diff options
author | Jakub Zelenka <bukka@php.net> | 2016-06-12 18:56:55 +0100 |
---|---|---|
committer | Jakub Zelenka <bukka@php.net> | 2016-06-12 18:56:55 +0100 |
commit | b44cf1a8540d321583a0d83ebca688ebab10d3b0 (patch) | |
tree | b7fbafb4113ea150381a9bba7f98f45027e35b0b /ext/openssl | |
parent | 6ac8bc4ecb1fdf112eefdd16d2c4f971e7ac232a (diff) | |
parent | a2f4c32eb14221de79009aadaa3da9c3349e3526 (diff) | |
download | php-git-b44cf1a8540d321583a0d83ebca688ebab10d3b0.tar.gz |
Merge branch 'PHP-7.0' into openssl_error_store
Diffstat (limited to 'ext/openssl')
-rw-r--r-- | ext/openssl/openssl.c | 94 | ||||
-rw-r--r-- | ext/openssl/tests/bug72165.phpt | 17 | ||||
-rw-r--r-- | ext/openssl/tests/bug72336.phpt | 24 | ||||
-rw-r--r-- | ext/openssl/tests/openssl_error_string_basic.phpt | 167 | ||||
-rw-r--r-- | ext/openssl/tests/openssl_pkey_new_basic.phpt | 109 | ||||
-rw-r--r-- | ext/openssl/tests/openssl_pkey_new_error.phpt | 25 | ||||
-rw-r--r-- | ext/openssl/tests/openssl_x509_parse_v9_basic.phpt | 276 | ||||
-rw-r--r-- | ext/openssl/tests/private_rsa_2048_pass_php.key | 30 |
8 files changed, 439 insertions, 303 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 66dbdbf1e5..c27bbae2e3 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1063,6 +1063,22 @@ static void php_openssl_dispose_config(struct php_x509_request * req) /* {{{ */ } /* }}} */ +#ifdef PHP_WIN32 +#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0) +#else +#define PHP_OPENSSL_RAND_ADD_TIME() php_openssl_rand_add_timeval() + +static inline void php_openssl_rand_add_timeval() /* {{{ */ +{ + struct timeval tv; + + gettimeofday(&tv, NULL); + RAND_add(&tv, sizeof(tv), 0.0); +} +/* }}} */ + +#endif + static int php_openssl_load_rand_file(const char * file, int *egdsocket, int *seeded) /* {{{ */ { char buffer[MAXPATHLEN]; @@ -1106,6 +1122,7 @@ static int php_openssl_write_rand_file(const char * file, int egdsocket, int see if (file == NULL) { file = RAND_file_name(buffer, sizeof(buffer)); } + PHP_OPENSSL_RAND_ADD_TIME(); if (file == NULL || !RAND_write_file(file)) { php_openssl_store_errors(); php_error_docref(NULL, E_WARNING, "unable to write random state"); @@ -1398,6 +1415,9 @@ PHP_MSHUTDOWN_FUNCTION(openssl) EVP_cleanup(); #if OPENSSL_VERSION_NUMBER >= 0x00090805f + /* prevent accessing locking callback from unloaded extension */ + CRYPTO_set_locking_callback(NULL); + /* free allocated error strings */ ERR_free_strings(); #endif @@ -2921,6 +2941,11 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(attribs), strindex, item) { int nid; + if (NULL == strindex) { + php_error_docref(NULL, E_WARNING, "dn: numeric fild names are not supported"); + continue; + } + convert_to_string_ex(item); nid = OBJ_txt2nid(ZSTR_VAL(strindex)); @@ -3613,6 +3638,7 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req RSA* rsaparam; #if OPENSSL_VERSION_NUMBER < 0x10002000L /* OpenSSL 1.0.2 deprecates RSA_generate_key */ + PHP_OPENSSL_RAND_ADD_TIME(); rsaparam = (RSA*)RSA_generate_key(req->priv_key_bits, RSA_F4, NULL, NULL); #else { @@ -3623,6 +3649,7 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req return NULL; } rsaparam = RSA_new(); + PHP_OPENSSL_RAND_ADD_TIME(); if (rsaparam == NULL || !RSA_generate_key_ex(rsaparam, req->priv_key_bits, bne, NULL)) { php_openssl_store_errors(); } @@ -3638,6 +3665,7 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req break; #if !defined(NO_DSA) case OPENSSL_KEYTYPE_DSA: + PHP_OPENSSL_RAND_ADD_TIME(); { DSA *dsaparam = NULL; #if OPENSSL_VERSION_NUMBER < 0x10002000L @@ -3665,6 +3693,7 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req #endif #if !defined(NO_DH) case OPENSSL_KEYTYPE_DH: + PHP_OPENSSL_RAND_ADD_TIME(); { int codes = 0; DH *dhparam = NULL; @@ -3785,6 +3814,48 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey) } \ } while (0); +/* {{{ php_openssl_pkey_init_dsa */ +zend_bool php_openssl_pkey_init_dsa(DSA *dsa) +{ + if (!dsa->p || !dsa->q || !dsa->g) { + return 0; + } + if (dsa->priv_key || dsa->pub_key) { + return 1; + } + PHP_OPENSSL_RAND_ADD_TIME(); + if (!DSA_generate_key(dsa)) { + php_openssl_store_errors(); + return 0; + } + /* if BN_mod_exp return -1, then DSA_generate_key succeed for failed key + * so we need to double check that public key is created */ + if (!dsa->pub_key || BN_is_zero(dsa->pub_key)) { + return 0; + } + /* all good */ + return 1; +} +/* }}} */ + +/* {{{ php_openssl_pkey_init_dh */ +zend_bool php_openssl_pkey_init_dh(DH *dh) +{ + if (!dh->p || !dh->g) { + return 0; + } + if (dh->pub_key) { + return 1; + } + PHP_OPENSSL_RAND_ADD_TIME(); + if (!DH_generate_key(dh)) { + php_openssl_store_errors(); + return 0; + } + /* all good */ + return 1; +} +/* }}} */ /* {{{ proto resource openssl_pkey_new([array configargs]) Generates a new private key */ @@ -3843,10 +3914,7 @@ PHP_FUNCTION(openssl_pkey_new) OPENSSL_PKEY_SET_BN(Z_ARRVAL_P(data), dsa, g); OPENSSL_PKEY_SET_BN(Z_ARRVAL_P(data), dsa, priv_key); OPENSSL_PKEY_SET_BN(Z_ARRVAL_P(data), dsa, pub_key); - if (dsa->p && dsa->q && dsa->g) { - if (!dsa->priv_key && !dsa->pub_key && !DSA_generate_key(dsa)) { - php_openssl_store_errors(); - } + if (php_openssl_pkey_init_dsa(dsa)) { if (EVP_PKEY_assign_DSA(pkey, dsa)) { RETURN_RES(zend_register_resource(pkey, le_key)); } else { @@ -3871,14 +3939,14 @@ PHP_FUNCTION(openssl_pkey_new) OPENSSL_PKEY_SET_BN(Z_ARRVAL_P(data), dh, p); OPENSSL_PKEY_SET_BN(Z_ARRVAL_P(data), dh, g); OPENSSL_PKEY_SET_BN(Z_ARRVAL_P(data), dh, priv_key); - OPENSSL_PKEY_SET_BN(Z_ARRVAL_P(data), dh, pub_key); - if (dh->p && dh->g && - (dh->pub_key || DH_generate_key(dh)) && - EVP_PKEY_assign_DH(pkey, dh)) { - ZVAL_COPY_VALUE(return_value, zend_list_insert(pkey, le_key)); - return; - } else { - php_openssl_store_errors(); + OPENSSL_PKEY_SET_BN(Z_ARRVAL_P(data), dh, pub_key);php_openssl_store_errors(); + if (php_openssl_pkey_init_dh(dh)) { + if (EVP_PKEY_assign_DH(pkey, dh)) { + ZVAL_COPY_VALUE(return_value, zend_list_insert(pkey, le_key)); + return; + } else { + php_openssl_store_errors(); + } } DH_free(dh); } else { @@ -5825,7 +5893,7 @@ PHP_FUNCTION(openssl_random_pseudo_bytes) #else PHP_OPENSSL_CHECK_LONG_TO_INT(buffer_length, length); - + PHP_OPENSSL_RAND_ADD_TIME(); if (RAND_bytes((unsigned char*)ZSTR_VAL(buffer), (int)buffer_length) <= 0) { zend_string_release(buffer); if (zstrong_result_returned) { diff --git a/ext/openssl/tests/bug72165.phpt b/ext/openssl/tests/bug72165.phpt new file mode 100644 index 0000000000..93b3c3d4a8 --- /dev/null +++ b/ext/openssl/tests/bug72165.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #72165 Null pointer dereference - openssl_csr_new +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +?> +--FILE-- +<?php +$var0 = array(0 => "hello", 1 => "world"); +$var2 = openssl_csr_new(array(0),$var0,null,array(0)); +?> +==DONE== +--EXPECTF-- +Warning: openssl_csr_new(): dn: numeric fild names are not supported in %sbug72165.php on line %d + +Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min -> 4 (failed; check error queue and value of string_mask OpenSSL option if illegal characters are reported) in %sbug72165.php on line %d +==DONE== diff --git a/ext/openssl/tests/bug72336.phpt b/ext/openssl/tests/bug72336.phpt new file mode 100644 index 0000000000..893b51838d --- /dev/null +++ b/ext/openssl/tests/bug72336.phpt @@ -0,0 +1,24 @@ +--TEST-- +Bug #72336 (openssl_pkey_new does not fail for invalid DSA params) +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$p = '00f8000ae45b2dacb47dd977d58b719d097bdf07cb2c17660ad898518c08' . + '1a61659a16daadfaa406a0a994c743df5eda07e36bd0adcad921b77432ff' . + '24ccc31e782d647e66768122b578857e9293df78387dc8b44af2a4a3f305' . + '1f236b1000a3e31da489c6681b0031f7ec37c2e1091bdb698e7660f135b6' . + '996def90090303b7ad'; + +$q = '009b3734fc9f7a4a9d6437ec314e0a78c2889af64b'; + +$g = '00b320300a0bc55b8f0ec6edc218e2185250f38fbb8291db8a89227f6e41' . + '00d47d6ccb9c7d42fc43280ecc2ed386e81ff65bc5d6a2ae78db7372f5dc' . + 'f780f4558e7ed3dd0c96a1b40727ac56c5165aed700a3b63997893a1fb21' . + '4e882221f0dd9604820dc34e2725dd6901c93e0ca56f6d76d495c332edc5' . + 'b81747c4c447a941f3'; + +var_dump(openssl_pkey_new(array('dsa' => array('p' => $p, 'q' => $q, 'g' => $g)))); +?> +--EXPECT-- +bool(false) diff --git a/ext/openssl/tests/openssl_error_string_basic.phpt b/ext/openssl/tests/openssl_error_string_basic.phpt new file mode 100644 index 0000000000..76bc2d570a --- /dev/null +++ b/ext/openssl/tests/openssl_error_string_basic.phpt @@ -0,0 +1,167 @@ +--TEST-- +openssl_error_string() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +// helper function to check openssl errors +function expect_openssl_errors($name, $expected_error_codes) { + $expected_errors = array_fill_keys($expected_error_codes, false); + while (($error_string = openssl_error_string()) !== false) { + if (strlen($error_string) > 14) { + $error_code = substr($error_string, 6, 8); + if (isset($expected_errors[$error_code])) { + $expected_errors[$error_code] = true; + } + } + } + + $fail = false; + foreach ($expected_errors as $error_code => $error_code_found) { + if (!$error_code_found) { + $fail = true; + echo "$name: no error code $error_code\n"; + } + } + + if (!$fail) { + echo "$name: ok\n"; + } +} + +// helper for debugging errors +function dump_openssl_errors($name) { + echo "\n$name\n"; + while (($error_string = openssl_error_string()) !== false) { + var_dump($error_string); + } +} + +// common output file +$output_file = __DIR__ . "/openssl_error_string_basic_output.tmp"; +// invalid file for read is something that does not exist in current directory +$invalid_file_for_read = __DIR__ . "/invalid_file_for_read_operation.txt"; +// invalid file for is the test dir as writting file to existing dir should alway fail +$invalid_file_for_write = __DIR__; +// crt file +$crt_file = "file://" . __DIR__ . "/cert.crt"; +// csr file +$csr_file = "file://" . __DIR__ . "/cert.csr"; +// public key file +$public_key_file = "file://" .__DIR__ . "/public.key"; +// private key file +$private_key_file = "file://" .__DIR__ . "/private_rsa_1024.key"; +// private key file with password (password is 'php') +$private_key_file_with_pass = "file://" .__DIR__ . "/private_rsa_2048_pass_php.key"; + +// ENCRYPTION +$data = "test"; +$method = "AES-128-ECB"; +$enc_key = str_repeat('x', 40); +// error because password is longer then key length and +// EVP_CIPHER_CTX_set_key_length fails for AES +openssl_encrypt($data, $method, $enc_key); +$enc_error = openssl_error_string(); +var_dump($enc_error); +// make sure that error is cleared now +var_dump(openssl_error_string()); +// internally OpenSSL ERR won't save more than 15 (16 - 1) errors so lets test it +for ($i = 0; $i < 20; $i++) { + openssl_encrypt($data, $method, $enc_key); +} +$error_queue_size = 0; +while (($enc_error_new = openssl_error_string()) !== false) { + if ($enc_error_new !== $enc_error) { + echo "The new encoding error doesn't match the expected one\n"; + } + ++$error_queue_size; +} +var_dump($error_queue_size); +echo "\n"; + +// PKEY +echo "PKEY errors\n"; +// file for pkey (file:///) fails when opennig (BIO_new_file) +@openssl_pkey_export_to_file("file://" . $invalid_file_for_read, $output_file); +expect_openssl_errors('openssl_pkey_export_to_file opening', ['02001002', '2006D080']); +// file or private pkey is not correct PEM - failing PEM_read_bio_PrivateKey +@openssl_pkey_export_to_file($csr_file, $output_file); +expect_openssl_errors('openssl_pkey_export_to_file pem', ['0906D06C']); +// file to export cannot be written +@openssl_pkey_export_to_file($private_key_file, $invalid_file_for_write); +expect_openssl_errors('openssl_pkey_export_to_file write', ['2006D002', '09072007']); +// succesful export +@openssl_pkey_export($private_key_file_with_pass, $out, 'wrong pwd'); +expect_openssl_errors('openssl_pkey_export', ['06065064', '0906A065']); +// invalid x509 for getting public key +@openssl_pkey_get_public($private_key_file); +expect_openssl_errors('openssl_pkey_get_public', ['0906D06C']); +// private encrypt with unknown padding +@openssl_private_encrypt("data", $crypted, $private_key_file, 1000); +expect_openssl_errors('openssl_private_encrypt', ['04066076']); +// private decrypt with failed padding check +@openssl_private_decrypt("data", $crypted, $private_key_file); +expect_openssl_errors('openssl_private_decrypt', ['04065072']); +// public encrypt and decrypt with failed padding check and padding +@openssl_public_encrypt("data", $crypted, $public_key_file, 1000); +@openssl_public_decrypt("data", $crypted, $public_key_file); +expect_openssl_errors('openssl_private_(en|de)crypt padding', ['0906D06C', '04068076', '0407006A', '04067072']); + +// X509 +echo "X509 errors\n"; +// file for x509 (file:///) fails when opennig (BIO_new_file) +@openssl_x509_export_to_file("file://" . $invalid_file_for_read, $output_file); +expect_openssl_errors('openssl_x509_export_to_file open', ['02001002']); +// file or str cert is not correct PEM - failing PEM_read_bio_X509 or PEM_ASN1_read_bio +@openssl_x509_export_to_file($csr_file, $output_file); +expect_openssl_errors('openssl_x509_export_to_file pem', ['0906D06C']); +// file to export cannot be written +@openssl_x509_export_to_file($crt_file, $invalid_file_for_write); +expect_openssl_errors('openssl_x509_export_to_file write', ['2006D002']); +// checking purpose fails because there is no such purpose 1000 +@openssl_x509_checkpurpose($crt_file, 1000); +expect_openssl_errors('openssl_x509_checkpurpose purpose', ['0B086079']); + +// CSR +echo "CSR errors\n"; +// file for csr (file:///) fails when opennig (BIO_new_file) +@openssl_csr_get_subject("file://" . $invalid_file_for_read); +expect_openssl_errors('openssl_csr_get_subject open', ['02001002', '2006D080', '20068079', '0906D06C']); +// file or str csr is not correct PEM - failing PEM_read_bio_X509_REQ +openssl_csr_get_subject($crt_file); +@expect_openssl_errors('openssl_csr_get_subjec pem', ['0906D06C']); + +// other possible cuases that are difficult to catch: +// - ASN1_STRING_to_UTF8 fails in add_assoc_name_entry +// - invalid php_x509_request field (NULL) would cause error with CONF_get_string + +?> +--CLEAN-- +<?php +$output_file = __DIR__ . "/openssl_error_string_basic_output.tmp"; +if (is_file($output_file)) { + unlink($output_file); +} +?> +--EXPECT-- +string(89) "error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length" +bool(false) +int(15) + +PKEY errors +openssl_pkey_export_to_file opening: ok +openssl_pkey_export_to_file pem: ok +openssl_pkey_export_to_file write: ok +openssl_pkey_export: ok +openssl_pkey_get_public: ok +openssl_private_encrypt: ok +openssl_private_decrypt: ok +openssl_private_(en|de)crypt padding: ok +X509 errors +openssl_x509_export_to_file open: ok +openssl_x509_export_to_file pem: ok +openssl_x509_export_to_file write: ok +openssl_x509_checkpurpose purpose: ok +CSR errors +openssl_csr_get_subject open: ok +openssl_csr_get_subjec pem: ok diff --git a/ext/openssl/tests/openssl_pkey_new_basic.phpt b/ext/openssl/tests/openssl_pkey_new_basic.phpt index 3c434978d2..b0fd530975 100644 --- a/ext/openssl/tests/openssl_pkey_new_basic.phpt +++ b/ext/openssl/tests/openssl_pkey_new_basic.phpt @@ -1,25 +1,106 @@ --TEST-- -openssl_pkey_new() tests +openssl_pkey_new() basic usage tests --SKIPIF-- <?php if (!extension_loaded("openssl")) print "skip"; ?> --FILE-- <?php -/* openssl_pkey_get_details() segfaults when getting the information - from openssl_pkey_new() with an empty sub-array arg */ +function openssl_pkey_test_cmp($expected, $bin_key) { + var_dump(strcasecmp(ltrim($expected, '0'), bin2hex($bin_key))); +} -$rsa = array("rsa" => array()); -$dsa = array("dsa" => array()); -$dh = array("dh" => array()); +// RSA +$nhex = "BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51F" . + "B8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807F" . + "AFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394E" . + "E0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB"; -openssl_pkey_get_details(openssl_pkey_new($rsa)); -openssl_pkey_get_details(openssl_pkey_new($dsa)); -openssl_pkey_get_details(openssl_pkey_new($dh)); -?> ---EXPECTF-- +$ehex = "11"; +$dhex = "A5DAFC5341FAF289C4B988DB30C1CDF83F31251E0668B42784813801579641B2" . + "9410B3C7998D6BC465745E5C392669D6870DA2C082A939E37FDCB82EC93EDAC9" . + "7FF3AD5950ACCFBC111C76F1A9529444E56AAF68C56C092CD38DC3BEF5D20A93" . + "9926ED4F74A13EDDFBE1A1CECC4894AF9428C2B7B8883FE4463A4BC85B1CB3C1"; + +$phex = "EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632" . + "124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599"; + +$qhex = "C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D86" . + "9840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503"; -Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d +$rsa= openssl_pkey_new(array( + 'rsa' => array( + 'n' => hex2bin($nhex), + 'e' => hex2bin($ehex), + 'd' => hex2bin($dhex), + 'p' => hex2bin($phex), + 'q' => hex2bin($qhex), + ) +)); +$details = openssl_pkey_get_details($rsa); +$rsa_details = $details['rsa']; +openssl_pkey_test_cmp($nhex, $rsa_details['n']); +openssl_pkey_test_cmp($ehex, $rsa_details['e']); +openssl_pkey_test_cmp($dhex, $rsa_details['d']); +openssl_pkey_test_cmp($phex, $rsa_details['p']); +openssl_pkey_test_cmp($qhex, $rsa_details['q']); -Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d +// DSA +$phex = '00f8000ae45b2dacb47dd977d58b719d097bdf07cb2c17660ad898518c08' . + '1a61659a16daadfaa406a0a994c743df5eda07e36bd0adcad921b77432ff' . + '24ccc31e782d647e66768122b578857e9293df78387dc8b44af2a4a3f305' . + '1f236b1000a3e31da489c6681b0031f7ec37c2e1091bdb698e7660f135b6' . + '996def90090303b7ad'; -Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d +$qhex = '009b3734fc9f7a4a9d6437ec314e0a78c2889af64b'; +$ghex = '00b320300a0bc55b8f0ec6edc218e2185250f38fbb8291db8a89227f6e41' . + '00d47d6ccb9c7d42fc43280ecc2ed386e81ff65bc5d6a2ae78db7372f5dc' . + 'f780f4558e7ed3dd0c96a1b40727ac56c5165aed700a3b63997893a1fb21' . + '4e882221f0dd9604820dc34e2725dd6901c93e0ca56f6d76d495c332edc5' . + 'b81747c4c447a941f3'; +$dsa = openssl_pkey_new(array( + 'dsa' => array( + 'p' => hex2bin($phex), + 'q' => hex2bin($qhex), + 'g' => hex2bin($ghex) + ) +)); +$details = openssl_pkey_get_details($dsa); +$dsa_details = $details['dsa']; +openssl_pkey_test_cmp($phex, $dsa_details['p']); +openssl_pkey_test_cmp($qhex, $dsa_details['q']); +openssl_pkey_test_cmp($ghex, $dsa_details['g']); +var_dump(strlen($dsa_details['priv_key'])); +var_dump(strlen($dsa_details['pub_key'])); + +// DH +$phex = 'dcf93a0b883972ec0e19989ac5a2ce310e1d37717e8d9571bb7623731866e61e' . + 'f75a2e27898b057f9891c2e27a639c3f29b60814581cd3b2ca3986d268370557' . + '7d45c2e7e52dc81c7a171876e5cea74b1448bfdfaf18828efd2519f14e45e382' . + '6634af1949e5b535cc829a483b8a76223e5d490a257f05bdff16f2fb22c583ab'; + +$dh_details = array('p' => $phex, 'g' => '2'); +$dh = openssl_pkey_new(array( + 'dh'=> array('p' => hex2bin($phex), 'g' => '2')) +); +$details = openssl_pkey_get_details($dh); +$dh_details = $details['dh']; +openssl_pkey_test_cmp($phex, $dh_details['p']); +var_dump($dh_details['g']); +var_dump(strlen($dh_details['pub_key'])); +var_dump(strlen($dh_details['priv_key'])); +?> +--EXPECT-- +int(0) +int(0) +int(0) +int(0) +int(0) +int(0) +int(0) +int(0) +int(20) +int(128) +int(0) +string(1) "2" +int(128) +int(128) diff --git a/ext/openssl/tests/openssl_pkey_new_error.phpt b/ext/openssl/tests/openssl_pkey_new_error.phpt new file mode 100644 index 0000000000..c5993411c3 --- /dev/null +++ b/ext/openssl/tests/openssl_pkey_new_error.phpt @@ -0,0 +1,25 @@ +--TEST-- +openssl_pkey_new() error tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +/* openssl_pkey_get_details() segfaults when getting the information + from openssl_pkey_new() with an empty sub-array arg */ + +$rsa = array("rsa" => array()); +$dsa = array("dsa" => array()); +$dh = array("dh" => array()); + +openssl_pkey_get_details(openssl_pkey_new($rsa)); +openssl_pkey_get_details(openssl_pkey_new($dsa)); +openssl_pkey_get_details(openssl_pkey_new($dh)); +?> +--EXPECTF-- + +Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d + +Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d + +Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d + diff --git a/ext/openssl/tests/openssl_x509_parse_v9_basic.phpt b/ext/openssl/tests/openssl_x509_parse_v9_basic.phpt deleted file mode 100644 index 89862eff50..0000000000 --- a/ext/openssl/tests/openssl_x509_parse_v9_basic.phpt +++ /dev/null @@ -1,276 +0,0 @@ ---TEST-- -openssl_x509_parse() basic test for OpenSSL 0.9 ---SKIPIF-- -<?php if (!extension_loaded("openssl")) print "skip"; -if (OPENSSL_VERSION_NUMBER > 0x10000000) die("skip Output requires OpenSSL 0.9"); -?> ---FILE-- -<?php -$cert = "file://" . dirname(__FILE__) . "/cert.crt"; - -var_dump(openssl_x509_parse($cert)); -var_dump(openssl_x509_parse($cert, false)); -?> ---EXPECTF-- -array(12) { - ["name"]=> - string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net" - ["subject"]=> - array(5) { - ["C"]=> - string(2) "BR" - ["ST"]=> - string(17) "Rio Grande do Sul" - ["L"]=> - string(12) "Porto Alegre" - ["CN"]=> - string(21) "Henrique do N. Angelo" - ["emailAddress"]=> - string(16) "hnangelo@php.net" - } - ["hash"]=> - string(8) "%s" - ["issuer"]=> - array(5) { - ["C"]=> - string(2) "BR" - ["ST"]=> - string(17) "Rio Grande do Sul" - ["L"]=> - string(12) "Porto Alegre" - ["CN"]=> - string(21) "Henrique do N. Angelo" - ["emailAddress"]=> - string(16) "hnangelo@php.net" - } - ["version"]=> - int(2) - ["serialNumber"]=> - string(20) "12593567369101004962" - ["validFrom"]=> - string(13) "080630102843Z" - ["validTo"]=> - string(13) "080730102843Z" - ["validFrom_time_t"]=> - int(1214821723) - ["validTo_time_t"]=> - int(1217413723) - ["purposes"]=> - array(8) { - [1]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(9) "sslclient" - } - [2]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(9) "sslserver" - } - [3]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(11) "nssslserver" - } - [4]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(9) "smimesign" - } - [5]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(12) "smimeencrypt" - } - [6]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(7) "crlsign" - } - [7]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(3) "any" - } - [8]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(10) "ocsphelper" - } - } - ["extensions"]=> - array(3) { - ["subjectKeyIdentifier"]=> - string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D" - ["authorityKeyIdentifier"]=> - string(202) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D -DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net -serial:AE:C5:56:CC:72:37:50:A2 -" - ["basicConstraints"]=> - string(7) "CA:TRUE" - } -} -array(12) { - ["name"]=> - string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net" - ["subject"]=> - array(5) { - ["countryName"]=> - string(2) "BR" - ["stateOrProvinceName"]=> - string(17) "Rio Grande do Sul" - ["localityName"]=> - string(12) "Porto Alegre" - ["commonName"]=> - string(21) "Henrique do N. Angelo" - ["emailAddress"]=> - string(16) "hnangelo@php.net" - } - ["hash"]=> - string(8) "%s" - ["issuer"]=> - array(5) { - ["countryName"]=> - string(2) "BR" - ["stateOrProvinceName"]=> - string(17) "Rio Grande do Sul" - ["localityName"]=> - string(12) "Porto Alegre" - ["commonName"]=> - string(21) "Henrique do N. Angelo" - ["emailAddress"]=> - string(16) "hnangelo@php.net" - } - ["version"]=> - int(2) - ["serialNumber"]=> - string(20) "12593567369101004962" - ["validFrom"]=> - string(13) "080630102843Z" - ["validTo"]=> - string(13) "080730102843Z" - ["validFrom_time_t"]=> - int(1214821723) - ["validTo_time_t"]=> - int(1217413723) - ["purposes"]=> - array(8) { - [1]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(10) "SSL client" - } - [2]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(10) "SSL server" - } - [3]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(19) "Netscape SSL server" - } - [4]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(14) "S/MIME signing" - } - [5]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(17) "S/MIME encryption" - } - [6]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(11) "CRL signing" - } - [7]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(11) "Any Purpose" - } - [8]=> - array(3) { - [0]=> - bool(true) - [1]=> - bool(true) - [2]=> - string(11) "OCSP helper" - } - } - ["extensions"]=> - array(3) { - ["subjectKeyIdentifier"]=> - string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D" - ["authorityKeyIdentifier"]=> - string(202) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D -DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net -serial:AE:C5:56:CC:72:37:50:A2 -" - ["basicConstraints"]=> - string(7) "CA:TRUE" - } -} diff --git a/ext/openssl/tests/private_rsa_2048_pass_php.key b/ext/openssl/tests/private_rsa_2048_pass_php.key new file mode 100644 index 0000000000..242b1868c7 --- /dev/null +++ b/ext/openssl/tests/private_rsa_2048_pass_php.key @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,D839E12F98A22F4FA90401E31A896A03 + +gVJ/972mKRrZ2+55rofbFXuLY03Umb7+m7OotGHkYa3dJpNuOLta+LDpSMRdgKcT +7s+vZ7CERJsWolbdCSphwWs74FV4fJheuzrnEthmVazmIcDwWu1FiiD5XEmRQMFH +AvwUKTN5PIyN67eCusbrV5/FJsVdxvRwLUM70UE+nhBW8rg6AhszDtSHhGG1KN9T +TwT2m8xYOgzzPPseQN/VcKNJ+LZcUVN/8+12duy1Ej/HoFaE7wp5GH0mueeShf0R +xFZ6mizZ3x+Ef4+PbTDnSXRheF9uvSdwmff4rUS4Szpk0aYpSrluJJjzI9Unjvqi +129ZQsNUfLebJlaauTYYNsHHh64hRXelqKz5mNmcF/OV+pbCjYljgDsyndmrZ5jB +xjfjp/1VGQAU26VnF0X9zv5q9Gz3/bkl3VFnS7gNyMCanyTuaXNNFNcbkY59Iq1l +rWjGGMeujWttFhYsChtCb6Clsq4aCiXJ9lqFNTU+eqVD9F5C4v5ATM6VHqjxwvj3 +RB4P98pQsGLkHUKgAZrYqxhLjN6O7FvZuuSRSZl+Q6suYcie+hR4p2TRopRTttc2 +d/gdJCBEbboJH3XOFlHz08mhxgVobi5ACzAoSpCVT4NIahG+Gt7h8Rk6+A9/uiwj +Jy6+MRiylhAOXAfOps7+FvBFi4nKByFXtWOHRL6DGpYWy20vCk0gsuICRpwL33A4 +e6YAJiuygQSWTExyGfeRk5VQRkZrWL1s3nTnA0MLqx1VdIbDeNPtIZ+dQHCN5vYt +pP7zFSuF6fse8mSobzA9x4hKXUKWQ/V985arHYzYpJXfIRMyZDqKjRW5xKGYR0eH +adhpbOCWx73+vVa8tABbvNIPjp/7KPaGPSp7uV9Afvvt5qjM/nho/VstyWscivM0 +c+oylG4cNBaJCVyb6nsiBYK2XE/Llfjsj/l2+SRfIZOwmvhL+CG7z7okPEiNp7EB +DcefH7/N/Fg4R4PzWskHfb6ZU+nnPKV9JJdBitw/EQFAN8qO7b6O1HRsXUJziBsH +cgQBDT0wOue49lDFratmWBx1K10paRuAl1DmO5WtstC/cthGYvKVGDWclLbIVRpv +/DyXZMsXdt9IaP31vHs+W0Yj/1Pcj3iKFX/oh0e7Kb2MQziquQcMzJM2n3BVa2PQ +dZ3FGKSoDtdT3RhEWGAY5zh7nwPUDqR2frCTGdRAASJbHmC/dn3Fs/m7kQHCUTw8 +EpDCCFZhp23DODk96Q0vtgtPU16qONMzVlzSH8REjS23GrbZ4wn/SW8Qm5QZiScH +WbJ3Aj5iemcFnL5aDN81BNX9GtUvJFK2jvmmPcv1x5+x51RweMQYErgahI9YVFtM +0cEN2cm27hZjktHxduJefc+WVu6vCyzSA0q/CbT58eIWBPyvyIM8AB65h4TFxX9N +4g0/0Kh8gqe3EVg1x62LEAC6AaRZEm/GBeux41DlNDYbCik6VdLRHVozmf7PYm+X +6miR4EfGE+kM7/V+shMQZni/Q64gzIn+/vpMiNV5JQsr1E2tqUp2/P6N0puUwWv2 +ORVWWk6gy8wnJ//LsDNEhSKfCrffuv2u2oVQWMcBwyqbR6ru/V3i9+9ngWd2D4E0 +-----END RSA PRIVATE KEY----- |