Djam/php7
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/php7.git synced 2025-02-23 14:52:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
php7/php-7.4.33-openssl3.patch

2018 lines
78 KiB
Diff
Raw Normal View History

restore php-openssl
2024-08-09 14:22:48 +09:00
# rediff from https://git.remirepo.net/cgit/rpms/scl-php74/php.git/plain/php-7.4.26-openssl3.patch
diff -ruN a/ext/openssl/openssl.c b/ext/openssl/openssl.c
--- a/ext/openssl/openssl.c 2024-08-09 13:19:44.284566181 +0900
+++ b/ext/openssl/openssl.c 2024-08-09 13:59:20.384801178 +0900
@@ -25,6 +25,9 @@
#include "config.h"
#endif
+# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+# pragma GCC diagnostic ignored "-Wdiscarded-qualifiers"
+
#include "php.h"
#include "php_ini.h"
#include "php_openssl.h"
@@ -55,6 +58,11 @@
#include <openssl/rand.h>
#include <openssl/ssl.h>
#include <openssl/pkcs12.h>
+#include <openssl/cms.h>
+#if PHP_OPENSSL_API_VERSION >= 0x30000
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
+#endif
/* Common */
#include <time.h>
@@ -833,8 +841,8 @@
static char default_ssl_conf_filename[MAXPATHLEN];
struct php_x509_request { /* {{{ */
- LHASH_OF(CONF_VALUE) * global_config; /* Global SSL config */
- LHASH_OF(CONF_VALUE) * req_config; /* SSL config for this request */
+ CONF *global_config; /* Global SSL config */
+ CONF *req_config;
const EVP_MD * md_alg;
const EVP_MD * digest;
char * section_name,
@@ -1046,13 +1054,13 @@
}
/* }}} */
-static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH_OF(CONF_VALUE) * config) /* {{{ */
+static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, CONF *config) /* {{{ */
{
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, config);
- if (!X509V3_EXT_add_conf(config, &ctx, (char *)section, NULL)) {
+ X509V3_set_nconf(&ctx, config);
+ if (!X509V3_EXT_add_nconf(config, &ctx, (char *)section, NULL)) {
php_openssl_store_errors();
php_error_docref(NULL, E_WARNING, "Error loading %s section %s of %s",
section_label,
@@ -1064,17 +1072,24 @@
}
/* }}} */
-static char *php_openssl_conf_get_string(
- LHASH_OF(CONF_VALUE) *conf, const char *group, const char *name) {
- char *str = CONF_get_string(conf, group, name);
- if (str == NULL) {
- /* OpenSSL reports an error if a configuration value is not found.
- * However, we don't want to generate errors for optional configuration. */
- ERR_clear_error();
- }
+static char *php_openssl_conf_get_string(CONF *conf, const char *group, const char *name) {
+ /* OpenSSL reports an error if a configuration value is not found.
+ * However, we don't want to generate errors for optional configuration. */
+ ERR_set_mark();
+ char *str = NCONF_get_string(conf, group, name);
+ ERR_pop_to_mark();
return str;
}
+static long php_openssl_conf_get_number(CONF *conf, const char *group, const char *name) {
+ /* Same here, ignore errors. */
+ long res = 0;
+ ERR_set_mark();
+ NCONF_get_number(conf, group, name, &res);
+ ERR_pop_to_mark();
+ return res;
+}
+
static int php_openssl_add_oid_section(struct php_x509_request * req) /* {{{ */
{
char * str;
@@ -1086,7 +1101,7 @@
if (str == NULL) {
return SUCCESS;
}
- sktmp = CONF_get_section(req->req_config, str);
+ sktmp = NCONF_get_section(req->req_config, str);
if (sktmp == NULL) {
php_openssl_store_errors();
php_error_docref(NULL, E_WARNING, "problem loading oid section %s", str);
@@ -1157,13 +1172,12 @@
SET_OPTIONAL_STRING_ARG("config", req->config_filename, default_ssl_conf_filename);
SET_OPTIONAL_STRING_ARG("config_section_name", req->section_name, "req");
- req->global_config = CONF_load(NULL, default_ssl_conf_filename, NULL);
- if (req->global_config == NULL) {
+ req->global_config = NCONF_new(NULL);
+ if (!NCONF_load(req->global_config, default_ssl_conf_filename, NULL)) {
php_openssl_store_errors();
}
- req->req_config = CONF_load(NULL, req->config_filename, NULL);
- if (req->req_config == NULL) {
- php_openssl_store_errors();
+ req->req_config = NCONF_new(NULL);
+ if (!NCONF_load(req->req_config, req->config_filename, NULL)) {
return FAILURE;
}
@@ -1187,8 +1201,7 @@
SET_OPTIONAL_STRING_ARG("req_extensions", req->request_extensions_section,
php_openssl_conf_get_string(req->req_config, req->section_name, "req_extensions"));
SET_OPTIONAL_LONG_ARG("private_key_bits", req->priv_key_bits,
- CONF_get_number(req->req_config, req->section_name, "default_bits"));
-
+ php_openssl_conf_get_number(req->req_config, req->section_name, "default_bits"));
SET_OPTIONAL_LONG_ARG("private_key_type", req->priv_key_type, OPENSSL_KEYTYPE_DEFAULT);
if (optional_args && (item = zend_hash_str_find(Z_ARRVAL_P(optional_args), "encrypt_key", sizeof("encrypt_key")-1)) != NULL) {
@@ -1268,11 +1281,11 @@
req->priv_key = NULL;
}
if (req->global_config) {
- CONF_free(req->global_config);
+ NCONF_free(req->global_config);
req->global_config = NULL;
}
if (req->req_config) {
- CONF_free(req->req_config);
+ NCONF_free(req->req_config);
req->req_config = NULL;
}
}
@@ -1517,7 +1530,9 @@
REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
+#ifdef RSA_SSLV23_PADDING
REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT);
+#endif
REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
@@ -3130,12 +3145,12 @@
STACK_OF(CONF_VALUE) * dn_sk, *attr_sk = NULL;
char * str, *dn_sect, *attr_sect;
- dn_sect = CONF_get_string(req->req_config, req->section_name, "distinguished_name");
+ dn_sect = NCONF_get_string(req->req_config, req->section_name, "distinguished_name");
if (dn_sect == NULL) {
php_openssl_store_errors();
return FAILURE;
}
- dn_sk = CONF_get_section(req->req_config, dn_sect);
+ dn_sk = NCONF_get_section(req->req_config, dn_sect);
if (dn_sk == NULL) {
php_openssl_store_errors();
return FAILURE;
@@ -3144,7 +3159,7 @@
if (attr_sect == NULL) {
attr_sk = NULL;
} else {
- attr_sk = CONF_get_section(req->req_config, attr_sect);
+ attr_sk = NCONF_get_section(req->req_config, attr_sect);
if (attr_sk == NULL) {
php_openssl_store_errors();
return FAILURE;
@@ -3550,8 +3565,8 @@
X509V3_CTX ctx;
X509V3_set_ctx(&ctx, cert, new_cert, csr, NULL, 0);
- X509V3_set_conf_lhash(&ctx, req.req_config);
- if (!X509V3_EXT_add_conf(req.req_config, &ctx, req.extensions_section, new_cert)) {
+ X509V3_set_nconf(&ctx, req.req_config);
+ if (!X509V3_EXT_add_nconf(req.req_config, &ctx, req.extensions_section, new_cert)) {
php_openssl_store_errors();
goto cleanup;
}
@@ -3634,11 +3649,11 @@
X509V3_CTX ext_ctx;
X509V3_set_ctx(&ext_ctx, NULL, NULL, csr, NULL, 0);
- X509V3_set_conf_lhash(&ext_ctx, req.req_config);
+ X509V3_set_nconf(&ext_ctx, req.req_config);
/* Add extensions */
- if (req.request_extensions_section && !X509V3_EXT_REQ_add_conf(req.req_config,
- &ext_ctx, req.request_extensions_section, csr))
+ if (req.request_extensions_section && !X509V3_EXT_REQ_add_nconf(req.req_config,
+ &ext_ctx, req.request_extensions_section, csr))
{
php_openssl_store_errors();
php_error_docref(NULL, E_WARNING, "Error loading extension section %s", req.request_extensions_section);
@@ -3712,6 +3727,20 @@
}
/* }}} */
+static EVP_PKEY *php_openssl_extract_public_key(EVP_PKEY *priv_key)
+{
+ /* Extract public key portion by round-tripping through PEM. */
+ BIO *bio = BIO_new(BIO_s_mem());
+ if (!bio || !PEM_write_bio_PUBKEY(bio, priv_key)) {
+ BIO_free(bio);
+ return NULL;
+ }
+
+ EVP_PKEY *pub_key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
+ BIO_free(bio);
+ return pub_key;
+}
+
/* {{{ proto mixed openssl_csr_get_public_key(mixed csr)
Returns the subject of a CERT or FALSE on error */
PHP_FUNCTION(openssl_csr_get_public_key)
@@ -3719,42 +3748,24 @@
zval * zcsr;
zend_bool use_shortnames = 1;
zend_resource *csr_resource;
-
- X509_REQ *orig_csr, *csr;
+ X509_REQ *csr;
EVP_PKEY *tpubkey;
if (zend_parse_parameters(ZEND_NUM_ARGS(), "z|b", &zcsr, &use_shortnames) == FAILURE) {
return;
}
- orig_csr = php_openssl_csr_from_zval(zcsr, 0, &csr_resource);
+ csr = php_openssl_csr_from_zval(zcsr, 0, &csr_resource);
- if (orig_csr == NULL) {
+ if (csr == NULL) {
RETURN_FALSE;
}
-#if PHP_OPENSSL_API_VERSION >= 0x10100
- /* Due to changes in OpenSSL 1.1 related to locking when decoding CSR,
- * the pub key is not changed after assigning. It means if we pass
- * a private key, it will be returned including the private part.
- * If we duplicate it, then we get just the public part which is
- * the same behavior as for OpenSSL 1.0 */
- csr = X509_REQ_dup(orig_csr);
-#else
- csr = orig_csr;
-#endif
-
- /* Retrieve the public key from the CSR */
- tpubkey = X509_REQ_get_pubkey(csr);
-
- if (csr != orig_csr) {
- /* We need to free the duplicated CSR */
- X509_REQ_free(csr);
- }
+ tpubkey = php_openssl_extract_public_key(X509_REQ_get_pubkey(csr));
if (!csr_resource) {
/* We also need to free the original CSR if it was freshly created */
- X509_REQ_free(orig_csr);
+ X509_REQ_free(csr);
}
if (tpubkey == NULL) {
@@ -3985,140 +3996,130 @@
}
/* }}} */
+static int php_openssl_get_evp_pkey_type(int key_type) {
+ switch (key_type) {
+ case OPENSSL_KEYTYPE_RSA:
+ return EVP_PKEY_RSA;
+#if !defined(NO_DSA)
+ case OPENSSL_KEYTYPE_DSA:
+ return EVP_PKEY_DSA;
+#endif
+#if !defined(NO_DH)
+ case OPENSSL_KEYTYPE_DH:
+ return EVP_PKEY_DH;
+#endif
+#ifdef HAVE_EVP_PKEY_EC
+ case OPENSSL_KEYTYPE_EC:
+ return EVP_PKEY_EC;
+#endif
+ default:
+ return -1;
+ }
+}
+
/* {{{ php_openssl_generate_private_key */
static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req)
{
- char * randfile = NULL;
- int egdsocket, seeded;
- EVP_PKEY * return_val = NULL;
-
if (req->priv_key_bits < MIN_KEY_LENGTH) {
php_error_docref(NULL, E_WARNING, "private key length is too short; it needs to be at least %d bits, not %d",
MIN_KEY_LENGTH, req->priv_key_bits);
return NULL;
}
- randfile = php_openssl_conf_get_string(req->req_config, req->section_name, "RANDFILE");
+ int type = php_openssl_get_evp_pkey_type(req->priv_key_type);
+ if (type < 0) {
+ php_error_docref(NULL, E_WARNING, "Unsupported private key type");
+ return NULL;
+ }
+
+ int egdsocket, seeded;
+ char *randfile = php_openssl_conf_get_string(req->req_config, req->section_name, "RANDFILE");
php_openssl_load_rand_file(randfile, &egdsocket, &seeded);
+ PHP_OPENSSL_RAND_ADD_TIME();
- if ((req->priv_key = EVP_PKEY_new()) != NULL) {
- switch(req->priv_key_type) {
- case OPENSSL_KEYTYPE_RSA:
- {
- RSA* rsaparam;
-#if OPENSSL_VERSION_NUMBER < 0x10002000L
- /* OpenSSL 1.0.2 deprecates RSA_generate_key */
- PHP_OPENSSL_RAND_ADD_TIME();
- rsaparam = (RSA*)RSA_generate_key(req->priv_key_bits, RSA_F4, NULL, NULL);
-#else
- {
- BIGNUM *bne = (BIGNUM *)BN_new();
- if (BN_set_word(bne, RSA_F4) != 1) {
- BN_free(bne);
- php_error_docref(NULL, E_WARNING, "failed setting exponent");
- return NULL;
- }
- rsaparam = RSA_new();
- PHP_OPENSSL_RAND_ADD_TIME();
- if (rsaparam == NULL || !RSA_generate_key_ex(rsaparam, req->priv_key_bits, bne, NULL)) {
- php_openssl_store_errors();
- RSA_free(rsaparam);
- rsaparam = NULL;
- }
- BN_free(bne);
- }
-#endif
- if (rsaparam && EVP_PKEY_assign_RSA(req->priv_key, rsaparam)) {
- return_val = req->priv_key;
- } else {
- php_openssl_store_errors();
- }
- }
- break;
+ EVP_PKEY *key = NULL;
+ EVP_PKEY *params = NULL;
+ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(type, NULL);
+ if (!ctx) {
+ php_openssl_store_errors();
+ goto cleanup;
+ }
+
+ if (type != EVP_PKEY_RSA) {
+ if (EVP_PKEY_paramgen_init(ctx) <= 0) {
+ php_openssl_store_errors();
+ goto cleanup;
+ }
+
+ switch (type) {
#if !defined(NO_DSA)
- case OPENSSL_KEYTYPE_DSA:
- PHP_OPENSSL_RAND_ADD_TIME();
- {
- DSA *dsaparam = DSA_new();
- if (dsaparam && DSA_generate_parameters_ex(dsaparam, req->priv_key_bits, NULL, 0, NULL, NULL, NULL)) {
- DSA_set_method(dsaparam, DSA_get_default_method());
- if (DSA_generate_key(dsaparam)) {
- if (EVP_PKEY_assign_DSA(req->priv_key, dsaparam)) {
- return_val = req->priv_key;
- } else {
- php_openssl_store_errors();
- }
- } else {
- php_openssl_store_errors();
- DSA_free(dsaparam);
- }
- } else {
- php_openssl_store_errors();
- }
- }
- break;
+ case EVP_PKEY_DSA:
+ if (EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, req->priv_key_bits) <= 0) {
+ php_openssl_store_errors();
+ goto cleanup;
+ }
+ break;
#endif
#if !defined(NO_DH)
- case OPENSSL_KEYTYPE_DH:
- PHP_OPENSSL_RAND_ADD_TIME();
- {
- int codes = 0;
- DH *dhparam = DH_new();
- if (dhparam && DH_generate_parameters_ex(dhparam, req->priv_key_bits, 2, NULL)) {
- DH_set_method(dhparam, DH_get_default_method());
- if (DH_check(dhparam, &codes) && codes == 0 && DH_generate_key(dhparam)) {
- if (EVP_PKEY_assign_DH(req->priv_key, dhparam)) {
- return_val = req->priv_key;
- } else {
- php_openssl_store_errors();
- }
- } else {
- php_openssl_store_errors();
- DH_free(dhparam);
- }
- } else {
- php_openssl_store_errors();
- }
- }
- break;
+ case EVP_PKEY_DH:
+ if (EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, req->priv_key_bits) <= 0) {
+ php_openssl_store_errors();
+ goto cleanup;
+ }
+ break;
#endif
#ifdef HAVE_EVP_PKEY_EC
- case OPENSSL_KEYTYPE_EC:
- {
- EC_KEY *eckey;
- if (req->curve_name == NID_undef) {
- php_error_docref(NULL, E_WARNING, "Missing configuration value: 'curve_name' not set");
- return NULL;
- }
- eckey = EC_KEY_new_by_curve_name(req->curve_name);
- if (eckey) {
- EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
- if (EC_KEY_generate_key(eckey) &&
- EVP_PKEY_assign_EC_KEY(req->priv_key, eckey)) {
- return_val = req->priv_key;
- } else {
- EC_KEY_free(eckey);
- }
- }
- }
- break;
+ case EVP_PKEY_EC:
+ if (req->curve_name == NID_undef) {
+ php_error_docref(NULL, E_WARNING, "Missing configuration value: \"curve_name\" not set");
+ goto cleanup;
+ }
+
+ if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, req->curve_name) <= 0 ||
+ EVP_PKEY_CTX_set_ec_param_enc(ctx, OPENSSL_EC_NAMED_CURVE) <= 0) {
+ php_openssl_store_errors();
+ goto cleanup;
+ }
+ break;
#endif
- default:
- php_error_docref(NULL, E_WARNING, "Unsupported private key type");
+ EMPTY_SWITCH_DEFAULT_CASE()
+ }
+
+ if (EVP_PKEY_paramgen(ctx, &params) <= 0) {
+ php_openssl_store_errors();
+ goto cleanup;
}
- } else {
+
+ EVP_PKEY_CTX_free(ctx);
+ ctx = EVP_PKEY_CTX_new(params, NULL);
+ if (!ctx) {
+ php_openssl_store_errors();
+ goto cleanup;
+ }
+ }
+
+ if (EVP_PKEY_keygen_init(ctx) <= 0) {
php_openssl_store_errors();
+ goto cleanup;
}
- php_openssl_write_rand_file(randfile, egdsocket, seeded);
+ if (type == EVP_PKEY_RSA && EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, req->priv_key_bits) <= 0) {
+ php_openssl_store_errors();
+ goto cleanup;
+ }
- if (return_val == NULL) {
- EVP_PKEY_free(req->priv_key);
- req->priv_key = NULL;
- return NULL;
+ if (EVP_PKEY_keygen(ctx, &key) <= 0) {
+ php_openssl_store_errors();
+ goto cleanup;
}
- return return_val;
+ req->priv_key = key;
+
+cleanup:
+ php_openssl_write_rand_file(randfile, egdsocket, seeded);
+ EVP_PKEY_free(params);
+ EVP_PKEY_CTX_free(ctx);
+ return key;
}
/* }}} */
@@ -4372,8 +4373,222 @@
}
/* }}} */
-/* {{{ proto resource openssl_pkey_new([array configargs])
- Generates a new private key */
+#ifdef HAVE_EVP_PKEY_EC
+#if PHP_OPENSSL_API_VERSION < 0x30000
+static int php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, int *is_private) {
+ EC_GROUP *group = NULL;
+ EC_POINT *pnt = NULL;
+ BIGNUM *d = NULL;
+ zval *bn;
+ zval *x;
+ zval *y;
+
+ if ((bn = zend_hash_str_find(Z_ARRVAL_P(data), "curve_name", sizeof("curve_name") - 1)) != NULL &&
+ Z_TYPE_P(bn) == IS_STRING) {
+ int nid = OBJ_sn2nid(Z_STRVAL_P(bn));
+ if (nid != NID_undef) {
+ group = EC_GROUP_new_by_curve_name(nid);
+ if (!group) {
+ php_openssl_store_errors();
+ goto clean_exit;
+ }
+ EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+ EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
+ if (!EC_KEY_set_group(eckey, group)) {
+ php_openssl_store_errors();
+ goto clean_exit;
+ }
+ }
+ }
+
+ if (group == NULL) {
+ php_error_docref(NULL, E_WARNING, "Unknown curve name");
+ goto clean_exit;
+ }
+
+ // The public key 'pnt' can be calculated from 'd' or is defined by 'x' and 'y'
+ *is_private = 0;
+ if ((bn = zend_hash_str_find(Z_ARRVAL_P(data), "d", sizeof("d") - 1)) != NULL &&
+ Z_TYPE_P(bn) == IS_STRING) {
+ *is_private = 1;
+ d = BN_bin2bn((unsigned char*) Z_STRVAL_P(bn), Z_STRLEN_P(bn), NULL);
+ if (!EC_KEY_set_private_key(eckey, d)) {
+ php_openssl_store_errors();
+ goto clean_exit;
+ }
+ // Calculate the public key by multiplying the Point Q with the public key
+ // P = d * Q
+ pnt = EC_POINT_new(group);
+ if (!pnt || !EC_POINT_mul(group, pnt, d, NULL, NULL, NULL)) {
+ php_openssl_store_errors();
+ goto clean_exit;
+ }
+
+ BN_free(d);
+ } else if ((x = zend_hash_str_find(Z_ARRVAL_P(data), "x", sizeof("x") - 1)) != NULL &&
+ Z_TYPE_P(x) == IS_STRING &&
+ (y = zend_hash_str_find(Z_ARRVAL_P(data), "y", sizeof("y") - 1)) != NULL &&
+ Z_TYPE_P(y) == IS_STRING) {
+ pnt = EC_POINT_new(group);
+ if (pnt == NULL) {
+ php_openssl_store_errors();
+ goto clean_exit;
+ }
+ if (!EC_POINT_set_affine_coordinates_GFp(
+ group, pnt, BN_bin2bn((unsigned char*) Z_STRVAL_P(x), Z_STRLEN_P(x), NULL),
+ BN_bin2bn((unsigned char*) Z_STRVAL_P(y), Z_STRLEN_P(y), NULL), NULL)) {
+ php_openssl_store_errors();
+ goto clean_exit;
+ }
+ }
+
+ if (pnt != NULL) {
+ if (!EC_KEY_set_public_key(eckey, pnt)) {
+ php_openssl_store_errors();
+ goto clean_exit;
+ }
+ EC_POINT_free(pnt);
+ pnt = NULL;
+ }
+
+ if (!EC_KEY_check_key(eckey)) {
+ *is_private = 1;
+ PHP_OPENSSL_RAND_ADD_TIME();
+ EC_KEY_generate_key(eckey);
+ php_openssl_store_errors();
+ }
+ if (EC_KEY_check_key(eckey)) {
+ return 1;
+ } else {
+ php_openssl_store_errors();
+ }
+
+clean_exit:
+ BN_free(d);
+ EC_POINT_free(pnt);
+ EC_GROUP_free(group);
+ return 0;
+}
+#endif
+
+static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, int *is_private) {
+#if PHP_OPENSSL_API_VERSION >= 0x30000
+ BIGNUM *d = NULL, *x = NULL, *y = NULL;
+ EC_GROUP *group = NULL;
+ EC_POINT *pnt = NULL;
+ unsigned char *pnt_oct = NULL;
+ EVP_PKEY *param_key = NULL, *pkey = NULL;
+ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+ OSSL_PARAM *params = NULL;
+ OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
+ zval *curve_name_zv = zend_hash_str_find(Z_ARRVAL_P(data), "curve_name", sizeof("curve_name") - 1);
+
+ OPENSSL_PKEY_SET_BN(data, d);
+ OPENSSL_PKEY_SET_BN(data, x);
+ OPENSSL_PKEY_SET_BN(data, y);
+
+ if (!ctx || !bld || !curve_name_zv || Z_TYPE_P(curve_name_zv) != IS_STRING) {
+ goto cleanup;
+ }
+
+ int nid = OBJ_sn2nid(Z_STRVAL_P(curve_name_zv));
+ group = EC_GROUP_new_by_curve_name(nid);
+ if (!group) {
+ php_error_docref(NULL, E_WARNING, "Unknown curve name");
+ goto cleanup;
+ }
+
+ OSSL_PARAM_BLD_push_utf8_string(
+ bld, OSSL_PKEY_PARAM_GROUP_NAME, Z_STRVAL_P(curve_name_zv), Z_STRLEN_P(curve_name_zv));
+
+ if (d) {
+ OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, d);
+
+ pnt = EC_POINT_new(group);
+ if (!pnt || !EC_POINT_mul(group, pnt, d, NULL, NULL, NULL)) {
+ goto cleanup;
+ }
+ } else if (x && y) {
+ /* OpenSSL does not allow setting EC_PUB_X/EC_PUB_Y, so convert to encoded format. */
+ pnt = EC_POINT_new(group);
+ if (!pnt || !EC_POINT_set_affine_coordinates(group, pnt, x, y, NULL)) {
+ goto cleanup;
+ }
+ }
+
+ if (pnt) {
+ size_t pnt_oct_len =
+ EC_POINT_point2buf(group, pnt, POINT_CONVERSION_COMPRESSED, &pnt_oct, NULL);
+ if (!pnt_oct_len) {
+ goto cleanup;
+ }
+
+ OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, pnt_oct, pnt_oct_len);
+ }
+
+ params = OSSL_PARAM_BLD_to_param(bld);
+ if (!params) {
+ goto cleanup;
+ }
+
+ if (EVP_PKEY_fromdata_init(ctx) <= 0 ||
+ EVP_PKEY_fromdata(ctx, &param_key, EVP_PKEY_KEYPAIR, params) <= 0) {
+ goto cleanup;
+ }
+
+ EVP_PKEY_CTX_free(ctx);
+ ctx = EVP_PKEY_CTX_new(param_key, NULL);
+ if (EVP_PKEY_check(ctx)) {
+ *is_private = d != NULL;
+ EVP_PKEY_up_ref(param_key);
+ pkey = param_key;
+ } else {
+ *is_private = 1;
+ PHP_OPENSSL_RAND_ADD_TIME();
+ if (EVP_PKEY_keygen_init(ctx) <= 0 || EVP_PKEY_keygen(ctx, &pkey) <= 0) {
+ goto cleanup;
+ }
+ }
+
+cleanup:
+ php_openssl_store_errors();
+ EVP_PKEY_free(param_key);
+ EVP_PKEY_CTX_free(ctx);
+ OSSL_PARAM_free(params);
+ OSSL_PARAM_BLD_free(bld);
+ EC_POINT_free(pnt);
+ EC_GROUP_free(group);
+ OPENSSL_free(pnt_oct);
+ BN_free(d);
+ BN_free(x);
+ BN_free(y);
+ return pkey;
+#else
+ EVP_PKEY *pkey = EVP_PKEY_new();
+ if (!pkey) {
+ php_openssl_store_errors();
+ return NULL;
+ }
+
+ EC_KEY *ec = EC_KEY_new();
+ if (!ec) {
+ EVP_PKEY_free(pkey);
+ return NULL;
+ }
+
+ if (!php_openssl_pkey_init_legacy_ec(ec, data, is_private)
+ || !EVP_PKEY_assign_EC_KEY(pkey, ec)) {
+ php_openssl_store_errors();
+ EVP_PKEY_free(pkey);
+ EC_KEY_free(ec);
+ return NULL;
+ }
+
+ return pkey;
+#endif
+}
+#endif
+
PHP_FUNCTION(openssl_pkey_new)
{
struct php_x509_request req;
@@ -4454,119 +4669,12 @@
#ifdef HAVE_EVP_PKEY_EC
} else if ((data = zend_hash_str_find(Z_ARRVAL_P(args), "ec", sizeof("ec") - 1)) != NULL &&
Z_TYPE_P(data) == IS_ARRAY) {
- EC_KEY *eckey = NULL;
- EC_GROUP *group = NULL;
- EC_POINT *pnt = NULL;
- BIGNUM *d = NULL;
- pkey = EVP_PKEY_new();
- if (pkey) {
- eckey = EC_KEY_new();
- if (eckey) {
- EC_GROUP *group = NULL;
- zval *bn;
- zval *x;
- zval *y;
-
- if ((bn = zend_hash_str_find(Z_ARRVAL_P(data), "curve_name", sizeof("curve_name") - 1)) != NULL &&
- Z_TYPE_P(bn) == IS_STRING) {
- int nid = OBJ_sn2nid(Z_STRVAL_P(bn));
- if (nid != NID_undef) {
- group = EC_GROUP_new_by_curve_name(nid);
- if (!group) {
- php_openssl_store_errors();
- goto clean_exit;
- }
- EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
- EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
- if (!EC_KEY_set_group(eckey, group)) {
- php_openssl_store_errors();
- goto clean_exit;
- }
- }
- }
-
- if (group == NULL) {
- php_error_docref(NULL, E_WARNING, "Unknown curve_name");
- goto clean_exit;
- }
-
- // The public key 'pnt' can be calculated from 'd' or is defined by 'x' and 'y'
- if ((bn = zend_hash_str_find(Z_ARRVAL_P(data), "d", sizeof("d") - 1)) != NULL &&
- Z_TYPE_P(bn) == IS_STRING) {
- d = BN_bin2bn((unsigned char*) Z_STRVAL_P(bn), Z_STRLEN_P(bn), NULL);
- if (!EC_KEY_set_private_key(eckey, d)) {
- php_openssl_store_errors();
- goto clean_exit;
- }
- // Calculate the public key by multiplying the Point Q with the public key
- // P = d * Q
- pnt = EC_POINT_new(group);
- if (!pnt || !EC_POINT_mul(group, pnt, d, NULL, NULL, NULL)) {
- php_openssl_store_errors();
- goto clean_exit;
- }
-
- BN_free(d);
- } else if ((x = zend_hash_str_find(Z_ARRVAL_P(data), "x", sizeof("x") - 1)) != NULL &&
- Z_TYPE_P(x) == IS_STRING &&
- (y = zend_hash_str_find(Z_ARRVAL_P(data), "y", sizeof("y") - 1)) != NULL &&
- Z_TYPE_P(y) == IS_STRING) {
- pnt = EC_POINT_new(group);
- if (pnt == NULL) {
- php_openssl_store_errors();
- goto clean_exit;
- }
- if (!EC_POINT_set_affine_coordinates_GFp(
- group, pnt, BN_bin2bn((unsigned char*) Z_STRVAL_P(x), Z_STRLEN_P(x), NULL),
- BN_bin2bn((unsigned char*) Z_STRVAL_P(y), Z_STRLEN_P(y), NULL), NULL)) {
- php_openssl_store_errors();
- goto clean_exit;
- }
- }
-
- if (pnt != NULL) {
- if (!EC_KEY_set_public_key(eckey, pnt)) {
- php_openssl_store_errors();
- goto clean_exit;
- }
- EC_POINT_free(pnt);
- pnt = NULL;
- }
-
- if (!EC_KEY_check_key(eckey)) {
- PHP_OPENSSL_RAND_ADD_TIME();
- EC_KEY_generate_key(eckey);
- php_openssl_store_errors();
- }
- if (EC_KEY_check_key(eckey) && EVP_PKEY_assign_EC_KEY(pkey, eckey)) {
- EC_GROUP_free(group);
- RETURN_RES(zend_register_resource(pkey, le_key));
- } else {
- php_openssl_store_errors();
- }
- } else {
- php_openssl_store_errors();
- }
- } else {
- php_openssl_store_errors();
- }
-clean_exit:
- if (d != NULL) {
- BN_free(d);
- }
- if (pnt != NULL) {
- EC_POINT_free(pnt);
- }
- if (group != NULL) {
- EC_GROUP_free(group);
- }
- if (eckey != NULL) {
- EC_KEY_free(eckey);
- }
- if (pkey != NULL) {
- EVP_PKEY_free(pkey);
+ int is_private;
+ pkey = php_openssl_pkey_init_ec(data, &is_private);
+ if (!pkey) {
+ RETURN_FALSE;
}
- RETURN_FALSE;
+ RETURN_RES(zend_register_resource(pkey, le_key));
#endif
}
}
@@ -4637,21 +4745,9 @@
cipher = NULL;
}
- switch (EVP_PKEY_base_id(key)) {
-#ifdef HAVE_EVP_PKEY_EC
- case EVP_PKEY_EC:
- pem_write = PEM_write_bio_ECPrivateKey(
- bio_out, EVP_PKEY_get0_EC_KEY(key), cipher,
- (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
- break;
-#endif
- default:
- pem_write = PEM_write_bio_PrivateKey(
- bio_out, key, cipher,
- (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
- break;
- }
-
+ pem_write = PEM_write_bio_PrivateKey(
+ bio_out, key, cipher,
+ (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
if (pem_write) {
/* Success!
* If returning the output as a string, do so now */
@@ -4714,21 +4810,9 @@
cipher = NULL;
}
- switch (EVP_PKEY_base_id(key)) {
-#ifdef HAVE_EVP_PKEY_EC
- case EVP_PKEY_EC:
- pem_write = PEM_write_bio_ECPrivateKey(
- bio_out, EVP_PKEY_get0_EC_KEY(key), cipher,
- (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
- break;
-#endif
- default:
- pem_write = PEM_write_bio_PrivateKey(
- bio_out, key, cipher,
- (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
- break;
- }
-
+ pem_write = PEM_write_bio_PrivateKey(
+ bio_out, key, cipher,
+ (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
if (pem_write) {
/* Success!
* If returning the output as a string, do so now */
@@ -6389,6 +6473,31 @@
}
/* }}} */
+#if PHP_OPENSSL_API_VERSION >= 0x30000
+static void php_openssl_add_cipher_name(const char *name, void *arg)
+{
+ size_t len = strlen(name);
+ zend_string *str = zend_string_alloc(len, 0);
+ zend_str_tolower_copy(ZSTR_VAL(str), name, len);
+ add_next_index_str((zval*)arg, str);
+}
+
+static void php_openssl_add_cipher_or_alias(EVP_CIPHER *cipher, void *arg)
+{
+ EVP_CIPHER_names_do_all(cipher, php_openssl_add_cipher_name, arg);
+}
+
+static void php_openssl_add_cipher(EVP_CIPHER *cipher, void *arg)
+{
+ php_openssl_add_cipher_name(EVP_CIPHER_get0_name(cipher), arg);
+}
+
+static int php_openssl_compare_func(const void *a, const void *b)
+{
+ return string_compare_function(&((Bucket *)a)->val, &((Bucket *)b)->val);
+}
+#endif
+
/* {{{ proto array openssl_get_cipher_methods([bool aliases = false])
Return array of available cipher methods */
PHP_FUNCTION(openssl_get_cipher_methods)
@@ -6399,9 +6508,16 @@
return;
}
array_init(return_value);
+#if PHP_OPENSSL_API_VERSION >= 0x30000
+ EVP_CIPHER_do_all_provided(NULL,
+ aliases ? php_openssl_add_cipher_or_alias : php_openssl_add_cipher,
+ return_value);
+ zend_hash_sort(Z_ARRVAL_P(return_value), php_openssl_compare_func, 1);
+#else
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
- aliases ? php_openssl_add_method_or_alias: php_openssl_add_method,
+ aliases ? php_openssl_add_method_or_alias : php_openssl_add_method,
return_value);
+#endif
}
/* }}} */
diff -ruN a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h
--- a/ext/openssl/php_openssl.h 2024-08-09 13:19:44.283566133 +0900
+++ b/ext/openssl/php_openssl.h 2024-08-09 13:20:33.120890846 +0900
@@ -41,8 +41,10 @@
#define PHP_OPENSSL_API_VERSION 0x10001
#elif OPENSSL_VERSION_NUMBER < 0x10100000L
#define PHP_OPENSSL_API_VERSION 0x10002
-#else
+#elif OPENSSL_VERSION_NUMBER < 0x30000000L
#define PHP_OPENSSL_API_VERSION 0x10100
+#else
+#define PHP_OPENSSL_API_VERSION 0x30000
#endif
#endif
diff -ruN a/ext/openssl/tests/bug28382.phpt b/ext/openssl/tests/bug28382.phpt
--- a/ext/openssl/tests/bug28382.phpt 2024-08-09 13:19:44.273565657 +0900
+++ b/ext/openssl/tests/bug28382.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -9,11 +9,10 @@
$cert = file_get_contents(__DIR__ . "/bug28382cert.txt");
$ext = openssl_x509_parse($cert);
var_dump($ext['extensions']);
-/* openssl 1.0 prepends the string "Full Name:" to the crlDistributionPoints array key.
- For now, as this is the one difference only between 0.9.x and 1.x, it's handled with
- placeholders to not to duplicate the test. When more diffs come, a duplication would
- be probably a better solution.
-*/
+/*
+ * The reason for %A at the end of crlDistributionPoints and authorityKeyIdentifier is that
+ * OpenSSL 3.0 removes new lines which were present in previous versions.
+ */
?>
--EXPECTF--
array(11) {
@@ -24,8 +23,7 @@
["nsCertType"]=>
string(30) "SSL Client, SSL Server, S/MIME"
["crlDistributionPoints"]=>
- string(%d) "%AURI:http://mobile.blue-software.ro:90/ca/crl.shtml
-"
+ string(%d) "%AURI:http://mobile.blue-software.ro:90/ca/crl.shtml%A"
["nsCaPolicyUrl"]=>
string(38) "http://mobile.blue-software.ro:90/pub/"
["subjectAltName"]=>
@@ -33,9 +31,8 @@
["subjectKeyIdentifier"]=>
string(59) "B0:A7:FF:F9:41:15:DE:23:39:BD:DD:31:0F:97:A0:B2:A2:74:E0:FC"
["authorityKeyIdentifier"]=>
- string(115) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/emailAddress=n_sergiu@hotmail.com
-serial:00
-"
+ string(%d) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/emailAddress=n_sergiu@hotmail.com
+serial:00%A"
["keyUsage"]=>
string(71) "Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment"
["nsBaseUrl"]=>
diff -ruN a/ext/openssl/tests/bug52093.phpt b/ext/openssl/tests/bug52093.phpt
--- a/ext/openssl/tests/bug52093.phpt 2024-08-09 13:19:44.283566133 +0900
+++ b/ext/openssl/tests/bug52093.phpt 2024-08-09 13:20:33.123890989 +0900
@@ -14,10 +14,10 @@
"commonName" => "Henrique do N. Angelo",
"emailAddress" => "hnangelo@php.net"
);
-
+$options = ['config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf'];
$privkey = openssl_pkey_new();
-$csr = openssl_csr_new($dn, $privkey);
-$cert = openssl_csr_sign($csr, null, $privkey, 365, [], PHP_INT_MAX);
+$csr = openssl_csr_new($dn, $privkey, $options);
+$cert = openssl_csr_sign($csr, null, $privkey, 365, $options, PHP_INT_MAX);
var_dump(openssl_x509_parse($cert)['serialNumber']);
?>
--EXPECT--
diff -ruN a/ext/openssl/tests/bug71917.phpt b/ext/openssl/tests/bug71917.phpt
--- a/ext/openssl/tests/bug71917.phpt 2024-08-09 13:19:44.275565752 +0900
+++ b/ext/openssl/tests/bug71917.phpt 2024-08-09 13:20:33.120890846 +0900
@@ -3,6 +3,7 @@
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!in_array('rc4', openssl_get_cipher_methods())) die('skip rc4 not available');
?>
--FILE--
<?php
diff -ruN a/ext/openssl/tests/bug72165.phpt b/ext/openssl/tests/bug72165.phpt
--- a/ext/openssl/tests/bug72165.phpt 2024-08-09 13:19:44.275565752 +0900
+++ b/ext/openssl/tests/bug72165.phpt 2024-08-09 13:20:33.123890989 +0900
@@ -6,8 +6,9 @@
?>
--FILE--
<?php
-$var0 = array(0 => "hello", 1 => "world");
-$var2 = openssl_csr_new(array(0),$var0,null,array(0));
+$var0 = [0 => "hello", 1 => "world"];
+$options = ['config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf'];
+$var2 = openssl_csr_new([0], $var0, $options, [0]);
?>
==DONE==
--EXPECTF--
diff -ruN a/ext/openssl/tests/bug72362.phpt b/ext/openssl/tests/bug72362.phpt
--- a/ext/openssl/tests/bug72362.phpt 2024-08-09 13:19:44.283566133 +0900
+++ b/ext/openssl/tests/bug72362.phpt 2024-08-09 13:20:33.120890846 +0900
@@ -3,6 +3,7 @@
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!in_array('bf-ecb', openssl_get_cipher_methods())) die('skip bf-ecb not available');
?>
--FILE--
<?php
diff -ruN a/ext/openssl/tests/bug73711.cnf b/ext/openssl/tests/bug73711.cnf
--- a/ext/openssl/tests/bug73711.cnf 2024-08-09 13:19:44.276565800 +0900
+++ b/ext/openssl/tests/bug73711.cnf 1970-01-01 09:00:00.000000000 +0900
@@ -1,3 +0,0 @@
-[ req ]
-default_bits = 384
-
diff -ruN a/ext/openssl/tests/bug73711.phpt b/ext/openssl/tests/bug73711.phpt
--- a/ext/openssl/tests/bug73711.phpt 2024-08-09 13:19:44.277565847 +0900
+++ b/ext/openssl/tests/bug73711.phpt 2024-08-09 13:20:33.124891037 +0900
@@ -6,9 +6,17 @@
?>
--FILE--
<?php
-$cnf = __DIR__ . DIRECTORY_SEPARATOR . 'bug73711.cnf';
-var_dump(openssl_pkey_new(["private_key_type" => OPENSSL_KEYTYPE_DSA, 'config' => $cnf]));
-var_dump(openssl_pkey_new(["private_key_type" => OPENSSL_KEYTYPE_DH, 'config' => $cnf]));
+$config = __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf';
+var_dump(openssl_pkey_new([
+ "private_key_type" => OPENSSL_KEYTYPE_DSA,
+ "private_key_bits" => 1024,
+ 'config' => $config,
+]));
+var_dump(openssl_pkey_new([
+ "private_key_type" => OPENSSL_KEYTYPE_DH,
+ "private_key_bits" => 512,
+ 'config' => $config,
+]));
echo "DONE";
?>
--EXPECTF--
diff -ruN a/ext/openssl/tests/bug74022_2.phpt b/ext/openssl/tests/bug74022_2.phpt
--- a/ext/openssl/tests/bug74022_2.phpt 2024-08-09 13:19:44.272565609 +0900
+++ b/ext/openssl/tests/bug74022_2.phpt 2024-08-09 13:20:33.120890846 +0900
@@ -12,11 +12,13 @@
var_dump(count($cert_data['extracerts']));
}
-$p12_base64 = 'MIIW+QIBAzCCFr8GCSqGSIb3DQEHAaCCFrAEghasMIIWqDCCEV8GCSqGSIb3DQEHBqCCEVAwghFMAgEAMIIRRQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIQOfCxIAgGIICAggAgIIRGFTkvHpJjCtFjukXYVlhyOIqKiS8Zvg84dX244hhI0S51Uyn/tlXM2GD/3hDNVxcVKwP/fKN21lEkoXoK4h2/5BY3qCdZa3Ef3vk44b/+FGCUAqvsOo1ZjD2P/sBGhLu3aFnQ6ktUXlKV4cnqhlF62AqY4e5efQzmJXn+gI8cSNI5c+qQ0RQgGoRY4nJfvMSZG0/DAkirjGikU/2TZd8LwLkxVUBYbF5/T0fNtA3o99+4tF+8ZRv6ArYjplRdwcBbMbzGhn3ytCq6cmVid9iLjwHJFmvAPXKbmu0Lh5eRRznX9gBWlzGd08Q/ch0MW2ehZTu1A2VrNWl+FKWSk8l0MlSoTPJFutFiejRvMr6VzbQItyJ/mtrNa9b1Hicgoj9HaBB6arx4wKORlbSOxFNOWdTCUhFdqthK5o7b9i/owyVgyY0s7BFEZChc0zGpRq7BLrynY79b+pHKzpil9isuisp1++piHZx9Y/bpC7OP5FlYF9+3TJL0EpEFQD8FqEoqcMFRxIDWGpCQiLGcmL14OH1JKSgOJEAgogsIF/KQhvWeKcUSJlai+0sskl8mOrCt2EJwuRvzmemuzebYN3JMOiBXKONYR0yU8AeAyNTgSBimWhACtikUyfpgZXlIeXyFMvj9fmd0I/zqjaW4upqrCudCOj/CWx7+e+8udfJxI7agWwrZMf1BEkOhRFOHOIuV+IEbaoMP6vVrGlhK71oN+gnoes5ivohpFDJWSZ3+1fMh56vfNynuM2wLJO7FTROPla+4ug33V/2ubGpoIyXn2lTSbuXaYDfsXMa1inakOMW9Q+PHGdIjZrwQU/u9Q2H0IlwFd4uQojZo15SRf4xh5FOuUrrfGRAnp1mWHALTBqd2VnkgqtBl8rXZXqA+CiEhEDhTAQmvf+wCKd3FklrhV+p65YcfRK9OJv5aFQM1/+WbJozF4/Wi5j4rtIDPrgMMEflOyoZIxGxDOaklyAvaasRU2TT8E2LIEvGKOzlrhIZqWyRESjgXdh6l0UBMaVAidIZ0JLf+8fqSZ0Zia5iAaJpm82MQr/PVXC4lqqxDlHhefwM3OKfZVkfAw0a2eePM5YkIxAgMpAstBt32UIixlj/5l4MwqzP8Reb4MsV6Fph2e14vsV1diLBaJI3hrU5UBVEDWV0GSbwdhZLtdubSaBHcv5v9aZ1cdFKL6d2rHksW9ooNnh/ljPxmVlfHbb8sPYDXmLmBNJdNV1gQouhKKrt0ov1J9+sqE53D9+9dfRwf/myYlnyNgqU4vNMrZI2flyugkYoUxIC8stVF46zfL5QkSg3GqdLQC4gpeJ0WdTSyOBaOgUvqGdSARb5bXm1VXF5IxVg1B4v+puNIHS9yuphXUJvw6xWWPjbQAllDrPjMqAbxmF465vFyQP0qEvMjRD+SaFIgW4KjMqfteKo4MgqKTRF4UP9r0HkwRErOznxWDfSxzXYztY6U72NdifN9IIFiBikKQqZvfvaN+1jukehSRpGQHQB5OxeeKThJZJGiUC5Fgvl7lPb6Djx8Rfba/FJvVsR2KFS64sArtUKmC6LcJxEY9WcsiJTHek817zvYej7FD1NxuttNp+ue9ArOoIhOEf08HIOu3d2yjeRlN5CJ/jIdKYlZW6m6Ap1M+OUHhJTF73K6lKKD9Diwa3s6FoqOwtZF4uYwHnCG218BMY8GgEVD73x5KjDOP02Y6EakZNp/9QIqQT4WkMWXMaqAPADtoh8X1FJLlnvs2Ko+hLlPxuPaIA4KvSuuocnWx/6HJbdqHUS/Se+JJo0Igt4Svax1R2kvoIPuQmPmHJ6l7CeZZiNbe+baFSx+V6g/6AgHUsUOSqGvUIEns1uIE9CQ8w0G3yLVonjERJLrdj+em3Pt7fxrxoOI4nwjplX0wJk0rkQREiS8ULQDHueptUcxJxMKpugAc4CL+BsHohkhm4kpOEmviKDwzxytQhDp2Fj2PRO9kqyNrNfzNGCN5709blEIVYTtonELI2vR5Ap+O2pH+AlqrnHWgeOYAKAyWT13xCNRsGNdv2sCDDiHqxq01IBzYhPvoWzECOmGbJRRSGOVzYCJJpVjl0NNKv9ucmftSQRjm6xgLIqv1xrehDYuJ/IMsYQ5QwXBGxy7nkeRg+onWzA0ZnEWgzLs3T/Pj7z/TPQWiN03MH24RvQXTWBqp9iBwXpsCZVgUIM/VLCQJn0/V5gfRy9Ne0rk2/tHMnzGHvll5Spoy6WkxSfQ8c8CjTilaoPWV6fOcNB2Z6ZuTqX0fbnxcEAu2fOK7e6ryGipEgaxrdiopDTlgPEFMdGUETbUh0ACrv/gNsS+m5MtNisWnhxFEiXrsWoWIgW/6TgRJGo+l52bh/xxC0bwHbYuHK62sxDVeXpBOnA4VE+WckWsC0CKYJvv4vfTbLI46fyd3lnlcSuHYM4SdbND7THNeK+KB5GyuUFLgAhhtZv8ceEo63IOlBUUy1NlWnr0cbidxvVnOugFLExCV5QGr+xbrssIibQxs8AfOBK8Cxh83IlzJVe7dX1mZVG1c6AM6SKSC6F0LBOeNEvcLlz4PBMIciubCE6ecdXCzJYFbj9ERDlnrZMKrnATRMsgCPaWdyYgQwkDuCj5uqf4aiKLzA61918hLY3MB7mSyJcCkXDYKr11Br0YSAdu8uG6IjpiUQS2PFz8E8XHBmO/uobhEuCPR2LnUv+xFN8zoPQlA5ueRz1yBF8L+CsvDGp/N3KF26ETWlvmnEdt7foE+o/J7aG6xO/CNB+/+yGbVPZRVAntZec9nbqlQ55qECnWtQNnShW7+3RSGamWeTtE2DyRSfd/62JkPNEY25jbBUIkMNtKolA5dbYa+u50S3lvakMmvQvzcSC3PONajKHgk4mBn3qf9X2uM5RDL83M7489r6JPcxTnNK27rQoxplkxLiN8HuB+AB5hp82WoyvLydR4hoBnJPIYKMcmEfIR+SgLoCyNIQLjzk5Iyk1ZwdwsjyNPXi1/HHZq8+NhoTCupjGfWgXghoz89MTYAjpMvOlES2rgFuCdphSc8Nd1uQtZx4CLMOU0gut0PI81ePBBI0iG74PWMEcp5HlHHY/hPTaRkBFLYkq9CWmJc1PfjiCWf3pwRmT7dUnmcptynexIMOZt2Nd76jc+g7k5MmEK+Qdz7/c1un4sVLquxdY6nUY/znLz+2zC/OTSsF39+rak3p8TXR0kBNsHl8UTioi4CGhCMsWsQy9me25TDHzbtIvBPVp9xXufsOe2wqPLjq3iNEGXTsagx3sLvl7BJ6WW/YMC7sUpjx1Ai3zkqViW0jQB+BzMZjfYM/8Yj31EEE+WssxY+NfitBgZzeMGGjNOAKp7XN0glwhuo1G2/APyU/Zopx3gMYj5OExgkZ7kvK++7+NlPmE+8AEuZ/uf30TtKwvRXOSvAMqqm26kb/WQPCj1xFQ0AEDl0Sbyfgk1E51Cd/ujL0t32FNkSoE8pe3IaTnwAnW7NHTZ/RByh2nsr0ThfFg4pFFuSD4dzU8r2J/4YJG3B06eyyTRLoyLBQwzwIgzGBAU8USdD8CXlA8SkfBbF39500ZRNcMIt6wdQa1CHAUHDLPw9JF9Q0FwCspgkjc9+lTRZMtumN5ChgypSkUB1dzLV2hqeQzDngVjcco/CoxM0Svm8gGrM9qobCTGzGF8/wZljv1yRiqu6HGFYWDAQ/p+wWx6ScstxEAB+5R5GrOedgd4zPXi2NMvyeN+ACFRBSPkhXIXpLZADvBi/WQMYbHia1wL8WUrSGQuB4P46cWGyseaxl//6GQ9IoGbK3XuLIPeE+BpPLB0H9LSLY+5f3qOEkKzCCW0z+68ZMlanlsThLKhqk8yrmJhV4788Tr7BC3eGbAie1urrrfUR613Jsp5peLSJuWQHdWCE/fdKgoSsRJ+DYkPoyS1YNz4BF4yz1Oem9Mti7gvgT
+$cert = file_get_contents(__DIR__ . "/public.crt");
+$priv = file_get_contents(__DIR__ . "/private.crt");
+$extracert = file_get_contents(__DIR__ . "/cert.crt");
+$pass = "qwerty";
+openssl_pkcs12_export($cert, $p12, $priv, $pass, array('extracerts' => [$extracert, $extracert]));
-$p12 = base64_decode($p12_base64);
-
-test($p12, 'qwerty');
+test($p12, $pass);
?>
===DONE===
--EXPECT--
diff -ruN a/ext/openssl/tests/bug79145.phpt b/ext/openssl/tests/bug79145.phpt
--- a/ext/openssl/tests/bug79145.phpt 2024-08-09 13:19:44.281566038 +0900
+++ b/ext/openssl/tests/bug79145.phpt 2024-08-09 13:20:33.109890323 +0900
@@ -14,13 +14,14 @@
C9C4JmhTOjBVAK8SewIDAQAC
-----END PUBLIC KEY-----';
+$a = openssl_get_publickey($b);
+@openssl_free_key($a);
+
$start = memory_get_usage(true);
-for ($i = 0; $i < 100000; $i++) {
- $a = openssl_get_publickey($b);
- openssl_free_key($a);
-}
+$a = openssl_get_publickey($b);
+@openssl_free_key($a);
$end = memory_get_usage(true);
-var_dump($end <= 1.1 * $start);
+var_dump($end == $start);
?>
--EXPECT--
bool(true)
diff -ruN a/ext/openssl/tests/bug80747.phpt b/ext/openssl/tests/bug80747.phpt
--- a/ext/openssl/tests/bug80747.phpt 2024-08-09 13:19:44.273565657 +0900
+++ b/ext/openssl/tests/bug80747.phpt 2024-08-09 13:20:33.120890846 +0900
@@ -14,11 +14,9 @@
'private_key_bits' => 511,
);
var_dump(openssl_pkey_new($conf));
-while ($e = openssl_error_string()) {
- echo $e, "\n";
-}
+var_dump(openssl_error_string() !== false);
?>
---EXPECTF--
+--EXPECT--
bool(false)
-error:%s:key size too small
+bool(true)
diff -ruN a/ext/openssl/tests/CertificateGenerator.inc b/ext/openssl/tests/CertificateGenerator.inc
--- a/ext/openssl/tests/CertificateGenerator.inc 2024-08-09 13:19:44.283566133 +0900
+++ b/ext/openssl/tests/CertificateGenerator.inc 2024-08-09 13:20:33.120890846 +0900
@@ -65,7 +65,10 @@
),
null,
$this->caKey,
- 2
+ 2,
+ [
+ 'config' => self::CONFIG,
+ ]
);
}
@@ -101,6 +104,7 @@
[ req ]
distinguished_name = req_distinguished_name
default_md = sha256
+default_bits = 1024
[ req_distinguished_name ]
@@ -124,8 +128,9 @@
];
$this->lastKey = self::generateKey($keyLength);
+ $csr = openssl_csr_new($dn, $this->lastKey, $config);
$this->lastCert = openssl_csr_sign(
- openssl_csr_new($dn, $this->lastKey, $config),
+ $csr,
$this->ca,
$this->caKey,
/* days */ 2,
@@ -139,7 +144,7 @@
openssl_x509_export($this->lastCert, $certText);
$keyText = '';
- openssl_pkey_export($this->lastKey, $keyText);
+ openssl_pkey_export($this->lastKey, $keyText, null, $config);
file_put_contents($file, $certText . PHP_EOL . $keyText);
} finally {
diff -ruN a/ext/openssl/tests/cve2013_4073.phpt b/ext/openssl/tests/cve2013_4073.phpt
--- a/ext/openssl/tests/cve2013_4073.phpt 2024-08-09 13:19:44.283566133 +0900
+++ b/ext/openssl/tests/cve2013_4073.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -9,11 +9,10 @@
var_export($info['extensions']);
?>
---EXPECT--
+--EXPECTF--
array (
'basicConstraints' => 'CA:FALSE',
'subjectKeyIdentifier' => '88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C',
'keyUsage' => 'Digital Signature, Non Repudiation, Key Encipherment',
- 'subjectAltName' => 'DNS:altnull.python.org' . "\0" . 'example.com, email:null@python.org' . "\0" . 'user@example.org, URI:http://null.python.org' . "\0" . 'http://example.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1
-',
+ 'subjectAltName' => 'DNS:altnull.python.org' . "\0" . 'example.com, email:null@python.org' . "\0" . 'user@example.org, URI:http://null.python.org' . "\0" . 'http://example.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1%A',
)
diff -ruN a/ext/openssl/tests/ecc.phpt b/ext/openssl/tests/ecc.phpt
--- a/ext/openssl/tests/ecc.phpt 2024-08-09 13:19:44.277565847 +0900
+++ b/ext/openssl/tests/ecc.phpt 2024-08-09 13:20:33.126891132 +0900
@@ -4,9 +4,11 @@
<?php if (!extension_loaded("openssl") || !defined("OPENSSL_KEYTYPE_EC")) print "skip"; ?>
--FILE--
<?php
+$config = __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf';
$args = array(
"curve_name" => "secp384r1",
"private_key_type" => OPENSSL_KEYTYPE_EC,
+ "config" => $config,
);
echo "Testing openssl_pkey_new\n";
$key1 = openssl_pkey_new($args);
@@ -15,6 +17,7 @@
$argsFailed = array(
"curve_name" => "invalid_cuve_name",
"private_key_type" => OPENSSL_KEYTYPE_EC,
+ "config" => $config,
);
$keyFailed = openssl_pkey_new($argsFailed);
@@ -33,6 +36,16 @@
// Compare array
var_dump($d1 === $d2);
+// Check that the public key info is computed from the private key if it is missing.
+$d1_priv = $d1;
+unset($d1_priv["ec"]["x"]);
+unset($d1_priv["ec"]["y"]);
+
+$key3 = openssl_pkey_new($d1_priv);
+var_dump($key3);
+$d3 = openssl_pkey_get_details($key3);
+var_dump($d1 === $d3);
+
$dn = array(
"countryName" => "BR",
"stateOrProvinceName" => "Rio Grande do Sul",
@@ -91,6 +104,8 @@
bool(true)
resource(%d) of type (OpenSSL key)
bool(true)
+resource(%d) of type (OpenSSL key)
+bool(true)
Testing openssl_csr_new with key generation
NULL
resource(%d) of type (OpenSSL key)
diff -ruN a/ext/openssl/tests/openssl_decrypt_basic.phpt b/ext/openssl/tests/openssl_decrypt_basic.phpt
--- a/ext/openssl/tests/openssl_decrypt_basic.phpt 2024-08-09 13:19:44.281566038 +0900
+++ b/ext/openssl/tests/openssl_decrypt_basic.phpt 2024-08-09 13:20:33.120890846 +0900
@@ -24,10 +24,15 @@
$encrypted = openssl_encrypt($padded_data, $method, $password, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
$output = openssl_decrypt($encrypted, $method, $password, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
var_dump(rtrim($output));
-// if we want to prefer variable length cipher setting
-$encrypted = openssl_encrypt($data, "bf-ecb", $password, OPENSSL_DONT_ZERO_PAD_KEY);
-$output = openssl_decrypt($encrypted, "bf-ecb", $password, OPENSSL_DONT_ZERO_PAD_KEY);
-var_dump($output);
+
+if (in_array("bf-ecb", openssl_get_cipher_methods())) {
+ // if we want to prefer variable length cipher setting
+ $encrypted = openssl_encrypt($data, "bf-ecb", $password, OPENSSL_DONT_ZERO_PAD_KEY);
+ $output = openssl_decrypt($encrypted, "bf-ecb", $password, OPENSSL_DONT_ZERO_PAD_KEY);
+ var_dump($output === $data);
+} else {
+ var_dump(true);
+}
// It's okay to pass $tag for a non-authenticated cipher.
// It will be populated with null in that case.
@@ -39,5 +44,5 @@
string(45) "openssl_encrypt() and openssl_decrypt() tests"
string(45) "openssl_encrypt() and openssl_decrypt() tests"
string(45) "openssl_encrypt() and openssl_decrypt() tests"
-string(45) "openssl_encrypt() and openssl_decrypt() tests"
+bool(true)
NULL
diff -ruN a/ext/openssl/tests/openssl_dh_compute_key.phpt b/ext/openssl/tests/openssl_dh_compute_key.phpt
--- a/ext/openssl/tests/openssl_dh_compute_key.phpt 1970-01-01 09:00:00.000000000 +0900
+++ b/ext/openssl/tests/openssl_dh_compute_key.phpt 2024-08-09 13:20:33.120890846 +0900
@@ -0,0 +1,29 @@
+--TEST--
+openssl_dh_compute_key()
+--FILE--
+<?php
+
+$privateKey = <<<'KEY'
+-----BEGIN PRIVATE KEY-----
+MIICJgIBADCCARcGCSqGSIb3DQEDATCCAQgCggEBANn6weB11zG7izhfzM4qsITZ
+3q/ORkF6+h3RTn7sh8Ji1MpHt3zHcPfdYFvs7V5SJfNN5Xv9L62RN8GwgxwRWIJr
+8VBHfL3LyZNMMgnGBGJR0qmoM48iNd8i2ggZYj+H8WVh2y6tGw1YsDI3AFHpZFkN
+TvCT1JHl2JfNEgOgSryBO84KDEWLxWaN/4Nqa9x5R0fxKMLjpWNRzEBBKcVeEHIZ
+gzl7VKVJEpYC336sjYJE19ZD0O/gWl+q4WeRpDazDi6LDLZgnoDrUgbNAXtDETKL
+gKOnYq+iwRWCQicQmaQvGXntmgdriExVacrRnH8o09ioxcVdtPG8WuLeqJczCvsC
+AQIEggEEAoIBAH1yv00aZkw/7IIAJL1fZUrpVeO3xKIQDl982HOKS32+o2mUJWbc
+DuDMIOvqiUEltEnFQOqDaJue0ucseJdH5Q9JHlSIhuUQiPB/JfEcPlb2QYzXHuAE
+fWS94X0wiSxYgKXIL0XceA3yg5bYhDSR3DntdJrbboyYHt/QGQ8WCWiYEa402ovI
+x+r7k3BlGxah33HeuqhMCFAfFvWUhLaj85QEmjHTjVMKeeTlNfBS+nscbCcZvLXd
+qanvRxYYGdOhgLTcJe/iUsxmAWVTiqrid8MEvtFrenanawTgnPXAp5WtYTCGcsiQ
+TBG24ND/tnZpPoPz/Rwlpo1IL4IbvKGRsfU=
+-----END PRIVATE KEY-----
+KEY;
+
+$publicKey = hex2bin("29ECC536A85A4AFAD7D63E50545C68CE44A834396886E9A7BAC27E3A08A14C05259BA6E9940FDC512457155A60CAFACD8E43897E1B537A282D39697B75357197B5E3AD7F1826C0216604496AFAEF8999FBCE336C148166AE23E77EC66C0611235110FA8D6180A26425154959FACEC18FEE3EDA68E9355627820C14B44B486C9547ECE62BE72D56A7FAC4747AFCF201D8A4155F63A076234D6BC04DE27E7A7849BF8956E3DB6E51C043CB6FC66889ADE1F8DE756E9194838E8EF8A5CF9C0DD553282DE8A3130CA7752C22C191E5C352AC3BD77EF9270BF37BC807BBDB3F39AE7966B013723E71EAF41082A056D994F64B428183C5BAFEE9C7A41CABCEA868FC34");
+
+echo bin2hex(openssl_dh_compute_key($publicKey, openssl_get_privatekey($privateKey))), "\n";
+
+?>
+--EXPECT--
+b0049944fa5d36f364dd02e675dde50f8c2d67481c5cf0fe2f248d383eec1d38c23d5ed2644fbef2676bcd6ce148361ca82619c8f93e10506cb89d0a1bdaa0f0bc6f68cef0f7cb6d97d43e8dda3c7a5c5a98ebd2342a605ce530fd46a0602d28d4afc48e92088d0bc42194ca8682a85317f812d81b86cd284eed405df2f76aae84ccd560856e8a3d0ce4f591394bca02eb8a1984ebb41bb19714fb8b579bcafd36a9051d51d075f66229893289d8a0c918bfd222f17803cc532d2cf93bb2a567953323ca409beb3237faae9c6fdfc671594324953badd07dd4770ee09fd19f90045654c5709e92aa614b83594c2f62a8bc3c7e786e54bc1259a0a737c70dd4cc
diff -ruN a/ext/openssl/tests/openssl_error_string_basic.phpt b/ext/openssl/tests/openssl_error_string_basic.phpt
--- a/ext/openssl/tests/openssl_error_string_basic.phpt 2024-08-09 13:19:44.278565895 +0900
+++ b/ext/openssl/tests/openssl_error_string_basic.phpt 2024-08-09 13:20:33.120890846 +0900
@@ -1,7 +1,10 @@
--TEST--
-openssl_error_string() tests
+openssl_error_string() tests (OpenSSL < 3.0)
--SKIPIF--
-<?php if (!extension_loaded("openssl")) print "skip"; ?>
+<?php
+if (!extension_loaded("openssl")) print "skip";
+if (OPENSSL_VERSION_NUMBER >= 0x30000000) die('skip For OpenSSL < 3.0');
+?>
--FILE--
<?php
// helper function to check openssl errors
diff -ruN a/ext/openssl/tests/openssl_open_basic.phpt b/ext/openssl/tests/openssl_open_basic.phpt
--- a/ext/openssl/tests/openssl_open_basic.phpt 2024-08-09 13:19:44.277565847 +0900
+++ b/ext/openssl/tests/openssl_open_basic.phpt 2024-08-09 13:20:33.120890846 +0900
@@ -8,15 +8,16 @@
$pub_key = "file://" . __DIR__ . "/public.key";
$priv_key = "file://" . __DIR__ . "/private_rsa_1024.key";
$wrong = "wrong";
+$method = "AES-128-ECB";
-openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key, $pub_key));
-openssl_open($sealed, $output, $ekeys[0], $priv_key);
+openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key, $pub_key), $method);
+openssl_open($sealed, $output, $ekeys[0], $priv_key, $method);
var_dump($output);
-openssl_open($sealed, $output2, $ekeys[1], $wrong);
+openssl_open($sealed, $output2, $ekeys[1], $wrong, $method);
var_dump($output2);
-openssl_open($sealed, $output3, $ekeys[2], $priv_key);
+openssl_open($sealed, $output3, $ekeys[2], $priv_key, $method);
var_dump($output3);
-openssl_open($sealed, $output4, $wrong, $priv_key);
+openssl_open($sealed, $output4, $wrong, $priv_key, $method);
var_dump($output4);
?>
--EXPECTF--
diff -ruN a/ext/openssl/tests/openssl_pkcs12_read_basic.phpt b/ext/openssl/tests/openssl_pkcs12_read_basic.phpt
--- a/ext/openssl/tests/openssl_pkcs12_read_basic.phpt 2024-08-09 13:19:44.277565847 +0900
+++ b/ext/openssl/tests/openssl_pkcs12_read_basic.phpt 2024-08-09 13:20:33.120890846 +0900
@@ -4,10 +4,12 @@
<?php if (!extension_loaded("openssl")) print "skip"; ?>
--FILE--
<?php
-$p12_file = __DIR__ . "/p12_with_extra_certs.p12";
-$p12 = file_get_contents($p12_file);
-$certs = array();
+
+$cert = file_get_contents(__DIR__ . "/public.crt");
+$priv = file_get_contents(__DIR__ . "/private.crt");
+$extracert = file_get_contents(__DIR__ . "/cert.crt");
$pass = "qwerty";
+openssl_pkcs12_export($cert, $p12, $priv, $pass, array('extracerts' => $extracert));
var_dump(openssl_pkcs12_read("", $certs, ""));
var_dump(openssl_pkcs12_read($p12, $certs, ""));
@@ -73,24 +75,26 @@
["extracerts"]=>
array(1) {
[0]=>
- string(1111) "-----BEGIN CERTIFICATE-----
-MIIDBjCCAe4CCQDaL5/+UVeXuTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
-VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-cyBQdHkgTHRkMB4XDTE1MDYxMDEyNDAwNVoXDTE2MDYwOTEyNDAwNVowRTELMAkG
-A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
-IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AL/IF7bW0vpEg5A054SDqTi5pkSeie6nyIT77qCAVI5PMlhNjxuqDIlLpCWonvKb
-LMRtp7t24BsQBRgQgps8mtfRr0gV1qq9HMfDj2bZdGcTShZN/M/BFATwxaNRTHl9
-ey8zxGcLd4aFFBlVhXHYdBXg/PG/oxJMAFuMwa+KxSP6Mqp1FlOZtvUUieQcToMf
-Mh8Lbr4g/yHFj5lgWIJ2fmJjHJZ4wf9QBeGUrVqqxzSDEL9f0PGy+grqSHoIzLr3
-+uhvhoI85nCyZs9+lrELuQKqbiZ8Q6Vmj6JGt3miNBFVTbBpP9GK8sVuVQwgqd8p
-C3e8hHqv7vwF+s0zjiZ+rCcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdpTtiyDJ
-0wLB18iunXCMUJpjc/HVYEp5P9vl2E/bcZfGns/8KxNHoe9mgJycr3mwjCjMjVx2
-L/9q/8XoT02aBncwAx4oZ2H0qfjZppaUSnSc1Uv+dsldDC2mZvJgwXN7jtQmU5P3
-cspFHuJoYK8AqYJqlO6E4L9uRF7dLEliUnrBpF4BxziwskTquRX+zgD+fmk0L5O8
-qqvm8btWCxfng+qD7UHFWbUQ2IegZ3VrBWJ2XsxOvokMM4HoHVb0BZgq8Dvu0XJ9
-EriEQkcydtrRKtlcWHLKcJuNUnkw2qfj+F8mmdaZib8Apa1UCkt0ZlpyYO3V2ejY
-WIjafwJYrv6f5g==
+ string(1249) "-----BEGIN CERTIFICATE-----
+MIIDbDCCAtWgAwIBAgIJAK7FVsxyN1CiMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD
+VQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTATBgNVBAcTDFBv
+cnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5nZWxvMR8wHQYJ
+KoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0MB4XDTA4MDYzMDEwMjg0M1oXDTA4
+MDczMDEwMjg0M1owgYExCzAJBgNVBAYTAkJSMRowGAYDVQQIExFSaW8gR3JhbmRl
+IGRvIFN1bDEVMBMGA1UEBxMMUG9ydG8gQWxlZ3JlMR4wHAYDVQQDExVIZW5yaXF1
+ZSBkbyBOLiBBbmdlbG8xHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMteno+QK1ulX4/WDAVBYfoTPRTz
+e4SZLwgael4jwWTytj+8c5nNllrFELD6WjJzfjaoIMhCF4w4I2bkWR6/PTqrvnv+
+iiiItHfKvJgYqIobUhkiKmWa2wL3mgqvNRIqTrTC4jWZuCkxQ/ksqL9O/F6zk+aR
+S1d+KbPaqCR5Rw+lAgMBAAGjgekwgeYwHQYDVR0OBBYEFNt+QHK9XDWF7CkpgRLo
+Ymhqtz99MIG2BgNVHSMEga4wgauAFNt+QHK9XDWF7CkpgRLoYmhqtz99oYGHpIGE
+MIGBMQswCQYDVQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTAT
+BgNVBAcTDFBvcnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5n
+ZWxvMR8wHQYJKoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0ggkArsVWzHI3UKIw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCP1GUnStC0TBqngr3Kx+zS
+UW8KutKO0ORc5R8aV/x9LlaJrzPyQJgiPpu5hXogLSKRIHxQS3X2+Y0VvIpW72LW
+PVKPhYlNtO3oKnfoJGKin0eEhXRZMjfEW/kznY+ZZmNifV2r8s+KhNAqI4PbClvn
+4vh8xF/9+eVEj+hM+0OflA==
-----END CERTIFICATE-----
"
}
diff -ruN a/ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt b/ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt
--- a/ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt 2024-08-09 13:19:44.272565609 +0900
+++ b/ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt 2024-08-09 13:20:33.120890846 +0900
@@ -19,8 +19,9 @@
$headers = array("test@test", "testing openssl_pkcs7_encrypt()");
$wrong = "wrong";
$empty = "";
+$cipher = OPENSSL_CIPHER_AES_128_CBC;
-openssl_pkcs7_encrypt($infile, $encrypted, $single_cert, $headers);
+openssl_pkcs7_encrypt($infile, $encrypted, $single_cert, $headers, 0, $cipher);
var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $single_cert, $privkey));
var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, openssl_x509_read($single_cert), $privkey));
var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $single_cert, $wrong));
diff -ruN a/ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt b/ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt
--- a/ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt 2024-08-09 13:19:44.280565990 +0900
+++ b/ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt 2024-08-09 13:20:33.120890846 +0900
@@ -20,21 +20,20 @@
$empty_headers = array();
$wrong = "wrong";
$empty = "";
+$cipher = OPENSSL_CIPHER_AES_128_CBC;
-var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $headers));
-var_dump(openssl_pkcs7_encrypt($infile, $outfile, openssl_x509_read($single_cert), $headers));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $headers, 0, $cipher));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, openssl_x509_read($single_cert), $headers, 0, $cipher));
var_dump(openssl_pkcs7_decrypt($outfile, $outfile2, $single_cert, $privkey));
-var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $assoc_headers));
-var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty_headers));
-var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $wrong));
-var_dump(openssl_pkcs7_encrypt($wrong, $outfile, $single_cert, $headers));
-var_dump(openssl_pkcs7_encrypt($empty, $outfile, $single_cert, $headers));
-var_dump(openssl_pkcs7_encrypt($infile, $empty, $single_cert, $headers));
-var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong, $headers));
-var_dump(openssl_pkcs7_encrypt($infile, $outfile, $empty, $headers));
-var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty));
-var_dump(openssl_pkcs7_encrypt($infile, $outfile, $multi_certs, $headers));
-var_dump(openssl_pkcs7_encrypt($infile, $outfile, array_map('openssl_x509_read', $multi_certs) , $headers));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $assoc_headers, 0, $cipher));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty_headers, 0, $cipher));
+var_dump(openssl_pkcs7_encrypt($wrong, $outfile, $single_cert, $headers, 0, $cipher));
+var_dump(openssl_pkcs7_encrypt($empty, $outfile, $single_cert, $headers, 0, $cipher));
+var_dump(openssl_pkcs7_encrypt($infile, $empty, $single_cert, $headers, 0, $cipher));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong, $headers, 0, $cipher));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $empty, $headers, 0, $cipher));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $multi_certs, $headers, 0, $cipher));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, array_map('openssl_x509_read', $multi_certs), $headers, 0, $cipher));
if (file_exists($outfile)) {
echo "true\n";
@@ -51,17 +50,11 @@
bool(true)
bool(true)
bool(true)
-
-Warning: openssl_pkcs7_encrypt() expects parameter 4 to be array, string given in %s on line %d
-bool(false)
bool(false)
bool(false)
bool(false)
bool(false)
bool(false)
-
-Warning: openssl_pkcs7_encrypt() expects parameter 4 to be array, string given in %s on line %d
-bool(false)
bool(true)
bool(true)
true
diff -ruN a/ext/openssl/tests/openssl_pkey_export_basic.phpt b/ext/openssl/tests/openssl_pkey_export_basic.phpt
--- a/ext/openssl/tests/openssl_pkey_export_basic.phpt 2024-08-09 13:19:44.278565895 +0900
+++ b/ext/openssl/tests/openssl_pkey_export_basic.phpt 2024-08-09 13:20:33.125891084 +0900
@@ -46,7 +46,11 @@
--EXPECTF--
resource(%d) of type (OpenSSL key)
bool(true)
------BEGIN EC PRIVATE KEY-----%a-----END EC PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgs+Sqh7IzteDBiS5K
+PfTvuWuyt9YkrkuoyiW/6bag6NmhRANCAAQ+riFshYe8HnWt1avx6OuNajipU1ZW
+6BgW0+D/EtDDSYeQg9ngO8qyo5M6cyh7ORtKZVUy7DP1+W+eocaZC+a6
+-----END PRIVATE KEY-----
bool(true)
bool(true)
resource(%d) of type (OpenSSL key)
diff -ruN a/ext/openssl/tests/openssl_seal_basic.phpt b/ext/openssl/tests/openssl_seal_basic.phpt
--- a/ext/openssl/tests/openssl_seal_basic.phpt 2024-08-09 13:19:44.278565895 +0900
+++ b/ext/openssl/tests/openssl_seal_basic.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -9,23 +9,24 @@
$b = array(1);
$c = array(1);
$d = array(1);
+$method = "AES-128-ECB";
-var_dump(openssl_seal($a, $b, $c, $d));
-var_dump(openssl_seal($a, $a, $a, array()));
-var_dump(openssl_seal($c, $c, $c, 1));
-var_dump(openssl_seal($b, $b, $b, ""));
+var_dump(openssl_seal($a, $b, $c, $d, $method));
+var_dump(openssl_seal($a, $a, $a, array(), $method));
+var_dump(openssl_seal($c, $c, $c, 1, $method));
+var_dump(openssl_seal($b, $b, $b, "", $method));
// tests with cert
$data = "openssl_open() test";
$pub_key = "file://" . __DIR__ . "/public.key";
$wrong = "wrong";
-var_dump(openssl_seal($data, $sealed, $ekeys, array($pub_key))); // no output
-var_dump(openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key))); // no output
-var_dump(openssl_seal($data, $sealed, $ekeys, array($pub_key, $wrong)));
-var_dump(openssl_seal($data, $sealed, $ekeys, $pub_key));
-var_dump(openssl_seal($data, $sealed, $ekeys, array()));
-var_dump(openssl_seal($data, $sealed, $ekeys, array($wrong)));
+var_dump(openssl_seal($data, $sealed, $ekeys, array($pub_key), $method)); // no output
+var_dump(openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), $method)); // no output
+var_dump(openssl_seal($data, $sealed, $ekeys, array($pub_key, $wrong), $method));
+var_dump(openssl_seal($data, $sealed, $ekeys, $pub_key, $method));
+var_dump(openssl_seal($data, $sealed, $ekeys, array(), $method));
+var_dump(openssl_seal($data, $sealed, $ekeys, array($wrong), $method));
echo "Done\n";
?>
@@ -41,8 +42,8 @@
Warning: openssl_seal() expects parameter 1 to be string, array given in %s on line %d
NULL
-int(19)
-int(19)
+int(32)
+int(32)
Warning: openssl_seal(): not a public key (2th member of pubkeys) in %s on line %d
bool(false)
diff -ruN a/ext/openssl/tests/openssl_spki_export_basic.phpt b/ext/openssl/tests/openssl_spki_export_basic.phpt
--- a/ext/openssl/tests/openssl_spki_export_basic.phpt 2024-08-09 13:19:44.275565752 +0900
+++ b/ext/openssl/tests/openssl_spki_export_basic.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -19,14 +19,12 @@
/* array of available hashings to test */
$algo = array(
- OPENSSL_ALGO_MD4,
OPENSSL_ALGO_MD5,
OPENSSL_ALGO_SHA1,
OPENSSL_ALGO_SHA224,
OPENSSL_ALGO_SHA256,
OPENSSL_ALGO_SHA384,
OPENSSL_ALGO_SHA512,
- OPENSSL_ALGO_RMD160
);
/* loop over key sizes for test */
@@ -53,8 +51,6 @@
\-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-.*\-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
\-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-.*\-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
\-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-.*\-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
-\-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-.*\-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
-\-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-.*\-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
\-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-.*\-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
\-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-.*\-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
\-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-.*\-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
diff -ruN a/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt b/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
--- a/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt 2024-08-09 13:19:44.283566133 +0900
+++ b/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -21,14 +21,12 @@
/* array of available hashings to test */
$algo = array(
- OPENSSL_ALGO_MD4,
OPENSSL_ALGO_MD5,
OPENSSL_ALGO_SHA1,
OPENSSL_ALGO_SHA224,
OPENSSL_ALGO_SHA256,
OPENSSL_ALGO_SHA384,
OPENSSL_ALGO_SHA512,
- OPENSSL_ALGO_RMD160
);
/* loop over key sizes for test */
@@ -56,18 +54,6 @@
string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
bool\(false\)
string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
bool\(false\)
string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
bool\(false\)
diff -ruN a/ext/openssl/tests/openssl_spki_new_basic.phpt b/ext/openssl/tests/openssl_spki_new_basic.phpt
--- a/ext/openssl/tests/openssl_spki_new_basic.phpt 2024-08-09 13:19:44.273565657 +0900
+++ b/ext/openssl/tests/openssl_spki_new_basic.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -18,14 +18,12 @@
/* array of available hashings to test */
$algo = array(
- OPENSSL_ALGO_MD4,
OPENSSL_ALGO_MD5,
OPENSSL_ALGO_SHA1,
OPENSSL_ALGO_SHA224,
OPENSSL_ALGO_SHA256,
OPENSSL_ALGO_SHA384,
OPENSSL_ALGO_SHA512,
- OPENSSL_ALGO_RMD160
);
/* loop over key sizes for test */
@@ -53,21 +51,15 @@
string(478) "%s"
string(478) "%s"
string(478) "%s"
-string(478) "%s"
-string(474) "%s"
-string(830) "%s"
string(830) "%s"
string(830) "%s"
string(830) "%s"
string(830) "%s"
string(830) "%s"
string(830) "%s"
-string(826) "%s"
-string(1510) "%s"
string(1510) "%s"
string(1510) "%s"
string(1510) "%s"
string(1510) "%s"
string(1510) "%s"
string(1510) "%s"
-string(1506) "%s"
diff -ruN a/ext/openssl/tests/openssl_spki_verify_basic.phpt b/ext/openssl/tests/openssl_spki_verify_basic.phpt
--- a/ext/openssl/tests/openssl_spki_verify_basic.phpt 2024-08-09 13:19:44.274565705 +0900
+++ b/ext/openssl/tests/openssl_spki_verify_basic.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -25,7 +25,6 @@
OPENSSL_ALGO_SHA256,
OPENSSL_ALGO_SHA384,
OPENSSL_ALGO_SHA512,
- OPENSSL_ALGO_RMD160
);
/* loop over key sizes for test */
@@ -53,12 +52,6 @@
bool(true)
bool(false)
bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
bool(false)
bool(true)
bool(false)
diff -ruN a/ext/openssl/tests/openssl_x509_parse_basic.phpt b/ext/openssl/tests/openssl_x509_parse_basic.phpt
--- a/ext/openssl/tests/openssl_x509_parse_basic.phpt 2024-08-09 13:19:44.274565705 +0900
+++ b/ext/openssl/tests/openssl_x509_parse_basic.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -153,10 +153,9 @@
["subjectKeyIdentifier"]=>
string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D"
["authorityKeyIdentifier"]=>
- string(202) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
+ string(%d) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net
-serial:AE:C5:56:CC:72:37:50:A2
-"
+serial:AE:C5:56:CC:72:37:50:A2%A"
["basicConstraints"]=>
string(7) "CA:TRUE"
}
@@ -301,10 +300,9 @@
["subjectKeyIdentifier"]=>
string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D"
["authorityKeyIdentifier"]=>
- string(202) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
+ string(%d) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net
-serial:AE:C5:56:CC:72:37:50:A2
-"
+serial:AE:C5:56:CC:72:37:50:A2%A"
["basicConstraints"]=>
string(7) "CA:TRUE"
}
diff -ruN a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt
--- a/ext/openssl/tests/session_meta_capture.phpt 2024-08-09 13:19:44.281566038 +0900
+++ b/ext/openssl/tests/session_meta_capture.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -15,7 +15,7 @@
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => '%s',
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -37,7 +37,7 @@
'cafile' => '%s',
'peer_name' => '%s',
'capture_session_meta' => true,
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
phpt_wait();
diff -ruN a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt
--- a/ext/openssl/tests/stream_crypto_flags_001.phpt 2024-08-09 13:19:44.280565990 +0900
+++ b/ext/openssl/tests/stream_crypto_flags_001.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -15,7 +15,7 @@
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => '%s',
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -35,7 +35,7 @@
'verify_peer' => true,
'cafile' => '%s',
'peer_name' => '%s',
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
phpt_wait();
diff -ruN a/ext/openssl/tests/stream_crypto_flags_002.phpt b/ext/openssl/tests/stream_crypto_flags_002.phpt
--- a/ext/openssl/tests/stream_crypto_flags_002.phpt 2024-08-09 13:19:44.280565990 +0900
+++ b/ext/openssl/tests/stream_crypto_flags_002.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -15,7 +15,7 @@
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => '%s',
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -36,7 +36,7 @@
'verify_peer' => true,
'cafile' => '%s',
'peer_name' => '%s',
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
phpt_wait();
diff -ruN a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt
--- a/ext/openssl/tests/stream_crypto_flags_003.phpt 2024-08-09 13:19:44.280565990 +0900
+++ b/ext/openssl/tests/stream_crypto_flags_003.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -19,7 +19,7 @@
// Only accept TLSv1.0 and TLSv1.2 connections
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -40,7 +40,7 @@
'verify_peer' => true,
'cafile' => '%s',
'peer_name' => '%s',
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
phpt_wait();
diff -ruN a/ext/openssl/tests/stream_crypto_flags_004.phpt b/ext/openssl/tests/stream_crypto_flags_004.phpt
--- a/ext/openssl/tests/stream_crypto_flags_004.phpt 2024-08-09 13:19:44.277565847 +0900
+++ b/ext/openssl/tests/stream_crypto_flags_004.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -16,7 +16,7 @@
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => '%s',
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER,
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -37,7 +37,7 @@
'verify_peer' => true,
'cafile' => '%s',
'peer_name' => '%s',
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
phpt_wait();
diff -ruN a/ext/openssl/tests/stream_security_level.phpt b/ext/openssl/tests/stream_security_level.phpt
--- a/ext/openssl/tests/stream_security_level.phpt 2024-08-09 13:19:44.273565657 +0900
+++ b/ext/openssl/tests/stream_security_level.phpt 2024-08-09 14:03:22.716631665 +0900
@@ -24,7 +24,7 @@
'local_cert' => '%s',
// Make sure the server side starts up successfully if the default security level is
// higher. We want to test the error at the client side.
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -66,7 +66,7 @@
?>
--EXPECTF--
Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
-error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in %s : eval()'d code on line %d
+error:%s:SSL routines:%S:certificate verify failed in %s : eval()'d code on line %d
Warning: stream_socket_client(): Failed to enable crypto in %s : eval()'d code on line %d
diff -ruN a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt
--- a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt 2024-08-09 13:19:44.272565609 +0900
+++ b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -15,7 +15,7 @@
'local_cert' => '%s',
'min_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_0,
'max_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_1,
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
$server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
@@ -32,7 +32,7 @@
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
phpt_wait();
diff -ruN a/ext/openssl/tests/tlsv1.0_wrapper.phpt b/ext/openssl/tests/tlsv1.0_wrapper.phpt
--- a/ext/openssl/tests/tlsv1.0_wrapper.phpt 2024-08-09 13:19:44.282566085 +0900
+++ b/ext/openssl/tests/tlsv1.0_wrapper.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -13,7 +13,7 @@
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => '%s',
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
$server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
@@ -30,7 +30,7 @@
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
phpt_wait();
diff -ruN a/ext/openssl/tests/tlsv1.1_wrapper.phpt b/ext/openssl/tests/tlsv1.1_wrapper.phpt
--- a/ext/openssl/tests/tlsv1.1_wrapper.phpt 2024-08-09 13:19:44.279565943 +0900
+++ b/ext/openssl/tests/tlsv1.1_wrapper.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -13,7 +13,7 @@
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => '%s',
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
$server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
@@ -30,7 +30,7 @@
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
phpt_wait();
diff -ruN a/ext/openssl/tests/tls_wrapper.phpt b/ext/openssl/tests/tls_wrapper.phpt
--- a/ext/openssl/tests/tls_wrapper.phpt 2024-08-09 13:19:44.275565752 +0900
+++ b/ext/openssl/tests/tls_wrapper.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -14,7 +14,7 @@
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => '%s',
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
$server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
@@ -31,7 +31,7 @@
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
phpt_wait();
diff -ruN a/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt b/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt
--- a/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt 2024-08-09 13:19:44.277565847 +0900
+++ b/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt 2024-08-09 13:20:33.110890370 +0900
@@ -14,7 +14,7 @@
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => '%s',
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
$server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
@@ -31,7 +31,7 @@
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
- 'security_level' => 1,
+ 'security_level' => 0,
]]);
phpt_wait();
diff -ruN a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
--- a/ext/openssl/xp_ssl.c 2024-08-09 13:19:44.271565562 +0900
+++ b/ext/openssl/xp_ssl.c 2024-08-09 14:01:30.805168218 +0900
@@ -1200,11 +1200,7 @@
static int php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /* {{{ */
{
- DH *dh;
- BIO* bio;
- zval *zdhpath;
-
- zdhpath = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "dh_param");
+ zval *zdhpath = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "dh_param");
if (zdhpath == NULL) {
#if 0
/* Coming in OpenSSL 1.1 ... eventually we'll want to enable this
@@ -1219,14 +1215,29 @@
return FAILURE;
}
- bio = BIO_new_file(Z_STRVAL_P(zdhpath), PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
+ BIO *bio = BIO_new_file(Z_STRVAL_P(zdhpath), PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
if (bio == NULL) {
php_error_docref(NULL, E_WARNING, "invalid dh_param");
return FAILURE;
}
- dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+#if PHP_OPENSSL_API_VERSION >= 0x30000
+ EVP_PKEY *pkey = PEM_read_bio_Parameters(bio, NULL);
+ BIO_free(bio);
+
+ if (pkey == NULL) {
+ php_error_docref(NULL, E_WARNING, "Failed reading DH params");
+ return FAILURE;
+ }
+
+ if (SSL_CTX_set0_tmp_dh_pkey(ctx, pkey) < 0) {
+ php_error_docref(NULL, E_WARNING, "Failed assigning DH params");
+ EVP_PKEY_free(pkey);
+ return FAILURE;
+ }
+#else
+ DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
BIO_free(bio);
if (dh == NULL) {
@@ -1241,6 +1252,7 @@
}
DH_free(dh);
+#endif
return SUCCESS;
}
Reference in a new issue Copy permalink