Add openssl_cipher_key_length function

This function works in exactly the same way as openssl_cipher_iv_length
but for a key length. This is especially useful to make sure that the
right key length is provided to openssl_encrypt and openssl_decrypt.

In addtion the change also updates implementation of
openssl_cipher_iv_length and adds a test for it.

Author: bukka

NEWS

@@ -19,6 +19,7 @@ PHP                                                                        NEWS
     open_basedir). (Jakub Zelenka)
   . Implement FR #76935 ("chacha20-poly1305" is an AEAD but does not work like
     AEAD). (Jakub Zelenka)
+  . Added openssl_cipher_key_length function. (Jakub Zelenka)
 
 - Random:
   . Fixed bug GH-9415 (Randomizer::getInt(0, 2**32 - 1) with Mt19937

UPGRADING

@@ -227,6 +227,10 @@ PHP 8.2 UPGRADE NOTES
 - mysqli:
   . mysqli_execute_query()
 
+- OpenSSL:
+  . openssl_cipher_key_length(): Returns a key length for the supplied
+    cipher.  
+
 - Reflection:
   . ReflectionFunction::isAnonymous()
   . ReflectionMethod::hasPrototype()

ext/openssl/openssl.c

@@ -7590,44 +7590,76 @@ PHP_FUNCTION(openssl_decrypt)
 }
 /* }}} */
 
-PHP_OPENSSL_API zend_long php_openssl_cipher_iv_length(const char *method)
+static inline const EVP_CIPHER *php_openssl_get_evp_cipher_by_name(const char *method)
 {
 	const EVP_CIPHER *cipher_type;
 
 	cipher_type = EVP_get_cipherbyname(method);
 	if (!cipher_type) {
 		php_error_docref(NULL, E_WARNING, "Unknown cipher algorithm");
-		return -1;
+		return NULL;
 	}
 
-	return EVP_CIPHER_iv_length(cipher_type);
+	return cipher_type;
+}
+
+PHP_OPENSSL_API zend_long php_openssl_cipher_iv_length(const char *method)
+{
+	const EVP_CIPHER *cipher_type = php_openssl_get_evp_cipher_by_name(method);
+
+	return cipher_type == NULL ? -1 : EVP_CIPHER_iv_length(cipher_type);
 }
 
-/* {{{ */
 PHP_FUNCTION(openssl_cipher_iv_length)
 {
-	char *method;
-	size_t method_len;
+	zend_string *method;
 	zend_long ret;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &method, &method_len) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "S", &method) == FAILURE) {
 		RETURN_THROWS();
 	}
 
-	if (!method_len) {
+	if (ZSTR_LEN(method) == 0) {
 		zend_argument_value_error(1, "cannot be empty");
 		RETURN_THROWS();
 	}
 
 	/* Warning is emitted in php_openssl_cipher_iv_length */
-	if ((ret = php_openssl_cipher_iv_length(method)) == -1) {
+	if ((ret = php_openssl_cipher_iv_length(ZSTR_VAL(method))) == -1) {
 		RETURN_FALSE;
 	}
 
 	RETURN_LONG(ret);
 }
-/* }}} */
 
+PHP_OPENSSL_API zend_long php_openssl_cipher_key_length(const char *method)
+{
+	const EVP_CIPHER *cipher_type = php_openssl_get_evp_cipher_by_name(method);
+
+	return cipher_type == NULL ? -1 : EVP_CIPHER_key_length(cipher_type);
+}
+
+PHP_FUNCTION(openssl_cipher_key_length)
+{
+	zend_string *method;
+	zend_long ret;
+
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "S", &method) == FAILURE) {
+		RETURN_THROWS();
+	}
+
+	if (ZSTR_LEN(method) == 0) {
+		zend_argument_value_error(1, "cannot be empty");
+		RETURN_THROWS();
+	}
+
+	/* Warning is emitted in php_openssl_cipher_key_length */
+	if ((ret = php_openssl_cipher_key_length(ZSTR_VAL(method))) == -1) {
+		RETURN_FALSE;
+	}
+
+	RETURN_LONG(ret);
+}
 
 PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long buffer_length)
 {

ext/openssl/openssl.stub.php

@@ -610,6 +610,8 @@ function openssl_decrypt(string $data, string $cipher_algo, #[\SensitiveParamete
 
 function openssl_cipher_iv_length(string $cipher_algo): int|false {}
 
+function openssl_cipher_key_length(string $cipher_algo): int|false {}
+
 function openssl_dh_compute_key(string $public_key, #[\SensitiveParameter] OpenSSLAsymmetricKey $private_key): string|false {}
 
 /**

ext/openssl/openssl_arginfo.h

@@ -123,6 +123,7 @@ static inline bool php_openssl_check_path_str(
 }
 
 PHP_OPENSSL_API zend_long php_openssl_cipher_iv_length(const char *method);
+PHP_OPENSSL_API zend_long php_openssl_cipher_key_length(const char *method);
 PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long length);
 PHP_OPENSSL_API zend_string* php_openssl_encrypt(
 	const char *data, size_t data_len,

ext/openssl/php_openssl.h

@@ -0,0 +1,12 @@
+--TEST--
+openssl_cipher_iv_length() basic test
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+
+var_dump(openssl_cipher_iv_length('AES-128-CBC'));
+
+?>
+--EXPECT--
+int(16)

ext/openssl/tests/openssl_cipher_iv_length_basic.phpt

@@ -0,0 +1,21 @@
+--TEST--
+openssl_cipher_iv_length() error test
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+
+var_dump(openssl_cipher_iv_length('unknown'));
+
+try {
+    var_dump(openssl_cipher_iv_length(''));
+} catch (ValueError $e) {
+    echo $e->getMessage() . "\n";
+}
+
+?>
+--EXPECTF--
+
+Warning: openssl_cipher_iv_length(): Unknown cipher algorithm in %s on line %d
+bool(false)
+openssl_cipher_iv_length(): Argument #1 ($cipher_algo) cannot be empty

ext/openssl/tests/openssl_cipher_iv_length_error.phpt

@@ -0,0 +1,14 @@
+--TEST--
+openssl_cipher_key_length() basic test
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+
+var_dump(openssl_cipher_key_length('AES-128-CBC'));
+var_dump(openssl_cipher_key_length('AES-256-CBC'));
+
+?>
+--EXPECT--
+int(16)
+int(32)

ext/openssl/tests/openssl_cipher_key_length_basic.phpt

@@ -0,0 +1,21 @@
+--TEST--
+openssl_cipher_key_length() error test
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+
+var_dump(openssl_cipher_key_length('unknown'));
+
+try {
+    var_dump(openssl_cipher_key_length(''));
+} catch (ValueError $e) {
+    echo $e->getMessage() . "\n";
+}
+
+?>
+--EXPECTF--
+
+Warning: openssl_cipher_key_length(): Unknown cipher algorithm in %s on line %d
+bool(false)
+openssl_cipher_key_length(): Argument #1 ($cipher_algo) cannot be empty