Skip to content

Integrate OpenSSL libctx to pwhash #19236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 29, 2025
Merged

Integrate OpenSSL libctx to pwhash #19236

merged 1 commit into from
Jul 29, 2025

Conversation

bukka
Copy link
Member

@bukka bukka commented Jul 25, 2025

This allows using OpenSSL Argon2 password hashing on ZTS.

@bukka
Integrate OpenSSL libctx to pwhash
1a3bb10 
This allows using OpenSSL Argon2 password hashing on ZTS.

Closes phpGH-19236
@bukka bukka force-pushed the openssl_libctx_pwhash branch from 96b33ab to 1a3bb10 Compare July 25, 2025 13:11
@bukka bukka merged commit ce6e7a2 into php:master Jul 29, 2025
15 of 16 checks passed
@bukka bukka mentioned this pull request Jul 29, 2025
Merged
@petk
Copy link
Member

petk commented Jul 29, 2025

Should this be enabled also on Windows?

--- a/ext/openssl/config.w32
+++ b/ext/openssl/config.w32
@@ -16,9 +16,7 @@ if (PHP_OPENSSL != "no") {
                        AC_DEFINE("LOAD_OPENSSL_LEGACY_PROVIDER", 1, "Define to 1 to load the OpenSSL legacy algorithm provider in addition to the default provider.");
                }
                if (PHP_OPENSSL_ARGON2 != "no") {
-                       if (PHP_ZTS != "no") {
-                               WARNING("OpenSSL argon2 hashing not supported in ZTS mode for now");
-                       } else if (!CHECK_FUNC_IN_HEADER("openssl/thread.h", "OSSL_set_max_threads", PHP_PHP_BUILD + "\\include")) {
+                       if (!CHECK_FUNC_IN_HEADER("openssl/thread.h", "OSSL_set_max_threads", PHP_PHP_BUILD + "\\include")) {
                                WARNING("OpenSSL argon2 hashing requires OpenSSL >= 3.2");
                        } else {
                                AC_DEFINE("HAVE_OPENSSL_ARGON2", 1, "Define to 1 to enable OpenSSL argon2 password hashing.");

@bukka
Copy link
Member Author

bukka commented Jul 30, 2025

Yeah good idea. We should also bump OpenSSL version in 8.5 to 3.5.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Category: Build System Extension: openssl
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bukka @petk