diff --git a/NEWS b/NEWS index de97768a35fd0..66c635f9e14fd 100644 --- a/NEWS +++ b/NEWS @@ -10,16 +10,25 @@ PHP NEWS - FileInfo . The finfo_close() function has been deprecated. (timwolla) + . The $context parameter of the finfo_buffer() function has been deprecated + as it is ignored. (Girgias) - Intl: . Intl's internal error mechanism has been modernized so that it indicates more accurately which call site caused what error. Moreover, some ext/date exceptions have been wrapped inside a IntlException now. (Girgias) + . The intl.error_level INI setting has been deprecated. (Girgias) - MySQLi: . The mysqli_execute() alias function has been deprecated. (timwolla) +- OpenSSL: + . Fixed bug GH-19369 (8.5 | Regression in openssl_sign() - support for alias + algorithms appears to be broken). (Jakub Zelenka) + . The $key_length parameter for openssl_pkey_derive() has been deprecated. + (Girgias) + - PDO: . The "uri:" DSN scheme has been deprecated due to security concerns with DSNs coming from remote URIs. (timwolla) @@ -43,6 +52,8 @@ PHP NEWS - Standard: . The socket_set_timeout() alias function has been deprecated. (timwolla) + . Passing null to to readdir(), rewinddir(), and closedir() to use the last + opened directory has been deprecated. (Girgias) 31 Jul 2025, PHP 8.5.0alpha4 diff --git a/UPGRADING b/UPGRADING index bef28840c2a16..3a2a63795eef0 100644 --- a/UPGRADING +++ b/UPGRADING @@ -327,17 +327,32 @@ PHP 8.5 UPGRADE NOTES . The finfo_close() function has been deprecated. As finfo objects are freed automatically. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_finfo_close + . The $context parameter of the finfo_buffer() function has been deprecated + as it is ignored. + RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_the_context_parameter_for_finfo_buffer - Hash: . The MHASH_* constants have been deprecated. These have been overlooked when the mhash*() function family has been deprecated per https://wiki.php.net/rfc/deprecations_php_8_1#mhash_function_family +- Intl: + . The intl.error_level INI setting has been deprecated. + Errors should either be checked manually or exceptions should be enabled + by using the intl.use_exceptions INI setting. + RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_intlerror_level_ini_setting + - MySQLi: . The mysqli_execute() alias function has been deprecated. Use mysqli_stmt_execute() instead. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#formally_deprecate_mysqli_execute +- OpenSSL: + . The $key_length parameter for openssl_pkey_derive() has been deprecated. + This is because it is either ignored, or truncates the key, which can be + a vulnerability. + RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_key_length_parameter_of_openssl_pkey_derive + - PDO: . The "uri:" DSN scheme has been deprecated due to security concerns with DSNs coming from remote URIs. @@ -365,6 +380,10 @@ PHP 8.5 UPGRADE NOTES . The socket_set_timeout() alias function has been deprecated. Use stream_set_timeout() instead. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#formally_deprecate_socket_set_timeout + . Passing null to to readdir(), rewinddir(), and closedir() to use the last + opened directory has been deprecated. Provide the last opened directory + explicitly instead. + RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_passing_null_to_readdir_rewinddir_and_closedir ======================================== 5. Changed Functions diff --git a/Zend/tests/type_casts/non_canonical_binary_cast.phpt b/Zend/tests/type_casts/non_canonical_binary_cast.phpt index 2a24ef5f721c4..fc7aa59ac9084 100644 --- a/Zend/tests/type_casts/non_canonical_binary_cast.phpt +++ b/Zend/tests/type_casts/non_canonical_binary_cast.phpt @@ -8,4 +8,4 @@ var_dump((binary) 42); ?> --EXPECTF-- Deprecated: Non-canonical cast (binary) is deprecated, use the (string) cast instead in %s on line %d -int(42) +string(2) "42" diff --git a/Zend/tests/type_casts/non_canonical_boolean_cast.phpt b/Zend/tests/type_casts/non_canonical_boolean_cast.phpt index 4d549a93ea064..e0db0eec475fd 100644 --- a/Zend/tests/type_casts/non_canonical_boolean_cast.phpt +++ b/Zend/tests/type_casts/non_canonical_boolean_cast.phpt @@ -8,4 +8,4 @@ var_dump((boolean) 42); ?> --EXPECTF-- Deprecated: Non-canonical cast (boolean) is deprecated, use the (bool) cast instead in %s on line %d -int(42) +bool(true) diff --git a/Zend/tests/type_casts/non_canonical_double_cast.phpt b/Zend/tests/type_casts/non_canonical_double_cast.phpt index 043517cd1be98..91769a206a475 100644 --- a/Zend/tests/type_casts/non_canonical_double_cast.phpt +++ b/Zend/tests/type_casts/non_canonical_double_cast.phpt @@ -8,4 +8,4 @@ var_dump((double) 42); ?> --EXPECTF-- Deprecated: Non-canonical cast (double) is deprecated, use the (float) cast instead in %s on line %d -int(42) +float(42) diff --git a/Zend/zend_language_scanner.l b/Zend/zend_language_scanner.l index 7bbfd2b34e771..d298ae8b9eac4 100644 --- a/Zend/zend_language_scanner.l +++ b/Zend/zend_language_scanner.l @@ -1648,7 +1648,7 @@ OPTIONAL_WHITESPACE_OR_COMMENTS ({WHITESPACE}|{MULTI_LINE_COMMENT}|{SINGLE_LINE_ if (PARSER_MODE()) { zend_error(E_DEPRECATED, "Non-canonical cast (double) is deprecated, use the (float) cast instead"); } - RETURN_TOKEN(T_INT_CAST); + RETURN_TOKEN(T_DOUBLE_CAST); } "("{TABS_AND_SPACES}"real"{TABS_AND_SPACES}")" { @@ -1667,7 +1667,7 @@ OPTIONAL_WHITESPACE_OR_COMMENTS ({WHITESPACE}|{MULTI_LINE_COMMENT}|{SINGLE_LINE_ if (PARSER_MODE()) { zend_error(E_DEPRECATED, "Non-canonical cast (binary) is deprecated, use the (string) cast instead"); } - RETURN_TOKEN(T_INT_CAST); + RETURN_TOKEN(T_STRING_CAST); } "("{TABS_AND_SPACES}"array"{TABS_AND_SPACES}")" { @@ -1686,7 +1686,7 @@ OPTIONAL_WHITESPACE_OR_COMMENTS ({WHITESPACE}|{MULTI_LINE_COMMENT}|{SINGLE_LINE_ if (PARSER_MODE()) { zend_error(E_DEPRECATED, "Non-canonical cast (boolean) is deprecated, use the (bool) cast instead"); } - RETURN_TOKEN(T_INT_CAST); + RETURN_TOKEN(T_BOOL_CAST); } "("{TABS_AND_SPACES}("unset"){TABS_AND_SPACES}")" { diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 2f9e160b57e58..ff4abea39d50b 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -2356,6 +2356,14 @@ PHP_FUNCTION(openssl_pkey_derive) RETURN_THROWS(); } + if (ZEND_NUM_ARGS() == 3) { + php_error_docref(NULL, E_DEPRECATED, + "the $key_length parameter is deprecated as it is either ignored or truncates the key"); + if (UNEXPECTED(EG(exception))) { + RETURN_THROWS(); + } + } + if (key_len < 0) { zend_argument_value_error(3, "must be greater than or equal to 0"); RETURN_THROWS(); diff --git a/ext/openssl/openssl_backend_v3.c b/ext/openssl/openssl_backend_v3.c index 1b00581e7df59..952257c2edcf9 100644 --- a/ext/openssl/openssl_backend_v3.c +++ b/ext/openssl/openssl_backend_v3.c @@ -713,6 +713,12 @@ zend_string *php_openssl_dh_compute_key(EVP_PKEY *pkey, char *pub_str, size_t pu const EVP_MD *php_openssl_get_evp_md_by_name(const char *name) { + const EVP_MD *dp = (const EVP_MD *) OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); + + if (dp != NULL) { + return dp; + } + return EVP_MD_fetch(PHP_OPENSSL_LIBCTX, name, PHP_OPENSSL_PROPQ); } @@ -769,6 +775,12 @@ static const char *php_openssl_cipher_names[] = { const EVP_CIPHER *php_openssl_get_evp_cipher_by_name(const char *name) { + const EVP_CIPHER *cp = (const EVP_CIPHER *) OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); + + if (cp != NULL) { + return cp; + } + return EVP_CIPHER_fetch(PHP_OPENSSL_LIBCTX, name, PHP_OPENSSL_PROPQ); } diff --git a/ext/openssl/tests/gh19369.phpt b/ext/openssl/tests/gh19369.phpt new file mode 100644 index 0000000000000..3568bbbfeaff1 --- /dev/null +++ b/ext/openssl/tests/gh19369.phpt @@ -0,0 +1,20 @@ +--TEST-- +GH-19369: openssl_sign with alias algorithms +--EXTENSIONS-- +openssl +--SKIPIF-- + +--FILE-- + +--EXPECT-- +bool(true) diff --git a/ext/openssl/tests/gh19428.phpt b/ext/openssl/tests/gh19428.phpt index 5d290f32e62a5..373b49b525319 100644 --- a/ext/openssl/tests/gh19428.phpt +++ b/ext/openssl/tests/gh19428.phpt @@ -40,5 +40,6 @@ dtlkbGbtoDOnxeNnN93gwQZngGYZYciu var_dump(openssl_pkey_derive($pub, $priv, 10)); ?> ---EXPECT-- +--EXPECTF-- +Deprecated: openssl_pkey_derive(): the $key_length parameter is deprecated as it is either ignored or truncates the key in %s on line %d bool(false) diff --git a/ext/openssl/tests/openssl_encrypt_cbc.phpt b/ext/openssl/tests/openssl_encrypt_cbc.phpt new file mode 100644 index 0000000000000..5ac526afaa09c --- /dev/null +++ b/ext/openssl/tests/openssl_encrypt_cbc.phpt @@ -0,0 +1,12 @@ +--TEST-- +openssl_encrypt() CBC and its alias +--EXTENSIONS-- +openssl +--FILE-- + +--EXPECTF-- +string(48) "7a654459353452676f6c6b6a446b75455a6c4c6b4f513d3d" +string(48) "7a654459353452676f6c6b6a446b75455a6c4c6b4f513d3d" diff --git a/ext/openssl/tests/openssl_pkey_derive_deprecated_key_length_param.phpt b/ext/openssl/tests/openssl_pkey_derive_deprecated_key_length_param.phpt new file mode 100644 index 0000000000000..b6a4c91675359 --- /dev/null +++ b/ext/openssl/tests/openssl_pkey_derive_deprecated_key_length_param.phpt @@ -0,0 +1,45 @@ +--TEST-- +openssl_pkey_derive() DH +--EXTENSIONS-- +openssl +--FILE-- + +--EXPECTF-- +Deprecated: openssl_pkey_derive(): the $key_length parameter is deprecated as it is either ignored or truncates the key in %s on line %d +string(512) "10aed66ad96a65f50543aa9adbc18ea169bf98521c682c49fb8b7daeb9e8fbe6b9a800199ffe1123cc36fc358829cbbc5d21bf1eb8ce3cf644538b357f478361a284c27fbe31fc94d431562786dd7314613cd70e6d76ca1ab3c1f31556ed07162f243dcc1a43ea98c454fb6e891eaec7a14158d54cd33d3fbbbc75f1ea8ff5deaab25d5deb657c7c43004252df301b195207d01614e7cb833e0e8d785ba2ecfe16ad7a9634784fdb8db8afe049476b58743575725ee99c761a59a7d7b9e709fff84c8d427e2bc07953a7c2408eb3f8f7e0ebc2f901c6889955874ae79a3de19921757d69424145a35dbe5af778b080dada55bdfce8fb0319f2de39110f58e05d"