Skip to content

ext/openssl: Deprecate $key_length parameter of openssl_pkey_derive() #19421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 9, 2025
Merged

ext/openssl: Deprecate $key_length parameter of openssl_pkey_derive() #19421

merged 2 commits into from
Aug 9, 2025

Conversation

Girgias
Copy link
Member

@Girgias Girgias commented Aug 8, 2025

@Girgias Girgias requested a review from bukka as a code owner August 8, 2025 20:47
bukka
bukka reviewed Aug 8, 2025
View reviewed changes
@Girgias
Copy link
Member Author

Girgias commented Aug 8, 2025

@bukka do you know why MacOS is seemingly segfaulting?

bukka
bukka reviewed Aug 8, 2025
View reviewed changes
ext/openssl/tests/openssl_pkey_derive_deprecated_key_length_param.phpt Outdated
-----END PUBLIC KEY-----
");

var_dump(openssl_pkey_derive($pub, $priv, 10));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do you expect this to be false?

@bukka
Copy link
Member

bukka commented Aug 8, 2025

do you know why MacOS is seemingly segfaulting?

It's not segfaulting but printing the derived secret. I added comment to the test as I'm not sure why there is that false check. This looks like copy of the openssl_pkey_derive() DH test

@bukka
Copy link
Member

bukka commented Aug 8, 2025

Ah because it's lower for DH...

@bukka
Copy link
Member

bukka commented Aug 8, 2025
edited
Loading

Ah MacOS is still on 1.1.1 (which is good because we at least have some test for it) which actually segfaults for me too.

@bukka
Copy link
Member

bukka commented Aug 8, 2025

This is a bug #19428

For testing this deprecation, just use

echo bin2hex(openssl_pkey_derive($pub,$priv,100));

for now.

bukka
bukka reviewed Aug 9, 2025
View reviewed changes
ext/openssl/tests/openssl_pkey_derive_deprecated_key_length_param.phpt Outdated
-----END PUBLIC KEY-----
");

var_dump(bin2hex(openssl_pkey_derive($pub, $priv, 100)));
Copy link
Member

@bukka bukka Aug 9, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
var_dump(bin2hex(openssl_pkey_derive($pub, $priv, 100)));
var_dump(bin2hex(openssl_pkey_derive($pub, $priv, 1000)));

And update expectation,,,

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry 100 did not make much sense

@Girgias Girgias merged commit 284e622 into php:master Aug 9, 2025
9 checks passed
@Girgias Girgias deleted the 8.5-openssl-dep branch August 9, 2025 21:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bukka bukka bukka approved these changes

Assignees
No one assigned
Labels
Extension: openssl
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Girgias @bukka