Add openssl_cipher_key_length function

bukka · bukka · commit 4951d717df72 · 2022-08-21T17:26:48.000+01:00
This function works in exactly the same way as openssl_cipher_iv_length
but for a key length. This is especially useful to make sure that the
right key length is provided to openssl_encrypt and openssl_decrypt.
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -7600,44 +7600,76 @@ PHP_FUNCTION(openssl_decrypt)
 }
 /* }}} */
 
-PHP_OPENSSL_API zend_long php_openssl_cipher_iv_length(const char *method)
+static inline const EVP_CIPHER *php_openssl_get_evp_cipher_by_name(const char *method)
 {
 	const EVP_CIPHER *cipher_type;
 
 	cipher_type = EVP_get_cipherbyname(method);
 	if (!cipher_type) {
 		php_error_docref(NULL, E_WARNING, "Unknown cipher algorithm");
-		return -1;
+		return NULL;
 	}
 
-	return EVP_CIPHER_iv_length(cipher_type);
+	return cipher_type;
+}
+
+PHP_OPENSSL_API zend_long php_openssl_cipher_iv_length(const char *method)
+{
+	const EVP_CIPHER *cipher_type = php_openssl_get_evp_cipher_by_name(method);
+
+	return cipher_type == NULL ? -1 : EVP_CIPHER_iv_length(cipher_type);
 }
 
-/* {{{ */
 PHP_FUNCTION(openssl_cipher_iv_length)
 {
-	char *method;
-	size_t method_len;
+	zend_string *method;
 	zend_long ret;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &method, &method_len) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "S", &method) == FAILURE) {
 		RETURN_THROWS();
 	}
 
-	if (!method_len) {
+	if (ZSTR_LEN(method) == 0) {
 		zend_argument_value_error(1, "cannot be empty");
 		RETURN_THROWS();
 	}
 
 	/* Warning is emitted in php_openssl_cipher_iv_length */
-	if ((ret = php_openssl_cipher_iv_length(method)) == -1) {
+	if ((ret = php_openssl_cipher_iv_length(ZSTR_VAL(method))) == -1) {
 		RETURN_FALSE;
 	}
 
 	RETURN_LONG(ret);
 }
-/* }}} */
 
+PHP_OPENSSL_API zend_long php_openssl_cipher_key_length(const char *method)
+{
+	const EVP_CIPHER *cipher_type = php_openssl_get_evp_cipher_by_name(method);
+
+	return cipher_type == NULL ? -1 : EVP_CIPHER_key_length(cipher_type);
+}
+
+PHP_FUNCTION(openssl_cipher_key_length)
+{
+	zend_string *method;
+	zend_long ret;
+
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "S", &method) == FAILURE) {
+		RETURN_THROWS();
+	}
+
+	if (ZSTR_LEN(method) == 0) {
+		zend_argument_value_error(1, "cannot be empty");
+		RETURN_THROWS();
+	}
+
+	/* Warning is emitted in php_openssl_cipher_key_length */
+	if ((ret = php_openssl_cipher_key_length(ZSTR_VAL(method))) == -1) {
+		RETURN_FALSE;
+	}
+
+	RETURN_LONG(ret);
+}
 
 PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long buffer_length)
 {
diff --git a/ext/openssl/openssl.stub.php b/ext/openssl/openssl.stub.php
@@ -610,6 +610,8 @@ function openssl_decrypt(string $data, string $cipher_algo, #[\SensitiveParamete
 
 function openssl_cipher_iv_length(string $cipher_algo): int|false {}
 
+function openssl_cipher_key_length(string $cipher_algo): int|false {}
+
 function openssl_dh_compute_key(string $public_key, #[\SensitiveParameter] OpenSSLAsymmetricKey $private_key): string|false {}
 
 /**
diff --git a/ext/openssl/openssl_arginfo.h b/ext/openssl/openssl_arginfo.h
diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h
@@ -93,6 +93,7 @@ php_stream_transport_factory_func php_openssl_ssl_socket_factory;
 void php_openssl_store_errors(void);
 
 PHP_OPENSSL_API zend_long php_openssl_cipher_iv_length(const char *method);
+PHP_OPENSSL_API zend_long php_openssl_cipher_key_length(const char *method);
 PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long length);
 PHP_OPENSSL_API zend_string* php_openssl_encrypt(
 	const char *data, size_t data_len,
diff --git a/ext/openssl/tests/openssl_cipher_iv_length_basic.phpt b/ext/openssl/tests/openssl_cipher_iv_length_basic.phpt
@@ -0,0 +1,12 @@
+--TEST--
+openssl_cipher_iv_length() basic test
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+
+var_dump(openssl_cipher_iv_length('AES-128-CBC'));
+
+?>
+--EXPECT--
+int(16)
diff --git a/ext/openssl/tests/openssl_cipher_iv_length_error.phpt b/ext/openssl/tests/openssl_cipher_iv_length_error.phpt
@@ -0,0 +1,21 @@
+--TEST--
+openssl_cipher_iv_length() error test
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+
+var_dump(openssl_cipher_iv_length('unknown'));
+
+try {
+    var_dump(openssl_cipher_iv_length(''));
+} catch (ValueError $e) {
+    echo $e->getMessage() . "\n";
+}
+
+?>
+--EXPECTF--
+
+Warning: openssl_cipher_iv_length(): Unknown cipher algorithm in %s on line %d
+bool(false)
+openssl_cipher_iv_length(): Argument #1 ($cipher_algo) cannot be empty
diff --git a/ext/openssl/tests/openssl_cipher_key_length_basic.phpt b/ext/openssl/tests/openssl_cipher_key_length_basic.phpt
@@ -0,0 +1,14 @@
+--TEST--
+openssl_cipher_key_length() basic test
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+
+var_dump(openssl_cipher_key_length('AES-128-CBC'));
+var_dump(openssl_cipher_key_length('AES-256-CBC'));
+
+?>
+--EXPECT--
+int(16)
+int(32)
diff --git a/ext/openssl/tests/openssl_cipher_key_length_error.phpt b/ext/openssl/tests/openssl_cipher_key_length_error.phpt
@@ -0,0 +1,21 @@
+--TEST--
+openssl_cipher_key_length() error test
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+
+var_dump(openssl_cipher_key_length('unknown'));
+
+try {
+    var_dump(openssl_cipher_key_length(''));
+} catch (ValueError $e) {
+    echo $e->getMessage() . "\n";
+}
+
+?>
+--EXPECTF--
+
+Warning: openssl_cipher_key_length(): Unknown cipher algorithm in %s on line %d
+bool(false)
+openssl_cipher_key_length(): Argument #1 ($cipher_algo) cannot be empty
