Promote various OpenSSL warnings into Errors

php · Aug 4, 2020 · 58691e0 · 58691e0
1 parent 9acabd8
commit 58691e0
Show file tree

Hide file tree

Showing 10 changed files with 169 additions and 142 deletions.
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
diff --git a/ext/openssl/tests/bug60632.phpt b/ext/openssl/tests/bug60632.phpt
@@ -19,9 +19,12 @@ $test_pubkey = $details['key'];
 $pubkey = openssl_pkey_get_public($test_pubkey);
 $encrypted = null;
 $ekeys = array();
-$result = openssl_seal('test phrase', $encrypted, $ekeys, array($pubkey), 'AES-256-CBC');
-echo "Done";
+
+try {
+    $result = openssl_seal('test phrase', $encrypted, $ekeys, array($pubkey), 'AES-256-CBC');
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 ?>
---EXPECTF--
-Warning: openssl_seal(): Cipher algorithm requires an IV to be supplied as a sixth parameter in %s on line %d
-Done
+--EXPECT--
+openssl_seal(): Argument #6 ($iv) must provide an IV for chosen cipher algorithm
diff --git a/ext/openssl/tests/bug70438.phpt b/ext/openssl/tests/bug70438.phpt
@@ -14,14 +14,19 @@ $cipher = 'AES-128-CBC';
 $pub_key = "file://" . __DIR__ . "/public.key";
 $priv_key = "file://" . __DIR__ . "/private_rsa_1024.key";
 
-openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), $cipher);
+try {
+    openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), $cipher);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
 openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), 'sparkles', $iv);
 openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), $cipher, $iv);
 openssl_open($sealed, $decrypted, $ekeys[0], $priv_key, $cipher, $iv);
 echo $decrypted;
 ?>
 --EXPECTF--
-Warning: openssl_seal(): Cipher algorithm requires an IV to be supplied as a sixth parameter in %s on line %d
+openssl_seal(): Argument #6 ($iv) must provide an IV for chosen cipher algorithm
 
-Warning: openssl_seal(): Unknown signature algorithm. in %s on line %d
+Warning: openssl_seal(): Unknown signature algorithm in %s on line %d
 openssl_seal() test
diff --git a/ext/openssl/tests/cve-2013-6420.phpt b/ext/openssl/tests/cve-2013-6420.phpt
@@ -10,7 +10,7 @@ var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]);
 ?>
 Done
 --EXPECTF--
-%s openssl_x509_parse(): Illegal length in timestamp in %s%ecve-2013-6420.php on line 3
+Warning: openssl_x509_parse(): Illegal length in timestamp in %s on line 3
 string(27) "stefan.esser@sektioneins.de"
 int(-1)
 Done
diff --git a/ext/openssl/tests/openssl_csr_new_basic.phpt b/ext/openssl/tests/openssl_csr_new_basic.phpt
@@ -8,7 +8,13 @@ openssl_csr_new() tests
 $a = array();
 
 $conf = array('config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf');
-var_dump(openssl_csr_new(array(), $a, $conf, array()));
+
+try {
+    var_dump(openssl_csr_new(array(), $a, $conf, array()));
+    var_dump($keyFailed);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 
 // this leaks
 $a = array(1,2);
@@ -19,16 +25,11 @@ var_dump(openssl_csr_new($a, $b, $conf));
 $x = openssl_pkey_new($conf);
 var_dump(openssl_csr_new(["countryName" => "DE"], $x, $conf + ["x509_extensions" => 0xDEADBEEF]));
 
-
-echo "Done\n";
 ?>
 --EXPECTF--
-Warning: openssl_csr_new(): Key array must be of the form array(0 => key, 1 => phrase) in %s on line %d
-
 Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min -> 4 (failed; check error queue and value of string_mask OpenSSL option if illegal characters are reported) in %s on line %d
-bool(false)
+Key array must be of the form array(0 => key, 1 => phrase)
 object(OpenSSLCertificateSigningRequest)#%d (0) {
 }
 object(OpenSSLCertificateSigningRequest)#%d (0) {
 }
-Done
diff --git a/ext/openssl/tests/openssl_csr_sign_basic.phpt b/ext/openssl/tests/openssl_csr_sign_basic.phpt
@@ -50,7 +50,11 @@ try {
     echo $exception->getMessage() . "\n";
 }
 
-var_dump(openssl_csr_sign($csr, null, array(), 365));
+try {
+    var_dump(openssl_csr_sign($csr, null, array(), 365));
+} catch (ValueError $exception) {
+    echo $exception->getMessage() . "\n";
+}
 var_dump(openssl_csr_sign($csr, null, $privkey, 365, $config_arg));
 ?>
 --EXPECTF--
@@ -73,10 +77,6 @@ Warning: openssl_csr_sign(): X.509 Certificate Signing Request cannot be retriev
 bool(false)
 openssl_csr_sign(): Argument #1 ($csr) must be of type OpenSSLCertificateSigningRequest|string, array given
 openssl_csr_sign(): Argument #2 ($cacert) must be of type OpenSSLCertificate|string|null, array given
-
-Warning: openssl_csr_sign(): Key array must be of the form array(0 => key, 1 => phrase) in %s on line %d
-
-Warning: openssl_csr_sign(): Cannot get private key from parameter 3 in %s on line %d
-bool(false)
+Key array must be of the form array(0 => key, 1 => phrase)
 object(OpenSSLCertificate)#%d (0) {
 }
diff --git a/ext/openssl/tests/openssl_pkcs7_sign_basic.phpt b/ext/openssl/tests/openssl_pkcs7_sign_basic.phpt
@@ -40,13 +40,13 @@ bool(true)
 bool(true)
 bool(true)
 
-Warning: openssl_pkcs7_sign(): Error opening input file %s in %s on line %d
+Warning: openssl_pkcs7_sign(): Error opening input file wrong! in %s on line %d
 bool(false)
 
-Warning: openssl_pkcs7_sign(): Error opening input file %s in %s on line %d
+Warning: openssl_pkcs7_sign(): Error opening input file ! in %s on line %d
 bool(false)
 
-Warning: openssl_pkcs7_sign(): Error opening output file %s in %s on line %d
+Warning: openssl_pkcs7_sign(): Error opening output file ! in %s on line %d
 bool(false)
 
 Warning: openssl_pkcs7_sign(): X.509 Certificate cannot be retrieved in %s on line %d

diff --git a/ext/openssl/tests/openssl_private_decrypt_basic.phpt b/ext/openssl/tests/openssl_private_decrypt_basic.phpt
@@ -16,8 +16,14 @@ var_dump(openssl_private_decrypt($encrypted, $output2, $wrong));
 var_dump($output2);
 var_dump(openssl_private_decrypt($wrong, $output3, $privkey));
 var_dump($output3);
-var_dump(openssl_private_decrypt($encrypted, $output4, array($privkey)));
-var_dump($output4);
+
+try {
+    var_dump(openssl_private_decrypt($encrypted, $output4, array($privkey)));
+    var_dump($output4);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
 var_dump(openssl_private_decrypt($encrypted, $output5, array($privkey, "")));
 var_dump($output5);
 ?>
@@ -30,11 +36,6 @@ bool(false)
 NULL
 bool(false)
 NULL
-
-Warning: openssl_private_decrypt(): Key array must be of the form array(0 => key, 1 => phrase) in %s on line %d
-
-Warning: openssl_private_decrypt(): key parameter is not a valid private key in %s on line %d
-bool(false)
-NULL
+Key array must be of the form array(0 => key, 1 => phrase)
 bool(true)
 string(32) "Testing openssl_public_decrypt()"
diff --git a/ext/openssl/tests/openssl_public_decrypt_basic.phpt b/ext/openssl/tests/openssl_public_decrypt_basic.phpt
@@ -16,9 +16,20 @@ var_dump(openssl_public_decrypt($encrypted, $output2, $wrong));
 var_dump($output2);
 var_dump(openssl_public_decrypt($wrong, $output3, $pubkey));
 var_dump($output3);
-var_dump(openssl_public_decrypt($encrypted, $output4, array()));
-var_dump($output4);
-var_dump(openssl_public_decrypt($encrypted, $output5, array($pubkey)));
+
+try {
+    var_dump(openssl_public_decrypt($encrypted, $output4, array()));
+    var_dump($output4);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
+try {
+    var_dump(openssl_public_decrypt($encrypted, $output5, array($pubkey)));
+    var_dump($output4);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 var_dump($output5);
 var_dump(openssl_public_decrypt($encrypted, $output6, array($pubkey, "")));
 var_dump($output6);
@@ -32,17 +43,8 @@ bool(false)
 NULL
 bool(false)
 NULL
-
-Warning: openssl_public_decrypt(): Key array must be of the form array(0 => key, 1 => phrase) in %s on line %d
-
-Warning: openssl_public_decrypt(): key parameter is not a valid public key in %s on line %d
-bool(false)
-NULL
-
-Warning: openssl_public_decrypt(): Key array must be of the form array(0 => key, 1 => phrase) in %s on line %d
-
-Warning: openssl_public_decrypt(): key parameter is not a valid public key in %s on line %d
-bool(false)
+Key array must be of the form array(0 => key, 1 => phrase)
+Key array must be of the form array(0 => key, 1 => phrase)
 NULL
 bool(true)
 string(32) "Testing openssl_public_decrypt()"
diff --git a/ext/openssl/tests/openssl_seal_basic.phpt b/ext/openssl/tests/openssl_seal_basic.phpt
@@ -11,7 +11,12 @@ $c = array(1);
 $d = array(1);
 
 var_dump(openssl_seal($a, $b, $c, $d));
-var_dump(openssl_seal($a, $a, $a, array()));
+
+try {
+    var_dump(openssl_seal($a, $a, $a, array()));
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 
 // tests with cert
 $data = "openssl_open() test";
@@ -21,26 +26,26 @@ $wrong = "wrong";
 var_dump(openssl_seal($data, $sealed, $ekeys, array($pub_key)));                  // no output
 var_dump(openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key)));        // no output
 var_dump(openssl_seal($data, $sealed, $ekeys, array($pub_key, $wrong)));
-var_dump(openssl_seal($data, $sealed, $ekeys, array()));
+
+try {
+    var_dump(openssl_seal($data, $sealed, $ekeys, array()));
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
 var_dump(openssl_seal($data, $sealed, $ekeys, array($wrong)));
 
-echo "Done\n";
 ?>
 --EXPECTF--
 Warning: openssl_seal(): Not a public key (1th member of pubkeys) in %s on line %d
 bool(false)
-
-Warning: openssl_seal(): Fourth argument to openssl_seal() must be a non-empty array in %s on line %d
-bool(false)
+openssl_seal(): Argument #4 ($pubkeys) cannot be empty
 int(19)
 int(19)
 
 Warning: openssl_seal(): Not a public key (2th member of pubkeys) in %s on line %d
 bool(false)
-
-Warning: openssl_seal(): Fourth argument to openssl_seal() must be a non-empty array in %s on line %d
-bool(false)
+openssl_seal(): Argument #4 ($pubkeys) cannot be empty
 
 Warning: openssl_seal(): Not a public key (1th member of pubkeys) in %s on line %d
 bool(false)
-Done