests/stream_crypto_flags_001.phpt
Hunk #1 FAILED at 15.
Hunk #2 FAILED at 35.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/stream_crypto_flags_001.phpt.rej
patching file ext/openssl/tests/stream_crypto_flags_002.phpt
Hunk #1 FAILED at 15.
Hunk #2 FAILED at 36.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/stream_crypto_flags_002.phpt.rej
patching file ext/openssl/tests/stream_crypto_flags_003.phpt
Hunk #1 FAILED at 19.
Hunk #2 FAILED at 40.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/stream_crypto_flags_003.phpt.rej
patching file ext/openssl/tests/stream_crypto_flags_004.phpt
Hunk #1 FAILED at 16.
Hunk #2 FAILED at 37.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/stream_crypto_flags_004.phpt.rej
patching file ext/openssl/tests/stream_security_level.phpt
Hunk #1 FAILED at 24.
Hunk #2 succeeded at 66 with fuzz 1.
1 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/stream_security_level.phpt.rej
patching file ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt
Hunk #1 FAILED at 15.
Hunk #2 FAILED at 32.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt.rej
patching file ext/openssl/tests/tls_wrapper.phpt
Hunk #1 FAILED at 14.
Hunk #2 FAILED at 31.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/tls_wrapper.phpt.rej
patching file ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt
Hunk #1 FAILED at 14.
Hunk #2 FAILED at 31.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt.rej
patching file ext/openssl/tests/tlsv1.0_wrapper.phpt
Hunk #1 FAILED at 13.
Hunk #2 FAILED at 30.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/tlsv1.0_wrapper.phpt.rej
patching file ext/openssl/tests/tlsv1.1_wrapper.phpt
Hunk #1 FAILED at 13.
Hunk #2 FAILED at 30.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/tlsv1.1_wrapper.phpt.rej
patching file ext/openssl/tests/bug28382.phpt
Hunk #1 FAILED at 9.
Hunk #2 FAILED at 24.
Hunk #3 FAILED at 33.
3 out of 3 hunks FAILED -- saving rejects to file ext/openssl/tests/bug28382.phpt.rej
patching file ext/openssl/tests/cve2013_4073.phpt
Hunk #1 FAILED at 9.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/cve2013_4073.phpt.rej
patching file ext/openssl/tests/openssl_x509_parse_basic.phpt
Hunk #1 FAILED at 153.
Hunk #2 FAILED at 301.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/openssl_x509_parse_basic.phpt.rej
patching file ext/openssl/tests/openssl_seal_basic.phpt
Hunk #1 succeeded at 9 with fuzz 1.
patching file ext/openssl/tests/openssl_spki_export_basic.phpt
patching file ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
patching file ext/openssl/tests/openssl_spki_new_basic.phpt
patching file ext/openssl/tests/openssl_spki_verify_basic.phpt
patching file ext/openssl/openssl.c
patching file ext/openssl/php_openssl.h
Hunk #1 succeeded at 41 with fuzz 2.
patching file ext/openssl/tests/openssl_open_basic.phpt
Hunk #1 succeeded at 8 with fuzz 2.
patching file ext/openssl/tests/bug80747.phpt
Hunk #1 FAILED at 14.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug80747.phpt.rej
patching file ext/openssl/tests/openssl_dh_compute_key.phpt
patching file ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt
patching file ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt
patching file ext/openssl/tests/bug73711.cnf
patching file ext/openssl/tests/bug73711.phpt
Hunk #1 FAILED at 6.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug73711.phpt.rej
patching file ext/openssl/tests/bug71917.phpt
Hunk #1 FAILED at 3.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug71917.phpt.rej
patching file ext/openssl/tests/bug72362.phpt
Hunk #1 FAILED at 3.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug72362.phpt.rej
patching file ext/openssl/tests/openssl_decrypt_basic.phpt
patching file ext/openssl/tests/bug74022_2.phpt
Hunk #1 FAILED at 12.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug74022_2.phpt.rej
patching file ext/openssl/tests/openssl_pkcs12_read_basic.phpt
Hunk #1 FAILED at 4.
Hunk #2 FAILED at 73.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/openssl_pkcs12_read_basic.phpt.rej
patching file ext/openssl/tests/CertificateGenerator.inc
Hunk #1 FAILED at 65.
Hunk #3 FAILED at 125.
Hunk #4 FAILED at 140.
3 out of 4 hunks FAILED -- saving rejects to file ext/openssl/tests/CertificateGenerator.inc.rej
patching file ext/openssl/tests/openssl_error_string_basic.phpt
Hunk #1 FAILED at 1.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/openssl_error_string_basic.phpt.rej
patching file ext/openssl/openssl.c
Hunk #2 FAILED at 1048.
Hunk #4 FAILED at 1095.
Hunk #5 FAILED at 1166.
Hunk #6 FAILED at 1196.
Hunk #7 FAILED at 1277.
Hunk #8 FAILED at 3141.
Hunk #9 FAILED at 3155.
Hunk #10 FAILED at 3561.
Hunk #11 FAILED at 3645.
9 out of 11 hunks FAILED -- saving rejects to file ext/openssl/openssl.c.rej
patching file ext/openssl/tests/bug52093.phpt
Hunk #1 succeeded at 14 with fuzz 2.
patching file ext/openssl/tests/bug72165.phpt
Hunk #1 FAILED at 6.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug72165.phpt.rej
patching file ext/openssl/tests/bug73711.phpt
Hunk #1 FAILED at 6.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug73711.phpt.rej
patching file ext/openssl/tests/ecc.phpt
Hunk #1 FAILED at 4.
Hunk #2 FAILED at 15.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/ecc.phpt.rej
patching file ext/openssl/openssl.c
Hunk #1 succeeded at 4648 (offset 1 line).
Hunk #2 succeeded at 4713 (offset 1 line).
patching file ext/openssl/tests/openssl_pkey_export_basic.phpt
patching file ext/openssl/openssl.c
Hunk #1 FAILED at 3995.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/openssl.c.rej
patching file ext/openssl/openssl.c
Hunk #1 succeeded at 4383 (offset 11 lines).
Hunk #2 FAILED at 4572.
1 out of 2 hunks FAILED -- saving rejects to file ext/openssl/openssl.c.rej
patching file ext/openssl/tests/ecc.phpt
Hunk #1 succeeded at 33 with fuzz 2 (offset -3 lines).
Hunk #2 succeeded at 101 (offset -3 lines).
patching file ext/openssl/openssl.c
Hunk #1 FAILED at 57.
Hunk #2 succeeded at 4384 (offset 11 lines).
Hunk #3 succeeded at 4462 (offset 11 lines).
Hunk #4 succeeded at 4479 (offset 11 lines).
Hunk #5 succeeded at 4595 (offset 11 lines).
1 out of 5 hunks FAILED -- saving rejects to file ext/openssl/openssl.c.rej
patching file ext/openssl/openssl.c
Hunk #1 succeeded at 3723 (offset -4 lines).
Hunk #2 FAILED at 3748.
1 out of 2 hunks FAILED -- saving rejects to file ext/openssl/openssl.c.rej
patching file ext/openssl/xp_ssl.c
patching file ext/openssl/openssl.c
Hunk #2 succeeded at 4501 (offset 23 lines).
patching file ext/openssl/openssl.c
Hunk #1 succeeded at 4477 (offset 23 lines).

./buildconf --force
./configure  --prefix=/home/user/php \
--with-zlib-dir --with-freetype --enable-mbstring --enable-calendar --with-curl \
--disable-rpath --enable-inline-optimization --with-bz2 --with-zlib \
--enable-sockets --enable-sysvsem --enable-sysvshm --enable-pcntl \
--enable-mbregex --enable-exif --enable-bcmath --with-mhash \
--with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-openssl --with-fpm-user=user \
--with-fpm-group=user --with-libdir=/lib/x86_64-linux-gnu \
--with-gettext --with-xmlrpc --with-xsl --enable-opcache \
--enable-fpm --enable-static --disable-shared --enable-gd-jis-conv
make -j$(nproc --all)

error to build

/usr/include/openssl/dh.h:204:28: note: declared here
  204 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
      |                            ^~~~~~~
make: *** [Makefile:709: ext/openssl/xp_ssl.lo] Error 1
make: *** Waiting for unfinished jobs....
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:4604:14: warning: implicit declaration of function ‘php_openssl_pkey_init_legacy_ec’; did you mean ‘php_openssl_pkey_init_ec’? [-Wimplicit-function-declaration]
 4604 |         if (!php_openssl_pkey_init_legacy_ec(ec, data, is_private)
      |              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |              php_openssl_pkey_init_ec
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c: At top level:
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:6608:32: error: token ";" is not valid in preprocessor expressions
 6608 | #if PHP_OPENSSL_API_VERSION &gt;= 0x30000
      |                                ^
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c: In function ‘zif_openssl_get_cipher_methods’:
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:6643:32: error: token ";" is not valid in preprocessor expressions
 6643 | #if PHP_OPENSSL_API_VERSION &gt;= 0x30000
      |                                ^
At top level:
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:4499:18: warning: ‘php_openssl_pkey_init_ec’ defined but not used [-Wunused-function]
 4499 | static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, int *is_private) {
      |                  ^~~~~~~~~~~~~~~~~~~~~~~~
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:3727:18: warning: ‘php_openssl_extract_public_key’ defined but not used [-Wunused-function]
 3727 | static EVP_PKEY *php_openssl_extract_public_key(EVP_PKEY *priv_key)
      |                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:1079:13: warning: ‘php_openssl_conf_get_number’ defined but not used [-Wunused-function]
 1079 | static long php_openssl_conf_get_number(CONF *conf, const char *group, const char *name) {
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
make: *** [Makefile:707: ext/openssl/openssl.lo] Error 1

with this repo and minimal openssl patch

cd ..
rm -rf *
wget --no-check-certificate https://github.com/remicollet/php-src-security/archive/refs/heads/PHP-7.4-security-backports.tar.gz
wget https://github.com/amidevous/php-src-security/commit/fc7f5eaf4446feeec3e58caadc6bad4133b9e626.patch
tar -xvf PHP-7.4-security-backports.tar.gz
cd php-src-security-PHP-7.4-security-backports
patch -p1 < ../fc7f5eaf4446feeec3e58caadc6bad4133b9e626.patch
./buildconf --force
./configure  --prefix=/home/user/php \
--with-zlib-dir --with-freetype --enable-mbstring --enable-calendar --with-curl \
--disable-rpath --enable-inline-optimization --with-bz2 --with-zlib \
--enable-sockets --enable-sysvsem --enable-sysvshm --enable-pcntl \
--enable-mbregex --enable-exif --enable-bcmath --with-mhash \
--with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-openssl --with-fpm-user=user \
--with-fpm-group=user --with-libdir=/lib/x86_64-linux-gnu \
--with-gettext --with-xmlrpc --with-xsl --enable-opcache \
--enable-fpm --enable-static --disable-shared --enable-gd-jis-conv
make -j$(nproc --all)

error to build

/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:5776:49: warning: ‘EVP_PKEY_get0_RSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 5776 |                                                 EVP_PKEY_get0_RSA(pkey),
      |                                                 ^~~~~~~~~~~~~~~~~
In file included from /root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:44:
/usr/include/openssl/evp.h:1346:22: note: declared here
 1346 | const struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
      |                      ^~~~~~~~~~~~~~~~~
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:5776:49: warning: passing argument 4 of ‘RSA_private_encrypt’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
 5776 |                                                 EVP_PKEY_get0_RSA(pkey),
      |                                                 ^~~~~~~~~~~~~~~~~~~~~~~
In file included from /root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:46:
/usr/include/openssl/rsa.h:286:30: note: expected ‘RSA *’ {aka ‘struct rsa_st *’} but argument is of type ‘const struct rsa_st *’
  286 |                         RSA *rsa, int padding);
      |                         ~~~~~^~~
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c: In function ‘zif_openssl_private_decrypt’:
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:5834:25: warning: ‘RSA_private_decrypt’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 5834 |                         cryptedlen = RSA_private_decrypt((int)data_len,
      |                         ^~~~~~~~~~
In file included from /root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:46:
/usr/include/openssl/rsa.h:291:5: note: declared here
  291 | int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
      |     ^~~~~~~~~~~~~~~~~~~
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:5837:41: warning: ‘EVP_PKEY_get0_RSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 5837 |                                         EVP_PKEY_get0_RSA(pkey),
      |                                         ^~~~~~~~~~~~~~~~~
In file included from /root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:44:
/usr/include/openssl/evp.h:1346:22: note: declared here
 1346 | const struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
      |                      ^~~~~~~~~~~~~~~~~
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:5837:41: warning: passing argument 4 of ‘RSA_private_decrypt’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
 5837 |                                         EVP_PKEY_get0_RSA(pkey),
      |                                         ^~~~~~~~~~~~~~~~~~~~~~~
In file included from /root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:46:
/usr/include/openssl/rsa.h:292:30: note: expected ‘RSA *’ {aka ‘struct rsa_st *’} but argument is of type ‘const struct rsa_st *’
  292 |                         RSA *rsa, int padding);
      |                         ~~~~~^~~
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c: In function ‘zif_openssl_public_encrypt’:
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:5901:25: warning: ‘RSA_public_encrypt’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 5901 |                         successful = (RSA_public_encrypt((int)data_len,
      |                         ^~~~~~~~~~
In file included from /root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:46:
/usr/include/openssl/rsa.h:282:5: note: declared here
  282 | int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
      |     ^~~~~~~~~~~~~~~~~~
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:5904:49: warning: ‘EVP_PKEY_get0_RSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 5904 |                                                 EVP_PKEY_get0_RSA(pkey),
      |                                                 ^~~~~~~~~~~~~~~~~
In file included from /root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:44:
/usr/include/openssl/evp.h:1346:22: note: declared here
 1346 | const struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
      |                      ^~~~~~~~~~~~~~~~~
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:5904:49: warning: passing argument 4 of ‘RSA_public_encrypt’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
 5904 |                                                 EVP_PKEY_get0_RSA(pkey),
      |                                                 ^~~~~~~~~~~~~~~~~~~~~~~
In file included from /root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:46:
/usr/include/openssl/rsa.h:283:29: note: expected ‘RSA *’ {aka ‘struct rsa_st *’} but argument is of type ‘const struct rsa_st *’
  283 |                        RSA *rsa, int padding);
      |                        ~~~~~^~~
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c: In function ‘zif_openssl_public_decrypt’:
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:5963:25: warning: ‘RSA_public_decrypt’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 5963 |                         cryptedlen = RSA_public_decrypt((int)data_len,
      |                         ^~~~~~~~~~
In file included from /root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:46:
/usr/include/openssl/rsa.h:288:5: note: declared here
  288 | int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
      |     ^~~~~~~~~~~~~~~~~~
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:5966:41: warning: ‘EVP_PKEY_get0_RSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 5966 |                                         EVP_PKEY_get0_RSA(pkey),
      |                                         ^~~~~~~~~~~~~~~~~
In file included from /root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:44:
/usr/include/openssl/evp.h:1346:22: note: declared here
 1346 | const struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
      |                      ^~~~~~~~~~~~~~~~~
/root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:5966:41: warning: passing argument 4 of ‘RSA_public_decrypt’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
 5966 |                                         EVP_PKEY_get0_RSA(pkey),
      |                                         ^~~~~~~~~~~~~~~~~~~~~~~
In file included from /root/phpbuild/php-src-security-PHP-7.4-security-backports/ext/openssl/openssl.c:46:
/usr/include/openssl/rsa.h:289:29: note: expected ‘RSA *’ {aka ‘struct rsa_st *’} but argument is of type ‘const struct rsa_st *’
  289 |                        RSA *rsa, int padding);
      |                        ~~~~~^~~
make: *** [Makefile:707: ext/openssl/openssl.lo] Error 1
make: *** Waiting for unfinished jobs....

please solve this problem openssl version 3.0.2

@amidevous

This is already solved. The solution is simple:

1.) Move to newer php 2.) Create a patch to detect openssl version and make necessary changes.

Contact me and we can discuss further if needed.

given that I have to do a project which is in two parts

updating php is impossible

There is actually an admin management part which is open source

and which could therefore be updated to php 8

but there is an api part which and pox on it

and the code was made at the time of php 7.2

it runs in 7.4 but not in 8 on 8 it's a direct blank page

plus the minimum openssl 3 patch that I gave above

works on the official version of php 7.4.33

but not on this security version correct by rémi

in other words it is wrong for a patch to be applied urgently here

just as it should also be applied to other versions of php which are present here

the most important php 5.6 and 7.4

even today there are still projects that are blocked on 5.6 due to the impossibility of extensions

after which there is no more security update we can understand it

but they are wrong at least make sure that this version can be compiled on all distributions and those for life

given that there are many projects which are probably blocked for life on these versions

just as normally php should provide a tool to automatically convert the code

Are they the ones who do it? No, they prefer to leave people in trouble

for information this patch if comes from there I just changed the lines

https://github.com/amidevous/php-src-security/commit/fc7f5eaf4446feeec3e58caadc6bad4133b9e626.patch

source ubuntu ppa and debian dpa

file 0049-Add-minimal-OpenSSL-3.0-patch.patch

From: =?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej@sury.org>
Date: Thu, 21 Apr 2022 12:52:24 +0200
Subject: Add minimal OpenSSL 3.0 patch

---
 ext/openssl/openssl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index aa819be..2fa74f2 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -55,6 +55,10 @@
 #include <openssl/rand.h>
 #include <openssl/ssl.h>
 #include <openssl/pkcs12.h>
+#if PHP_OPENSSL_API_VERSION >= 0x30000
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
+#endif

 /* Common */
 #include <time.h>
@@ -1517,7 +1521,9 @@ PHP_MINIT_FUNCTION(openssl)
    REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);

    REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
+#ifdef RSA_SSLV23_PADDING
    REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT);
+#endif
    REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
    REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);

on this official source

https://www.php.net/distributions/php-7.4.33.tar.xz

patch work and build work

with remi php-security build not work

in other words our dear Remi is making changes

without taking into account the patches that have already been made by others

it does this patch only for Red Hat distributions

without taking into account that there are many other Linux distributions

there are fake single patches that are compatible with all distributions

and not patches which only apply to a specific category of Linux distribution

Calm down a bit. You really do not have to use this repo by @remicollet OK, you will miss a few security backports, but otherwise the official distribution is almost as good as this one.

Or try to create an amended patch that works for this repo as well and open a PR. I have done this a couple of times when Remi's repo did not compile on Windows.

but Remi wants to make security fixes

ok that's very good but in this case it's his responsibility

ensure that the modifications that make

is compatible for all

I talked about Linux distributions but Windows is not excluded either

moreover for me it's all gibberish

so make the patch myself I don't know how to do it

resumes what was already done and just puts it back on the right line, it's a simple thing

but making a patch of 0 impossible for me

you said yourself that you had to make corrections

well that’s also not normal

in addition he and there to talk about it no

on his forum and those of fédora yet he is present

and spend hours on projects that are not his

but to resolve an important problem on your own project

there is no one

if you look closely there are 3 open issues and he answered 0

so who is reporting issues and should therefore be the first to respond

you said yourself that you had to make corrections well that’s also not normal

In an open source project like PHP that is perfectly normal.

well no when anyone does a project it is their responsibility to make sure what works

php is intended for all distributions

therefore the patches must also be done accordingly for all distributions

especially who is perfectly aware of this problem and has been for over a year

@amidevous please STFU! No one has to do anything, at least as long as it is voluntary work.

@amidevous i am very much familiar with your projects. it is why i have invited you to contact me. as others have suggested, for a variant of php that is now "end of life," with the patches provided by remi, the php is good enough. moving to php 8 should be a bigger priority for you. as these gentlemen have pointed, no one is required to make updates and if they do not, then it is rightfully just since it is end of life.

@waja @Jan-E kindly forgive @amidevous as his english is not very strong. in fact, it's heavily dependent upon a translator and because of this, the english translations do come out more aggressive and hostile than it is intended. i am familiar with him which is why i have invited him towards a collaboration instead of opening issues.

PHP 7.4 (and 8.0) does not support OpenSSL 3, this is not a security issue.

PHP 7.4 receives security fixes for people running it on compatible systems

The minimal patch that is used by some people is not complete

The full patch I wrote (from changes in PHP 8.1) allow me to run the full openssl test suite with success and without any segfault.

It applies cleanly on this project

[remi@builder ms-php-security74 (PHP-7.4-security-backports)]$ patch -p1 </home/rpmbuild/SPECS/remirepo/php/php74/php-7.4.26-openssl3.patch
patching file ext/openssl/openssl.c
patching file ext/openssl/openssl.c
patching file ext/openssl/tests/bug79145.phpt
patching file ext/openssl/tests/session_meta_capture.phpt
patching file ext/openssl/tests/stream_crypto_flags_001.phpt
patching file ext/openssl/tests/stream_crypto_flags_002.phpt
patching file ext/openssl/tests/stream_crypto_flags_003.phpt
patching file ext/openssl/tests/stream_crypto_flags_004.phpt
patching file ext/openssl/tests/stream_security_level.phpt
patching file ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt
patching file ext/openssl/tests/tls_wrapper.phpt
patching file ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt
patching file ext/openssl/tests/tlsv1.0_wrapper.phpt
patching file ext/openssl/tests/tlsv1.1_wrapper.phpt
patching file ext/openssl/tests/bug28382.phpt
patching file ext/openssl/tests/cve2013_4073.phpt
patching file ext/openssl/tests/openssl_x509_parse_basic.phpt
patching file ext/openssl/tests/openssl_seal_basic.phpt
patching file ext/openssl/tests/openssl_spki_export_basic.phpt
patching file ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
patching file ext/openssl/tests/openssl_spki_new_basic.phpt
patching file ext/openssl/tests/openssl_spki_verify_basic.phpt
patching file ext/openssl/openssl.c
patching file ext/openssl/php_openssl.h
patching file ext/openssl/tests/openssl_open_basic.phpt
patching file ext/openssl/tests/bug80747.phpt
patching file ext/openssl/tests/openssl_dh_compute_key.phpt
patching file ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt
patching file ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt
patching file ext/openssl/tests/bug73711.cnf
patching file ext/openssl/tests/bug73711.phpt
patching file ext/openssl/tests/bug71917.phpt
patching file ext/openssl/tests/bug72362.phpt
patching file ext/openssl/tests/openssl_decrypt_basic.phpt
patching file ext/openssl/tests/bug74022_2.phpt
patching file ext/openssl/tests/openssl_pkcs12_read_basic.phpt
patching file ext/openssl/tests/CertificateGenerator.inc
patching file ext/openssl/tests/openssl_error_string_basic.phpt
patching file ext/openssl/openssl.c
patching file ext/openssl/tests/bug52093.phpt
patching file ext/openssl/tests/bug72165.phpt
patching file ext/openssl/tests/bug73711.phpt
patching file ext/openssl/tests/ecc.phpt
patching file ext/openssl/openssl.c
patching file ext/openssl/tests/openssl_pkey_export_basic.phpt
patching file ext/openssl/openssl.c
patching file ext/openssl/openssl.c
patching file ext/openssl/tests/ecc.phpt
patching file ext/openssl/openssl.c
patching file ext/openssl/openssl.c
patching file ext/openssl/xp_ssl.c
patching file ext/openssl/openssl.c
patching file ext/openssl/openssl.c

If you really need to run EOL versions, you should probably consider using an Enterprise distribution with long time support and a good PHP provider.

Ex:

RHEL-8 and derivative have PHP 7.4 and will maintained until 2029. My repository provides PHP 5.6 to 8.3
RHEL-9 and derivative have PHP 8.2 and will maintained until 2032. My repository provides PHP 7.4 to 8.3

Closing this as the discussion goes wrong.

it's weird I did the same thing just above by taking the patch from your git and I even just retested and as you can see it doesn't work

wget --no-check-certificate https://github.com/remicollet/php-src-security/archive/refs/heads/PHP-7.4-security-backports.tar.gz
wget https://git.remirepo.net/cgit/rpms/scl-php74/php.git/tree/php-7.4.26-openssl3.patch
tar -xvf PHP-7.4-security-backports.tar.gz
cd php-src-security-PHP-7.4-security-backports
patch -p1 < ../php-7.4.26-openssl3.patch


patching file ext/openssl/openssl.c
patching file ext/openssl/openssl.c
patching file ext/openssl/tests/bug79145.phpt
Hunk #1 FAILED at 14.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug79145.phpt.rej
patching file ext/openssl/tests/session_meta_capture.phpt
Hunk #1 FAILED at 15.
Hunk #2 FAILED at 37.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/session_meta_capture.phpt.rej
patching file ext/openssl/tests/stream_crypto_flags_001.phpt
Hunk #1 FAILED at 15.
Hunk #2 FAILED at 35.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/stream_crypto_flags_001.phpt.rej
patching file ext/openssl/tests/stream_crypto_flags_002.phpt
Hunk #1 FAILED at 15.
Hunk #2 FAILED at 36.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/stream_crypto_flags_002.phpt.rej
patching file ext/openssl/tests/stream_crypto_flags_003.phpt
Hunk #1 FAILED at 19.
Hunk #2 FAILED at 40.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/stream_crypto_flags_003.phpt.rej
patching file ext/openssl/tests/stream_crypto_flags_004.phpt
Hunk #1 FAILED at 16.
Hunk #2 FAILED at 37.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/stream_crypto_flags_004.phpt.rej
patching file ext/openssl/tests/stream_security_level.phpt
Hunk #1 FAILED at 24.
Hunk #2 succeeded at 66 with fuzz 1.
1 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/stream_security_level.phpt.rej
patching file ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt
Hunk #1 FAILED at 15.
Hunk #2 FAILED at 32.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt.rej
patching file ext/openssl/tests/tls_wrapper.phpt
Hunk #1 FAILED at 14.
Hunk #2 FAILED at 31.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/tls_wrapper.phpt.rej
patching file ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt
Hunk #1 FAILED at 14.
Hunk #2 FAILED at 31.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt.rej
patching file ext/openssl/tests/tlsv1.0_wrapper.phpt
Hunk #1 FAILED at 13.
Hunk #2 FAILED at 30.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/tlsv1.0_wrapper.phpt.rej
patching file ext/openssl/tests/tlsv1.1_wrapper.phpt
Hunk #1 FAILED at 13.
Hunk #2 FAILED at 30.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/tlsv1.1_wrapper.phpt.rej
patching file ext/openssl/tests/bug28382.phpt
Hunk #1 FAILED at 9.
Hunk #2 FAILED at 24.
Hunk #3 FAILED at 33.
3 out of 3 hunks FAILED -- saving rejects to file ext/openssl/tests/bug28382.phpt.rej
patching file ext/openssl/tests/cve2013_4073.phpt
Hunk #1 FAILED at 9.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/cve2013_4073.phpt.rej
patching file ext/openssl/tests/openssl_x509_parse_basic.phpt
Hunk #1 FAILED at 153.
Hunk #2 FAILED at 301.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/openssl_x509_parse_basic.phpt.rej
patching file ext/openssl/tests/openssl_seal_basic.phpt
Hunk #1 succeeded at 9 with fuzz 1.
patching file ext/openssl/tests/openssl_spki_export_basic.phpt
patching file ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
patching file ext/openssl/tests/openssl_spki_new_basic.phpt
patching file ext/openssl/tests/openssl_spki_verify_basic.phpt
patching file ext/openssl/openssl.c
patching file ext/openssl/php_openssl.h
Hunk #1 succeeded at 41 with fuzz 2.
patching file ext/openssl/tests/openssl_open_basic.phpt
Hunk #1 succeeded at 8 with fuzz 2.
patching file ext/openssl/tests/bug80747.phpt
Hunk #1 FAILED at 14.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug80747.phpt.rej
patching file ext/openssl/tests/openssl_dh_compute_key.phpt
patching file ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt
patching file ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt
patching file ext/openssl/tests/bug73711.cnf
patching file ext/openssl/tests/bug73711.phpt
Hunk #1 FAILED at 6.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug73711.phpt.rej
patching file ext/openssl/tests/bug71917.phpt
Hunk #1 FAILED at 3.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug71917.phpt.rej
patching file ext/openssl/tests/bug72362.phpt
Hunk #1 FAILED at 3.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug72362.phpt.rej
patching file ext/openssl/tests/openssl_decrypt_basic.phpt
patching file ext/openssl/tests/bug74022_2.phpt
Hunk #1 FAILED at 12.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug74022_2.phpt.rej
patching file ext/openssl/tests/openssl_pkcs12_read_basic.phpt
Hunk #1 FAILED at 4.
Hunk #2 FAILED at 73.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/openssl_pkcs12_read_basic.phpt.rej
patching file ext/openssl/tests/CertificateGenerator.inc
Hunk #1 FAILED at 65.
Hunk #3 FAILED at 125.
Hunk #4 FAILED at 140.
3 out of 4 hunks FAILED -- saving rejects to file ext/openssl/tests/CertificateGenerator.inc.rej
patching file ext/openssl/tests/openssl_error_string_basic.phpt
Hunk #1 FAILED at 1.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/openssl_error_string_basic.phpt.rej
patching file ext/openssl/openssl.c
Hunk #2 FAILED at 1048.
Hunk #4 FAILED at 1095.
Hunk #5 FAILED at 1166.
Hunk #6 FAILED at 1196.
Hunk #7 FAILED at 1277.
Hunk #8 FAILED at 3141.
Hunk #9 FAILED at 3155.
Hunk #10 FAILED at 3561.
Hunk #11 FAILED at 3645.
9 out of 11 hunks FAILED -- saving rejects to file ext/openssl/openssl.c.rej
patching file ext/openssl/tests/bug52093.phpt
Hunk #1 succeeded at 14 with fuzz 2.
patching file ext/openssl/tests/bug72165.phpt
Hunk #1 FAILED at 6.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug72165.phpt.rej
patching file ext/openssl/tests/bug73711.phpt
Hunk #1 FAILED at 6.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/tests/bug73711.phpt.rej
patching file ext/openssl/tests/ecc.phpt
Hunk #1 FAILED at 4.
Hunk #2 FAILED at 15.
2 out of 2 hunks FAILED -- saving rejects to file ext/openssl/tests/ecc.phpt.rej
patching file ext/openssl/openssl.c
Hunk #1 succeeded at 4648 (offset 1 line).
Hunk #2 succeeded at 4713 (offset 1 line).
patching file ext/openssl/tests/openssl_pkey_export_basic.phpt
patching file ext/openssl/openssl.c
Hunk #1 FAILED at 3995.
1 out of 1 hunk FAILED -- saving rejects to file ext/openssl/openssl.c.rej
patching file ext/openssl/openssl.c
Hunk #1 succeeded at 4383 (offset 11 lines).
Hunk #2 FAILED at 4572.
1 out of 2 hunks FAILED -- saving rejects to file ext/openssl/openssl.c.rej
patching file ext/openssl/tests/ecc.phpt
Hunk #1 succeeded at 33 with fuzz 2 (offset -3 lines).
Hunk #2 succeeded at 101 (offset -3 lines).
patching file ext/openssl/openssl.c
Hunk #1 FAILED at 57.
Hunk #2 succeeded at 4384 (offset 11 lines).
Hunk #3 succeeded at 4462 (offset 11 lines).
Hunk #4 succeeded at 4479 (offset 11 lines).
Hunk #5 succeeded at 4595 (offset 11 lines).
1 out of 5 hunks FAILED -- saving rejects to file ext/openssl/openssl.c.rej
patching file ext/openssl/openssl.c
Hunk #1 succeeded at 3723 (offset -4 lines).
Hunk #2 FAILED at 3748.
1 out of 2 hunks FAILED -- saving rejects to file ext/openssl/openssl.c.rej
patching file ext/openssl/xp_ssl.c
patching file ext/openssl/openssl.c
Hunk #2 succeeded at 4501 (offset 23 lines).
patching file ext/openssl/openssl.c
Hunk #1 succeeded at 4477 (offset 23 lines).

you know it works but you don't give the source of the file it must be different from that of your git in this case

because you see clearly I don't have the same result with

ok lol

It's me who made the mistake, I didn't even see it anymore

wget https://git.remirepo.net/cgit/rpms/scl-php74/php.git/plain/php-7.4.26-openssl3.patch

plain and not tree

patch need rediff, source code change tabs

remicollet / php-src-security

php 7.4 no build openssl 3.0.2 error and your patch not work #12