diff options
Diffstat (limited to 'ext/openssl/tests')
64 files changed, 2890 insertions, 0 deletions
diff --git a/ext/openssl/tests/001.phpt b/ext/openssl/tests/001.phpt new file mode 100644 index 0000000..4ca9970 --- /dev/null +++ b/ext/openssl/tests/001.phpt @@ -0,0 +1,74 @@ +--TEST-- +OpenSSL private key functions +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +if (!@openssl_pkey_new()) die("skip cannot create private key"); +?> +--FILE-- +<?php +echo "Creating private key\n"; + +/* stack up some entropy; performance is not critical, + * and being slow will most likely even help the test. + */ +for ($z = "", $i = 0; $i < 1024; $i++) { + $z .= $i * $i; + if (function_exists("usleep")) + usleep($i); +} + +$privkey = openssl_pkey_new(); + +if ($privkey === false) + die("failed to create private key"); + +$passphrase = "banana"; +$key_file_name = tempnam("/tmp", "ssl"); +if ($key_file_name === false) + die("failed to get a temporary filename!"); + +echo "Export key to file\n"; + +openssl_pkey_export_to_file($privkey, $key_file_name, $passphrase) or die("failed to export to file $key_file_name"); + +echo "Load key from file - array syntax\n"; + +$loaded_key = openssl_pkey_get_private(array("file://$key_file_name", $passphrase)); + +if ($loaded_key === false) + die("failed to load key using array syntax"); + +openssl_pkey_free($loaded_key); + +echo "Load key using direct syntax\n"; + +$loaded_key = openssl_pkey_get_private("file://$key_file_name", $passphrase); + +if ($loaded_key === false) + die("failed to load key using direct syntax"); + +openssl_pkey_free($loaded_key); + +echo "Load key manually and use string syntax\n"; + +$key_content = file_get_contents($key_file_name); +$loaded_key = openssl_pkey_get_private($key_content, $passphrase); + +if ($loaded_key === false) + die("failed to load key using string syntax"); + +openssl_pkey_free($loaded_key); + +echo "OK!\n"; + +@unlink($key_file_name); + +?> +--EXPECT-- +Creating private key +Export key to file +Load key from file - array syntax +Load key using direct syntax +Load key manually and use string syntax +OK! diff --git a/ext/openssl/tests/002.phpt b/ext/openssl/tests/002.phpt new file mode 100644 index 0000000..dd4f04a --- /dev/null +++ b/ext/openssl/tests/002.phpt @@ -0,0 +1,32 @@ +--TEST-- +openssl_seal() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php + +$a = 1; +$b = array(1); +$c = array(1); +$d = array(1); + +var_dump(openssl_seal($a, $b, $c, $d)); +var_dump(openssl_seal($a, $a, $a, array())); +var_dump(openssl_seal($c, $c, $c, 1)); +var_dump(openssl_seal($b, $b, $b, "")); + +echo "Done\n"; +?> +--EXPECTF-- +Warning: openssl_seal(): not a public key (1th member of pubkeys) in %s on line %d +bool(false) + +Warning: openssl_seal(): Fourth argument to openssl_seal() must be a non-empty array in %s on line %d +bool(false) + +Warning: openssl_seal() expects parameter 1 to be string, array given in %s on line %d +NULL + +Warning: openssl_seal() expects parameter 1 to be string, array given in %s on line %d +NULL +Done diff --git a/ext/openssl/tests/003.phpt b/ext/openssl/tests/003.phpt new file mode 100644 index 0000000..92c8c85 --- /dev/null +++ b/ext/openssl/tests/003.phpt @@ -0,0 +1,43 @@ +--TEST-- +openssl_pkcs7_decrypt() and invalid parameters +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php + +function myErrorHandler($errno, $errstr, $errfile, $errline) { +var_dump($errstr); +} +set_error_handler("myErrorHandler"); + +$a = 1; +$b = 1; +$c = new stdclass; +$d = new stdclass; + +var_dump(openssl_pkcs7_decrypt($a, $b, $c, $d)); +var_dump($c); + +var_dump(openssl_pkcs7_decrypt($b, $b, $b, $b)); +var_dump(openssl_pkcs7_decrypt($a, $b, "", "")); +var_dump(openssl_pkcs7_decrypt($a, $b, true, false)); +var_dump(openssl_pkcs7_decrypt($a, $b, 0, 0)); + +echo "Done\n"; +?> +--EXPECTF-- +string(57) "Object of class stdClass could not be converted to string" +string(45) "Object of class stdClass to string conversion" +string(66) "openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert" +bool(false) +object(stdClass)#1 (0) { +} +string(66) "openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert" +bool(false) +string(66) "openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert" +bool(false) +string(66) "openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert" +bool(false) +string(66) "openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert" +bool(false) +Done diff --git a/ext/openssl/tests/004.phpt b/ext/openssl/tests/004.phpt new file mode 100644 index 0000000..508ccab --- /dev/null +++ b/ext/openssl/tests/004.phpt @@ -0,0 +1,34 @@ +--TEST-- +openssl_csr_new() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php + +$a = 1; +var_dump(openssl_csr_new(1,$a)); +var_dump(openssl_csr_new(1,$a,1,1)); +$a = array(); +var_dump(openssl_csr_new(array(), $a, array('config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf'), array())); + +//this leaks +$a = array(1,2); +$b = array(1,2); +var_dump(openssl_csr_new($a, $b, array('config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf'))); + + +echo "Done\n"; +?> +--EXPECTF-- +Warning: openssl_csr_new() expects parameter 1 to be array, integer given in %s on line %d +NULL + +Warning: openssl_csr_new() expects parameter 1 to be array, integer given in %s on line %d +NULL + +Warning: openssl_csr_new(): key array must be of the form array(0 => key, 1 => phrase) in %s on line %d + +Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min -> 4 (failed; check error queue and value of string_mask OpenSSL option if illegal characters are reported) in %s on line %d +bool(false) +resource(%d) of type (OpenSSL X.509 CSR) +Done diff --git a/ext/openssl/tests/005.phpt b/ext/openssl/tests/005.phpt new file mode 100644 index 0000000..f7fa201 --- /dev/null +++ b/ext/openssl/tests/005.phpt @@ -0,0 +1,34 @@ +--TEST-- +openssl_csr_get_subject() tests +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +if (!function_exists("utf8_decode")) die("skip"); +?> +--FILE-- +<?php + +$csr = file_get_contents(dirname(__FILE__) . '/005_crt.txt'); +if ($out = openssl_csr_get_subject($csr, 1)) { + var_dump($out); +} +echo "\n"; +$cn = utf8_decode($out['CN']); +var_dump($cn); +--EXPECTF-- +array(6) { + ["C"]=> + string(2) "NL" + ["ST"]=> + string(13) "Noord Brabant" + ["L"]=> + string(4) "Uden" + ["O"]=> + string(10) "Triconnect" + ["OU"]=> + string(10) "Triconnect" + ["CN"]=> + string(15) "*.triconnect.nl" +} + +string(15) "*.triconnect.nl" diff --git a/ext/openssl/tests/005_crt.txt b/ext/openssl/tests/005_crt.txt new file mode 100644 index 0000000..39084bc --- /dev/null +++ b/ext/openssl/tests/005_crt.txt @@ -0,0 +1,22 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +MIIDYzCCAswCAQAwgYcxCzAJBgNVBAYTAk5MMRYwFAYDVQQIEw1Ob29yZCBCcmFi +YW50MQ0wCwYDVQQHEwRVZGVuMRMwEQYDVQQKEwpUcmljb25uZWN0MRMwEQYDVQQL +EwpUcmljb25uZWN0MScwJQYDVQQDHh4AKgAuAHQAcgBpAGMAbwBuAG4AZQBjAHQA +LgBuAGwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANjE/qKAKgo93162HhtX +OZdvunF5eG/PFK2yn6uAUDWgZciPoKBslgL6a6sK+RdcS7LjWdjWEOOANGzZY1Kk +FelzxrIjIGSGJHC9eubebdu2LWFFM5cEMDiH0QSD9Rdiy7svSLWvngUDYj0wwd+m +iV2duzUFHnusj9iVPpD9s47RAgMBAAGgggGZMBoGCisGAQQBgjcNAgMxDBYKNS4y +LjM3OTAuMjB7BgorBgEEAYI3AgEOMW0wazAOBgNVHQ8BAf8EBAMCBPAwRAYJKoZI +hvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsO +AwIHMAoGCCqGSIb3DQMHMBMGA1UdJQQMMAoGCCsGAQUFBwMBMIH9BgorBgEEAYI3 +DQICMYHuMIHrAgEBHloATQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBo +AGEAbgBuAGUAbAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2 +AGkAZABlAHIDgYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAADANBgkqhkiG9w0BAQUFAAOBgQA4agiUkIblhF+n0wth4vQY+PwMadyaBpA4 +epr4TKL0QEkA0bQBbIERw5dDE3WQi6aVFJe6y870QymBwmKIvfBBfOyyA0IlQq/n +uybhzQNQbSMKF1T82hpfh1w2RwVGaGrw7f6qH+CLyP1ydvBPvmD88HwiibNBBB3c +R23mEEGYUQ== +-----END NEW CERTIFICATE REQUEST----- + diff --git a/ext/openssl/tests/006.phpt b/ext/openssl/tests/006.phpt new file mode 100644 index 0000000..d6e41e4 --- /dev/null +++ b/ext/openssl/tests/006.phpt @@ -0,0 +1,25 @@ +--TEST-- +openssl_pkey_new() with an empty sub-array arg generates a malformed resource +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +/* openssl_pkey_get_details() segfaults when getting the information + from openssl_pkey_new() with an empty sub-array arg */ + +$rsa = array("rsa" => array()); +$dsa = array("dsa" => array()); +$dh = array("dh" => array()); + +openssl_pkey_get_details(openssl_pkey_new($rsa)); +openssl_pkey_get_details(openssl_pkey_new($dsa)); +openssl_pkey_get_details(openssl_pkey_new($dh)); +?> +--EXPECTF-- + +Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d + +Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d + +Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d + diff --git a/ext/openssl/tests/007.phpt b/ext/openssl/tests/007.phpt new file mode 100644 index 0000000..0a74bd3 --- /dev/null +++ b/ext/openssl/tests/007.phpt @@ -0,0 +1,60 @@ +--TEST-- +openssl_x509_read() and openssl_x509_free() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$fp = fopen(dirname(__FILE__) . "/cert.crt","r"); +$a = fread($fp,8192); +fclose($fp); + +$b = "file://" . dirname(__FILE__) . "/cert.crt"; +$c = "invalid cert"; +$d = openssl_x509_read($a); +$e = array(); +$f = array($b); + +var_dump($res = openssl_x509_read($a)); // read cert as a string +openssl_x509_free($res); +var_dump($res); +var_dump($res = openssl_x509_read($b)); // read cert as a filename string +openssl_x509_free($res); +var_dump($res); +var_dump($res = openssl_x509_read($c)); // read an invalid cert, fails +openssl_x509_free($res); +var_dump($res); +var_dump($res = openssl_x509_read($d)); // read cert from a resource +openssl_x509_free($res); +var_dump($res); +var_dump($res = openssl_x509_read($e)); // read an array +openssl_x509_free($res); +var_dump($res); +var_dump($res = openssl_x509_read($f)); // read an array with the filename +openssl_x509_free($res); +var_dump($res); +?> +--EXPECTF-- +resource(%d) of type (OpenSSL X.509) +resource(%d) of type (Unknown) +resource(%d) of type (OpenSSL X.509) +resource(%d) of type (Unknown) + +Warning: openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate! in %s on line %d +bool(false) + +Warning: openssl_x509_free() expects parameter 1 to be resource, boolean given in %s on line %d +bool(false) +resource(%d) of type (OpenSSL X.509) +resource(%d) of type (Unknown) + +Warning: openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate! in %s on line %d +bool(false) + +Warning: openssl_x509_free() expects parameter 1 to be resource, boolean given in %s on line %d +bool(false) + +Warning: openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate! in %s on line %d +bool(false) + +Warning: openssl_x509_free() expects parameter 1 to be resource, boolean given in %s on line %d +bool(false) diff --git a/ext/openssl/tests/008.phpt b/ext/openssl/tests/008.phpt new file mode 100644 index 0000000..8963864 --- /dev/null +++ b/ext/openssl/tests/008.phpt @@ -0,0 +1,74 @@ +--TEST-- +openssl_x509_export() and openssl_x509_export_to_file() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$fp = fopen(dirname(__FILE__) . "/cert.crt","r"); +$a = fread($fp,8192); +fclose($fp); + +$b = "file://" . dirname(__FILE__) . "/cert.crt"; +$c = "invalid cert"; +$d = openssl_x509_read($a); +$e = array(); + +var_dump(openssl_x509_export($a, $output)); // read cert as a binary string +var_dump(openssl_x509_export($b, $output2)); // read cert from a filename string +var_dump(openssl_x509_export($c, $output3)); // read an invalid cert, fails +var_dump(openssl_x509_export($d, $output4)); // read cert from a resource +var_dump(openssl_x509_export($e, $output5)); // read an array, fails + +$outfilename = tempnam("/tmp", "ssl"); +if ($outfilename === false) + die("failed to get a temporary filename!"); + +echo "---\n"; + +var_dump(openssl_x509_export_to_file($a, $outfilename)); // read cert as a binary string +var_dump(openssl_x509_export_to_file($b, $outfilename)); // read cert from a filename string +var_dump(openssl_x509_export_to_file($c, $outfilename)); // read an invalid cert, fails +var_dump(openssl_x509_export_to_file($d, $outfilename)); // read cert from a resource +var_dump(openssl_x509_export_to_file($e, $outfilename)); // read an array, fails +echo "---\n"; + +var_dump($exists = file_exists($outfilename)); +if ($exists) { + @unlink($outfilename); +} +echo "---\n"; + +var_dump(strcmp($output, $a)); +var_dump(strcmp($output, $output2)); +var_dump(strcmp($output, $output3)); +var_dump(strcmp($output, $output4)); // different +var_dump(strcmp($output, $output5)); // different +?> +--EXPECTF-- +bool(true) +bool(true) + +Warning: openssl_x509_export(): cannot get cert from parameter 1 in %s on line %d +bool(false) +bool(true) + +Warning: openssl_x509_export(): cannot get cert from parameter 1 in %s on line %d +bool(false) +--- +bool(true) +bool(true) + +Warning: openssl_x509_export_to_file(): cannot get cert from parameter 1 in %s on line %d +bool(false) +bool(true) + +Warning: openssl_x509_export_to_file(): cannot get cert from parameter 1 in %s on line %d +bool(false) +--- +bool(true) +--- +int(0) +int(0) +int(%d) +int(0) +int(%d) diff --git a/ext/openssl/tests/009.phpt b/ext/openssl/tests/009.phpt new file mode 100644 index 0000000..a7156dd --- /dev/null +++ b/ext/openssl/tests/009.phpt @@ -0,0 +1,29 @@ +--TEST-- +openssl_x509_check_private_key() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$fp = fopen(dirname(__FILE__) . "/cert.crt","r"); +$a = fread($fp,8192); +fclose($fp); + +$fp = fopen(dirname(__FILE__) . "/private.key","r"); +$b = fread($fp,8192); +fclose($fp); + +$cert = "file://" . dirname(__FILE__) . "/cert.crt"; +$key = "file://" . dirname(__FILE__) . "/private.key"; + +var_dump(openssl_x509_check_private_key($cert, $key)); +var_dump(openssl_x509_check_private_key("", $key)); +var_dump(openssl_x509_check_private_key($cert, "")); +var_dump(openssl_x509_check_private_key("", "")); +var_dump(openssl_x509_check_private_key($a, $b)); +?> +--EXPECT-- +bool(true) +bool(false) +bool(false) +bool(false) +bool(true) diff --git a/ext/openssl/tests/011.phpt b/ext/openssl/tests/011.phpt new file mode 100644 index 0000000..118e952 --- /dev/null +++ b/ext/openssl/tests/011.phpt @@ -0,0 +1,31 @@ +--TEST-- +openssl_encrypt() and openssl_decrypt() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$data = "openssl_encrypt() and openssl_decrypt() tests"; +$method = "AES-128-CBC"; +$password = "openssl"; + +$ivlen = openssl_cipher_iv_length($method); +$iv = ''; +srand(time() + ((microtime(true) * 1000000) % 1000000)); +while(strlen($iv) < $ivlen) $iv .= chr(rand(0,255)); + +$encrypted = openssl_encrypt($data, $method, $password, 0, $iv); +$output = openssl_decrypt($encrypted, $method, $password, 0, $iv); +var_dump($output); +$encrypted = openssl_encrypt($data, $method, $password, OPENSSL_RAW_DATA, $iv); +$output = openssl_decrypt($encrypted, $method, $password, OPENSSL_RAW_DATA, $iv); +var_dump($output); +// if we want to manage our own padding +$padded_data = $data . str_repeat(' ', 16 - (strlen($data) % 16)); +$encrypted = openssl_encrypt($padded_data, $method, $password, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv); +$output = openssl_decrypt($encrypted, $method, $password, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv); +var_dump(rtrim($output)); +?> +--EXPECT-- +string(45) "openssl_encrypt() and openssl_decrypt() tests" +string(45) "openssl_encrypt() and openssl_decrypt() tests" +string(45) "openssl_encrypt() and openssl_decrypt() tests" diff --git a/ext/openssl/tests/012.phpt b/ext/openssl/tests/012.phpt new file mode 100644 index 0000000..dbd03ac --- /dev/null +++ b/ext/openssl/tests/012.phpt @@ -0,0 +1,27 @@ +--TEST-- +openssl_seal() error tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$data = "openssl_open() test"; +$pub_key = "file://" . dirname(__FILE__) . "/public.key"; +$wrong = "wrong"; + +openssl_seal($data, $sealed, $ekeys, array($pub_key)); // no output +openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key)); // no output +openssl_seal($data, $sealed, $ekeys, array($pub_key, $wrong)); +openssl_seal($data, $sealed, $ekeys, $pub_key); +openssl_seal($data, $sealed, $ekeys, array()); +openssl_seal($data, $sealed, $ekeys, array($wrong)); +?> +--EXPECTF-- + +Warning: openssl_seal(): not a public key (2th member of pubkeys) in %s on line %d + +Warning: openssl_seal() expects parameter 4 to be array, string given in %s on line %d + +Warning: openssl_seal(): Fourth argument to openssl_seal() must be a non-empty array in %s on line %d + +Warning: openssl_seal(): not a public key (1th member of pubkeys) in %s on line %d + diff --git a/ext/openssl/tests/013.phpt b/ext/openssl/tests/013.phpt new file mode 100644 index 0000000..91bb73d --- /dev/null +++ b/ext/openssl/tests/013.phpt @@ -0,0 +1,28 @@ +--TEST-- +openssl_open() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$data = "openssl_open() test"; +$pub_key = "file://" . dirname(__FILE__) . "/public.key"; +$priv_key = "file://" . dirname(__FILE__) . "/private.key"; +$wrong = "wrong"; + +openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key, $pub_key)); +openssl_open($sealed, $output, $ekeys[0], $priv_key); +var_dump($output); +openssl_open($sealed, $output2, $ekeys[1], $wrong); +var_dump($output2); +openssl_open($sealed, $output3, $ekeys[2], $priv_key); +var_dump($output3); +openssl_open($sealed, $output4, $wrong, $priv_key); +var_dump($output4); +?> +--EXPECTF-- +string(19) "openssl_open() test" + +Warning: openssl_open(): unable to coerce parameter 4 into a private key in %s on line %d +NULL +string(19) "openssl_open() test" +NULL diff --git a/ext/openssl/tests/014.phpt b/ext/openssl/tests/014.phpt new file mode 100644 index 0000000..6123964 --- /dev/null +++ b/ext/openssl/tests/014.phpt @@ -0,0 +1,38 @@ +--TEST-- +openssl_private_encrypt() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$data = "Testing openssl_private_encrypt()"; +$privkey = "file://" . dirname(__FILE__) . "/private.key"; +$pubkey = "file://" . dirname(__FILE__) . "/public.key"; +$wrong = "wrong"; +class test { + function __toString() { + return "test"; + } +} +$obj = new test; + +var_dump(openssl_private_encrypt($data, $encrypted, $privkey)); +var_dump(openssl_private_encrypt($data, $encrypted, $pubkey)); +var_dump(openssl_private_encrypt($data, $encrypted, $wrong)); +var_dump(openssl_private_encrypt($data, $encrypted, $obj)); +var_dump(openssl_private_encrypt($obj, $encrypted, $privkey)); +openssl_public_decrypt($encrypted, $output, $pubkey); +var_dump($output); +?> +--EXPECTF-- +bool(true) + +Warning: openssl_private_encrypt(): key param is not a valid private key in %s on line %d +bool(false) + +Warning: openssl_private_encrypt(): key param is not a valid private key in %s on line %d +bool(false) + +Warning: openssl_private_encrypt(): key param is not a valid private key in %s on line %d +bool(false) +bool(true) +string(4) "test" diff --git a/ext/openssl/tests/015.phpt b/ext/openssl/tests/015.phpt new file mode 100644 index 0000000..a89121d --- /dev/null +++ b/ext/openssl/tests/015.phpt @@ -0,0 +1,39 @@ +--TEST-- +openssl_public_encrypt() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$data = "Testing openssl_public_encrypt()"; +$privkey = "file://" . dirname(__FILE__) . "/private.key"; +$pubkey = "file://" . dirname(__FILE__) . "/public.key"; +$wrong = "wrong"; +class test { + function __toString() { + return "test"; + } +} +$obj = new test; + +var_dump(openssl_public_encrypt($data, $encrypted, $pubkey)); +var_dump(openssl_public_encrypt($data, $encrypted, $privkey)); +var_dump(openssl_public_encrypt($data, $encrypted, $wrong)); +var_dump(openssl_public_encrypt($data, $encrypted, $obj)); +var_dump(openssl_public_encrypt($obj, $encrypted, $pubkey)); +openssl_private_decrypt($encrypted, $output, $privkey); +var_dump($output); +?> +--EXPECTF-- +bool(true) + +Warning: openssl_public_encrypt(): key parameter is not a valid public key in %s on line %d +bool(false) + +Warning: openssl_public_encrypt(): key parameter is not a valid public key in %s on line %d +bool(false) + +Warning: openssl_public_encrypt(): key parameter is not a valid public key in %s on line %d +bool(false) +bool(true) +string(4) "test" + diff --git a/ext/openssl/tests/016.phpt b/ext/openssl/tests/016.phpt new file mode 100644 index 0000000..2d772e7 --- /dev/null +++ b/ext/openssl/tests/016.phpt @@ -0,0 +1,48 @@ +--TEST-- +openssl_public_decrypt() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$data = "Testing openssl_public_decrypt()"; +$privkey = "file://" . dirname(__FILE__) . "/private.key"; +$pubkey = "file://" . dirname(__FILE__) . "/public.key"; +$wrong = "wrong"; + +openssl_private_encrypt($data, $encrypted, $privkey); +var_dump(openssl_public_decrypt($encrypted, $output, $pubkey)); +var_dump($output); +var_dump(openssl_public_decrypt($encrypted, $output2, $wrong)); +var_dump($output2); +var_dump(openssl_public_decrypt($wrong, $output3, $pubkey)); +var_dump($output3); +var_dump(openssl_public_decrypt($encrypted, $output4, array())); +var_dump($output4); +var_dump(openssl_public_decrypt($encrypted, $output5, array($pubkey))); +var_dump($output5); +var_dump(openssl_public_decrypt($encrypted, $output6, array($pubkey, ""))); +var_dump($output6); +?> +--EXPECTF-- +bool(true) +string(32) "Testing openssl_public_decrypt()" + +Warning: openssl_public_decrypt(): key parameter is not a valid public key in %s on line %d +bool(false) +NULL +bool(false) +NULL + +Warning: openssl_public_decrypt(): key array must be of the form array(0 => key, 1 => phrase) in %s on line %d + +Warning: openssl_public_decrypt(): key parameter is not a valid public key in %s on line %d +bool(false) +NULL + +Warning: openssl_public_decrypt(): key array must be of the form array(0 => key, 1 => phrase) in %s on line %d + +Warning: openssl_public_decrypt(): key parameter is not a valid public key in %s on line %d +bool(false) +NULL +bool(true) +string(32) "Testing openssl_public_decrypt()" diff --git a/ext/openssl/tests/017.phpt b/ext/openssl/tests/017.phpt new file mode 100644 index 0000000..65a7cd1 --- /dev/null +++ b/ext/openssl/tests/017.phpt @@ -0,0 +1,40 @@ +--TEST-- +openssl_private_decrypt() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$data = "Testing openssl_public_decrypt()"; +$privkey = "file://" . dirname(__FILE__) . "/private.key"; +$pubkey = "file://" . dirname(__FILE__) . "/public.key"; +$wrong = "wrong"; + +openssl_public_encrypt($data, $encrypted, $pubkey); +var_dump(openssl_private_decrypt($encrypted, $output, $privkey)); +var_dump($output); +var_dump(openssl_private_decrypt($encrypted, $output2, $wrong)); +var_dump($output2); +var_dump(openssl_private_decrypt($wrong, $output3, $privkey)); +var_dump($output3); +var_dump(openssl_private_decrypt($encrypted, $output4, array($privkey))); +var_dump($output4); +var_dump(openssl_private_decrypt($encrypted, $output5, array($privkey, ""))); +var_dump($output5); +?> +--EXPECTF-- +bool(true) +string(32) "Testing openssl_public_decrypt()" + +Warning: openssl_private_decrypt(): key parameter is not a valid private key in %s on line %d +bool(false) +NULL +bool(false) +NULL + +Warning: openssl_private_decrypt(): key array must be of the form array(0 => key, 1 => phrase) in %s on line %d + +Warning: openssl_private_decrypt(): key parameter is not a valid private key in %s on line %d +bool(false) +NULL +bool(true) +string(32) "Testing openssl_public_decrypt()" diff --git a/ext/openssl/tests/018.phpt b/ext/openssl/tests/018.phpt new file mode 100644 index 0000000..230c0a8 --- /dev/null +++ b/ext/openssl/tests/018.phpt @@ -0,0 +1,22 @@ +--TEST-- +openssl_sign() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$data = "Testing openssl_sign()"; +$privkey = "file://" . dirname(__FILE__) . "/private.key"; +$wrong = "wrong"; + +var_dump(openssl_sign($data, $sign, $privkey)); // no output +var_dump(openssl_sign($data, $sign, $wrong)); +var_dump(openssl_sign(array(), $sign, $privkey)); +?> +--EXPECTF-- +bool(true) + +Warning: openssl_sign(): supplied key param cannot be coerced into a private key in %s on line %d +bool(false) + +Warning: openssl_sign() expects parameter 1 to be string, array given in %s on line %d +NULL diff --git a/ext/openssl/tests/019.phpt b/ext/openssl/tests/019.phpt new file mode 100644 index 0000000..c1f186c --- /dev/null +++ b/ext/openssl/tests/019.phpt @@ -0,0 +1,28 @@ +--TEST-- +openssl_verify() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$data = "Testing openssl_verify()"; +$privkey = "file://" . dirname(__FILE__) . "/private.key"; +$pubkey = "file://" . dirname(__FILE__) . "/public.key"; +$wrong = "wrong"; + +openssl_sign($data, $sign, $privkey); +var_dump(openssl_verify($data, $sign, $pubkey)); +var_dump(openssl_verify($data, $sign, $privkey)); +var_dump(openssl_verify($data, $sign, $wrong)); +var_dump(openssl_verify($data, $wrong, $pubkey)); +var_dump(openssl_verify($wrong, $sign, $pubkey)); +?> +--EXPECTF-- +int(1) + +Warning: openssl_verify(): supplied key param cannot be coerced into a public key in %s on line %d +bool(false) + +Warning: openssl_verify(): supplied key param cannot be coerced into a public key in %s on line %d +bool(false) +int(0) +int(0) diff --git a/ext/openssl/tests/021.phpt b/ext/openssl/tests/021.phpt new file mode 100644 index 0000000..391b6a5 --- /dev/null +++ b/ext/openssl/tests/021.phpt @@ -0,0 +1,80 @@ +--TEST-- +openssl_csr_sign() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$cert = "file://" . dirname(__FILE__) . "/cert.crt"; +$priv = "file://" . dirname(__FILE__) . "/private.key"; +$wrong = "wrong"; +$pub = "file://" . dirname(__FILE__) . "/public.key"; +$config = __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf'; +$config_arg = array('config' => $config); + +$dn = array( + "countryName" => "BR", + "stateOrProvinceName" => "Rio Grande do Sul", + "localityName" => "Porto Alegre", + "commonName" => "Henrique do N. Angelo", + "emailAddress" => "hnangelo@php.net" + ); + +$args = array( + "digest_alg" => "sha1", + "private_key_bits" => 2048, + "private_key_type" => OPENSSL_KEYTYPE_DSA, + "encrypt_key" => true, + "config" => $config + ); + +$privkey = openssl_pkey_new($config_arg); +$csr = openssl_csr_new($dn, $privkey, $args); +var_dump(openssl_csr_sign($csr, null, $privkey, 365, $args)); +var_dump(openssl_csr_sign($csr, null, $privkey, 365, $config_arg)); +var_dump(openssl_csr_sign($csr, $cert, $priv, 365, $config_arg)); +var_dump(openssl_csr_sign($csr, $wrong, $privkey, 365)); +var_dump(openssl_csr_sign($csr, null, $wrong, 365)); +var_dump(openssl_csr_sign($csr, null, $privkey, $wrong)); +var_dump(openssl_csr_sign($csr, null, $privkey, 365, $wrong)); +var_dump(openssl_csr_sign($wrong, null, $privkey, 365)); +var_dump(openssl_csr_sign(array(), null, $privkey, 365)); +var_dump(openssl_csr_sign($csr, array(), $privkey, 365)); +var_dump(openssl_csr_sign($csr, null, array(), 365)); +var_dump(openssl_csr_sign($csr, null, $privkey, array())); +var_dump(openssl_csr_sign($csr, null, $privkey, 365, $config_arg)); +?> +--EXPECTF-- +resource(%d) of type (OpenSSL X.509) +resource(%d) of type (OpenSSL X.509) +resource(%d) of type (OpenSSL X.509) + +Warning: openssl_csr_sign(): cannot get cert from parameter 2 in %s on line %d +bool(false) + +Warning: openssl_csr_sign(): cannot get private key from parameter 3 in %s on line %d +bool(false) + +Warning: openssl_csr_sign() expects parameter 4 to be long, string given in %s on line %d +NULL + +Warning: openssl_csr_sign() expects parameter 5 to be array, string given in %s on line %d +NULL + +Warning: openssl_csr_sign(): cannot get CSR from parameter 1 in %s on line %d +bool(false) + +Warning: openssl_csr_sign(): cannot get CSR from parameter 1 in %s on line %d +bool(false) + +Warning: openssl_csr_sign(): cannot get cert from parameter 2 in %s on line %d +bool(false) + +Warning: openssl_csr_sign(): key array must be of the form array(0 => key, 1 => phrase) in %s on line %d + +Warning: openssl_csr_sign(): cannot get private key from parameter 3 in %s on line %d +bool(false) + +Warning: openssl_csr_sign() expects parameter 4 to be long, array given in %s on line %d +NULL +resource(%d) of type (OpenSSL X.509) + diff --git a/ext/openssl/tests/022.phpt b/ext/openssl/tests/022.phpt new file mode 100644 index 0000000..1fa84d9 --- /dev/null +++ b/ext/openssl/tests/022.phpt @@ -0,0 +1,48 @@ +--TEST-- +openssl_csr_export() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$wrong = "wrong"; +$config = __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf'; +$config_arg = array('config' => $config); + +$dn = array( + "countryName" => "BR", + "stateOrProvinceName" => "Rio Grande do Sul", + "localityName" => "Porto Alegre", + "commonName" => "Henrique do N. Angelo", + "emailAddress" => "hnangelo@php.net" + ); + +$args = array( + "digest_alg" => "sha1", + "private_key_bits" => 2048, + "private_key_type" => OPENSSL_KEYTYPE_DSA, + "encrypt_key" => true, + "config" => $config, + ); + +$privkey = openssl_pkey_new($config_arg); +$csr = openssl_csr_new($dn, $privkey, $args); +var_dump(openssl_csr_export($csr, $output)); +var_dump(openssl_csr_export($wrong, $output)); +var_dump(openssl_csr_export($privkey, $output)); +var_dump(openssl_csr_export(array(), $output)); +var_dump(openssl_csr_export($csr, $output, false)); +?> +--EXPECTF-- +bool(true) + +Warning: openssl_csr_export() expects parameter 1 to be resource, string given in %s on line %d +NULL + +Warning: openssl_csr_export(): supplied resource is not a valid OpenSSL X.509 CSR resource in %s on line %d + +Warning: openssl_csr_export(): cannot get CSR from parameter 1 in %s on line %d +bool(false) + +Warning: openssl_csr_export() expects parameter 1 to be resource, array given in %s on line %d +NULL +bool(true) diff --git a/ext/openssl/tests/023.phpt b/ext/openssl/tests/023.phpt new file mode 100644 index 0000000..1489613 --- /dev/null +++ b/ext/openssl/tests/023.phpt @@ -0,0 +1,64 @@ +--TEST-- +openssl_pkcs7_encrypt() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$infile = dirname(__FILE__) . "/cert.crt"; +$outfile = tempnam("/tmp", "ssl"); +if ($outfile === false) + die("failed to get a temporary filename!"); +$outfile2 = tempnam("/tmp", "ssl"); +if ($outfile2 === false) + die("failed to get a temporary filename!"); + +$single_cert = "file://" . dirname(__FILE__) . "/cert.crt"; +$privkey = "file://" . dirname(__FILE__) . "/private.key"; +$multi_certs = array($single_cert, $single_cert); +$assoc_headers = array("To" => "test@test", "Subject" => "testing openssl_pkcs7_encrypt()"); +$headers = array("test@test", "testing openssl_pkcs7_encrypt()"); +$empty_headers = array(); +$wrong = "wrong"; +$empty = ""; + +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $headers)); +var_dump(openssl_pkcs7_decrypt($outfile, $outfile2, $single_cert, $privkey)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $assoc_headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty_headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $wrong)); +var_dump(openssl_pkcs7_encrypt($wrong, $outfile, $single_cert, $headers)); +var_dump(openssl_pkcs7_encrypt($empty, $outfile, $single_cert, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $empty, $single_cert, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $empty, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $multi_certs, $headers)); + +if (file_exists($outfile)) { + echo "true\n"; + unlink($outfile); +} +if (file_exists($outfile2)) { + echo "true\n"; + unlink($outfile2); +} +?> +--EXPECTF-- +bool(true) +bool(true) +bool(true) +bool(true) + +Warning: openssl_pkcs7_encrypt() expects parameter 4 to be array, string given in %s on line %d +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) + +Warning: openssl_pkcs7_encrypt() expects parameter 4 to be array, string given in %s on line %d +bool(false) +bool(true) +true +true diff --git a/ext/openssl/tests/024.phpt b/ext/openssl/tests/024.phpt new file mode 100644 index 0000000..0a61840 --- /dev/null +++ b/ext/openssl/tests/024.phpt @@ -0,0 +1,64 @@ +--TEST-- +openssl_pkcs7_decrypt() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$infile = dirname(__FILE__) . "/cert.crt"; +$privkey = "file://" . dirname(__FILE__) . "/private.key"; +$encrypted = tempnam("/tmp", "ssl"); +if ($encrypted === false) + die("failed to get a temporary filename!"); +$outfile = tempnam("/tmp", "ssl"); +if ($outfile === false) { + unlink($outfile); + die("failed to get a temporary filename!"); +} + +$single_cert = "file://" . dirname(__FILE__) . "/cert.crt"; +$headers = array("test@test", "testing openssl_pkcs7_encrypt()"); +$wrong = "wrong"; +$empty = ""; + +openssl_pkcs7_encrypt($infile, $encrypted, $single_cert, $headers); +var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $single_cert, $privkey)); +var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $single_cert, $wrong)); +var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $wrong, $privkey)); +var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, null, $privkey)); +var_dump(openssl_pkcs7_decrypt($wrong, $outfile, $single_cert, $privkey)); +var_dump(openssl_pkcs7_decrypt($empty, $outfile, $single_cert, $privkey)); +var_dump(openssl_pkcs7_decrypt($encrypted, $empty, $single_cert, $privkey)); +var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $empty, $privkey)); +var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $single_cert, $empty)); + +if (file_exists($encrypted)) { + echo "true\n"; + unlink($encrypted); +} +if (file_exists($outfile)) { + echo "true\n"; + unlink($outfile); +} +?> +--EXPECTF-- +bool(true) + +Warning: openssl_pkcs7_decrypt(): unable to get private key in %s on line %d +bool(false) + +Warning: openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert in %s on line %d +bool(false) + +Warning: openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert in %s on line %d +bool(false) +bool(false) +bool(false) +bool(false) + +Warning: openssl_pkcs7_decrypt(): unable to coerce parameter 3 to x509 cert in %s on line %d +bool(false) + +Warning: openssl_pkcs7_decrypt(): unable to get private key in %s on line %d +bool(false) +true +true diff --git a/ext/openssl/tests/025.phpt b/ext/openssl/tests/025.phpt new file mode 100644 index 0000000..ac567a5 --- /dev/null +++ b/ext/openssl/tests/025.phpt @@ -0,0 +1,65 @@ +--TEST-- +openssl_pkcs7_sign() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$infile = dirname(__FILE__) . "/cert.crt"; +$outfile = tempnam("/tmp", "ssl"); +if ($outfile === false) + die("failed to get a temporary filename!"); + +$privkey = "file://" . dirname(__FILE__) . "/private.key"; +$single_cert = "file://" . dirname(__FILE__) . "/cert.crt"; +$assoc_headers = array("To" => "test@test", "Subject" => "testing openssl_pkcs7_sign()"); +$headers = array("test@test", "testing openssl_pkcs7_sign()"); +$empty_headers = array(); +$wrong = "wrong"; +$empty = ""; + +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $assoc_headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $empty_headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $wrong)); +var_dump(openssl_pkcs7_sign($wrong, $outfile, $single_cert, $privkey, $headers)); +var_dump(openssl_pkcs7_sign($empty, $outfile, $single_cert, $privkey, $headers)); +var_dump(openssl_pkcs7_sign($infile, $empty, $single_cert, $privkey, $headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $wrong, $privkey, $headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $empty, $privkey, $headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $empty)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $wrong, $headers)); + +if (file_exists($outfile)) { + echo "true\n"; + unlink($outfile); +} +?> +--EXPECTF-- +bool(true) +bool(true) +bool(true) + +Warning: openssl_pkcs7_sign() expects parameter 5 to be array, string given in %s on line %d +NULL + +Warning: openssl_pkcs7_sign(): error opening input file %s in %s on line %d +bool(false) + +Warning: openssl_pkcs7_sign(): error opening input file %s in %s on line %d +bool(false) + +Warning: openssl_pkcs7_sign(): error opening output file %s in %s on line %d +bool(false) + +Warning: openssl_pkcs7_sign(): error getting cert in %s on line %d +bool(false) + +Warning: openssl_pkcs7_sign(): error getting cert in %s on line %d +bool(false) + +Warning: openssl_pkcs7_sign() expects parameter 5 to be array, string given in %s on line %d +NULL + +Warning: openssl_pkcs7_sign(): error getting private key in %s on line %d +bool(false) +true diff --git a/ext/openssl/tests/bug25614.phpt b/ext/openssl/tests/bug25614.phpt new file mode 100644 index 0000000..a431307 --- /dev/null +++ b/ext/openssl/tests/bug25614.phpt @@ -0,0 +1,14 @@ +--TEST-- +openssl: get public key from generated private key +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +if (!@openssl_pkey_new()) die("skip cannot create private key"); +?> +--FILE-- +<?php +$priv = openssl_pkey_new(); +$pub = openssl_pkey_get_public($priv); +?> +--EXPECTF-- +Warning: openssl_pkey_get_public(): Don't know how to get public key from this private key %s diff --git a/ext/openssl/tests/bug28382.phpt b/ext/openssl/tests/bug28382.phpt new file mode 100644 index 0000000..2bedeb2 --- /dev/null +++ b/ext/openssl/tests/bug28382.phpt @@ -0,0 +1,46 @@ +--TEST-- +Bug #28382 (openssl_x509_parse extensions support) +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +if (OPENSSL_VERSION_NUMBER<0x009070af) die("skip"); +?> +--FILE-- +<?php +$cert = file_get_contents(dirname(__FILE__) . "/bug28382cert.txt"); +$ext = openssl_x509_parse($cert); +var_dump($ext['extensions']); +/* openssl 1.0 prepends the string "Full Name:" to the crlDistributionPoints array key. + For now, as this is the one difference only between 0.9.x and 1.x, it's handled with + placeholders to not to duplicate the test. When more diffs come, a duplication would + be probably a better solution. +*/ +?> +--EXPECTF-- +array(11) { + ["basicConstraints"]=> + string(8) "CA:FALSE" + ["nsComment"]=> + string(38) "For Grid use only; request tag userTag" + ["nsCertType"]=> + string(30) "SSL Client, SSL Server, S/MIME" + ["crlDistributionPoints"]=> + string(%d) "%AURI:http://mobile.blue-software.ro:90/ca/crl.shtml +" + ["nsCaPolicyUrl"]=> + string(38) "http://mobile.blue-software.ro:90/pub/" + ["subjectAltName"]=> + string(28) "email:sergiu@bluesoftware.ro" + ["subjectKeyIdentifier"]=> + string(59) "B0:A7:FF:F9:41:15:DE:23:39:BD:DD:31:0F:97:A0:B2:A2:74:E0:FC" + ["authorityKeyIdentifier"]=> + string(115) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/emailAddress=n_sergiu@hotmail.com +serial:00 +" + ["keyUsage"]=> + string(71) "Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment" + ["nsBaseUrl"]=> + string(20) "http://62.231.98.52/" + ["1.2.3.4"]=> + string(4) "%s" +} diff --git a/ext/openssl/tests/bug28382cert.txt b/ext/openssl/tests/bug28382cert.txt new file mode 100644 index 0000000..cce8d42 --- /dev/null +++ b/ext/openssl/tests/bug28382cert.txt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEoDCCBAmgAwIBAgIBJzANBgkqhkiG9w0BAQQFADCBkDELMAkGA1UEBhMCUk8x +EDAOBgNVBAgTB1JvbWFuaWExEDAOBgNVBAcTB0NyYWlvdmExDzANBgNVBAoTBlNl +cmdpdTETMBEGA1UECxMKU2VyZ2l1IFNSTDESMBAGA1UEAxMJU2VyZ2l1IENBMSMw +IQYJKoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTAeFw0wNDA1MTQxMzM0 +NTZaFw0wNTA1MTQxMzM0NTZaMIGaMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9t +YW5pYTEQMA4GA1UEBxMHQ3JhaW92YTETMBEGA1UEChMKU2VyZ2l1IFNSTDETMBEG +A1UECxMKU2VyZ2l1IFNSTDEYMBYGA1UEAxMPU2VyZ2l1IHBlcnNvbmFsMSMwIQYJ +KoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEApNj7XXz8T8FcLIWpBniPYom3QcT6T7u0xRPHqtqzj5oboBYp +DJe5d354/y0gJTpiLt8+fTrPgWXnbHm3pOHgXzTcX6Arani0GDU0/xDi4VkCRGcS +YqX2sJpcDzAbmK9UDMt3xf/O1B8AJan3RfO0Bm3ozTEPziLMkmsiYr5b/L8CAwEA +AaOCAfwwggH4MAkGA1UdEwQCMAAwNQYJYIZIAYb4QgENBCgWJkZvciBHcmlkIHVz +ZSBvbmx5OyByZXF1ZXN0IHRhZyB1c2VyVGFnMBEGCWCGSAGG+EIBAQQEAwIF4DA/ +BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vbW9iaWxlLmJsdWUtc29mdHdhcmUucm86 +OTAvY2EvY3JsLnNodG1sMDUGCWCGSAGG+EIBCAQoFiZodHRwOi8vbW9iaWxlLmJs +dWUtc29mdHdhcmUucm86OTAvcHViLzAhBgNVHREEGjAYgRZzZXJnaXVAYmx1ZXNv +ZnR3YXJlLnJvMB0GA1UdDgQWBBSwp//5QRXeIzm93TEPl6CyonTg/DCBpwYDVR0j +BIGfMIGcoYGWpIGTMIGQMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9tYW5pYTEQ +MA4GA1UEBxMHQ3JhaW92YTEPMA0GA1UEChMGU2VyZ2l1MRMwEQYDVQQLEwpTZXJn +aXUgU1JMMRIwEAYDVQQDEwlTZXJnaXUgQ0ExIzAhBgkqhkiG9w0BCQEWFG5fc2Vy +Z2l1QGhvdG1haWwuY29tggEAMAsGA1UdDwQEAwIE8DAjBglghkgBhvhCAQIEFhYU +aHR0cDovLzYyLjIzMS45OC41Mi8wCwYDKgMEBAQ+52I0MA0GCSqGSIb3DQEBBAUA +A4GBAIBIOJ+iiLyQfNJEY+IMefayQea0nmuXYY+F+L1DFjSC7xChytgYoPNnKkhh +3dWPtxbswiqKYUnGi6y3Hi4UhDsOaDW29t2S305hSc2qgjOiNtRYQIVYQ8EHG1k7 +Fl63S7uCOhnVJt+4MnUK1N6/pwgsp+Z2GvEsDG1qCKnvNpf6 +-----END CERTIFICATE----- diff --git a/ext/openssl/tests/bug36732.phpt b/ext/openssl/tests/bug36732.phpt new file mode 100644 index 0000000..ec8fedb --- /dev/null +++ b/ext/openssl/tests/bug36732.phpt @@ -0,0 +1,41 @@ +--TEST-- +Bug #36732 (add support for req_extensions in openss_csr_new and sign) +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip"); +?> +--FILE-- +<?php +$configargs = array( + "req_extensions" => "v3_req", + "x509_extensions" => "usr_cert", + "config" => __DIR__."/openssl.cnf", +); + +$dn = array( + "countryName" => "GB", + "stateOrProvinceName" => "Berkshire", + "localityName" => "Newbury", + "organizationName" => "My Company Ltd", + "commonName" => "Demo Cert" +); + +$key = openssl_pkey_new(); +$csr = openssl_csr_new($dn, $key, $configargs); +$crt = openssl_csr_sign($csr, NULL, $key, 365, $configargs); + +$str = ''; +openssl_csr_export($csr, $str, false); + +if (strpos($str, 'Requested Extensions:')) { + echo "Ok\n"; +} +openssl_x509_export($crt, $str, false); +if (strpos($str, 'X509v3 extensions:')) { + echo "Ok\n"; +} +?> +--EXPECTF-- +Ok +Ok diff --git a/ext/openssl/tests/bug37820.phpt b/ext/openssl/tests/bug37820.phpt new file mode 100644 index 0000000..2eef8c5 --- /dev/null +++ b/ext/openssl/tests/bug37820.phpt @@ -0,0 +1,36 @@ +--TEST-- +openssl_sign/verify: accept different algos +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip"); +?> +--FILE-- +<?php +$dir = dirname(__FILE__); +$file_pub = $dir . '/bug37820cert.pem'; +$file_key = $dir . '/bug37820key.pem'; + +$priv_key = file_get_contents($file_key); +$priv_key_id = openssl_get_privatekey($priv_key); + + + +$pub_key = file_get_contents($file_pub); +$pub_key_id = openssl_get_publickey($pub_key); +$data = "some custom data"; +if (!openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_MD5)) { + echo "openssl_sign failed."; +} + +$ok = openssl_verify($data, $signature, $pub_key_id, OPENSSL_ALGO_MD5); +if ($ok == 1) { + echo "Ok"; +} elseif ($ok == 0) { + echo "openssl_verify failed."; +} + + +?> +--EXPECTF-- +Ok diff --git a/ext/openssl/tests/bug37820cert.pem b/ext/openssl/tests/bug37820cert.pem new file mode 100644 index 0000000..9d7ac23 --- /dev/null +++ b/ext/openssl/tests/bug37820cert.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD +VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv +bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy +dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X +DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw +EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l +dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT +EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp +MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw +L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN +BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX +9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4= +-----END CERTIFICATE----- diff --git a/ext/openssl/tests/bug37820key.pem b/ext/openssl/tests/bug37820key.pem new file mode 100644 index 0000000..239ad66 --- /dev/null +++ b/ext/openssl/tests/bug37820key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ +2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF +oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr +8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc +a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7 +WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA +6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg= +-----END RSA PRIVATE KEY----- diff --git a/ext/openssl/tests/bug38255.phpt b/ext/openssl/tests/bug38255.phpt new file mode 100644 index 0000000..4872605 --- /dev/null +++ b/ext/openssl/tests/bug38255.phpt @@ -0,0 +1,55 @@ +--TEST-- +openssl key from zval leaks +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +?> +--FILE-- +<?php +$pub_key_id = false; +$signature = ''; +$ok = openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5); + +class test { + function __toString() { + return "test object"; + } +} +$t = new test; + + +var_dump(openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5)); +var_dump(openssl_verify("foo", $t, $pub_key_id, OPENSSL_ALGO_MD5)); +var_dump(openssl_verify("foo", new stdClass, $pub_key_id, OPENSSL_ALGO_MD5)); +var_dump(openssl_verify("foo", new stdClass, array(), OPENSSL_ALGO_MD5)); +var_dump(openssl_verify("foo", array(), array(), OPENSSL_ALGO_MD5)); +var_dump(openssl_verify()); +var_dump(openssl_verify(new stdClass, new stdClass, array(), 10000)); + +echo "Done\n"; + +?> +--EXPECTF-- +Warning: openssl_verify(): supplied key param cannot be coerced into a public key in %s on line %d + +Warning: openssl_verify(): supplied key param cannot be coerced into a public key in %s on line %d +bool(false) + +Warning: openssl_verify(): supplied key param cannot be coerced into a public key in %s on line %d +bool(false) + +Warning: openssl_verify() expects parameter 2 to be string, object given in %s on line %d +NULL + +Warning: openssl_verify() expects parameter 2 to be string, object given in %s on line %d +NULL + +Warning: openssl_verify() expects parameter 2 to be string, array given in %s on line %d +NULL + +Warning: openssl_verify() expects at least 3 parameters, 0 given in %s on line %d +NULL + +Warning: openssl_verify() expects parameter 1 to be string, object given in %s on line %d +NULL +Done diff --git a/ext/openssl/tests/bug38261.phpt b/ext/openssl/tests/bug38261.phpt new file mode 100644 index 0000000..b06fa4f --- /dev/null +++ b/ext/openssl/tests/bug38261.phpt @@ -0,0 +1,34 @@ +--TEST-- +openssl key from zval leaks +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +?> +--FILE-- +<?php +$cert = false; +class test { + function __toString() { + return "test object"; + } +} +$t = new test; + +var_dump(openssl_x509_parse("foo")); +var_dump(openssl_x509_parse($t)); +var_dump(openssl_x509_parse(array())); +var_dump(openssl_x509_parse()); +var_dump(openssl_x509_parse($cert)); +var_dump(openssl_x509_parse(new stdClass)); + +?> +--EXPECTF-- +bool(false) +bool(false) +bool(false) + +Warning: openssl_x509_parse() expects at least 1 parameter, 0 given in %sbug38261.php on line %d +NULL +bool(false) + +Catchable fatal error: Object of class stdClass could not be converted to string in %sbug38261.php on line %d diff --git a/ext/openssl/tests/bug39217.phpt b/ext/openssl/tests/bug39217.phpt new file mode 100644 index 0000000..7895e2f --- /dev/null +++ b/ext/openssl/tests/bug39217.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #39217 (Large serial number return -1) +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +?> +--FILE-- +<?php +$dir = dirname(__FILE__); +$certs = array('bug39217cert2.txt', 'bug39217cert1.txt'); +foreach($certs as $cert) { + $res = openssl_x509_parse(file_get_contents($dir . '/' . $cert)); + print_r($res['serialNumber']); + echo "\n"; +} +?> +--EXPECTF-- +163040343498260435477161879008842183802 +15 diff --git a/ext/openssl/tests/bug39217cert1.txt b/ext/openssl/tests/bug39217cert1.txt new file mode 100644 index 0000000..c3ddfb4 --- /dev/null +++ b/ext/openssl/tests/bug39217cert1.txt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICvzCCAiigAwIBAgIBDzANBgkqhkiG9w0BAQUFADBbMRkwFwYDVQQKExBET0Ug +U2NpZW5jZSBHcmlkMSAwHgYDVQQLExdDZXJ0aWZpY2F0ZSBBdXRob3JpdGllczEc +MBoGA1UEAxMTQ2VydGlmaWNhdGUgTWFuYWdlcjAeFw0wMDA4MjkyMjI4MDJaFw0w +MTA4MjkyMjI4MDJaMHgxDTALBgNVBAoTBEdyaWQxLjAsBgNVBAoTJUxhd3JlbmNl +IEJlcmtlbGV5IE5hdGlvbmFsIExhYm9yYXRvcnkxIDAeBgNVBAsTF0NlcnRpZmlj +YXRlIEF1dGhvcml0aWVzMRUwEwYDVQQDEwxMQk5MLUdyaWQtQ0EwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBAL2t4aX933WXYlofuY+L+16Tdl/KxpAammyfcW8u +kHHT6RYDjaQdfV1FpNEqfSrRjKNwGGGkrG4XHZWiUO0Di0AlBN04lsRY6jB68l6B +5byujfZv+8EeCI2c1ObBLYZYi4lToJf0sm0Hpn3GD7PZBv6BVHLOuwEFDl9z9Dnc +DFDdAgMBAAGjdjB0MBEGCWCGSAGG+EIBAQQEAwIAhzAOBgNVHQ8BAf8EBAMCAcYw +HQYDVR0OBBYEFIn+csPVyp+iprpYUIu1SziMQiDxMA8GA1UdEwEB/wQFMAMBAf8w +HwYDVR0jBBgwFoAUm85P8ry9WHAx1fIyDn6eveJRFOcwDQYJKoZIhvcNAQEFBQAD +gYEAHindWQ4P4VUmJVt5sUGA05hSAZriDJDDnkvkm/9AR7xgGxtsy21QruhUVe2E +eVFBws85zbwRqMpfUQyE/xHhUcka2GQTaKlBlcEjZTMnsh27Si2PMYU/UPr/PIpq +kBkoxVV1bMWRK57mG2tzzTy9j0wkct4G5IjEsrYNDzW6U3E= +-----END CERTIFICATE----- diff --git a/ext/openssl/tests/bug39217cert2.txt b/ext/openssl/tests/bug39217cert2.txt new file mode 100644 index 0000000..399618c --- /dev/null +++ b/ext/openssl/tests/bug39217cert2.txt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3DCCAkWgAwIBAgIQeqhtj1pzHCrTTq2AldV0ejANBgkqhkiG9w0BAQQFADAy +MRcwFQYDVQQKEw5FLUFDSEFUIE1JTkRFRjEXMBUGA1UEAxMORS1BQ0hBVCBNSU5E +RUYwHhcNMDQwMTA1MDAwMDAwWhcNMDYwMTA0MjM1OTU5WjCB5DEOMAwGA1UEBxQF +UEFSSVMxCzAJBgNVBAYTAkZSMRcwFQYDVQQKFA5FLUFDSEFUIE1JTkRFRjEtMCsG +A1UECxQkRW50LiAtIENhcCBHZW1pbmkgRXJuc3QgWW91bmcgRnJhbmNlMR8wHQYD +VQQLFBZTSVJFTiAtIDMyODc4MTc4NjAwMDUzMTQwMgYDVQQDEytDR0VZIEZyYW5j +ZSAtIENhcCBHZW1pbmkgRXJuc3QgWW91bmcgRnJhbmNlMSYwJAYJKoZIhvcNAQkB +FhdkZ2FlbWEtbWNvQGNhcGdlbWluaS5mcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEApFgcuVTuUe0z+iGTaPw7yVxhZsPq6aIqGHsCvU9fqUcymbmg9l4oTfAk +gR5bvDo+JTQb1/OPlQCKqyVa7wn6lPs97dMOZMobjCRcvw7z0jVphortA1NS8FRH +6LsWELZ13uC57IIakpW726Vz3tST9qHHbQoWbX/n8NjHcwL4zUECAwEAAaNAMD4w +CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEQYJYIZIAYb4QgEBBAQDAgeAMBEGCmCG +SAGG+EUBBgkEAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAWdmEu8TkFdgqA/xN6llo9 +zZR3EUH0X5HstxJRYgofcQyfumJHhgvaNB8vkDhZ3iJORVVxcJ27W36TAJ6b4jcr +yWjO/nc42XdgknS8r9NIV7VKzmjY7Ip2+9N6JOAWFkjGrnF1G69nrerIJavJTzrb +PYlQnzJO6SHAoi5j6WsKPw== +-----END CERTIFICATE----- diff --git a/ext/openssl/tests/bug41033.pem b/ext/openssl/tests/bug41033.pem new file mode 100644 index 0000000..4ae74b9 --- /dev/null +++ b/ext/openssl/tests/bug41033.pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQCrQ/By/Y5OQRmmc/e+W+eFVoeR5y8WPOkykwS2hc21aSNY5X3q +8ZHdV467thFd/QCoR55hHTRGRbYmfOkXSiscotU08ISlxIH39EEhFSzwqzkxFfak +cgHEu41AUOIfJ2Dz+vcmuasME159pDP0d0gt55pKRPcXoh916p2VS/FBiQIVAMnQ +C6W+K1brelHqpUqwQ1cdNJklAoGAN858gG/UIF+U3CYTcgl5/OUAqOzvitMV2ue+ +AkDEkGNEZs3KUAjpqHduf1E3znl7hJJIRr+33sul9USxn0vczDBkEJPralQjNX2C +dnYKDDhJ+UKlAFG2JZint4CBKPFiZC0tVo04iDQQUUfDC4c8K3cS5uzypebJyoLo +e5b8rScCgYBedJg6vklhMWv2wZD10hbQaXEX5r8T6EQujbfO0RcKpuaJziPPrXO8 +QwPtLt0f40yjTmPxN3LcpgMymiun9UCSTZ3MhVKekCmSNzs5+lQpCm1VlDrCg+jn +djw0VCX8Cm0lOPIyQ4eCNAB6nQLtBnXFWaqYuUS8iVDE7wmT0iwnkAIVAMKogWVA +ZOKwjTj9Yztv3lGj7VTa +-----END DSA PRIVATE KEY----- diff --git a/ext/openssl/tests/bug41033.phpt b/ext/openssl/tests/bug41033.phpt new file mode 100644 index 0000000..4aeae66 --- /dev/null +++ b/ext/openssl/tests/bug41033.phpt @@ -0,0 +1,27 @@ +--TEST-- +#41033, enable signing with DSA keys +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip, openssl required"); +if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip"); +?> +--FILE-- +<?php +$prv = 'file://' . dirname(__FILE__) . '/' . 'bug41033.pem'; +$pub = 'file://' . dirname(__FILE__) . '/' . 'bug41033pub.pem'; + + +$prkeyid = openssl_get_privatekey($prv, "1234"); +$ct = "Hello I am some text!"; +openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_DSS1); +echo "Signature: ".base64_encode($signature) . "\n"; + +$pukeyid = openssl_get_publickey($pub); +$valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_DSS1); +echo "Signature validity: " . $valid . "\n"; + + +?> +--EXPECTF-- +Signature: %s +Signature validity: 1 diff --git a/ext/openssl/tests/bug41033pub.pem b/ext/openssl/tests/bug41033pub.pem new file mode 100644 index 0000000..0d4ab27 --- /dev/null +++ b/ext/openssl/tests/bug41033pub.pem @@ -0,0 +1,12 @@ +-----BEGIN PUBLIC KEY----- +MIIBtjCCASsGByqGSM44BAEwggEeAoGBAKtD8HL9jk5BGaZz975b54VWh5HnLxY8 +6TKTBLaFzbVpI1jlferxkd1Xjru2EV39AKhHnmEdNEZFtiZ86RdKKxyi1TTwhKXE +gff0QSEVLPCrOTEV9qRyAcS7jUBQ4h8nYPP69ya5qwwTXn2kM/R3SC3nmkpE9xei +H3XqnZVL8UGJAhUAydALpb4rVut6UeqlSrBDVx00mSUCgYA3znyAb9QgX5TcJhNy +CXn85QCo7O+K0xXa574CQMSQY0RmzcpQCOmod25/UTfOeXuEkkhGv7fey6X1RLGf +S9zMMGQQk+tqVCM1fYJ2dgoMOEn5QqUAUbYlmKe3gIEo8WJkLS1WjTiINBBRR8ML +hzwrdxLm7PKl5snKguh7lvytJwOBhAACgYBedJg6vklhMWv2wZD10hbQaXEX5r8T +6EQujbfO0RcKpuaJziPPrXO8QwPtLt0f40yjTmPxN3LcpgMymiun9UCSTZ3MhVKe +kCmSNzs5+lQpCm1VlDrCg+jndjw0VCX8Cm0lOPIyQ4eCNAB6nQLtBnXFWaqYuUS8 +iVDE7wmT0iwnkA== +-----END PUBLIC KEY----- diff --git a/ext/openssl/tests/bug41353.phpt b/ext/openssl/tests/bug41353.phpt new file mode 100644 index 0000000..47fda89 --- /dev/null +++ b/ext/openssl/tests/bug41353.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #41353 (openssl_pkcs12_read() does not verify the type of the first arg) +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +?> +--FILE-- +<?php + +$a = 2; +openssl_pkcs12_read(1, $a, 1); + +echo "Done\n"; +?> +--EXPECTF-- +Done diff --git a/ext/openssl/tests/bug46127.pem b/ext/openssl/tests/bug46127.pem new file mode 100644 index 0000000..9d754d4 --- /dev/null +++ b/ext/openssl/tests/bug46127.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx +HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN +MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu +ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB +ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy +V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6 +JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S +S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R +aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E +1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY +BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy +NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho ++Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ +JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0 +Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw= +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg +wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ +vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB +AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc +z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz +xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7 +HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD +yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS +xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj +7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG +h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL +QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q +hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc= +-----END RSA PRIVATE KEY----- diff --git a/ext/openssl/tests/bug46127.phpt b/ext/openssl/tests/bug46127.phpt new file mode 100644 index 0000000..a3bfd3a --- /dev/null +++ b/ext/openssl/tests/bug46127.phpt @@ -0,0 +1,58 @@ +--TEST-- +#46127, openssl_sign/verify: accept different algos +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip, openssl required"); +if (!extension_loaded("pcntl")) die("skip, pcntl required"); +if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip"); +?> +--FILE-- +<?php + +function ssl_server($port) { + $pem = dirname(__FILE__) . '/bug46127.pem'; + $ssl = array( + 'verify_peer' => false, + 'allow_self_signed' => true, + 'local_cert' => $pem, + // 'passphrase' => '', + ); + $context = stream_context_create(array('ssl' => $ssl)); + $sock = stream_socket_server('ssl://127.0.0.1:'.$port, $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $context); + if (!$sock) return false; + + $link = stream_socket_accept($sock); + if (!$link) return false; // bad link? + + fputs($link, "Sending bug 46127\n"); + + // close stuff + fclose($link); + fclose($sock); + + exit; +} + +echo "Running bug46127\n"; + +$port = rand(15000, 32000); + +$pid = pcntl_fork(); +if ($pid == 0) { // child + ssl_server($port); + exit; +} + +// client or failed +sleep(1); +$sock = fsockopen('ssl://127.0.0.1', $port, $errno, $errstr); +if (!$sock) exit; + +echo fgets($sock); + +pcntl_waitpid($pid, $status); + +?> +--EXPECTF-- +Running bug46127 +Sending bug 46127 diff --git a/ext/openssl/tests/bug47828.phpt b/ext/openssl/tests/bug47828.phpt new file mode 100644 index 0000000..6f7ee39 --- /dev/null +++ b/ext/openssl/tests/bug47828.phpt @@ -0,0 +1,40 @@ +--TEST-- +Bug #47828 (segfaults when a UTF-8 conversion fails openssl_x509_parse()) +--SKIPIF-- +<?php if (!extension_loaded("openssl")) die("skip"); ?> +--FILE-- +<?php +$csr = "-----BEGIN CERTIFICATE----- +MIIEKzCCAxOgAwIBAgICAtUwDQYJKoZIhvcNAQEFBQAwgewxFjAUBgNVBC0DDQBT +UFI5NjEyMTdOSzkxETAPBgNVBAcTCENveW9hY+FuMQswCQYDVQQIEwJERjELMAkG +A1UEBhMCTVgxDjAMBgNVBBETBTA0MDAwMR8wHQYDVQQJExZQYW56YWNvbGEgIzYy +IDFlciBwaXNvMSgwJgYDVQQDEx9BdXRvcmlkYWQgY2VydGlmaWNhZG9yYSBJbnRl +cm5hMRMwEQYDVQQLEwpUZWNub2xvZ+1hMRMwEQYDVQQKEwpTZWd1cmlEYXRhMSAw +HgYJKoZIhvcNAQkBFhFhY0BzZWd1cmlkYXRhLmNvbTAeFw0wNzAyMTIwMDAwMDBa +Fw0xMjAyMjkwMDAwMDBaMIIBDDEWMBQGA1UELQMNAFNQUjk2MTIxN05LOTEXMBUG +A1UEBxMOQWx2YXJvIE9icmVnb24xDTALBgNVBAgTBEQuRi4xCzAJBgNVBAYTAk1Y +MQ4wDAYDVQQREwUwMTAwMDEoMCYGA1UECRMfSW5zdXJnZW50ZXMgU3VyIDIzNzUs +IDNlci4gUGlzbzEbMBkGA1UEAxMSd3d3LnNlZ3VyaWRhdGEuY29tMREwDwYDVQQL +EwhJbnRlcm5ldDEpMCcGA1UEChMgU2VndXJpRGF0YSBQcml2YWRhLCBTLkEuIGRl +IEMuVi4xKDAmBgkqhkiG9w0BCQEWGXBvc3RtYXN0ZXJAc2VndXJpZGF0YS5jb20w +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANG/rb52Ou//dnkHysR5m7T4r8QM +KOM/CP0OEXTOC+a+47RsZjqNiZsBkSeR92OFPpkw5bJ85IAD/Tgx7Tli3ryJfrdk +WMfkXpzWW0YmeTrghL0DMNd8nYc9voVv+OGnIZ0W4Mhz31eiThmyy7Fs8ZlFyfkR +REj5OQvq+z+NP/n/AgMBAAGjODA2MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1Ud +DwQFAwMH6AAwEQYJYIZIAYb4QgEBBAQDAgBAMA0GCSqGSIb3DQEBBQUAA4IBAQCq +nBqQEb7H6Gxi4KXBn1lrPd5KWO40iSD7BREU8e0eI1ZLZvi4IEAlmyG81Le037jo +irMUDS2Ue5WI61QnGw4LhnYlCIuffU7fTs+UbrOE4qNU67G+XBfjk0gHkXHmEYbb +EOR9OHeDcYFgcl3j4SLg/ff6oRYbMkQRCrgQzrl/MNkuqDWJrcigS9OD6OTgRyEo +7Zvf7/ofWIzTIvINbfjQzSTr8AbI4SbuU9iKgVGDQQF6cfpBmOYgnr3QPuoTQCoU +pz9H9wBlz/Nmw12YtfCmGqpIFAxpRGFQTGPNJWr4FdZkUM792lm7Sf3zzSvi8Ruz +M3dwifRsZyZyruy4tMsu +-----END CERTIFICATE----- +"; +$cert = str_replace("\\n", "\n", $csr); +$arr = openssl_x509_parse($cert); +var_dump($arr['hash']); +echo "Done"; +?> +--EXPECTF-- +string(8) "%s" +Done diff --git a/ext/openssl/tests/bug48182.phpt b/ext/openssl/tests/bug48182.phpt new file mode 100644 index 0000000..146c4c9 --- /dev/null +++ b/ext/openssl/tests/bug48182.phpt @@ -0,0 +1,92 @@ +--TEST-- +#48182,ssl handshake fails during asynchronous socket connection +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip, openssl required"); +if (!extension_loaded("pcntl")) die("skip, pcntl required"); +if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip"); +?> +--FILE-- +<?php + +function ssl_server($port) { + $host = 'ssl://127.0.0.1'.':'.$port; + $flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $data = "Sending bug48182\n"; + + $pem = dirname(__FILE__) . '/bug46127.pem'; + $ssl_params = array( 'verify_peer' => false, 'allow_self_signed' => true, 'local_cert' => $pem); + $ssl = array('ssl' => $ssl_params); + + $context = stream_context_create($ssl); + $sock = stream_socket_server($host, $errno, $errstr, $flags, $context); + if (!$sock) return false; + + $link = stream_socket_accept($sock); + if (!$link) return false; // bad link? + + $r = array($link); + $w = array(); + $e = array(); + if (stream_select($r, $w, $e, 1, 0) != 0) + $data .= fread($link, 8192); + + $r = array(); + $w = array($link); + if (stream_select($r, $w, $e, 1, 0) != 0) + $wrote = fwrite($link, $data, strlen($data)); + + // close stuff + fclose($link); + fclose($sock); + + exit; +} + +function ssl_async_client($port) { + $host = 'ssl://127.0.0.1'.':'.$port; + $flags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT; + $data = "Sending data over to SSL server in async mode with contents like Hello World\n"; + + $socket = stream_socket_client($host, $errno, $errstr, 10, $flags); + stream_set_blocking($socket, 0); + + while ($socket && $data) { + $wrote = fwrite($socket, $data, strlen($data)); + $data = substr($data, $wrote); + } + + $r = array($socket); + $w = array(); + $e = array(); + if (stream_select($r, $w, $e, 1, 0) != 0) + { + $data .= fread($socket, 1024); + } + + echo "$data"; + + fclose($socket); +} + +echo "Running bug48182\n"; + +$port = rand(15000, 32000); + +$pid = pcntl_fork(); +if ($pid == 0) { // child + ssl_server($port); + exit; +} + +// client or failed +sleep(1); +ssl_async_client($port); + +pcntl_waitpid($pid, $status); + +?> +--EXPECTF-- +Running bug48182 +Sending bug48182 +Sending data over to SSL server in async mode with contents like Hello World diff --git a/ext/openssl/tests/bug54060.phpt b/ext/openssl/tests/bug54060.phpt new file mode 100644 index 0000000..88f1f94 --- /dev/null +++ b/ext/openssl/tests/bug54060.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #54060 (Memory leak in openssl_encrypt) +--SKIPIF-- +<?php if (!extension_loaded("openssl")) die("skip"); ?> +--FILE-- +<?php + +$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243 +r7-89437 r892374 r894372 r894 7289r7 f frwerfh i iurf iuryw uyrfouiwy ruy +972439 8478942 yrhfjkdhls"; +$pass = "r23498rui324hjbnkj"; + +openssl_encrypt($data, 'des3', $pass, 0, '1qazxsw2'); +echo "Done"; +?> +--EXPECT-- +Done diff --git a/ext/openssl/tests/bug54061.phpt b/ext/openssl/tests/bug54061.phpt new file mode 100644 index 0000000..f1d2e24 --- /dev/null +++ b/ext/openssl/tests/bug54061.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #54061 (Memory leak in openssl_decrypt) +--SKIPIF-- +<?php if (!extension_loaded("openssl")) die("skip"); ?> +--FILE-- +<?php +$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243 +r7-89437 r892374 r894372 r894 7289r7 f frwerfh i iurf iuryw uyrfouiwy ruy +972439 8478942 yrhfjkdhls"; +$pass = "r23498rui324hjbnkj"; + +$cr = openssl_encrypt($data, 'des3', $pass, 0, '1qazxsw2'); +$dcr = openssl_decrypt($cr, 'des3', $pass, 0, '1qazxsw2'); +echo "Done"; +?> +--EXPECT-- +Done diff --git a/ext/openssl/tests/bug54992-ca.pem b/ext/openssl/tests/bug54992-ca.pem new file mode 100644 index 0000000..0fdbb2f --- /dev/null +++ b/ext/openssl/tests/bug54992-ca.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIHZzCCBU+gAwIBAgIBATANBgkqhkiG9w0BAQQFADCByzEpMCcGA1UEAxMgQ2F0 +YXBocmFjdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAlBUMQ8wDQYD +VQQHEwZMaXNib2ExETAPBgNVBAgTCFBvcnR1Z2FsMSkwJwYDVQQKEyBDYXRhcGhy +YWN0IENlcnRpZmljYXRlIEF1dGhvcml0eTEcMBoGA1UECxMTQ2VydGlmaWNhdGUg +U2lnbmluZzEkMCIGCSqGSIb3DQEJARYVQ2F0YXBocmFjdEBuZXRjYWJvLnB0MB4X +DTAzMTIwNTAwMTExOVoXDTE4MTIwMTAwMTExOVowgcsxKTAnBgNVBAMTIENhdGFw +aHJhY3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQswCQYDVQQGEwJQVDEPMA0GA1UE +BxMGTGlzYm9hMREwDwYDVQQIEwhQb3J0dWdhbDEpMCcGA1UEChMgQ2F0YXBocmFj +dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHDAaBgNVBAsTE0NlcnRpZmljYXRlIFNp +Z25pbmcxJDAiBgkqhkiG9w0BCQEWFUNhdGFwaHJhY3RAbmV0Y2Fiby5wdDCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANg+noZuxtWdxmZjxanJGEpzmDYu +Uko9OHdmhVr3UU+z04a9JFT7aH5wuwrnpadNy1u9CqrSHVWFEtSmOMOH8QYzIy4C +qCjFPSJR5UQjxpxTZeXaTvfhKI9n0LMSqc7I68HkP5MF64N3Z2cRdYvM4U6R5ERD +Xw2LiRpii/+J2cezgi/Nw3vS4hZlWDWMkttfBd0HKSwxxN7OlPcjyzoTVhQgSISV +Zvd3kwENTWD7s3EnnPRtMiW8Vzcjd8eSTCSjuGBG/8NnI44amLo7gSWocCJ2os69 +CJgiqMpp0tLT8cJm0mQUBk0o9gBS7l1GPpgq5fwWG+DmoLIHrKjxpuI5v2DW23gx +yimXSyiD1GX0JLlTqZ+klM7Mv7ptnigRXA8F5f4GbVzBlGM1L1EERd8orsSmzPEA +S6puHdlNzjcx00glp1UoAs6+tV39eW/fjiP493biPcar0pNO8QWfRSqPsgy6/qKN +m7x2DoSdTbRgCalBMp57xYCUHIETZvlewGKnQD1Tj9FlbzvOnH6r52gj5U/5r3pn +E4DshILn/qtdRwd/2Dwx/KSyBJznU7Yu0vEeMwQioZ6YFH1FnC4229lHYCN6ByVw +UE7OMH7n0A8SUN8flxr2X7MmWpQsMrgVfrAjufmFwUaeIRq9X3wihDYw0MYP0brU +x5ONmY+VA93gLdStAgMBAAGjggFSMIIBTjASBgNVHRMBAf8ECDAGAQH/AgEBMB0G +A1UdDgQWBBQj+82/Y4YWpR8kIi0obJULkqmBwTCB+AYDVR0jBIHwMIHtgBQj+82/ +Y4YWpR8kIi0obJULkqmBwaGB0aSBzjCByzEpMCcGA1UEAxMgQ2F0YXBocmFjdCBD +ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAlBUMQ8wDQYDVQQHEwZMaXNi +b2ExETAPBgNVBAgTCFBvcnR1Z2FsMSkwJwYDVQQKEyBDYXRhcGhyYWN0IENlcnRp +ZmljYXRlIEF1dGhvcml0eTEcMBoGA1UECxMTQ2VydGlmaWNhdGUgU2lnbmluZzEk +MCIGCSqGSIb3DQEJARYVQ2F0YXBocmFjdEBuZXRjYWJvLnB0ggEBMAsGA1UdDwQE +AwIBBjARBglghkgBhvhCAQEEBAMCAAcwDQYJKoZIhvcNAQEEBQADggIBAKN6pRY1 +8GwQx378ukmw4pzvODlee5IKSPRT92hfLKNGNUAMu2LFo+bjItpilhSvR4aklRvh +5RBoVE8ejEdZXsz0HobMUUcL9IemaRwBCWHPii7Y3zX2J1FUiS/KmWhrYvw5hb1P +P83f/kxdWhxD+MbwuGc2I/6WgfsRyzevQsxdJgElQvNGkOXsC56pEXm2ChVoLbZL +sZX0zPa5ZzXByQGwXl9eqOkV7fdNKulJPcLPOs/y1cAfcxXrDYHpqBGf9nb14p3C +NaWXFhvq9Khk/QiWKSO4QarPlYS4H0Sl6tp7zBaE+dZHAjci2mSTraUf7q61kqoJ +g/ZA3qupd1rR67NzN+6x/TJmIq0G3GUxnDNNqNAHvS4YJx8g4Ji0F3Qoz3CgKnc4 +HsneYQ/LCLq2pDjsffnLI88MBGbfHZDjdj2nowwX76W/6PPutD5IR/kOmHEaX1TJ +/Ff99bVV4HwNF3GPwmKPmHpw3hB9A/xG9aiQRcYs0reXoYeQ+8nyCGmu41LweFyV +1WVwWJ/MHgdtzJZHdPjeXKMWQzOx3AS3TCc31oi4IEo4NgNigcuvl0qgUcwDRXBI +HZm4f7npm7xiES8BSoq5PIVCj8EXJd4b7Gk6dHGJGO+APaw3kYKqfqg5+AN1e4a5 +x3onNvWhjcwDGgcs/xAfVJIUucEqpC5h0pZq +-----END CERTIFICATE----- diff --git a/ext/openssl/tests/bug54992.pem b/ext/openssl/tests/bug54992.pem new file mode 100644 index 0000000..0675450 --- /dev/null +++ b/ext/openssl/tests/bug54992.pem @@ -0,0 +1,47 @@ +-----BEGIN CERTIFICATE----- +MIIFizCCA3OgAwIBAgIBGTANBgkqhkiG9w0BAQUFADCByzEpMCcGA1UEAxMgQ2F0 +YXBocmFjdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAlBUMQ8wDQYD +VQQHEwZMaXNib2ExETAPBgNVBAgTCFBvcnR1Z2FsMSkwJwYDVQQKEyBDYXRhcGhy +YWN0IENlcnRpZmljYXRlIEF1dGhvcml0eTEcMBoGA1UECxMTQ2VydGlmaWNhdGUg +U2lnbmluZzEkMCIGCSqGSIb3DQEJARYVQ2F0YXBocmFjdEBuZXRjYWJvLnB0MB4X +DTExMDYwNzIzNTIwM1oXDTE4MTIwMTAwMTExOVowWjEXMBUGA1UEAxMOYnVnNTQ5 +OTIubG9jYWwxCzAJBgNVBAYTAlBUMQ8wDQYDVQQHEwZMaXNib2ExDzANBgNVBAgT +Bkxpc2JvYTEQMA4GA1UEChMHcGhwLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAtUAVQKTgpUPgtFOJ3w3kDJETS45tWeT96kUg1NeYLKW+jNbFhxPoPJv7 +XhfemCaqh2tbq1cdYW906Wp1L+eNQvdTYA2IQG4EQBUlmfyIakOIMsN/RizVkF09 +vlNQwTpaMpqTv7wB8vvwbxb9jbC2ZhQUBEg6PIn18dSstbM9FZ0CAwEAAaOCAWww +ggFoMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCysG9r7vXtfHa38AUZeCM6tgH9c +MIH4BgNVHSMEgfAwge2AFCP7zb9jhhalHyQiLShslQuSqYHBoYHRpIHOMIHLMSkw +JwYDVQQDEyBDYXRhcGhyYWN0IENlcnRpZmljYXRlIEF1dGhvcml0eTELMAkGA1UE +BhMCUFQxDzANBgNVBAcTBkxpc2JvYTERMA8GA1UECBMIUG9ydHVnYWwxKTAnBgNV +BAoTIENhdGFwaHJhY3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRwwGgYDVQQLExND +ZXJ0aWZpY2F0ZSBTaWduaW5nMSQwIgYJKoZIhvcNAQkBFhVDYXRhcGhyYWN0QG5l +dGNhYm8ucHSCAQEwCwYDVR0PBAQDAgXgMBEGCWCGSAGG+EIBAQQEAwIGQDAeBglg +hkgBhvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBBQUAA4ICAQAT +M7Id7nBSvaDXuStLunfeV0WPAh3DkKWCxw9YK0MjK7E/K5xEiYaWWbz9zuHEcKrN +MuflSdYVPXTqvD6mHLFNptOgzG6YMOO+rAAEYB5HZ/PYTO6UWAdSLlS96DpA4SS3 +Qwmrc0eXe1p4U8noEN+N3+rAbetjOuvnLG/cpoQGcA8Mws84B/elzjRne5C8N1rF +Tvdb3bqIqvP1thuPfyh/uIKSQb5ZusHvj7ZBkEs+zQLBRnCcDK4ETXFM0TcKSPar +d11tve/91BqqemwlA+ntVrVTgi/pnw4wuWxa3GOVmeEeWgtv3063wZ3lGv/72PCh +gSjxoCoVLaLPTbC/iG2a5+ca2HcF0TjfJqYNCgosgRGlm5IunvuIv+g5jLcZcDSO +hMw+HzyF8GlDF166YRRb9nUL6AtBisdEw6uQW1vQFRRQS4SGMoArSBw2EBqd7Kvf +ruCMcrkudC8vbWQHMETEvhAXdAjgsIxLeGCPh0/8mtES1Lnr0TWIrM9evPJkKACj +f6CyIASkIDZKFf5JwuUh02qvuNLr/QRELfI1NnA1aTYMQQWWOVCBffu4ce+NPdtl +Uh1vRwWAWI0Zjszw3kUk2vHLbSXeD3bU7gP3IFa1X8XsXBW2SH+BfpNWHUilHj1I +bX+zqjfaRWDJuZqB9y6iTCu8DfBtbMiTUGcI/Rs9wQ== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQC1QBVApOClQ+C0U4nfDeQMkRNLjm1Z5P3qRSDU15gspb6M1sWH +E+g8m/teF96YJqqHa1urVx1hb3TpanUv541C91NgDYhAbgRAFSWZ/IhqQ4gyw39G +LNWQXT2+U1DBOloympO/vAHy+/BvFv2NsLZmFBQESDo8ifXx1Ky1sz0VnQIDAQAB +AoGBALUEnHUkdgv4P7o5WJACAomedqPWSlYmgoVvpvuLmrq0ihuFAGAIvL+TlTgD +JNfWfiejTDlSVtCSDTR1kzZVztitfXDxRkWEjGtFjMhk/DJkql3w10SUtcqCiWqw +/XknyPHZ7A+w7Fu5KRO2LoSIze2ZLKvCfP/M/pLR2fTKGTHtAkEA2NreT1GUnvzj +u1lb2J0nTZbSQHvEkfpEej9akl0Bc5UkskenEsiXE3cJYA1TbEGSqYCmt23x3Rd2 +FYxm6MwV6wJBANX34ZuUOllsS0FJPbkEAps3M4s59daQSFiEkQc5XjPgVB0xVV7s +OEBlGkM3eqcCUOMnMI8L9wfBk49sELZCeJcCQQC/y/TL2q/EXo9c6I/faj+U1Exp +VA5rvhpKtTX6NeBOxh6Kv+z5JAja4nGcTqz2FpkM6giKO+erUFDUhjWOuNK5AkEA +xkmHnCRLxp8jRodXWeQrfigz7ixydLsVMGL5+9XgRPb5PGyBjwwePR70raH2Wls9 +FqU0zPvrnBZ6Zwlgm2cSVQJAPLYA51Z9piajbTuggpioQ5qbUEDkJjmYHbm8eJnK +h5NW/EtCk4SBxAc+8ElPrvJjtZyOPWfm4vZF5sDKtC3Fkg== +-----END RSA PRIVATE KEY----- diff --git a/ext/openssl/tests/bug54992.phpt b/ext/openssl/tests/bug54992.phpt new file mode 100644 index 0000000..768b073 --- /dev/null +++ b/ext/openssl/tests/bug54992.phpt @@ -0,0 +1,44 @@ +--TEST-- +Bug #54992: Stream not closed and error not returned when SSL CN_match fails +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +if (!function_exists('pcntl_fork')) die("skip no fork"); +--FILE-- +<?php +$context = stream_context_create(); + +stream_context_set_option($context, 'ssl', 'local_cert', __DIR__ . "/bug54992.pem"); +stream_context_set_option($context, 'ssl', 'allow_self_signed', true); +$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, + STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context); + + +$pid = pcntl_fork(); +if ($pid == -1) { + die('could not fork'); +} else if ($pid) { + $contextC = stream_context_create( + array( + 'ssl' => array( + 'verify_peer' => true, + 'cafile' => __DIR__ . '/bug54992-ca.pem', + 'CN_match' => 'buga_buga', + ) + ) + ); + var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, + STREAM_CLIENT_CONNECT, $contextC)); +} else { + @pcntl_wait($status); + @stream_socket_accept($server, 1); +} +--EXPECTF-- +Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`buga_buga' in %s on line %d + +Warning: stream_socket_client(): Failed to enable crypto in %s on line %d + +Warning: stream_socket_client(): unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d +bool(false) + + diff --git a/ext/openssl/tests/bug55646.phpt b/ext/openssl/tests/bug55646.phpt new file mode 100644 index 0000000..c11284d --- /dev/null +++ b/ext/openssl/tests/bug55646.phpt @@ -0,0 +1,38 @@ +--TEST-- +Bug #55646: textual input in openssl_csr_new() is not expected in UTF-8 +--SKIPIF-- +<?php +if (!function_exists('openssl_csr_new')) + die('skip no openssl extension'); +--FILE-- +<?php +function stringAsHex($string){$unpacked = unpack("H*", $string);return implode(" ", str_split($unpacked[1],2));} + +$config = array("digest_alg" => "sha1","x509_extensions" => "v3_ca","req_extensions" => "v3_req","private_key_bits" => 2048,"private_key_type" => OPENSSL_KEYTYPE_RSA,"encrypt_key" => false,); +$csr_info = array( + "countryName" => "US", + "stateOrProvinceName" => "Utah", + "localityName" => "Lindon", + "organizationName" => "Chinese", + "organizationalUnitName" => "IT \xe4\xba\x92", + "commonName" => "www.example.com",); +$private = openssl_pkey_new($config); +while (openssl_error_string()) {} +$csr_res = openssl_csr_new($csr_info, $private, + ['config' => __DIR__."/openssl.cnf"]); +if (!$csr_res) { + while ($e = openssl_error_string()) { $err = $e; } + die("Failed; last error: $err"); +} +openssl_csr_export($csr_res, $csr); +$output = openssl_csr_get_subject($csr); + +echo "A: ".$csr_info["organizationalUnitName"]."\n"; +echo "B: ".stringAsHex($csr_info["organizationalUnitName"])."\n"; +echo "C: ".$output['OU']."\n"; +echo "D: ".stringAsHex($output['OU'])."\n"; +--EXPECT-- +A: IT 互 +B: 49 54 20 e4 ba 92 +C: IT 互 +D: 49 54 20 e4 ba 92 diff --git a/ext/openssl/tests/bug61124.phpt b/ext/openssl/tests/bug61124.phpt new file mode 100644 index 0000000..2fc192d --- /dev/null +++ b/ext/openssl/tests/bug61124.phpt @@ -0,0 +1,12 @@ +--TEST--
+Bug #61124: Segmentation fault with openssl_decrypt
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip");
+--FILE--
+<?php
+var_dump(openssl_decrypt('kzo w2RMExUTYQXW2Xzxmg==', 'aes-128-cbc', 'pass', false, 'pass'));
+
+--EXPECTF--
+Warning: openssl_decrypt(): Failed to base64 decode the input in %s on line %s
+bool(false)
\ No newline at end of file diff --git a/ext/openssl/tests/bug61930.phpt b/ext/openssl/tests/bug61930.phpt new file mode 100644 index 0000000..55dc42f --- /dev/null +++ b/ext/openssl/tests/bug61930.phpt @@ -0,0 +1,24 @@ +--TEST-- +Bug #61930: openssl corrupts ssl key resource when using openssl_get_publickey() +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +?> +--FILE-- +<?php +$cert = file_get_contents(__DIR__.'/cert.crt'); + +$data = <<<DATA +Please verify me +DATA; + +$sig = 'f9Gyb6NV/ENn7GUa37ygTLcF93XHf5fbFTnoYF/O+fXbq3iChGUbET0RuhOsptlAODi6JsDLnJO4ikcVZo0tC1fFTj3LyCuPy3ZdgJbbVxQ/rviROCmuMFTqUW/Xa2LQYiapeCCgLQeWTLg7TM/BoHEkKbKLG/XT5jHvep1758A='; + +$key = openssl_get_publickey($cert); +var_dump(openssl_get_publickey($key)); +var_dump(openssl_verify($data, base64_decode($sig), $key)); +?> +--EXPECTF-- +resource(%d) of type (OpenSSL key) +int(1) + diff --git a/ext/openssl/tests/cert.crt b/ext/openssl/tests/cert.crt new file mode 100644 index 0000000..2e77905 --- /dev/null +++ b/ext/openssl/tests/cert.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbDCCAtWgAwIBAgIJAK7FVsxyN1CiMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD +VQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTATBgNVBAcTDFBv +cnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5nZWxvMR8wHQYJ +KoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0MB4XDTA4MDYzMDEwMjg0M1oXDTA4 +MDczMDEwMjg0M1owgYExCzAJBgNVBAYTAkJSMRowGAYDVQQIExFSaW8gR3JhbmRl +IGRvIFN1bDEVMBMGA1UEBxMMUG9ydG8gQWxlZ3JlMR4wHAYDVQQDExVIZW5yaXF1 +ZSBkbyBOLiBBbmdlbG8xHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQw +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMteno+QK1ulX4/WDAVBYfoTPRTz +e4SZLwgael4jwWTytj+8c5nNllrFELD6WjJzfjaoIMhCF4w4I2bkWR6/PTqrvnv+ +iiiItHfKvJgYqIobUhkiKmWa2wL3mgqvNRIqTrTC4jWZuCkxQ/ksqL9O/F6zk+aR +S1d+KbPaqCR5Rw+lAgMBAAGjgekwgeYwHQYDVR0OBBYEFNt+QHK9XDWF7CkpgRLo +Ymhqtz99MIG2BgNVHSMEga4wgauAFNt+QHK9XDWF7CkpgRLoYmhqtz99oYGHpIGE +MIGBMQswCQYDVQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTAT +BgNVBAcTDFBvcnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5n +ZWxvMR8wHQYJKoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0ggkArsVWzHI3UKIw +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCP1GUnStC0TBqngr3Kx+zS +UW8KutKO0ORc5R8aV/x9LlaJrzPyQJgiPpu5hXogLSKRIHxQS3X2+Y0VvIpW72LW +PVKPhYlNtO3oKnfoJGKin0eEhXRZMjfEW/kznY+ZZmNifV2r8s+KhNAqI4PbClvn +4vh8xF/9+eVEj+hM+0OflA== +-----END CERTIFICATE----- diff --git a/ext/openssl/tests/openssl.cnf b/ext/openssl/tests/openssl.cnf new file mode 100644 index 0000000..10e6907 --- /dev/null +++ b/ext/openssl/tests/openssl.cnf @@ -0,0 +1,43 @@ +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert +string_mask = MASK:4294967295 + + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State +localityName = Locality Name (eg, city) +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd +organizationalUnitName = Organizational Unit Name (eg, section) +commonName = Common Name (eg, YOUR name) +commonName_max = 64 +emailAddress = Email Address +emailAddress_max = 64 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 +unstructuredName = An optional company name + +[ v3_req ] +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = CA:true + +[ usr_cert ] +basicConstraints=CA:FALSE + diff --git a/ext/openssl/tests/openssl_decrypt_error.phpt b/ext/openssl/tests/openssl_decrypt_error.phpt new file mode 100644 index 0000000..40debbd --- /dev/null +++ b/ext/openssl/tests/openssl_decrypt_error.phpt @@ -0,0 +1,53 @@ +--TEST-- +openssl_decrypt() error tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$data = "openssl_decrypt() tests"; +$method = "AES-128-CBC"; +$password = "openssl"; +$wrong = "wrong"; +$iv = str_repeat("\0", openssl_cipher_iv_length($method)); + +$encrypted = openssl_encrypt($data, $method, $password); +var_dump($encrypted); /* Not passing $iv should be the same as all-NULL iv, but with a warning */ +var_dump(openssl_encrypt($data, $method, $password, 0, $iv)); +var_dump(openssl_decrypt($encrypted, $method, $wrong)); +var_dump(openssl_decrypt($encrypted, $wrong, $password)); +var_dump(openssl_decrypt($wrong, $method, $password)); +var_dump(openssl_decrypt($wrong, $wrong, $password)); +var_dump(openssl_decrypt($encrypted, $wrong, $wrong)); +var_dump(openssl_decrypt($wrong, $wrong, $wrong)); +var_dump(openssl_decrypt(array(), $method, $password)); +var_dump(openssl_decrypt($encrypted, array(), $password)); +var_dump(openssl_decrypt($encrypted, $method, array())); +?> +--EXPECTF-- + +Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in %s on line %d +string(44) "yof6cPPH4mLee6TOc0YQSrh4dvywMqxGUyjp0lV6+aM=" +string(44) "yof6cPPH4mLee6TOc0YQSrh4dvywMqxGUyjp0lV6+aM=" +bool(false) + +Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d +bool(false) +bool(false) + +Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d +bool(false) + +Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d +bool(false) + +Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d +bool(false) + +Warning: openssl_decrypt() expects parameter 1 to be string, array given in %s on line %d +NULL + +Warning: openssl_decrypt() expects parameter 2 to be string, array given in %s on line %d +NULL + +Warning: openssl_decrypt() expects parameter 3 to be string, array given in %s on line %d +NULL diff --git a/ext/openssl/tests/openssl_digest_basic.phpt b/ext/openssl/tests/openssl_digest_basic.phpt new file mode 100644 index 0000000..a924c06 --- /dev/null +++ b/ext/openssl/tests/openssl_digest_basic.phpt @@ -0,0 +1,16 @@ +--TEST-- +openssl_digest() basic test +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$data = "openssl_digest() basic test"; +$method = "md5"; +$method2 = "sha1"; + +var_dump(openssl_digest($data, $method)); +var_dump(openssl_digest($data, $method2)); +?> +--EXPECT-- +string(32) "f0045b6c41d9ec835cb8948c7fec4955" +string(40) "aa6e750fef05c2414c18860ad31f2c35e79bf3dc" diff --git a/ext/openssl/tests/openssl_encrypt_crash.phpt b/ext/openssl/tests/openssl_encrypt_crash.phpt new file mode 100644 index 0000000..b88782b --- /dev/null +++ b/ext/openssl/tests/openssl_encrypt_crash.phpt @@ -0,0 +1,13 @@ +--TEST-- +openssl_encrypt() crash with old OpenSSL +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +openssl_encrypt('', 'AES-128-CBC', 'foo'); +var_dump("done"); +?> +--EXPECTF-- + +Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in %s on line %d +string(4) "done"
\ No newline at end of file diff --git a/ext/openssl/tests/openssl_encrypt_error.phpt b/ext/openssl/tests/openssl_encrypt_error.phpt new file mode 100644 index 0000000..7376f48 --- /dev/null +++ b/ext/openssl/tests/openssl_encrypt_error.phpt @@ -0,0 +1,43 @@ +--TEST-- +openssl_encrypt() error tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$data = "openssl_encrypt() tests"; +$method = "AES-128-CBC"; +$password = "openssl"; +$wrong = "wrong"; +$object = new stdclass; +$arr = array(1); + +var_dump(openssl_encrypt($data, $wrong, $password)); +var_dump(openssl_encrypt($object, $method, $password)); +var_dump(openssl_encrypt($data, $object, $password)); +var_dump(openssl_encrypt($data, $method, $object)); +var_dump(openssl_encrypt($arr, $method, $object)); +var_dump(openssl_encrypt($data, $arr, $object)); +var_dump(openssl_encrypt($data, $method, $arr)); +?> +--EXPECTF-- +Warning: openssl_encrypt(): Unknown cipher algorithm in %s on line %d +bool(false) + +Warning: openssl_encrypt() expects parameter 1 to be string, object given in %s on line %d +NULL + +Warning: openssl_encrypt() expects parameter 2 to be string, object given in %s on line %d +NULL + +Warning: openssl_encrypt() expects parameter 3 to be string, object given in %s on line %d +NULL + +Warning: openssl_encrypt() expects parameter 1 to be string, array given in %s on line %d +NULL + +Warning: openssl_encrypt() expects parameter 2 to be string, array given in %s on line %d +NULL + +Warning: openssl_encrypt() expects parameter 3 to be string, array given in %s on line %d +NULL + diff --git a/ext/openssl/tests/openssl_random_pseudo_bytes.phpt b/ext/openssl/tests/openssl_random_pseudo_bytes.phpt new file mode 100644 index 0000000..ac5a307 --- /dev/null +++ b/ext/openssl/tests/openssl_random_pseudo_bytes.phpt @@ -0,0 +1,22 @@ +--TEST-- +openssl_random_pseudo_bytes() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +for ($i = 0; $i < 10; $i++) { + var_dump(bin2hex(openssl_random_pseudo_bytes($i, $strong))); +} + +?> +--EXPECTF-- +string(0) "" +string(2) "%s" +string(4) "%s" +string(6) "%s" +string(8) "%s" +string(10) "%s" +string(12) "%s" +string(14) "%s" +string(16) "%s" +string(18) "%s"
\ No newline at end of file diff --git a/ext/openssl/tests/openssl_x509_parse_basic.phpt b/ext/openssl/tests/openssl_x509_parse_basic.phpt new file mode 100644 index 0000000..fb0bbc7 --- /dev/null +++ b/ext/openssl/tests/openssl_x509_parse_basic.phpt @@ -0,0 +1,294 @@ +--TEST-- +openssl_x509_parse() basic test +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; +if (OPENSSL_VERSION_NUMBER < 0x10000000) die("skip Output requires OpenSSL 1.0"); +?> +--FILE-- +<?php +$cert = "file://" . dirname(__FILE__) . "/cert.crt"; + +var_dump(openssl_x509_parse($cert)); +var_dump(openssl_x509_parse($cert, false)); +?> +--EXPECTF-- +array(12) { + ["name"]=> + string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net" + ["subject"]=> + array(5) { + ["C"]=> + string(2) "BR" + ["ST"]=> + string(17) "Rio Grande do Sul" + ["L"]=> + string(12) "Porto Alegre" + ["CN"]=> + string(21) "Henrique do N. Angelo" + ["emailAddress"]=> + string(16) "hnangelo@php.net" + } + ["hash"]=> + string(8) "%s" + ["issuer"]=> + array(5) { + ["C"]=> + string(2) "BR" + ["ST"]=> + string(17) "Rio Grande do Sul" + ["L"]=> + string(12) "Porto Alegre" + ["CN"]=> + string(21) "Henrique do N. Angelo" + ["emailAddress"]=> + string(16) "hnangelo@php.net" + } + ["version"]=> + int(2) + ["serialNumber"]=> + string(20) "12593567369101004962" + ["validFrom"]=> + string(13) "080630102843Z" + ["validTo"]=> + string(13) "080730102843Z" + ["validFrom_time_t"]=> + int(1214821723) + ["validTo_time_t"]=> + int(1217413723) + ["purposes"]=> + array(9) { + [1]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(9) "sslclient" + } + [2]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(9) "sslserver" + } + [3]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(11) "nssslserver" + } + [4]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(9) "smimesign" + } + [5]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(12) "smimeencrypt" + } + [6]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(7) "crlsign" + } + [7]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(3) "any" + } + [8]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(10) "ocsphelper" + } + [9]=> + array(3) { + [0]=> + bool(false) + [1]=> + bool(true) + [2]=> + string(13) "timestampsign" + } + } + ["extensions"]=> + array(3) { + ["subjectKeyIdentifier"]=> + string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D" + ["authorityKeyIdentifier"]=> + string(202) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D +DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net +serial:AE:C5:56:CC:72:37:50:A2 +" + ["basicConstraints"]=> + string(7) "CA:TRUE" + } +} +array(12) { + ["name"]=> + string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net" + ["subject"]=> + array(5) { + ["countryName"]=> + string(2) "BR" + ["stateOrProvinceName"]=> + string(17) "Rio Grande do Sul" + ["localityName"]=> + string(12) "Porto Alegre" + ["commonName"]=> + string(21) "Henrique do N. Angelo" + ["emailAddress"]=> + string(16) "hnangelo@php.net" + } + ["hash"]=> + string(8) "%s" + ["issuer"]=> + array(5) { + ["countryName"]=> + string(2) "BR" + ["stateOrProvinceName"]=> + string(17) "Rio Grande do Sul" + ["localityName"]=> + string(12) "Porto Alegre" + ["commonName"]=> + string(21) "Henrique do N. Angelo" + ["emailAddress"]=> + string(16) "hnangelo@php.net" + } + ["version"]=> + int(2) + ["serialNumber"]=> + string(20) "12593567369101004962" + ["validFrom"]=> + string(13) "080630102843Z" + ["validTo"]=> + string(13) "080730102843Z" + ["validFrom_time_t"]=> + int(1214821723) + ["validTo_time_t"]=> + int(1217413723) + ["purposes"]=> + array(9) { + [1]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(10) "SSL client" + } + [2]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(10) "SSL server" + } + [3]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(19) "Netscape SSL server" + } + [4]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(14) "S/MIME signing" + } + [5]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(17) "S/MIME encryption" + } + [6]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(11) "CRL signing" + } + [7]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(11) "Any Purpose" + } + [8]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(11) "OCSP helper" + } + [9]=> + array(3) { + [0]=> + bool(false) + [1]=> + bool(true) + [2]=> + string(18) "Time Stamp signing" + } + } + ["extensions"]=> + array(3) { + ["subjectKeyIdentifier"]=> + string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D" + ["authorityKeyIdentifier"]=> + string(202) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D +DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net +serial:AE:C5:56:CC:72:37:50:A2 +" + ["basicConstraints"]=> + string(7) "CA:TRUE" + } +} diff --git a/ext/openssl/tests/openssl_x509_parse_basic_v9.phpt b/ext/openssl/tests/openssl_x509_parse_basic_v9.phpt new file mode 100644 index 0000000..89862ef --- /dev/null +++ b/ext/openssl/tests/openssl_x509_parse_basic_v9.phpt @@ -0,0 +1,276 @@ +--TEST-- +openssl_x509_parse() basic test for OpenSSL 0.9 +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; +if (OPENSSL_VERSION_NUMBER > 0x10000000) die("skip Output requires OpenSSL 0.9"); +?> +--FILE-- +<?php +$cert = "file://" . dirname(__FILE__) . "/cert.crt"; + +var_dump(openssl_x509_parse($cert)); +var_dump(openssl_x509_parse($cert, false)); +?> +--EXPECTF-- +array(12) { + ["name"]=> + string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net" + ["subject"]=> + array(5) { + ["C"]=> + string(2) "BR" + ["ST"]=> + string(17) "Rio Grande do Sul" + ["L"]=> + string(12) "Porto Alegre" + ["CN"]=> + string(21) "Henrique do N. Angelo" + ["emailAddress"]=> + string(16) "hnangelo@php.net" + } + ["hash"]=> + string(8) "%s" + ["issuer"]=> + array(5) { + ["C"]=> + string(2) "BR" + ["ST"]=> + string(17) "Rio Grande do Sul" + ["L"]=> + string(12) "Porto Alegre" + ["CN"]=> + string(21) "Henrique do N. Angelo" + ["emailAddress"]=> + string(16) "hnangelo@php.net" + } + ["version"]=> + int(2) + ["serialNumber"]=> + string(20) "12593567369101004962" + ["validFrom"]=> + string(13) "080630102843Z" + ["validTo"]=> + string(13) "080730102843Z" + ["validFrom_time_t"]=> + int(1214821723) + ["validTo_time_t"]=> + int(1217413723) + ["purposes"]=> + array(8) { + [1]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(9) "sslclient" + } + [2]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(9) "sslserver" + } + [3]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(11) "nssslserver" + } + [4]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(9) "smimesign" + } + [5]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(12) "smimeencrypt" + } + [6]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(7) "crlsign" + } + [7]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(3) "any" + } + [8]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(10) "ocsphelper" + } + } + ["extensions"]=> + array(3) { + ["subjectKeyIdentifier"]=> + string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D" + ["authorityKeyIdentifier"]=> + string(202) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D +DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net +serial:AE:C5:56:CC:72:37:50:A2 +" + ["basicConstraints"]=> + string(7) "CA:TRUE" + } +} +array(12) { + ["name"]=> + string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net" + ["subject"]=> + array(5) { + ["countryName"]=> + string(2) "BR" + ["stateOrProvinceName"]=> + string(17) "Rio Grande do Sul" + ["localityName"]=> + string(12) "Porto Alegre" + ["commonName"]=> + string(21) "Henrique do N. Angelo" + ["emailAddress"]=> + string(16) "hnangelo@php.net" + } + ["hash"]=> + string(8) "%s" + ["issuer"]=> + array(5) { + ["countryName"]=> + string(2) "BR" + ["stateOrProvinceName"]=> + string(17) "Rio Grande do Sul" + ["localityName"]=> + string(12) "Porto Alegre" + ["commonName"]=> + string(21) "Henrique do N. Angelo" + ["emailAddress"]=> + string(16) "hnangelo@php.net" + } + ["version"]=> + int(2) + ["serialNumber"]=> + string(20) "12593567369101004962" + ["validFrom"]=> + string(13) "080630102843Z" + ["validTo"]=> + string(13) "080730102843Z" + ["validFrom_time_t"]=> + int(1214821723) + ["validTo_time_t"]=> + int(1217413723) + ["purposes"]=> + array(8) { + [1]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(10) "SSL client" + } + [2]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(10) "SSL server" + } + [3]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(19) "Netscape SSL server" + } + [4]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(14) "S/MIME signing" + } + [5]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(17) "S/MIME encryption" + } + [6]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(11) "CRL signing" + } + [7]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(11) "Any Purpose" + } + [8]=> + array(3) { + [0]=> + bool(true) + [1]=> + bool(true) + [2]=> + string(11) "OCSP helper" + } + } + ["extensions"]=> + array(3) { + ["subjectKeyIdentifier"]=> + string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D" + ["authorityKeyIdentifier"]=> + string(202) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D +DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net +serial:AE:C5:56:CC:72:37:50:A2 +" + ["basicConstraints"]=> + string(7) "CA:TRUE" + } +} diff --git a/ext/openssl/tests/private.key b/ext/openssl/tests/private.key new file mode 100644 index 0000000..bce512e --- /dev/null +++ b/ext/openssl/tests/private.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDLXp6PkCtbpV+P1gwFQWH6Ez0U83uEmS8IGnpeI8Fk8rY/vHOZ +zZZaxRCw+loyc342qCDIQheMOCNm5Fkevz06q757/oooiLR3yryYGKiKG1IZIipl +mtsC95oKrzUSKk60wuI1mbgpMUP5LKi/Tvxes5PmkUtXfimz2qgkeUcPpQIDAQAB +AoGBAMcP/dp+fsI9FFYBaVC3mASlUjOwxKWdH3kqGb8N9p4uKRAoEWtp3hNJM7ZX +x3P8sn0jgrsiXlRFGvn65/T9shp8hj+CdJKg2jKCs7S58v60TLfSvOQSIYsw9Qm9 +Bsx4hKfz+d52ptuJRbv8tDxsYP3D/KjQfpX1OysiP/WBfeg9AkEA+AGT0goqjWOM +YgFtZGrefIegF31XSCQTaLIml6/2JwF+oBKjJUQFar2Rwn6qUwrsGtSPMM0Iz8ry +9uvUbs8PPwJBANHsuTVWzLf8TJNGc+xIlhvzKFkF0nJIWx4ozhlMNDQMMF/3FRSo +zvHIgUnpG9Vwa2GtjTDnD8jHtzTauAZmjBsCQCGDVQ5VAVsJ0LaNqtKe/mGlkiSa +c2j0Nws2x7BHvuOWeB35ZsJqZrD93OyDYVDHcRBPGOpnSoGJ0zs6swImSNECQHSH +0BgH4wSPDYMDrP4RHSLOzCr+zF+cQthvFll8r83kpkXfRth9DMOy5fI9cLH/Adzr +FmF7Iov2MYEpmNYUvtkCQHfW0ntkVY9xS2/VTs57F5tUkfNG2hG74pJM6vSfTNWn +R/oI5m2sDtRWQ88LCYJMEmIZhN00Ys4xOSoTs+SUakY= +-----END RSA PRIVATE KEY----- diff --git a/ext/openssl/tests/public.key b/ext/openssl/tests/public.key new file mode 100644 index 0000000..92021c1 --- /dev/null +++ b/ext/openssl/tests/public.key @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLXp6PkCtbpV+P1gwFQWH6Ez0U +83uEmS8IGnpeI8Fk8rY/vHOZzZZaxRCw+loyc342qCDIQheMOCNm5Fkevz06q757 +/oooiLR3yryYGKiKG1IZIiplmtsC95oKrzUSKk60wuI1mbgpMUP5LKi/Tvxes5Pm +kUtXfimz2qgkeUcPpQIDAQAB +-----END PUBLIC KEY----- diff --git a/ext/openssl/tests/sni_001.phpt b/ext/openssl/tests/sni_001.phpt new file mode 100644 index 0000000..3d7798c --- /dev/null +++ b/ext/openssl/tests/sni_001.phpt @@ -0,0 +1,178 @@ +--TEST-- +SNI 001 +--SKIPIF-- +<?php + if (!extension_loaded('openssl')) die("skip openssl extension not available"); + if (!getenv('SNI_TESTS')) die("skip Set SNI_TESTS to enable this test (uses remote resources)"); +?> +--FILE-- +<?php +/* Server Name Indication (SNI) tests + * + * This test relies on https://sni.velox.ch/ and thus is disabled by default. + * + * sni.velox.ch uses 3 certificates : + * - CN=alice.sni.velox.ch (sent in response to server_name = alice.sni.velox.ch or not set) + * - CN=bob.sni.velox.ch (sent in response to server_name = bob.sni.velox.ch) + * - CN=*.sni.velox.ch (sent in response to server_name = mallory.sni.velox.ch or *.sni.velox.ch or sni.velox.ch) + * + * The test sends requests to the server, sending different names, and checks which certificate + * the server returned. + */ + +function context() { + return stream_context_create(array( + 'ssl' => array( + 'capture_peer_cert' => true, + ), + )); +} + +function get_CN($context) { + + $ary = stream_context_get_options($context); + assert($ary); + + $cert = $ary['ssl']['peer_certificate']; + assert($cert); + + $cert_ary = openssl_x509_parse($cert); + return $cert_ary['subject']['CN']; +} + +function do_http_test($url, $context) { + + $fh = fopen($url, 'r', false, $context); + assert($fh); + + var_dump(get_CN($context)); +} + +function do_ssl_test($url, $context) { + + $fh = stream_socket_client($url, $errno, $errstr, + ini_get("default_socket_timeout"), STREAM_CLIENT_CONNECT, $context); + assert($fh); + + var_dump(get_CN($context)); +} + +function do_enable_crypto_test($url, $context) { + + $fh = stream_socket_client($url, $errno, $errstr, + ini_get("default_socket_timeout"), STREAM_CLIENT_CONNECT, $context); + assert($fh); + + $r = stream_socket_enable_crypto($fh, true, STREAM_CRYPTO_METHOD_TLS_CLIENT); + assert($r); + + var_dump(get_CN($context)); +} + +/* Test https:// streams */ + +echo "-- auto host name (1) --\n"; +do_http_test('https://alice.sni.velox.ch/', context()); + +echo "-- auto host name (2) --\n"; +do_http_test('https://bob.sni.velox.ch/', context()); + +echo "-- auto host name (3) --\n"; +do_http_test('https://bob.sni.velox.ch./', context()); + +echo "-- user supplied server name --\n"; + +$context = context(); +stream_context_set_option($context, 'ssl', 'SNI_server_name', 'bob.sni.velox.ch'); +stream_context_set_option($context, 'http', 'header', b'Host: bob.sni.velox.ch'); +do_http_test('https://alice.sni.velox.ch/', $context); + +echo "-- sni disabled --\n"; + +$context = context(); +stream_context_set_option($context, 'ssl', 'SNI_enabled', false); +do_http_test('https://bob.sni.velox.ch/', $context); + +/* Test ssl:// socket streams */ + +echo "-- raw SSL stream (1) --\n"; +do_ssl_test('ssl://bob.sni.velox.ch:443', context()); + +echo "-- raw SSL stream (2) --\n"; +do_ssl_test('ssl://mallory.sni.velox.ch:443', context()); + +echo "-- raw SSL stream with user supplied sni --\n"; + +$context = context(); +stream_context_set_option($context, 'ssl', 'SNI_server_name', 'bob.sni.velox.ch'); + +do_ssl_test('ssl://mallory.sni.velox.ch:443', $context); + +echo "-- raw SSL stream with sni disabled --\n"; + +$context = context(); +stream_context_set_option($context, 'ssl', 'SNI_enabled', false); + +do_ssl_test('ssl://mallory.sni.velox.ch:443', $context); + +/* Test tcp:// socket streams with SSL enabled */ + +echo "-- stream_socket_enable_crypto (1) --\n"; + +do_enable_crypto_test('tcp://bob.sni.velox.ch:443', context()); + +echo "-- stream_socket_enable_crypto (2) --\n"; + +do_enable_crypto_test('tcp://mallory.sni.velox.ch:443', context()); + +echo "-- stream_socket_enable_crypto with user supplied sni --\n"; + +$context = context(); +stream_context_set_option($context, 'ssl', 'SNI_server_name', 'bob.sni.velox.ch'); + +do_enable_crypto_test('tcp://mallory.sni.velox.ch:443', $context); + +echo "-- stream_socket_enable_crypto with sni disabled --\n"; + +$context = context(); +stream_context_set_option($context, 'ssl', 'SNI_enabled', false); + +do_enable_crypto_test('tcp://mallory.sni.velox.ch:443', $context); + +echo "-- stream_socket_enable_crypto with long name --\n"; + +$context = context(); +stream_context_set_option($context, 'ssl', 'SNI_server_name', str_repeat('a.', 500) . '.sni.velox.ch'); + +do_enable_crypto_test('tcp://mallory.sni.velox.ch:443', $context); + +?> +--EXPECTF-- +-- auto host name (1) -- +%unicode|string%(18) "alice.sni.velox.ch" +-- auto host name (2) -- +%unicode|string%(16) "bob.sni.velox.ch" +-- auto host name (3) -- +%unicode|string%(16) "bob.sni.velox.ch" +-- user supplied server name -- +%unicode|string%(16) "bob.sni.velox.ch" +-- sni disabled -- +%unicode|string%(18) "alice.sni.velox.ch" +-- raw SSL stream (1) -- +%unicode|string%(16) "bob.sni.velox.ch" +-- raw SSL stream (2) -- +%unicode|string%(14) "*.sni.velox.ch" +-- raw SSL stream with user supplied sni -- +%unicode|string%(16) "bob.sni.velox.ch" +-- raw SSL stream with sni disabled -- +%unicode|string%(18) "alice.sni.velox.ch" +-- stream_socket_enable_crypto (1) -- +%unicode|string%(16) "bob.sni.velox.ch" +-- stream_socket_enable_crypto (2) -- +%unicode|string%(14) "*.sni.velox.ch" +-- stream_socket_enable_crypto with user supplied sni -- +%unicode|string%(16) "bob.sni.velox.ch" +-- stream_socket_enable_crypto with sni disabled -- +%unicode|string%(18) "alice.sni.velox.ch" +-- stream_socket_enable_crypto with long name -- +%unicode|string%(18) "alice.sni.velox.ch" |