abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 00:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add PHP Extension for GmSSL

Browse Source 
View http://gmssl.org/docs/php-api.html for more info.
This commit is contained in:
Zhi Guan
2018-03-04 11:14:47 +08:00
parent 25d4ff1afb
commit 60b6e112c6
199 changed files with 18703 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
php/ext/openssl/CREDITS Normal file
View File

@@ -0,0 +1,2 @@
OpenSSL
Stig Venaas, Wez Furlong, Sascha Kettler, Scott MacVicar

322
php/ext/openssl/README Normal file
View File

@@ -0,0 +1,322 @@
OpenSSL extension for PHP
$Id$
The functions implemented so far make it possible to seal and open data, and
also create and verify signatures.
NEW: support for S/MIME encrypt/decrypt/sign/verify, as well as more
flexibility for specifying certificates/keys.
To enable the extension, configure PHP with --with-openssl.
Specifying keys/certificates
----------------------------
Most of the functions require a key or a certificate as a parameter; to make
things easy for you to use openssl, this extension allows you
to specify certificates in the following way:
1. As an X.509 resource returned from openssl_x509_read
2. As a string in the format file://filename, where filename is the path to the
certificate file (it will be opened and read automatically)
3. As a string containing the data from the certificate file
Similarly, you can use the following methods of specifying a public key:
1. As a key resource returned from openssl_get_publickey
2. An X509 resource - public key only
3. As a string in the format file://filename
4. As a string containing the data from the key file
Additionally, for a private key, when the openssl extension function does not
allow you to enter the passphrase as a parameter you may use the syntax
array($key, "passphrase") where $key can be a key specified using one of the
methods listed above.
Certificate Verification
------------------------
When calling a function that will verify a signature/certificate, the cainfo
parameter is an array containing file and directory names that specifiy the
locations of trusted CA files. If a directory is specified, then it must be a
correctly hashed directory.
Misc:
-----
mixed openssl_error_string()
returns the message from the last error that the OpenSSL library encountered
and moves it's internal error pointer to the next message. If there are no
more error messages, returns false.
General Key/Cert Functions:
---------------------------
resource openssl_get_privatekey(mixed key [, string passphrase])
Parses the key data and returns a key resource identifier. If the key is
encrypted a passphrase is needed. This can be supplied as second argument.
resource openssl_get_publickey(mixed cert)
Extracts the public key from the given certificate or public key and returns
a key resource identifier.
void openssl_free_key(resource key)
Frees the resource given by the key resource identifier.
Note that this function does not accept the extended key specification
syntax mentioned above, as it doesn't make sense in this case!
array openssl_x509_parse(mixed x509[, bool shortnames=true])
Parses the certificate data and returns an array containing information
about the certificate, it's intended purposes, subject, issuer, validity
etc. etc. If shortnames is true (the default) then the fields will be
keyed by the shortname forms eg: CN as opposed to commonName (shortnames
= false).
bool openssl_x509_checkpurpose(mixed x509cert, int purpose,
array cainfo[, string untrustedfile])
Verifies if the certificate can be used for a specific purpose.
Purpose can be one of the following values:
X509_PURPOSE_SSL_CLIENT
X509_PURPOSE_SSL_SERVER
X509_PURPOSE_NS_SSL_SERVER
X509_PURPOSE_SMIME_SIGN
X509_PURPOSE_SMIME_ENCRYPT
X509_PURPOSE_CRL_SIGN
X509_PURPOSE_ANY
cainfo is an array of CA information (as mentioned above).
untrusted file specifies a file containing a bunch of certs that
are not trusted but may be useful in validating the certificate.
resource openssl_read_x509(mixed cert)
Parses the cert and returns a resource that can be used with the
other openssl functions
void openssl_free_x509(resource x509)
Frees the resource given by the x509 resource identifier.
Note that this function does not accept the extended cert specification
syntax mentioned above, as it doesn't make sense in this case!
PKCS7 (S/MIME) Sign/Verify/Encrypt/Decrypt Functions:
-----------------------------------------------------
These functions allow you to manipulate S/MIME messages!
They are based on apps/smime.c from the openssl dist, so for information,
see the documentation for openssl.
You may pass in some flags that affect how these functions work using
and array containing the following values:
"detached", "nodetached", "text", "nointern", "noverify", "nochain",
"nocerts", "noattr", "binary", "nosigs".
The options correspond to the options of the same name for the
"openssl smime" command (smime(1)).
bool openssl_pkcs7_verify(string filename, array flags[, string signerscerts][,
array cainfo])
Verifies that the signature on the MIME message contained in the file
named by filename is valid. If signerscerts is passed in, it holds the
name of a file into which the certificates of those that signed the
message will be stored.
cainfo and flags are CA information and flag information as described
above.
bool openssl_pkcs7_encrypt(string infile, string outfile, array recipcerts,
array headers[, array flags])
Encrypts the MIME message contained in the file named by infile using
the certificates held in recipcerts. The result is place in the file
named outfile.
recipcerts is an array of certificate identifiers representing the certs
of the intended recipients of the message.
headers is an array of headers to prepend to the message: they will
not be included in the encoded section.
flags is flag information as described above.
Hint: you will want to put "To", "From", and "Subject" headers in headers.
Headers can be either an assoc array keyed by header named, or can be
and indexed array containing a single header line per value.
The message will be encoded using a RC2-40 bit cipher.
TODO: allow user to specify cipher.
bool openssl_pkcs7_sign(string infile, string outfile, mixed signcert, mixed
signkey, array headers[, array flags][, string extracertsfilename])
Signs the MIME message contained in the file named by infile using the
certificate and key pair identified by signcert/signkey.
Signkey must be the private key corresponding to signcert.
The result is placed in the file named by outfile.
Headers and flags have the same effects as mentioned above.
extracertsfilename names a file containing a bunch of additional certificates
to include in the signature, in order to aid the recipient in verifying the
message.
bool openssl_pkcs7_decrypt(string infilename, string outfilename, mixed
recipcert, mixed recipkey)
Decrypts the MIME message contained in the file named by infilename
using the certificate and private key pair recipcert/recipkey.
The descrypted result is placed in outfilename.
TODO: add flags parameter, if needed?
EVP Sign/Verify/Encrypt/Decrypt Functions:
------------------------------------------
bool openssl_sign(string data, &string signature, mixed key)
Uses key to create signature for data, returns true on success and false
on failure. signature is passed by reference and contains the newly created
signature on success.
int openssl_verify(string data, string signature, mixed key)
Uses key to verify that the signature is correct for the given data.
Returns 1 if correct, 0 if incorrect, and -1 on error.
int openssl_seal(string data, &string sealdata, &array ekeys, array pubkeys)
Encrypts data using pubkeys, so that only owners of the respective private
keys and ekeys can decrypt and read the data. Returns the length of the
sealed data on success, else false. On success, sealdata and ekeys hold
the sealed data and envelope keys.
bool openssl_open(string data, &string opendata, string ekey, int privkey)
Opens (decrypts) sealed data using a private key and the corresponding
envelope key. Returns true on success and false on failure. On success,
opendata will hold the descypted data.
See below for more details on usage. Also feel free to mail me at
venaas@php.net if you have questions. The OpenSSL documentation,
especially the EVP documentation at
http://www.openssl.org/docs/crypto/evp.html, might also be of help.
HOWTO:
To do anything you need a private key and a certificate containing the
corresponding public key. This is similar to what you have using say an
Apache webserver with OpenSSL. For testing you could try keys that come
with OpenSSL, that's what the sample scripts below do. You can also get
keys from some CA, or you can create them yourself.
Creating private key
To generate an unprotected 1024 bit RSA private key you can do
openssl genrsa -out /tmp/test.key 1024
Private keys should be protected by a passphrase though.
Creating a self signed certificate
To generate a self signed certificate from the key that is valid for
365 days, do
openssl req -new -key /tmp/test.key -out /tmp/test.crt -days 365 -x509
Example usage
These examples use keys that come with OpenSSL, you should perhaps test with
those first.
Seal and open
<?php
$data = "Follow the white rabbit";
// Get certificate into a string
// this file comes with OpenSSL 0.9.6
$fp = fopen("/src/openssl-0.9.6/demos/maurice/cert.pem", "r");
$cert = fread($fp, 8192);
fclose($fp);
// get public key from certificate
$pk1 = openssl_get_publickey($cert);
// $pk1 is an encryption key resource id if success, else false
// Repeat if want public keys for multiple parties
$fp = fopen("/src/openssl-0.9.6/demos/sign/cert.pem", "r");
$cert = fread($fp, 8192);
fclose($fp);
$pk2 = openssl_get_publickey($cert);
// seal data, only owners of $pk1 and $pk2 can decrypt $sealed with keys
// $ekeys[0] and $ekeys[1] respectively.
openssl_seal($data, $sealed, $ekeys, array($pk1,$pk2));
openssl_free_key($pk1);
openssl_free_key($pk2);
// now we try to decrypt data for one of the recipients
$fp = fopen("/src/openssl-0.9.6/demos/sign/key.pem", "r");
// Get PEM coded key into $pkey
$pkey = fread($fp, 8192);
fclose($fp);
// $key will be resource id for unpacked $pkey
$key = openssl_get_privatekey($pkey);
openssl_open($sealed, $open, $ekeys[1], $key);
openssl_free_key($key);
echo "$open\n";
?>
Sign and verify
<?php
$data = "Follow the white rabbit";
// First we need to have a string containing the private key in PEM format
// this file comes with OpenSSL 0.9.6
$fp = fopen("/src/openssl-0.9.6/demos/sign/key.pem", "r");
$pkey = fread($fp, 8192);
fclose($fp);
// get private key from the PEM format
// $key is an encr key resource id if success, else false
$key = openssl_get_privatekey($pkey);
// calculate signature
openssl_sign($data, $signature, $key);
openssl_free_key($key);
// recipient verifies signature
// read certificate
$fp = fopen("/src/openssl-0.9.6/demos/sign/cert.pem", "r");
$cert = fread($fp, 8192);
fclose($fp);
// Get public key from the certificate
$pubkey = openssl_get_publickey($cert);
// state whether signature is okay or not
echo openssl_verify($data, $signature, $pubkey) == 1 ? "ok\n" : "bad\n";
// free key
openssl_free_key($pubkey);
?>

26
php/ext/openssl/config.w32 Normal file
View File

@@ -0,0 +1,26 @@
// $Id$
// vim:ft=javascript
ARG_WITH("openssl", "OpenSSL support", "no,shared");
if (PHP_OPENSSL != "no") {
var ret = SETUP_OPENSSL("openssl", PHP_OPENSSL);
if (ret > 0) {
EXTENSION("openssl", "openssl.c xp_ssl.c");
AC_DEFINE("HAVE_OPENSSL_EXT", PHP_OPENSSL_SHARED ? 0 : 1, "Have openssl");
AC_DEFINE("HAVE_OPENSSL", 1);
switch (ret) {
/* Openssl 1.0.x and lower */
case 1:
AC_DEFINE("HAVE_DSA_DEFAULT_METHOD", 1);
break;
/* Openssl 1.1.x */
case 2:
break;
}
}
}

33
php/ext/openssl/config0.m4 Normal file
View File

@@ -0,0 +1,33 @@
dnl
dnl $Id$
dnl
PHP_ARG_WITH(openssl, for OpenSSL support,
[ --with-openssl[=DIR] Include OpenSSL support (requires OpenSSL >= 1.0.1)])
PHP_ARG_WITH(kerberos, for Kerberos support,
[ --with-kerberos[=DIR] OPENSSL: Include Kerberos support], no, no)
PHP_ARG_WITH(system-ciphers, whether to use system default cipher list instead of hardcoded value,
[ --with-system-ciphers OPENSSL: Use system default cipher list instead of hardcoded value], no, no)
if test "$PHP_OPENSSL" != "no"; then
PHP_NEW_EXTENSION(openssl, openssl.c xp_ssl.c, $ext_shared)
PHP_SUBST(OPENSSL_SHARED_LIBADD)
if test "$PHP_KERBEROS" != "no"; then
PHP_SETUP_KERBEROS(OPENSSL_SHARED_LIBADD)
fi
AC_CHECK_FUNCS([RAND_egd])
PHP_SETUP_OPENSSL(OPENSSL_SHARED_LIBADD,
[
AC_DEFINE(HAVE_OPENSSL_EXT,1,[ ])
], [
AC_MSG_ERROR([OpenSSL check failed. Please check config.log for more information.])
])
if test "$PHP_SYSTEM_CIPHERS" != "no"; then
AC_DEFINE(USE_OPENSSL_SYSTEM_CIPHERS,1,[ Use system default cipher list instead of hardcoded value ])
fi
fi

6920
php/ext/openssl/openssl.c Normal file
View File

File diff suppressed because it is too large Load Diff

202
php/ext/openssl/php_openssl.h Normal file
View File

@@ -0,0 +1,202 @@
/* ====================================================================
* Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/*
+----------------------------------------------------------------------+
| PHP Version 7 |
+----------------------------------------------------------------------+
| Copyright (c) 1997-2018 The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available through the world-wide-web at the following url: |
| http://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Authors: Stig Venaas <venaas@php.net> |
| Wez Furlong <wez@thebrainroom.com |
+----------------------------------------------------------------------+
*/
/* $Id$ */
#ifndef PHP_OPENSSL_H
#define PHP_OPENSSL_H
/* HAVE_OPENSSL would include SSL MySQL stuff */
#ifdef HAVE_OPENSSL_EXT
extern zend_module_entry openssl_module_entry;
#define phpext_openssl_ptr &openssl_module_entry
#include "php_version.h"
#define PHP_OPENSSL_VERSION PHP_VERSION
#define OPENSSL_RAW_DATA 1
#define OPENSSL_ZERO_PADDING 2
#define OPENSSL_DONT_ZERO_PAD_KEY 4
#define OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH 0x0B080074
/* Used for client-initiated handshake renegotiation DoS protection*/
#define OPENSSL_DEFAULT_RENEG_LIMIT 2
#define OPENSSL_DEFAULT_RENEG_WINDOW 300
#define OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH 9
#define OPENSSL_DEFAULT_STREAM_CIPHERS "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:" \
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:" \
"DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:" \
"ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:" \
"ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:" \
"DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:" \
"AES256-GCM-SHA384:AES128:AES256:HIGH:!SSLv2:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!RC4:!ADH"
#include <openssl/err.h>
struct php_openssl_errors {
int buffer[ERR_NUM_ERRORS];
int top;
int bottom;
};
ZEND_BEGIN_MODULE_GLOBALS(openssl)
struct php_openssl_errors *errors;
ZEND_END_MODULE_GLOBALS(openssl)
#define OPENSSL_G(v) ZEND_MODULE_GLOBALS_ACCESSOR(openssl, v)
#if defined(ZTS) && defined(COMPILE_DL_OPENSSL)
ZEND_TSRMLS_CACHE_EXTERN();
#endif
php_stream_transport_factory_func php_openssl_ssl_socket_factory;
void php_openssl_store_errors();
PHP_MINIT_FUNCTION(openssl);
PHP_MSHUTDOWN_FUNCTION(openssl);
PHP_MINFO_FUNCTION(openssl);
PHP_GINIT_FUNCTION(openssl);
PHP_GSHUTDOWN_FUNCTION(openssl);
PHP_FUNCTION(openssl_pkey_get_private);
PHP_FUNCTION(openssl_pkey_get_public);
PHP_FUNCTION(openssl_pkey_free);
PHP_FUNCTION(openssl_pkey_new);
PHP_FUNCTION(openssl_pkey_export);
PHP_FUNCTION(openssl_pkey_export_to_file);
PHP_FUNCTION(openssl_pkey_get_details);
PHP_FUNCTION(openssl_sign);
PHP_FUNCTION(openssl_verify);
PHP_FUNCTION(openssl_seal);
PHP_FUNCTION(openssl_open);
PHP_FUNCTION(openssl_private_encrypt);
PHP_FUNCTION(openssl_private_decrypt);
PHP_FUNCTION(openssl_public_encrypt);
PHP_FUNCTION(openssl_public_decrypt);
PHP_FUNCTION(openssl_pbkdf2);
PHP_FUNCTION(openssl_pkcs7_verify);
PHP_FUNCTION(openssl_pkcs7_decrypt);
PHP_FUNCTION(openssl_pkcs7_sign);
PHP_FUNCTION(openssl_pkcs7_encrypt);
PHP_FUNCTION(openssl_pkcs7_read);
PHP_FUNCTION(openssl_error_string);
PHP_FUNCTION(openssl_x509_read);
PHP_FUNCTION(openssl_x509_free);
PHP_FUNCTION(openssl_x509_parse);
PHP_FUNCTION(openssl_x509_checkpurpose);
PHP_FUNCTION(openssl_x509_export);
PHP_FUNCTION(openssl_x509_fingerprint);
PHP_FUNCTION(openssl_x509_export_to_file);
PHP_FUNCTION(openssl_x509_check_private_key);
PHP_FUNCTION(openssl_pkcs12_export);
PHP_FUNCTION(openssl_pkcs12_export_to_file);
PHP_FUNCTION(openssl_pkcs12_read);
PHP_FUNCTION(openssl_csr_new);
PHP_FUNCTION(openssl_csr_export);
PHP_FUNCTION(openssl_csr_export_to_file);
PHP_FUNCTION(openssl_csr_sign);
PHP_FUNCTION(openssl_csr_get_subject);
PHP_FUNCTION(openssl_csr_get_public_key);
PHP_FUNCTION(openssl_spki_new);
PHP_FUNCTION(openssl_spki_verify);
PHP_FUNCTION(openssl_spki_export);
PHP_FUNCTION(openssl_spki_export_challenge);
PHP_FUNCTION(openssl_get_cert_locations);
#ifdef PHP_WIN32
#define PHP_OPENSSL_BIO_MODE_R(flags) (((flags) & PKCS7_BINARY) ? "rb" : "r")
#define PHP_OPENSSL_BIO_MODE_W(flags) (((flags) & PKCS7_BINARY) ? "wb" : "w")
#else
#define PHP_OPENSSL_BIO_MODE_R(flags) "r"
#define PHP_OPENSSL_BIO_MODE_W(flags) "w"
#endif
#else
#define phpext_openssl_ptr NULL
#endif
#endif
/*
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* End:
*/

68
php/ext/openssl/tests/001.phpt Normal file
View File

@@ -0,0 +1,68 @@
--TEST--
OpenSSL private key functions
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!@openssl_pkey_new()) die("skip cannot create private key");
?>
--FILE--
<?php
echo "Creating private key\n";
$conf = array('config' => dirname(__FILE__) . DIRECTORY_SEPARATOR . 'openssl.cnf');
$privkey = openssl_pkey_new($conf);
if ($privkey === false)
die("failed to create private key");
$passphrase = "banana";
$key_file_name = tempnam(sys_get_temp_dir(), "ssl");
if ($key_file_name === false)
die("failed to get a temporary filename!");
echo "Export key to file\n";
openssl_pkey_export_to_file($privkey, $key_file_name, $passphrase, $conf) or die("failed to export to file $key_file_name");
var_dump(is_resource($privkey));
echo "Load key from file - array syntax\n";
$loaded_key = openssl_pkey_get_private(array("file://$key_file_name", $passphrase));
if ($loaded_key === false)
die("failed to load key using array syntax");
openssl_pkey_free($loaded_key);
echo "Load key using direct syntax\n";
$loaded_key = openssl_pkey_get_private("file://$key_file_name", $passphrase);
if ($loaded_key === false)
die("failed to load key using direct syntax");
openssl_pkey_free($loaded_key);
echo "Load key manually and use string syntax\n";
$key_content = file_get_contents($key_file_name);
$loaded_key = openssl_pkey_get_private($key_content, $passphrase);
if ($loaded_key === false)
die("failed to load key using string syntax");
openssl_pkey_free($loaded_key);
echo "OK!\n";
@unlink($key_file_name);
?>
--EXPECT--
Creating private key
Export key to file
bool(true)
Load key from file - array syntax
Load key using direct syntax
Load key manually and use string syntax
OK!

27
php/ext/openssl/tests/74651.pem Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEoDCCBAmgAwIBAgIBJzANBgkqhkiG9w0BAQQFADCBkDELMAkGA1UEFhMCUk8x
EDAOBgNVBAgTB1JvbWFuaWExEDAOBgNVBAcTB0NyYWlvdmExDzANBgNVBAoTBlNl
cmdpdTETMBEGA1UECxMKU2VyZ2l1IFNSTDESMBAGA1UEAxMJU2VyZ2l1IENBMSMw
IQYJKoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTAeFw0wNDA1MTQxMzM0
NTZaFw0wNTA1MTQxMzM0NTZaMIGaMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9t
YW5pYTEQMA4GA1UEBxMHQ3JhaW92YTETMBEGA1UEChMKU2VyZ2l1IFNSTDETMBEG
A1UECxMKU2VyZ2l1IFNSTDEYMBYGA1UEAxMPU2VyZ2l1IHBlcnNvbmFsMSMwIQYJ
KoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEApNj7XXz8T8FcLIWpBniPYom3QcT6T7u0xRPHqtqzj5oboBYp
DJe5d354/y0gJTpiLt8+fTrPgWXnbHm3pOHgXzTcX6Arani0GDU0/xDi4VkCRGcS
YqX2sJpcDzAbmK9UDMt3xf/O1B8AJan3RfO0Bm3ozTEPziLMkmsiYr5b/L4CAwEA
AaOCAfwwggH4MAkGA1UdEwQCMAAwNQYJYIZIAYb4QgENBCgWJkZvciBHcmlkIHVz
ZSBvbmx5OyByZXF1ZXN0IHRhZyB1c2VyVGFnMBEGCWCGSAGG+EIBAQQEAwIF4DA/
BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vbW9iaWxlLmJsdWUtc29mdHdhcmUucm86
OTAvY2EvY3JsLnNodG1sMDUGCWCGSAGG+EIBCAQoFiZodHRwOi8vbW9iaWxlLmJs
dWUtc29mdHdhcmUucm86OTAvcHViLzAhBgNVHREEGjAYgRZzZXJnaXVAYmx1ZXNv
ZnR3YXJlLnJvMB0GA1UdDgQWBBSwp//5QRXeIzm93TEPl6CyonTg/DCBpwYDVR0j
BIGfMIGcoYGWpIGTMIGQMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9tYW5pYTEQ
MA4GA1UEBxMHQ3JhaW92YTEPMA0GA1UEChMGU2VyZ2l1MRMwEQYDVQQLEwpTZXJn
aXUgU1JMMRIwEAYDVQQDEwlTZXJnaXUgQ0ExIzAhBgkqhkiG9w0BCQEWFG5fc2Vy
Z2l1QGhvdG1haWwuY29tggEAMAsGA1UdDwQEAwIE8DAjBglghkgBhvhCAQIEFhYU
aHR0cDovLzYyLjIzMS45OC41Mi8wCwYDKgMEBAQ+52I0MA0GCSqGSIb3DQEBBAUA
A4GBAIBIOJ+iiLyQfNJEY+IMefayQea0nmuXYY+F+L1DFjSC7xChytgYoPNnKkhh
3dWPtxbswiqKYUnGi6y3Hi4UhDsOaDW29t2S305hSc2qgjOiNtRYQIVYQ8EHG1k7
Fl63S7uCOhnVJt+4MnUK1N6/pwgsp+Z2GvEsDG1qCKnvNpf6
-----END CERTIFICATE-----

113
php/ext/openssl/tests/ServerClientTestCase.inc Normal file
View File

@@ -0,0 +1,113 @@
<?php
const WORKER_ARGV_VALUE = 'RUN_WORKER';
function phpt_notify()
{
ServerClientTestCase::getInstance()->notify();
}
function phpt_wait()
{
ServerClientTestCase::getInstance()->wait();
}
/**
* This is a singleton to let the wait/notify functions work
* I know it's horrible, but it's a means to an end
*/
class ServerClientTestCase
{
private $isWorker = false;
private $workerHandle;
private $workerStdIn;
private $workerStdOut;
private static $instance;
public static function getInstance($isWorker = false)
{
if (!isset(self::$instance)) {
self::$instance = new self($isWorker);
}
return self::$instance;
}
public function __construct($isWorker = false)
{
if (!isset(self::$instance)) {
self::$instance = $this;
}
$this->isWorker = $isWorker;
}
private function spawnWorkerProcess($code)
{
if (defined("PHP_WINDOWS_VERSION_MAJOR")) {
$ini = php_ini_loaded_file();
$cmd = sprintf('%s %s "%s" %s', PHP_BINARY, $ini ? "-n -c $ini" : "", __FILE__, WORKER_ARGV_VALUE);
} else {
$cmd = sprintf('%s "%s" %s', PHP_BINARY, __FILE__, WORKER_ARGV_VALUE);
}
$this->workerHandle = proc_open($cmd, [['pipe', 'r'], ['pipe', 'w'], STDERR], $pipes);
$this->workerStdIn = $pipes[0];
$this->workerStdOut = $pipes[1];
fwrite($this->workerStdIn, $code . "\n---\n");
}
private function cleanupWorkerProcess()
{
fclose($this->workerStdIn);
fclose($this->workerStdOut);
proc_close($this->workerHandle);
}
private function stripPhpTagsFromCode($code)
{
return preg_replace('/^\s*<\?(?:php)?|\?>\s*$/i', '', $code);
}
public function runWorker()
{
$code = '';
while (1) {
$line = fgets(STDIN);
if (trim($line) === "---") {
break;
}
$code .= $line;
}
eval($code);
}
public function run($proc1Code, $proc2Code)
{
$this->spawnWorkerProcess($this->stripPhpTagsFromCode($proc2Code));
eval($this->stripPhpTagsFromCode($proc1Code));
$this->cleanupWorkerProcess();
}
public function wait()
{
fgets($this->isWorker ? STDIN : $this->workerStdOut);
}
public function notify()
{
fwrite($this->isWorker ? STDOUT : $this->workerStdIn, "\n");
}
}
if (isset($argv[1]) && $argv[1] === WORKER_ARGV_VALUE) {
ServerClientTestCase::getInstance(true)->runWorker();
}

14
php/ext/openssl/tests/bug25614.phpt Normal file
View File

@@ -0,0 +1,14 @@
--TEST--
openssl: get public key from generated private key
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!@openssl_pkey_new()) die("skip cannot create private key");
?>
--FILE--
<?php
$priv = openssl_pkey_new();
$pub = openssl_pkey_get_public($priv);
?>
--EXPECTF--
Warning: openssl_pkey_get_public(): Don't know how to get public key from this private key %s

46
php/ext/openssl/tests/bug28382.phpt Normal file
View File

@@ -0,0 +1,46 @@
--TEST--
Bug #28382 (openssl_x509_parse extensions support)
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (OPENSSL_VERSION_NUMBER<0x009070af) die("skip");
?>
--FILE--
<?php
$cert = file_get_contents(dirname(__FILE__) . "/bug28382cert.txt");
$ext = openssl_x509_parse($cert);
var_dump($ext['extensions']);
/* openssl 1.0 prepends the string "Full Name:" to the crlDistributionPoints array key.
For now, as this is the one difference only between 0.9.x and 1.x, it's handled with
placeholders to not to duplicate the test. When more diffs come, a duplication would
be probably a better solution.
*/
?>
--EXPECTF--
array(11) {
["basicConstraints"]=>
string(8) "CA:FALSE"
["nsComment"]=>
string(38) "For Grid use only; request tag userTag"
["nsCertType"]=>
string(30) "SSL Client, SSL Server, S/MIME"
["crlDistributionPoints"]=>
string(%d) "%AURI:http://mobile.blue-software.ro:90/ca/crl.shtml
"
["nsCaPolicyUrl"]=>
string(38) "http://mobile.blue-software.ro:90/pub/"
["subjectAltName"]=>
string(28) "email:sergiu@bluesoftware.ro"
["subjectKeyIdentifier"]=>
string(59) "B0:A7:FF:F9:41:15:DE:23:39:BD:DD:31:0F:97:A0:B2:A2:74:E0:FC"
["authorityKeyIdentifier"]=>
string(115) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/emailAddress=n_sergiu@hotmail.com
serial:00
"
["keyUsage"]=>
string(71) "Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment"
["nsBaseUrl"]=>
string(20) "http://62.231.98.52/"
["1.2.3.4"]=>
string(4) "%s"
}

27
php/ext/openssl/tests/bug28382cert.txt Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEoDCCBAmgAwIBAgIBJzANBgkqhkiG9w0BAQQFADCBkDELMAkGA1UEBhMCUk8x
EDAOBgNVBAgTB1JvbWFuaWExEDAOBgNVBAcTB0NyYWlvdmExDzANBgNVBAoTBlNl
cmdpdTETMBEGA1UECxMKU2VyZ2l1IFNSTDESMBAGA1UEAxMJU2VyZ2l1IENBMSMw
IQYJKoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTAeFw0wNDA1MTQxMzM0
NTZaFw0wNTA1MTQxMzM0NTZaMIGaMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9t
YW5pYTEQMA4GA1UEBxMHQ3JhaW92YTETMBEGA1UEChMKU2VyZ2l1IFNSTDETMBEG
A1UECxMKU2VyZ2l1IFNSTDEYMBYGA1UEAxMPU2VyZ2l1IHBlcnNvbmFsMSMwIQYJ
KoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEApNj7XXz8T8FcLIWpBniPYom3QcT6T7u0xRPHqtqzj5oboBYp
DJe5d354/y0gJTpiLt8+fTrPgWXnbHm3pOHgXzTcX6Arani0GDU0/xDi4VkCRGcS
YqX2sJpcDzAbmK9UDMt3xf/O1B8AJan3RfO0Bm3ozTEPziLMkmsiYr5b/L8CAwEA
AaOCAfwwggH4MAkGA1UdEwQCMAAwNQYJYIZIAYb4QgENBCgWJkZvciBHcmlkIHVz
ZSBvbmx5OyByZXF1ZXN0IHRhZyB1c2VyVGFnMBEGCWCGSAGG+EIBAQQEAwIF4DA/
BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vbW9iaWxlLmJsdWUtc29mdHdhcmUucm86
OTAvY2EvY3JsLnNodG1sMDUGCWCGSAGG+EIBCAQoFiZodHRwOi8vbW9iaWxlLmJs
dWUtc29mdHdhcmUucm86OTAvcHViLzAhBgNVHREEGjAYgRZzZXJnaXVAYmx1ZXNv
ZnR3YXJlLnJvMB0GA1UdDgQWBBSwp//5QRXeIzm93TEPl6CyonTg/DCBpwYDVR0j
BIGfMIGcoYGWpIGTMIGQMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9tYW5pYTEQ
MA4GA1UEBxMHQ3JhaW92YTEPMA0GA1UEChMGU2VyZ2l1MRMwEQYDVQQLEwpTZXJn
aXUgU1JMMRIwEAYDVQQDEwlTZXJnaXUgQ0ExIzAhBgkqhkiG9w0BCQEWFG5fc2Vy
Z2l1QGhvdG1haWwuY29tggEAMAsGA1UdDwQEAwIE8DAjBglghkgBhvhCAQIEFhYU
aHR0cDovLzYyLjIzMS45OC41Mi8wCwYDKgMEBAQ+52I0MA0GCSqGSIb3DQEBBAUA
A4GBAIBIOJ+iiLyQfNJEY+IMefayQea0nmuXYY+F+L1DFjSC7xChytgYoPNnKkhh
3dWPtxbswiqKYUnGi6y3Hi4UhDsOaDW29t2S305hSc2qgjOiNtRYQIVYQ8EHG1k7
Fl63S7uCOhnVJt+4MnUK1N6/pwgsp+Z2GvEsDG1qCKnvNpf6
-----END CERTIFICATE-----

41
php/ext/openssl/tests/bug36732.phpt Normal file
View File

@@ -0,0 +1,41 @@
--TEST--
Bug #36732 (add support for req_extensions in openss_csr_new and sign)
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip");
?>
--FILE--
<?php
$configargs = array(
"req_extensions" => "v3_req",
"x509_extensions" => "usr_cert",
"config" => __DIR__. DIRECTORY_SEPARATOR . "openssl.cnf",
);
$dn = array(
"countryName" => "GB",
"stateOrProvinceName" => "Berkshire",
"localityName" => "Newbury",
"organizationName" => "My Company Ltd",
"commonName" => "Demo Cert"
);
$key = openssl_pkey_new();
$csr = openssl_csr_new($dn, $key, $configargs);
$crt = openssl_csr_sign($csr, NULL, $key, 365, $configargs);
$str = '';
openssl_csr_export($csr, $str, false);
if (strpos($str, 'Requested Extensions:')) {
echo "Ok\n";
}
openssl_x509_export($crt, $str, false);
if (strpos($str, 'X509v3 extensions:')) {
echo "Ok\n";
}
?>
--EXPECTF--
Ok
Ok

36
php/ext/openssl/tests/bug37820.phpt Normal file
View File

@@ -0,0 +1,36 @@
--TEST--
openssl_sign/verify: accept different algos
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip");
?>
--FILE--
<?php
$dir = dirname(__FILE__);
$file_pub = $dir . '/bug37820cert.pem';
$file_key = $dir . '/bug37820key.pem';
$priv_key = file_get_contents($file_key);
$priv_key_id = openssl_get_privatekey($priv_key);
$pub_key = file_get_contents($file_pub);
$pub_key_id = openssl_get_publickey($pub_key);
$data = "some custom data";
if (!openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_MD5)) {
echo "openssl_sign failed.";
}
$ok = openssl_verify($data, $signature, $pub_key_id, OPENSSL_ALGO_MD5);
if ($ok == 1) {
echo "Ok";
} elseif ($ok == 0) {
echo "openssl_verify failed.";
}
?>
--EXPECTF--
Ok

14
php/ext/openssl/tests/bug37820cert.pem Normal file
View File

@@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
-----END CERTIFICATE-----

9
php/ext/openssl/tests/bug37820key.pem Normal file
View File

@@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
-----END RSA PRIVATE KEY-----

55
php/ext/openssl/tests/bug38255.phpt Normal file
View File

@@ -0,0 +1,55 @@
--TEST--
openssl key from zval leaks
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$pub_key_id = false;
$signature = '';
$ok = openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5);
class test {
function __toString() {
return "test object";
}
}
$t = new test;
var_dump(openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5));
var_dump(openssl_verify("foo", $t, $pub_key_id, OPENSSL_ALGO_MD5));
var_dump(openssl_verify("foo", new stdClass, $pub_key_id, OPENSSL_ALGO_MD5));
var_dump(openssl_verify("foo", new stdClass, array(), OPENSSL_ALGO_MD5));
var_dump(openssl_verify("foo", array(), array(), OPENSSL_ALGO_MD5));
var_dump(openssl_verify());
var_dump(openssl_verify(new stdClass, new stdClass, array(), 10000));
echo "Done\n";
?>
--EXPECTF--
Warning: openssl_verify(): supplied key param cannot be coerced into a public key in %s on line %d
Warning: openssl_verify(): supplied key param cannot be coerced into a public key in %s on line %d
bool(false)
Warning: openssl_verify(): supplied key param cannot be coerced into a public key in %s on line %d
bool(false)
Warning: openssl_verify() expects parameter 2 to be string, object given in %s on line %d
NULL
Warning: openssl_verify() expects parameter 2 to be string, object given in %s on line %d
NULL
Warning: openssl_verify() expects parameter 2 to be string, array given in %s on line %d
NULL
Warning: openssl_verify() expects at least 3 parameters, 0 given in %s on line %d
NULL
Warning: openssl_verify() expects parameter 1 to be string, object given in %s on line %d
NULL
Done

34
php/ext/openssl/tests/bug38261.phpt Normal file
View File

@@ -0,0 +1,34 @@
--TEST--
openssl key from zval leaks
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$cert = false;
class test {
function __toString() {
return "test object";
}
}
$t = new test;
var_dump(openssl_x509_parse("foo"));
var_dump(openssl_x509_parse($t));
var_dump(openssl_x509_parse(array()));
var_dump(openssl_x509_parse());
var_dump(openssl_x509_parse($cert));
var_dump(openssl_x509_parse(new stdClass));
?>
--EXPECTF--
bool(false)
bool(false)
bool(false)
Warning: openssl_x509_parse() expects at least 1 parameter, 0 given in %sbug38261.php on line %d
NULL
bool(false)
Recoverable fatal error: Object of class stdClass could not be converted to string in %sbug38261.php on line %d

19
php/ext/openssl/tests/bug39217.phpt Normal file
View File

@@ -0,0 +1,19 @@
--TEST--
Bug #39217 (Large serial number return -1)
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$dir = dirname(__FILE__);
$certs = array('bug39217cert2.txt', 'bug39217cert1.txt');
foreach($certs as $cert) {
$res = openssl_x509_parse(file_get_contents($dir . '/' . $cert));
print_r($res['serialNumber']);
echo "\n";
}
?>
--EXPECTF--
163040343498260435477161879008842183802
15

17
php/ext/openssl/tests/bug39217cert1.txt Normal file
View File

@@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICvzCCAiigAwIBAgIBDzANBgkqhkiG9w0BAQUFADBbMRkwFwYDVQQKExBET0Ug
U2NpZW5jZSBHcmlkMSAwHgYDVQQLExdDZXJ0aWZpY2F0ZSBBdXRob3JpdGllczEc
MBoGA1UEAxMTQ2VydGlmaWNhdGUgTWFuYWdlcjAeFw0wMDA4MjkyMjI4MDJaFw0w
MTA4MjkyMjI4MDJaMHgxDTALBgNVBAoTBEdyaWQxLjAsBgNVBAoTJUxhd3JlbmNl
IEJlcmtlbGV5IE5hdGlvbmFsIExhYm9yYXRvcnkxIDAeBgNVBAsTF0NlcnRpZmlj
YXRlIEF1dGhvcml0aWVzMRUwEwYDVQQDEwxMQk5MLUdyaWQtQ0EwgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBAL2t4aX933WXYlofuY+L+16Tdl/KxpAammyfcW8u
kHHT6RYDjaQdfV1FpNEqfSrRjKNwGGGkrG4XHZWiUO0Di0AlBN04lsRY6jB68l6B
5byujfZv+8EeCI2c1ObBLYZYi4lToJf0sm0Hpn3GD7PZBv6BVHLOuwEFDl9z9Dnc
DFDdAgMBAAGjdjB0MBEGCWCGSAGG+EIBAQQEAwIAhzAOBgNVHQ8BAf8EBAMCAcYw
HQYDVR0OBBYEFIn+csPVyp+iprpYUIu1SziMQiDxMA8GA1UdEwEB/wQFMAMBAf8w
HwYDVR0jBBgwFoAUm85P8ry9WHAx1fIyDn6eveJRFOcwDQYJKoZIhvcNAQEFBQAD
gYEAHindWQ4P4VUmJVt5sUGA05hSAZriDJDDnkvkm/9AR7xgGxtsy21QruhUVe2E
eVFBws85zbwRqMpfUQyE/xHhUcka2GQTaKlBlcEjZTMnsh27Si2PMYU/UPr/PIpq
kBkoxVV1bMWRK57mG2tzzTy9j0wkct4G5IjEsrYNDzW6U3E=
-----END CERTIFICATE-----

18
php/ext/openssl/tests/bug39217cert2.txt Normal file
View File

@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC3DCCAkWgAwIBAgIQeqhtj1pzHCrTTq2AldV0ejANBgkqhkiG9w0BAQQFADAy
MRcwFQYDVQQKEw5FLUFDSEFUIE1JTkRFRjEXMBUGA1UEAxMORS1BQ0hBVCBNSU5E
RUYwHhcNMDQwMTA1MDAwMDAwWhcNMDYwMTA0MjM1OTU5WjCB5DEOMAwGA1UEBxQF
UEFSSVMxCzAJBgNVBAYTAkZSMRcwFQYDVQQKFA5FLUFDSEFUIE1JTkRFRjEtMCsG
A1UECxQkRW50LiAtIENhcCBHZW1pbmkgRXJuc3QgWW91bmcgRnJhbmNlMR8wHQYD
VQQLFBZTSVJFTiAtIDMyODc4MTc4NjAwMDUzMTQwMgYDVQQDEytDR0VZIEZyYW5j
ZSAtIENhcCBHZW1pbmkgRXJuc3QgWW91bmcgRnJhbmNlMSYwJAYJKoZIhvcNAQkB
FhdkZ2FlbWEtbWNvQGNhcGdlbWluaS5mcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEApFgcuVTuUe0z+iGTaPw7yVxhZsPq6aIqGHsCvU9fqUcymbmg9l4oTfAk
gR5bvDo+JTQb1/OPlQCKqyVa7wn6lPs97dMOZMobjCRcvw7z0jVphortA1NS8FRH
6LsWELZ13uC57IIakpW726Vz3tST9qHHbQoWbX/n8NjHcwL4zUECAwEAAaNAMD4w
CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEQYJYIZIAYb4QgEBBAQDAgeAMBEGCmCG
SAGG+EUBBgkEAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAWdmEu8TkFdgqA/xN6llo9
zZR3EUH0X5HstxJRYgofcQyfumJHhgvaNB8vkDhZ3iJORVVxcJ27W36TAJ6b4jcr
yWjO/nc42XdgknS8r9NIV7VKzmjY7Ip2+9N6JOAWFkjGrnF1G69nrerIJavJTzrb
PYlQnzJO6SHAoi5j6WsKPw==
-----END CERTIFICATE-----

12
php/ext/openssl/tests/bug41033.pem Normal file
View File

@@ -0,0 +1,12 @@
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQCrQ/By/Y5OQRmmc/e+W+eFVoeR5y8WPOkykwS2hc21aSNY5X3q
8ZHdV467thFd/QCoR55hHTRGRbYmfOkXSiscotU08ISlxIH39EEhFSzwqzkxFfak
cgHEu41AUOIfJ2Dz+vcmuasME159pDP0d0gt55pKRPcXoh916p2VS/FBiQIVAMnQ
C6W+K1brelHqpUqwQ1cdNJklAoGAN858gG/UIF+U3CYTcgl5/OUAqOzvitMV2ue+
AkDEkGNEZs3KUAjpqHduf1E3znl7hJJIRr+33sul9USxn0vczDBkEJPralQjNX2C
dnYKDDhJ+UKlAFG2JZint4CBKPFiZC0tVo04iDQQUUfDC4c8K3cS5uzypebJyoLo
e5b8rScCgYBedJg6vklhMWv2wZD10hbQaXEX5r8T6EQujbfO0RcKpuaJziPPrXO8
QwPtLt0f40yjTmPxN3LcpgMymiun9UCSTZ3MhVKekCmSNzs5+lQpCm1VlDrCg+jn
djw0VCX8Cm0lOPIyQ4eCNAB6nQLtBnXFWaqYuUS8iVDE7wmT0iwnkAIVAMKogWVA
ZOKwjTj9Yztv3lGj7VTa
-----END DSA PRIVATE KEY-----

27
php/ext/openssl/tests/bug41033.phpt Normal file
View File

@@ -0,0 +1,27 @@
--TEST--
#41033, enable signing with DSA keys
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip, openssl required");
if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip");
?>
--FILE--
<?php
$prv = 'file://' . dirname(__FILE__) . '/' . 'bug41033.pem';
$pub = 'file://' . dirname(__FILE__) . '/' . 'bug41033pub.pem';
$prkeyid = openssl_get_privatekey($prv, "1234");
$ct = "Hello I am some text!";
openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_SHA1);
echo "Signature: ".base64_encode($signature) . "\n";
$pukeyid = openssl_get_publickey($pub);
$valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_SHA1);
echo "Signature validity: " . $valid . "\n";
?>
--EXPECTF--
Signature: %s
Signature validity: 1

12
php/ext/openssl/tests/bug41033pub.pem Normal file
View File

@@ -0,0 +1,12 @@
-----BEGIN PUBLIC KEY-----
MIIBtjCCASsGByqGSM44BAEwggEeAoGBAKtD8HL9jk5BGaZz975b54VWh5HnLxY8
6TKTBLaFzbVpI1jlferxkd1Xjru2EV39AKhHnmEdNEZFtiZ86RdKKxyi1TTwhKXE
gff0QSEVLPCrOTEV9qRyAcS7jUBQ4h8nYPP69ya5qwwTXn2kM/R3SC3nmkpE9xei
H3XqnZVL8UGJAhUAydALpb4rVut6UeqlSrBDVx00mSUCgYA3znyAb9QgX5TcJhNy
CXn85QCo7O+K0xXa574CQMSQY0RmzcpQCOmod25/UTfOeXuEkkhGv7fey6X1RLGf
S9zMMGQQk+tqVCM1fYJ2dgoMOEn5QqUAUbYlmKe3gIEo8WJkLS1WjTiINBBRR8ML
hzwrdxLm7PKl5snKguh7lvytJwOBhAACgYBedJg6vklhMWv2wZD10hbQaXEX5r8T
6EQujbfO0RcKpuaJziPPrXO8QwPtLt0f40yjTmPxN3LcpgMymiun9UCSTZ3MhVKe
kCmSNzs5+lQpCm1VlDrCg+jndjw0VCX8Cm0lOPIyQ4eCNAB6nQLtBnXFWaqYuUS8
iVDE7wmT0iwnkA==
-----END PUBLIC KEY-----

16
php/ext/openssl/tests/bug41353.phpt Normal file
View File

@@ -0,0 +1,16 @@
--TEST--
Bug #41353 (openssl_pkcs12_read() does not verify the type of the first arg)
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$a = 2;
openssl_pkcs12_read(1, $a, 1);
echo "Done\n";
?>
--EXPECTF--
Done

33
php/ext/openssl/tests/bug46127.pem Normal file
View File

@@ -0,0 +1,33 @@
-----BEGIN CERTIFICATE-----
MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET
MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN
MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB
ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy
V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6
JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S
S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R
aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E
1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho
+Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ
JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0
Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
-----END RSA PRIVATE KEY-----

42
php/ext/openssl/tests/bug46127.phpt Normal file
View File

@@ -0,0 +1,42 @@
--TEST--
#46127, openssl_sign/verify: accept different algos
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip openssl version too low");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug46127.pem',
]]);
$sock = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
$link = stream_socket_accept($sock);
fwrite($link, "Sending bug 46127\n");
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_peer_name' => false
]]);
phpt_wait();
$sock = stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx);
echo fgets($sock);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECT--
Sending bug 46127

40
php/ext/openssl/tests/bug47828.phpt Normal file
View File

@@ -0,0 +1,40 @@
--TEST--
Bug #47828 (segfaults when a UTF-8 conversion fails openssl_x509_parse())
--SKIPIF--
<?php if (!extension_loaded("openssl")) die("skip"); ?>
--FILE--
<?php
$csr = "-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgICAtUwDQYJKoZIhvcNAQEFBQAwgewxFjAUBgNVBC0DDQBT
UFI5NjEyMTdOSzkxETAPBgNVBAcTCENveW9hY+FuMQswCQYDVQQIEwJERjELMAkG
A1UEBhMCTVgxDjAMBgNVBBETBTA0MDAwMR8wHQYDVQQJExZQYW56YWNvbGEgIzYy
IDFlciBwaXNvMSgwJgYDVQQDEx9BdXRvcmlkYWQgY2VydGlmaWNhZG9yYSBJbnRl
cm5hMRMwEQYDVQQLEwpUZWNub2xvZ+1hMRMwEQYDVQQKEwpTZWd1cmlEYXRhMSAw
HgYJKoZIhvcNAQkBFhFhY0BzZWd1cmlkYXRhLmNvbTAeFw0wNzAyMTIwMDAwMDBa
Fw0xMjAyMjkwMDAwMDBaMIIBDDEWMBQGA1UELQMNAFNQUjk2MTIxN05LOTEXMBUG
A1UEBxMOQWx2YXJvIE9icmVnb24xDTALBgNVBAgTBEQuRi4xCzAJBgNVBAYTAk1Y
MQ4wDAYDVQQREwUwMTAwMDEoMCYGA1UECRMfSW5zdXJnZW50ZXMgU3VyIDIzNzUs
IDNlci4gUGlzbzEbMBkGA1UEAxMSd3d3LnNlZ3VyaWRhdGEuY29tMREwDwYDVQQL
EwhJbnRlcm5ldDEpMCcGA1UEChMgU2VndXJpRGF0YSBQcml2YWRhLCBTLkEuIGRl
IEMuVi4xKDAmBgkqhkiG9w0BCQEWGXBvc3RtYXN0ZXJAc2VndXJpZGF0YS5jb20w
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANG/rb52Ou//dnkHysR5m7T4r8QM
KOM/CP0OEXTOC+a+47RsZjqNiZsBkSeR92OFPpkw5bJ85IAD/Tgx7Tli3ryJfrdk
WMfkXpzWW0YmeTrghL0DMNd8nYc9voVv+OGnIZ0W4Mhz31eiThmyy7Fs8ZlFyfkR
REj5OQvq+z+NP/n/AgMBAAGjODA2MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1Ud
DwQFAwMH6AAwEQYJYIZIAYb4QgEBBAQDAgBAMA0GCSqGSIb3DQEBBQUAA4IBAQCq
nBqQEb7H6Gxi4KXBn1lrPd5KWO40iSD7BREU8e0eI1ZLZvi4IEAlmyG81Le037jo
irMUDS2Ue5WI61QnGw4LhnYlCIuffU7fTs+UbrOE4qNU67G+XBfjk0gHkXHmEYbb
EOR9OHeDcYFgcl3j4SLg/ff6oRYbMkQRCrgQzrl/MNkuqDWJrcigS9OD6OTgRyEo
7Zvf7/ofWIzTIvINbfjQzSTr8AbI4SbuU9iKgVGDQQF6cfpBmOYgnr3QPuoTQCoU
pz9H9wBlz/Nmw12YtfCmGqpIFAxpRGFQTGPNJWr4FdZkUM792lm7Sf3zzSvi8Ruz
M3dwifRsZyZyruy4tMsu
-----END CERTIFICATE-----
";
$cert = str_replace("\\n", "\n", $csr);
$arr = openssl_x509_parse($cert);
var_dump($arr['hash']);
echo "Done";
?>
--EXPECTF--
string(8) "%s"
Done

50
php/ext/openssl/tests/bug48182.phpt Normal file
View File

@@ -0,0 +1,50 @@
--TEST--
Bug #48182: ssl handshake fails during asynchronous socket connection
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip openssl version too low");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
$client = @stream_socket_accept($server, 1);
$data = "Sending bug48182\n" . fread($client, 8192);
fwrite($client, $data);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'cafile' => __DIR__ . '/bug54992-ca.pem',
'peer_name' => 'bug54992.local'
]]);
phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 10, $clientFlags, $clientCtx);
$data = "Sending data over to SSL server in async mode with contents like Hello World\n";
fwrite($client, $data);
echo fread($client, 1024);
CODE;
echo "Running bug48182\n";
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Running bug48182
Sending bug48182
Sending data over to SSL server in async mode with contents like Hello World

17
php/ext/openssl/tests/bug54060.phpt Normal file
View File

@@ -0,0 +1,17 @@
--TEST--
Bug #54060 (Memory leak in openssl_encrypt)
--SKIPIF--
<?php if (!extension_loaded("openssl")) die("skip"); ?>
--FILE--
<?php
$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243
r7-89437 r892374 r894372 r894 7289r7 f frwerfh i iurf iuryw uyrfouiwy ruy
972439 8478942 yrhfjkdhls";
$pass = "r23498rui324hjbnkj";
openssl_encrypt($data, 'des3', $pass, 0, '1qazxsw2');
echo "Done";
?>
--EXPECT--
Done

17
php/ext/openssl/tests/bug54061.phpt Normal file
View File

@@ -0,0 +1,17 @@
--TEST--
Bug #54061 (Memory leak in openssl_decrypt)
--SKIPIF--
<?php if (!extension_loaded("openssl")) die("skip"); ?>
--FILE--
<?php
$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243
r7-89437 r892374 r894372 r894 7289r7 f frwerfh i iurf iuryw uyrfouiwy ruy
972439 8478942 yrhfjkdhls";
$pass = "r23498rui324hjbnkj";
$cr = openssl_encrypt($data, 'des3', $pass, 0, '1qazxsw2');
$dcr = openssl_decrypt($cr, 'des3', $pass, 0, '1qazxsw2');
echo "Done";
?>
--EXPECT--
Done

42
php/ext/openssl/tests/bug54992-ca.pem Normal file
View File

@@ -0,0 +1,42 @@
-----BEGIN CERTIFICATE-----
MIIHZzCCBU+gAwIBAgIBATANBgkqhkiG9w0BAQQFADCByzEpMCcGA1UEAxMgQ2F0
YXBocmFjdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAlBUMQ8wDQYD
VQQHEwZMaXNib2ExETAPBgNVBAgTCFBvcnR1Z2FsMSkwJwYDVQQKEyBDYXRhcGhy
YWN0IENlcnRpZmljYXRlIEF1dGhvcml0eTEcMBoGA1UECxMTQ2VydGlmaWNhdGUg
U2lnbmluZzEkMCIGCSqGSIb3DQEJARYVQ2F0YXBocmFjdEBuZXRjYWJvLnB0MB4X
DTAzMTIwNTAwMTExOVoXDTE4MTIwMTAwMTExOVowgcsxKTAnBgNVBAMTIENhdGFw
aHJhY3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQswCQYDVQQGEwJQVDEPMA0GA1UE
BxMGTGlzYm9hMREwDwYDVQQIEwhQb3J0dWdhbDEpMCcGA1UEChMgQ2F0YXBocmFj
dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHDAaBgNVBAsTE0NlcnRpZmljYXRlIFNp
Z25pbmcxJDAiBgkqhkiG9w0BCQEWFUNhdGFwaHJhY3RAbmV0Y2Fiby5wdDCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANg+noZuxtWdxmZjxanJGEpzmDYu
Uko9OHdmhVr3UU+z04a9JFT7aH5wuwrnpadNy1u9CqrSHVWFEtSmOMOH8QYzIy4C
qCjFPSJR5UQjxpxTZeXaTvfhKI9n0LMSqc7I68HkP5MF64N3Z2cRdYvM4U6R5ERD
Xw2LiRpii/+J2cezgi/Nw3vS4hZlWDWMkttfBd0HKSwxxN7OlPcjyzoTVhQgSISV
Zvd3kwENTWD7s3EnnPRtMiW8Vzcjd8eSTCSjuGBG/8NnI44amLo7gSWocCJ2os69
CJgiqMpp0tLT8cJm0mQUBk0o9gBS7l1GPpgq5fwWG+DmoLIHrKjxpuI5v2DW23gx
yimXSyiD1GX0JLlTqZ+klM7Mv7ptnigRXA8F5f4GbVzBlGM1L1EERd8orsSmzPEA
S6puHdlNzjcx00glp1UoAs6+tV39eW/fjiP493biPcar0pNO8QWfRSqPsgy6/qKN
m7x2DoSdTbRgCalBMp57xYCUHIETZvlewGKnQD1Tj9FlbzvOnH6r52gj5U/5r3pn
E4DshILn/qtdRwd/2Dwx/KSyBJznU7Yu0vEeMwQioZ6YFH1FnC4229lHYCN6ByVw
UE7OMH7n0A8SUN8flxr2X7MmWpQsMrgVfrAjufmFwUaeIRq9X3wihDYw0MYP0brU
x5ONmY+VA93gLdStAgMBAAGjggFSMIIBTjASBgNVHRMBAf8ECDAGAQH/AgEBMB0G
A1UdDgQWBBQj+82/Y4YWpR8kIi0obJULkqmBwTCB+AYDVR0jBIHwMIHtgBQj+82/
Y4YWpR8kIi0obJULkqmBwaGB0aSBzjCByzEpMCcGA1UEAxMgQ2F0YXBocmFjdCBD
ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAlBUMQ8wDQYDVQQHEwZMaXNi
b2ExETAPBgNVBAgTCFBvcnR1Z2FsMSkwJwYDVQQKEyBDYXRhcGhyYWN0IENlcnRp
ZmljYXRlIEF1dGhvcml0eTEcMBoGA1UECxMTQ2VydGlmaWNhdGUgU2lnbmluZzEk
MCIGCSqGSIb3DQEJARYVQ2F0YXBocmFjdEBuZXRjYWJvLnB0ggEBMAsGA1UdDwQE
AwIBBjARBglghkgBhvhCAQEEBAMCAAcwDQYJKoZIhvcNAQEEBQADggIBAKN6pRY1
8GwQx378ukmw4pzvODlee5IKSPRT92hfLKNGNUAMu2LFo+bjItpilhSvR4aklRvh
5RBoVE8ejEdZXsz0HobMUUcL9IemaRwBCWHPii7Y3zX2J1FUiS/KmWhrYvw5hb1P
P83f/kxdWhxD+MbwuGc2I/6WgfsRyzevQsxdJgElQvNGkOXsC56pEXm2ChVoLbZL
sZX0zPa5ZzXByQGwXl9eqOkV7fdNKulJPcLPOs/y1cAfcxXrDYHpqBGf9nb14p3C
NaWXFhvq9Khk/QiWKSO4QarPlYS4H0Sl6tp7zBaE+dZHAjci2mSTraUf7q61kqoJ
g/ZA3qupd1rR67NzN+6x/TJmIq0G3GUxnDNNqNAHvS4YJx8g4Ji0F3Qoz3CgKnc4
HsneYQ/LCLq2pDjsffnLI88MBGbfHZDjdj2nowwX76W/6PPutD5IR/kOmHEaX1TJ
/Ff99bVV4HwNF3GPwmKPmHpw3hB9A/xG9aiQRcYs0reXoYeQ+8nyCGmu41LweFyV
1WVwWJ/MHgdtzJZHdPjeXKMWQzOx3AS3TCc31oi4IEo4NgNigcuvl0qgUcwDRXBI
HZm4f7npm7xiES8BSoq5PIVCj8EXJd4b7Gk6dHGJGO+APaw3kYKqfqg5+AN1e4a5
x3onNvWhjcwDGgcs/xAfVJIUucEqpC5h0pZq
-----END CERTIFICATE-----

47
php/ext/openssl/tests/bug54992.pem Normal file
View File

@@ -0,0 +1,47 @@
-----BEGIN CERTIFICATE-----
MIIFizCCA3OgAwIBAgIBGTANBgkqhkiG9w0BAQUFADCByzEpMCcGA1UEAxMgQ2F0
YXBocmFjdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAlBUMQ8wDQYD
VQQHEwZMaXNib2ExETAPBgNVBAgTCFBvcnR1Z2FsMSkwJwYDVQQKEyBDYXRhcGhy
YWN0IENlcnRpZmljYXRlIEF1dGhvcml0eTEcMBoGA1UECxMTQ2VydGlmaWNhdGUg
U2lnbmluZzEkMCIGCSqGSIb3DQEJARYVQ2F0YXBocmFjdEBuZXRjYWJvLnB0MB4X
DTExMDYwNzIzNTIwM1oXDTE4MTIwMTAwMTExOVowWjEXMBUGA1UEAxMOYnVnNTQ5
OTIubG9jYWwxCzAJBgNVBAYTAlBUMQ8wDQYDVQQHEwZMaXNib2ExDzANBgNVBAgT
Bkxpc2JvYTEQMA4GA1UEChMHcGhwLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAtUAVQKTgpUPgtFOJ3w3kDJETS45tWeT96kUg1NeYLKW+jNbFhxPoPJv7
XhfemCaqh2tbq1cdYW906Wp1L+eNQvdTYA2IQG4EQBUlmfyIakOIMsN/RizVkF09
vlNQwTpaMpqTv7wB8vvwbxb9jbC2ZhQUBEg6PIn18dSstbM9FZ0CAwEAAaOCAWww
ggFoMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCysG9r7vXtfHa38AUZeCM6tgH9c
MIH4BgNVHSMEgfAwge2AFCP7zb9jhhalHyQiLShslQuSqYHBoYHRpIHOMIHLMSkw
JwYDVQQDEyBDYXRhcGhyYWN0IENlcnRpZmljYXRlIEF1dGhvcml0eTELMAkGA1UE
BhMCUFQxDzANBgNVBAcTBkxpc2JvYTERMA8GA1UECBMIUG9ydHVnYWwxKTAnBgNV
BAoTIENhdGFwaHJhY3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRwwGgYDVQQLExND
ZXJ0aWZpY2F0ZSBTaWduaW5nMSQwIgYJKoZIhvcNAQkBFhVDYXRhcGhyYWN0QG5l
dGNhYm8ucHSCAQEwCwYDVR0PBAQDAgXgMBEGCWCGSAGG+EIBAQQEAwIGQDAeBglg
hkgBhvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBBQUAA4ICAQAT
M7Id7nBSvaDXuStLunfeV0WPAh3DkKWCxw9YK0MjK7E/K5xEiYaWWbz9zuHEcKrN
MuflSdYVPXTqvD6mHLFNptOgzG6YMOO+rAAEYB5HZ/PYTO6UWAdSLlS96DpA4SS3
Qwmrc0eXe1p4U8noEN+N3+rAbetjOuvnLG/cpoQGcA8Mws84B/elzjRne5C8N1rF
Tvdb3bqIqvP1thuPfyh/uIKSQb5ZusHvj7ZBkEs+zQLBRnCcDK4ETXFM0TcKSPar
d11tve/91BqqemwlA+ntVrVTgi/pnw4wuWxa3GOVmeEeWgtv3063wZ3lGv/72PCh
gSjxoCoVLaLPTbC/iG2a5+ca2HcF0TjfJqYNCgosgRGlm5IunvuIv+g5jLcZcDSO
hMw+HzyF8GlDF166YRRb9nUL6AtBisdEw6uQW1vQFRRQS4SGMoArSBw2EBqd7Kvf
ruCMcrkudC8vbWQHMETEvhAXdAjgsIxLeGCPh0/8mtES1Lnr0TWIrM9evPJkKACj
f6CyIASkIDZKFf5JwuUh02qvuNLr/QRELfI1NnA1aTYMQQWWOVCBffu4ce+NPdtl
Uh1vRwWAWI0Zjszw3kUk2vHLbSXeD3bU7gP3IFa1X8XsXBW2SH+BfpNWHUilHj1I
bX+zqjfaRWDJuZqB9y6iTCu8DfBtbMiTUGcI/Rs9wQ==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQC1QBVApOClQ+C0U4nfDeQMkRNLjm1Z5P3qRSDU15gspb6M1sWH
E+g8m/teF96YJqqHa1urVx1hb3TpanUv541C91NgDYhAbgRAFSWZ/IhqQ4gyw39G
LNWQXT2+U1DBOloympO/vAHy+/BvFv2NsLZmFBQESDo8ifXx1Ky1sz0VnQIDAQAB
AoGBALUEnHUkdgv4P7o5WJACAomedqPWSlYmgoVvpvuLmrq0ihuFAGAIvL+TlTgD
JNfWfiejTDlSVtCSDTR1kzZVztitfXDxRkWEjGtFjMhk/DJkql3w10SUtcqCiWqw
/XknyPHZ7A+w7Fu5KRO2LoSIze2ZLKvCfP/M/pLR2fTKGTHtAkEA2NreT1GUnvzj
u1lb2J0nTZbSQHvEkfpEej9akl0Bc5UkskenEsiXE3cJYA1TbEGSqYCmt23x3Rd2
FYxm6MwV6wJBANX34ZuUOllsS0FJPbkEAps3M4s59daQSFiEkQc5XjPgVB0xVV7s
OEBlGkM3eqcCUOMnMI8L9wfBk49sELZCeJcCQQC/y/TL2q/EXo9c6I/faj+U1Exp
VA5rvhpKtTX6NeBOxh6Kv+z5JAja4nGcTqz2FpkM6giKO+erUFDUhjWOuNK5AkEA
xkmHnCRLxp8jRodXWeQrfigz7ixydLsVMGL5+9XgRPb5PGyBjwwePR70raH2Wls9
FqU0zPvrnBZ6Zwlgm2cSVQJAPLYA51Z9piajbTuggpioQ5qbUEDkJjmYHbm8eJnK
h5NW/EtCk4SBxAc+8ElPrvJjtZyOPWfm4vZF5sDKtC3Fkg==
-----END RSA PRIVATE KEY-----

47
php/ext/openssl/tests/bug54992.phpt Normal file
View File

@@ -0,0 +1,47 @@
--TEST--
Bug #54992: Stream not closed and error not returned when SSL CN_match fails
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'peer_name' => 'buga_buga',
]]);
phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx);
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`buga_buga' in %s on line %d
Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
Warning: stream_socket_client(): unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d
bool(false)

29
php/ext/openssl/tests/bug55259.phpt Normal file
View File

@@ -0,0 +1,29 @@
--TEST--
Bug #55259 (openssl extension does not get the DH parameters from DH key resource)
--SKIPIF--
<?php if (!extension_loaded("openssl")) die("skip"); ?>
--FILE--
<?php
$phex = 'dcf93a0b883972ec0e19989ac5a2ce310e1d37717e8d9571bb7623731866e61e' .
'f75a2e27898b057f9891c2e27a639c3f29b60814581cd3b2ca3986d268370557' .
'7d45c2e7e52dc81c7a171876e5cea74b1448bfdfaf18828efd2519f14e45e382' .
'6634af1949e5b535cc829a483b8a76223e5d490a257f05bdff16f2fb22c583ab';
$dh_details = array( 'p' => $phex, 'g' => '2' );
$dh = openssl_pkey_new(array( 'dh'=> array( 'p' => $phex, 'g' => '2' )));
var_dump($dh);
$dh = openssl_pkey_new(array( 'dh'=> array( 'p' => hex2bin($phex), 'g' => '2' )));
$details = openssl_pkey_get_details($dh);
var_dump(bin2hex($details['dh']['p']));
var_dump($details['dh']['g']);
var_dump(strlen($details['dh']['pub_key']) > 0);
var_dump(strlen($details['dh']['priv_key']) > 0);
echo "Done";
?>
--EXPECT--
bool(false)
string(256) "dcf93a0b883972ec0e19989ac5a2ce310e1d37717e8d9571bb7623731866e61ef75a2e27898b057f9891c2e27a639c3f29b60814581cd3b2ca3986d2683705577d45c2e7e52dc81c7a171876e5cea74b1448bfdfaf18828efd2519f14e45e3826634af1949e5b535cc829a483b8a76223e5d490a257f05bdff16f2fb22c583ab"
string(1) "2"
bool(true)
bool(true)
Done

38
php/ext/openssl/tests/bug55646.phpt Normal file
View File

@@ -0,0 +1,38 @@
--TEST--
Bug #55646: textual input in openssl_csr_new() is not expected in UTF-8
--SKIPIF--
<?php
if (!function_exists('openssl_csr_new'))
die('skip no openssl extension');
--FILE--
<?php
function stringAsHex($string){$unpacked = unpack("H*", $string);return implode(" ", str_split($unpacked[1],2));}
$config = array("digest_alg" => "sha1","x509_extensions" => "v3_ca","req_extensions" => "v3_req","private_key_bits" => 2048,"private_key_type" => OPENSSL_KEYTYPE_RSA,"encrypt_key" => false,);
$csr_info = array(
"countryName" => "US",
"stateOrProvinceName" => "Utah",
"localityName" => "Lindon",
"organizationName" => "Chinese",
"organizationalUnitName" => "IT \xe4\xba\x92",
"commonName" => "www.example.com",);
$private = openssl_pkey_new($config);
while (openssl_error_string()) {}
$csr_res = openssl_csr_new($csr_info, $private,
['config' => __DIR__. DIRECTORY_SEPARATOR . "openssl.cnf"]);
if (!$csr_res) {
while ($e = openssl_error_string()) { $err = $e; }
die("Failed; last error: $err");
}
openssl_csr_export($csr_res, $csr);
$output = openssl_csr_get_subject($csr);
echo "A: ".$csr_info["organizationalUnitName"]."\n";
echo "B: ".stringAsHex($csr_info["organizationalUnitName"])."\n";
echo "C: ".$output['OU']."\n";
echo "D: ".stringAsHex($output['OU'])."\n";
--EXPECT--
A: IT 互
B: 49 54 20 e4 ba 92
C: IT 互
D: 49 54 20 e4 ba 92

27
php/ext/openssl/tests/bug60632.phpt Normal file
View File

@@ -0,0 +1,27 @@
--TEST--
Bug #60632: openssl_seal fails with AES
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
?>
--FILE--
<?php
$pkey = openssl_pkey_new(array(
'digest_alg' => 'sha256',
'private_key_bits' => 1024,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'encrypt_key' => false,
'config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf',
));
$details = openssl_pkey_get_details($pkey);
$test_pubkey = $details['key'];
$pubkey = openssl_pkey_get_public($test_pubkey);
$encrypted = null;
$ekeys = array();
$result = openssl_seal('test phrase', $encrypted, $ekeys, array($pubkey), 'AES-256-CBC');
echo "Done";
?>
--EXPECTF--
Warning: openssl_seal(): Cipher algorithm requires an IV to be supplied as a sixth parameter in %s on line %d
Done

12
php/ext/openssl/tests/bug61124.phpt Normal file
View File

@@ -0,0 +1,12 @@
--TEST--
Bug #61124: Segmentation fault with openssl_decrypt
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
--FILE--
<?php
var_dump(openssl_decrypt('kzo w2RMExUTYQXW2Xzxmg==', 'aes-128-cbc', 'pass', false, 'pass'));
--EXPECTF--
Warning: openssl_decrypt(): IV passed is only 4 bytes long, cipher expects an IV of precisely 16 bytes, padding with \0 in %s on line %d
bool(false)

24
php/ext/openssl/tests/bug61930.phpt Normal file
View File

@@ -0,0 +1,24 @@
--TEST--
Bug #61930: openssl corrupts ssl key resource when using openssl_get_publickey()
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$cert = file_get_contents(__DIR__.'/cert.crt');
$data = <<<DATA
Please verify me
DATA;
$sig = 'f9Gyb6NV/ENn7GUa37ygTLcF93XHf5fbFTnoYF/O+fXbq3iChGUbET0RuhOsptlAODi6JsDLnJO4ikcVZo0tC1fFTj3LyCuPy3ZdgJbbVxQ/rviROCmuMFTqUW/Xa2LQYiapeCCgLQeWTLg7TM/BoHEkKbKLG/XT5jHvep1758A=';
$key = openssl_get_publickey($cert);
var_dump(openssl_get_publickey($key));
var_dump(openssl_verify($data, base64_decode($sig), $key));
?>
--EXPECTF--
resource(%d) of type (OpenSSL key)
int(1)

37
php/ext/openssl/tests/bug64802.pem Normal file
View File

@@ -0,0 +1,37 @@
-----BEGIN CERTIFICATE-----
MIIGfzCCBWegAwIBAgIQSVCinGH6MkvjJZjRyjK9nTANBgkqhkiG9w0BAQUFADCB
jjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNDAyBgNV
BAMTK0NPTU9ETyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0Ew
HhcNMTIwMjI5MDAwMDAwWhcNMTQwMjI4MjM1OTU5WjCCAW8xEjAQBgNVBAMTCXd3
dy5yZC5pbzERMA8GA1UEAxMIcmRpby5jb20xDjAMBgNVBAMTBXJkLmlvMRUwEwYD
VQQDEwxhcGkucmRpby5jb20xEjAQBgNVBAMTCWFwaS5yZC5pbzEQMA4GA1UEBRMH
NDU4NjAwNzETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgECEwhE
ZWxhd2FyZTEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYT
AlVTMQ4wDAYDVQQREwU5NDEwMzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
cmFuY2lzY28xFzAVBgNVBAkTDjE1NTAgQnJ5YW50IHN0MRMwEQYDVQQKEwpSZGlv
LCBJbmMuMSMwIQYDVQQLExpDT01PRE8gRVYgTXVsdGktRG9tYWluIFNTTDEVMBMG
A1UEAxMMd3d3LnJkaW8uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt0AgYOe8EBJNVBAuSJFLKHRKZn0/ObCLBFG4xVH/5fb1rfYHBT1XSjjOqR3t
iGC/A3esF8YC7TuHQcTLVephx0DtJv1ASxRg3zPM8ebBRsuul18N0W+sY1aNXpkd
36quxvjg5UdBrAweuekJ7OTSZcCe2Ry/SKBeZSWWtkWsI4krCLv7JaKUwxw2h+Hn
TAZSBLVxz/mixF0WYdepYwnq2Hm7XvvVEIQ7wxOQ9bA7iCevLojZOnb39BT2QII7
cy8AB47RZdfYg7UwaO3bST2rauA4MKar7/Ozqc0aemNFpLatJfgv07cydiuj9fsd
5aE/c8is8C9M9+7MmSMkcNEgGwIDAQABo4IB8zCCAe8wHwYDVR0jBBgwFoAUiERR
/1AqaV4tiPQhutkM8s7L6nwwHQYDVR0OBBYEFCrYw8bfrYJ61NS2yYx6/CnhjzT4
MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEFATArMCkGCCsG
AQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzBTBgNVHR8ETDBK
MEigRqBEhkJodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9FeHRlbmRlZFZh
bGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYQGCCsGAQUFBwEBBHgwdjBOBggr
BgEFBQcwAoZCaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPRXh0ZW5kZWRW
YWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8v
b2NzcC5jb21vZG9jYS5jb20wTAYDVR0RBEUwQ4IMd3d3LnJkaW8uY29tgglhcGku
cmQuaW+CDGFwaS5yZGlvLmNvbYIFcmQuaW+CCHJkaW8uY29tggl3d3cucmQuaW8w
DQYJKoZIhvcNAQEFBQADggEBAKFd4bPVFRyrlqIKPtrtMuqGqid6685ohxf0cv52
sjdRYwLVTjnZOrmkDdNaF3R2A1ZlVMRN+67rK+qfY5sTeijFcudV3/i0PDtOFRwP
6yYVD2uZmYkxfPiW309HPmDF+EzhxpVjWlTQEOwkfFLTmJmwl3Qu2Kffp8F1ENXW
OTVNvj5VtMghvzu68PpzKl1VjlOR4Ej9NCwh1dUjNKEoTPzvpehXsIZ7jHSpX/T1
wSSt9ckiechDdpgZXTzHgbxHNibK0Uhh+QhkBgYMj5F8qj5BlBhWAWqQa/VnEdmr
Pfo7U+QmadoqQd7qt06hE2hG1nfZ0vPJDbWV3oVSwG2Yt7I=
-----END CERTIFICATE-----

28
php/ext/openssl/tests/bug64802.phpt Normal file
View File

@@ -0,0 +1,28 @@
--TEST--
Bug #64802: openssl_x509_parse fails to parse subject properly in some cases
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!defined('OPENSSL_KEYTYPE_EC')) die("skip no EC available");
?>
--FILE--
<?php
$cert = file_get_contents(__DIR__.'/bug64802.pem');
$r = openssl_x509_parse($cert,$use_short_names=false);
var_dump($r['subject']['commonName']);
?>
--EXPECTF--
array(6) {
[0]=>
string(9) "www.rd.io"
[1]=>
string(8) "rdio.com"
[2]=>
string(5) "rd.io"
[3]=>
string(12) "api.rdio.com"
[4]=>
string(9) "api.rd.io"
[5]=>
string(12) "www.rdio.com"
}

BIN
php/ext/openssl/tests/bug65538.phar Normal file
View File

Binary file not shown.

52
php/ext/openssl/tests/bug65538_001.phpt Normal file
View File

@@ -0,0 +1,52 @@
--TEST--
Bug #65538: SSL context "cafile" supports stream wrappers
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
$client = @stream_socket_accept($server);
if ($client) {
$in = '';
while (!preg_match('/\r?\n\r?\n/', $in)) {
$in .= fread($client, 2048);
}
$response = "HTTP/1.0 200 OK\r\n"
. "Content-Type: text/plain\r\n"
. "Content-Length: 12\r\n"
. "Connection: close\r\n"
. "\r\n"
. "Hello World!";
fwrite($client, $response);
fclose($client);
}
CODE;
$clientCode = <<<'CODE'
$serverUri = "https://127.0.0.1:64321/";
$clientCtx = stream_context_create(['ssl' => [
'cafile' => 'file://' . __DIR__ . '/bug54992-ca.pem',
'peer_name' => 'bug54992.local',
]]);
phpt_wait();
$html = file_get_contents($serverUri, false, $clientCtx);
var_dump($html);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECT--
string(12) "Hello World!"

25
php/ext/openssl/tests/bug65538_002.phpt Normal file
View File

@@ -0,0 +1,25 @@
--TEST--
Bug #65538: SSL context "cafile" disallows URL stream wrappers
--SKIPIF--
<?php
if (!extension_loaded('openssl')) die('skip, openssl required');
if (getenv("SKIP_ONLINE_TESTS")) die("skip online test");
?>
--FILE--
<?php
$clientCtx = stream_context_create(['ssl' => [
// We don't get any ca list from php.net but it does not matter as we
// care about the fact that the external stream is not allowed.
// We can't use http://curl.haxx.se/ca/cacert.pem for this test
// as it is redirected to https which means the test would depend
// on system cafile when opening stream.
'cafile' => 'http://www.php.net',
]]);
file_get_contents('https://github.com', false, $clientCtx);
?>
--EXPECTF--
Warning: remote cafile streams are disabled for security purposes in %s on line %d
Warning: file_get_contents(): Failed to enable crypto in %s on line %d
Warning: file_get_contents(%s): failed to open stream: operation failed in %s on line %d

53
php/ext/openssl/tests/bug65538_003.phpt Normal file
View File

@@ -0,0 +1,53 @@
--TEST--
Bug #65538: SSL context "cafile" supports phar wrapper
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!extension_loaded("phar")) die("skip phar not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
$client = @stream_socket_accept($server);
if ($client) {
$in = '';
while (!preg_match('/\r?\n\r?\n/', $in)) {
$in .= fread($client, 2048);
}
$response = "HTTP/1.0 200 OK\r\n"
. "Content-Type: text/plain\r\n"
. "Content-Length: 12\r\n"
. "Connection: close\r\n"
. "\r\n"
. "Hello World!";
fwrite($client, $response);
fclose($client);
}
CODE;
$clientCode = <<<'CODE'
$serverUri = "https://127.0.0.1:64321/";
$clientCtx = stream_context_create(['ssl' => [
'cafile' => 'phar://' . __DIR__ . '/bug65538.phar/bug54992-ca.pem',
'peer_name' => 'bug54992.local',
]]);
phpt_wait();
$html = file_get_contents($serverUri, false, $clientCtx);
var_dump($html);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
string(12) "Hello World!"

28
php/ext/openssl/tests/bug65698.crt Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIEsTCCA5mgAwIBAgIQdwrGwrpRpBwdXS+ZsmsMGjANBgkqhkiG9w0BAQUFADA+
MQswCQYDVQQGEwJQTDEbMBkGA1UEChMSVW5pemV0byBTcC4geiBvLm8uMRIwEAYD
VQQDEwlDZXJ0dW0gQ0EwIhgPMjAwOTAzMDMxMjUzMThaGA8yMDI0MDMwMzEyNTMx
OFowdzELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVz
IFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEb
MBkGA1UEAxMSQ2VydHVtIExldmVsIElJIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA4LE0Ixw8h5Lper9tHVtZkWIujxYsPVgUZABeZZgQsKTdJjaG
VP64B/oiEV5Hd3AxRqaZ7dRRsf4Pg/PSS/2mHRQQ/SH3XACbrDHmucDvYgtU/WoZ
yp9d6PXVPY4j7J5t/52s+EbZD5swSuQLGjZ9iwg9sXX3JdJ9Ty+B3z80oiajpK0B
wqAxrcX3DekEOknj7LkAOK6iuQKI85REj4IVb9kD7KKIWdISGbfL4Ezh/TP51e0L
/WhTJ7lHbHbRzFfPU/oi3Qyt5tEexrPKe+6N+Jrejdb5Ya7Ne3tKujDU7KlbO+dn
pzFH7VHkBPJcQJ7QUrprPaqVsVg3JJ1PXTqVnwIDAQABo4IBbDCCAWgwDwYDVR0T
AQH/BAUwAwEB/zAdBgNVHQ4EFgQUgGIR3sBrpxDhCPBVtDCDv/qPCGAwUgYDVR0j
BEswSaFCpEAwPjELMAkGA1UEBhMCUEwxGzAZBgNVBAoTElVuaXpldG8gU3AuIHog
by5vLjESMBAGA1UEAxMJQ2VydHVtIENBggMBACAwDgYDVR0PAQH/BAQDAgEGMCwG
A1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly9jcmwuY2VydHVtLnBsL2NhLmNybDBoBggr
BgEFBQcBAQRcMFowKAYIKwYBBQUHMAGGHGh0dHA6Ly9zdWJjYS5vY3NwLWNlcnR1
bS5jb20wLgYIKwYBBQUHMAKGImh0dHA6Ly9yZXBvc2l0b3J5LmNlcnR1bS5wbC9j
YS5jZXIwOgYDVR0gBDMwMTAvBgRVHSAAMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8v
d3d3LmNlcnR1bS5wbC9DUFMwDQYJKoZIhvcNAQEFBQADggEBAI/jSDAW/w9qLzF6
4oQiIRB7dGKp2Nlj27xZFYDBRINn4DKyZExkpanASF2of9eEzvrS+qoDY29mhXCi
MkiGr0vCsVhn0ReUpjg4Z5SsiQhZ2BGSjXiOJgaDI7Dw1MH7Ru6jdfSbLyd97EFj
ER0ERGdrcA2kLw7KfQm78IkClXEEKjKnAUTn1d/5Y4UuBWDCEL0FLgO9AqNXEzIy
rlXVGIs73kdefAK+Z1T6dm83vUrDMyzemWNRBI2tVBujkN6zkaF6uPjE4hfoIkEQ
Z4317byFkG4mxjATU+tQLG1Bs88HUAOrxtJOo/WoeCNsFJaxbYPt4oQGxIVYdz29
OUX9CQA=
-----END CERTIFICATE-----

19
php/ext/openssl/tests/bug65698.phpt Normal file
View File

@@ -0,0 +1,19 @@
--TEST--
Bug #65689 (GeneralizedTime format parsing)
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$crt = substr(__FILE__, 0, -4).'.crt';
$info = openssl_x509_parse("file://$crt");
var_dump($info["validFrom"], $info["validFrom_time_t"], $info["validTo"], $info["validTo_time_t"]);
?>
Done
--EXPECTF--
string(15) "20090303125318Z"
int(12360%d)
string(15) "20240303125318Z"
int(17094%d)
Done

32
php/ext/openssl/tests/bug65729.pem Normal file
View File

@@ -0,0 +1,32 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDU8RgB8O2uR3ApjlxEX5rpCI+gIaZ3h0RBAF9rNA/s0pPTtX/e
NGJgDyuT/TF6mcv0I/0/s2WSmIE50NW6tgWZ7RoBdVw/MiByPt6vK1aDrggbycN/
C6RrxrEsdZe3E9CDZCFM1br8/8tnV19Ju80g8zY2MgDjAjSkeXN5yp3kgQIDAQAB
AoGBANFKKRt3TlRVmHLvndYB1YKmzGtJx5CBXV85247FO8W67lpNcGDYQbxCDMXG
PARQ9vl9CeK7EuDzjUdi7z40uujUOJtsLbMP6ikwKFi/tA2cW1yoLionZ3JkfyEr
4Uu8kkkIut0VLX8uuVz/Y03lt8Uzc+GvD2DPhkSQn80f10SFAkEA94EcjwFcwuVi
QofgOPbf7qfOoWDsXYhlMU9g1CaPJiMcMcvgoLK3V514oMDxlkvuLujlYeG9NvRS
tREluGsbywJBANxARX5MSzAkFRNZNZKDUvifdC0BA2Dqzd2iOJRcTdcebGENd7+e
oub/9lVLGrX7T4U2en8IXwJV4UHxwoQLz2MCQQCI1Bj8ui0VFgj/bOy5sUnVP3IN
Z27kuo3u98o5HuQOmmRw5xxU2thfGJBilqg4hdu0lU6SkWCwq9u5fDRVQumHAkAM
mJBg3LQgGLAr3xo1OtVv6o6WVEyBKmyDlFdwBKde+hpwoniKuOPQGitYTWdFqQ2v
LKJsyWnFlGvBfbYGHzbJAkEA17SgCf7Wx7NxuLCSMj/rd25ul0jlIrjx6+/HfyLb
+T2SXXU4g2DBiPngrfJ9jX8QGoLpZiBGcwX3QxssX5FgJQ==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICvDCCAiWgAwIBAgIJANOyJnvPEioVMA0GCSqGSIb3DQEBBQUAMEkxCzAJBgNV
BAYTAlNHMRIwEAYDVQQIEwlUZXN0dmlsbGUxETAPBgNVBAoTCGRhdGliYmF3MRMw
EQYDVQQDFAoqLnRlc3QuY29tMB4XDTE0MTAxNTEzMDg1OFoXDTM0MTAxMDEzMDg1
OFowSTELMAkGA1UEBhMCU0cxEjAQBgNVBAgTCVRlc3R2aWxsZTERMA8GA1UEChMI
ZGF0aWJiYXcxEzARBgNVBAMUCioudGVzdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBANTxGAHw7a5HcCmOXERfmukIj6AhpneHREEAX2s0D+zSk9O1f940
YmAPK5P9MXqZy/Qj/T+zZZKYgTnQ1bq2BZntGgF1XD8yIHI+3q8rVoOuCBvJw38L
pGvGsSx1l7cT0INkIUzVuvz/y2dXX0m7zSDzNjYyAOMCNKR5c3nKneSBAgMBAAGj
gaswgagwHQYDVR0OBBYEFErHO0eHLp9YvBWVvvhty/jGie5wMHkGA1UdIwRyMHCA
FErHO0eHLp9YvBWVvvhty/jGie5woU2kSzBJMQswCQYDVQQGEwJTRzESMBAGA1UE
CBMJVGVzdHZpbGxlMREwDwYDVQQKEwhkYXRpYmJhdzETMBEGA1UEAxQKKi50ZXN0
LmNvbYIJANOyJnvPEioVMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
gMv2HUUp0FMTYQ6tL9YgNUNARukxJzGDWweo4/YuNSgI+Ljpye4Nf1MpyDWfhZGc
QbUhfm5CdEvcBzZBtI0lLXs61yGdLnDH/6QHViXP2rlH0yeAABw8+wSdxuiZN1yR
ed4pNXU+tczgW2Ri2+T0ScOZd0XommKHrQnu2T9mMBY=
-----END CERTIFICATE-----

60
php/ext/openssl/tests/bug65729.phpt Normal file
View File

@@ -0,0 +1,60 @@
--TEST--
Bug #65729: CN_match gives false positive when wildcard is used
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug65729.pem'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
$expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com'];
foreach ($expected_names as $name) {
@stream_socket_accept($server, 1);
}
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
phpt_wait();
$expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com'];
foreach ($expected_names as $expected_name) {
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'allow_self_signed' => true,
'peer_name' => $expected_name,
]]);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx));
}
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not match expected CN=`foo.test.com.sg' in %s on line %d
Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
Warning: stream_socket_client(): unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d
bool(false)
resource(%d) of type (stream)
resource(%d) of type (stream)
Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not match expected CN=`foo.bar.test.com' in %s on line %d
Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
Warning: stream_socket_client(): unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d
bool(false)

22
php/ext/openssl/tests/bug66501.phpt Normal file
View File

@@ -0,0 +1,22 @@
--TEST--
Bug #66501: EC private key support in openssl_sign
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!defined('OPENSSL_KEYTYPE_EC')) die("skip no EC available");
--FILE--
<?php
$pkey = 'ASN1 OID: prime256v1
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEILPkqoeyM7XgwYkuSj3077lrsrfWJK5LqMolv+m2oOjZoAoGCCqGSM49
AwEHoUQDQgAEPq4hbIWHvB51rdWr8ejrjWo4qVNWVugYFtPg/xLQw0mHkIPZ4DvK
sqOTOnMoezkbSmVVMuwz9flvnqHGmQvmug==
-----END EC PRIVATE KEY-----';
$key = openssl_pkey_get_private($pkey);
$res = openssl_sign($data ='alpha', $sign, $key, 'SHA1');
var_dump($res);
--EXPECTF--
bool(true)

23
php/ext/openssl/tests/bug67403.phpt Normal file
View File

@@ -0,0 +1,23 @@
--TEST--
Bug #67403: Add signatureType to openssl_x509_parse
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
--FILE--
<?php
$r = openssl_x509_parse(file_get_contents(__DIR__.'/bug64802.pem'));
var_dump($r['signatureTypeSN']);
var_dump($r['signatureTypeLN']);
var_dump($r['signatureTypeNID']);
$r = openssl_x509_parse(file_get_contents(__DIR__.'/bug37820cert.pem'));
var_dump($r['signatureTypeSN']);
var_dump($r['signatureTypeLN']);
var_dump($r['signatureTypeNID']);
--EXPECTF--
string(8) "RSA-SHA1"
string(21) "sha1WithRSAEncryption"
int(65)
string(7) "RSA-MD5"
string(20) "md5WithRSAEncryption"
int(8)

33
php/ext/openssl/tests/bug68265.pem Normal file
View File

@@ -0,0 +1,33 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIuw/AFD7RWcMCAggA
MBQGCCqGSIb3DQMHBAh98F6GmaGn1ASCAoBpzaFxyttEhyh4dhMjarJIqTz24DjO
yZnp1K5qthejSYx2P28uUsh+gQOh6F2jbVAq++eAWkTBGuc4pWhhoT7nY8vhf0Y0
6yTlVrTxuI/8MNo/lfa0xE/+ZD4B5zp0hQxfij4GTd8l6V/kpXMgiYD1JmIXArm7
sucn+9XV3RucsTBpeIJ1nLEDfpbyEWqNfhoyskQ+S3I6HkMgELI9JpsO6OR9fh1Q
ttdoYxBU+YjoDYcSWRGkTGrJFeGGhTQzz+L2ijgoqNWDSfrLBoQR1bqNVUuw6gcE
9PpA/vpRlxcHbUNNkOWft+4e0tV3I2EqscEcsYeNbd2Ta4yu7f6pk4/Kxn40wrQ8
6Ss9GZylghaFth2xppL/vpmGaCC7FqpZRh+NKqjlcBobIkwyRcsQrPHB0CYLPHA4
yak/dNTY8L5K8Rtd5XG3+E41CoDF6ssNY0Kw7l9kAn/neDVh+WnQkWIiWPmq210a
p4L/uiXRK7aYi+UqKJ5+svayNw2w1dkqpbeejwLq2F1+ek/447JFPVJcvP8Nm7sr
04Mcg+ZHusZdjiWEv4W6CBq8o6eF2JdhfpSDgPkHwiZ/EarHfx0vcYIMJhlEQBmk
a/XsZPk2wnamKSPfJautO3MIus0M6SniWF6eDA4/AZzSjXV8Vc0unb6lc+Nc8tJa
6MU1soTsmki/YraCmQswqpL+kXFZVeHuLowOC5oH+CimQoscmiZ9tBvpnYo6XwEZ
S9jZRIBQ77oMku+rlMPfz2FURgVXZpEfrGmxKvA5Vt3ojrYfTwwD2YqZHVcm39zy
iKqA1qVt7A2A90ILMAzYnN0VRE4SO3yIDN1ZBp5OOY61AduPrhpaHl81
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICdjCCAd+gAwIBAgIJAPbIVRT31Al2MA0GCSqGSIb3DQEBCwUAMFgxCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
Q29tcGFueSBMdGQxFDASBgNVBAMMC3BocCB0ZXN0IGNhMB4XDTE1MDMwNTA2MTYz
MFoXDTI1MDMwMjA2MTYzMFowUjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUw
EwYDVQQHDAxNeXJ0bGUgQmVhY2gxDDAKBgNVBAsMA1BIUDERMA8GA1UEAwwIdGVz
dC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKp5gxUbKvY5eFwZJti0
6d6YBo400Or6M+bLfIMnz5C1WQ7dMfiQpeFLpSIlOIaFqyrqkeeR9k5dsx1K9FOu
PAJ4+lmWA4R93RpdJFz8kmQoNu3P59JMATXi8wvNBIrN/Vc08NT0wBRImeyQSVHd
UcFIXBEbBM0dQsPKQ1k8n5WDAgMBAAGjTjBMMAkGA1UdEwQCMAAwCwYDVR0PBAQD
AgXgMDIGA1UdEQQrMCmCEmRlYnMuYWstb25saW5lLmJlLoITZGVicy5hay1vbmxp
bmUubmV0LjANBgkqhkiG9w0BAQsFAAOBgQB8PaLt+IX690UIbHKuko4qAdc5SzWA
Vbm3D4StZeFwWQbZbBGFCDn0/0ON0iDv4JUgZnaX84mBDPczN26QG2PJND0Cggmi
umylEVYhclPF4RoGcoKd3jT2igzDNyzk/lu+NUtRv/Nj161ds9vb9XiOrEkPn8Ne
mzz3wA0D5A65lw==
-----END CERTIFICATE-----

41
php/ext/openssl/tests/bug68265.phpt Normal file
View File

@@ -0,0 +1,41 @@
--TEST--
Bug #68265: SAN match fails with trailing DNS dot
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug68265.pem',
'passphrase' => 'elephpant',
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
stream_socket_accept($server, 30);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_peer_name' => true,
'peer_name' => 'debs.ak-online.net',
]]);
phpt_wait();
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)

33
php/ext/openssl/tests/bug68879.pem Normal file
View File

@@ -0,0 +1,33 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIuw/AFD7RWcMCAggA
MBQGCCqGSIb3DQMHBAh98F6GmaGn1ASCAoBpzaFxyttEhyh4dhMjarJIqTz24DjO
yZnp1K5qthejSYx2P28uUsh+gQOh6F2jbVAq++eAWkTBGuc4pWhhoT7nY8vhf0Y0
6yTlVrTxuI/8MNo/lfa0xE/+ZD4B5zp0hQxfij4GTd8l6V/kpXMgiYD1JmIXArm7
sucn+9XV3RucsTBpeIJ1nLEDfpbyEWqNfhoyskQ+S3I6HkMgELI9JpsO6OR9fh1Q
ttdoYxBU+YjoDYcSWRGkTGrJFeGGhTQzz+L2ijgoqNWDSfrLBoQR1bqNVUuw6gcE
9PpA/vpRlxcHbUNNkOWft+4e0tV3I2EqscEcsYeNbd2Ta4yu7f6pk4/Kxn40wrQ8
6Ss9GZylghaFth2xppL/vpmGaCC7FqpZRh+NKqjlcBobIkwyRcsQrPHB0CYLPHA4
yak/dNTY8L5K8Rtd5XG3+E41CoDF6ssNY0Kw7l9kAn/neDVh+WnQkWIiWPmq210a
p4L/uiXRK7aYi+UqKJ5+svayNw2w1dkqpbeejwLq2F1+ek/447JFPVJcvP8Nm7sr
04Mcg+ZHusZdjiWEv4W6CBq8o6eF2JdhfpSDgPkHwiZ/EarHfx0vcYIMJhlEQBmk
a/XsZPk2wnamKSPfJautO3MIus0M6SniWF6eDA4/AZzSjXV8Vc0unb6lc+Nc8tJa
6MU1soTsmki/YraCmQswqpL+kXFZVeHuLowOC5oH+CimQoscmiZ9tBvpnYo6XwEZ
S9jZRIBQ77oMku+rlMPfz2FURgVXZpEfrGmxKvA5Vt3ojrYfTwwD2YqZHVcm39zy
iKqA1qVt7A2A90ILMAzYnN0VRE4SO3yIDN1ZBp5OOY61AduPrhpaHl81
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICkTCCAfqgAwIBAgIJAPbIVRT31Al1MA0GCSqGSIb3DQEBCwUAMFgxCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
Q29tcGFueSBMdGQxFDASBgNVBAMMC3BocCB0ZXN0IGNhMB4XDTE1MDMwNTA0NTQx
NVoXDTI1MDMwMjA0NTQxNVowUjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUw
EwYDVQQHDAxNeXJ0bGUgQmVhY2gxDDAKBgNVBAsMA1BIUDERMA8GA1UEAwwIdGVz
dC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKp5gxUbKvY5eFwZJti0
6d6YBo400Or6M+bLfIMnz5C1WQ7dMfiQpeFLpSIlOIaFqyrqkeeR9k5dsx1K9FOu
PAJ4+lmWA4R93RpdJFz8kmQoNu3P59JMATXi8wvNBIrN/Vc08NT0wBRImeyQSVHd
UcFIXBEbBM0dQsPKQ1k8n5WDAgMBAAGjaTBnMAkGA1UdEwQCMAAwCwYDVR0PBAQD
AgXgME0GA1UdEQRGMESCCHRlc3QuY29tggx3d3cudGVzdC5jb22CEnN1YmRvbWFp
bi50ZXN0LmNvbYcQAAAAAAAAAAAAAP//CgIAAYcECgIAATANBgkqhkiG9w0BAQsF
AAOBgQBZ4TptNXV85gNj3wcB5feWFcwKO8cN4hwnhrbqiHN280r9O/g1CQiLmB4K
2txrJt06UNCnvWse7CdvsN14wu6rRGRk/+7M36NBw5ERkAzp5HXgZUWVdMl3YltB
PpqbLhGGrkVn7/jW2FdAxfax7qaGDYgC3qcQNfiK6K92SPxV7Q==
-----END CERTIFICATE-----

41
php/ext/openssl/tests/bug68879.phpt Normal file
View File

@@ -0,0 +1,41 @@
--TEST--
Bug #68879: Match IP address fields in subjectAltName checks
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug68879.pem',
'passphrase' => 'elephpant',
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
stream_socket_accept($server, 30);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_peer_name' => true,
'peer_name' => '10.2.0.1',
]]);
phpt_wait();
var_dump(stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)

21
php/ext/openssl/tests/bug68912.phpt Normal file
View File

@@ -0,0 +1,21 @@
--TEST--
Bug #68912 (Segmentation fault at openssl_spki_new)
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!extension_loaded("xml")) die("skip xml extension not loaded");
if (!@openssl_pkey_new()) die("skip cannot create private key");
?>
--FILE--
<?php
$var1=xml_parser_create_ns();
$var2=2;
$var3=3;
openssl_spki_new($var1, $var2, $var3);
?>
--EXPECTF--
Warning: openssl_spki_new(): supplied resource is not a valid OpenSSL X.509/key resource in %sbug68912.php on line %d
Warning: openssl_spki_new(): Unable to use supplied private key in %sbug68912.php on line %d

81
php/ext/openssl/tests/bug68920.phpt Normal file
View File

@@ -0,0 +1,81 @@
--TEST--
Bug #68920: peer_fingerprint input checks should be strict
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/san-cert.pem',
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
stream_socket_accept($server, 30);
stream_socket_accept($server, 30);
stream_socket_accept($server, 30);
stream_socket_accept($server, 30);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
phpt_wait();
$ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => true]]);
$sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
var_dump($sock);
$ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => null]]);
$sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
var_dump($sock);
$ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => []]]);
$sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
var_dump($sock);
$ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => ['foo']]]);
$sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
var_dump($sock);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Expected peer fingerprint must be a string or an array in %s on line %d
Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
Warning: stream_socket_client(): unable to connect to %s (Unknown error) in %s on line %d
bool(false)
Warning: stream_socket_client(): Expected peer fingerprint must be a string or an array in %s on line %d
Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
Warning: stream_socket_client(): unable to connect to %s (Unknown error) in %s on line %d
bool(false)
Warning: stream_socket_client(): Invalid peer_fingerprint array; [algo => fingerprint] form required in %s on line %d
Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d
Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
Warning: stream_socket_client(): unable to connect to %s (Unknown error) in %s on line %d
bool(false)
Warning: stream_socket_client(): Invalid peer_fingerprint array; [algo => fingerprint] form required in %s on line %d
Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d
Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
Warning: stream_socket_client(): unable to connect to %s (Unknown error) in %s on line %d
bool(false)

16
php/ext/openssl/tests/bug69215-ca.pem Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE-----
MIICfjCCAeegAwIBAgIJAMO7Amv3ZHJBMA0GCSqGSIb3DQEBCwUAMFgxCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
Q29tcGFueSBMdGQxFDASBgNVBAMMC3BocCB0ZXN0IGNhMB4XDTE1MDMwMzE3NTQz
OVoXDTI1MDIyODE3NTQzOVowWDELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1
bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEUMBIGA1UEAwwL
cGhwIHRlc3QgY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKac+r8AzEEk
Cdnue7nx3gxmsXTYzwnywjjGJSknoWCdNEE+LqtT8RU0J+V76w4ehWRnhLVtu//v
3InsrpcniGfTcov60NelHQOfn5XCCV5zqVi628WddwwdVw4AI58K3YrNk450VCBu
dMy6m2Tm+dQwgVbtR+nIwzfm47CMWW2DAgMBAAGjUDBOMB0GA1UdDgQWBBTtMxRr
plep4RW3PjhosYsIdIoMojAfBgNVHSMEGDAWgBTtMxRrplep4RW3PjhosYsIdIoM
ojAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBADMF2pL8jCF6PFPhMuFN
zxoLSuy6uLAkjkujo5e33kSUW5MI4jT/aoL2hnBPA4uJPC/TZXoBHKBpnPES2GkJ
r7tOR51Jsk7HRTdvOMkcdD9Fe+M+Q5rOMUlCtyX/SRhc1uFnC2//Y/rx4Tc8djGl
RqrH/Oi38u1083krmNRQNw/Z
-----END CERTIFICATE-----

32
php/ext/openssl/tests/bug69215-client.pem Normal file
View File

@@ -0,0 +1,32 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CE3DEB59F7DF7AF4
9REujZuwDkwoN949Gw77c3aJiQvwoPiUXJ+cDirn4ii56OsHBSCWfCe4Mqn976GK
9IAPwHJ5yRewPpFvb+xRqtMtnm8S7HIfVtZqW4FkG+g/paEg6rwqVpW78Jco/gww
6XFGrmU1bwKWrB05YV1BWnbB4L7Q+/U0ZcNvdNISOBW//2HuHeKVWe1DKoaRtoVz
v4BFQxr7F3A9tm3vz9Jn2JreVrihdWQVlVTVOsfiQk/yPVA7twxiT2Hfimp/gFSX
l28rA+jB7xd6IhpA/EXAYnCbxSp9kSXYtba26dO3rQHlgRv1a38AwvCD/3igQzF/
XjetX2a75ITi5c7bUT4ZpVX8ZPU8oVBqSo6MXisFWBT0Svx+KhWyyn2V0z66APdR
X1V6dZiAcqN7giRg3Yj/lMDo0nV4Ph+Ce7p3Mv/p4qU0mxf7O8sPhp7DloHQFEF0
HyooNp26YT4V47NDxwIlkoj9YZ5nkO/svQ1qxiTKWNUdfWw5r3lFiAw5xTyDDiBs
Sz776DaFo3Ss3JSUr5RLe4rEEc02iVqYB9OPXoUaUwS+//1KKgzF3xq/yxsJM5dR
ljphraCViZzJPw4z69Lmao9CPRfDxKChVOSLkKgmFIOeronLdTypieanc3/o002c
2ecb/x9f7G2XAn0iwcfylMkSZHirxqaos8LodsPxg8GdNJT89C66n+EJerrFwi6i
qT0EvNfkbxYd3zj82+j1weNFLsQuB0O1UJBWEdyj74gIX+4HkZpSYLQ2O8MTz3yE
52JcRRyl9ECdNJw15jkDQIusUreYMHb7YW+u+3+ci21H94Iay5XSYw==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICKDCCAZECCQD2yFUU99QJdzANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJY
WDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBh
bnkgTHRkMRQwEgYDVQQDDAtwaHAgdGVzdCBjYTAeFw0xNTAzMTAyMzM0MDNaFw0y
NTAzMDcyMzM0MDNaMFkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzEVMBMGA1UE
BwwMTXlydGxlIEJlYWNoMQwwCgYDVQQLDANQSFAxGDAWBgNVBAMMD2J1ZzY5MjE1
LWNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyLTbIGryqx0wGDD+
xdrJsrcwXFyTYpCOHUaxl1wt/6j6u7yW5m4TJFEDUtIGnqBGYiPE9iynkLkOwUF/
IpheONJENIjXkdSJPUEy/Ggz9WOa0qO6dQZU44NpGO7LFW97HglBIsbhioOsdcf/
INAgidoMJNizkuTBNRGW7iKp0lsCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBKkZLQ
aU12/cPvW5e9AXArnE9jxMhnzuCKy81eHj30CC/nHpId9i5YZytHcZEZyEOWE6DQ
IsqmsP5ZheXq26mUtHOcEdEgcqcXTRotKXFwIxTZxP5jkCRn0xGbeHh7H9pg6TP0
QekWTkWCh5qcf3NXvJtk4TCfLC6FSjehHkq9yQ==
-----END CERTIFICATE-----

32
php/ext/openssl/tests/bug69215-server.pem Normal file
View File

@@ -0,0 +1,32 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,4C7155D678EDABFA
NdOGB8UpC5xrnCFIOzxV6s4y4PZlxgX8s+iL/JeGVmS7a8pDSTzbb6wjauYy3n/2
KCywHsFdAjifi8SGHJOJBVep3GS7dWw979vWdiKjQEAlJpoouv6P58Xpn4jDf1uX
ZrpmSTXI0iH7HYE2pzrkxPbg0Cz5GV2d2VlL7U5d4+UxXh8fSBndgHligmoc8mCU
1AG7ZmvPhMDTewhR333qKBYi9TBZuw75Crpy5CjPO30vBMfZpseOvtEnmI0JYGwe
75Q3e6sgY0o9b7Q42+g9v+FpGBTHhmldwYD7k1TtOC/PT4eO68E3mDawR2v+X9r8
4jL22d3tB4Q4qAfBwbR37umTaQHLIxtjzc2OjXb/Ju35LW9d0hEuaAQK3oY8yeEi
gctYWrCN4K+cxZQwq1+ulpkHXULGs9QxXT9KJYfV1+HWkauWUSycFhA74jWW0mL5
InlGaFf6oiRrP4lgRVXD3rtTLCwkCD2JcvTbF+re9+vCpui7zPW2peGwcE/W7TiK
wHFJhQQyYGcAWsal7ekXshTLoz4jeaPgak7dg50ZjjwcWr0bJuJ3RRaocMhYZ6Bd
DiF30nCijVSJfrLhugN2RJmSysT4WNXn5qaDGEOhVgkXZscZ3ClFGsMnxAz9sqbJ
J+ZMbqxkwSIf/+dPfhnjOWm3HPpP3T9wioYZT7KuI98pfGnHMZmX5CaJ6d/uBO5G
8jMvQLWOx+1WoDfWDkn7SfNDyTg4/dEo5IJFXv2S9zSPynCnQcBkYUevIfJ7vDo/
7pXCkcY+C1zssW8R1J+WNbHI1syzVbvSg6hlgyEPXuDbErCRqiFm1g==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICKDCCAZECCQD2yFUU99QJeDANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJY
WDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBh
bnkgTHRkMRQwEgYDVQQDDAtwaHAgdGVzdCBjYTAeFw0xNTAzMTAyMzM1MjFaFw0y
NTAzMDcyMzM1MjFaMFkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzEVMBMGA1UE
BwwMTXlydGxlIEJlYWNoMQwwCgYDVQQLDANQSFAxGDAWBgNVBAMMD2J1ZzY5MjE1
LXNlcnZlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAup0kaIwQufxQWXmE
QWbd7yxMQ69UHRhbb2stAo7qxmYMeH3bWCaR/oAPOswjtkXZQgyj0slLAWJDXKDg
zCnEKsU2yWLnvQy/h1rq/kBIybMoLKMIkRZQtrGcApKJtyrq8OtTz6odKQ7k9hym
DtPF+2lcVhSAd+qjngF3txrVKjsCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCfXuL4
TODLV54uKKVdVGwr8U3EQ3JdYOqN3Hr9kpmxe6StIcLxQ1e+mSDgKcixzw6CXN3P
f++8NugAt4Ja2SDqqw1gzrX+9u6KZpnMKpEDIK0Z3Ss51ZwqilAXmFVybNTyYeVo
HweM1IY/zrBpSTQv/aKs1R2Pyb0Heindnp0PUQ==
-----END CERTIFICATE-----

48
php/ext/openssl/tests/bug69215.phpt Normal file
View File

@@ -0,0 +1,48 @@
--TEST--
Bug #69215: Crypto servers should send client CA list
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug69215-server.pem',
'passphrase' => 'elephpant',
'cafile' => __DIR__ . '/bug69215-ca.pem',
'verify_peer' => true,
'verify_peer_name' => true,
'peer_name' => 'bug69215-client',
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
stream_socket_accept($server, 30);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug69215-client.pem',
'passphrase' => 'elephpant',
'cafile' => __DIR__ . '/bug69215-ca.pem',
'verify_peer' => true,
'verify_peer_name' => true,
'peer_name' => 'bug69215-server',
]]);
phpt_wait();
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)

19
php/ext/openssl/tests/bug70395.phpt Normal file
View File

@@ -0,0 +1,19 @@
--TEST--
Bug #70395 (Missing ARG_INFO for openssl_seal())
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
?>
--FILE--
<?php
$func = new ReflectionFunction('openssl_seal');
$param = $func->getParameters()[4];
var_dump($param);
var_dump($param->isOptional());
?>
--EXPECTF--
object(ReflectionParameter)#%d (1) {
["name"]=>
string(6) "method"
}
bool(true)

29
php/ext/openssl/tests/bug70438.phpt Normal file
View File

@@ -0,0 +1,29 @@
--TEST--
Request #70438: Add IV parameter for openssl_seal and openssl_open
--SKIPIF--
<?php
if (!extension_loaded("openssl")) {
print "skip";
}
if (!in_array('AES-128-CBC', openssl_get_cipher_methods(true))) {
print "skip";
}
?>
--FILE--
<?php
$data = "openssl_seal() test";
$cipher = 'AES-128-CBC';
$pub_key = "file://" . dirname(__FILE__) . "/public.key";
$priv_key = "file://" . dirname(__FILE__) . "/private_rsa_1024.key";
openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), $cipher);
openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), 'sparkles', $iv);
openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), $cipher, $iv);
openssl_open($sealed, $decrypted, $ekeys[0], $priv_key, $cipher, $iv);
echo $decrypted;
?>
--EXPECTF--
Warning: openssl_seal(): Cipher algorithm requires an IV to be supplied as a sixth parameter in %s on line %d
Warning: openssl_seal(): Unknown signature algorithm. in %s on line %d
openssl_seal() test

16
php/ext/openssl/tests/bug71475.phpt Normal file
View File

@@ -0,0 +1,16 @@
--TEST--
Bug #71475: openssl_seal() uninitialized memory usage
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
?>
--FILE--
<?php
$_ = str_repeat("A", 512);
openssl_seal($_, $_, $_, array_fill(0,64,0));
?>
DONE
--EXPECTF--
Warning: openssl_seal(): not a public key (1th member of pubkeys) in %s%ebug71475.php on line %d
DONE

25
php/ext/openssl/tests/bug71917.phpt Normal file
View File

@@ -0,0 +1,25 @@
--TEST--
Bug #71917: openssl_open() returns junk on envelope < 16 bytes
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
?>
--FILE--
<?php
function test($envkey) {
$publicKey = "file://" . dirname(__FILE__) . "/public.key";
$privateKey = "file://" . dirname(__FILE__) . "/private_rsa_1024.key";
openssl_public_encrypt($envkey, $envelope, $publicKey);
$sealed = openssl_encrypt('plaintext', 'rc4', $envkey, OPENSSL_RAW_DATA | OPENSSL_DONT_ZERO_PAD_KEY);
openssl_open($sealed, $output, $envelope, $privateKey, 'rc4');
var_dump($output === 'plaintext');
}
// works - key of 16 bytes
test('1234567890123456i');
// fails - key of 15 bytes
test('123456789012345');
?>
--EXPECT--
bool(true)
bool(true)

17
php/ext/openssl/tests/bug72165.phpt Normal file
View File

@@ -0,0 +1,17 @@
--TEST--
Bug #72165 Null pointer dereference - openssl_csr_new
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$var0 = array(0 => "hello", 1 => "world");
$var2 = openssl_csr_new(array(0),$var0,null,array(0));
?>
==DONE==
--EXPECTF--
Warning: openssl_csr_new(): dn: numeric fild names are not supported in %sbug72165.php on line %d
Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min -> 4 (failed; check error queue and value of string_mask OpenSSL option if illegal characters are reported) in %sbug72165.php on line %d
==DONE==

68
php/ext/openssl/tests/bug72333.phpt Normal file
View File

@@ -0,0 +1,68 @@
--TEST--
Bug #72333: fwrite() on non-blocking SSL sockets doesn't work
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$serverCode = <<<'CODE'
$context = stream_context_create(['ssl' => ['local_cert' => __DIR__ . '/bug54992.pem']]);
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$fp = stream_socket_server("ssl://127.0.0.1:10011", $errornum, $errorstr, $flags, $context);
phpt_notify();
$conn = stream_socket_accept($fp);
$total = 100000;
$result = fread($conn, $total);
stream_set_blocking($conn, false);
usleep(50000);
$read = [$conn];
while (stream_select($read, $write, $except, 1)) {
$result = fread($conn, 100000);
if (!$result) {
break;
}
$total += strlen($result);
if ($total >= 4000000) {
break;
}
}
phpt_wait();
CODE;
$clientCode = <<<'CODE'
$context = stream_context_create(['ssl' => ['verify_peer' => false, 'peer_name' => 'bug54992.local']]);
phpt_wait();
$fp = stream_socket_client("ssl://127.0.0.1:10011", $errornum, $errorstr, 3000, STREAM_CLIENT_CONNECT, $context);
stream_set_blocking($fp, false);
function blocking_fwrite($fp, $buf) {
$write = [$fp];
$total = 0;
while (stream_select($read, $write, $except, 1)) {
$result = fwrite($fp, $buf);
if (!$result) {
break;
}
$total += $result;
if ($total >= strlen($buf)) {
return $total;
}
$buf = substr($buf, $total);
}
}
$str1 = str_repeat("a", 4000000);
blocking_fwrite($fp, $str1);
phpt_notify();
echo "done";
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--EXPECT--
done

24
php/ext/openssl/tests/bug72336.phpt Normal file
View File

@@ -0,0 +1,24 @@
--TEST--
Bug #72336 (openssl_pkey_new does not fail for invalid DSA params)
--SKIPIF--
<?php if (!extension_loaded("openssl")) print "skip"; ?>
--FILE--
<?php
$p = '00f8000ae45b2dacb47dd977d58b719d097bdf07cb2c17660ad898518c08' .
'1a61659a16daadfaa406a0a994c743df5eda07e36bd0adcad921b77432ff' .
'24ccc31e782d647e66768122b578857e9293df78387dc8b44af2a4a3f305' .
'1f236b1000a3e31da489c6681b0031f7ec37c2e1091bdb698e7660f135b6' .
'996def90090303b7ad';
$q = '009b3734fc9f7a4a9d6437ec314e0a78c2889af64b';
$g = '00b320300a0bc55b8f0ec6edc218e2185250f38fbb8291db8a89227f6e41' .
'00d47d6ccb9c7d42fc43280ecc2ed386e81ff65bc5d6a2ae78db7372f5dc' .
'f780f4558e7ed3dd0c96a1b40727ac56c5165aed700a3b63997893a1fb21' .
'4e882221f0dd9604820dc34e2725dd6901c93e0ca56f6d76d495c332edc5' .
'b81747c4c447a941f3';
var_dump(openssl_pkey_new(array('dsa' => array('p' => $p, 'q' => $q, 'g' => $g))));
?>
--EXPECT--
bool(false)

14
php/ext/openssl/tests/bug72362.phpt Normal file
View File

@@ -0,0 +1,14 @@
--TEST--
Bug #72362: OpenSSL Blowfish encryption is incorrect for short keys
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
?>
--FILE--
<?php
var_dump(bin2hex(openssl_encrypt("this is a test string","bf-ecb","12345678", OPENSSL_RAW_DATA | OPENSSL_DONT_ZERO_PAD_KEY)));
var_dump(bin2hex(openssl_encrypt("this is a test string","bf-ecb","1234567812345678" , OPENSSL_RAW_DATA)));
?>
--EXPECT--
string(48) "e3214d1b16e574828c8a3e222202dde81afd1ad2cb165ab3"
string(48) "e3214d1b16e574828c8a3e222202dde81afd1ad2cb165ab3"

45
php/ext/openssl/tests/bug73072.phpt Normal file
View File

@@ -0,0 +1,45 @@
--TEST--
Bug #73072: Invalid path SNI_server_certs causes segfault
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
?>
--FILE--
<?php
$serverCode = <<<'CODE'
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/domain1.pem',
'SNI_server_certs' => [
"domain1.com" => __DIR__ . "/sni_server_domain1.pem",
"domain2.com" => __DIR__ . "/not_existing.pem",
]
]]);
$server = stream_socket_server('tls://127.0.0.1:64322', $errno, $errstr, $flags, $ctx);
phpt_notify();
@stream_socket_accept($server, 3);
// if there is a segfault, this won't be called
fwrite(STDERR, "done\n");
CODE;
$clientCode = <<<'CODE'
$flags = STREAM_CLIENT_CONNECT;
$ctxArr = [
'cafile' => __DIR__ . '/sni_server_ca.pem',
'capture_peer_cert' => true
];
phpt_wait();
$ctxArr['peer_name'] = 'domain1.com';
$ctx = stream_context_create(['ssl' => $ctxArr]);
@stream_socket_client("tls://127.0.0.1:64322", $errno, $errstr, 1, $flags, $ctx);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--EXPECT--
done

25
php/ext/openssl/tests/bug73478.phpt Normal file
View File

@@ -0,0 +1,25 @@
--TEST--
Bug #73478: openssl_pkey_new() generates wrong pub/priv keys with Diffie Hellman
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
?>
--FILE--
<?php
$details = [
'p' => base64_decode('3Pk6C4g5cuwOGZiaxaLOMQ4dN3F+jZVxu3Yjcxhm5h73Wi4niYsFf5iRwuJ6Y5w/KbYIFFgc07LKOYbSaDcFV31FwuflLcgcehcYduXOp0sUSL/frxiCjv0lGfFOReOCZjSvGUnltTXMgppIO4p2Ij5dSQolfwW9/xby+yLFg6s='),
'g' => base64_decode('Ag=='),
'priv_key' => base64_decode('jUdcV++P/m7oUodWiqKqKXZVenHRuj92Ig6Fmzs7QlqVdUc5mNBxmEWjug+ObffanPpOeab/LyXwjNMzevtBz3tW4oROau++9EIMJVVQr8fW9zdYBJcYieC5l4t8nRj5/Uu/Z0G2rWVLBleSi28mqqNEvnUs7uxYxrar69lwQYs=')
];
$opensslKeyResource = openssl_pkey_new(['dh' => $details]);
$data = openssl_pkey_get_details($opensslKeyResource);
printf("Private key:\n%s\n", base64_encode($data['dh']['priv_key']));
printf("Public key:\n%s\n", base64_encode($data['dh']['pub_key']));
?>
--EXPECT--
Private key:
jUdcV++P/m7oUodWiqKqKXZVenHRuj92Ig6Fmzs7QlqVdUc5mNBxmEWjug+ObffanPpOeab/LyXwjNMzevtBz3tW4oROau++9EIMJVVQr8fW9zdYBJcYieC5l4t8nRj5/Uu/Z0G2rWVLBleSi28mqqNEvnUs7uxYxrar69lwQYs=
Public key:
0DmJUe9dr02pAtVoGyLHdC+rfBU3mDCelKGPXRDFHofx6mFfN2gcZCmp/ab4ezDXfpIBOatpVdbn2fTNUGo64DtKE2WGTsZCl90RgrGUv8XW/4WDPXeE7g5u7KWHBG/LCE5+XsilE5P5/GIyqr9gsiudTmk+H/hiYZl9Smar9k0=

3
php/ext/openssl/tests/bug73711.cnf Normal file
View File

@@ -0,0 +1,3 @@
[ req ]
default_bits = 384

17
php/ext/openssl/tests/bug73711.phpt Normal file
View File

@@ -0,0 +1,17 @@
--TEST--
Bug #73711: Segfault in openssl_pkey_new when generating DSA or DH key
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
?>
--FILE--
<?php
$cnf = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'bug73711.cnf';
var_dump(openssl_pkey_new(["private_key_type" => OPENSSL_KEYTYPE_DSA, 'config' => $cnf]));
var_dump(openssl_pkey_new(["private_key_type" => OPENSSL_KEYTYPE_DH, 'config' => $cnf]));
echo "DONE";
?>
--EXPECTF--
resource(%d) of type (OpenSSL key)
resource(%d) of type (OpenSSL key)
DONE

31
php/ext/openssl/tests/bug73833.phpt Normal file
View File

@@ -0,0 +1,31 @@
--TEST--
Bug #73833: null character not allowed in openssl_pkey_get_private
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
?>
--FILE--
<?php
$passwords = ["abc\x00defghijkl", "abcdefghikjl"];
$conf = ['config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf'];
foreach($passwords as $password) {
$key = openssl_pkey_new($conf);
if (openssl_pkey_export($key, $privatePEM, $password, $conf) === false) {
echo "Failed to encrypt.\n";
} else {
echo "Encrypted!\n";
}
if (openssl_pkey_get_private($privatePEM, $password) === false) {
echo "Failed to decrypt.\n";
} else {
echo "Decrypted!\n";
}
}
?>
--EXPECT--
Encrypted!
Decrypted!
Encrypted!
Decrypted!

BIN
php/ext/openssl/tests/bug74022.pfx Normal file
View File

Binary file not shown.

19
php/ext/openssl/tests/bug74022.phpt Normal file
View File

@@ -0,0 +1,19 @@
--TEST--
Bug #74022 PHP Fast CGI crashes when reading from a pfx file with valid password
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$pfx = dirname(__FILE__) . DIRECTORY_SEPARATOR . "bug74022.pfx";
$cert_store = file_get_contents($pfx);
var_dump(openssl_pkcs12_read($cert_store, $cert_info, "csos"));
var_dump(openssl_error_string());
?>
===DONE===
--EXPECTF--
bool(true)
bool(false)
===DONE===

24
php/ext/openssl/tests/bug74022_2.phpt Normal file
View File

File diff suppressed because one or more lines are too long

20
php/ext/openssl/tests/bug74099.phpt Normal file
View File

@@ -0,0 +1,20 @@
--TEST--
Bug #74099 Memory leak with openssl_encrypt()
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$aad = random_bytes(32);
$iv = random_bytes(16);
$key = random_bytes(32);
$plaintext = '';
$tag = null;
$ciphertext = openssl_encrypt($plaintext, 'aes-256-gcm', $key, \OPENSSL_RAW_DATA, $iv, $tag, $aad);
var_dump($ciphertext);
?>
--EXPECTF--
string(0) ""

112
php/ext/openssl/tests/bug74159.phpt Normal file
View File

@@ -0,0 +1,112 @@
--TEST--
Bug #74159: Writing a large buffer to non-blocking encrypted streams fails
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
?>
--FILE--
<?php
// the server code is doing many readings in a short interval which is
// not really reliable on more powerful machine but cover different
// scenarios which might be useful. More reliable test is bug72333.phpt
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:10012";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
$client = stream_socket_accept($server, 1);
if (!$client) {
exit();
}
$data = '';
while (strlen($data) < 0xfffff) {
$buffer = fread($client, 8192);
if (empty($buffer)) {
exit();
}
$data .= $buffer;
usleep(100);
}
fclose($client);
CODE;
$clientCode = <<<'CODE'
function streamRead($stream) : int {
return strlen(fread($stream, 8192));
}
function streamWrite($stream, $data) : int {
return fwrite($stream, $data);
}
function waitForWrite(...$streams) : bool {
$read = null;
$except = null;
while($streams && !($n = stream_select($read, $streams, $except, 1)));
return $n > 0;
}
function waitForRead(...$streams) : bool {
$write = null;
$except = null;
while ($streams && !($n = stream_select($streams, $write, $except, 1)));
return $n > 0;
}
set_error_handler(function ($errno, $errstr) {
exit("$errstr\n");
});
$serverUri = "tcp://127.0.0.1:10012";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'peer_name' => 'bug54992.local',
]]);
phpt_wait();
$fp = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
stream_set_blocking($fp, false);
while (0 === ($n = stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT)));
$data = str_repeat("a", 0xfffff);
$written = 0;
$total = $written;
while(!empty($data)) {
$written = streamWrite($fp, $data);
$total += $written;
$data = substr($data, $written);
waitForWrite($fp);
}
printf("Written %d bytes\n", $total);
while(waitForRead($fp)) {
streamRead($fp);
if (feof($fp)) {
break;
}
}
exit("DONE\n");
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--EXPECTF--
Written 1048575 bytes
DONE

52
php/ext/openssl/tests/bug74341.phpt Normal file
View File

@@ -0,0 +1,52 @@
--TEST--
Bug #74341 (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds)
--SKIPIF--
<?php if (!extension_loaded("openssl")) print "skip"; ?>
--FILE--
<?php
$pem_cert = '
-----BEGIN CERTIFICATE-----
MIIGFDCCBPygAwIBAgIDKCHVMA0GCSqGSIb3DQEBBQUAMIHcMQswCQYDVQQGEwJV
UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UE
ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE5MDcGA1UECxMwaHR0cDov
L2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5MTEwLwYD
VQQDEyhTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREw
DwYDVQQFEwgxMDY4ODQzNTAcFwsxNDAxMDcwMDAwWhcNMTYwNDAxMDcwMDAwWjCB
6zETMBEGCysGAQQBgjc8AgEDEwJVUzEYMBYGCysGAQQBgjc8AgECEwdBcml6b25h
MR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjEUMBIGA1UEBRMLUi0xNzI0
NzQxLTYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpT
Y290dHNkYWxlMSQwIgYDVQQKExtTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBMTEMx
KzApBgNVBAMTInZhbGlkLnNmaS5jYXRlc3Quc3RhcmZpZWxkdGVjaC5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt1LHQOza9tkKxwGL+/yKi/Fe5
HM0sjvcM4ic1XVrvpewa4P/04IzGSjIGO3CXaSArxQMSzsTt2dcO9tSJ1Zk8c9NZ
XM8eVqx92iTMEf9OQcubWpzWmrPc3TAFhbVnfEmCptsXEgtxbAIbntrNeDk/hBPd
l4DYFYRdm3ZTk4JMIf/quDZe5Oti53J0UsxWXSSoqKyPNdb671Q+OTQfSDj7kVF4
+Ri3FIeAV16d2UnpBW1bgNqA5yITRskHE4bX98HDNHUTHioHpgA+fXfejWkGB/0F
QN4HbZcysYHhf1L5cWBtz9w5J00YmjM5fzWvTc3UUF9ou7m7JE4aqEbNOWb9AgMB
AAGjggHOMIIByjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwLQYDVR0RBCYwJIIidmFsaWQuc2ZpLmNh
dGVzdC5zdGFyZmllbGR0ZWNoLmNvbTAdBgNVHQ4EFgQUcO+QEqZcHphPW9szww9t
y+1AGmQwHwYDVR0jBBgwFoAUSUtSJ9EbvPKhIWpie1FCeorX1VYwOAYDVR0fBDEw
LzAtoCugKYYnaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9zZnMzLTAuY3Js
MIGNBggrBgEFBQcBAQSBgDB+MCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5zdGFy
ZmllbGR0ZWNoLmNvbS8wUAYIKwYBBQUHMAKGRGh0dHA6Ly9jZXJ0aWZpY2F0ZXMu
c3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS9zZl9pbnRlcm1lZGlhdGUuY3J0
MFIGA1UdIARLMEkwRwYLYIZIAYb9bgEHFwMwODA2BggrBgEFBQcCARYqaHR0cDov
L2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEB
BQUAA4IBAQAViYkLUjQkxWRmZl4DutL0/9/wJSURcJ1qunLP+TImJFp0A9RE/MNK
ZOmQoAEoH6hMg7FL4etkvTcnruTdcx+3mvqYiECUiUEx6pkx3dmkYgZACEuk2nfy
J0MkV/zwzqmI8aV+kunpOQv93aePZbrBgaAzkE8jDlExtd7c4pE7JF40jxmvDwjZ
HwpyNDULreGtFBij7JcWJCfihM3uetqrao0kOoeih1PQyJXtz2RldhFYs6Jdk3IL
Yv+84t5UMO+aS9nVBXIcbgaGjIMZjHDgR/tE9FKFB66k8UTDzAwwEs38VV24zx6h
lOzTF7xAUxmPUnNb2teatMf2Rmj0fs+d
-----END CERTIFICATE-----
';
$parsed_cert = openssl_x509_parse($pem_cert);
var_dump($parsed_cert['validFrom_time_t']);
var_dump($parsed_cert['validTo_time_t']);
?>
--EXPECTF--
int(1389052800)
int(1459494000)

30
php/ext/openssl/tests/bug74402.phpt Normal file
View File

@@ -0,0 +1,30 @@
--TEST--
Bug #74402 (segfault on random_bytes, bin3hex, openssl_seal)
--SKIPIF--
<?php
if (!extension_loaded("openssl")) {
print "skip";
}
if (!in_array('AES256', openssl_get_cipher_methods(true))) {
print "skip";
}
?>
--FILE--
<?php
$data = "23153b1cf683cb16f8d71190a7c42f38fecda27c29a7bc8991c9f6a2a63602bf";
$key = array("-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvjCLfpS0MyilIjR+IsH
HPH8TqFUCw4kTAVmTy9SDZV9hHYY2EPgrlTd7gvMP/DWipvBD6Y5w2bPdAQoXr5D
qEKAGkE+1El4hS8XyuOdYXSYTDH1HPSlFiGdgsnlkFcbh/fJyzIKBaGLnWxsjhiS
deiI7KuEkI9zt+X2r4KqFt/dhnXz0kcB1M7qyhQ6Rvijgjy/A1LsN4ZAREFLCEjb
1AP9nk0QAUHWcG5MvbgsE20Pn4R5wFsMFBTvNmb34jHFREgR9j4DYcV5FFR3tKb8
3XtjE9/kjfK29BSpiyXZs8PSqDhO00vh6txUB4VfkVUD2Bi93rxDeyALnCW7My+l
YwIDAQAB
-----END PUBLIC KEY-----");
$iv = '';
var_dump(strlen($data));
var_dump(openssl_seal($data, $sealed_data, $env_keys, $key, 'AES256', $iv));
?>
--EXPECTF--
int(64)
int(80)

17
php/ext/openssl/tests/bug74651.phpt Normal file
View File

@@ -0,0 +1,17 @@
--TEST--
Bug #74651: negative-size-param (-1) in memcpy in zif_openssl_seal()
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
?>
--FILE--
<?php
$inputstr = file_get_contents(__DIR__ . "/74651.pem");
$pub_key_id = openssl_get_publickey($inputstr);
var_dump($pub_key_id);
var_dump(openssl_seal($inputstr, $sealed, $ekeys, array($pub_key_id, $pub_key_id), 'AES-128-ECB'));
?>
--EXPECTF--
resource(%d) of type (OpenSSL key)
bool(false)

93
php/ext/openssl/tests/bug74720_0.phpt Normal file
View File

@@ -0,0 +1,93 @@
--TEST--
Bug #74720 pkcs7_en/decrypt does not work if \x1a is used in content, variant 0
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$cert = "-----BEGIN CERTIFICATE-----
MIIDXDCCAkSgAwIBAgIKq/f5U3FzthdKUzANBgkqhkiG9w0BAQUFADBcMRIwEAYD
VQQDEwlzZXRhcGRmLWExCTAHBgNVBAoTADEJMAcGA1UECxMAMSMwIQYJKoZIhvcN
AQkBFhRzdXBwb3J0QHNldGFzaWduLmNvbTELMAkGA1UEBhMCREUwHhcNMTUwOTA4
MDkzNDExWhcNMjAwOTA4MDkzNDExWjBcMRIwEAYDVQQDEwlzZXRhcGRmLWExCTAH
BgNVBAoTADEJMAcGA1UECxMAMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QHNldGFz
aWduLmNvbTELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCkmTLvUIYfqAKC1CHVgABlemrFIVRm4JGeB0jIGofyrm3yVwR4YcK0eUmt
/0nbFfsFsU0/C9dXKZYD42t5YpLFsj666Z1EoU1CfSIW2bf0HaWVJ+oNT5twS3dv
RTzAcnPM44GxO4y6GUW6un0/bT/MZbFKbb3NI1L0mwY7EoqUXR68XxuHqWETaslm
Sbp1XvbLsJjgV9X3ihi7JC7A9kEzrKh+RBsXEXwlSv5JO2TUdwq9P4EbjqvgiaV1
vFNAArioX5pIUIm9ahAm8d7jjW6DFfV798rTzaQ3GJs0yC3UD6xhmbTbdC/D9Pot
8RGu89Fx6E+O5j4LwGH4kiYjgvYZAgMBAAGjIDAeMA8GCSqGSIb3LwEBCgQCBQAw
CwYDVR0PBAQDAgOYMA0GCSqGSIb3DQEBBQUAA4IBAQBCA8iXz7zxAmCWNZ0faiLm
aKw8u2PUq+EPKrGKc9Q70Ksw/e/EHvWrghFzmu5MOZRn/QIWq++sbbc8eOiaRDE8
lWCW596FLW4habXKw0sjDNcyEBArPgDp17O6NgHqI2U1KL1P2Y40e0YH2BWxNS+f
pmWZekjiC6jfId2JGsyPZUTX4USwthG4dFX0/BWYg+K7kXvQzMobes2NxW3Iqn8h
FUNgraCzlQMSfE2gwAMSUXTJubUGorj4LFYSiLIIJvf6KlmuR5uOIi5lSjSeZf5E
FLEHVhrz3o2icUeyb1K1BTAQRZ/H3GZ0QpgqSK5vmuV9C+rzezQMoy4/8UUnNPMt
-----END CERTIFICATE-----
";
$pkey = "-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCkmTLvUIYfqAKC
1CHVgABlemrFIVRm4JGeB0jIGofyrm3yVwR4YcK0eUmt/0nbFfsFsU0/C9dXKZYD
42t5YpLFsj666Z1EoU1CfSIW2bf0HaWVJ+oNT5twS3dvRTzAcnPM44GxO4y6GUW6
un0/bT/MZbFKbb3NI1L0mwY7EoqUXR68XxuHqWETaslmSbp1XvbLsJjgV9X3ihi7
JC7A9kEzrKh+RBsXEXwlSv5JO2TUdwq9P4EbjqvgiaV1vFNAArioX5pIUIm9ahAm
8d7jjW6DFfV798rTzaQ3GJs0yC3UD6xhmbTbdC/D9Pot8RGu89Fx6E+O5j4LwGH4
kiYjgvYZAgMBAAECggEABO4JOGF4KOvQanB11HYNXPy4BLA5Pc0RU3M6pvKjen1m
sdzRF5Vu/laJIkbchI0xm+Op8X7Wa+gFFBf8RLIS/QyYBCNh2Fe/74M9sYNDFxLJ
vjBIOm6VVF1QRhMD7SwoY303adJjpkHCRMPX4z3PjLzJfPYROpsJnaWkf8GwCJ4+
kufOhYcE8ekuLX7EzXFU74Uo0OnMEhMJgiAjlHhC21YLkgLoGq45sdktVgvD6sds
7BcmH6oUCDCJ8wxUVM1+Ks1D3vKHfeAhCFHvj9M/lf5OWylhmQh4CQf+NMDNsAc6
mXNIzUvZEgs/PJpd3SymHchf60m6faJtGv43GsdsgQKBgQDUx8t649O/vGRI26t4
4XrzVC2w5271UlhFaRiH03BrV+pECVoH4bw+ZIUuGke2xe+LrNkhMNJSGcbB0WDa
Jes+4Gf++AuSXRvMo+xHenfgUWQqYHJPkh5q6gknZ2YDfikFNLdqApXvp0m+FaVP
+F/2HMjQfTITQgkAiEn45s4agQKBgQDGCAZkIUcdyXQTplLE0Zx1/uiTBrQGyzsb
cDgAQIHt19wIRjoGOFatAj6TQ5gUj9Remn12v6d5Wi02i7hlu8V6O1VXLGqqeQ27
0MHBXzrFBVljOz96D7VP5Xx0DB1cGMbtg5ivjd91OUVrwC7fbXE9sfOI1FqlTb7p
6xi9Wl+fmQKBgGdzR/vUfqPOvVcq7gBUaAmb2KcUrj65rU753MJUy2h1EuHHRi1k
07fl+VZD0rALJf7bp6laajcebyLWYGdPXkNwqT8ua7naaOSiogLSiSvXhoKP56PG
H+HNLWwp+lAia2Erky0IWstsow62yWvLDyTCM+QhqlHwnh3TJVvNI1GBAoGAUl+y
MOJ6z5Ql2aqc0UwT1i1Tlxz5s73D93Tlho1Ovp3E5Bg6OK4kt9CwMNe0IhF2GGgQ
+l1cj6kIF6Fk8cR6r46QwDM0p3a1VMPQZNx0+NFxzkot7FsuY26lJyyG5fFUhiXw
VE4ifoN1Mg3+MWg3657jG66hihNd77WgU9uM3TkCgYEAypuvVrfFrrtXnbEUcBHq
mguKumn9miD9DPb6gi8ZaKOddGzw+qFPukiqi7rM3oRMg02evfK/VQC87Gmev663
RV9sQOlB9gNlMOOw/0R3ABEWDoSRCcrLhb6Z5Y72WVnZvpTPO0cDw2i1hyaEM6d+
2WR7c6FhRCLxG0DObEOfiO0=
-----END PRIVATE KEY-----
";
$originalEnvelopeData = "any string with \x1a is cut at this point.";
$tmpFileIn = tempnam(sys_get_temp_dir(), 'test');
$tmpFileOut = tempnam(sys_get_temp_dir(), 'test');
file_put_contents($tmpFileIn, $originalEnvelopeData);
var_dump(filesize($tmpFileIn) === strlen($originalEnvelopeData));
openssl_pkcs7_encrypt($tmpFileIn, $tmpFileOut, [$cert], array(), PKCS7_BINARY, OPENSSL_CIPHER_AES_128_CBC);
$tmpFileOut2 = tempnam(sys_get_temp_dir(), 'test');
openssl_pkcs7_decrypt($tmpFileOut, $tmpFileOut2, $cert, $pkey);
$envelopeData = file_get_contents($tmpFileOut2);
var_dump($originalEnvelopeData === $envelopeData); // need to be true
var_dump(strlen($originalEnvelopeData), strlen($envelopeData), filesize($tmpFileOut2));
unlink($tmpFileIn);
unlink($tmpFileOut);
unlink($tmpFileOut2);
?>
==DONE==
--EXPECTF--
bool(true)
bool(true)
int(39)
int(39)
int(39)
==DONE==

88
php/ext/openssl/tests/bug74720_1.phpt Normal file
View File

@@ -0,0 +1,88 @@
--TEST--
Bug #74720 pkcs7_en/decrypt does not work if \x1a is used in content, variant 1
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$cert = "-----BEGIN CERTIFICATE-----
MIIDXDCCAkSgAwIBAgIKq/f5U3FzthdKUzANBgkqhkiG9w0BAQUFADBcMRIwEAYD
VQQDEwlzZXRhcGRmLWExCTAHBgNVBAoTADEJMAcGA1UECxMAMSMwIQYJKoZIhvcN
AQkBFhRzdXBwb3J0QHNldGFzaWduLmNvbTELMAkGA1UEBhMCREUwHhcNMTUwOTA4
MDkzNDExWhcNMjAwOTA4MDkzNDExWjBcMRIwEAYDVQQDEwlzZXRhcGRmLWExCTAH
BgNVBAoTADEJMAcGA1UECxMAMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QHNldGFz
aWduLmNvbTELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCkmTLvUIYfqAKC1CHVgABlemrFIVRm4JGeB0jIGofyrm3yVwR4YcK0eUmt
/0nbFfsFsU0/C9dXKZYD42t5YpLFsj666Z1EoU1CfSIW2bf0HaWVJ+oNT5twS3dv
RTzAcnPM44GxO4y6GUW6un0/bT/MZbFKbb3NI1L0mwY7EoqUXR68XxuHqWETaslm
Sbp1XvbLsJjgV9X3ihi7JC7A9kEzrKh+RBsXEXwlSv5JO2TUdwq9P4EbjqvgiaV1
vFNAArioX5pIUIm9ahAm8d7jjW6DFfV798rTzaQ3GJs0yC3UD6xhmbTbdC/D9Pot
8RGu89Fx6E+O5j4LwGH4kiYjgvYZAgMBAAGjIDAeMA8GCSqGSIb3LwEBCgQCBQAw
CwYDVR0PBAQDAgOYMA0GCSqGSIb3DQEBBQUAA4IBAQBCA8iXz7zxAmCWNZ0faiLm
aKw8u2PUq+EPKrGKc9Q70Ksw/e/EHvWrghFzmu5MOZRn/QIWq++sbbc8eOiaRDE8
lWCW596FLW4habXKw0sjDNcyEBArPgDp17O6NgHqI2U1KL1P2Y40e0YH2BWxNS+f
pmWZekjiC6jfId2JGsyPZUTX4USwthG4dFX0/BWYg+K7kXvQzMobes2NxW3Iqn8h
FUNgraCzlQMSfE2gwAMSUXTJubUGorj4LFYSiLIIJvf6KlmuR5uOIi5lSjSeZf5E
FLEHVhrz3o2icUeyb1K1BTAQRZ/H3GZ0QpgqSK5vmuV9C+rzezQMoy4/8UUnNPMt
-----END CERTIFICATE-----
";
$pkey = "-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCkmTLvUIYfqAKC
1CHVgABlemrFIVRm4JGeB0jIGofyrm3yVwR4YcK0eUmt/0nbFfsFsU0/C9dXKZYD
42t5YpLFsj666Z1EoU1CfSIW2bf0HaWVJ+oNT5twS3dvRTzAcnPM44GxO4y6GUW6
un0/bT/MZbFKbb3NI1L0mwY7EoqUXR68XxuHqWETaslmSbp1XvbLsJjgV9X3ihi7
JC7A9kEzrKh+RBsXEXwlSv5JO2TUdwq9P4EbjqvgiaV1vFNAArioX5pIUIm9ahAm
8d7jjW6DFfV798rTzaQ3GJs0yC3UD6xhmbTbdC/D9Pot8RGu89Fx6E+O5j4LwGH4
kiYjgvYZAgMBAAECggEABO4JOGF4KOvQanB11HYNXPy4BLA5Pc0RU3M6pvKjen1m
sdzRF5Vu/laJIkbchI0xm+Op8X7Wa+gFFBf8RLIS/QyYBCNh2Fe/74M9sYNDFxLJ
vjBIOm6VVF1QRhMD7SwoY303adJjpkHCRMPX4z3PjLzJfPYROpsJnaWkf8GwCJ4+
kufOhYcE8ekuLX7EzXFU74Uo0OnMEhMJgiAjlHhC21YLkgLoGq45sdktVgvD6sds
7BcmH6oUCDCJ8wxUVM1+Ks1D3vKHfeAhCFHvj9M/lf5OWylhmQh4CQf+NMDNsAc6
mXNIzUvZEgs/PJpd3SymHchf60m6faJtGv43GsdsgQKBgQDUx8t649O/vGRI26t4
4XrzVC2w5271UlhFaRiH03BrV+pECVoH4bw+ZIUuGke2xe+LrNkhMNJSGcbB0WDa
Jes+4Gf++AuSXRvMo+xHenfgUWQqYHJPkh5q6gknZ2YDfikFNLdqApXvp0m+FaVP
+F/2HMjQfTITQgkAiEn45s4agQKBgQDGCAZkIUcdyXQTplLE0Zx1/uiTBrQGyzsb
cDgAQIHt19wIRjoGOFatAj6TQ5gUj9Remn12v6d5Wi02i7hlu8V6O1VXLGqqeQ27
0MHBXzrFBVljOz96D7VP5Xx0DB1cGMbtg5ivjd91OUVrwC7fbXE9sfOI1FqlTb7p
6xi9Wl+fmQKBgGdzR/vUfqPOvVcq7gBUaAmb2KcUrj65rU753MJUy2h1EuHHRi1k
07fl+VZD0rALJf7bp6laajcebyLWYGdPXkNwqT8ua7naaOSiogLSiSvXhoKP56PG
H+HNLWwp+lAia2Erky0IWstsow62yWvLDyTCM+QhqlHwnh3TJVvNI1GBAoGAUl+y
MOJ6z5Ql2aqc0UwT1i1Tlxz5s73D93Tlho1Ovp3E5Bg6OK4kt9CwMNe0IhF2GGgQ
+l1cj6kIF6Fk8cR6r46QwDM0p3a1VMPQZNx0+NFxzkot7FsuY26lJyyG5fFUhiXw
VE4ifoN1Mg3+MWg3657jG66hihNd77WgU9uM3TkCgYEAypuvVrfFrrtXnbEUcBHq
mguKumn9miD9DPb6gi8ZaKOddGzw+qFPukiqi7rM3oRMg02evfK/VQC87Gmev663
RV9sQOlB9gNlMOOw/0R3ABEWDoSRCcrLhb6Z5Y72WVnZvpTPO0cDw2i1hyaEM6d+
2WR7c6FhRCLxG0DObEOfiO0=
-----END PRIVATE KEY-----
";
$tmpPath = tempnam(sys_get_temp_dir(), 'test');
$content = "A simple \x1a test.";
file_put_contents($tmpPath, $content);
$outPath = tempnam(sys_get_temp_dir(), 'test');
openssl_pkcs7_sign(
$tmpPath,
$outPath,
$cert,
$pkey,
array(),
PKCS7_BINARY | PKCS7_DETACHED
);
var_dump(strpos(file_get_contents($outPath), $content) !== false);
unlink($tmpPath);
unlink($outPath);
?>
==DONE==
--EXPECTF--
bool(true)
==DONE==

96
php/ext/openssl/tests/bug74798.phpt Normal file
View File

@@ -0,0 +1,96 @@
--TEST--
Bug #74798 pkcs7_en/decrypt does not work if \x0a is used in content
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$cert = "-----BEGIN CERTIFICATE-----
MIIDXDCCAkSgAwIBAgIKq/f5U3FzthdKUzANBgkqhkiG9w0BAQUFADBcMRIwEAYD
VQQDEwlzZXRhcGRmLWExCTAHBgNVBAoTADEJMAcGA1UECxMAMSMwIQYJKoZIhvcN
AQkBFhRzdXBwb3J0QHNldGFzaWduLmNvbTELMAkGA1UEBhMCREUwHhcNMTUwOTA4
MDkzNDExWhcNMjAwOTA4MDkzNDExWjBcMRIwEAYDVQQDEwlzZXRhcGRmLWExCTAH
BgNVBAoTADEJMAcGA1UECxMAMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QHNldGFz
aWduLmNvbTELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCkmTLvUIYfqAKC1CHVgABlemrFIVRm4JGeB0jIGofyrm3yVwR4YcK0eUmt
/0nbFfsFsU0/C9dXKZYD42t5YpLFsj666Z1EoU1CfSIW2bf0HaWVJ+oNT5twS3dv
RTzAcnPM44GxO4y6GUW6un0/bT/MZbFKbb3NI1L0mwY7EoqUXR68XxuHqWETaslm
Sbp1XvbLsJjgV9X3ihi7JC7A9kEzrKh+RBsXEXwlSv5JO2TUdwq9P4EbjqvgiaV1
vFNAArioX5pIUIm9ahAm8d7jjW6DFfV798rTzaQ3GJs0yC3UD6xhmbTbdC/D9Pot
8RGu89Fx6E+O5j4LwGH4kiYjgvYZAgMBAAGjIDAeMA8GCSqGSIb3LwEBCgQCBQAw
CwYDVR0PBAQDAgOYMA0GCSqGSIb3DQEBBQUAA4IBAQBCA8iXz7zxAmCWNZ0faiLm
aKw8u2PUq+EPKrGKc9Q70Ksw/e/EHvWrghFzmu5MOZRn/QIWq++sbbc8eOiaRDE8
lWCW596FLW4habXKw0sjDNcyEBArPgDp17O6NgHqI2U1KL1P2Y40e0YH2BWxNS+f
pmWZekjiC6jfId2JGsyPZUTX4USwthG4dFX0/BWYg+K7kXvQzMobes2NxW3Iqn8h
FUNgraCzlQMSfE2gwAMSUXTJubUGorj4LFYSiLIIJvf6KlmuR5uOIi5lSjSeZf5E
FLEHVhrz3o2icUeyb1K1BTAQRZ/H3GZ0QpgqSK5vmuV9C+rzezQMoy4/8UUnNPMt
-----END CERTIFICATE-----
";
$pkey = "-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCkmTLvUIYfqAKC
1CHVgABlemrFIVRm4JGeB0jIGofyrm3yVwR4YcK0eUmt/0nbFfsFsU0/C9dXKZYD
42t5YpLFsj666Z1EoU1CfSIW2bf0HaWVJ+oNT5twS3dvRTzAcnPM44GxO4y6GUW6
un0/bT/MZbFKbb3NI1L0mwY7EoqUXR68XxuHqWETaslmSbp1XvbLsJjgV9X3ihi7
JC7A9kEzrKh+RBsXEXwlSv5JO2TUdwq9P4EbjqvgiaV1vFNAArioX5pIUIm9ahAm
8d7jjW6DFfV798rTzaQ3GJs0yC3UD6xhmbTbdC/D9Pot8RGu89Fx6E+O5j4LwGH4
kiYjgvYZAgMBAAECggEABO4JOGF4KOvQanB11HYNXPy4BLA5Pc0RU3M6pvKjen1m
sdzRF5Vu/laJIkbchI0xm+Op8X7Wa+gFFBf8RLIS/QyYBCNh2Fe/74M9sYNDFxLJ
vjBIOm6VVF1QRhMD7SwoY303adJjpkHCRMPX4z3PjLzJfPYROpsJnaWkf8GwCJ4+
kufOhYcE8ekuLX7EzXFU74Uo0OnMEhMJgiAjlHhC21YLkgLoGq45sdktVgvD6sds
7BcmH6oUCDCJ8wxUVM1+Ks1D3vKHfeAhCFHvj9M/lf5OWylhmQh4CQf+NMDNsAc6
mXNIzUvZEgs/PJpd3SymHchf60m6faJtGv43GsdsgQKBgQDUx8t649O/vGRI26t4
4XrzVC2w5271UlhFaRiH03BrV+pECVoH4bw+ZIUuGke2xe+LrNkhMNJSGcbB0WDa
Jes+4Gf++AuSXRvMo+xHenfgUWQqYHJPkh5q6gknZ2YDfikFNLdqApXvp0m+FaVP
+F/2HMjQfTITQgkAiEn45s4agQKBgQDGCAZkIUcdyXQTplLE0Zx1/uiTBrQGyzsb
cDgAQIHt19wIRjoGOFatAj6TQ5gUj9Remn12v6d5Wi02i7hlu8V6O1VXLGqqeQ27
0MHBXzrFBVljOz96D7VP5Xx0DB1cGMbtg5ivjd91OUVrwC7fbXE9sfOI1FqlTb7p
6xi9Wl+fmQKBgGdzR/vUfqPOvVcq7gBUaAmb2KcUrj65rU753MJUy2h1EuHHRi1k
07fl+VZD0rALJf7bp6laajcebyLWYGdPXkNwqT8ua7naaOSiogLSiSvXhoKP56PG
H+HNLWwp+lAia2Erky0IWstsow62yWvLDyTCM+QhqlHwnh3TJVvNI1GBAoGAUl+y
MOJ6z5Ql2aqc0UwT1i1Tlxz5s73D93Tlho1Ovp3E5Bg6OK4kt9CwMNe0IhF2GGgQ
+l1cj6kIF6Fk8cR6r46QwDM0p3a1VMPQZNx0+NFxzkot7FsuY26lJyyG5fFUhiXw
VE4ifoN1Mg3+MWg3657jG66hihNd77WgU9uM3TkCgYEAypuvVrfFrrtXnbEUcBHq
mguKumn9miD9DPb6gi8ZaKOddGzw+qFPukiqi7rM3oRMg02evfK/VQC87Gmev663
RV9sQOlB9gNlMOOw/0R3ABEWDoSRCcrLhb6Z5Y72WVnZvpTPO0cDw2i1hyaEM6d+
2WR7c6FhRCLxG0DObEOfiO0=
-----END PRIVATE KEY-----
";
$originalEnvelopeData = "String with \x0a will end in one byte more.";
$tmpFileIn = tempnam(sys_get_temp_dir(), 'test');
$tmpFileOut = tempnam(sys_get_temp_dir(), 'test');
file_put_contents($tmpFileIn, $originalEnvelopeData);
var_dump(filesize($tmpFileIn) === strlen($originalEnvelopeData));
openssl_pkcs7_encrypt($tmpFileIn, $tmpFileOut, [$cert], array(), PKCS7_BINARY, OPENSSL_CIPHER_AES_128_CBC);
$tmpFileOut2 = tempnam(sys_get_temp_dir(), 'test');
openssl_pkcs7_decrypt($tmpFileOut, $tmpFileOut2, $cert, $pkey);
$envelopeData = file_get_contents($tmpFileOut2);
var_dump($originalEnvelopeData === $envelopeData); // need to be true
var_dump(strlen($originalEnvelopeData), strlen($envelopeData), filesize($tmpFileOut2));
var_dump(unpack('H*', $originalEnvelopeData)[1], unpack('H*', $envelopeData)[1]);
/* Cleanup */
unlink($tmpFileIn);
unlink($tmpFileOut);
unlink($tmpFileOut2);
?>
===DONE===
--EXPECTF--
bool(true)
bool(true)
int(40)
int(40)
int(40)
string(80) "537472696e672077697468200a2077696c6c20656e6420696e206f6e652062797465206d6f72652e"
string(80) "537472696e672077697468200a2077696c6c20656e6420696e206f6e652062797465206d6f72652e"
===DONE===

83
php/ext/openssl/tests/bug74903.phpt Normal file
View File

@@ -0,0 +1,83 @@
--TEST--
Bug #74903 openssl_pkcs7_encrypt() uses different EOL than before
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$cert = "-----BEGIN CERTIFICATE-----
MIIDXDCCAkSgAwIBAgIKq/f5U3FzthdKUzANBgkqhkiG9w0BAQUFADBcMRIwEAYD
VQQDEwlzZXRhcGRmLWExCTAHBgNVBAoTADEJMAcGA1UECxMAMSMwIQYJKoZIhvcN
AQkBFhRzdXBwb3J0QHNldGFzaWduLmNvbTELMAkGA1UEBhMCREUwHhcNMTUwOTA4
MDkzNDExWhcNMjAwOTA4MDkzNDExWjBcMRIwEAYDVQQDEwlzZXRhcGRmLWExCTAH
BgNVBAoTADEJMAcGA1UECxMAMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QHNldGFz
aWduLmNvbTELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCkmTLvUIYfqAKC1CHVgABlemrFIVRm4JGeB0jIGofyrm3yVwR4YcK0eUmt
/0nbFfsFsU0/C9dXKZYD42t5YpLFsj666Z1EoU1CfSIW2bf0HaWVJ+oNT5twS3dv
RTzAcnPM44GxO4y6GUW6un0/bT/MZbFKbb3NI1L0mwY7EoqUXR68XxuHqWETaslm
Sbp1XvbLsJjgV9X3ihi7JC7A9kEzrKh+RBsXEXwlSv5JO2TUdwq9P4EbjqvgiaV1
vFNAArioX5pIUIm9ahAm8d7jjW6DFfV798rTzaQ3GJs0yC3UD6xhmbTbdC/D9Pot
8RGu89Fx6E+O5j4LwGH4kiYjgvYZAgMBAAGjIDAeMA8GCSqGSIb3LwEBCgQCBQAw
CwYDVR0PBAQDAgOYMA0GCSqGSIb3DQEBBQUAA4IBAQBCA8iXz7zxAmCWNZ0faiLm
aKw8u2PUq+EPKrGKc9Q70Ksw/e/EHvWrghFzmu5MOZRn/QIWq++sbbc8eOiaRDE8
lWCW596FLW4habXKw0sjDNcyEBArPgDp17O6NgHqI2U1KL1P2Y40e0YH2BWxNS+f
pmWZekjiC6jfId2JGsyPZUTX4USwthG4dFX0/BWYg+K7kXvQzMobes2NxW3Iqn8h
FUNgraCzlQMSfE2gwAMSUXTJubUGorj4LFYSiLIIJvf6KlmuR5uOIi5lSjSeZf5E
FLEHVhrz3o2icUeyb1K1BTAQRZ/H3GZ0QpgqSK5vmuV9C+rzezQMoy4/8UUnNPMt
-----END CERTIFICATE-----
";
$pkey = "-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCkmTLvUIYfqAKC
1CHVgABlemrFIVRm4JGeB0jIGofyrm3yVwR4YcK0eUmt/0nbFfsFsU0/C9dXKZYD
42t5YpLFsj666Z1EoU1CfSIW2bf0HaWVJ+oNT5twS3dvRTzAcnPM44GxO4y6GUW6
un0/bT/MZbFKbb3NI1L0mwY7EoqUXR68XxuHqWETaslmSbp1XvbLsJjgV9X3ihi7
JC7A9kEzrKh+RBsXEXwlSv5JO2TUdwq9P4EbjqvgiaV1vFNAArioX5pIUIm9ahAm
8d7jjW6DFfV798rTzaQ3GJs0yC3UD6xhmbTbdC/D9Pot8RGu89Fx6E+O5j4LwGH4
kiYjgvYZAgMBAAECggEABO4JOGF4KOvQanB11HYNXPy4BLA5Pc0RU3M6pvKjen1m
sdzRF5Vu/laJIkbchI0xm+Op8X7Wa+gFFBf8RLIS/QyYBCNh2Fe/74M9sYNDFxLJ
vjBIOm6VVF1QRhMD7SwoY303adJjpkHCRMPX4z3PjLzJfPYROpsJnaWkf8GwCJ4+
kufOhYcE8ekuLX7EzXFU74Uo0OnMEhMJgiAjlHhC21YLkgLoGq45sdktVgvD6sds
7BcmH6oUCDCJ8wxUVM1+Ks1D3vKHfeAhCFHvj9M/lf5OWylhmQh4CQf+NMDNsAc6
mXNIzUvZEgs/PJpd3SymHchf60m6faJtGv43GsdsgQKBgQDUx8t649O/vGRI26t4
4XrzVC2w5271UlhFaRiH03BrV+pECVoH4bw+ZIUuGke2xe+LrNkhMNJSGcbB0WDa
Jes+4Gf++AuSXRvMo+xHenfgUWQqYHJPkh5q6gknZ2YDfikFNLdqApXvp0m+FaVP
+F/2HMjQfTITQgkAiEn45s4agQKBgQDGCAZkIUcdyXQTplLE0Zx1/uiTBrQGyzsb
cDgAQIHt19wIRjoGOFatAj6TQ5gUj9Remn12v6d5Wi02i7hlu8V6O1VXLGqqeQ27
0MHBXzrFBVljOz96D7VP5Xx0DB1cGMbtg5ivjd91OUVrwC7fbXE9sfOI1FqlTb7p
6xi9Wl+fmQKBgGdzR/vUfqPOvVcq7gBUaAmb2KcUrj65rU753MJUy2h1EuHHRi1k
07fl+VZD0rALJf7bp6laajcebyLWYGdPXkNwqT8ua7naaOSiogLSiSvXhoKP56PG
H+HNLWwp+lAia2Erky0IWstsow62yWvLDyTCM+QhqlHwnh3TJVvNI1GBAoGAUl+y
MOJ6z5Ql2aqc0UwT1i1Tlxz5s73D93Tlho1Ovp3E5Bg6OK4kt9CwMNe0IhF2GGgQ
+l1cj6kIF6Fk8cR6r46QwDM0p3a1VMPQZNx0+NFxzkot7FsuY26lJyyG5fFUhiXw
VE4ifoN1Mg3+MWg3657jG66hihNd77WgU9uM3TkCgYEAypuvVrfFrrtXnbEUcBHq
mguKumn9miD9DPb6gi8ZaKOddGzw+qFPukiqi7rM3oRMg02evfK/VQC87Gmev663
RV9sQOlB9gNlMOOw/0R3ABEWDoSRCcrLhb6Z5Y72WVnZvpTPO0cDw2i1hyaEM6d+
2WR7c6FhRCLxG0DObEOfiO0=
-----END PRIVATE KEY-----
";
$envelopeData = "Test";
$tmpFileIn = tempnam(sys_get_temp_dir(), 'test');
$tmpFileOut = tempnam(sys_get_temp_dir(), 'test');
file_put_contents($tmpFileIn, $envelopeData);
openssl_pkcs7_encrypt($tmpFileIn, $tmpFileOut, [$cert], array(), PKCS7_BINARY, OPENSSL_CIPHER_AES_128_CBC);
$result = file_get_contents($tmpFileOut);
var_dump(strpos($result, "\r\n") === false); // behaviour before 7.2
var_dump(strlen($result) === 847);
unlink($tmpFileIn);
unlink($tmpFileOut);
?>
==DONE==
--EXPECT--
bool(true)
bool(true)
==DONE==

18
php/ext/openssl/tests/bug75307.phpt Normal file
View File

@@ -0,0 +1,18 @@
--TEST--
Bug #75307 Wrong reflection for openssl_open function
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not available");
if (!extension_loaded("reflection")) die("skip reflection not available");
?>
--FILE--
<?php
$rf = new ReflectionFunction('openssl_open');
var_dump($rf->getNumberOfParameters());
var_dump($rf->getNumberOfRequiredParameters());
?>
===DONE===
--EXPECT--
int(6)
int(4)
===DONE===

39
php/ext/openssl/tests/capture_peer_cert_001.phpt Normal file
View File

@@ -0,0 +1,39 @@
--TEST--
capture_peer_cert context captures on verify failure
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'capture_peer_cert' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem'
]]);
phpt_wait();
$client = @stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
$cert = stream_context_get_options($clientCtx)['ssl']['peer_certificate'];
var_dump(openssl_x509_parse($cert)['subject']['CN']);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
string(%d) "bug54992.local"

21
php/ext/openssl/tests/cert.crt Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDbDCCAtWgAwIBAgIJAK7FVsxyN1CiMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD
VQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTATBgNVBAcTDFBv
cnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5nZWxvMR8wHQYJ
KoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0MB4XDTA4MDYzMDEwMjg0M1oXDTA4
MDczMDEwMjg0M1owgYExCzAJBgNVBAYTAkJSMRowGAYDVQQIExFSaW8gR3JhbmRl
IGRvIFN1bDEVMBMGA1UEBxMMUG9ydG8gQWxlZ3JlMR4wHAYDVQQDExVIZW5yaXF1
ZSBkbyBOLiBBbmdlbG8xHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMteno+QK1ulX4/WDAVBYfoTPRTz
e4SZLwgael4jwWTytj+8c5nNllrFELD6WjJzfjaoIMhCF4w4I2bkWR6/PTqrvnv+
iiiItHfKvJgYqIobUhkiKmWa2wL3mgqvNRIqTrTC4jWZuCkxQ/ksqL9O/F6zk+aR
S1d+KbPaqCR5Rw+lAgMBAAGjgekwgeYwHQYDVR0OBBYEFNt+QHK9XDWF7CkpgRLo
Ymhqtz99MIG2BgNVHSMEga4wgauAFNt+QHK9XDWF7CkpgRLoYmhqtz99oYGHpIGE
MIGBMQswCQYDVQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTAT
BgNVBAcTDFBvcnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5n
ZWxvMR8wHQYJKoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0ggkArsVWzHI3UKIw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCP1GUnStC0TBqngr3Kx+zS
UW8KutKO0ORc5R8aV/x9LlaJrzPyQJgiPpu5hXogLSKRIHxQS3X2+Y0VvIpW72LW
PVKPhYlNtO3oKnfoJGKin0eEhXRZMjfEW/kznY+ZZmNifV2r8s+KhNAqI4PbClvn
4vh8xF/9+eVEj+hM+0OflA==
-----END CERTIFICATE-----

22
php/ext/openssl/tests/cert.csr Normal file
View File

@@ -0,0 +1,22 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIDYzCCAswCAQAwgYcxCzAJBgNVBAYTAk5MMRYwFAYDVQQIEw1Ob29yZCBCcmFi
YW50MQ0wCwYDVQQHEwRVZGVuMRMwEQYDVQQKEwpUcmljb25uZWN0MRMwEQYDVQQL
EwpUcmljb25uZWN0MScwJQYDVQQDHh4AKgAuAHQAcgBpAGMAbwBuAG4AZQBjAHQA
LgBuAGwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANjE/qKAKgo93162HhtX
OZdvunF5eG/PFK2yn6uAUDWgZciPoKBslgL6a6sK+RdcS7LjWdjWEOOANGzZY1Kk
FelzxrIjIGSGJHC9eubebdu2LWFFM5cEMDiH0QSD9Rdiy7svSLWvngUDYj0wwd+m
iV2duzUFHnusj9iVPpD9s47RAgMBAAGgggGZMBoGCisGAQQBgjcNAgMxDBYKNS4y
LjM3OTAuMjB7BgorBgEEAYI3AgEOMW0wazAOBgNVHQ8BAf8EBAMCBPAwRAYJKoZI
hvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsO
AwIHMAoGCCqGSIb3DQMHMBMGA1UdJQQMMAoGCCsGAQUFBwMBMIH9BgorBgEEAYI3
DQICMYHuMIHrAgEBHloATQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBo
AGEAbgBuAGUAbAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2
AGkAZABlAHIDgYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAADANBgkqhkiG9w0BAQUFAAOBgQA4agiUkIblhF+n0wth4vQY+PwMadyaBpA4
epr4TKL0QEkA0bQBbIERw5dDE3WQi6aVFJe6y870QymBwmKIvfBBfOyyA0IlQq/n
uybhzQNQbSMKF1T82hpfh1w2RwVGaGrw7f6qH+CLyP1ydvBPvmD88HwiibNBBB3c
R23mEEGYUQ==
-----END NEW CERTIFICATE REQUEST-----

22
php/ext/openssl/tests/cert.p7b Normal file
View File

@@ -0,0 +1,22 @@
-----BEGIN PKCS7-----
MIIDnQYJKoZIhvcNAQcCoIIDjjCCA4oCAQExADALBgkqhkiG9w0BBwGgggNwMIID
bDCCAtWgAwIBAgIJAK7FVsxyN1CiMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYDVQQG
EwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTATBgNVBAcTDFBvcnRv
IEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5nZWxvMR8wHQYJKoZI
hvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0MB4XDTA4MDYzMDEwMjg0M1oXDTA4MDcz
MDEwMjg0M1owgYExCzAJBgNVBAYTAkJSMRowGAYDVQQIExFSaW8gR3JhbmRlIGRv
IFN1bDEVMBMGA1UEBxMMUG9ydG8gQWxlZ3JlMR4wHAYDVQQDExVIZW5yaXF1ZSBk
byBOLiBBbmdlbG8xHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQwgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMteno+QK1ulX4/WDAVBYfoTPRTze4SZ
Lwgael4jwWTytj+8c5nNllrFELD6WjJzfjaoIMhCF4w4I2bkWR6/PTqrvnv+iiiI
tHfKvJgYqIobUhkiKmWa2wL3mgqvNRIqTrTC4jWZuCkxQ/ksqL9O/F6zk+aRS1d+
KbPaqCR5Rw+lAgMBAAGjgekwgeYwHQYDVR0OBBYEFNt+QHK9XDWF7CkpgRLoYmhq
tz99MIG2BgNVHSMEga4wgauAFNt+QHK9XDWF7CkpgRLoYmhqtz99oYGHpIGEMIGB
MQswCQYDVQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTATBgNV
BAcTDFBvcnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5nZWxv
MR8wHQYJKoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0ggkArsVWzHI3UKIwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCP1GUnStC0TBqngr3Kx+zSUW8K
utKO0ORc5R8aV/x9LlaJrzPyQJgiPpu5hXogLSKRIHxQS3X2+Y0VvIpW72LWPVKP
hYlNtO3oKnfoJGKin0eEhXRZMjfEW/kznY+ZZmNifV2r8s+KhNAqI4PbClvn4vh8
xF/9+eVEj+hM+0OflKEAMQA=
-----END PKCS7-----

24
php/ext/openssl/tests/check_default_conf_path.phpt Normal file
View File

@@ -0,0 +1,24 @@
--TEST--
Check for default OpenSSL config path on Windows
--SKIPIF--
<?php
if (substr(PHP_OS, 0, 3) != 'WIN') {
die('skip windows only test');
}
?>
--FILE--
<?php
ob_start();
phpinfo();
$info = ob_get_contents();
ob_end_clean();
preg_match(",Openssl default config .* (.*),", $info, $m);
if (isset($m[1])) {
var_dump(str_replace('/', '\\', strtolower($m[1])));
}
?>
--EXPECT--
string(28) "c:\usr\local\ssl\openssl.cnf"

111
php/ext/openssl/tests/cipher_tests.inc Normal file
View File

@@ -0,0 +1,111 @@
<?php
$php_openssl_cipher_tests = array(
'aes-256-ccm' => array(
array(
'key' => '1bde3251d41a8b5ea013c195ae128b21' .
'8b3e0306376357077ef1c1c78548b92e',
'iv' => '5b8e40746f6b98e00f1d13ff41',
'aad' => 'c17a32514eb6103f3249e076d4c871dc' .
'97e04b286699e54491dc18f6d734d4c0',
'tag' => '2024931d73bca480c24a24ece6b6c2bf',
'pt' => '53bd72a97089e312422bf72e242377b3' .
'c6ee3e2075389b999c4ef7f28bd2b80a',
'ct' => '9a5fcccdb4cf04e7293d2775cc76a488' .
'f042382d949b43b7d6bb2b9864786726',
),
),
'aes-128-gcm' => array(
array(
'key' => '00000000000000000000000000000000',
'iv' => '000000000000000000000000',
'tag' => '58e2fccefa7e3061367f1d57a4e7455a',
'pt' => '',
'ct' => '',
),
array(
'key' => '00000000000000000000000000000000',
'iv' => '000000000000000000000000',
'tag' => 'ab6e47d42cec13bdf53a67b21257bddf',
'pt' => '00000000000000000000000000000000',
'ct' => '0388dace60b6a392f328c2b971b2fe78',
),
array(
'key' => 'feffe9928665731c6d6a8f9467308308',
'iv' => 'cafebabefacedbaddecaf888',
'tag' => '4d5c2af327cd64a62cf35abd2ba6fab4',
'pt' => 'd9313225f88406e5a55909c5aff5269a' .
'86a7a9531534f7da2e4c303d8a318a72' .
'1c3c0c95956809532fcf0e2449a6b525' .
'b16aedf5aa0de657ba637b391aafd255',
'ct' => '42831ec2217774244b7221b784d0d49c' .
'e3aa212f2c02a4e035c17e2329aca12e' .
'21d514b25466931c7d8f6a5aac84aa05' .
'1ba30b396a0aac973d58e091473f5985',
),
array(
'key' => 'feffe9928665731c6d6a8f9467308308',
'iv' => 'cafebabefacedbaddecaf888',
'aad' => 'feedfacedeadbeeffeedfacedeadbeefabaddad2',
'tag' => '5bc94fbc3221a5db94fae95ae7121a47',
'pt' => 'd9313225f88406e5a55909c5aff5269a' .
'86a7a9531534f7da2e4c303d8a318a72' .
'1c3c0c95956809532fcf0e2449a6b525' .
'b16aedf5aa0de657ba637b39',
'ct' => '42831ec2217774244b7221b784d0d49c' .
'e3aa212f2c02a4e035c17e2329aca12e' .
'21d514b25466931c7d8f6a5aac84aa05' .
'1ba30b396a0aac973d58e091',
),
array(
'key' => 'feffe9928665731c6d6a8f9467308308',
'iv' => 'cafebabefacedbad',
'aad' => 'feedfacedeadbeeffeedfacedeadbeefabaddad2',
'tag' => '3612d2e79e3b0785561be14aaca2fccb',
'pt' => 'd9313225f88406e5a55909c5aff5269a' .
'86a7a9531534f7da2e4c303d8a318a72' .
'1c3c0c95956809532fcf0e2449a6b525' .
'b16aedf5aa0de657ba637b39',
'ct' => '61353b4c2806934a777ff51fa22a4755' .
'699b2a714fcdc6f83766e5f97b6c7423' .
'73806900e49f24b22b097544d4896b42' .
'4989b5e1ebac0f07c23f4598'
),
array(
'key' => 'feffe9928665731c6d6a8f9467308308',
'iv' => '9313225df88406e555909c5aff5269aa' .
'6a7a9538534f7da1e4c303d2a318a728' .
'c3c0c95156809539fcf0e2429a6b5254' .
'16aedbf5a0de6a57a637b39b',
'aad' => 'feedfacedeadbeeffeedfacedeadbeefabaddad2',
'tag' => '619cc5aefffe0bfa462af43c1699d050',
'pt' => 'd9313225f88406e5a55909c5aff5269a' .
'86a7a9531534f7da2e4c303d8a318a72' .
'1c3c0c95956809532fcf0e2449a6b525' .
'b16aedf5aa0de657ba637b39',
'ct' => '8ce24998625615b603a033aca13fb894' .
'be9112a5c3a211a8ba262a3cca7e2ca7' .
'01e4a9a4fba43c90ccdcb281d48c7c6f' .
'd62875d2aca417034c34aee5',
),
)
);
function openssl_get_cipher_tests($method)
{
global $php_openssl_cipher_tests;
$tests = array();
foreach ($php_openssl_cipher_tests[$method] as $instance) {
$test = array();
foreach ($instance as $field_name => $field_value) {
$test[$field_name] = pack("H*", $field_value);
}
if (!isset($test['aad'])) {
$test['aad'] = "";
}
$tests[] = $test;
}
return $tests;
}

29
php/ext/openssl/tests/cve-2013-6420.crt Normal file
View File

@@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD
VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH
S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91
cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k
ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY
ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO
b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT
ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G
A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz
dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu
wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh
0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8
pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6
SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX
1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw
EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF
BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD
8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl
VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7
lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319
o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg
Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg==
-----END CERTIFICATE-----

18
php/ext/openssl/tests/cve-2013-6420.phpt Normal file
View File

@@ -0,0 +1,18 @@
--TEST--
CVE-2013-6420
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$crt = substr(__FILE__, 0, -4).'.crt';
$info = openssl_x509_parse("file://$crt");
var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]);
?>
Done
--EXPECTF--
%s openssl_x509_parse(): illegal length in timestamp in %s%ecve-2013-6420.php on line 3
string(27) "stefan.esser@sektioneins.de"
int(-1)
Done

28
php/ext/openssl/tests/cve2013_4073.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx
DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ
eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg
RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y
ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw
NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI
DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv
ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt
ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq
hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j
pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P
vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv
KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA
oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL
08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV
HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E
BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu
Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251
bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA
AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9
i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j
HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk
kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx
VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW
RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ=
-----END CERTIFICATE-----

19
php/ext/openssl/tests/cve2013_4073.phpt Normal file
View File

@@ -0,0 +1,19 @@
--TEST--
CVE 2013-4073: Null-byte certificate handling
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
--FILE--
<?php
$cert = file_get_contents(__DIR__ . '/cve2013_4073.pem');
$info = openssl_x509_parse($cert);
var_export($info['extensions']);
--EXPECTF--
array (
'basicConstraints' => 'CA:FALSE',
'subjectKeyIdentifier' => '88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C',
'keyUsage' => 'Digital Signature, Non Repudiation, Key Encipherment',
'subjectAltName' => 'DNS:altnull.python.org' . "\0" . 'example.com, email:null@python.org' . "\0" . 'user@example.org, URI:http://null.python.org' . "\0" . 'http://example.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1
',
)

110
php/ext/openssl/tests/ecc.phpt Normal file
View File

@@ -0,0 +1,110 @@
--TEST--
openssl_*() with OPENSSL_KEYTYPE_EC
--SKIPIF--
<?php if (!extension_loaded("openssl") && !defined("OPENSSL_KEYTYPE_EC")) print "skip"; ?>
--FILE--
<?php
$args = array(
"curve_name" => "secp384r1",
"private_key_type" => OPENSSL_KEYTYPE_EC,
);
echo "Testing openssl_pkey_new\n";
$key1 = openssl_pkey_new($args);
var_dump($key1);
$argsFailed = array(
"curve_name" => "invalid_cuve_name",
"private_key_type" => OPENSSL_KEYTYPE_EC,
);
$keyFailed = openssl_pkey_new($argsFailed);
var_dump($keyFailed);
$d1 = openssl_pkey_get_details($key1);
var_dump($d1["bits"]);
var_dump(strlen($d1["key"]));
var_dump($d1["ec"]["curve_name"]);
var_dump($d1["type"] == OPENSSL_KEYTYPE_EC);
$key2 = openssl_pkey_new($d1);
var_dump($key2);
$d2 = openssl_pkey_get_details($key2);
// Compare array
var_dump($d1 === $d2);
$dn = array(
"countryName" => "BR",
"stateOrProvinceName" => "Rio Grande do Sul",
"localityName" => "Porto Alegre",
"commonName" => "Henrique do N. Angelo",
"emailAddress" => "hnangelo@php.net"
);
// openssl_csr_new creates a new public key pair if the key argument is null
echo "Testing openssl_csr_new with key generation\n";
$keyGenerate = null;
var_dump($keyGenerate);
$csr = openssl_csr_new($dn, $keyGenerate, $args);
var_dump($keyGenerate);
$args["digest_alg"] = "sha1";
echo "Testing openssl_csr_new with existing ecc key\n";
$csr = openssl_csr_new($dn, $key1, $args);
var_dump($csr);
$pubkey1 = openssl_pkey_get_details(openssl_csr_get_public_key($csr));
var_dump(isset($pubkey1["ec"]["priv_key"]));
unset($d1["ec"]["priv_key"]);
var_dump(array_diff($d1["ec"], $pubkey1["ec"]));
$x509 = openssl_csr_sign($csr, null, $key1, 365, $args);
var_dump($x509);
echo "Testing openssl_x509_check_private_key\n";
var_dump(openssl_x509_check_private_key($x509, $key1));
$key3 = openssl_pkey_new($args);
var_dump(openssl_x509_check_private_key($x509, $key3));
echo "Testing openssl_get_curve_names\n";
$curve_names = openssl_get_curve_names();
var_dump(is_array($curve_names));
foreach ($curve_names as $curve_name) {
if ("secp384r1" === $curve_name) {
echo "Found secp384r1 in curve names\n";
}
}
?>
--EXPECTF--
Testing openssl_pkey_new
resource(%d) of type (OpenSSL key)
Warning: openssl_pkey_new(): Unknown elliptic curve (short) name invalid_cuve_name in %s on line %d
bool(false)
int(384)
int(215)
string(9) "secp384r1"
bool(true)
resource(%d) of type (OpenSSL key)
bool(true)
Testing openssl_csr_new with key generation
NULL
resource(%d) of type (OpenSSL key)
Testing openssl_csr_new with existing ecc key
resource(%d) of type (OpenSSL X.509 CSR)
bool(false)
array(1) {
["d"]=>
string(%d) "%a"
}
resource(%d) of type (OpenSSL X.509)
Testing openssl_x509_check_private_key
bool(true)
bool(false)
Testing openssl_get_curve_names
bool(true)
Found secp384r1 in curve names

50
php/ext/openssl/tests/openssl.cnf Normal file
View File

@@ -0,0 +1,50 @@
oid_section = new_oids
[ new_oids ]
# Example policies to test their
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert
string_mask = MASK:4294967295
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
[ usr_cert ]
basicConstraints=CA:FALSE

48
php/ext/openssl/tests/openssl_csr_export_bacis.phpt Normal file
View File

@@ -0,0 +1,48 @@
--TEST--
openssl_csr_export() tests
--SKIPIF--
<?php if (!extension_loaded("openssl")) print "skip"; ?>
--FILE--
<?php
$wrong = "wrong";
$config = __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf';
$config_arg = array('config' => $config);
$dn = array(
"countryName" => "BR",
"stateOrProvinceName" => "Rio Grande do Sul",
"localityName" => "Porto Alegre",
"commonName" => "Henrique do N. Angelo",
"emailAddress" => "hnangelo@php.net"
);
$args = array(
"digest_alg" => "sha1",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_DSA,
"encrypt_key" => true,
"config" => $config,
);
$privkey = openssl_pkey_new($config_arg);
$csr = openssl_csr_new($dn, $privkey, $args);
var_dump(openssl_csr_export($csr, $output));
var_dump(openssl_csr_export($wrong, $output));
var_dump(openssl_csr_export($privkey, $output));
var_dump(openssl_csr_export(array(), $output));
var_dump(openssl_csr_export($csr, $output, false));
?>
--EXPECTF--
bool(true)
Warning: openssl_csr_export() expects parameter 1 to be resource, string given in %s on line %d
NULL
Warning: openssl_csr_export(): supplied resource is not a valid OpenSSL X.509 CSR resource in %s on line %d
Warning: openssl_csr_export(): cannot get CSR from parameter 1 in %s on line %d
bool(false)
Warning: openssl_csr_export() expects parameter 1 to be resource, array given in %s on line %d
NULL
bool(true)

Some files were not shown because too many files have changed in this diff Show More